Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware and Adware causing all kinds of strange issues despite "removal"


  • Please log in to reply
7 replies to this topic

#1 buddzoo

buddzoo

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 01 July 2013 - 10:23 PM

Problems occurring:

  • Random websites popping up in browser - both in chrome and IE, some are ads and some seem like regular business sites.
  • Cannot run or reinstall Microsoft Security Essentials. Get error code 0x80070643. Ran through ALL of the fixes on Microsoft's support site.
  • Cannot run Minecraft now
  • Secure websites (https) not working - some sort of certificate revoked errors on every single site.

What I've done so far -

  • Rolled computer back a few days
  • Ran MBAM and got all kinds of PrivacySafeguard and RelevantKnowledge problems which supposedly were fixed.
  • Ran adwcleaner a few times over the last week and it was originally filled with stuff but now runs pretty clean,.
  • Ran sfc /scannow with NT Professional installation disk and apparently fixed a few corrupt files which then allowed us to at least get on Chrome and be able to load software
  • Ran MBAM again
  • Tried installing Security Essentials several times with different processes running/stopped (selective startup mode). Same error code each time. I ran through all of the suggested fixes to get Security Essentials running: http://windows.microsoft.com/en-us/windows/i-cant-install-microsoft-security-essentials
  • Ran several other programs suggested on the microsoft forums like the online malware checker and several versions of trojan.siredef malware which was cleaned and removed.
  • Then ran MBAM full scan again and found some more. Also ran the malwarebytes rootkit tool and deleted a bunch of the siredef files.
  • Running MBAM, Defender (which I could load but couldn't get Security Essentials to run), MS Safety Scanner and Malware Removal tools no longer finds anything, but random sites are still popping up and I still cannot get Security Essentials to load.
  • I'm sure I did a lot more along the way since I've been trying to fix this for hours and hours over the last few days

 

Here is the LATEST MBAM Quick Scan log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.01.06
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Valued Customer :: LATITUDE [administrator]
 
7/1/2013 10:50:50 PM
mbam-log-2013-07-01 (22-50-50).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214636
Time elapsed: 11 minute(s), 36 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

** Here is the log that started all this painful process so it has at least gotten better... **

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.06.27.11
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Valued Customer :: LATITUDE [administrator]
 
6/27/2013 10:32:04 PM
mbam-log-2013-06-27 (22-32-04).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 308937
Time elapsed: 1 hour(s), 53 minute(s), 54 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 8
HKCR\CLSID\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCR\TypeLib\{145310E3-18FA-41A9-BEE4-F830B08C6014} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCR\Interface\{76348131-7ADF-4FE7-9047-529719D86186} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCR\PrivacySafeGuard.BHO.1 (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCR\PrivacySafeGuard.BHO (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
 
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RelevantKnowledge (PUP.Adware.RelevantKnowledge) -> Data: c:\program files\relevantknowledge\rlvknlg.exe -boot -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 8
C:\Program Files\RelevantKnowledge (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\firefox (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\firefox\resources (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\firefox\resources\dpjs (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\firefox\resources\dpjs\data (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\firefox\resources\dpjs\data\.idea (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\firefox\resources\dpjs\data\.idea\scopes (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\firefox\resources\dpjs\lib (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
 
Files Detected: 20
C:\Program Files\RelevantKnowledge\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlls64.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlph.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlservice.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlvknlg64.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlxf.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\firefox\rlnx.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BED7012-B1F6-45F5-8B1E-D6970A2BC1FB}\RP807\A0344457.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BED7012-B1F6-45F5-8B1E-D6970A2BC1FB}\RP808\A0344686.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BED7012-B1F6-45F5-8B1E-D6970A2BC1FB}\RP808\A0344713.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BED7012-B1F6-45F5-8B1E-D6970A2BC1FB}\RP808\A0345721.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\shfscp.dat (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\firefox\resources\dpjs\data\content.js (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\firefox\resources\dpjs\lib\dompilot.js (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\firefox\resources\dpjs\lib\dputil.js (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\firefox\resources\dpjs\lib\main.js (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
 
(end)
 

Then a subsequent scan:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.01.01
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Valued Customer :: LATITUDE [administrator]
 
7/1/2013 3:35:15 AM
mbam-log-2013-07-01 (03-35-15).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 321684
Time elapsed: 2 hour(s), 38 minute(s), 35 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\RECYCLER\S-1-5-21-854245398-436374069-725345543-1003\$R22C78EC8 (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BED7012-B1F6-45F5-8B1E-D6970A2BC1FB}\RP811\A0349911.dll (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
 
(end)
 

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:06 AM

Posted 01 July 2013 - 10:40 PM

Hello and welcome.. Let's do this and see how it is...

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
Update and rescan with MBAM. Post the new log.



Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
Ill look back tomorrow as I must leave now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 buddzoo

buddzoo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 02 July 2013 - 11:25 AM

Ran RKILL

Ran MBAM

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.01.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Valued Customer :: LATITUDE [administrator]

7/2/2013 10:38:30 AM
mbam-log-2013-07-02 (10-38-30).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 312516
Time elapsed: 1 hour(s), 11 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

MINITOOLBOX FILE:

MiniToolBox by Farbar  Version: 16-06-2013
Ran by Valued Customer (administrator) on 02-07-2013 at 12:16:42
Running from "C:\Documents and Settings\Valued Customer\desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Dell Wireless 1370 WLAN Mini-PCI Card = Wireless Network Connection (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

popd
# End of interface IP configuration

 

Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : LATITUDE

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

 

Ethernet adapter Local Area Connection:

 

        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

        Physical Address. . . . . . . . . : 00-12-3F-11-6A-6D

 

Ethernet adapter Wireless Network Connection:

 

        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Dell Wireless 1370 WLAN Mini-PCI Card

        Physical Address. . . . . . . . . : 00-14-A5-05-59-89

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.103

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 24.178.162.3

                                            66.189.0.100

                                            24.217.201.67

        Lease Obtained. . . . . . . . . . : Tuesday, July 02, 2013 10:18:54 AM

        Lease Expires . . . . . . . . . . : Wednesday, July 03, 2013 10:18:54 AM

Server:  vip01spbgsc.spbg.sc.charter.com
Address:  24.178.162.3

Name:    google.com
Addresses:  173.194.37.78, 173.194.37.68, 173.194.37.70, 173.194.37.72
   173.194.37.73, 173.194.37.65, 173.194.37.69, 173.194.37.66, 173.194.37.64
   173.194.37.71, 173.194.37.67

 

Pinging google.com [173.194.37.66] with 32 bytes of data:

 

Reply from 173.194.37.66: bytes=32 time=15ms TTL=51

Reply from 173.194.37.66: bytes=32 time=17ms TTL=51

 

Ping statistics for 173.194.37.66:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 15ms, Maximum = 17ms, Average = 16ms

Server:  vip01spbgsc.spbg.sc.charter.com
Address:  24.178.162.3

Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.183.24

 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

 

Reply from 98.138.253.109: bytes=32 time=82ms TTL=44

Reply from 98.138.253.109: bytes=32 time=73ms TTL=44

 

Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 73ms, Maximum = 82ms, Average = 77ms

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 12 3f 11 6a 6d ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x3 ...00 14 a5 05 59 89 ...... Dell Wireless 1370 WLAN Mini-PCI Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.103   25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
      192.168.1.0    255.255.255.0    192.168.1.103   192.168.1.103   25
    192.168.1.103  255.255.255.255        127.0.0.1       127.0.0.1   25
    192.168.1.255  255.255.255.255    192.168.1.103   192.168.1.103   25
        224.0.0.0        240.0.0.0    192.168.1.103   192.168.1.103   25
  255.255.255.255  255.255.255.255    192.168.1.103   192.168.1.103   1
  255.255.255.255  255.255.255.255    192.168.1.103               2   1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 27 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/01/2013 05:39:25 PM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x80070643
Description:.  0x80070643. Fatal error during installation.

Error: (07/01/2013 05:39:20 PM) (Source: MsiInstaller) (User: LATITUDE)
Description: Product: Microsoft Security Client -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft Security Client\SymSrv.yes,

Error: (07/01/2013 00:19:24 PM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x80070643
Description:.  0x80070643. Fatal error during installation.

Error: (07/01/2013 00:18:54 PM) (Source: MsiInstaller) (User: LATITUDE)
Description: Product: Microsoft Security Client -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft Security Client\SymSrv.yes,

Error: (07/01/2013 11:44:17 AM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x8004FF11
Description:.  0x8004FF11.

Error: (07/01/2013 11:18:26 AM) (Source: MsiInstaller) (User: LATITUDE)
Description: Product: Microsoft Security Client -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft Security Client\SymSrv.yes,

Error: (07/01/2013 03:33:46 AM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x80070643
Description:.  0x80070643. Fatal error during installation.

Error: (07/01/2013 03:33:41 AM) (Source: MsiInstaller) (User: LATITUDE)
Description: Product: Microsoft Security Client -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft Security Client\SymSrv.yes,

Error: (07/01/2013 02:28:32 AM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x80070643
Description:.  0x80070643. Fatal error during installation.

Error: (07/01/2013 02:28:21 AM) (Source: MsiInstaller) (User: LATITUDE)
Description: Product: Microsoft Security Client -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft Security Client\SymSrv.yes,

System errors:
=============
Error: (07/02/2013 10:46:01 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/02/2013 10:35:53 AM) (Source: Service Control Manager) (User: )
Description: The Broadcom ASF IP monitoring service v6.0.4 service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/02/2013 05:46:00 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/02/2013 00:46:01 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/02/2013 00:19:31 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.102 for the Network Card with network address 0014A5055989 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (07/01/2013 07:46:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/01/2013 01:46:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/01/2013 11:46:05 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/01/2013 11:43:39 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm

Error: (07/01/2013 11:43:06 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Microsoft Office Sessions:
=========================
Error: (07/01/2013 05:39:25 PM) (Source: Microsoft Security Client Setup)(User: )
Description: HRESULT:0x80070643
Description:.  0x80070643. Fatal error during installation.

Error: (07/01/2013 05:39:20 PM) (Source: MsiInstaller)(User: LATITUDE)
Description: Product: Microsoft Security Client -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft Security Client\SymSrv.yes, (NULL)(NULL)(NULL)

Error: (07/01/2013 00:19:24 PM) (Source: Microsoft Security Client Setup)(User: )
Description: HRESULT:0x80070643
Description:.  0x80070643. Fatal error during installation.

Error: (07/01/2013 00:18:54 PM) (Source: MsiInstaller)(User: LATITUDE)
Description: Product: Microsoft Security Client -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft Security Client\SymSrv.yes, (NULL)(NULL)(NULL)

Error: (07/01/2013 11:44:17 AM) (Source: Microsoft Security Client Setup)(User: )
Description: HRESULT:0x8004FF11
Description:.  0x8004FF11.

Error: (07/01/2013 11:18:26 AM) (Source: MsiInstaller)(User: LATITUDE)
Description: Product: Microsoft Security Client -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft Security Client\SymSrv.yes, (NULL)(NULL)(NULL)

Error: (07/01/2013 03:33:46 AM) (Source: Microsoft Security Client Setup)(User: )
Description: HRESULT:0x80070643
Description:.  0x80070643. Fatal error during installation.

Error: (07/01/2013 03:33:41 AM) (Source: MsiInstaller)(User: LATITUDE)
Description: Product: Microsoft Security Client -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft Security Client\SymSrv.yes, (NULL)(NULL)(NULL)

Error: (07/01/2013 02:28:32 AM) (Source: Microsoft Security Client Setup)(User: )
Description: HRESULT:0x80070643
Description:.  0x80070643. Fatal error during installation.

Error: (07/01/2013 02:28:21 AM) (Source: MsiInstaller)(User: LATITUDE)
Description: Product: Microsoft Security Client -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft Security Client\SymSrv.yes, (NULL)(NULL)(NULL)

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 6.1.1)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 11 Plugin (Version: 11.6.602.171)
Adobe Reader X (10.1.1) (Version: 10.1.1)
ALPS Touch Pad Driver
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ATI - Software Uninstall Utility (Version: 6.14.10.1010)
ATI Display Driver (Version: 8.063.2.1.1-050111a-020427C-Dell)
Bandisoft MPEG-1 Decoder
BB FlashBack Express (Version: 4.1.5.2723)
Broadcom ASF Management Applications (Version: 5.09.01)
Conexant D110 MDC V.92 Modem
Disney's Magic Artist Cartoon Maker
DQscreensaver6
Dxtory version 2.0.119 (Version: 2.0.119)
Empty Temp Folders 2.8.3
File Type Assistant (Version: 2013.4.8.0)
FileLab Plugin 1.1.33 (Version: 1.1.33)
GameMaker 8.1
Google Chrome (Version: 27.0.1453.116)
Google Update Helper (Version: 1.3.21.145)
HP Officejet Pro 8600 Basic Device Software (Version: 25.0.619.0)
HP Officejet Pro 8600 Help (Version: 140.0.2.2)
HP Officejet Pro 8600 Product Improvement Study (Version: 25.0.619.0)
HP Update (Version: 5.003.000.004)
I.R.I.S. OCR (Version: 12.3.4.0)
Intel® Graphics Media Accelerator Driver for Mobile (Version: 6.14.10.4410)
iTunes (Version: 10.7.0.21)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
K-Lite Codec Pack 7.9.0 (Basic) (Version: 7.9.0)
Magic Online (Version: 3.00.0000)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Digital Image Library 9 - Blocker (Version: 9.00.0000)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Picture It! Library 10 (Version: 10.0.0612)
Microsoft Picture It! Premium 10 (Version: 10.0.0612)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Speech Recognition Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 07.03.0719)
Microsoft Works 2004 Setup Launcher
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
Paint.NET v3.5.10 (Version: 3.60.0)
Photo Viewer
Plugin Update
Python 3.3.0 (Version: 3.3.150)
Quest Creator
Roblox for Valued Customer
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Drag-to-Disc (Version: 9.1)
RPG MAKER VX Ace (Version: 1.01a)
RPG MAKER VX Ace RTP (Version: 1.00)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.0 (Version: 6.0.126)
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
Sonic Update Manager (Version: 3.0.0)
Sony Vegas Pro 8.0 (Version: 8.0.179)
Steam (Version: 1.0.0.0)
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 2.00.0000)
TIPCI (Version: 2.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB980302) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Defender (Version: 1.1.1593.21)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
WorldPainter 1.4.0 (Version: 1.4.0)

========================= Memory info: ===================================

Percentage of memory in use: 67%
Total physical RAM: 1015.36 MB
Available physical RAM: 325.21 MB
Total Pagefile: 1690.79 MB
Available Pagefile: 1030.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.54 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.53 GB) (Free:27.13 GB) NTFS

========================= Users: ========================================

User accounts for \\LATITUDE

Administrator            ASPNET                   Guest                   
HelpAssistant            SUPPORT_388945a0         Valued Customer         

**** End of log ****

 

TDSSKILLER LOG

12:21:39.0765 9376 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

12:21:40.0453 9376 ============================================================

12:21:40.0453 9376 Current date / time: 2013/07/02 12:21:40.0453

12:21:40.0453 9376 SystemInfo:

12:21:40.0453 9376

12:21:40.0453 9376 OS Version: 5.1.2600 ServicePack: 3.0

12:21:40.0453 9376 Product type: Workstation

12:21:40.0453 9376 ComputerName: LATITUDE

12:21:40.0453 9376 UserName: Valued Customer

12:21:40.0453 9376 Windows directory: C:\WINDOWS

12:21:40.0453 9376 System windows directory: C:\WINDOWS

12:21:40.0453 9376 Processor architecture: Intel x86

12:21:40.0453 9376 Number of processors: 1

12:21:40.0453 9376 Page size: 0x1000

12:21:40.0453 9376 Boot type: Normal boot

12:21:40.0453 9376 ============================================================

12:21:42.0343 9376 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

12:21:42.0343 9376 ============================================================

12:21:42.0343 9376 \Device\Harddisk0\DR0:

12:21:42.0343 9376 MBR partitions:

12:21:42.0343 9376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482

12:21:42.0343 9376 ============================================================

12:21:42.0375 9376 C: <-> \Device\Harddisk0\DR0\Partition1

12:21:42.0375 9376 ============================================================

12:21:42.0375 9376 Initialize success

12:21:42.0375 9376 ============================================================

12:22:10.0281 3340 ============================================================

12:22:10.0281 3340 Scan started

12:22:10.0281 3340 Mode: Manual; TDLFS;

12:22:10.0281 3340 ============================================================

12:22:12.0093 3340 ================ Scan system memory ========================

12:22:12.0093 3340 System memory - ok

12:22:12.0093 3340 ================ Scan services =============================

12:22:12.0281 3340 Abiosdsk - ok

12:22:12.0296 3340 abp480n5 - ok

12:22:12.0375 3340 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

12:22:12.0375 3340 ACPI - ok

12:22:12.0437 3340 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

12:22:12.0437 3340 ACPIEC - ok

12:22:12.0515 3340 AcrSch2Svc - ok

12:22:12.0531 3340 adpu160m - ok

12:22:12.0593 3340 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

12:22:12.0593 3340 aec - ok

12:22:12.0656 3340 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

12:22:12.0671 3340 AFD - ok

12:22:12.0687 3340 Aha154x - ok

12:22:12.0687 3340 aic78u2 - ok

12:22:12.0703 3340 aic78xx - ok

12:22:12.0750 3340 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

12:22:12.0750 3340 Alerter - ok

12:22:12.0796 3340 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

12:22:12.0796 3340 ALG - ok

12:22:12.0796 3340 AliIde - ok

12:22:12.0812 3340 amsint - ok

12:22:12.0875 3340 [ 090880E9BF20F928BC341F96D27C019E ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

12:22:12.0875 3340 ApfiltrService - ok

12:22:12.0968 3340 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

12:22:12.0968 3340 Apple Mobile Device - ok

12:22:13.0015 3340 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

12:22:13.0015 3340 AppMgmt - ok

12:22:13.0031 3340 asc - ok

12:22:13.0046 3340 asc3350p - ok

12:22:13.0062 3340 asc3550 - ok

12:22:13.0250 3340 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

12:22:13.0281 3340 aspnet_state - ok

12:22:13.0328 3340 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

12:22:13.0328 3340 AsyncMac - ok

12:22:13.0375 3340 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

12:22:13.0375 3340 atapi - ok

12:22:13.0390 3340 Atdisk - ok

12:22:13.0468 3340 [ 17EA1C7671DDE20E32E7C9FFE842F46E ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

12:22:13.0484 3340 Ati HotKey Poller - ok

12:22:13.0546 3340 [ 8EB17CF829DF300CC885651CFEAF931C ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

12:22:13.0593 3340 ati2mtag - ok

12:22:13.0625 3340 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

12:22:13.0625 3340 Atmarpc - ok

12:22:13.0687 3340 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

12:22:13.0687 3340 AudioSrv - ok

12:22:13.0734 3340 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

12:22:13.0734 3340 audstub - ok

12:22:13.0796 3340 [ 241474D01380E9ED41D4C07F4F5FD401 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys

12:22:13.0812 3340 b57w2k - ok

12:22:13.0859 3340 [ BDD5538B859DBEB3ECAF09B3D027553A ] BAsfIpM C:\WINDOWS\system32\basfipm.exe

12:22:13.0859 3340 BAsfIpM - ok

12:22:13.0953 3340 [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

12:22:13.0984 3340 BCM43XX - ok

12:22:14.0046 3340 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

12:22:14.0046 3340 Beep - ok

12:22:14.0140 3340 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

12:22:14.0187 3340 BITS - ok

12:22:14.0234 3340 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

12:22:14.0250 3340 Browser - ok

12:22:14.0281 3340 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys

12:22:14.0281 3340 BthEnum - ok

12:22:14.0312 3340 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys

12:22:14.0328 3340 BthPan - ok

12:22:14.0421 3340 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys

12:22:14.0437 3340 BTHPORT - ok

12:22:14.0453 3340 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll

12:22:14.0468 3340 BthServ - ok

12:22:14.0500 3340 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys

12:22:14.0500 3340 BTHUSB - ok

12:22:14.0531 3340 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

12:22:14.0531 3340 cbidf2k - ok

12:22:14.0546 3340 cd20xrnt - ok

12:22:14.0609 3340 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

12:22:14.0609 3340 Cdaudio - ok

12:22:14.0671 3340 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

12:22:14.0687 3340 Cdfs - ok

12:22:14.0703 3340 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

12:22:14.0703 3340 Cdrom - ok

12:22:14.0718 3340 Changer - ok

12:22:14.0765 3340 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

12:22:14.0765 3340 CiSvc - ok

12:22:14.0796 3340 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

12:22:14.0796 3340 ClipSrv - ok

12:22:14.0890 3340 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:22:14.0890 3340 clr_optimization_v2.0.50727_32 - ok

12:22:14.0968 3340 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:22:15.0171 3340 clr_optimization_v4.0.30319_32 - ok

12:22:15.0218 3340 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys

12:22:15.0218 3340 CmBatt - ok

12:22:15.0234 3340 CmdIde - ok

12:22:15.0250 3340 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys

12:22:15.0250 3340 Compbatt - ok

12:22:15.0265 3340 COMSysApp - ok

12:22:15.0281 3340 Cpqarray - ok

12:22:15.0296 3340 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

12:22:15.0312 3340 CryptSvc - ok

12:22:15.0328 3340 dac2w2k - ok

12:22:15.0328 3340 dac960nt - ok

12:22:15.0421 3340 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

12:22:15.0453 3340 DcomLaunch - ok

12:22:15.0500 3340 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

12:22:15.0500 3340 Dhcp - ok

12:22:15.0515 3340 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

12:22:15.0515 3340 Disk - ok

12:22:15.0546 3340 [ A0500678A33802D8954153839301D539 ] DLABMFSM C:\WINDOWS\system32\Drivers\DLABMFSM.SYS

12:22:15.0546 3340 DLABMFSM - ok

12:22:15.0578 3340 [ B8D2F68CAC54D46281399F9092644794 ] DLABOIOM C:\WINDOWS\system32\Drivers\DLABOIOM.SYS

12:22:15.0578 3340 DLABOIOM - ok

12:22:15.0609 3340 [ 0EE93AB799D1CB4EC90B36F3612FE907 ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

12:22:15.0625 3340 DLACDBHM - ok

12:22:15.0656 3340 [ 87413B94AE1FABC117C4E8AE6725134E ] DLADResM C:\WINDOWS\system32\Drivers\DLADResM.SYS

12:22:15.0656 3340 DLADResM - ok

12:22:15.0671 3340 [ 766A148235BE1C0039C974446E4C0EDC ] DLAIFS_M C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS

12:22:15.0671 3340 DLAIFS_M - ok

12:22:15.0687 3340 [ 38267CCA177354F1C64450A43A4F7627 ] DLAOPIOM C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS

12:22:15.0687 3340 DLAOPIOM - ok

12:22:15.0687 3340 [ FD363369FD313B46B5AEAB1A688B52E9 ] DLAPoolM C:\WINDOWS\system32\Drivers\DLAPoolM.SYS

12:22:15.0687 3340 DLAPoolM - ok

12:22:15.0703 3340 [ 336AE18F0912EF4FBE5518849E004D74 ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

12:22:15.0703 3340 DLARTL_M - ok

12:22:15.0718 3340 [ FD85F682C1CC2A7CA878C7A448E6D87E ] DLAUDFAM C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS

12:22:15.0734 3340 DLAUDFAM - ok

12:22:15.0734 3340 [ AF389CE587B6BF5BBDCD6F6ABE5EABC0 ] DLAUDF_M C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS

12:22:15.0734 3340 DLAUDF_M - ok

12:22:15.0750 3340 dmadmin - ok

12:22:15.0796 3340 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

12:22:15.0828 3340 dmboot - ok

12:22:15.0859 3340 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

12:22:15.0875 3340 dmio - ok

12:22:15.0906 3340 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

12:22:15.0906 3340 dmload - ok

12:22:15.0921 3340 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

12:22:15.0937 3340 dmserver - ok

12:22:15.0968 3340 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

12:22:15.0968 3340 DMusic - ok

12:22:16.0015 3340 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

12:22:16.0015 3340 Dnscache - ok

12:22:16.0062 3340 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

12:22:16.0062 3340 Dot3svc - ok

12:22:16.0078 3340 dpti2o - ok

12:22:16.0109 3340 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

12:22:16.0109 3340 drmkaud - ok

12:22:16.0109 3340 [ 5D3B71BB2BB0009D65D290E2EF374BD3 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

12:22:16.0109 3340 DRVMCDB - ok

12:22:16.0171 3340 [ C591BA9F96F40A1FD6494DAFDCD17185 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

12:22:16.0171 3340 DRVNDDM - ok

12:22:16.0203 3340 EagleXNt - ok

12:22:16.0234 3340 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

12:22:16.0234 3340 EapHost - ok

12:22:16.0265 3340 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

12:22:16.0265 3340 ERSvc - ok

12:22:16.0328 3340 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

12:22:16.0328 3340 Eventlog - ok

12:22:16.0406 3340 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

12:22:16.0406 3340 EventSystem - ok

12:22:16.0453 3340 [ E3B0CD18146F9D51A34969E9BC2458D2 ] FANTOM C:\WINDOWS\system32\DRIVERS\fantom.sys

12:22:16.0453 3340 FANTOM - ok

12:22:16.0484 3340 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

12:22:16.0500 3340 Fastfat - ok

12:22:16.0546 3340 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

12:22:16.0562 3340 FastUserSwitchingCompatibility - ok

12:22:16.0593 3340 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys

12:22:16.0593 3340 Fdc - ok

12:22:16.0656 3340 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

12:22:16.0656 3340 Fips - ok

12:22:16.0687 3340 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

12:22:16.0687 3340 Flpydisk - ok

12:22:16.0703 3340 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

12:22:16.0718 3340 FltMgr - ok

12:22:16.0796 3340 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

12:22:16.0796 3340 FontCache3.0.0.0 - ok

12:22:16.0828 3340 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

12:22:16.0843 3340 Fs_Rec - ok

12:22:16.0859 3340 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

12:22:16.0859 3340 Ftdisk - ok

12:22:16.0906 3340 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

12:22:16.0906 3340 GEARAspiWDM - ok

12:22:16.0921 3340 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

12:22:16.0921 3340 Gpc - ok

12:22:16.0984 3340 [ CA835331825599B938E37525796D3549 ] GTIPCI21 C:\WINDOWS\system32\DRIVERS\gtipci21.sys

12:22:16.0984 3340 GTIPCI21 - ok

12:22:17.0125 3340 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

12:22:17.0125 3340 gupdate - ok

12:22:17.0140 3340 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

12:22:17.0140 3340 gupdatem - ok

12:22:17.0171 3340 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys

12:22:17.0171 3340 hamachi - ok

12:22:17.0312 3340 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

12:22:17.0312 3340 helpsvc - ok

12:22:17.0359 3340 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

12:22:17.0359 3340 HidServ - ok

12:22:17.0421 3340 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

12:22:17.0421 3340 HidUsb - ok

12:22:17.0468 3340 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

12:22:17.0468 3340 hkmsvc - ok

12:22:17.0484 3340 hpn - ok

12:22:17.0515 3340 [ A84BBBDD125D370593004F6429F8445C ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

12:22:17.0531 3340 HSFHWICH - ok

12:22:17.0578 3340 [ B678FA91CF4A1C19B462D8DB04CD02AB ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS

12:22:17.0890 3340 HSF_DPV - ok

12:22:18.0062 3340 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

12:22:18.0078 3340 HTTP - ok

12:22:18.0093 3340 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

12:22:18.0109 3340 HTTPFilter - ok

12:22:18.0109 3340 i2omgmt - ok

12:22:18.0125 3340 i2omp - ok

12:22:18.0187 3340 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

12:22:18.0187 3340 i8042prt - ok

12:22:18.0296 3340 [ 5A8E05F1D5C36ABD58CFFA111EB325EA ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

12:22:18.0359 3340 ialm - ok

12:22:18.0484 3340 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

12:22:18.0515 3340 idsvc - ok

12:22:18.0578 3340 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

12:22:18.0578 3340 Imapi - ok

12:22:18.0640 3340 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

12:22:18.0640 3340 ImapiService - ok

12:22:18.0656 3340 ini910u - ok

12:22:18.0687 3340 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

12:22:18.0687 3340 IntelIde - ok

12:22:18.0750 3340 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

12:22:18.0750 3340 intelppm - ok

12:22:18.0796 3340 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

12:22:18.0796 3340 Ip6Fw - ok

12:22:18.0843 3340 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

12:22:18.0843 3340 IpFilterDriver - ok

12:22:18.0859 3340 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

12:22:18.0859 3340 IpInIp - ok

12:22:18.0906 3340 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

12:22:18.0906 3340 IpNat - ok

12:22:18.0984 3340 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

12:22:19.0062 3340 iPod Service - ok

12:22:19.0093 3340 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

12:22:19.0093 3340 IPSec - ok

12:22:19.0156 3340 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys

12:22:19.0156 3340 irda - ok

12:22:19.0187 3340 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

12:22:19.0203 3340 IRENUM - ok

12:22:19.0234 3340 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll

12:22:19.0234 3340 Irmon - ok

12:22:19.0265 3340 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

12:22:19.0265 3340 isapnp - ok

12:22:19.0406 3340 [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe

12:22:19.0421 3340 JavaQuickStarterService - ok

12:22:19.0484 3340 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

12:22:19.0484 3340 Kbdclass - ok

12:22:19.0500 3340 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

12:22:19.0500 3340 kbdhid - ok

12:22:19.0531 3340 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

12:22:19.0546 3340 kmixer - ok

12:22:19.0609 3340 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

12:22:19.0609 3340 KSecDD - ok

12:22:19.0687 3340 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

12:22:19.0687 3340 lanmanserver - ok

12:22:19.0750 3340 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

12:22:19.0750 3340 lanmanworkstation - ok

12:22:19.0765 3340 lbrtfdc - ok

12:22:19.0796 3340 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

12:22:19.0796 3340 LmHosts - ok

12:22:19.0859 3340 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys

12:22:19.0859 3340 mbamchameleon - ok

12:22:19.0906 3340 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

12:22:19.0906 3340 mdmxsdk - ok

12:22:19.0937 3340 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

12:22:19.0937 3340 Messenger - ok

12:22:19.0984 3340 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

12:22:19.0984 3340 mnmdd - ok

12:22:20.0046 3340 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

12:22:20.0046 3340 mnmsrvc - ok

12:22:20.0109 3340 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

12:22:20.0109 3340 Modem - ok

12:22:20.0140 3340 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

12:22:20.0156 3340 Mouclass - ok

12:22:20.0203 3340 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

12:22:20.0203 3340 mouhid - ok

12:22:20.0218 3340 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

12:22:20.0218 3340 MountMgr - ok

12:22:20.0234 3340 mraid35x - ok

12:22:20.0265 3340 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

12:22:20.0265 3340 MRxDAV - ok

12:22:20.0328 3340 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

12:22:20.0359 3340 MRxSmb - ok

12:22:20.0390 3340 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

12:22:20.0390 3340 MSDTC - ok

12:22:20.0437 3340 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

12:22:20.0437 3340 Msfs - ok

12:22:20.0453 3340 MSIServer - ok

12:22:20.0468 3340 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

12:22:20.0484 3340 MSKSSRV - ok

12:22:20.0515 3340 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

12:22:20.0515 3340 MSPCLOCK - ok

12:22:20.0531 3340 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

12:22:20.0531 3340 MSPQM - ok

12:22:20.0546 3340 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

12:22:20.0562 3340 mssmbios - ok

12:22:20.0625 3340 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

12:22:20.0625 3340 Mup - ok

12:22:20.0687 3340 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

12:22:20.0703 3340 napagent - ok

12:22:20.0765 3340 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

12:22:20.0765 3340 NDIS - ok

12:22:20.0812 3340 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

12:22:20.0812 3340 NdisTapi - ok

12:22:20.0843 3340 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

12:22:20.0843 3340 Ndisuio - ok

12:22:20.0890 3340 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

12:22:20.0890 3340 NdisWan - ok

12:22:20.0953 3340 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

12:22:20.0953 3340 NDProxy - ok

12:22:21.0015 3340 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll

12:22:21.0015 3340 Net Driver HPZ12 - ok

12:22:21.0078 3340 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl.sys

12:22:21.0078 3340 Netaapl - ok

12:22:21.0109 3340 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

12:22:21.0109 3340 NetBIOS - ok

12:22:21.0156 3340 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

12:22:21.0156 3340 NetBT - ok

12:22:21.0203 3340 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

12:22:21.0218 3340 NetDDE - ok

12:22:21.0234 3340 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

12:22:21.0234 3340 NetDDEdsdm - ok

12:22:21.0250 3340 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

12:22:21.0250 3340 Netlogon - ok

12:22:21.0296 3340 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

12:22:21.0296 3340 Netman - ok

12:22:21.0359 3340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

12:22:21.0406 3340 NetTcpPortSharing - ok

12:22:21.0453 3340 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

12:22:21.0453 3340 Nla - ok

12:22:21.0500 3340 [ 03BBA4DEDEFB48C510061529651B453A ] nocashio C:\WINDOWS\system32\drivers\nocashio.sys

12:22:21.0500 3340 nocashio - ok

12:22:21.0531 3340 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

12:22:21.0531 3340 Npfs - ok

12:22:21.0593 3340 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

12:22:21.0625 3340 Ntfs - ok

12:22:21.0640 3340 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

12:22:21.0656 3340 NtLmSsp - ok

12:22:21.0718 3340 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

12:22:21.0765 3340 NtmsSvc - ok

12:22:21.0781 3340 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

12:22:21.0781 3340 Null - ok

12:22:21.0828 3340 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

12:22:21.0828 3340 NwlnkFlt - ok

12:22:21.0859 3340 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

12:22:21.0859 3340 NwlnkFwd - ok

12:22:21.0906 3340 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

12:22:21.0906 3340 Parport - ok

12:22:21.0921 3340 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

12:22:21.0921 3340 PartMgr - ok

12:22:21.0984 3340 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

12:22:22.0000 3340 ParVdm - ok

12:22:22.0046 3340 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

12:22:22.0046 3340 PCI - ok

12:22:22.0062 3340 PCIDump - ok

12:22:22.0078 3340 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys

12:22:22.0078 3340 PCIIde - ok

12:22:22.0140 3340 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys

12:22:22.0156 3340 Pcmcia - ok

12:22:22.0156 3340 PDCOMP - ok

12:22:22.0171 3340 PDFRAME - ok

12:22:22.0187 3340 PDRELI - ok

12:22:22.0203 3340 PDRFRAME - ok

12:22:22.0203 3340 perc2 - ok

12:22:22.0218 3340 perc2hib - ok

12:22:22.0296 3340 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

12:22:22.0296 3340 PlugPlay - ok

12:22:22.0328 3340 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll

12:22:22.0328 3340 Pml Driver HPZ12 - ok

12:22:22.0343 3340 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

12:22:22.0343 3340 PolicyAgent - ok

12:22:22.0359 3340 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

12:22:22.0375 3340 PptpMiniport - ok

12:22:22.0375 3340 ProcObsrv - ok

12:22:22.0390 3340 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

12:22:22.0390 3340 ProtectedStorage - ok

12:22:22.0406 3340 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

12:22:22.0406 3340 PSched - ok

12:22:22.0421 3340 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

12:22:22.0437 3340 Ptilink - ok

12:22:22.0500 3340 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

12:22:22.0500 3340 PxHelp20 - ok

12:22:22.0515 3340 ql1080 - ok

12:22:22.0531 3340 Ql10wnt - ok

12:22:22.0531 3340 ql12160 - ok

12:22:22.0546 3340 ql1240 - ok

12:22:22.0562 3340 ql1280 - ok

12:22:22.0578 3340 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

12:22:22.0578 3340 RasAcd - ok

12:22:22.0609 3340 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

12:22:22.0625 3340 RasAuto - ok

12:22:22.0671 3340 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys

12:22:22.0671 3340 Rasirda - ok

12:22:22.0703 3340 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

12:22:22.0703 3340 Rasl2tp - ok

12:22:22.0765 3340 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

12:22:22.0765 3340 RasMan - ok

12:22:22.0796 3340 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

12:22:22.0796 3340 RasPppoe - ok

12:22:22.0796 3340 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

12:22:22.0796 3340 Raspti - ok

12:22:22.0828 3340 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

12:22:22.0828 3340 Rdbss - ok

12:22:22.0843 3340 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

12:22:22.0843 3340 RDPCDD - ok

12:22:22.0921 3340 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

12:22:22.0921 3340 rdpdr - ok

12:22:22.0984 3340 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

12:22:23.0000 3340 RDPWD - ok

12:22:23.0031 3340 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

12:22:23.0031 3340 RDSessMgr - ok

12:22:23.0046 3340 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

12:22:23.0046 3340 redbook - ok

12:22:23.0078 3340 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

12:22:23.0078 3340 RemoteAccess - ok

12:22:23.0109 3340 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

12:22:23.0109 3340 RemoteRegistry - ok

12:22:23.0140 3340 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys

12:22:23.0140 3340 RFCOMM - ok

12:22:23.0171 3340 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

12:22:23.0171 3340 RpcLocator - ok

12:22:23.0218 3340 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

12:22:23.0234 3340 RpcSs - ok

12:22:23.0296 3340 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

12:22:23.0296 3340 RSVP - ok

12:22:23.0343 3340 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

12:22:23.0343 3340 SamSs - ok

12:22:23.0406 3340 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

12:22:23.0421 3340 SCardSvr - ok

12:22:23.0484 3340 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

12:22:23.0484 3340 Schedule - ok

12:22:23.0531 3340 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

12:22:23.0531 3340 Secdrv - ok

12:22:23.0578 3340 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

12:22:23.0578 3340 seclogon - ok

12:22:23.0593 3340 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

12:22:23.0609 3340 SENS - ok

12:22:23.0625 3340 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

12:22:23.0625 3340 serenum - ok

12:22:23.0640 3340 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

12:22:23.0640 3340 Serial - ok

12:22:23.0734 3340 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys

12:22:23.0734 3340 Sfloppy - ok

12:22:23.0796 3340 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

12:22:23.0812 3340 SharedAccess - ok

12:22:23.0828 3340 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

12:22:23.0843 3340 ShellHWDetection - ok

12:22:23.0843 3340 Simbad - ok

12:22:24.0171 3340 [ EB17DF573B4423DF0B3B2EE3B268A6DE ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

12:22:24.0343 3340 Skype C2C Service - ok

12:22:24.0421 3340 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

12:22:24.0437 3340 SkypeUpdate - ok

12:22:24.0515 3340 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys

12:22:24.0515 3340 SMCIRDA - ok

12:22:24.0531 3340 Sparrow - ok

12:22:24.0578 3340 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

12:22:24.0578 3340 splitter - ok

12:22:24.0625 3340 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

12:22:24.0640 3340 Spooler - ok

12:22:24.0656 3340 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

12:22:24.0671 3340 sr - ok

12:22:24.0750 3340 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

12:22:24.0750 3340 srservice - ok

12:22:24.0828 3340 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

12:22:24.0859 3340 Srv - ok

12:22:24.0921 3340 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

12:22:24.0921 3340 SSDPSRV - ok

12:22:24.0968 3340 [ 305CC42945A713347F978D78566113F3 ] STAC97 C:\WINDOWS\system32\drivers\STAC97.sys

12:22:24.0968 3340 STAC97 - ok

12:22:25.0000 3340 Steam Client Service - ok

12:22:25.0031 3340 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys

12:22:25.0031 3340 StillCam - ok

12:22:25.0093 3340 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

12:22:25.0109 3340 stisvc - ok

12:22:25.0125 3340 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

12:22:25.0125 3340 swenum - ok

12:22:25.0156 3340 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

12:22:25.0156 3340 swmidi - ok

12:22:25.0171 3340 SwPrv - ok

12:22:25.0171 3340 symc810 - ok

12:22:25.0187 3340 symc8xx - ok

12:22:25.0187 3340 sym_hi - ok

12:22:25.0203 3340 sym_u3 - ok

12:22:25.0218 3340 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

12:22:25.0218 3340 sysaudio - ok

12:22:25.0250 3340 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

12:22:25.0265 3340 SysmonLog - ok

12:22:25.0296 3340 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

12:22:25.0312 3340 TapiSrv - ok

12:22:25.0375 3340 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

12:22:25.0375 3340 Tcpip - ok

12:22:25.0421 3340 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

12:22:25.0421 3340 TDPIPE - ok

12:22:25.0437 3340 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

12:22:25.0437 3340 TDTCP - ok

12:22:25.0484 3340 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

12:22:25.0484 3340 TermDD - ok

12:22:25.0515 3340 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

12:22:25.0515 3340 TermService - ok

12:22:25.0546 3340 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

12:22:25.0546 3340 Themes - ok

12:22:25.0609 3340 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

12:22:25.0609 3340 TlntSvr - ok

12:22:25.0625 3340 TosIde - ok

12:22:25.0671 3340 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

12:22:25.0671 3340 TrkWks - ok

12:22:25.0718 3340 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

12:22:25.0718 3340 Udfs - ok

12:22:25.0734 3340 UIUSys - ok

12:22:25.0750 3340 ultra - ok

12:22:25.0812 3340 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

12:22:25.0812 3340 Update - ok

12:22:25.0859 3340 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

12:22:25.0859 3340 upnphost - ok

12:22:25.0890 3340 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

12:22:25.0890 3340 UPS - ok

12:22:25.0937 3340 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys

12:22:25.0953 3340 USBAAPL - ok

12:22:26.0000 3340 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

12:22:26.0000 3340 usbccgp - ok

12:22:26.0015 3340 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

12:22:26.0031 3340 usbehci - ok

12:22:26.0078 3340 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

12:22:26.0078 3340 usbhub - ok

12:22:26.0125 3340 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

12:22:26.0125 3340 usbprint - ok

12:22:26.0156 3340 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

12:22:26.0156 3340 usbscan - ok

12:22:26.0203 3340 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

12:22:26.0203 3340 USBSTOR - ok

12:22:26.0234 3340 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

12:22:26.0234 3340 usbuhci - ok

12:22:26.0265 3340 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

12:22:26.0265 3340 VgaSave - ok

12:22:26.0281 3340 ViaIde - ok

12:22:26.0296 3340 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

12:22:26.0296 3340 VolSnap - ok

12:22:26.0375 3340 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

12:22:26.0390 3340 VSS - ok

12:22:26.0531 3340 [ A22ABD73E0D6BA666CBA4E86EEB001B3 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys

12:22:26.0625 3340 w29n51 - ok

12:22:26.0703 3340 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

12:22:26.0703 3340 W32Time - ok

12:22:26.0734 3340 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

12:22:26.0734 3340 Wanarp - ok

12:22:26.0796 3340 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys

12:22:26.0828 3340 Wdf01000 - ok

12:22:26.0843 3340 WDICA - ok

12:22:26.0906 3340 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

12:22:26.0906 3340 wdmaud - ok

12:22:26.0921 3340 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

12:22:26.0921 3340 WebClient - ok

12:22:27.0015 3340 [ 0C5B9CF1BDF998750D9C5EEB5F8C55AC ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

12:22:27.0062 3340 winachsf - ok

12:22:27.0140 3340 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe

12:22:27.0140 3340 WinDefend - ok

12:22:27.0265 3340 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

12:22:27.0265 3340 winmgmt - ok

12:22:27.0390 3340 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

12:22:27.0390 3340 WmdmPmSN - ok

12:22:27.0468 3340 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

12:22:27.0500 3340 Wmi - ok

12:22:27.0578 3340 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

12:22:27.0578 3340 WmiApSrv - ok

12:22:27.0687 3340 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

12:22:27.0750 3340 WMPNetworkSvc - ok

12:22:27.0828 3340 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

12:22:27.0906 3340 WPFFontCache_v0400 - ok

12:22:27.0953 3340 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\System32\wscsvc.dll

12:22:27.0953 3340 wscsvc - ok

12:22:27.0953 3340 WSearch - ok

12:22:27.0984 3340 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

12:22:28.0015 3340 wuauserv - ok

12:22:28.0031 3340 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

12:22:28.0046 3340 WudfPf - ok

12:22:28.0046 3340 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

12:22:28.0046 3340 WudfRd - ok

12:22:28.0078 3340 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

12:22:28.0093 3340 WudfSvc - ok

12:22:28.0156 3340 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

12:22:28.0187 3340 WZCSVC - ok

12:22:28.0234 3340 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

12:22:28.0250 3340 xmlprov - ok

12:22:28.0296 3340 ================ Scan global ===============================

12:22:28.0328 3340 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

12:22:28.0406 3340 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll

12:22:28.0453 3340 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll

12:22:28.0468 3340 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

12:22:28.0484 3340 [Global] - ok

12:22:28.0484 3340 ================ Scan MBR ==================================

12:22:28.0515 3340 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0

12:22:28.0890 3340 \Device\Harddisk0\DR0 - ok

12:22:28.0890 3340 ================ Scan VBR ==================================

12:22:28.0890 3340 [ 5FFDAB0C433F77ABCADA5FE6B6C754BD ] \Device\Harddisk0\DR0\Partition1

12:22:28.0906 3340 \Device\Harddisk0\DR0\Partition1 - ok

12:22:28.0906 3340 ============================================================

12:22:28.0906 3340 Scan finished

12:22:28.0906 3340 ============================================================

12:22:28.0921 2704 Detected object count: 0

12:22:28.0921 2704 Actual detected object count: 0

 



#4 buddzoo

buddzoo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 02 July 2013 - 11:50 AM

Even as I am going through these steps i've got random websites popping up. :-(

 

ADWCLEANER LOG:

# AdwCleaner v2.303 - Logfile created 07/02/2013 at 12:28:07
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Valued Customer - LATITUDE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Valued Customer\desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [13676 octets] - [24/06/2013 18:08:39]
AdwCleaner[R2].txt - [1161 octets] - [01/07/2013 02:29:15]
AdwCleaner[R3].txt - [1281 octets] - [01/07/2013 23:16:27]
AdwCleaner[R4].txt - [1342 octets] - [01/07/2013 23:21:24]
AdwCleaner[S1].txt - [13153 octets] - [24/06/2013 18:20:43]
AdwCleaner[S2].txt - [1609 octets] - [24/06/2013 18:39:55]
AdwCleaner[S3].txt - [1227 octets] - [01/07/2013 02:30:25]
AdwCleaner[S4].txt - [1407 octets] - [01/07/2013 23:21:56]
AdwCleaner[S5].txt - [1323 octets] - [02/07/2013 12:28:07]
 
########## EOF - C:\AdwCleaner[S5].txt - [1383 octets] ##########
 

 



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:06 AM

Posted 02 July 2013 - 11:56 AM

Don't forget TDSSKiller.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 buddzoo

buddzoo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 02 July 2013 - 01:43 PM

Running ESET Online Scanner per instructions.  It says "Another antivirus software was detected. This may affect the performance and quality of the scan." The list says Vendor - Microsoft, but there is no product name. I went into Task Manager processes and I can't see anything the looks obvious so I am not sure what is running.

 

Here is the only thing the scanner found:

C:\Program Files\Savings Explorer\Savings Explorer.dll a variant of Win32/Toolbar.CrossRider.A application cleaned by deleting - quarantined
 

 

 



#7 buddzoo

buddzoo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 02 July 2013 - 01:57 PM

This was the TDSSKiller File. I ran it in the order advised, just forgot to post it.

 

14:44:46.0656 4976  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:44:47.0093 4976  ============================================================
14:44:47.0093 4976  Current date / time: 2013/07/02 14:44:47.0093
14:44:47.0093 4976  SystemInfo:
14:44:47.0093 4976  
14:44:47.0093 4976  OS Version: 5.1.2600 ServicePack: 3.0
14:44:47.0093 4976  Product type: Workstation
14:44:47.0093 4976  ComputerName: LATITUDE
14:44:47.0093 4976  UserName: Valued Customer
14:44:47.0093 4976  Windows directory: C:\WINDOWS
14:44:47.0093 4976  System windows directory: C:\WINDOWS
14:44:47.0093 4976  Processor architecture: Intel x86
14:44:47.0093 4976  Number of processors: 1
14:44:47.0093 4976  Page size: 0x1000
14:44:47.0093 4976  Boot type: Normal boot
14:44:47.0093 4976  ============================================================
14:44:49.0593 4976  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:44:49.0625 4976  ============================================================
14:44:49.0625 4976  \Device\Harddisk0\DR0:
14:44:49.0625 4976  MBR partitions:
14:44:49.0625 4976  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
14:44:49.0625 4976  ============================================================
14:44:49.0640 4976  C: <-> \Device\Harddisk0\DR0\Partition1
14:44:49.0640 4976  ============================================================
14:44:49.0640 4976  Initialize success
14:44:49.0640 4976  ============================================================


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:06 AM

Posted 02 July 2013 - 04:05 PM

Disable all addons in your browser and see.

Looks like only half of it look at the bottom and see if it found anything.

Edited by boopme, 02 July 2013 - 04:06 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users