Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My mom's computer is a mess.


  • Please log in to reply
7 replies to this topic

#1 zombiebex

zombiebex

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 18 June 2013 - 09:21 AM

Hey gang, hope you can help. My mother's work computer is infected in a bad way. We've been running Malware Bytes and SUPERAntiSpyware with minimal luck. MB finds nothing, SAS finds a ton of things. We did locate and remove a Trojan using Autoruns, but there is still something nasty that is filling up her hard drive and installing malicious programs like StartNow and other browser plugins.

 

Thanks for the help, just tell us what to do.

 

UPDATE: Just tried running HitmanPro in safe mode, and the program crashes during its scan.


Edited by zombiebex, 18 June 2013 - 10:58 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:33 PM

Posted 18 June 2013 - 01:41 PM

Hello and welcome... Is SAS finding only cookies now?

Lets look at these ....

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 zombiebex

zombiebex
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 21 June 2013 - 10:18 AM

Thanks for the help and sorry for the delay in response. And yes, it's only finding cookies. Here's the texts you requested.

 

From MiniToolBox

 

MiniToolBox by Farbar  Version: 16-06-2013

Ran by NAME REDACTED (administrator) on 21-06-2013 at 08:48:46

Running from "C:\Documents and Settings\NAME REDACTED\My Documents\Downloads"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

 

Windows IP Configuration

 

 

 

Successfully flushed the DNS Resolver Cache.

 

 

========================= IE Proxy Settings: ============================== 

 

Proxy is not enabled.

No Proxy Server is set.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

 

========================= FF Proxy Settings: ============================== 

 

 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

 

========================= Hosts content: =================================

 

 

127.0.0.1       localhost

 

========================= IP Configuration: ================================

 

Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC = Local Area Connection (Connected)

1394 Net Adapter = 1394 Connection (Connected)

Dell Wireless 1505 Draft 802.11n WLAN Mini-Card = Wireless Network Connection (Media disconnected)

 

 

# ---------------------------------- 

# Interface IP Configuration         

# ---------------------------------- 

pushd interface ip

 

 

# Interface IP Configuration for "Local Area Connection"

 

set address name="Local Area Connection" source=dhcp 

set dns name="Local Area Connection" source=dhcp register=PRIMARY

set wins name="Local Area Connection" source=dhcp

 

# Interface IP Configuration for "Wireless Network Connection"

 

set address name="Wireless Network Connection" source=dhcp 

set dns name="Wireless Network Connection" source=dhcp register=PRIMARY

set wins name="Wireless Network Connection" source=dhcp

 

 

popd

# End of interface IP configuration

 

 

 

 

Windows IP Configuration

 

 

 

        Host Name . . . . . . . . . . . . : LOUSDELL

 

        Primary Dns Suffix  . . . . . . . : 

 

        Node Type . . . . . . . . . . . . : Unknown

 

        IP Routing Enabled. . . . . . . . : No

 

        WINS Proxy Enabled. . . . . . . . : No

 

 

 

Ethernet adapter Local Area Connection:

 

 

 

        Connection-specific DNS Suffix  . : 

 

        Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC

 

        Physical Address. . . . . . . . . : 00-25-64-04-29-AE

 

        Dhcp Enabled. . . . . . . . . . . : Yes

 

        Autoconfiguration Enabled . . . . : Yes

 

        IP Address. . . . . . . . . . . . : 192.168.0.101

 

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

 

        Default Gateway . . . . . . . . . : 192.168.0.1

 

        DHCP Server . . . . . . . . . . . : 192.168.0.1

 

        DNS Servers . . . . . . . . . . . : 192.168.0.1

 

        Lease Obtained. . . . . . . . . . : Friday, June 21, 2013 8:43:09 AM

 

        Lease Expires . . . . . . . . . . : Friday, June 28, 2013 8:43:09 AM

 

 

 

Ethernet adapter Wireless Network Connection:

 

 

 

        Media State . . . . . . . . . . . : Media disconnected

 

        Description . . . . . . . . . . . : Dell Wireless 1505 Draft 802.11n WLAN Mini-Card

 

        Physical Address. . . . . . . . . : 00-26-5E-41-FD-E6

 

Server:  UnKnown

Address:  192.168.0.1

 

Name:    google.com

Addresses:  74.125.225.40, 74.125.225.41, 74.125.225.46, 74.125.225.32

 74.125.225.33, 74.125.225.34, 74.125.225.35, 74.125.225.36, 74.125.225.37

 74.125.225.38, 74.125.225.39

 

 

 

Pinging google.com [173.194.46.40] with 32 bytes of data:

 

 

 

Reply from 173.194.46.40: bytes=32 time=18ms TTL=53

 

Reply from 173.194.46.40: bytes=32 time=18ms TTL=53

 

 

 

Ping statistics for 173.194.46.40:

 

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

 

Approximate round trip times in milli-seconds:

 

    Minimum = 18ms, Maximum = 18ms, Average = 18ms

 

Server:  UnKnown

Address:  192.168.0.1

 

Name:    yahoo.com

Addresses:  206.190.36.45, 98.138.253.109, 98.139.183.24

 

 

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

 

 

 

Reply from 206.190.36.45: bytes=32 time=98ms TTL=47

 

Reply from 206.190.36.45: bytes=32 time=99ms TTL=47

 

 

 

Ping statistics for 206.190.36.45:

 

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

 

Approximate round trip times in milli-seconds:

 

    Minimum = 98ms, Maximum = 99ms, Average = 98ms

 

 

 

Pinging 127.0.0.1 with 32 bytes of data:

 

 

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

 

 

Ping statistics for 127.0.0.1:

 

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

 

Approximate round trip times in milli-seconds:

 

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

 

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x2 ...00 25 64 04 29 ae ...... Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC - Packet Scheduler Miniport

0x3 ...00 26 5e 41 fd e6 ...... Dell Wireless 1505 Draft 802.11n WLAN Mini-Card - Packet Scheduler Miniport

===========================================================================

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.0.1   192.168.0.101   20

        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1

      192.168.0.0    255.255.255.0    192.168.0.101   192.168.0.101   20

    192.168.0.101  255.255.255.255        127.0.0.1       127.0.0.1   20

    192.168.0.255  255.255.255.255    192.168.0.101   192.168.0.101   20

        224.0.0.0        240.0.0.0    192.168.0.101   192.168.0.101   20

  255.255.255.255  255.255.255.255    192.168.0.101   192.168.0.101   1

  255.255.255.255  255.255.255.255    192.168.0.101               3   1

Default Gateway:       192.168.0.1

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)

Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (06/18/2013 11:57:56 AM) (Source: Application Error) (User: )

Description: Fault bucket -637823616.

The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

 

Error: (06/18/2013 11:57:29 AM) (Source: Application Error) (User: )

Description: Faulting application hitmanpro.exe, version 3.7.6.201, faulting module hitmanpro.exe, version 3.7.6.201, fault address 0x00171a9f.

Processing media-specific event for [hitmanpro.exe!ws!]

 

Error: (06/18/2013 11:48:33 AM) (Source: Application Error) (User: )

Description: Faulting application hitmanpro.exe, version 3.7.6.201, faulting module hitmanpro.exe, version 3.7.6.201, fault address 0x00171a9f.

Processing media-specific event for [hitmanpro.exe!ws!]

 

Error: (06/18/2013 10:41:51 AM) (Source: Windows Search Service) (User: )

Description: The entry <C:\SCAD2006\WORK\13-021.DWG> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (06/18/2013 10:37:47 AM) (Source: Application Hang) (User: )

Description: Hanging application AcroRd32.exe, version 11.0.3.37, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (06/18/2013 10:36:18 AM) (Source: Application Hang) (User: )

Description: Hanging application AcroRd32.exe, version 11.0.3.37, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (06/17/2013 05:11:04 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\NAME REDACTED\RECENT\DESKTOP.INI> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (06/17/2013 05:11:04 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\NAME REDACTED\RECENT\DESKTOP.INI> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (06/17/2013 03:28:22 PM) (Source: Application Hang) (User: )

Description: Hanging application windirstat.exe, version 1.1.2.80, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (06/17/2013 03:07:18 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\WINDOWS POWERSHELL 1.0\@.LNK> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

 

System errors:

=============

Error: (06/21/2013 08:43:26 AM) (Source: Service Control Manager) (User: )

Description: The Parallel port driver service failed to start due to the following error: 

%%1058

 

Error: (06/21/2013 08:43:11 AM) (Source: Print) (User: NT AUTHORITY)

Description: Printer CutePDF Writer failed to initialize because a suitable CutePDF Writer driver could not be found.

 

Error: (06/18/2013 00:14:16 PM) (Source: Service Control Manager) (User: )

Description: The Parallel port driver service failed to start due to the following error: 

%%1058

 

Error: (06/18/2013 00:14:04 PM) (Source: Print) (User: NT AUTHORITY)

Description: Printer CutePDF Writer failed to initialize because a suitable CutePDF Writer driver could not be found.

 

Error: (06/18/2013 00:13:12 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error: (06/18/2013 00:07:39 PM) (Source: DCOM) (User: LOUSDELL)

Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""

in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error: (06/18/2013 00:07:29 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

Fips

intelppm

SASDIFSV

SASKUTIL

 

Error: (06/18/2013 00:06:39 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error: (06/18/2013 00:04:52 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error: (06/18/2013 11:53:47 AM) (Source: DCOM) (User: LOUSDELL)

Description: DCOM got error "%%1084" attempting to start the service MatSvc with arguments ""

in order to run the server:

{8843B4A2-A3CB-4CB9-9CCE-F443F641009F}

 

 

Microsoft Office Sessions:

=========================

Error: (04/10/2012 10:54:06 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10 seconds with 0 seconds of active time.  This session ended with a crash.

 

 

=========================== Installed Programs ============================

 

Acrobat.com (Version: 0.0.0)

Adobe Reader XI (11.0.03) (Version: 11.0.03)

Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0)

Any DWG to PDF Converter 2010

Apple Application Support (Version: 1.4.1)

Apple Mobile Device Support (Version: 2.5.1.3)

Apple Software Update (Version: 2.1.1.116)

ATI Catalyst Control Center (Version: 2.009.0213.2137)

ATI Display Driver (Version: 8.59-090213a-076426C-Dell)

AutoCAD 2006 - English (Version: 16.2.54.10)

AutoCAD DWG and DXF To PDF Converter v2.0

Autodesk 2006 OE Hotfix

Autodesk Design Review 2009 (Version: 9.0.96)

Autodesk DWF Viewer (Version: 5.1)

AVG SafeGuard toolbar (Version: 15.2.0.5)

Brother MFL-Pro Suite MFC-6490CW (Version: 1.2.13.0)

CardScan 7.0.4 (Version: 7.0.4)

CardScan SDK (Version: 9.0)

Carlson 2009 for CAD (Version: 1.0)

Carlson 2010 for CAD (Version: 1.0)

Catalyst Control Center - Branding (Version: 1.00.0000)

Catalyst Control Center Core Implementation (Version: 2009.0213.2138.38808)

Catalyst Control Center Graphics Full Existing (Version: 2009.0213.2138.38808)

Catalyst Control Center Graphics Full New (Version: 2009.0213.2138.38808)

Catalyst Control Center Graphics Light (Version: 2009.0213.2138.38808)

Catalyst Control Center Graphics Previews Common (Version: 2009.0213.2138.38808)

Catalyst Control Center Localization All (Version: 2009.0213.2138.38808)

CCC Help Chinese Standard (Version: 2009.0213.2137.38808)

CCC Help Chinese Traditional (Version: 2009.0213.2137.38808)

CCC Help English (Version: 2009.0213.2137.38808)

CCC Help French (Version: 2009.0213.2137.38808)

CCC Help German (Version: 2009.0213.2137.38808)

CCC Help Hungarian (Version: 2009.0213.2137.38808)

CCC Help Italian (Version: 2009.0213.2137.38808)

CCC Help Japanese (Version: 2009.0213.2137.38808)

CCC Help Korean (Version: 2009.0213.2137.38808)

CCC Help Portuguese (Version: 2009.0213.2137.38808)

CCC Help Spanish (Version: 2009.0213.2137.38808)

CCC Help Turkish (Version: 2009.0213.2137.38808)

ccc-core-preinstall (Version: 2009.0213.2138.38808)

ccc-core-static (Version: 2009.0213.2138.38808)

ccc-utility (Version: 2009.0213.2138.38808)

CCleaner (Version: 3.00)

Choice Guard (Version: 1.2.87.0)

Conexant D850 PCI V.92 Modem (Version: 7.74.00)

Contacts Navigator v3.5

DataTree

Dell DataSafe Online (Version: 1.2.0011)

Dell Dock (Version: 2.0.0)

Dell Driver Reset Tool (Version: 1.02.0000)

Dell System Restore (Version: 2.00.0000)

DGNLinkLite

Digital Line Detect (Version: 1.21)

Digital Locker Assistant (Version: 1.80.0004)

DirectXInstallService (Version: 9.0.2)

Family Tree Maker 2012 (Version: 21.0.452)

ffdshow [rev 2527] [2008-12-19] (Version: 1.0)

Google Chrome (Version: 27.0.1453.110)

Google Chrome Frame (Version: 27.0.1453.116)

Google Earth (Version: 5.2.1.1588)

Google Earth (Version: 7.0.3.8542)

Google Update Helper (Version: 1.3.21.145)

GoToMyPC (Version: 8.0.943)

HitmanPro 3.7 (Version: 3.7.6.201)

IPIN Viewing System Lite Support Files (Version: 4.1)

IPIN Viewing System Professional (Version: 4.1)

iTunes (Version: 8.2.0.23)

Java™ 6 Update 10 (Version: 6.0.100)

Junk Mail filter update (Version: 14.0.8050.1202)

Kaspersky Security Scan (Version: 12.0.1.340)

Macromedia Shockwave Player

Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)

McAfee Security Scan Plus (Version: 2.1.121.2)

Microsoft .NET Framework 1.1 (Version: 1.1.4322)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 2.0

Microsoft .NET Framework 2.0 (Version: 2.0.50727)

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)

Microsoft .NET Framework 3.0

Microsoft .NET Framework 3.0 (Version: 3.0.04506.30)

Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft ActiveSync (Version: 4.5.5096.0)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)

Microsoft Digital Image Library 9 - Blocker (Version: 9.00.0000)

Microsoft Digital Image Standard 2006 Editor (Version: 11.0.2018)

Microsoft Digital Image Standard 2006 Library (Version: 11.0.2018)

Microsoft Digital Image Standard 2006 Update (Version: 11.0.2018)

Microsoft Fix it Center (Version: 1.0.0100)

Microsoft IntelliPoint 6.1 (Version: 6.10.156.0)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Silverlight (Version: 5.1.20125.0)

Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)

Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Works (Version: 08.05.0818)

Microsoft Works 6-9 Converter (Version: 14.0.6120.5002)

Microsoft Works Suite 2006 Setup Launcher

Microsoft Works Suite Add-in for Microsoft Word (Version: 8.0.0.0000)

MobileMe Control Panel (Version: 2.5.0.28)

Modem Diagnostic Tool (Version: 1.0.24.0)

Mozilla Firefox 15.0 (x86 en-US) (Version: 15.0)

Mozilla Maintenance Service (Version: 15.0)

MSN

MSVCRT (Version: 14.0.1468.721)

MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MSXML 6.0 Parser (KB927977) (Version: 6.00.3890.0)

MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)

NetWaiting (Version: 2.5.54)

Norton Security Scan (Version: 4.0.1.16)

NVIDIA Drivers

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)

Open It! (Version: 1.1.1)

PaperPort Image Printer (Version: 1.00.0000)

pdfFactory (Version: 4.10)

PhotoMAX Pro

Pivot Software (Version: 8.21.013)

PowerDVD DX (Version: 8.2.5024)

QuickTime (Version: 7.69.80.9)

Realtek High Definition Audio Driver

Recuva (Version: 1.43)

Roxio Media Manager (Version: 9.4.007)

ScanSoft PaperPort 11 (Version: 11.2.0000)

SDK (Version: 1.33.004)

Segoe UI (Version: 14.0.4327.805)

Skins (Version: 2009.0213.2138.38808)

Sony USB Driver

Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)

SUPERAntiSpyware (Version: 5.6.1012)

SurvCADD 2006 (Version: 1.0)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)

Update for Windows XP (KB951618-v2) (Version: 2)

Update for Windows XP (KB955839) (Version: 1)

Update for Zip Opener

WDtransitionInstall_GD (Version: 1.0.0)

WebFldrs XP (Version: 9.50.7523)

WinDirStat 1.1.2

Windows Communication Foundation (Version: 3.0.04506.30)

Windows Defender (Version: 1.1.1593.21)

Windows Driver Package - Citrix Systems monblanking Citrix Driver  (06/26/2012 6.3.0.48) (Version: 06/26/2012 6.3.0.48)

Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)

Windows Internet Explorer 7 (Version: 20061027.150806)

Windows Internet Explorer 8 (Version: 20090308.140743)

Windows Live Call (Version: 14.0.8050.1202)

Windows Live Communications Platform (Version: 14.0.8050.1202)

Windows Live Essentials (Version: 14.0.8050.1202)

Windows Live Mail (Version: 14.0.8050.1202)

Windows Live Messenger (Version: 14.0.8050.1202)

Windows Live Photo Gallery (Version: 14.0.8051.1204)

Windows Live Sign-in Assistant (Version: 5.000.818.6)

Windows Live Sync (Version: 14.0.8050.1202)

Windows Live Upload Tool (Version: 14.0.8014.1029)

Windows Live Writer (Version: 14.0.8050.1202)

Windows Media Encoder 9 Series

Windows Media Encoder 9 Series (Version: 9.00.2980)

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell™ 1.0 (Version: 2)

Windows Presentation Foundation (Version: 3.0.6920.0)

Windows Search 4.0 (Version: 04.00.6001.503)

Windows Workflow Foundation (Version: 3.0.4203.2)

WinZip 14.5 (Version: 14.5.9096)

Works Upgrade (Version: 8.0.0.0000)

XML Paper Specification Shared Components Pack 1.0

Yahoo! Install Manager

Yahoo! Internet Mail

Zip Opener Packages

 

========================= Memory info: ===================================

 

Percentage of memory in use: 29%

Total physical RAM: 3070.98 MB

Available physical RAM: 2161.63 MB

Total Pagefile: 4956.12 MB

Available Pagefile: 4233.91 MB

Total Virtual: 2047.88 MB

Available Virtual: 1975 MB

 

========================= Partitions: =====================================

 

1 Drive c: (OS) (Fixed) (Total:688.83 GB) (Free:65.27 GB) NTFS

7 Drive i: (BACKUP) (Fixed) (Total:74.52 GB) (Free:7.69 GB) NTFS

9 Drive y: (OS) (Network) (Total:688.83 GB) (Free:65.27 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\LOUSDELL

 

Administrator            ASPNET                   Guest                    

HelpAssistant            NAME REDACTED   NAME REDACTED           

lv                      NAME REDACTED                    scans                    

SUPPORT_388945a0         

 

 

**** End of log ****

 

Log from TDSSKIller

 

08:54:27.0437 2984  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

08:54:27.0984 2984  ============================================================

08:54:27.0984 2984  Current date / time: 2013/06/21 08:54:27.0984

08:54:27.0984 2984  SystemInfo:

08:54:27.0984 2984  

08:54:27.0984 2984  OS Version: 5.1.2600 ServicePack: 3.0

08:54:27.0984 2984  Product type: Workstation

08:54:27.0984 2984  ComputerName: LOUSDELL

08:54:27.0984 2984  UserName: NAME REDACTED

08:54:27.0984 2984  Windows directory: C:\WINDOWS

08:54:27.0984 2984  System windows directory: C:\WINDOWS

08:54:27.0984 2984  Processor architecture: Intel x86

08:54:27.0984 2984  Number of processors: 2

08:54:27.0984 2984  Page size: 0x1000

08:54:27.0984 2984  Boot type: Normal boot

08:54:27.0984 2984  ============================================================

08:54:29.0250 2984  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

08:54:29.0250 2984  Drive \Device\Harddisk1\DR4 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

08:54:29.0343 2984  ============================================================

08:54:29.0343 2984  \Device\Harddisk0\DR0:

08:54:29.0343 2984  MBR partitions:

08:54:29.0343 2984  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x561A9EE8

08:54:29.0343 2984  \Device\Harddisk1\DR4:

08:54:29.0343 2984  MBR partitions:

08:54:29.0343 2984  \Device\Harddisk1\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1

08:54:29.0343 2984  ============================================================

08:54:29.0375 2984  C: <-> \Device\Harddisk0\DR0\Partition1

08:54:29.0375 2984  I: <-> \Device\Harddisk1\DR4\Partition1

08:54:29.0375 2984  ============================================================

08:54:29.0375 2984  Initialize success

08:54:29.0375 2984  ============================================================

08:54:46.0062 0748  ============================================================

08:54:46.0062 0748  Scan started

08:54:46.0062 0748  Mode: Manual; TDLFS; 

08:54:46.0062 0748  ============================================================

08:54:46.0312 0748  ================ Scan system memory ========================

08:54:46.0312 0748  System memory - ok

08:54:46.0312 0748  ================ Scan services =============================

08:54:46.0421 0748  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

08:54:46.0421 0748  !SASCORE - ok

08:54:46.0531 0748  Abiosdsk - ok

08:54:46.0562 0748  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

08:54:46.0562 0748  abp480n5 - ok

08:54:46.0578 0748  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys

08:54:46.0578 0748  ACPI - ok

08:54:46.0593 0748  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys

08:54:46.0593 0748  ACPIEC - ok

08:54:46.0625 0748  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys

08:54:46.0625 0748  adpu160m - ok

08:54:46.0656 0748  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys

08:54:46.0656 0748  aec - ok

08:54:46.0687 0748  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys

08:54:46.0687 0748  AFD - ok

08:54:46.0703 0748  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys

08:54:46.0703 0748  agp440 - ok

08:54:46.0718 0748  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

08:54:46.0718 0748  agpCPQ - ok

08:54:46.0734 0748  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys

08:54:46.0734 0748  Aha154x - ok

08:54:46.0734 0748  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys

08:54:46.0734 0748  aic78u2 - ok

08:54:46.0750 0748  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys

08:54:46.0750 0748  aic78xx - ok

08:54:46.0765 0748  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll

08:54:46.0765 0748  Alerter - ok

08:54:46.0781 0748  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe

08:54:46.0796 0748  ALG - ok

08:54:46.0812 0748  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys

08:54:46.0812 0748  AliIde - ok

08:54:46.0812 0748  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys

08:54:46.0812 0748  alim1541 - ok

08:54:46.0828 0748  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys

08:54:46.0828 0748  amdagp - ok

08:54:46.0828 0748  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys

08:54:46.0828 0748  amsint - ok

08:54:46.0875 0748  [ 7E94E567C1AA5ABE6174032B3DAB6C23 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

08:54:46.0875 0748  Apple Mobile Device - ok

08:54:46.0890 0748  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll

08:54:46.0890 0748  AppMgmt - ok

08:54:46.0890 0748  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys

08:54:46.0890 0748  Arp1394 - ok

08:54:46.0906 0748  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys

08:54:46.0906 0748  asc - ok

08:54:46.0921 0748  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys

08:54:46.0921 0748  asc3350p - ok

08:54:46.0921 0748  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys

08:54:46.0921 0748  asc3550 - ok

08:54:47.0015 0748  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

08:54:47.0015 0748  aspnet_state - ok

08:54:47.0046 0748  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:54:47.0046 0748  AsyncMac - ok

08:54:47.0062 0748  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys

08:54:47.0062 0748  atapi - ok

08:54:47.0062 0748  Atdisk - ok

08:54:47.0093 0748  [ 9967166608694DC884D69CBB612BA3A3 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

08:54:47.0093 0748  Ati HotKey Poller - ok

08:54:47.0140 0748  [ 79E69E18960E8013840AF2681C5E77AB ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

08:54:47.0156 0748  ati2mtag - ok

08:54:47.0234 0748  [ D9BC8892B9440A2551B8148C57AA039E ] AtiHdmiService  C:\WINDOWS\system32\drivers\AtiHdmi.sys

08:54:47.0234 0748  AtiHdmiService - ok

08:54:47.0250 0748  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:54:47.0250 0748  Atmarpc - ok

08:54:47.0265 0748  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll

08:54:47.0265 0748  AudioSrv - ok

08:54:47.0265 0748  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys

08:54:47.0281 0748  audstub - ok

08:54:47.0328 0748  [ D7DA3F98A603248FC9839009590336D1 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

08:54:47.0328 0748  Autodesk Licensing Service - ok

08:54:47.0359 0748  [ 543E3EA927AD7FCBCFAB9617CED8ED67 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys

08:54:47.0359 0748  avgtp - ok

08:54:47.0375 0748  [ 37F385A93C620CBE0F89C17E45F697A1 ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

08:54:47.0390 0748  BCM43XX - ok

08:54:47.0406 0748  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys

08:54:47.0406 0748  Beep - ok

08:54:47.0437 0748  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll

08:54:47.0437 0748  BITS - ok

08:54:47.0484 0748  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll

08:54:47.0484 0748  Browser - ok

08:54:47.0515 0748  [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb        C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys

08:54:47.0515 0748  BrScnUsb - ok

08:54:47.0531 0748  [ 1A5FC78E41840EDF79D65EC16EFF2787 ] BrSerIf         C:\WINDOWS\system32\Drivers\BrSerIf.sys

08:54:47.0531 0748  BrSerIf - ok

08:54:47.0531 0748  [ A24C7B39602218F8DBDB2B6704325FC7 ] BrUsbSer        C:\WINDOWS\system32\Drivers\BrUsbSer.sys

08:54:47.0531 0748  BrUsbSer - ok

08:54:47.0546 0748  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

08:54:47.0546 0748  cbidf - ok

08:54:47.0546 0748  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys

08:54:47.0546 0748  cbidf2k - ok

08:54:47.0562 0748  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

08:54:47.0562 0748  cd20xrnt - ok

08:54:47.0578 0748  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys

08:54:47.0578 0748  Cdaudio - ok

08:54:47.0578 0748  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys

08:54:47.0578 0748  Cdfs - ok

08:54:47.0593 0748  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys

08:54:47.0593 0748  Cdrom - ok

08:54:47.0609 0748  [ 7E6F7DA1C4DE5680820F964562548949 ] cfwids          C:\WINDOWS\system32\drivers\cfwids.sys

08:54:47.0609 0748  cfwids - ok

08:54:47.0609 0748  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe

08:54:47.0609 0748  CiSvc - ok

08:54:47.0625 0748  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe

08:54:47.0625 0748  ClipSrv - ok

08:54:47.0671 0748  [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:54:47.0671 0748  clr_optimization_v2.0.50727_32 - ok

08:54:47.0718 0748  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:54:47.0718 0748  clr_optimization_v4.0.30319_32 - ok

08:54:47.0734 0748  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys

08:54:47.0734 0748  CmdIde - ok

08:54:47.0734 0748  COMSysApp - ok

08:54:47.0734 0748  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys

08:54:47.0750 0748  Cpqarray - ok

08:54:47.0765 0748  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll

08:54:47.0765 0748  CryptSvc - ok

08:54:47.0781 0748  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

08:54:47.0781 0748  dac2w2k - ok

08:54:47.0781 0748  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys

08:54:47.0781 0748  dac960nt - ok

08:54:47.0796 0748  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll

08:54:47.0796 0748  DcomLaunch - ok

08:54:47.0828 0748  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll

08:54:47.0828 0748  Dhcp - ok

08:54:47.0828 0748  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys

08:54:47.0828 0748  Disk - ok

08:54:47.0828 0748  dmadmin - ok

08:54:47.0859 0748  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys

08:54:47.0859 0748  dmboot - ok

08:54:47.0875 0748  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys

08:54:47.0875 0748  dmio - ok

08:54:47.0875 0748  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys

08:54:47.0875 0748  dmload - ok

08:54:47.0875 0748  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll

08:54:47.0875 0748  dmserver - ok

08:54:47.0890 0748  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys

08:54:47.0890 0748  DMusic - ok

08:54:47.0921 0748  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll

08:54:47.0937 0748  Dnscache - ok

08:54:47.0937 0748  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll

08:54:47.0953 0748  Dot3svc - ok

08:54:47.0968 0748  [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] Dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys

08:54:47.0968 0748  Dot4 - ok

08:54:47.0984 0748  [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print       C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

08:54:47.0984 0748  Dot4Print - ok

08:54:48.0000 0748  [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys

08:54:48.0000 0748  dot4usb - ok

08:54:48.0015 0748  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys

08:54:48.0015 0748  dpti2o - ok

08:54:48.0031 0748  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys

08:54:48.0031 0748  drmkaud - ok

08:54:48.0046 0748  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll

08:54:48.0046 0748  EapHost - ok

08:54:48.0046 0748  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll

08:54:48.0046 0748  ERSvc - ok

08:54:48.0078 0748  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe

08:54:48.0078 0748  Eventlog - ok

08:54:48.0109 0748  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll

08:54:48.0109 0748  EventSystem - ok

08:54:48.0140 0748  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys

08:54:48.0140 0748  Fastfat - ok

08:54:48.0187 0748  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

08:54:48.0187 0748  FastUserSwitchingCompatibility - ok

08:54:48.0234 0748  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe

08:54:48.0234 0748  Fax - ok

08:54:48.0234 0748  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys

08:54:48.0234 0748  Fdc - ok

08:54:48.0234 0748  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys

08:54:48.0234 0748  Fips - ok

08:54:48.0250 0748  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys

08:54:48.0250 0748  Flpydisk - ok

08:54:48.0250 0748  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys

08:54:48.0250 0748  FltMgr - ok

08:54:48.0296 0748  [ FACECF3F75BAF3775A879D1168402270 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

08:54:48.0296 0748  FontCache3.0.0.0 - ok

08:54:48.0296 0748  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys

08:54:48.0296 0748  Fs_Rec - ok

08:54:48.0312 0748  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:54:48.0312 0748  Ftdisk - ok

08:54:48.0390 0748  [ BA9265336BE256E6138AE0A0CC09AE46 ] GoToMyPC        C:\Program Files\Citrix\GoToMyPC\g2svc.exe

08:54:48.0390 0748  GoToMyPC - ok

08:54:48.0437 0748  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys

08:54:48.0437 0748  Gpc - ok

08:54:48.0500 0748  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9a19a40899044 C:\Program Files\Google\Update\GoogleUpdate.exe

08:54:48.0500 0748  gupdate1c9a19a40899044 - ok

08:54:48.0500 0748  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe

08:54:48.0500 0748  gupdatem - ok

08:54:48.0515 0748  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

08:54:48.0515 0748  HDAudBus - ok

08:54:48.0531 0748  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

08:54:48.0531 0748  helpsvc - ok

08:54:48.0546 0748  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll

08:54:48.0546 0748  HidServ - ok

08:54:48.0546 0748  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys

08:54:48.0546 0748  hidusb - ok

08:54:48.0562 0748  [ 05E0D8EE7D6FAB5CB672FEC3AAD93AA0 ] hitmanpro37     C:\WINDOWS\system32\drivers\hitmanpro37.sys

08:54:48.0562 0748  hitmanpro37 - ok

08:54:48.0593 0748  [ 52150B4AEC54956124B028D8830778C6 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe

08:54:48.0593 0748  HitmanProScheduler - ok

08:54:48.0609 0748  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll

08:54:48.0609 0748  hkmsvc - ok

08:54:48.0625 0748  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys

08:54:48.0625 0748  hpn - ok

08:54:48.0640 0748  [ AC04FC91B57B27086CCF02086FD3F4CB ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

08:54:48.0640 0748  HSFHWBS2 - ok

08:54:48.0656 0748  [ F362C0B442337DA8AB0608DFAA4CA076 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

08:54:48.0671 0748  HSF_DPV - ok

08:54:48.0703 0748  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys

08:54:48.0703 0748  HTTP - ok

08:54:48.0718 0748  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll

08:54:48.0718 0748  HTTPFilter - ok

08:54:48.0734 0748  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys

08:54:48.0734 0748  i2omgmt - ok

08:54:48.0734 0748  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys

08:54:48.0734 0748  i2omp - ok

08:54:48.0750 0748  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys

08:54:48.0750 0748  i8042prt - ok

08:54:48.0796 0748  [ EA7267505149B3A10DF32506A4E4E412 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

08:54:48.0812 0748  idsvc - ok

08:54:48.0828 0748  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys

08:54:48.0828 0748  Imapi - ok

08:54:48.0828 0748  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe

08:54:48.0828 0748  ImapiService - ok

08:54:48.0843 0748  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys

08:54:48.0843 0748  ini910u - ok

08:54:48.0953 0748  [ 2FEB5BF0312E1CB76CD2CAA875CBAA5D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys

08:54:48.0968 0748  IntcAzAudAddService - ok

08:54:49.0000 0748  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys

08:54:49.0000 0748  IntelIde - ok

08:54:49.0015 0748  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys

08:54:49.0015 0748  intelppm - ok

08:54:49.0031 0748  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

08:54:49.0031 0748  Ip6Fw - ok

08:54:49.0046 0748  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:54:49.0046 0748  IpFilterDriver - ok

08:54:49.0062 0748  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys

08:54:49.0062 0748  IpInIp - ok

08:54:49.0078 0748  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys

08:54:49.0078 0748  IpNat - ok

08:54:49.0140 0748  [ 05CF6A56FBF436C347BB87FD1957ADC1 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe

08:54:49.0140 0748  iPod Service - ok

08:54:49.0140 0748  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys

08:54:49.0140 0748  IPSec - ok

08:54:49.0171 0748  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys

08:54:49.0171 0748  IRENUM - ok

08:54:49.0203 0748  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys

08:54:49.0203 0748  isapnp - ok

08:54:49.0218 0748  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:54:49.0218 0748  Kbdclass - ok

08:54:49.0218 0748  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys

08:54:49.0218 0748  kbdhid - ok

08:54:49.0234 0748  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys

08:54:49.0234 0748  kmixer - ok

08:54:49.0250 0748  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys

08:54:49.0250 0748  KSecDD - ok

08:54:49.0296 0748  [ 6EFBC82722D0F7B35283993189ECE9D0 ] KSS             C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe

08:54:49.0296 0748  KSS - ok

08:54:49.0312 0748  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll

08:54:49.0312 0748  LanmanServer - ok

08:54:49.0343 0748  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

08:54:49.0343 0748  lanmanworkstation - ok

08:54:49.0359 0748  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll

08:54:49.0359 0748  LmHosts - ok

08:54:49.0421 0748  [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc          C:\Program Files\Microsoft Fix it Center\Matsvc.exe

08:54:49.0421 0748  MatSvc - ok

08:54:49.0453 0748  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys

08:54:49.0468 0748  MBAMProtector - ok

08:54:49.0500 0748  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

08:54:49.0500 0748  MBAMScheduler - ok

08:54:49.0515 0748  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

08:54:49.0515 0748  MBAMService - ok

08:54:49.0562 0748  [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe

08:54:49.0578 0748  McComponentHostService - ok

08:54:49.0593 0748  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

08:54:49.0593 0748  mdmxsdk - ok

08:54:49.0609 0748  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll

08:54:49.0609 0748  Messenger - ok

08:54:49.0671 0748  [ 3D8E909DA47E22E2B32056FD2AE66EDE ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

08:54:49.0671 0748  mfefire - ok

08:54:49.0703 0748  [ 0EFAB2B91B27543FE589DE700DE07136 ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys

08:54:49.0703 0748  mfehidk - ok

08:54:49.0703 0748  [ 549DD4966BF0B1D1FC205CA0755A745B ] mfendisk        C:\WINDOWS\system32\DRIVERS\mfendisk.sys

08:54:49.0703 0748  mfendisk - ok

08:54:49.0718 0748  [ 549DD4966BF0B1D1FC205CA0755A745B ] mfendiskmp      C:\WINDOWS\system32\DRIVERS\mfendisk.sys

08:54:49.0718 0748  mfendiskmp - ok

08:54:49.0734 0748  [ E6C5F7AADE5A31C057D73201ACFE8ADF ] mfetdi2k        C:\WINDOWS\system32\drivers\mfetdi2k.sys

08:54:49.0734 0748  mfetdi2k - ok

08:54:49.0750 0748  [ 5C1B2814EF2A6313936A111D3FD095AF ] mfevtp          C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

08:54:49.0750 0748  mfevtp - ok

08:54:49.0765 0748  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys

08:54:49.0765 0748  mnmdd - ok

08:54:49.0781 0748  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe

08:54:49.0781 0748  mnmsrvc - ok

08:54:49.0796 0748  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys

08:54:49.0796 0748  Modem - ok

08:54:49.0812 0748  [ 78833E368ADA63BCBC95D79FF3C04DE0 ] monblanking     C:\WINDOWS\system32\DRIVERS\monblanking.sys

08:54:49.0812 0748  monblanking - ok

08:54:49.0812 0748  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys

08:54:49.0812 0748  Mouclass - ok

08:54:49.0828 0748  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys

08:54:49.0828 0748  mouhid - ok

08:54:49.0843 0748  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys

08:54:49.0843 0748  MountMgr - ok

08:54:49.0875 0748  [ 150C2559DA6FC159D65F9CF3DA1EF731 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

08:54:49.0875 0748  MozillaMaintenance - ok

08:54:49.0890 0748  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys

08:54:49.0890 0748  mraid35x - ok

08:54:49.0890 0748  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:54:49.0890 0748  MRxDAV - ok

08:54:49.0921 0748  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:54:49.0921 0748  MRxSmb - ok

08:54:49.0921 0748  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe

08:54:49.0921 0748  MSDTC - ok

08:54:49.0921 0748  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys

08:54:49.0937 0748  Msfs - ok

08:54:49.0937 0748  MSIServer - ok

08:54:49.0953 0748  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys

08:54:49.0953 0748  MSKSSRV - ok

08:54:49.0984 0748  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:54:49.0984 0748  MSPCLOCK - ok

08:54:49.0984 0748  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys

08:54:49.0984 0748  MSPQM - ok

08:54:50.0000 0748  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:54:50.0000 0748  mssmbios - ok

08:54:50.0000 0748  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys

08:54:50.0000 0748  Mup - ok

08:54:50.0015 0748  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll

08:54:50.0015 0748  napagent - ok

08:54:50.0046 0748  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys

08:54:50.0046 0748  NDIS - ok

08:54:50.0093 0748  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:54:50.0093 0748  NdisTapi - ok

08:54:50.0109 0748  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:54:50.0109 0748  Ndisuio - ok

08:54:50.0109 0748  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:54:50.0109 0748  NdisWan - ok

08:54:50.0125 0748  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys

08:54:50.0125 0748  NDProxy - ok

08:54:50.0125 0748  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys

08:54:50.0125 0748  NetBIOS - ok

08:54:50.0140 0748  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys

08:54:50.0140 0748  NetBT - ok

08:54:50.0171 0748  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe

08:54:50.0171 0748  NetDDE - ok

08:54:50.0171 0748  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe

08:54:50.0171 0748  NetDDEdsdm - ok

08:54:50.0203 0748  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe

08:54:50.0203 0748  Netlogon - ok

08:54:50.0203 0748  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll

08:54:50.0203 0748  Netman - ok

08:54:50.0234 0748  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

08:54:50.0234 0748  NetTcpPortSharing - ok

08:54:50.0250 0748  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys

08:54:50.0250 0748  NIC1394 - ok

08:54:50.0265 0748  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll

08:54:50.0265 0748  Nla - ok

08:54:50.0265 0748  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys

08:54:50.0265 0748  Npfs - ok

08:54:50.0312 0748  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys

08:54:50.0312 0748  Ntfs - ok

08:54:50.0312 0748  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe

08:54:50.0312 0748  NtLmSsp - ok

08:54:50.0328 0748  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll

08:54:50.0343 0748  NtmsSvc - ok

08:54:50.0343 0748  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys

08:54:50.0343 0748  Null - ok

08:54:50.0359 0748  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:54:50.0359 0748  NwlnkFlt - ok

08:54:50.0359 0748  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:54:50.0359 0748  NwlnkFwd - ok

08:54:50.0453 0748  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

08:54:50.0453 0748  odserv - ok

08:54:50.0468 0748  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys

08:54:50.0468 0748  ohci1394 - ok

08:54:50.0500 0748  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:54:50.0500 0748  ose - ok

08:54:50.0515 0748  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys

08:54:50.0515 0748  Parport - ok

08:54:50.0515 0748  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys

08:54:50.0515 0748  PartMgr - ok

08:54:50.0531 0748  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys

08:54:50.0531 0748  ParVdm - ok

08:54:50.0546 0748  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys

08:54:50.0546 0748  PCI - ok

08:54:50.0546 0748  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys

08:54:50.0546 0748  PCIIde - ok

08:54:50.0562 0748  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys

08:54:50.0562 0748  Pcmcia - ok

08:54:50.0578 0748  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys

08:54:50.0578 0748  perc2 - ok

08:54:50.0578 0748  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys

08:54:50.0578 0748  perc2hib - ok

08:54:50.0593 0748  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe

08:54:50.0593 0748  PlugPlay - ok

08:54:50.0625 0748  [ DEB5A23F8625D7D84DAFF899478A4893 ] PLUsbbc2        C:\WINDOWS\system32\Drivers\usbbc2.sys

08:54:50.0625 0748  PLUsbbc2 - ok

08:54:50.0625 0748  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe

08:54:50.0625 0748  PolicyAgent - ok

08:54:50.0640 0748  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys

08:54:50.0640 0748  PptpMiniport - ok

08:54:50.0640 0748  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

08:54:50.0640 0748  ProtectedStorage - ok

08:54:50.0640 0748  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys

08:54:50.0640 0748  PSched - ok

08:54:50.0640 0748  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys

08:54:50.0640 0748  Ptilink - ok

08:54:50.0656 0748  [ 5491E4E7D93804F43ABE8CE3C39F5A86 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys

08:54:50.0656 0748  PxHelp20 - ok

08:54:50.0671 0748  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys

08:54:50.0671 0748  ql1080 - ok

08:54:50.0687 0748  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

08:54:50.0687 0748  Ql10wnt - ok

08:54:50.0687 0748  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys

08:54:50.0687 0748  ql12160 - ok

08:54:50.0687 0748  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys

08:54:50.0687 0748  ql1240 - ok

08:54:50.0703 0748  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys

08:54:50.0703 0748  ql1280 - ok

08:54:50.0750 0748  [ DD3E4610DE9252A957C5BD19BDF47AC4 ] RapportIaso     c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys

08:54:50.0750 0748  RapportIaso - ok

08:54:50.0750 0748  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys

08:54:50.0750 0748  RasAcd - ok

08:54:50.0765 0748  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll

08:54:50.0765 0748  RasAuto - ok

08:54:50.0796 0748  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:54:50.0796 0748  Rasl2tp - ok

08:54:50.0796 0748  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll

08:54:50.0796 0748  RasMan - ok

08:54:50.0812 0748  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:54:50.0812 0748  RasPppoe - ok

08:54:50.0812 0748  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys

08:54:50.0812 0748  Raspti - ok

08:54:50.0812 0748  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys

08:54:50.0812 0748  Rdbss - ok

08:54:50.0812 0748  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:54:50.0812 0748  RDPCDD - ok

08:54:50.0828 0748  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys

08:54:50.0828 0748  rdpdr - ok

08:54:50.0859 0748  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys

08:54:50.0859 0748  RDPWD - ok

08:54:50.0890 0748  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe

08:54:50.0890 0748  RDSessMgr - ok

08:54:50.0906 0748  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys

08:54:50.0906 0748  redbook - ok

08:54:50.0921 0748  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll

08:54:50.0921 0748  RemoteAccess - ok

08:54:50.0937 0748  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll

08:54:50.0937 0748  RemoteRegistry - ok

08:54:51.0000 0748  [ F3395D205DEC030DCE54D4575774CFBA ] Roxio UPnP Renderer 9 C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

08:54:51.0000 0748  Roxio UPnP Renderer 9 - ok

08:54:51.0015 0748  [ 95519CBEF94773AF7CD2B26029DCEEA7 ] Roxio Upnp Server 9 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

08:54:51.0031 0748  Roxio Upnp Server 9 - ok

08:54:51.0062 0748  RoxLiveShare10 - ok

08:54:51.0093 0748  [ B9EA6E59E526B10A2A09F5B9D729797D ] RoxLiveShare9   C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

08:54:51.0093 0748  RoxLiveShare9 - ok

08:54:51.0125 0748  [ 3DAF385624ABF3C3BBFB05CFF2ACA7D6 ] RoxMediaDB9     C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

08:54:51.0140 0748  RoxMediaDB9 - ok

08:54:51.0156 0748  [ 8F366D03A7FDA7527F76F01F695B0205 ] RoxWatch9       C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

08:54:51.0156 0748  RoxWatch9 - ok

08:54:51.0187 0748  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe

08:54:51.0187 0748  RpcLocator - ok

08:54:51.0218 0748  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll

08:54:51.0218 0748  RpcSs - ok

08:54:51.0234 0748  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe

08:54:51.0250 0748  RSVP - ok

08:54:51.0265 0748  [ 839141088AD7EE90F5B441B2D1AFD22C ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

08:54:51.0265 0748  RTLE8023xp - ok

08:54:51.0265 0748  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe

08:54:51.0281 0748  SamSs - ok

08:54:51.0312 0748  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

08:54:51.0312 0748  SASDIFSV - ok

08:54:51.0312 0748  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

08:54:51.0312 0748  SASKUTIL - ok

08:54:51.0328 0748  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe

08:54:51.0328 0748  SCardSvr - ok

08:54:51.0359 0748  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll

08:54:51.0359 0748  Schedule - ok

08:54:51.0375 0748  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys

08:54:51.0375 0748  Secdrv - ok

08:54:51.0375 0748  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll

08:54:51.0375 0748  seclogon - ok

08:54:51.0375 0748  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll

08:54:51.0375 0748  SENS - ok

08:54:51.0390 0748  [ 2D7EBBEE1ADDAA91704DB206205073D3 ] Ser2pl          C:\WINDOWS\system32\DRIVERS\ser2pl.sys

08:54:51.0406 0748  Ser2pl - ok

08:54:51.0406 0748  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys

08:54:51.0406 0748  Serenum - ok

08:54:51.0421 0748  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys

08:54:51.0421 0748  Serial - ok

08:54:51.0421 0748  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys

08:54:51.0421 0748  Sfloppy - ok

08:54:51.0453 0748  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll

08:54:51.0453 0748  SharedAccess - ok

08:54:51.0468 0748  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

08:54:51.0468 0748  ShellHWDetection - ok

08:54:51.0468 0748  Simbad - ok

08:54:51.0500 0748  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys

08:54:51.0500 0748  sisagp - ok

08:54:51.0515 0748  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys

08:54:51.0515 0748  Sparrow - ok

08:54:51.0531 0748  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys

08:54:51.0531 0748  splitter - ok

08:54:51.0578 0748  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe

08:54:51.0578 0748  Spooler - ok

08:54:51.0593 0748  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys

08:54:51.0593 0748  sr - ok

08:54:51.0593 0748  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll

08:54:51.0593 0748  srservice - ok

08:54:51.0609 0748  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys

08:54:51.0625 0748  Srv - ok

08:54:51.0640 0748  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll

08:54:51.0640 0748  SSDPSRV - ok

08:54:51.0656 0748  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll

08:54:51.0656 0748  stisvc - ok

08:54:51.0671 0748  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys

08:54:51.0671 0748  swenum - ok

08:54:51.0687 0748  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys

08:54:51.0687 0748  swmidi - ok

08:54:51.0687 0748  SwPrv - ok

08:54:51.0687 0748  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys

08:54:51.0687 0748  symc810 - ok

08:54:51.0703 0748  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys

08:54:51.0703 0748  symc8xx - ok

08:54:51.0718 0748  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys

08:54:51.0718 0748  sym_hi - ok

08:54:51.0734 0748  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys

08:54:51.0734 0748  sym_u3 - ok

08:54:51.0765 0748  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys

08:54:51.0765 0748  sysaudio - ok

08:54:51.0781 0748  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe

08:54:51.0781 0748  SysmonLog - ok

08:54:51.0796 0748  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll

08:54:51.0796 0748  TapiSrv - ok

08:54:51.0812 0748  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys

08:54:51.0812 0748  Tcpip - ok

08:54:51.0828 0748  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys

08:54:51.0828 0748  TDPIPE - ok

08:54:51.0843 0748  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys

08:54:51.0843 0748  TDTCP - ok

08:54:51.0859 0748  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys

08:54:51.0859 0748  TermDD - ok

08:54:51.0859 0748  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll

08:54:51.0859 0748  TermService - ok

08:54:51.0859 0748  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll

08:54:51.0859 0748  Themes - ok

08:54:51.0890 0748  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe

08:54:51.0890 0748  TlntSvr - ok

08:54:51.0890 0748  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys

08:54:51.0890 0748  TosIde - ok

08:54:51.0890 0748  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll

08:54:51.0890 0748  TrkWks - ok

08:54:51.0890 0748  TrueSight - ok

08:54:51.0906 0748  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys

08:54:51.0906 0748  Udfs - ok

08:54:51.0921 0748  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys

08:54:51.0921 0748  ultra - ok

08:54:51.0937 0748  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys

08:54:51.0953 0748  Update - ok

08:54:51.0968 0748  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll

08:54:51.0968 0748  upnphost - ok

08:54:51.0984 0748  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe

08:54:51.0984 0748  UPS - ok

08:54:52.0000 0748  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys

08:54:52.0000 0748  usbccgp - ok

08:54:52.0031 0748  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys

08:54:52.0031 0748  usbehci - ok

08:54:52.0046 0748  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys

08:54:52.0046 0748  usbhub - ok

08:54:52.0078 0748  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys

08:54:52.0078 0748  usbprint - ok

08:54:52.0109 0748  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys

08:54:52.0109 0748  usbscan - ok

08:54:52.0140 0748  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:54:52.0140 0748  USBSTOR - ok

08:54:52.0156 0748  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys

08:54:52.0156 0748  usbuhci - ok

08:54:52.0203 0748  [ B4D7B7AD8A9F7C063C5CC3E2C1A0724E ] usb_rndisx      C:\WINDOWS\system32\DRIVERS\usb8023x.sys

08:54:52.0203 0748  usb_rndisx - ok

08:54:52.0203 0748  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys

08:54:52.0203 0748  VgaSave - ok

08:54:52.0218 0748  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys

08:54:52.0218 0748  viaagp - ok

08:54:52.0234 0748  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys

08:54:52.0234 0748  ViaIde - ok

08:54:52.0250 0748  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys

08:54:52.0250 0748  VolSnap - ok

08:54:52.0265 0748  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe

08:54:52.0265 0748  VSS - ok

08:54:52.0375 0748  [ F1E8C5167F849D1089D8108C50E6FF11 ] vToolbarUpdater15.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

08:54:52.0390 0748  vToolbarUpdater15.2.0 - ok

08:54:52.0406 0748  [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time         C:\WINDOWS\system32\w32time.dll

08:54:52.0421 0748  w32time - ok

08:54:52.0421 0748  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys

08:54:52.0421 0748  Wanarp - ok

08:54:52.0421 0748  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys

08:54:52.0421 0748  wdmaud - ok

08:54:52.0437 0748  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll

08:54:52.0437 0748  WebClient - ok

08:54:52.0453 0748  [ 92CE6497076EAC3083185C44157B3A46 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

08:54:52.0453 0748  winachsf - ok

08:54:52.0484 0748  [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend       C:\Program Files\Windows Defender\MsMpEng.exe

08:54:52.0484 0748  WinDefend - ok

08:54:52.0546 0748  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll

08:54:52.0546 0748  winmgmt - ok

08:54:52.0578 0748  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll

08:54:52.0578 0748  Wmi - ok

08:54:52.0609 0748  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe

08:54:52.0609 0748  WmiApSrv - ok

08:54:52.0656 0748  [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

08:54:52.0656 0748  WMPNetworkSvc - ok

08:54:52.0703 0748  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

08:54:52.0718 0748  WPFFontCache_v0400 - ok

08:54:52.0734 0748  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys

08:54:52.0734 0748  WS2IFSL - ok

08:54:52.0734 0748  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll

08:54:52.0734 0748  wscsvc - ok

08:54:52.0734 0748  WSearch - ok

08:54:52.0765 0748  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll

08:54:52.0765 0748  wuauserv - ok

08:54:52.0796 0748  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys

08:54:52.0796 0748  WudfPf - ok

08:54:52.0796 0748  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys

08:54:52.0796 0748  WudfRd - ok

08:54:52.0812 0748  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll

08:54:52.0812 0748  WudfSvc - ok

08:54:52.0843 0748  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll

08:54:52.0843 0748  WZCSVC - ok

08:54:52.0859 0748  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll

08:54:52.0875 0748  xmlprov - ok

08:54:52.0875 0748  ================ Scan global ===============================

08:54:52.0890 0748  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

08:54:52.0937 0748  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll

08:54:52.0937 0748  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll

08:54:52.0953 0748  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

08:54:52.0953 0748  [Global] - ok

08:54:52.0953 0748  ================ Scan MBR ==================================

08:54:52.0968 0748  [ 7B53936AFA31AA818DDEE1F13C3004E3 ] \Device\Harddisk0\DR0

08:54:53.0218 0748  \Device\Harddisk0\DR0 ( TDSS File System ) - warning

08:54:53.0218 0748  \Device\Harddisk0\DR0 - detected TDSS File System (1)

08:54:53.0218 0748  [ BBB0A0725AD66F38B1A32135F3CB55D6 ] \Device\Harddisk1\DR4

08:54:53.0359 0748  \Device\Harddisk1\DR4 - ok

08:54:53.0359 0748  ================ Scan VBR ==================================

08:54:53.0359 0748  [ 4D71E337C6EAF8827FBDD7B7B57876E0 ] \Device\Harddisk0\DR0\Partition1

08:54:53.0359 0748  \Device\Harddisk0\DR0\Partition1 - ok

08:54:53.0375 0748  [ 5CBEE43AFEC6D7B11AD893DB70C76757 ] \Device\Harddisk1\DR4\Partition1

08:54:53.0375 0748  \Device\Harddisk1\DR4\Partition1 - ok

08:54:53.0375 0748  ============================================================

08:54:53.0375 0748  Scan finished

08:54:53.0375 0748  ============================================================

08:54:53.0375 2508  Detected object count: 1

08:54:53.0375 2508  Actual detected object count: 1

08:55:14.0437 2508  \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine

08:55:14.0437 2508  \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine

08:55:14.0437 2508  \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine

08:55:14.0500 2508  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

08:55:14.0500 2508  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

08:55:14.0500 2508  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

08:55:14.0500 2508  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

08:55:14.0500 2508  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

08:55:14.0500 2508  \Device\Harddisk0\DR0\TDLFS\eorj.tmp - copied to quarantine

08:55:14.0500 2508  \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine

08:55:14.0500 2508  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine 

 

Log from AdwCleaner

 

 

# AdwCleaner v2.303 - Logfile created 06/21/2013 at 09:01:37

# Updated 08/06/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : NAME REDACTED - LOUSDELL

# Boot Mode : Normal

# Running from : C:\Documents and Settings\NAME REDACTED\My Documents\Downloads\AdwCleaner.exe

# Option [Delete]

 

 

***** [Services] *****

 

 

***** [Files / Folders] *****

 

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

Folder Deleted : C:\Documents and Settings\NAME REDACTED\Application Data\DSite

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

 

***** [Internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v15.0 (en-US)

 

File : C:\Documents and Settings\NAME REDACTED\Application Data\Mozilla\Firefox\Profiles\yjgdu47w.default\prefs.js

 

[OK] File is clean.

 

File : C:\Documents and Settings\NAME REDACTED2\Application Data\Mozilla\Firefox\Profiles\hdz9cu15.default\prefs.js

 

[OK] File is clean.

 

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ley0pto.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v27.0.1453.110

 

File : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

File : C:\Documents and Settings\NAME REDACTED\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

 

Deleted [l.1] : icon_url ={"autofill":{"negative_upload_rate":1.0,"positive_upload_rate":1.0},"backup":{"_signature":"pgxoFPeh[...]

 

File : C:\Documents and Settings\lv.LOUSDELL\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R2].txt - [9992 octets] - [17/06/2013 15:56:45]

AdwCleaner[R3].txt - [60925 octets] - [21/06/2013 08:56:35]

AdwCleaner[R4].txt - [60986 octets] - [21/06/2013 09:01:21]

AdwCleaner[S2].txt - [8403 octets] - [17/06/2013 15:56:59]

AdwCleaner[S3].txt - [4662 octets] - [21/06/2013 09:01:37]

 

########## EOF - C:\AdwCleaner[S3].txt - [4722 octets] ##########

 

 

ESET keeps freezing, I'll have to try running it again in Safe Mode in a few hours. Mom needs her computer back to get some work done in the meantime.

 

UPDATE: ESET keeps getting caught up on a file named cache_b245881ef159f3b4f18676ffbc1e7425c542aea3.cache somewhere in the documents and settings file, I'm not sure where.

UPDATE2: Ah, it finally moved on past that file and still scanning. Oy.


Edited by zombiebex, 21 June 2013 - 11:10 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:33 PM

Posted 21 June 2013 - 11:14 AM

Also .. first update Malwarebytes and run a Full Scan.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 zombiebex

zombiebex
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 21 June 2013 - 02:54 PM

The ESET has been going for about 4 hours now, the last two of which has been spent scanning a glut of *.sst files somewhere in the Documents and Settings files.



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:33 PM

Posted 21 June 2013 - 08:09 PM

Please let it finish up to 20 hours. The sst.. Digital certificate downloaded from a Certificate Authority (CA); installed as a root certificate on Windows computers and is used to validate the identities of websites and software programs; typically saved in a folder along with other .PFX certificate files.

The SST file format preserves all certificate store properties and is useful for transferring certificates between computers.
Also belongs to Games.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 zombiebex

zombiebex
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 24 June 2013 - 09:05 AM

After leaving ESET to run overnight, my mother got to the computer before me and hit "OK" after seeing that ESET had finished and listed 5 threats. Soooo... no log.

 

I removed everything related to Google Earth, and that seemed to help free up a ton of space, but there's still some redirect issues with Google Chrome. I'll run MBAM for now, and ESET again when I leave the office.

 

UPDATE: Here's the MBAM scan:

 

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.06.17.04
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Louise Veverka :: LOUSDELL [administrator]
 
Protection: Disabled
 
6/24/2013 10:13:03 AM
mbam-log-2013-06-24 (10-13-03).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 676621
Time elapsed: 1 hour(s), 5 minute(s), 27 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\scad2006\recoved\FM3901210005B.pdf (Spyware.Zbot.USBV) -> Quarantined and deleted successfully.
 
(end)

Edited by zombiebex, 24 June 2013 - 10:27 AM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:33 PM

Posted 24 June 2013 - 08:19 PM

The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt"). You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on the desktop.

 

 

If you rerun MBAm does it find this again.

 

C:\scad2006\recoved\FM3901210005B.pdf (Spyware.Zbot.USBV) -> Quarantined and deleted successfully.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users