Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ICE Crime Center Virus


  • This topic is locked This topic is locked
17 replies to this topic

#1 dollarunderwater

dollarunderwater

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 23 March 2014 - 01:48 PM

Hello there,

 

my computer was recently hit with the ICE Crime Center/Money Pack Virus and I have been unable to find any appropriate means to remove it. The virus is such that it will not allow me to access my computer desktop or even enter my computer through any safe mode. It is an old toshiba satelite running on XP.

 

I noticed a recent user (http://www.bleepingcomputer.com/forums/t/526306/ice-cyber-crime-center-virus/?hl=+ice%20+virus) encountered the same issue as myself and I tried following those similar steps but to no avail. Based on that forum, i followed the steps and have xPUD on a disc and driver.sh on a flash drive and have produced the following report and restore logs:

 

Repot:

Wed Mar 19 20:11:55 UTC 2014
Driver report for /mnt/sda1/WINDOWS/system32/drivers
0c0004ced8a90d09e6a59bd389ca6799 CSIIDecoder_kern_i386.sys has NO Company Name!
7147b0575bcc93a6ab7d5c90f47c0b9f tbiosdrv.sys has NO Company Name!
4011a07b10a320e2f227c4572c468184 TSXT_kern_i386.sys has NO Company Name!

c1536905ad2067812a238bce998f4bff  1394bus.sys
Microsoft Corporation

9859c0f6936e723e4892d7141b1327d5  acpiec.sys
Microsoft Corporation

8fd99680a539792a30e97944fdaecf17  acpi.sys
Microsoft Corporation

8bed39e3c35d6a489438b8141717a557  aec.sys
Microsoft Corporation

12dafd934641dcf61e446313bc261ec2  AegisP.sys
Meetinghouse Data Communications

1e44bc1e83d8fd2305f8d452db109cf9  afd.sys
Microsoft Corporation

08fd04aa961bdc77fb983f328334e3d7  agp440.sys
Microsoft Corporation

03a7e0922acfe1b07d5db2eeb0773063  agpcpq.sys
Microsoft Corporation

b3192376c7a3814b5341efc2202022f8  AGRSM.sys
Agere Systems

cb08aed0de2dd889a8a820cd8082d83c  alim1541.sys
Microsoft Corporation

95b4fb835e28aa1336ceeb07fd5b9398  amdagp.sys
Advanced Micro Devices

d7701d7e72243286cc88c9973d891057  amdk6.sys
Microsoft Corporation

8fce268cdbdd83b23419d1f35f42c7b1  amdk7.sys
Microsoft Corporation

b5b8a80875c1dededa8b02765642c32f  arp1394.sys
Microsoft Corporation

d880831279ed91f9a4190a2db9539ea9  asctrm.sys
Windows DDK provider

b153affac761e7f5fcfa822b9c4e97bc  asyncmac.sys
Microsoft Corporation

9f3a2f5aa6875c72bf062c712cfa2674  atapi.sys
Microsoft Corporation

d649c57da6fa762c64013747e5d7d2d6  ati1btxx.sys
ATI Technologies

60b6aa2dc1521da343f781b70eb7895a  ati1mdxx.sys
ATI Technologies

6fdc61e8e8e17f6ecc2d9a10fa8df347  ati1pdxx.sys
ATI Technologies

9d318099bf3876a4af4bc75966d27603  ati1raxx.sys
ATI Technologies

bcaf267b10620f8c93f6e87ab726e145  ati1rvxx.sys
ATI Technologies

dac7d785cf62f5bd41441e9d6f5a6efe  ati1snxx.sys
ATI Technologies

f7706dae7d101f1b19ce552d772ebfce  ati1ttxx.sys
ATI Technologies

6f714b4720dd80ffa9f8d2731594ea4c  ati1tuxx.sys
ATI Technologies

67ffbc158dd4d27ba3fc92c6acd87f73  ati1xbxx.sys
ATI Technologies

0d8cab1f08f7d3c4de228b49e12e596a  ati1xsxx.sys
ATI Technologies

2d030c2f6b036ca0bc243e1b16d924d1  ati2mtaa.sys
ATI Technologies

8759322ffc1a50569c1e5528ee8026b7  ati2mtag.sys
ATI Technologies

993e7bd6438fe989e328c6b4bca246a9  atinbtxx.sys
ATI Technologies

ed4c2bf8403f4437987c0ba09cf48716  atinmdxx.sys
ATI Technologies

e90ac2b14e98f1a4372e5891b4278784  atinpdxx.sys
ATI Technologies

da36687d701c833430605a298731410b  atinraxx.sys
ATI Technologies

a7a01b907db63898d40b0a14248ff9a2  atinrvxx.sys
ATI Technologies

ceddee2e0591894d19654d458fd3b9be  atinsnxx.sys
ATI Technologies

d80a8f6c0a717446496c3a06d33b0d9c  atinttxx.sys
ATI Technologies

edd66332608d27f4fd5069bcd0bc5164  atintuxx.sys
ATI Technologies

3e7d485cbd0b0d9f6ea2ad9442411831  atinxbxx.sys
ATI Technologies

77b575d7aab35d5908ae6ce681608d62  atinxsxx.sys
ATI Technologies

9916c1225104ba14794209cfa8012159  atmarpc.sys
Microsoft Corporation

39a0a59180f19946374275745b21aeba  atmepvc.sys
Microsoft Corporation

ae76348a2605fb197fa8ff1d6f547836  atmlane.sys
Microsoft Corporation

e7ef69b38d17ba01f914ae8f66216a38  atmuni.sys
Microsoft Corporation

80d86c0fdd38d60bb9aaa6a107b876a0  atwpkt2.sys
America Online

d9f724aa26c010a217c97606b160ed68  audstub.sys
Microsoft Corporation

0d93976f7801b7fcd8135cc77257bbd0  battc.sys
Microsoft Corporation

da1f27d85e0d1525f6621372e7b685e9  beep.sys
Microsoft Corporation

f934d1b230f84e1d19dd00ac5a7a83ed  bridge.sys
Microsoft Corporation

b279426e3c0c344893ed78a613a73bde  bthenum.sys
Microsoft Corporation

fca6f069597b62d42495191ace3fc6c1  bthmodem.sys
Microsoft Corporation

80602b8746d3738f5886ce3d67ef06b6  bthpan.sys
Microsoft Corporation

662bfd909447dd9cc15b1a1c366583b4  bthport.sys
Microsoft Corporation

bb68cebffd181e18a26112d1b9f90f3d  bthprint.sys
Microsoft Corporation

61364cd71ef63b0f038b7e9df00f1efa  bthusb.sys
Microsoft Corporation

90a673fc8e12a79afbed2576f6a7aaf9  cbidf2k.sys
Microsoft Corporation

c1b486a7658353d33a10cc15211a873b  cdaudio.sys
Microsoft Corporation

c885b02847f5d2fd45a24e219ed93b32  cdfs.sys
Microsoft Corporation

c3e76b0c05ebf7261abfb08d9e75822e  cdr4_xp.sys
Sonic Solutions

17590dfe29e02842a6e3a463e443d1b9  cdralw2k.sys
Sonic Solutions

1f4260cc5b42272d71f79e570a27a4fe  cdrom.sys
Microsoft Corporation

b562592b7f5759c99e179ca467ecfb4c  cinemst2.sys
Ravisent Technologies

fe47dd8fe6d7768ff94ebec6c74b2719  classpnp.sys
Microsoft Corporation

0f6c187d38d98f8df904589a5f94d411  cmbatt.sys
Microsoft Corporation

6e4c9f21f0fae8940661144f41b13203  compbatt.sys
Microsoft Corporation

9624293e55ad405415862b504ca95b73  cpqdap01.sys
Compaq Computer Corp

f50d9bdbb25cce075e514dc07472a22f  crusoe.sys
Microsoft Corporation

0c0004ced8a90d09e6a59bd389ca6799  CSIIDecoder_kern_i386.sys

e65e2353a5d74ea89971cb918eeeb2f6  diskdump.sys
Microsoft Corporation

044452051f3e02e7963599fc8f4f3e25  disk.sys
Microsoft Corporation

d979bebcf7edcc9c9ee1857d1a68c67b  DLACDBHM.SYS
Sonic Solutions

7ee0852ae8907689df25049dcd2342e8  DLARTL_N.SYS
Sonic Solutions

d992fe1274bde0f84ad826acae022a41  dmboot.sys
Microsoft Corp

7c824cf7bbde77d95c08005717a95f6f  dmio.sys
Microsoft Corp

e9317282a63ca4d188c0df5e09c6ac5f  dmload.sys
Microsoft Corp

8a208dfcf89792a484e76c40e5f50b45  dmusic.sys
Microsoft Corporation

8f5fcff8e8848afac920905fbd9d33c8  drmkaud.sys
Microsoft Corporation

6cb08593487f5701d2d2254e693eafce  drmk.sys
Microsoft Corporation

fd0f95981fef9073659d8ec58e40aa3c  DRVMCDB.SYS
Sonic Solutions

b4869d320428cdc5ec4d7f5e808e99b5  DRVNDDM.SYS
Sonic Solutions

fe97d0343acfdebdd578fc67cc91fa87  dxapi.sys
Microsoft Corporation

ac7280566a7bb85cb3291f04ddc1198e  dxg.sys
Microsoft Corporation

a73f5d6705b1d820c19b18782e176efd  dxgthk.sys
Microsoft Corporation

2646883e6dd867cd872d5b51b6036710  e100b325.sys
Intel Corporation

e1fa10ed8f9f700c1be1eae05a80ef57  e1e5132.sys
Intel Corporation

80d1b490b60e74e002dc116ec5d41748  enum1394.sys
Microsoft Corporation

38d332a6d56af32635675f132548343e  fastfat.sys
Microsoft Corporation

92cdd60b6730b9f50f6a1a0c1f8cdc81  fdc.sys
Microsoft Corporation

d45926117eb9fa946a6af572fbe1caa3  fips.sys
Microsoft Corporation

9d27e7b80bfcdf1cdd9b555862d5e7f0  flpydisk.sys
Microsoft Corporation

b2cf4b0786f8212cb92ed2b50c6db6b0  fltmgr.sys
Microsoft Corporation

3e1e2bd4f39b0e2b7dc4f4d2bcc2779a  fs_rec.sys
Microsoft Corporation

455f778ee14368468560bd7cb8c854d0  fsvga.sys
Microsoft Corporation

6ac26732762483366c3969c9e4d2259d  ftdisk.sys
Microsoft Corporation

3a74c423cf6bcca6982715878f450a3b  gagp30kx.sys
Microsoft Corporation

573c7d0a32852b48f3058cfd8026f511  hdaudbus.sys
Windows Server DDK provider

2a013e7530beab6e569faa83f517e836  Hdaudio.sys
Windows Server DDK provider

7bd2de4c85eb4241eed57672b16a7d8d  hidbth.sys
Microsoft Corporation

1af592532532a402ed7c060f6954004f  hidclass.sys
Microsoft Corporation

bb1a6fb7d35a91e599973fa74a619056  hidir.sys
Microsoft Corporation

c569ef030b11f896e123a30ac92678db  hidparse.sys
Microsoft Corporation

970178e8e003eb1481293830069624b9  hsfbs2s2.sys
Conexant

1225ebea76aac3c84df6c54fe5e5d8be  hsfcxts2.sys
Conexant

ebb354438a4c5a3327fb97306260714a  hsfdpsp2.sys
Conexant

f80a415ef82cd06ffaf0d971528ead38  http.sys
Microsoft Corporation

4a0b06aa8943c1e332520f7440c0aa30  i8042prt.sys
Microsoft Corporation

bc1f1ff8d5800398937966cdb0a97fdc  ialmnt5.sys
Intel Corporation

083a052659f5310dd8b6a6cb05edcf8e  imapi.sys
Microsoft Corporation

8c953733d8f36eb2133f5bb58808b66b  intelppm.sys
Microsoft Corporation

3bb22519a194418d5fec05d800a19ad0  ip6fw.sys
Microsoft Corporation

731f22ba402ee4b62748adaf6363c182  ipfltdrv.sys
Microsoft Corporation

b87ab476dcf76e72010632b5550955f5  ipinip.sys
Microsoft Corporation

cc748ea12c6effde940ee98098bf96bb  ipnat.sys
Microsoft Corporation

23c74d75e36e7158768dd63d92789a91  ipsec.sys
Microsoft Corporation

4f9694bdefc1f0629704a1e2b7b96a66  irbus.sys
Microsoft Corporation

c93c9ff7b04d772627a3646d89f7bf89  irenum.sys
Microsoft Corporation

05a299ec56e52649b1cf2fc52d20f2d7  isapnp.sys
Microsoft Corporation

f59c3569a2f2c464bb78cb1bdcdca55e  iviaspi.sys
InterVideo

463c1ec80cd17420a542b7f36a36f128  kbdclass.sys
Microsoft Corporation

692bcf44383d056aed41b045a323d378  kmixer.sys
Microsoft Corporation

00c1ea8decf810b8eccb5c5a8186a96e  KR10N.sys
H`VS_VERSION_INFOr?a"StringFileInfobHCompanyNameTOSHIBACORPORATIONPFileDescriptionTOSHIBARAIDDrivernFileVersion..t(LegalCopyrightCOPYRIGHT-TOSHIBACORPORATION<nOriginalFilenameKRN.sys:rProductNameTOSHIBARAID.ProductVersion.DVarFileInfo$Translationt*

b467646c54cc746128904e1654c750c1  ksecdd.sys
Microsoft Corporation

0753515f78df7f271a5e61c20bcd36a1  ks.sys
Microsoft Corporation

d1f8be91ed4ddb671d42e473e3fe71ab  mcd.sys
Microsoft Corporation

195741aee20369980796b557358cd774  mdmxsdk.sys
Conexant

7efac183a25b30fb5d64cc9d484b1eb6  meiudf.sys
HVS_VERSION_INFOa?aStringFileInfobp(CompanyNameMatsubleepaElectricIndustrialCo.,Ltd.fFileDescriptionDVD-RAMUDFFileSystemDriverbFileVersion...LegalCopyright©MatsubleepaElectricIndustrialCo.,Ltd.->vOriginalFilenamemeiudf.sysDVarFileInfo$Translationt|

a7da20ab18a1bdae28b0f349e57da0d1  mf.sys
Microsoft Corporation

7f2f1d2815a6449d346fcccbc569fbd6  mhndrv.sys
Microsoft Corporation

4ae068242760a1fb6e1a44bf4e16afa6  mnmdd.sys
Microsoft Corporation

dfcbad3cec1c5f964962ae10e0bcc8e1  modem.sys
Microsoft Corporation

35c9e97194c8cfb8430125f8dbc34d04  mouclass.sys
Microsoft Corporation

a80b9a0bad1b73637dbcbba7df72d3fd  mountmgr.sys
Microsoft Corporation

eee50bf24caeedb515a8f3b22756d3bb  mqac.sys
Microsoft Corporation

11d42bb6206f33fbb3ba0288d3ef81bd  mrxdav.sys
Microsoft Corporation

7d304a5eb4344ebeeab53a2fe3ffb9f0  mrxsmb.sys
Microsoft Corporation

c941ea2454ba8350021d774daf0f1027  msfs.sys
Microsoft Corporation

0a02c63c8b144bd8c86b103dee7c86a2  msgpc.sys
Microsoft Corporation

d1575e71568f4d9e14ca56b7b0453bf1  mskssrv.sys
Microsoft Corporation

325bb26842fc7ccc1fcce2c457317f3e  mspclock.sys
Microsoft Corporation

bad59648ba099da4a17680b39730cb3d  mspqm.sys
Microsoft Corporation

af5f4f3f14a8ea2c26de30f7a1e17136  mssmbios.sys
Microsoft Corporation

c53775780148884ac87c455489a0c070  mtlmnt5.sys
Smart Link

54886a652bf5685192141df304e923fd  mtlstrm.sys
Smart Link

6dda78a0be692b61b668fab860f276cf  mtxparhm.sys
Matrox Graphics

de6a75f5c270e756c5508d94b6cf68f5  mup.sys
Microsoft Corporation

b538dcd9816ea35fa4f637cfc261aaa8  mutohpen.sys
Microsoft Corporation

affd46144d763d9046673dd2d012cff9  naiavf5x.sys
McAfee

676db15ddf2e0ff6ec03068dea428b8b  NBSMI.sys
Toshiba Corporation

1df7f42665c94b825322fae71721130d  ndis.sys
Microsoft Corporation

0109c4f3850dfbab279542515386ae22  ndistapi.sys
Microsoft Corporation

f927a4434c5028758a842943ef1a3849  ndisuio.sys
Microsoft Corporation

edc1531a49c80614b2cfda43ca8659ab  ndiswan.sys
Microsoft Corporation

2f597bb467e05b1fe3830eabd821b8e0  ndproxy.sys
Microsoft Corporation

5d81cf9a2f1a3a756b66cf684911cdf0  netbios.sys
Microsoft Corporation

74b2b2f5bea5e9a3dc021d685551bd3d  netbt.sys
Microsoft Corporation

1265eb253ed4ebe4acb3bd5f548ff796  Netdevio.sys
Toshiba Corporation

e9e47cfb2d461fa0fc75b7a74c6383ea  nic1394.sys
Microsoft Corporation

be984d604d91c217355cdd3737aad25d  nikedrv.sys
Diamond Multimedia Systems

1e421a6bcf2203cc61b821ada9de878b  nmnt.sys
Microsoft Corporation

3182d64ae053d6fb034f44b6def8034a  npfs.sys
Microsoft Corporation

78a08dd6a8d65e697c18e1db01c5cdca  ntfs.sys
Microsoft Corporation

576b34ceae5b7e5d9fd2775e93b3db53  ntmtlfax.sys
Smart Link

73c1e1f395918bc2c6dd67af7591a3ad  null.sys
Microsoft Corporation

2b298519edbfcf451d43e0f1e8f1006d  nv4_mini.sys
NVIDIA Corporation

b305f3fad35083837ef46a0bbce2fc57  nwlnkflt.sys
Microsoft Corporation

c99b3415198d1aab7227f2c88fd664b9  nwlnkfwd.sys
Microsoft Corporation

8b8b1be2dba4025da6786c645f77f123  nwlnkipx.sys
Microsoft Corporation

56d34a67c05e94e16377c60609741ff8  nwlnknb.sys
Microsoft Corporation

c0bb7d1615e1acbdc99757f6ceaf8cf0  nwlnkspx.sys
Microsoft Corporation

36b9b950e3d2e100970a48d8bad86740  nwrdr.sys
Microsoft Corporation

ca33832df41afb202ee7aeb05145922f  ohci1394.sys
Microsoft Corporation

4bb30ddc53ebc76895e38694580cdfe9  oprghdlr.sys
Microsoft Corporation

c90018bafdc7098619a4a95b046b30f3  p3.sys
Microsoft Corporation

5575faf8f97ce5e713d108c2a58d7c7c  parport.sys
Microsoft Corporation

beb3ba25197665d82ec7065b724171c6  partmgr.sys
Microsoft Corporation

70e98b3fd8e963a6a46a2e6247e0bea1  parvdm.sys
Microsoft Corporation

ccf5f451bb1a5a2a522a76e670000ff0  pciide.sys
Microsoft Corporation

52e60f29221d0d1ac16737e8dbf7c3e9  pciidex.sys
Microsoft Corporation

a219903ccf74233761d92bef471a07b1  pci.sys
Microsoft Corporation

9e89ef60e9ee05e3f2eef2da7397f1c1  pcmcia.sys
Microsoft Corporation

444f122e68db44c0589227781f3c8b3f  pfc.sys
Padus

e82a496c3961efc6828b508c310ce98f  portcls.sys
Microsoft Corporation

a32bebaf723557681bfc6bd93e98bd26  processr.sys
Microsoft Corporation

09298ec810b07e5d582cb3a3f9255424  psched.sys
Microsoft Corporation

80d317bd1c3dbc5d4fe7b1678c60cadd  ptilink.sys
 Parallel Technologies

e42e3433dbb4cffe8fdd91eab29aea8e  pxhelp20.sys
Sonic Solutions

fe0d99d6f31e4fad8159f690d68ded9c  rasacd.sys
Microsoft Corporation

11b4a627bc9614b885c4969bfa5ff8a6  rasl2tp.sys
Microsoft Corporation

5bc962f2654137c9909c3d4603587dee  raspppoe.sys
Microsoft Corporation

efeec01b1d3cf84f16ddd24d9d9d8f99  raspptp.sys
Microsoft Corporation

fdbb1d60066fcfbb7452fd8f9829b242  raspti.sys
Microsoft Corporation

01524cd237223b18adbb48f70083f101  rawwan.sys
Microsoft Corporation

7ad224ad1a1437fe28d89cf22b17780a  rdbss.sys
Microsoft Corporation

4912d5b403614ce99c28420f75353332  rdpcdd.sys
Microsoft Corporation

15cabd0f7c00c47c70124907916af3f1  rdpdr.sys
Microsoft Corporation

43af5212bd8fb5ba6eed9754358bd8f7  rdpwd.sys
Microsoft Corporation

e9aaa0092d74a9d371659c4c38882e12  recagent.sys
Smart Link

f828dd7e1419b6653894a8f97a0094c5  redbook.sys
Microsoft Corporation

851c30df2807fcfa21e4c681a7d6440e  rfcomm.sys
Microsoft Corporation

a56fe08ec7473e8580a390bb1081cdd7  rio8drv.sys
Diamond Multimedia Systems

0a854df84c77a0be205bfeab2ae4f0ec  riodrv.sys
Diamond Multimedia Systems

96f7a9a7bf0c9c0440a967440065d33c  rmcast.sys
Microsoft Corporation

601844cbcf617ff8c868130ca5b2039d  rndismp.sys
Microsoft Corporation

726548542afeca56257ff01eb13bb6d7  rndismpx.sys
Microsoft Corporation

d8b0b4ade32574b2d9c5cc34dc0dbbe7  rootmdm.sys
Microsoft Corporation

b12a9fc49cd2765a43829d834f518aed  RtkHDAud.Sys
Realtek Semiconductor

1cc074e0d48383d4e9bffc6a26c2a58a  s24trans.sys
Intel Corporation

0dbcc071a268e0340a2ba6bdd98bace4  s3gnbm.sys
SGraphics

76c465f570e90c28942d52ccb2580a10  scsiport.sys
Microsoft Corporation

8d04819a3ce51b9eb47e5689b44d43c4  sdbus.sys
Microsoft Corporation

90a3935d05b494a5a39d37e71f09a677  secdrv.sys
Macrovision Corporation

0f29512ccd6bead730039fb4bd2c85ce  serenum.sys
Microsoft Corporation

cca207a8896d4c6a0c9ce29a4ae411a7  serial.sys
Microsoft Corporation

0fa803c64df0914b41f807ea276bf2a6  sffdisk.sys
Microsoft Corporation

d66d22d76878bf3483a6be30183fb648  sffp_mmc.sys
Microsoft Corporation

c17c331e435ed8737525c86a7557b3ac  sffp_sd.sys
Microsoft Corporation

8e6b8c671615d126fdc553d1e2de5562  sfloppy.sys
Microsoft Corporation

6b33d0ebd30db32e27d1d78fe946a754  sisagp.sys
Silicon Integrated Systems

d9673011648a71ed1e1f77b831bc85e6  slnt7554.sys
Smart Link

2c1779c0feb1f4a6033600305eba623a  slntamr.sys
Smart Link

f9b8e30e82ee95cf3e1d3e495599b99c  slnthal.sys
Smart Link

db56bb2c55723815cf549d7fc50cfceb  slwdmsup.sys
Smart Link

895be38a993b9bd5abbe570d63d88a2e  smbali.sys
Microsoft Corporation

017daecf0ed3aa731313433601ec40fa  smclib.sys
Microsoft Corporation

489703624dac94ed943c2abda022a1cd  sonydcam.sys
Microsoft Corporation

ab8b92451ecb048a4d1de7c3ffcb4a9f  splitter.sys
Microsoft Corporation

76bb022c2fb6902fd5bdd4f78fc13a5d  sr.sys
Microsoft Corporation

47ddfc2f003f7f9f0592c6874962a2e7  srv.sys
Microsoft Corporation

3e5d89099ded9e86e5639f411693218f  stream.sys
Microsoft Corporation

3941d127aef12e93addf6fe6ee027e0f  swenum.sys
Microsoft Corporation

8ce882bcc6cf8a62f2b2323d95cb3d01  swmidi.sys
Microsoft Corporation

e295fffff3aaf9a6a40b29497901908f  SynTP.sys
Synaptics

8b83f3ed0f1688b4958f77cd6d2bf290  sysaudio.sys
Microsoft Corporation

fd6093e3decd925f1cffc8a0dd539d72  tape.sys
Microsoft Corporation

7147b0575bcc93a6ab7d5c90f47c0b9f  tbiosdrv.sys

4e53bbcc4be37d7a4bd6ef1098c89ff7  tcpip6.sys
Microsoft Corporation

9aefa14bd6b182d61e3119fa5f436d3d  tcpip.sys
Microsoft Corporation

0539d5e53587f82d1b4fd74c5be205cf  tdi.sys
Microsoft Corporation

6471a66807f5e104e4885f5b67349397  tdpipe.sys
Microsoft Corporation

c56b6d0402371cf3700eb322ef3aaf61  tdtcp.sys
Microsoft Corporation

88155247177638048422893737429d9e  termdd.sys
Microsoft Corporation

244cfbffdefb77f3df571a8cd108fc06  tifm21.sys
Texas Instruments

78e9819e076b909541bd4a37f8f0668b  tosbtsd2.sys
Toshiba Corporation

142b91503c45c1a05a355414e13a51d1  tosdbt.sys
Toshiba Corporation

699450901c5ccfd82357cbc531cedd23  tosdvd.sys
Microsoft Corporation

e362d54fd394999c4178936396664e57  toshidpt.sys
Toshiba Corporation

d626e0af9232d8799d3a449530f3c220  tosporte.sys
Toshiba Corporation

294675c8e4316302efe14b1a1219d942  tosrfbd.sys
?baStringFileInfoBHCompanyNameTOSHIBACORPORATIONXFileDescriptionBluetoothRFBusDrivervFileVersion...bInternalNametosrfbd.sys|,LegalCopyrightCopyright©-,TOSHIBACORPORATION@bOriginalFilenametosrfbd.sysx,ProductNameBluetoothBUSDriver(WindowsXP,Windows):vProductVersion...DVarFileInfo$Translationt*

613e09572f4c5b92ca6be8bdc4cc5b7d  tosrfbnp.sys
Toshiba Corporation

5ba1ca3b3cddb1ddc67df473f05d1ec2  tosrfcom.sys
Toshiba Corporation

cc069342ee0eae55b32a0ae99cf6185c  tosrfec.sys
Toshiba Corporation

31b0145c289d2b3e3e9948345caa7b6f  tosrfhid.sys
Toshiba Corporation

ae5b75c86574a1bd0a093a9159f829f9  tosrflan.sys
Toshiba Corporation

c52fd27b9adf3a1f22cb90e6bcf9b0cb  tosrfnds.sys
Toshiba Corporation

87031831486f7ed4eafef27125bb56c8  tosrfpcc.sys
Toshiba Corporation

0d86d15caff2b3203c785d604ec7c942  tosrfsnd.sys
Toshiba Corporation

7414a6461bc83a22b0ae009ace3e375b  tosrfusb.sys
?aXStringFileInfobCommentsHCompanyNameTOSHIBACORPORATIONdFileDescriptionBluetoothUSBMiniportDriver<FileVersion,,,:rInternalNameTOSRFUSB.SYS|,LegalCopyrightCopyright©-,TOSHIBACORPORATION(LegalTrademarksBrOriginalFilenameTOSRFUSB.SYSPrivateBuildx,ProductNameMicrosoft®WindowsNT®OperatingSystem@ProductVersion,,,SpecialBuildDVarFileInfo$Translationt*

306e19413eadb0ca8842d5381a0354fc  tostrans.sys
Toshiba Corporation

d74a8ec75305f1d3cfde7c7fc1bd62a9  tsbvcap.sys
Toshiba Corporation

4011a07b10a320e2f227c4572c468184  TSXT_kern_i386.sys

8f861eda21c05857eb8197300a92501c  tunmp.sys
Microsoft Corporation

cc6763889198ef975b143d49789bcfa9  Tvs.sys
Toshiba Corporation

d85938f272d1bcf3db3a31fc0a048928  uagp35.sys
Microsoft Corporation

5787b80c2e3c5e2f56c2a233d91fa2c9  udfs.sys
Microsoft Corporation

402ddc88356b1bac0ee3dd1580c76a31  update.sys
Microsoft Corporation

2a7a8ad9d39a2faf9d9293b5daff3a4b  usb8023.sys
Microsoft Corporation

b4d7b7ad8a9f7c063c5cc3e2c1a0724e  usb8023x.sys
Microsoft Corporation

ce97845d2e3f0d274b8bac1ed07c6149  usbcamd2.sys
Microsoft Corporation

1c1a47b40c23358245aa8d0443b6935e  usbcamd.sys
Microsoft Corporation

04fe5ef6ed4818ec4839ea5c611a6310  usbd.sys
Microsoft Corporation

4bac8df07f1d8434fc640e677a62204e  usbehci.sys
Microsoft Corporation

1ab3cdde553b6e064d2e754efe20285c  usbhub.sys
Microsoft Corporation

290913dc4f1125e5a82de52579a44c43  usbintel.sys
Microsoft Corporation

6df35ca139c3bc15cc74390abb114efe  usbport.sys
Microsoft Corporation

a32426d9b14a089eaa1d922e0c5801a9  usbstor.sys
Microsoft Corporation

26496f9dee2d787fc3e61ad54821ffe6  usbuhci.sys
Microsoft Corporation

813236b1183cfcf289e367bd5de6e29e  usbvideo.sys
Microsoft Corporation

55e01061c74a8cefff58dc36114a8d3f  vdmindvd.sys
Ravisent Technologies

0d3a8fafceacd8b7625cd549757a7df1  vga.sys
Microsoft Corporation

754292ce5848b3738281b4f3607eaef4  viaagp.sys
Microsoft Corporation

e28726b72c46821a28830e077d39a55b  videoprt.sys
Microsoft Corporation

4c8fcb5cc53aab716d810740fe59d025  volsnap.sys
Microsoft Corporation

b1f126e7e28877106d60e6ff3998d033  w39n51.sys
Intel Corporation

aced8c149b30f8496c237bcba3727b48  wacompen.sys
Microsoft Corporation

0308aef61941e4af478fa1a0f83812f5  wadv07nt.sys
Intel Corporation

714038a8aa5de08e12062202cd7eaeb5  wadv08nt.sys
Intel Corporation

7bb3aa595e4507a788de1cdc63f4c8c4  wadv09nt.sys
Intel Corporation

36e6c405b6143d09687f4056fd9a0d10  wadv11nt.sys
Intel Corporation

e20b95baedb550f32dd489265c1da1f6  wanarp.sys
Microsoft Corporation

0a716c08cb13c3a8f4f51e882dbf7416  wanatw4.sys
America Online

352fa0e98bc461ce1ce5d41f64db558d  watv06nt.sys
Intel Corporation

791cc45de6e50445be72e8ad6401ff45  watv10nt.sys
Intel Corporation

6768acf64b18196494413695f0c3a00f  wdmaud.sys
Microsoft Corporation

2f31b7f954bed437f2c75026c65caf7b  wmilib.sys
Microsoft Corporation

2cb38f49f130b4b923652bc499d18c75  WOWHD_kern_i386.sys
tH`_VS_VERSION_INFOnStringFileInfob>CompanyNameSRSLabs,Inc.n#FileDescriptionWOWHDkernelmodeDLLforWindowsvFileVersion,,,HInternalNamewowhd_kern_i.sysh"LegalCopyrightCopyright©SRSLabs,Inc.HLegalTrademarksWOWHD,TruBassPOriginalFilenamewowhd_kern_i.sysb!ProductNameWOWHDKernelDLLforWindowsXP:vProductVersion,,,DVarFileInfo$Translationt*

bbaeaca1ffa3c86361cf0998474f6c3a  wpdusb.sys
Microsoft Corporation

6abe6e225adb5a751622a9cc3bc19ce8  ws2ifsl.sys
Microsoft Corporation

 

Restore(enum):

28.0M Mar 20  2014 /mnt/sda1/WINDOWS/system32/config/software
6.8M Mar 20  2014 /mnt/sda1/WINDOWS/system32/config/system

27.7M Nov 22 03:51 /sda1/~/RP147/~SOFTWARE
27.7M Nov 26 09:10 /sda1/~/RP148/~SOFTWARE
27.7M Nov 30 20:43 /sda1/~/RP149/~SOFTWARE
27.7M Dec 12 21:43 /sda1/~/RP150/~SOFTWARE
27.7M Dec 14 08:12 /sda1/~/RP151/~SOFTWARE
27.7M Dec 16 07:23 /sda1/~/RP152/~SOFTWARE
27.7M Dec 21 21:29 /sda1/~/RP153/~SOFTWARE
27.7M Jan  3 01:26 /sda1/~/RP154/~SOFTWARE
27.7M Jan 10 01:25 /sda1/~/RP155/~SOFTWARE
27.7M Jan 11 05:53 /sda1/~/RP156/~SOFTWARE
27.7M Jan 14 00:54 /sda1/~/RP157/~SOFTWARE
27.7M Jan 15 01:25 /sda1/~/RP158/~SOFTWARE
27.7M Jan 15 06:32 /sda1/~/RP159/~SOFTWARE
27.7M Jan 17 01:26 /sda1/~/RP160/~SOFTWARE
27.7M Jan 20 23:52 /sda1/~/RP161/~SOFTWARE
27.7M Jan 31 06:53 /sda1/~/RP162/~SOFTWARE
27.7M Feb  2 00:45 /sda1/~/RP163/~SOFTWARE
27.7M Feb  3 21:43 /sda1/~/RP164/~SOFTWARE
27.7M Feb  5 01:14 /sda1/~/RP165/~SOFTWARE
27.7M Feb  9 02:10 /sda1/~/RP166/~SOFTWARE
27.7M Feb 14 13:51 /sda1/~/RP167/~SOFTWARE
27.8M Feb 16 04:32 /sda1/~/RP168/~SOFTWARE
27.8M Feb 21 01:52 /sda1/~/RP169/~SOFTWARE
27.8M Mar  9 21:13 /sda1/~/RP170/~SOFTWARE
6.7M Nov 22 03:51 /sda1/~/RP147/~SYSTEM
6.7M Nov 26 09:10 /sda1/~/RP148/~SYSTEM
6.7M Nov 30 20:43 /sda1/~/RP149/~SYSTEM
6.7M Dec 12 21:43 /sda1/~/RP150/~SYSTEM
6.7M Dec 14 08:12 /sda1/~/RP151/~SYSTEM
6.7M Dec 16 07:23 /sda1/~/RP152/~SYSTEM
6.7M Dec 21 21:29 /sda1/~/RP153/~SYSTEM
6.7M Jan  3 01:26 /sda1/~/RP154/~SYSTEM
6.7M Jan 10 01:25 /sda1/~/RP155/~SYSTEM
6.7M Jan 11 05:53 /sda1/~/RP156/~SYSTEM
6.7M Jan 14 00:54 /sda1/~/RP157/~SYSTEM
6.7M Jan 15 01:25 /sda1/~/RP158/~SYSTEM
6.7M Jan 15 06:32 /sda1/~/RP159/~SYSTEM
6.7M Jan 17 01:26 /sda1/~/RP160/~SYSTEM
6.7M Jan 20 23:52 /sda1/~/RP161/~SYSTEM
6.7M Jan 31 06:53 /sda1/~/RP162/~SYSTEM
6.7M Feb  2 00:45 /sda1/~/RP163/~SYSTEM
6.7M Feb  3 21:43 /sda1/~/RP164/~SYSTEM
6.7M Feb  5 01:14 /sda1/~/RP165/~SYSTEM
6.7M Feb  9 02:10 /sda1/~/RP166/~SYSTEM
6.7M Feb 14 13:51 /sda1/~/RP167/~SYSTEM
6.7M Feb 16 04:32 /sda1/~/RP168/~SYSTEM
6.7M Feb 21 01:52 /sda1/~/RP169/~SYSTEM
6.7M Mar  9 21:13 /sda1/~/RP170/~SYSTEM

 

 

If there are other programs i should use instead or logs to run, please let me know.

I appreciate any help that you can provide.

Thank you so much for your time!



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 AM

Posted 23 March 2014 - 03:58 PM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

Kaspersky Windows Unlocker

  • Download Kaspersky Rescue Disk (iso)
  • Burn it to a cd or dvd, if you need a program to burn an ISO...use Active@ ISO Burner
  • Configure your computer to boot from CD/DVD
  • Note : If you do not know how to set your computer to boot from CD/DVD follow the steps here
  • Once you have the cd/DVD created, boot the computer up using it
  • Press any key to enter the menu
  • Select your language
  • Press 1 to accept the End User License Agreement
  • Select Kaspersky Rescue Disk. Graphic Mode
  • Click on the Start button located in the left bottom corner of the screen
  • Run Kaspersky WindowsUnlocker to remove Windows system and registry changes made by Metropolitan Police Virus Note: If you can't find Kaspersky WindowsUnlocker, go to Terminal instead > type > windowsunlocker > choose 1 - Unlock Windows > Enter

krd5.jpg


  • When it's done, click on the Start button and start Kaspersky Rescue Disk utility
  • Click on My Update Center tab and press Start to download the latest update
  • Next, select the Object Scan tab
  • Put a check next to C:\ and any other local drives
  • Then click Start Objects Scan
  • Quarantine any malware found
  • Restart your computer and see if it boots up normally.


Edited by TB-Psychotic, 23 March 2014 - 03:58 PM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 dollarunderwater

dollarunderwater
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 23 March 2014 - 06:31 PM

Hello TB-Psychotic,

Thank you for your assistance! I have currently run the program as instructed and it has allowed the computer to start up as normal.

Please let me know if there is any additional things I should do before continuing use of the computer. Thank you!

-Dollarunderwater

#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 AM

Posted 24 March 2014 - 10:43 AM

Let´s see if everything is gone:

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 dollarunderwater

dollarunderwater
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 24 March 2014 - 07:16 PM

hello TB-Psychotic,

 

FRST:

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(America Online) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
(America Online, Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Matsubleepa Electric Industrial Co., Ltd.) C:\WINDOWS\system32\DVDRAMSV.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe
(America Online Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
(McAfee, Inc) c:\program files\mcafee.com\agent\mcdetect.exe
(McAfee Inc.) C:\Program Files\McAfee.com\VSO\McShield.exe
(McAfee, Inc) C:\Program Files\McAfee.com\Agent\McTskshd.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
() c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corp.) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TDispVol.exe
(McAfee, Inc) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(TOSHIBA) C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Agere Systems) C:\Program Files\ltmoh\Ltmoh.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Tvs\TvsTray.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\DLACTRLW.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\VSO\mcvsshld.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\VSO\oasclnt.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\VSO\McVSEscn.exe
(Matsubleepa Electric Industrial Co., Ltd.) C:\WINDOWS\system32\RAMASST.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\Toshiba.exe
(Dropbox, Inc.) C:\Documents and Settings\Oscar Ramon\Application Data\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehmsas.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSBattM.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\VSO\mcvsftsn.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Documents and Settings\Oscar Ramon\Local Settings\Temporary Internet Files\Content.IE5\QKYLRGMS\FRST[1].exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TFncKy] - TFncKy.exe
HKLM\...\Run: [TDispVol] - C:\WINDOWS\system32\TDispVol.exe [73728 2005-03-11] (TOSHIBA Corporation)
HKLM\...\Run: [MCUpdateExe] - C:\Program Files\McAfee.com\Agent\mcupdate.exe [212992 2005-08-26] (McAfee, Inc)
HKLM\...\Run: [MCAgentExe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [303104 2005-09-22] (McAfee, Inc)
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [77824 2005-11-28] (Intel Corporation)
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [118784 2005-11-28] (Intel Corporation)
HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [THotkey] - C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [352256 2006-01-05] (TOSHIBA)
HKLM\...\Run: [SynTPLpr] - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [82009 2005-12-16] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761945 2005-12-16] (Synaptics, Inc.)
HKLM\...\Run: [LtMoh] - C:\Program Files\ltmoh\Ltmoh.exe [184320 2004-08-18] (Agere Systems)
HKLM\...\Run: [AGRSMMSG] - C:\WINDOWS\AGRSMMSG.exe [88203 2005-10-15] (Agere Systems)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe
HKLM\...\Run: [Tvs] - C:\Program Files\Toshiba\Tvs\TvsTray.exe [73728 2005-11-30] (TOSHIBA Corporation)
HKLM\...\Run: [TPSMain] - C:\WINDOWS\system32\TPSMain.exe [282624 2005-06-01] (TOSHIBA Corporation)
HKLM\...\Run: [PadTouch] - C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
HKLM\...\Run: [SmoothView] - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [122880 2005-04-26] (TOSHIBA Corporation)
HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\DLACTRLW.exe [122940 2005-10-06] (Sonic Solutions)
HKLM\...\Run: [Pinger] - c:\toshiba\ivp\ism\pinger.exe [151552 2005-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [VSOCheckTask] - C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe [151552 2005-07-08] (McAfee, Inc.)
HKLM\...\Run: [VirusScan Online] - C:\Program Files\McAfee.com\VSO\mcvsshld.exe [163840 2005-08-10] (McAfee, Inc.)
HKLM\...\Run: [OASClnt] - C:\Program Files\McAfee.com\VSO\oasclnt.exe [53248 2005-08-12] (McAfee, Inc.)
HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [667718 2005-12-05] (Intel Corporation)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [602182 2005-11-28] (Intel Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM\...\Run: [googletalk] - C:\Program Files\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-21-1175923822-3291912662-919389297-1005\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1175923822-3291912662-919389297-1005\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2004-12-30] (TOSHIBA)
HKU\S-1-5-21-1175923822-3291912662-919389297-1005\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe [814472 2013-06-12] (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
ShortcutTarget: RAMASST.lnk -> C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
Startup: C:\Documents and Settings\Oscar Ramon\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Oscar Ramon\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
Toolbar: HKLM - McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.sftp.com/dana-cached/sc/JuniperSetupClient.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

========================== Services (Whitelisted) =================

R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [10328 2004-10-20] (America Online)
R2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc)
R2 DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [110592 2004-08-28] (Matsubleepa Electric Industrial Co., Ltd.)
R2 McDetect.exe; c:\program files\mcafee.com\agent\mcdetect.exe [126976 2005-10-13] (McAfee, Inc)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 McShield; C:\Program Files\McAfee.com\VSO\McShield.exe [221184 2005-08-10] (McAfee Inc.)
R2 McTskshd.exe; C:\Program Files\McAfee.com\Agent\McTskshd.exe [122368 2005-08-24] (McAfee, Inc)
S3 mcupdmgr.exe; C:\Program Files\McAfee.com\Agent\mcupdmgr.exe [245760 2005-07-01] (McAfee, Inc)
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [540745 2005-11-28] (Intel Corporation )
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [40960 2005-07-12] ()
R2 TAPPSRV; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [35328 2005-12-20] (TOSHIBA Corp.)

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21275 2011-10-17] (Meetinghouse Data Communications)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2006-02-16] (Windows ® 2000 DDK provider)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-10-06] (Sonic Solutions)
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions)
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-10-06] (Sonic Solutions)
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86524 2005-10-06] (Sonic Solutions)
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-10-06] (Sonic Solutions)
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-10-06] (Sonic Solutions)
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions)
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-10-06] (Sonic Solutions)
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-10-06] (Sonic Solutions)
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.)
R1 meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [102384 2005-06-02] (Matsubleepa Electric Industrial Co.,Ltd.)
R3 NaiAvFilter1; C:\WINDOWS\System32\drivers\naiavf5x.sys [114464 2005-08-10] (McAfee Inc.)
R2 Netdevio; C:\WINDOWS\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.)
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13568 2005-11-28] (Intel Corporation)
R3 tbiosdrv; C:\WINDOWS\System32\DRIVERS\tbiosdrv.sys [9472 2005-08-24] ()
R3 TVALD; C:\WINDOWS\System32\DRIVERS\NBSMI.sys [6144 2005-10-20] (Toshiba Corporation)
R3 Tvs; C:\WINDOWS\System32\DRIVERS\Tvs.sys [43392 2005-11-30] (TOSHIBA Corporation)
R3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1428096 2005-12-04] (Intel® Corporation)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tosrfcom; C:\Windows\System32\Drivers\Tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2014-03-24 18:37 - 2014-03-24 18:38 - 00000000 ____D () C:\FRST
2014-03-24 18:22 - 2014-03-24 18:22 - 00000234 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-24 18:22 - 2014-03-24 18:22 - 00000228 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-24 18:21 - 2014-03-24 18:21 - 00000000 __SHD () C:\found.000
2014-03-24 01:19 - 2014-03-24 01:20 - 00011175 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-24 01:19 - 2014-03-24 01:19 - 00004428 _____ () C:\WINDOWS\KB2934207.log
2014-03-24 01:19 - 2014-03-24 01:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-24 01:19 - 2014-03-24 01:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-24 01:19 - 2014-03-24 01:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-24 00:17 - 2014-03-24 01:19 - 00008485 _____ () C:\WINDOWS\KB2929961.log
2014-03-24 00:16 - 2014-03-24 01:19 - 00009779 _____ () C:\WINDOWS\KB2930275.log
2014-03-23 23:58 - 2014-02-25 20:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-23 23:58 - 2014-02-25 20:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-09 11:31 - 2014-03-23 14:16 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-03-09 03:18 - 2014-03-19 23:08 - 95027928 ____T () C:\Documents and Settings\All Users\Application Data\7ee0jw8.fee

==================== One Month Modified Files and Folders =======

2014-03-24 18:38 - 2014-03-24 18:37 - 00000000 ____D () C:\FRST
2014-03-24 18:35 - 2006-02-15 09:04 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-24 18:29 - 2006-02-15 10:37 - 01805372 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-24 18:24 - 2013-10-17 22:22 - 00000000 ___RD () C:\Documents and Settings\Oscar Ramon\My Documents\Dropbox
2014-03-24 18:24 - 2013-10-17 22:16 - 00000000 ____D () C:\Documents and Settings\Oscar Ramon\Application Data\Dropbox
2014-03-24 18:22 - 2014-03-24 18:22 - 00000234 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-24 18:22 - 2014-03-24 18:22 - 00000228 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-24 18:22 - 2006-02-16 05:18 - 00000000 ____D () C:\WINDOWS\system32\DLA
2014-03-24 18:22 - 2006-02-15 10:42 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-24 18:22 - 2006-02-15 10:35 - 00000000 ____D () C:\WINDOWS\Registration
2014-03-24 18:22 - 2006-02-15 02:29 - 00163528 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-24 18:21 - 2014-03-24 18:21 - 00000000 __SHD () C:\found.000
2014-03-24 01:20 - 2014-03-24 01:19 - 00011175 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-24 01:20 - 2006-02-15 10:59 - 00271821 _____ () C:\WINDOWS\updspapi.log
2014-03-24 01:20 - 2006-02-15 10:42 - 00032534 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-24 01:20 - 2006-02-15 02:30 - 02424945 _____ () C:\WINDOWS\FaxSetup.log
2014-03-24 01:20 - 2006-02-15 02:30 - 01155849 _____ () C:\WINDOWS\ocgen.log
2014-03-24 01:20 - 2006-02-15 02:30 - 01106349 _____ () C:\WINDOWS\tsoc.log
2014-03-24 01:20 - 2006-02-15 02:30 - 00745390 _____ () C:\WINDOWS\msmqinst.log
2014-03-24 01:20 - 2006-02-15 02:30 - 00692538 _____ () C:\WINDOWS\comsetup.log
2014-03-24 01:20 - 2006-02-15 02:30 - 00630930 _____ () C:\WINDOWS\iis6.log
2014-03-24 01:20 - 2006-02-15 02:30 - 00435710 _____ () C:\WINDOWS\netfxocm.log
2014-03-24 01:20 - 2006-02-15 02:30 - 00418157 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-24 01:20 - 2006-02-15 02:30 - 00307966 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-24 01:20 - 2006-02-15 02:30 - 00271318 _____ () C:\WINDOWS\plusoc.log
2014-03-24 01:20 - 2006-02-15 02:30 - 00130246 _____ () C:\WINDOWS\ehOCGen.log
2014-03-24 01:20 - 2006-02-15 02:30 - 00122118 _____ () C:\WINDOWS\tabletoc.log
2014-03-24 01:20 - 2006-02-15 02:30 - 00120607 _____ () C:\WINDOWS\msgsocm.log
2014-03-24 01:20 - 2006-02-15 02:30 - 00113564 _____ () C:\WINDOWS\ocmsn.log
2014-03-24 01:20 - 2006-02-15 02:30 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-24 01:19 - 2014-03-24 01:19 - 00004428 _____ () C:\WINDOWS\KB2934207.log
2014-03-24 01:19 - 2014-03-24 01:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-24 01:19 - 2014-03-24 01:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-24 01:19 - 2014-03-24 01:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-24 01:19 - 2014-03-24 00:17 - 00008485 _____ () C:\WINDOWS\KB2929961.log
2014-03-24 01:19 - 2014-03-24 00:16 - 00009779 _____ () C:\WINDOWS\KB2930275.log
2014-03-24 01:19 - 2006-02-15 02:30 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-24 01:18 - 2013-07-13 20:04 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-24 01:14 - 2011-10-19 22:41 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-24 01:14 - 2011-10-17 05:04 - 00000178 ___SH () C:\Documents and Settings\Oscar Ramon\ntuser.ini
2014-03-24 01:01 - 2013-03-12 00:52 - 00000000 ____D () C:\Documents and Settings\Oscar Ramon\Application Data\vlc
2014-03-24 00:01 - 2006-02-15 02:30 - 00524888 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-23 23:57 - 2011-10-19 22:47 - 00375283 _____ () C:\WINDOWS\setupapi.log
2014-03-23 14:16 - 2014-03-09 11:31 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-03-19 23:08 - 2014-03-09 03:18 - 95027928 ____T () C:\Documents and Settings\All Users\Application Data\7ee0jw8.fee
2014-03-19 21:48 - 2006-02-15 02:28 - 07077888 _____ () C:\WINDOWS\system32\config\system.orig
2014-03-19 19:30 - 2006-02-15 02:29 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.orig
2014-03-19 19:30 - 2006-02-15 02:29 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.orig
2014-03-19 19:30 - 2006-02-15 02:28 - 29360128 _____ () C:\WINDOWS\system32\config\software.orig
2014-02-25 20:59 - 2014-03-23 23:58 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-02-25 20:59 - 2014-03-23 23:58 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-02-24 16:24 - 2009-03-08 04:32 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-24 16:24 - 2006-02-15 09:02 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-24 06:46 - 2011-10-19 22:46 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-24 06:46 - 2009-03-08 04:41 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-24 06:46 - 2009-03-08 04:34 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-24 06:46 - 2009-03-08 04:34 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-24 06:46 - 2009-03-08 04:34 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-24 06:46 - 2009-03-08 04:34 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-24 06:46 - 2009-03-08 04:33 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-24 06:46 - 2009-03-08 04:32 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-24 06:46 - 2009-03-08 04:31 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-24 06:46 - 2006-02-15 09:04 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-24 06:46 - 2006-02-15 09:04 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-24 06:46 - 2006-02-15 09:04 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-24 06:46 - 2006-02-15 09:03 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-24 06:46 - 2006-02-15 09:03 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-24 06:46 - 2006-02-15 09:03 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-24 06:46 - 2006-02-15 09:03 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-24 06:45 - 2012-06-13 23:29 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-24 06:45 - 2011-10-19 22:46 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-24 06:45 - 2011-10-19 22:46 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-24 06:45 - 2011-10-19 22:46 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-24 06:45 - 2011-10-19 22:46 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-24 06:45 - 2011-10-19 22:46 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-24 06:45 - 2011-10-19 22:46 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-24 06:45 - 2009-03-08 14:09 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-24 06:45 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-24 06:45 - 2009-03-08 04:34 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-24 06:45 - 2009-03-08 04:34 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-24 06:45 - 2009-03-08 04:33 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-24 06:45 - 2009-03-08 04:33 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-24 06:45 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-24 06:45 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-24 06:45 - 2009-03-08 04:31 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-24 06:45 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-24 06:45 - 2006-02-15 09:02 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-24 06:45 - 2006-02-15 09:02 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-24 06:45 - 2006-02-15 09:02 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-24 06:45 - 2006-02-15 09:02 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-24 06:45 - 2006-02-15 09:02 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-24 06:45 - 2006-02-15 09:02 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-24 05:54 - 2006-02-15 09:02 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

ZeroAccess:
C:\RECYCLER\S-1-5-21-1175923822-3291912662-919389297-1005\$3b71ecdeef219179bc41ceab655aaf50

Some content of TEMP:
====================
C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\DivXSetup.exe
C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\JuniperSetupClientInstaller.exe
C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\tbuTor.dll
C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\utt15D.tmp.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Addition:

 

==================== Security Center ========================

AV: McAfee VirusScan (Disabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader 7.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70000000000}) (Version: 7.0.0 - Adobe Systems Incorporated)
America Online (Choose which version to remove) (HKLM\...\America Online us) (Version:  - )
AOL Coach Version 2.0(Build:20041026.5 en) (HKLM\...\AolCoach2_en) (Version:  - )
AOL Connectivity Services (HKLM\...\AOL Connectivity Services) (Version:  - )
AOL Spyware Protection (HKLM\...\AOL Spyware Protection) (Version: 1.0.76 - AOL Spyware Protection)
AOL You've Got Pictures Screensaver (HKLM\...\AOL YGP Screensaver) (Version:  - )
Apple Application Support (HKLM\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (HKLM\...\WT004722) (Version: WT004722 - WildTangent)
Blasterball 2 Revolution (HKLM\...\WT004723) (Version: WT004723 - WildTangent)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v4.00.23(T) - )
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 1.00.008 - TOSHIBA)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
DVD-RAM Driver (HKLM\...\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}) (Version: 5.0.2.5 - )
ESPNMotion (HKLM\...\ESPNMotion) (Version: 2.1.6.0011 - ESPN Internet Ventures)
FATE (HKLM\...\WT006066) (Version: WT006066 - WildTangent)
FLV Player (HKLM\...\FLV Player2.0.25) (Version: 2.0.25 - Martijn de Visser Software)
GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version:  - )
Google Talk (remove only) (HKLM\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4436 - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 10.01.0000 - Intel Corporation)
InterVideo WinDVD Creator 2 (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.0.14.376 - InterVideo Inc.)
InterVideo WinDVD for TOSHIBA (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.533 - InterVideo Inc.)
J2SE Runtime Environment 5.0 Update 4 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150040}) (Version: 1.5.0.40 - Sun Microsystems, Inc.)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.5.14305 - Juniper Networks, Inc.)
Macromedia Flash Player 8 (HKLM\...\{6815FCDD-401D-481E-BA88-31B4754C2B46}) (Version: 8.0.22.0 - Macromedia)
McAfee SecurityCenter (HKLM\...\Mcafee SecurityCenter) (Version:  - )
McAfee VirusScan (HKLM\...\VirusScan Online) (Version:  - )
mCore (Version: 5.40.0000 - Intel Corporation) Hidden
mDrWiFi (Version: 5.40.0000 - Intel Corporation) Hidden
Metamail (Toshiba Registration Utility) (HKLM\...\{BE3F89C0-42D5-11D5-A40A-00105AC8331A}) (Version: 4.5 - )
mHelp (Version: 5.40.0000 - Intel) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office OneNote 2003 (HKLM\...\{91A10409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
mIWA (Version: 5.40.0000 - Intel Corporation) Hidden
mLogView (Version: 5.40.0000 - Intel Corporation) Hidden
mMHouse (Version: 5.40.0000 - Intel Corporation) Hidden
mPfMgr (Version: 5.40.0000 - Intel Corporation) Hidden
mPfWiz (Version: 5.40.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mXML (Version: 5.40.0000 - Intel Corporation) Hidden
MyConnect Special Offer (HKLM\...\{97D8751D-18A4-482B-9E9C-31DAD9BEC1EC}) (Version: 1.1.0 - TOSHIBA)
mZConfig (Version: 5.40.0000 - Intel Corporation) Hidden
Office 2003 Trial Assistant (Version: 1.0.0 - Microsoft) Hidden
Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version:  - )
Polar Golfer (HKLM\...\WT004829) (Version: WT004829 - WildTangent)
Pure Networks Port Magic (HKLM\...\Port Magic) (Version: 1.2.1393.0 - Pure Networks)
QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.02 - Realtek Semiconductor Corp.)
SCRABBLE (HKLM\...\WT004725) (Version: WT004725 - WildTangent)
SD Secure Module (HKLM\...\{C45F4811-31D5-4786-801D-F79CD06EDD85}) (Version: 1.0.3 - TOSHIBA Corporation)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Sonic Solutions)
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.31 - Sonic Solutions)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.9.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}) (Version: 1.16.0000 - Texas Instruments Inc.)
TIPCI (Version: 1.16.0000 - Texas Instruments Inc.) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version:  - )
TOSHIBA ConfigFree (HKLM\...\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}) (Version: 5.90.05 - )
TOSHIBA Controls (HKLM\...\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}) (Version:  - )
TOSHIBA Game Console (HKLM\...\TOSHIBA Game Console) (Version:  - WildTangent)
TOSHIBA Hotkey Utility (HKLM\...\{64DD71BC-3109-4C88-9AD3-D5422644B722}) (Version: 1.00.01ST - )
TOSHIBA PC Diagnostic Tool (HKLM\...\PC Diagnostic Tool) (Version:  - )
TOSHIBA Power Saver (HKLM\...\Power Saver) (Version: 7.03.07.I - )
TOSHIBA SD Memory Card Format (HKLM\...\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}) (Version:  - )
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.62 (SM2162ALD04) - )
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version:  - )
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA TouchPad ON/Off Utility (HKLM\...\{69BE47C2-36FE-4397-8199-85D8EAE69982}) (Version: 1.00.01ST - )
TOSHIBA TV Tuner 4.0.12.73 (HKLM\...\TOSHIBA TV Tuner) (Version: 4.0.12.73 - AVerMedia TECHNOLOGIES, Inc.)
TOSHIBA Utilities (HKLM\...\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}) (Version: 1.00.07ST - )
TOSHIBA Virtual Sound (HKLM\...\{8B12BA86-ADAC-4BA6-B441-FFC591087252}) (Version:  - )
TOSHIBA Zooming Utility (HKLM\...\{64212898-097F-4F3F-AECA-6D34A7EF82DF}) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Media Player 10 (KB910393) (HKLM\...\KB910393) (Version:  - Microsoft Corporation)
Update for Windows Media Player 10 (KB913800) (HKLM\...\KB913800) (Version:  - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WildTangent Web Driver (HKLM\...\WildTangent CDA) (Version:  - )
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB888316 (HKLM\...\KB888316) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB894553 (HKLM\...\KB894553) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB895678 (HKLM\...\KB895678) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB908250 (HKLM\...\KB908250) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)

==================== Restore Points  =========================

22-11-2013 03:51:25 System Checkpoint
26-11-2013 09:10:12 System Checkpoint
30-11-2013 20:43:18 System Checkpoint
12-12-2013 21:43:17 System Checkpoint
14-12-2013 08:12:30 Software Distribution Service 3.0
16-12-2013 07:24:00 Software Distribution Service 3.0
21-12-2013 21:29:19 System Checkpoint
03-01-2014 01:26:58 System Checkpoint
10-01-2014 01:25:10 System Checkpoint
11-01-2014 05:53:15 System Checkpoint
14-01-2014 00:54:25 System Checkpoint
15-01-2014 01:25:24 System Checkpoint
15-01-2014 06:32:11 Software Distribution Service 3.0
17-01-2014 01:26:24 System Checkpoint
20-01-2014 23:52:42 System Checkpoint
31-01-2014 06:53:53 System Checkpoint
02-02-2014 00:45:21 System Checkpoint
03-02-2014 21:43:36 System Checkpoint
05-02-2014 01:14:07 System Checkpoint
09-02-2014 02:10:41 System Checkpoint
14-02-2014 13:52:01 Software Distribution Service 3.0
16-02-2014 04:32:11 System Checkpoint
21-02-2014 01:52:03 System Checkpoint
09-03-2014 21:13:50 System Checkpoint
24-03-2014 06:14:21 Software Distribution Service 3.0

==================== Hosts content: ==========================

2006-02-15 09:02 - 2004-08-10 07:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Registration reminder 1.job => C:\WINDOWS\system32\OOBE\oobebaln.exe

==================== Loaded Modules (whitelisted) =============

2005-11-28 13:59 - 2005-11-28 13:59 - 00876544 _____ () C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll
2005-11-28 13:59 - 2005-11-28 13:59 - 00053322 _____ () C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
2005-11-28 13:59 - 2005-11-28 13:59 - 00208965 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2004-07-20 20:04 - 2004-07-20 20:04 - 00094208 _____ () C:\WINDOWS\system32\TosBtHcrpAPI.dll
2006-02-16 12:03 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2006-02-15 09:03 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2006-02-15 09:02 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2006-02-15 09:03 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2006-02-16 04:19 - 2005-07-12 20:14 - 00040960 _____ () c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
2006-02-24 23:28 - 2002-03-03 07:40 - 00045056 _____ () C:\WINDOWS\system32\TDispVol.dll
2011-11-04 21:22 - 2012-02-17 20:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
2006-02-15 11:25 - 2005-11-23 17:55 - 00118784 _____ () C:\WINDOWS\system32\TCtrlIO.DLL
2006-02-15 11:25 - 2006-01-04 21:14 - 00049152 _____ () C:\Program Files\Toshiba\Toshiba Applet\TouchPad_OnOff.dll
2005-11-28 13:59 - 2005-11-28 13:59 - 00876544 _____ () C:\Program Files\Intel\Wireless\bin\LIBEAY32.dll
2005-11-28 13:59 - 2005-11-28 13:59 - 00053322 _____ () C:\Program Files\Intel\Wireless\bin\IntStngs.dll
2011-07-28 18:08 - 2011-07-28 18:08 - 01259376 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2011-07-28 18:09 - 2011-07-28 18:09 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2013-10-18 18:55 - 2013-10-18 18:55 - 25100288 _____ () C:\Documents and Settings\Oscar Ramon\Application Data\Dropbox\bin\libcef.dll
2005-11-03 13:37 - 2005-11-03 13:37 - 00970862 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2005-11-28 13:59 - 2005-11-28 13:59 - 00208965 _____ () C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
2005-11-28 13:59 - 2005-11-28 13:59 - 00876544 _____ () C:\Program Files\Intel\Wireless\Bin\Libeay32.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2014 01:33:56 AM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: A thread in process c:\PROGRA~1\mcafee.com\vso\mcshield.exe took longer than 30000 ms to complete a request.

The process will be terminated.
Thread id : 1748 (0x6d4)

Thread address : 0x12020061

Thread message :

 Build VSCORE.11.0.0.151 / 11.34
 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\netmsg.dll
 by iexplore.exe
 27001(30157)(0)
 10010(30157)(0)
 24000(30157)(11)
 10006(30157)(0)
 27000(30157)(26)
 27001(30157)(0)
 10010(30157)(1)
 24000(30157)(16)

Error: (02/03/2014 01:55:08 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/03/2014 01:48:42 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/10/2014 01:54:01 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/04/2014 05:22:27 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: A thread in process c:\PROGRA~1\mcafee.com\vso\mcshield.exe took longer than 30000 ms to complete a request.

The process will be terminated.
Thread id : 1516 (0x5ec)

Thread address : 0x1203697B

Thread message :

 Build VSCORE.11.0.0.151 / 11.34
 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\dumprep.exe
 by svchost.exe
 27001(29891)(0)
 10010(29891)(39640424)
 24000(29891)(2)
 10006(29891)(0)
 27000(29891)(26)
 27001(29891)(0)
 10010(29891)(39640424)
 24000(29891)(2)

Error: (01/01/2014 04:37:08 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/01/2014 04:33:52 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/01/2014 04:20:29 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/01/2014 04:20:29 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/23/2013 02:17:48 AM) (Source: Application Error) (User: )
Description: Faulting application divx plus player.exe, version 10.3.3.16, faulting module qtcore4.dll, version 4.5.0.0, fault address 0x000e1b16.
Processing media-specific event for [divx plus player.exe!ws!]

System errors:
=============
Error: (03/24/2014 01:01:01 AM) (Source: 0) (User: )
Description: C:

Error: (03/19/2014 09:49:18 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (03/19/2014 05:50:38 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (03/19/2014 05:50:08 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (03/19/2014 05:49:38 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (03/19/2014 05:49:07 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (03/19/2014 05:48:37 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (03/19/2014 05:48:07 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (03/19/2014 05:47:37 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (03/19/2014 05:47:07 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Microsoft Office Sessions:
=========================
Error: (02/20/2014 01:33:56 AM) (Source: McLogEvent)(User: NT AUTHORITY)
Description: c:\PROGRA~1\mcafee.com\vso\mcshield.exe300001748 (0x6d4)0x12020061
 Build VSCORE.11.0.0.151 / 11.34
 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\netmsg.dll
 by iexplore.exe
 27001(30157)(0)
 10010(30157)(0)
 24000(30157)(11)
 10006(30157)(0)
 27000(30157)(26)
 27001(30157)(0)
 10010(30157)(1)
 24000(30157)(16)

Error: (02/03/2014 01:55:08 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/03/2014 01:48:42 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (01/10/2014 01:54:01 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (01/04/2014 05:22:27 PM) (Source: McLogEvent)(User: NT AUTHORITY)
Description: c:\PROGRA~1\mcafee.com\vso\mcshield.exe300001516 (0x5ec)0x1203697B
 Build VSCORE.11.0.0.151 / 11.34
 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\dumprep.exe
 by svchost.exe
 27001(29891)(0)
 10010(29891)(39640424)
 24000(29891)(2)
 10006(29891)(0)
 27000(29891)(26)
 27001(29891)(0)
 10010(29891)(39640424)
 24000(29891)(2)

Error: (01/01/2014 04:37:08 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (01/01/2014 04:33:52 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (01/01/2014 04:20:29 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (01/01/2014 04:20:29 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (12/23/2013 02:17:48 AM) (Source: Application Error)(User: )
Description: divx plus player.exe10.3.3.16qtcore4.dll4.5.0.0000e1b16

==================== Memory info ===========================

Percentage of memory in use: 61%
Total physical RAM: 501.98 MB
Available physical RAM: 192.68 MB
Total Pagefile: 1226.89 MB
Available Pagefile: 696.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932 MB

==================== Drives ================================

Drive c: (SQ004126P01) (Fixed) (Total:92.91 GB) (Free:30.47 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (KRD10) (CDROM) (Total:0.37 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 93 GB) (Disk ID: 1A181A18)
Partition 1: (Active) - (Size=93 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=251 MB) - (Type=88)

==================== End Of Log ============================

 

 

TDS Killer (no threats found):

19:11:01.0406 0x0540  TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
19:11:05.0734 0x0540  ============================================================
19:11:05.0734 0x0540  Current date / time: 2014/03/24 19:11:05.0734
19:11:05.0734 0x0540  SystemInfo:
19:11:05.0734 0x0540 
19:11:05.0734 0x0540  OS Version: 5.1.2600 ServicePack: 3.0
19:11:05.0734 0x0540  Product type: Workstation
19:11:05.0734 0x0540  ComputerName: OSCAR
19:11:05.0734 0x0540  UserName: Oscar Ramon
19:11:05.0734 0x0540  Windows directory: C:\WINDOWS
19:11:05.0734 0x0540  System windows directory: C:\WINDOWS
19:11:05.0734 0x0540  Processor architecture: Intel x86
19:11:05.0734 0x0540  Number of processors: 1
19:11:05.0734 0x0540  Page size: 0x1000
19:11:05.0734 0x0540  Boot type: Normal boot
19:11:05.0734 0x0540  ============================================================
19:11:09.0687 0x0540  KLMD registered as C:\WINDOWS\system32\drivers\96693827.sys
19:11:09.0953 0x0540  System UUID: {2C6A272F-2E20-3215-668A-C3B8C2AFDDB3}
19:11:11.0156 0x0540  Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:11:11.0156 0x0540  ============================================================
19:11:11.0156 0x0540  \Device\Harddisk0\DR0:
19:11:11.0156 0x0540  MBR partitions:
19:11:11.0156 0x0540  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB9D35E2
19:11:11.0156 0x0540  ============================================================
19:11:11.0187 0x0540  C: <-> \Device\Harddisk0\DR0\Partition1
19:11:11.0187 0x0540  ============================================================
19:11:11.0187 0x0540  Initialize success
19:11:11.0187 0x0540  ============================================================
19:11:22.0171 0x0438  ============================================================
19:11:22.0171 0x0438  Scan started
19:11:22.0171 0x0438  Mode: Manual;
19:11:22.0171 0x0438  ============================================================
19:11:22.0171 0x0438  KSN ping started
19:11:36.0093 0x0438  KSN ping finished: true
19:11:36.0703 0x0438  ================ Scan system memory ========================
19:11:36.0703 0x0438  System memory - ok
19:11:36.0703 0x0438  ================ Scan services =============================
19:11:36.0843 0x0438  Abiosdsk - ok
19:11:36.0843 0x0438  abp480n5 - ok
19:11:36.0890 0x0438  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:11:36.0890 0x0438  ACPI - ok
19:11:37.0046 0x0438  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:11:37.0046 0x0438  ACPIEC - ok
19:11:37.0062 0x0438  adpu160m - ok
19:11:37.0093 0x0438  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
19:11:37.0093 0x0438  aec - ok
19:11:37.0125 0x0438  [ 12DAFD934641DCF61E446313BC261EC2, 1731C21DE26B8898531CFF37EFDD362D4B854CE2441C98EC8084BE03EBB19DB1 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:11:37.0125 0x0438  AegisP - ok
19:11:37.0156 0x0438  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
19:11:37.0156 0x0438  AFD - ok
19:11:37.0265 0x0438  [ B3192376C7A3814B5341EFC2202022F8, A853C279CF31A45E2B59D6B2B15EABE7DEF46B0E2A78F969BCAEE8052452C721 ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys
19:11:37.0312 0x0438  AgereSoftModem - ok
19:11:37.0312 0x0438  Aha154x - ok
19:11:37.0328 0x0438  aic78u2 - ok
19:11:37.0343 0x0438  aic78xx - ok
19:11:37.0375 0x0438  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
19:11:37.0375 0x0438  Alerter - ok
19:11:37.0406 0x0438  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
19:11:37.0406 0x0438  ALG - ok
19:11:37.0421 0x0438  AliIde - ok
19:11:37.0421 0x0438  amsint - ok
19:11:37.0531 0x0438  [ AA2770FD967DAB91A597619C4EADC0C9, E21B8F032FB37AD172B54A04CA7CE24322E4AF4DDE11627F5FA02837B3D456AA ] AOL ACS         C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
19:11:37.0531 0x0438  AOL ACS - ok
19:11:37.0578 0x0438  [ 7FB54900AA9792AB6307C699EC1859D4, CDA8A505388A8873CFB6F7D793A807AE84B9EB7FA25414F0DCED6E6CD2924A33 ] AOL TopSpeedMonitor C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
19:11:37.0578 0x0438  AOL TopSpeedMonitor - ok
19:11:37.0640 0x0438  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
19:11:37.0640 0x0438  AppMgmt - ok
19:11:37.0656 0x0438  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:11:37.0656 0x0438  Arp1394 - ok
19:11:37.0656 0x0438  asc - ok
19:11:37.0671 0x0438  asc3350p - ok
19:11:37.0671 0x0438  asc3550 - ok
19:11:37.0687 0x0438  [ D880831279ED91F9A4190A2DB9539EA9, EAF7D48E026C99EE9C4BC838A3004966517F948051B39DA5B5072F6DE81165AB ] ASCTRM          C:\WINDOWS\system32\drivers\ASCTRM.sys
19:11:37.0687 0x0438  ASCTRM - ok
19:11:37.0796 0x0438  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:11:37.0859 0x0438  aspnet_state - ok
19:11:37.0890 0x0438  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:11:37.0890 0x0438  AsyncMac - ok
19:11:37.0906 0x0438  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
19:11:37.0921 0x0438  atapi - ok
19:11:37.0921 0x0438  Atdisk - ok
19:11:37.0968 0x0438  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:11:37.0968 0x0438  Atmarpc - ok
19:11:38.0015 0x0438  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:11:38.0015 0x0438  AudioSrv - ok
19:11:38.0062 0x0438  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
19:11:38.0062 0x0438  audstub - ok
19:11:38.0093 0x0438  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:11:38.0093 0x0438  Beep - ok
19:11:38.0156 0x0438  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
19:11:38.0171 0x0438  BITS - ok
19:11:38.0203 0x0438  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
19:11:38.0218 0x0438  Browser - ok
19:11:38.0218 0x0438  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
19:11:38.0218 0x0438  cbidf2k - ok
19:11:38.0234 0x0438  cd20xrnt - ok
19:11:38.0250 0x0438  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
19:11:38.0250 0x0438  Cdaudio - ok
19:11:38.0250 0x0438  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:11:38.0265 0x0438  Cdfs - ok
19:11:38.0281 0x0438  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:11:38.0281 0x0438  Cdrom - ok
19:11:38.0406 0x0438  [ 3CB0CC8879956C187E87E18634EE5164, 42F96B5745E3FB0F5A85AAA95F5F74EB4718763917ED56B72DC6914A528A4B93 ] CFSvcs          C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
19:11:38.0406 0x0438  CFSvcs - ok
19:11:38.0406 0x0438  Changer - ok
19:11:38.0453 0x0438  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
19:11:38.0453 0x0438  CiSvc - ok
19:11:38.0468 0x0438  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
19:11:38.0468 0x0438  ClipSrv - ok
19:11:38.0515 0x0438  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:11:38.0593 0x0438  clr_optimization_v2.0.50727_32 - ok
19:11:38.0609 0x0438  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:11:38.0609 0x0438  CmBatt - ok
19:11:38.0609 0x0438  CmdIde - ok
19:11:38.0625 0x0438  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:11:38.0625 0x0438  Compbatt - ok
19:11:38.0625 0x0438  COMSysApp - ok
19:11:38.0640 0x0438  Cpqarray - ok
19:11:38.0656 0x0438  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:11:38.0656 0x0438  CryptSvc - ok
19:11:38.0671 0x0438  dac2w2k - ok
19:11:38.0671 0x0438  dac960nt - ok
19:11:38.0734 0x0438  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:11:38.0750 0x0438  DcomLaunch - ok
19:11:38.0796 0x0438  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:11:38.0796 0x0438  Dhcp - ok
19:11:38.0828 0x0438  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:11:38.0828 0x0438  Disk - ok
19:11:38.0890 0x0438  [ EE4325BECEF51B8C32B4329097E4F301, 5873A6373AC55756B0FD9B2262D68BB4ABF03A2963C39B1B59368A04B4AFF01B ] DLABOIOM        C:\WINDOWS\system32\DLA\DLABOIOM.SYS
19:11:38.0890 0x0438  DLABOIOM - ok
19:11:38.0921 0x0438  [ D979BEBCF7EDCC9C9EE1857D1A68C67B, 936450704E4F2ADA6FB87F827C042FEC67F67C83D361F858F5F41AA6E8B7256D ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
19:11:38.0921 0x0438  DLACDBHM - ok
19:11:38.0953 0x0438  [ 1E6C6597833A04C2157BE7B39EA92CE1, C4808527160882DF12D743CFCC86E3989DF4DEBC9376515346986C9D1C18ED95 ] DLADResN        C:\WINDOWS\system32\DLA\DLADResN.SYS
19:11:38.0953 0x0438  DLADResN - ok
19:11:38.0984 0x0438  [ 752376E109A090970BFA9722F0F40B03, 749CF9E8BA96779C93163FDB4A66348A72674515CB24EFE9CA4C62834BB11131 ] DLAIFS_M        C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
19:11:39.0000 0x0438  DLAIFS_M - ok
19:11:39.0015 0x0438  [ 62EE7902E74B90BF1CCC4643FC6C07A7, 2BEA5F54E4050EBD811C4291DB99842C401C11D74787A1B41A0CDFB7DDCE6705 ] DLAOPIOM        C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
19:11:39.0031 0x0438  DLAOPIOM - ok
19:11:39.0046 0x0438  [ 5C220124C5AFEAEE84A9BB89D685C17B, B1B0F7FC7342026859113DFFD4DE8891C64F2623C23B347A665917A709A23D31 ] DLAPoolM        C:\WINDOWS\system32\DLA\DLAPoolM.SYS
19:11:39.0046 0x0438  DLAPoolM - ok
19:11:39.0046 0x0438  [ 7EE0852AE8907689DF25049DCD2342E8, A5F08D78200F5CB02539C87EA574EB34F0C330C290D7BE5D21ED42B0E04E5CF4 ] DLARTL_N        C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
19:11:39.0046 0x0438  DLARTL_N - ok
19:11:39.0062 0x0438  [ 4EBB78D9BBF072119363B35B9B3E518F, D8CEF470451E883329B6AF0A4907A96454DF4ABF27271EE891D604D418BB0A69 ] DLAUDFAM        C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
19:11:39.0062 0x0438  DLAUDFAM - ok
19:11:39.0078 0x0438  [ 333B770E52D2CEA7BD86391120466E43, DE21CC096B64B491A8DA3BBC3EF095C00A53D5EA0CC4B6440F5DE1E0BDB7C40A ] DLAUDF_M        C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
19:11:39.0078 0x0438  DLAUDF_M - ok
19:11:39.0093 0x0438  dmadmin - ok
19:11:39.0171 0x0438  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:11:39.0218 0x0438  dmboot - ok
19:11:39.0250 0x0438  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:11:39.0265 0x0438  dmio - ok
19:11:39.0281 0x0438  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:11:39.0281 0x0438  dmload - ok
19:11:39.0312 0x0438  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:11:39.0312 0x0438  dmserver - ok
19:11:39.0328 0x0438  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:11:39.0343 0x0438  DMusic - ok
19:11:39.0375 0x0438  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:11:39.0390 0x0438  Dnscache - ok
19:11:39.0437 0x0438  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:11:39.0437 0x0438  Dot3svc - ok
19:11:39.0453 0x0438  dpti2o - ok
19:11:39.0453 0x0438  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:11:39.0453 0x0438  drmkaud - ok
19:11:39.0468 0x0438  [ FD0F95981FEF9073659D8EC58E40AA3C, 9EF2D538A90276DFF72BCE0E9A3AF50E607F2FD17B9EE46506156FBF3FC9E970 ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
19:11:39.0468 0x0438  DRVMCDB - ok
19:11:39.0484 0x0438  [ B4869D320428CDC5EC4D7F5E808E99B5, A84D1D65E84C0B17CE48188AD95DF52E1FEF785E6C6415E028CB5F7F4F31C466 ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
19:11:39.0484 0x0438  DRVNDDM - ok
19:11:39.0546 0x0438  [ C9FFBD6B8EDC46CD3D13E3C6DB914FB7, E57ADB1A14086EA264526E5AFD85A1EAA5BC2395A282F58250627911E9F00A8C ] DVD-RAM_Service C:\WINDOWS\system32\DVDRAMSV.exe
19:11:39.0546 0x0438  DVD-RAM_Service - ok
19:11:39.0609 0x0438  [ 2646883E6DD867CD872D5B51B6036710, BED2BC63B2C2822D9D08F25A1E57D4DE0B039CC6ABA8B8159C86D05A6EC371D2 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:11:39.0625 0x0438  E100B - ok
19:11:39.0656 0x0438  [ E1FA10ED8F9F700C1BE1EAE05A80EF57, F3A7CA45F495723260B25E383206275471B31BFABADB6BDB802BA06359577DF0 ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys
19:11:39.0656 0x0438  e1express - ok
19:11:39.0703 0x0438  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
19:11:39.0703 0x0438  EapHost - ok
19:11:39.0796 0x0438  [ 8301243BDE5B6CD316D79C0191D50D9A, 6F7435ED1B597B15EFF596F7D866945A7A6D485EF4D0C1A7C63DDDCE11AC0872 ] ehRecvr         C:\WINDOWS\eHome\ehRecvr.exe
19:11:39.0796 0x0438  ehRecvr - ok
19:11:39.0828 0x0438  [ A53243709439AC2A4C216B817F8D7411, AF4624EEA9B165DE873B7D104D1EA3BE9A14BBC5B4CABE26544F90B78689EEF9 ] ehSched         C:\WINDOWS\eHome\ehSched.exe
19:11:39.0828 0x0438  ehSched - ok
19:11:39.0843 0x0438  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
19:11:39.0843 0x0438  ERSvc - ok
19:11:39.0875 0x0438  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
19:11:39.0875 0x0438  Eventlog - ok
19:11:39.0937 0x0438  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
19:11:39.0953 0x0438  EventSystem - ok
19:11:40.0015 0x0438  [ 56DED3ADE453272E6A0AD582D945D1A4, 771D895D82564A8518567D1745122CB8A1F4520F46A6716933D310E1AC36A150 ] EvtEng          C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
19:11:40.0031 0x0438  EvtEng - ok
19:11:40.0078 0x0438  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
19:11:40.0078 0x0438  Fastfat - ok
19:11:40.0140 0x0438  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:11:40.0140 0x0438  FastUserSwitchingCompatibility - ok
19:11:40.0203 0x0438  [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax             C:\WINDOWS\system32\fxssvc.exe
19:11:40.0203 0x0438  Fax - ok
19:11:40.0218 0x0438  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
19:11:40.0234 0x0438  Fdc - ok
19:11:40.0265 0x0438  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:11:40.0265 0x0438  Fips - ok
19:11:40.0281 0x0438  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
19:11:40.0281 0x0438  Flpydisk - ok
19:11:40.0328 0x0438  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
19:11:40.0328 0x0438  FltMgr - ok
19:11:40.0421 0x0438  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:11:40.0421 0x0438  FontCache3.0.0.0 - ok
19:11:40.0453 0x0438  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:11:40.0453 0x0438  Fs_Rec - ok
19:11:40.0468 0x0438  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:11:40.0468 0x0438  Ftdisk - ok
19:11:40.0484 0x0438  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:11:40.0484 0x0438  Gpc - ok
19:11:40.0515 0x0438  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:11:40.0515 0x0438  HDAudBus - ok
19:11:40.0593 0x0438  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:11:40.0593 0x0438  helpsvc - ok
19:11:40.0609 0x0438  HidServ - ok
19:11:40.0671 0x0438  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
19:11:40.0671 0x0438  hkmsvc - ok
19:11:40.0687 0x0438  hpn - ok
19:11:40.0750 0x0438  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:11:40.0765 0x0438  HTTP - ok
19:11:40.0781 0x0438  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:11:40.0781 0x0438  HTTPFilter - ok
19:11:40.0796 0x0438  i2omgmt - ok
19:11:40.0796 0x0438  i2omp - ok
19:11:40.0828 0x0438  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:11:40.0828 0x0438  i8042prt - ok
19:11:40.0953 0x0438  [ BC1F1FF8D5800398937966CDB0A97FDC, 3525AA809E23252A1CED4A5BE09184C21D007F0C0E762450E0A2CC3EC55CAA5D ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:11:41.0015 0x0438  ialm - ok
19:11:41.0187 0x0438  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:11:41.0218 0x0438  idsvc - ok
19:11:41.0234 0x0438  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
19:11:41.0234 0x0438  Imapi - ok
19:11:41.0281 0x0438  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
19:11:41.0296 0x0438  ImapiService - ok
19:11:41.0312 0x0438  ini910u - ok
19:11:41.0593 0x0438  [ B12A9FC49CD2765A43829D834F518AED, 3D465807766A79483881E00E1BC01E5565FED8D716C529889FB00CEE341B80C7 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:11:41.0796 0x0438  IntcAzAudAddService - ok
19:11:41.0812 0x0438  IntelIde - ok
19:11:41.0859 0x0438  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:11:41.0859 0x0438  intelppm - ok
19:11:41.0890 0x0438  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
19:11:41.0890 0x0438  Ip6Fw - ok
19:11:41.0921 0x0438  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:11:41.0921 0x0438  IpFilterDriver - ok
19:11:41.0937 0x0438  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:11:41.0937 0x0438  IpInIp - ok
19:11:41.0984 0x0438  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:11:42.0000 0x0438  IpNat - ok
19:11:42.0031 0x0438  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:11:42.0031 0x0438  IPSec - ok
19:11:42.0062 0x0438  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:11:42.0062 0x0438  IRENUM - ok
19:11:42.0093 0x0438  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:11:42.0093 0x0438  isapnp - ok
19:11:42.0109 0x0438  [ F59C3569A2F2C464BB78CB1BDCDCA55E, 7E24D866510DD2AE158E9C3B84133BF2B6A7202DEE23A4154C996ADBBEDA72FF ] Iviaspi         C:\WINDOWS\system32\drivers\iviaspi.sys
19:11:42.0109 0x0438  Iviaspi - ok
19:11:42.0125 0x0438  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:11:42.0125 0x0438  Kbdclass - ok
19:11:42.0156 0x0438  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:11:42.0156 0x0438  kmixer - ok
19:11:42.0187 0x0438  [ 00C1EA8DECF810B8ECCB5C5A8186A96E, D1F5EDB6EE609EE73EAEFBD52714911E4CCC72E7C09095383A9C638BB3AAF35B ] KR10N           C:\WINDOWS\system32\drivers\KR10N.sys
19:11:42.0203 0x0438  KR10N - ok
19:11:42.0218 0x0438  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:11:42.0234 0x0438  KSecDD - ok
19:11:42.0265 0x0438  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
19:11:42.0265 0x0438  lanmanserver - ok
19:11:42.0296 0x0438  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:11:42.0312 0x0438  lanmanworkstation - ok
19:11:42.0312 0x0438  lbrtfdc - ok
19:11:42.0343 0x0438  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
19:11:42.0343 0x0438  LmHosts - ok
19:11:42.0406 0x0438  [ F73B0F3EBD90B1C87A3B93BE94E831C7, FB442027D63BEB38E35B5450B84F06689F53A1670430591FFE1016A37267D207 ] McDetect.exe    c:\program files\mcafee.com\agent\mcdetect.exe
19:11:42.0421 0x0438  McDetect.exe - ok
19:11:42.0468 0x0438  [ DF0A511F38F16016BF658FCA0090CB87, 6D2F6360A4E1D369607F2F394B4A8C6EE8EEE9FA46A67394769E9C0044529B6C ] McrdSvc         C:\WINDOWS\ehome\mcrdsvc.exe
19:11:42.0468 0x0438  McrdSvc - ok
19:11:42.0531 0x0438  [ FAE84A2F9C11B7C532950BF0AE1EC26A, E79F5C1FD39F96402A7298BAA9B91F111458D58B9D8CA842F55EB4714B139195 ] McShield        c:\PROGRA~1\mcafee.com\vso\mcshield.exe
19:11:42.0531 0x0438  McShield - ok
19:11:42.0562 0x0438  [ A214E217784D1002411DCA8E9793D4A4, 2ECA8DB875F1E9E9729849908CD19DD427E09463F3E8BF16B64CFF2E9092A09A ] McTskshd.exe    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
19:11:42.0562 0x0438  McTskshd.exe - ok
19:11:42.0609 0x0438  [ E101328CB143AB09D0B005B6EDCFD0DB, AF0C1EF20A842B6131D3DC4AACCFE0FF9911377201B3176B5D3320903E295B4D ] mcupdmgr.exe    C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
19:11:42.0640 0x0438  mcupdmgr.exe - ok
19:11:42.0687 0x0438  [ 7EFAC183A25B30FB5D64CC9D484B1EB6, F0CD7A980E0241AF8E97008BF65D2FEDD191A9023AD4948806DFB571B2836DA6 ] meiudf          C:\WINDOWS\system32\Drivers\meiudf.sys
19:11:42.0687 0x0438  meiudf - ok
19:11:42.0718 0x0438  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
19:11:42.0718 0x0438  Messenger - ok
19:11:42.0750 0x0438  [ B7521F69C0A9B29D356157229376FB21, A77C89BDC181038DD0F9A8AC0F7164B10EF9C54B0C57D8BAB8BC27932EBF890B ] MHN             C:\WINDOWS\System32\mhn.dll
19:11:42.0750 0x0438  MHN - ok
19:11:42.0781 0x0438  [ 7F2F1D2815A6449D346FCCCBC569FBD6, 1C5A321CE95CE4D9AA2CB5A00E9B7E711521A6BBB25D36F7F49A397C361585C6 ] MHNDRV          C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:11:42.0781 0x0438  MHNDRV - ok
19:11:42.0812 0x0438  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
19:11:42.0812 0x0438  mnmdd - ok
19:11:42.0859 0x0438  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
19:11:42.0859 0x0438  mnmsrvc - ok
19:11:42.0906 0x0438  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
19:11:42.0921 0x0438  Modem - ok
19:11:42.0937 0x0438  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:11:42.0937 0x0438  Mouclass - ok
19:11:42.0937 0x0438  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:11:42.0937 0x0438  MountMgr - ok
19:11:42.0953 0x0438  mraid35x - ok
19:11:42.0984 0x0438  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:11:42.0984 0x0438  MRxDAV - ok
19:11:43.0062 0x0438  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:11:43.0093 0x0438  MRxSmb - ok
19:11:43.0093 0x0438  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
19:11:43.0093 0x0438  MSDTC - ok
19:11:43.0109 0x0438  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:11:43.0109 0x0438  Msfs - ok
19:11:43.0125 0x0438  MSIServer - ok
19:11:43.0140 0x0438  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:11:43.0140 0x0438  MSKSSRV - ok
19:11:43.0171 0x0438  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:11:43.0171 0x0438  MSPCLOCK - ok
19:11:43.0187 0x0438  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:11:43.0187 0x0438  MSPQM - ok
19:11:43.0234 0x0438  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:11:43.0234 0x0438  mssmbios - ok
19:11:43.0281 0x0438  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
19:11:43.0281 0x0438  Mup - ok
19:11:43.0296 0x0438  [ AFFD46144D763D9046673DD2D012CFF9, 7D1852B695F882C0DD99FC8676AB3648D9A453BB3BF9CCAB000C4266FE330794 ] NaiAvFilter1    C:\WINDOWS\system32\drivers\naiavf5x.sys
19:11:43.0312 0x0438  NaiAvFilter1 - ok
19:11:43.0375 0x0438  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
19:11:43.0390 0x0438  napagent - ok
19:11:43.0406 0x0438  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:11:43.0421 0x0438  NDIS - ok
19:11:43.0437 0x0438  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:11:43.0437 0x0438  NdisTapi - ok
19:11:43.0453 0x0438  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:11:43.0453 0x0438  Ndisuio - ok
19:11:43.0468 0x0438  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:11:43.0484 0x0438  NdisWan - ok
19:11:43.0500 0x0438  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:11:43.0500 0x0438  NDProxy - ok
19:11:43.0515 0x0438  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:11:43.0515 0x0438  NetBIOS - ok
19:11:43.0546 0x0438  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
19:11:43.0546 0x0438  NetBT - ok
19:11:43.0578 0x0438  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
19:11:43.0593 0x0438  NetDDE - ok
19:11:43.0593 0x0438  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
19:11:43.0609 0x0438  NetDDEdsdm - ok
19:11:43.0609 0x0438  [ 1265EB253ED4EBE4ACB3BD5F548FF796, E54D849FF7DBA47526BDB0CC71881768DB55D6A5779C245C8A0D7B9C6409B785 ] Netdevio        C:\WINDOWS\system32\DRIVERS\netdevio.sys
19:11:43.0609 0x0438  Netdevio - ok
19:11:43.0640 0x0438  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
19:11:43.0640 0x0438  Netlogon - ok
19:11:43.0671 0x0438  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
19:11:43.0671 0x0438  Netman - ok
19:11:43.0750 0x0438  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:11:43.0765 0x0438  NetTcpPortSharing - ok
19:11:43.0781 0x0438  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:11:43.0781 0x0438  NIC1394 - ok
19:11:43.0812 0x0438  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
19:11:43.0828 0x0438  Nla - ok
19:11:43.0859 0x0438  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:11:43.0859 0x0438  Npfs - ok
19:11:43.0921 0x0438  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:11:43.0937 0x0438  Ntfs - ok
19:11:43.0953 0x0438  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
19:11:43.0953 0x0438  NtLmSsp - ok
19:11:44.0015 0x0438  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
19:11:44.0031 0x0438  NtmsSvc - ok
19:11:44.0078 0x0438  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:11:44.0078 0x0438  Null - ok
19:11:44.0093 0x0438  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:11:44.0093 0x0438  NwlnkFlt - ok
19:11:44.0125 0x0438  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:11:44.0125 0x0438  NwlnkFwd - ok
19:11:44.0140 0x0438  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:11:44.0140 0x0438  ohci1394 - ok
19:11:44.0218 0x0438  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:11:44.0218 0x0438  ose - ok
19:11:44.0250 0x0438  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
19:11:44.0250 0x0438  Parport - ok
19:11:44.0265 0x0438  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
19:11:44.0265 0x0438  PartMgr - ok
19:11:44.0281 0x0438  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
19:11:44.0281 0x0438  ParVdm - ok
19:11:44.0312 0x0438  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
19:11:44.0312 0x0438  PCI - ok
19:11:44.0328 0x0438  PCIDump - ok
19:11:44.0328 0x0438  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
19:11:44.0328 0x0438  PCIIde - ok
19:11:44.0343 0x0438  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:11:44.0359 0x0438  Pcmcia - ok
19:11:44.0359 0x0438  PDCOMP - ok
19:11:44.0375 0x0438  PDFRAME - ok
19:11:44.0375 0x0438  PDRELI - ok
19:11:44.0390 0x0438  PDRFRAME - ok
19:11:44.0390 0x0438  perc2 - ok
19:11:44.0406 0x0438  perc2hib - ok
19:11:44.0437 0x0438  [ 444F122E68DB44C0589227781F3C8B3F, 99581AD22CBD3B647E719E250291C315099B62FDF80671225F0C5A05489D0F91 ] Pfc             C:\WINDOWS\system32\drivers\pfc.sys
19:11:44.0437 0x0438  Pfc - ok
19:11:44.0453 0x0438  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
19:11:44.0453 0x0438  PlugPlay - ok
19:11:44.0468 0x0438  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
19:11:44.0468 0x0438  PolicyAgent - ok
19:11:44.0484 0x0438  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:11:44.0500 0x0438  PptpMiniport - ok
19:11:44.0500 0x0438  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:11:44.0500 0x0438  ProtectedStorage - ok
19:11:44.0515 0x0438  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
19:11:44.0515 0x0438  PSched - ok
19:11:44.0531 0x0438  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:11:44.0531 0x0438  Ptilink - ok
19:11:44.0546 0x0438  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:11:44.0546 0x0438  PxHelp20 - ok
19:11:44.0562 0x0438  ql1080 - ok
19:11:44.0562 0x0438  Ql10wnt - ok
19:11:44.0578 0x0438  ql12160 - ok
19:11:44.0578 0x0438  ql1240 - ok
19:11:44.0593 0x0438  ql1280 - ok
19:11:44.0609 0x0438  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:11:44.0609 0x0438  RasAcd - ok
19:11:44.0625 0x0438  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:11:44.0625 0x0438  RasAuto - ok
19:11:44.0640 0x0438  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:11:44.0640 0x0438  Rasl2tp - ok
19:11:44.0687 0x0438  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:11:44.0703 0x0438  RasMan - ok
19:11:44.0703 0x0438  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:11:44.0718 0x0438  RasPppoe - ok
19:11:44.0718 0x0438  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
19:11:44.0734 0x0438  Raspti - ok
19:11:44.0750 0x0438  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:11:44.0750 0x0438  Rdbss - ok
19:11:44.0781 0x0438  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:11:44.0781 0x0438  RDPCDD - ok
19:11:44.0796 0x0438  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:11:44.0812 0x0438  rdpdr - ok
19:11:44.0875 0x0438  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
19:11:44.0875 0x0438  RDPWD - ok
19:11:44.0937 0x0438  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
19:11:44.0937 0x0438  RDSessMgr - ok
19:11:44.0984 0x0438  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
19:11:44.0984 0x0438  redbook - ok
19:11:45.0046 0x0438  [ 1B2857EF12D79A9F9ADBA14B0637CBF8, A4F825F955B03F555D87E9583AF07786724777BC6EBB4315181019FF20847AA3 ] RegSrvc         C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
19:11:45.0046 0x0438  RegSrvc - ok
19:11:45.0109 0x0438  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:11:45.0109 0x0438  RemoteAccess - ok
19:11:45.0140 0x0438  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:11:45.0156 0x0438  RemoteRegistry - ok
19:11:45.0156 0x0438  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
19:11:45.0171 0x0438  RpcLocator - ok
19:11:45.0203 0x0438  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
19:11:45.0218 0x0438  RpcSs - ok
19:11:45.0281 0x0438  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
19:11:45.0281 0x0438  RSVP - ok
19:11:45.0375 0x0438  [ 6C5155CC0E805C7BE6028BFF7AC14524, 089AB4DB0B499F768631A16654BA10229100A28822A348807318C37FE689D2DC ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
19:11:45.0406 0x0438  S24EventMonitor - ok
19:11:45.0421 0x0438  [ 1CC074E0D48383D4E9BFFC6A26C2A58A, 8311DC2601DC5CBE90774822D05D00BDF2A169C2A1ACB8CCE7B8D93743374E9B ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
19:11:45.0421 0x0438  s24trans - ok
19:11:45.0453 0x0438  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
19:11:45.0453 0x0438  SamSs - ok
19:11:45.0453 0x0438  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
19:11:45.0468 0x0438  SCardSvr - ok
19:11:45.0484 0x0438  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:11:45.0500 0x0438  Schedule - ok
19:11:45.0531 0x0438  [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:11:45.0531 0x0438  sdbus - ok
19:11:45.0562 0x0438  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:11:45.0562 0x0438  Secdrv - ok
19:11:45.0593 0x0438  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
19:11:45.0593 0x0438  seclogon - ok
19:11:45.0593 0x0438  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
19:11:45.0609 0x0438  SENS - ok
19:11:45.0640 0x0438  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
19:11:45.0656 0x0438  Serial - ok
19:11:45.0687 0x0438  [ 0FA803C64DF0914B41F807EA276BF2A6, 847B1CD47ADF9E4AE298E74CC53A7F9DB4E58F43919D3A2BBFFE07244134778D ] sffdisk         C:\WINDOWS\system32\DRIVERS\sffdisk.sys
19:11:45.0687 0x0438  sffdisk - ok
19:11:45.0703 0x0438  [ C17C331E435ED8737525C86A7557B3AC, F1DEB2CA5D8E02280782B354A31E148E3A2F2B5F57AD6C575875DE20F6D3C930 ] sffp_sd         C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
19:11:45.0703 0x0438  sffp_sd - ok
19:11:45.0718 0x0438  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
19:11:45.0718 0x0438  Sfloppy - ok
19:11:45.0765 0x0438  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
19:11:45.0781 0x0438  SharedAccess - ok
19:11:45.0796 0x0438  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:11:45.0812 0x0438  ShellHWDetection - ok
19:11:45.0812 0x0438  Simbad - ok
19:11:45.0828 0x0438  Sparrow - ok
19:11:45.0843 0x0438  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
19:11:45.0843 0x0438  splitter - ok
19:11:45.0875 0x0438  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
19:11:45.0875 0x0438  Spooler - ok
19:11:45.0906 0x0438  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
19:11:45.0906 0x0438  sr - ok
19:11:45.0968 0x0438  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
19:11:45.0968 0x0438  srservice - ok
19:11:46.0031 0x0438  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:11:46.0046 0x0438  Srv - ok
19:11:46.0078 0x0438  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:11:46.0093 0x0438  SSDPSRV - ok
19:11:46.0156 0x0438  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
19:11:46.0171 0x0438  stisvc - ok
19:11:46.0187 0x0438  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
19:11:46.0187 0x0438  swenum - ok
19:11:46.0218 0x0438  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
19:11:46.0218 0x0438  swmidi - ok
19:11:46.0218 0x0438  SwPrv - ok
19:11:46.0265 0x0438  [ 486A64AABD88E4E174681E89E9736BC9, 7B969ECF80592DD7D593CCAA3B1BB1601C3C3790C435E0B4E562529A718F36B8 ] Swupdtmr        c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
19:11:46.0265 0x0438  Swupdtmr - ok
19:11:46.0281 0x0438  symc810 - ok
19:11:46.0281 0x0438  symc8xx - ok
19:11:46.0296 0x0438  sym_hi - ok
19:11:46.0296 0x0438  sym_u3 - ok
19:11:46.0359 0x0438  [ E295FFFFF3AAF9A6A40B29497901908F, 4C613B9FD2EB42BE8A408F54003AB7870763C9706E653768CCB06E5DDC122D26 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:11:46.0359 0x0438  SynTP - ok
19:11:46.0375 0x0438  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
19:11:46.0375 0x0438  sysaudio - ok
19:11:46.0421 0x0438  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
19:11:46.0421 0x0438  SysmonLog - ok
19:11:46.0468 0x0438  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:11:46.0468 0x0438  TapiSrv - ok
19:11:46.0515 0x0438  [ 90861642FD6D8FAFB1408EE26FA93CB4, 1B0E25BE3B49927D4D06C6EE8D6A59E28FA4496E88BC747343A52C4E0595E233 ] TAPPSRV         C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
19:11:46.0515 0x0438  TAPPSRV - ok
19:11:46.0531 0x0438  [ 7147B0575BCC93A6AB7D5C90F47C0B9F, 28B598F434705C2FAFE7E767254B05F9A8693F41FD666C155283DBE53D8A0357 ] tbiosdrv        C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
19:11:46.0531 0x0438  tbiosdrv - ok
19:11:46.0593 0x0438  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:11:46.0609 0x0438  Tcpip - ok
19:11:46.0656 0x0438  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
19:11:46.0656 0x0438  TDPIPE - ok
19:11:46.0687 0x0438  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
19:11:46.0687 0x0438  TDTCP - ok
19:11:46.0703 0x0438  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
19:11:46.0718 0x0438  TermDD - ok
19:11:46.0750 0x0438  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
19:11:46.0765 0x0438  TermService - ok
19:11:46.0796 0x0438  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
19:11:46.0796 0x0438  Themes - ok
19:11:46.0828 0x0438  [ 244CFBFFDEFB77F3DF571A8CD108FC06, AE231555FF65CBE89EE7441E447162DAD942A8E7EA82B4BC2BE773C8F4D77C5B ] tifm21          C:\WINDOWS\system32\drivers\tifm21.sys
19:11:46.0843 0x0438  tifm21 - ok
19:11:46.0875 0x0438  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
19:11:46.0875 0x0438  TlntSvr - ok
19:11:46.0890 0x0438  TosIde - ok
19:11:46.0906 0x0438  [ CC069342EE0EAE55B32A0AE99CF6185C, B9015E22AEDE8447719BB6D8E173C491E64459D25F320138F1BFE521609220F8 ] tosrfec         C:\WINDOWS\system32\DRIVERS\tosrfec.sys
19:11:46.0906 0x0438  tosrfec - ok
19:11:46.0921 0x0438  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
19:11:46.0921 0x0438  TrkWks - ok
19:11:46.0953 0x0438  [ 676DB15DDF2E0FF6EC03068DEA428B8B, B12DF330085C1E56B774D023C4DDDDDC774321F82BC26CCF36A92E825482533A ] TVALD           C:\WINDOWS\system32\DRIVERS\NBSMI.sys
19:11:46.0953 0x0438  TVALD - ok
19:11:47.0000 0x0438  [ CC6763889198EF975B143D49789BCFA9, 555B8441DBDFC424C3EE95292225260AB419C66214C81CA43A77DB187CA139E1 ] Tvs             C:\WINDOWS\system32\DRIVERS\Tvs.sys
19:11:47.0000 0x0438  Tvs - ok
19:11:47.0046 0x0438  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
19:11:47.0046 0x0438  Udfs - ok
19:11:47.0062 0x0438  ultra - ok
19:11:47.0109 0x0438  [ 9651E5D850B6F6BD7C77C70AA06F02BF, 746B9948BD77FE332991C08959908B5E613CE4A358B00BB67B3F8AB13FFD27C8 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
19:11:47.0109 0x0438  UMWdf - ok
19:11:47.0203 0x0438  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
19:11:47.0218 0x0438  Update - ok
19:11:47.0265 0x0438  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:11:47.0281 0x0438  upnphost - ok
19:11:47.0281 0x0438  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
19:11:47.0281 0x0438  UPS - ok
19:11:47.0328 0x0438  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:11:47.0328 0x0438  usbehci - ok
19:11:47.0343 0x0438  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:11:47.0359 0x0438  usbhub - ok
19:11:47.0375 0x0438  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:11:47.0375 0x0438  USBSTOR - ok
19:11:47.0390 0x0438  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:11:47.0406 0x0438  usbuhci - ok
19:11:47.0421 0x0438  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
19:11:47.0421 0x0438  VgaSave - ok
19:11:47.0437 0x0438  ViaIde - ok
19:11:47.0437 0x0438  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
19:11:47.0437 0x0438  VolSnap - ok
19:11:47.0484 0x0438  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
19:11:47.0500 0x0438  VSS - ok
19:11:47.0546 0x0438  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
19:11:47.0546 0x0438  W32Time - ok
19:11:47.0687 0x0438  [ B1F126E7E28877106D60E6FF3998D033, 1F59798DF18994AA720522CC5FBA5B79F9BD167DBBC2B9D670F796E1DFD10C0C ] w39n51          C:\WINDOWS\system32\DRIVERS\w39n51.sys
19:11:47.0750 0x0438  w39n51 - ok
19:11:47.0781 0x0438  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:11:47.0781 0x0438  Wanarp - ok
19:11:47.0828 0x0438  [ 0A716C08CB13C3A8F4F51E882DBF7416, 66FFDC9151CB3676B5DF073431DE055E7F2CDA5722F7EAAC6EC45F2CF9910882 ] wanatw          C:\WINDOWS\system32\DRIVERS\wanatw4.sys
19:11:47.0828 0x0438  wanatw - ok
19:11:47.0828 0x0438  WDICA - ok
19:11:47.0875 0x0438  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
19:11:47.0890 0x0438  wdmaud - ok
19:11:47.0906 0x0438  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:11:47.0906 0x0438  WebClient - ok
19:11:48.0015 0x0438  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:11:48.0015 0x0438  winmgmt - ok
19:11:48.0062 0x0438  [ B9715B9C18BC6C8F4B66733D208CC9F7, 1F1298810AB5BA0B669091481ECC6D545B4ADBB2D80C8EFB257439E3818A9A84 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
19:11:48.0062 0x0438  WmdmPmSN - ok
19:11:48.0140 0x0438  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
19:11:48.0171 0x0438  Wmi - ok
19:11:48.0187 0x0438  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:11:48.0187 0x0438  WmiApSrv - ok
19:11:48.0234 0x0438  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
19:11:48.0250 0x0438  wscsvc - ok
19:11:48.0265 0x0438  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
19:11:48.0265 0x0438  wuauserv - ok
19:11:48.0328 0x0438  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
19:11:48.0359 0x0438  WZCSVC - ok
19:11:48.0390 0x0438  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
19:11:48.0406 0x0438  xmlprov - ok
19:11:48.0421 0x0438  ================ Scan global ===============================
19:11:48.0453 0x0438  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
19:11:48.0484 0x0438  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
19:11:48.0515 0x0438  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
19:11:48.0562 0x0438  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
19:11:48.0562 0x0438  [ Global ] - ok
19:11:48.0562 0x0438  ================ Scan MBR ==================================
19:11:48.0593 0x0438  [ 09CE7397AF23D4C0B331B89D0297CC7E ] \Device\Harddisk0\DR0
19:11:49.0578 0x0438  \Device\Harddisk0\DR0 - ok
19:11:49.0578 0x0438  ================ Scan VBR ==================================
19:11:49.0609 0x0438  [ A499740355AE51E53F8038469E11F37F ] \Device\Harddisk0\DR0\Partition1
19:11:49.0640 0x0438  \Device\Harddisk0\DR0\Partition1 - ok
19:11:49.0640 0x0438  Waiting for KSN requests completion. In queue: 168
19:11:50.0640 0x0438  Waiting for KSN requests completion. In queue: 168
19:11:51.0640 0x0438  Waiting for KSN requests completion. In queue: 168
19:11:52.0718 0x0438  AV detected via SS1: McAfee VirusScan, , enabled, outofdate
19:11:52.0750 0x0438  Win FW state via NFM: enabled
19:11:55.0328 0x0438  ============================================================
19:11:55.0328 0x0438  Scan finished
19:11:55.0328 0x0438  ============================================================
19:11:55.0343 0x0efc  Detected object count: 0
19:11:55.0343 0x0efc  Actual detected object count: 0

 

Please let me know of any additional steps.

Thank you!



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 AM

Posted 25 March 2014 - 09:18 AM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 dollarunderwater

dollarunderwater
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 25 March 2014 - 09:14 PM

Hello,

 

Content of fixlist:
*****************
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
2014-03-09 03:18 - 2014-03-19 23:08 - 95027928 ____T () C:\Documents and Settings\All Users\Application Data\7ee0jw8.fee
C:\RECYCLER\S-1-5-21-1175923822-3291912662-919389297-1005

*****************

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
C:\Documents and Settings\All Users\Application Data\7ee0jw8.fee => Moved successfully.
C:\RECYCLER\S-1-5-21-1175923822-3291912662-919389297-1005 => Moved successfully.

==== End of Fixlog ====

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/25/2014
Scan Time: 9:01:08 PM
Logfile: malewarelog.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.03.25.09
Rootkit Database: v2014.03.18.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Oscar Ramon

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 266569
Time Elapsed: 1 hr, 57 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.Conduit.A, C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\CT2786678, , [74097097aecd290db2e35af24fb316ea],
PUP.Optional.Conduit.A, C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\CT2786678\xpi, , [74097097aecd290db2e35af24fb316ea],

Files: 4
PUP.Optional.Conduit.A, C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\CT2786678\CT2786678.txt, , [74097097aecd290db2e35af24fb316ea],
PUP.Optional.Conduit.A, C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\CT2786678\CT2786678.xpi, , [74097097aecd290db2e35af24fb316ea],
PUP.Optional.Conduit.A, C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\CT2786678\manifest.json, , [74097097aecd290db2e35af24fb316ea],
PUP.Optional.Conduit.A, C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\CT2786678\xpi\install.rdf, , [74097097aecd290db2e35af24fb316ea],

Physical Sectors: 0
(No malicious items detected)

(end)

 

Please let me know of any additional steps.

Thank you!



#8 dollarunderwater

dollarunderwater
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 25 March 2014 - 09:17 PM

Hello,

 

Content of fixlist:
*****************
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
2014-03-09 03:18 - 2014-03-19 23:08 - 95027928 ____T () C:\Documents and Settings\All Users\Application Data\7ee0jw8.fee
C:\RECYCLER\S-1-5-21-1175923822-3291912662-919389297-1005

*****************

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
C:\Documents and Settings\All Users\Application Data\7ee0jw8.fee => Moved successfully.
C:\RECYCLER\S-1-5-21-1175923822-3291912662-919389297-1005 => Moved successfully.

==== End of Fixlog ====

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/25/2014
Scan Time: 9:01:08 PM
Logfile: malewarelog.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.03.25.09
Rootkit Database: v2014.03.18.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Oscar Ramon

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 266569
Time Elapsed: 1 hr, 57 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.Conduit.A, C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\CT2786678, , [74097097aecd290db2e35af24fb316ea],
PUP.Optional.Conduit.A, C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\CT2786678\xpi, , [74097097aecd290db2e35af24fb316ea],

Files: 4
PUP.Optional.Conduit.A, C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\CT2786678\CT2786678.txt, , [74097097aecd290db2e35af24fb316ea],
PUP.Optional.Conduit.A, C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\CT2786678\CT2786678.xpi, , [74097097aecd290db2e35af24fb316ea],
PUP.Optional.Conduit.A, C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\CT2786678\manifest.json, , [74097097aecd290db2e35af24fb316ea],
PUP.Optional.Conduit.A, C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\CT2786678\xpi\install.rdf, , [74097097aecd290db2e35af24fb316ea],

Physical Sectors: 0
(No malicious items detected)

(end)

 

Please let me know of any additional steps.

Thank you!



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 AM

Posted 26 March 2014 - 05:13 AM

I´m sorry, I had to change my instructions for the new version of the tool.

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 dollarunderwater

dollarunderwater
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 26 March 2014 - 08:55 PM

Hello TB-Psychotic,

 

I ran Malwarebytes yesterday and got the following log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/25/2014
Scan Time: 9:01:08 PM
Logfile: malewarelog.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.03.25.09
Rootkit Database: v2014.03.18.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Oscar Ramon

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 266569
Time Elapsed: 1 hr, 57 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.Conduit.A, C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\CT2786678, , [74097097aecd290db2e35af24fb316ea],
PUP.Optional.Conduit.A, C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\CT2786678\xpi, , [74097097aecd290db2e35af24fb316ea],

Files: 4
PUP.Optional.Conduit.A, C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\CT2786678\CT2786678.txt, , [74097097aecd290db2e35af24fb316ea],
PUP.Optional.Conduit.A, C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\CT2786678\CT2786678.xpi, , [74097097aecd290db2e35af24fb316ea],
PUP.Optional.Conduit.A, C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\CT2786678\manifest.json, , [74097097aecd290db2e35af24fb316ea],
PUP.Optional.Conduit.A, C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\CT2786678\xpi\install.rdf, , [74097097aecd290db2e35af24fb316ea],

Physical Sectors: 0
(No malicious items detected)

(end)

 

Upon receiving your revised instructions (which were similar to how i ran it the first time), i got this new log today:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/26/2014
Scan Time: 8:33:04 PM
Logfile: malwarelog3.26.14.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.03.26.07
Rootkit Database: v2014.03.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Oscar Ramon

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 267201
Time Elapsed: 1 hr, 3 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

Please let me know if there are any additional steps.

 

Thank you!!



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 AM

Posted 27 March 2014 - 04:33 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 dollarunderwater

dollarunderwater
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 28 March 2014 - 12:27 AM

Hello there,

 

The scan found 8 threats. Here is the log:

 

C:\Documents and Settings\All Users\Application Data\nsbeimsdumzgrhq\main.html HTML/Ransom.C trojan
C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\utt15D.tmp.exe a variant of Win32/Toolbar.Conduit potentially unwanted application
C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\ICReinstall\cnet2_FLVPlayerSetup_exe[1].exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Documents and Settings\Oscar Ramon\Local Settings\Temporary Internet Files\Content.IE5\XCJDB0FH\adshow[1].htm HTML/ScrInject.B.Gen virus
C:\FRST\Quarantine\C\RECYCLER\S-1-5-21-1175923822-3291912662-919389297-1005\Dc94.exe Win32/InstalleRex.E potentially unwanted application
C:\Program Files\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application
 

Thank you!



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 AM

Posted 28 March 2014 - 04:53 AM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

 

  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also



Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2



  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 dollarunderwater

dollarunderwater
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 29 March 2014 - 01:41 AM

Hello,

 

here are the logs:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Oscar Ramon at 2014-03-29 01:00:18 Run:2
Running from C:\Documents and Settings\Oscar Ramon\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Documents and Settings\All Users\Application Data\nsbeimsdumzgrhq
C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\tbuTor.dll
C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\utt15D.tmp.exe
C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\ICReinstall\cnet2_FLVPlayerSetup_exe[1].exe
C:\Documents and Settings\Oscar Ramon\Local Settings\Temporary Internet Files\Content.IE5\XCJDB0FH\adshow[1].htm
C:\Program Files\Conduit\Community Alerts\Alert.dll
*****************

C:\Documents and Settings\All Users\Application Data\nsbeimsdumzgrhq => Moved successfully.
C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\AskSLib.dll => Moved successfully.
C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\tbuTor.dll => Moved successfully.
C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\utt15D.tmp.exe => Moved successfully.
C:\Documents and Settings\Oscar Ramon\Local Settings\Temp\ICReinstall\cnet2_FLVPlayerSetup_exe[1].exe => Moved successfully.
C:\Documents and Settings\Oscar Ramon\Local Settings\Temporary Internet Files\Content.IE5\XCJDB0FH\adshow[1].htm => Moved successfully.
C:\Program Files\Conduit\Community Alerts\Alert.dll => Moved successfully.

==== End of Fixlog ====

 

 

 

# AdwCleaner v3.022 - Report created 29/03/2014 at 01:04:42
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Oscar Ramon - OSCAR
# Running from : C:\Documents and Settings\Oscar Ramon\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\DOCUME~1\OSCARR~1\LOCALS~1\Temp\boost_interprocess
Folder Deleted : C:\Documents and Settings\Oscar Ramon\Local Settings\Application Data\Conduit

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

*************************

AdwCleaner[R0].txt - [2367 octets] - [29/03/2014 01:02:50]
AdwCleaner[S0].txt - [2138 octets] - [29/03/2014 01:04:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2198 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by Oscar Ramon on Sat 03/29/2014 at  1:22:15.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/29/2014 at  1:26:52.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Results of screen317's Security Check version 0.99.81 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
M
c
A
f
e
ECHO is off.
V
i
r
u
s
S
c
a
n
ECHO is off.
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 AOL Spyware Protection  
 Adobe Reader 7 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````

 

Thank you!



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 AM

Posted 31 March 2014 - 02:56 AM

Your system is clean now! :)

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users