Jump to content

TeeGee123

Honorary Members
 View Profile  See their activity

  • Posts

    29

  • Joined

  • Last visited

Reputation

0 Neutral
  1. TeeGee123
    I just did a few Goggle searches and "clicked" on a bunch of links. No signs of redirects. Thanks so much for your help, Mr. C. Should I know delete and/or uninstall all of the tools I downloaded for this exercise? Or leave them in place, in case?
  2. TeeGee123
    21:59:32.0234 3740 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 21:59:32.0796 3740 ============================================================ 21:59:32.0796 3740 Current date / time: 2012/06/06 21:59:32.0796 21:59:32.0796 3740 SystemInfo: 21:59:32.0796 3740 21:59:32.0796 3740 OS Version: 5.1.2600 ServicePack: 3.0 21:59:32.0796 3740 Product type: Workstation 21:59:32.0796 3740 ComputerName: TONY 21:59:32.0796 3740 UserName: Tony Grausso 21:59:32.0796 3740 Windows directory: C:\WINDOWS 21:59:32.0796 3740 System windows directory: C:\WINDOWS 21:59:32.0796 3740 Processor architecture: Intel x86 21:59:32.0796 3740 Number of processors: 2 21:59:32.0796 3740 Page size: 0x1000 21:59:32.0796 3740 Boot type: Normal boot 21:59:32.0796 3740 ============================================================ 21:59:34.0781 3740 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 21:59:34.0875 3740 ============================================================ 21:59:34.0875 3740 \Device\Harddisk0\DR0: 21:59:34.0875 3740 MBR partitions: 21:59:34.0875 3740 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x11FFC12D 21:59:34.0968 3740 ============================================================ 21:59:35.0000 3740 C: <-> \Device\Harddisk0\DR0\Partition0 21:59:35.0000 3740 ============================================================ 21:59:35.0000 3740 Initialize success 21:59:35.0000 3740 ============================================================ 21:59:42.0953 3904 ============================================================ 21:59:42.0953 3904 Scan started 21:59:42.0953 3904 Mode: Manual; SigCheck; TDLFS; 21:59:42.0953 3904 ============================================================ 21:59:43.0421 3904 Abiosdsk - ok 21:59:43.0500 3904 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 21:59:43.0906 3904 abp480n5 - ok 21:59:43.0984 3904 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 21:59:44.0140 3904 ACPI - ok 21:59:44.0187 3904 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 21:59:44.0375 3904 ACPIEC - ok 21:59:44.0484 3904 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 21:59:44.0687 3904 adpu160m - ok 21:59:44.0734 3904 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 21:59:44.0984 3904 aec - ok 21:59:45.0125 3904 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys 21:59:45.0187 3904 AegisP ( UnsignedFile.Multi.Generic ) - warning 21:59:45.0187 3904 AegisP - detected UnsignedFile.Multi.Generic (1) 21:59:45.0250 3904 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 21:59:45.0312 3904 AFD - ok 21:59:45.0343 3904 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 21:59:45.0515 3904 agp440 - ok 21:59:45.0546 3904 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 21:59:45.0687 3904 agpCPQ - ok 21:59:45.0703 3904 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 21:59:45.0765 3904 Aha154x - ok 21:59:45.0796 3904 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 21:59:45.0937 3904 aic78u2 - ok 21:59:45.0953 3904 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 21:59:46.0078 3904 aic78xx - ok 21:59:46.0125 3904 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 21:59:46.0265 3904 Alerter - ok 21:59:46.0296 3904 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 21:59:46.0453 3904 ALG - ok 21:59:46.0484 3904 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 21:59:46.0625 3904 AliIde - ok 21:59:46.0640 3904 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 21:59:46.0781 3904 alim1541 - ok 21:59:46.0796 3904 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 21:59:46.0921 3904 amdagp - ok 21:59:46.0937 3904 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 21:59:47.0000 3904 amsint - ok 21:59:47.0062 3904 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 21:59:47.0093 3904 APPDRV ( UnsignedFile.Multi.Generic ) - warning 21:59:47.0093 3904 APPDRV - detected UnsignedFile.Multi.Generic (1) 21:59:47.0093 3904 AppMgmt - ok 21:59:47.0140 3904 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 21:59:47.0265 3904 Arp1394 - ok 21:59:47.0296 3904 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 21:59:47.0437 3904 asc - ok 21:59:47.0453 3904 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 21:59:47.0515 3904 asc3350p - ok 21:59:47.0531 3904 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 21:59:47.0703 3904 asc3550 - ok 21:59:47.0890 3904 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 21:59:47.0906 3904 aspnet_state - ok 21:59:47.0968 3904 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 21:59:48.0125 3904 AsyncMac - ok 21:59:48.0156 3904 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 21:59:48.0281 3904 atapi - ok 21:59:48.0281 3904 Atdisk - ok 21:59:48.0328 3904 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 21:59:48.0468 3904 Atmarpc - ok 21:59:48.0515 3904 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 21:59:48.0671 3904 AudioSrv - ok 21:59:48.0734 3904 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 21:59:48.0906 3904 audstub - ok 21:59:48.0984 3904 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 21:59:49.0031 3904 BCM43XX - ok 21:59:49.0046 3904 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 21:59:49.0140 3904 bcm4sbxp - ok 21:59:49.0203 3904 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 21:59:49.0453 3904 Beep - ok 21:59:49.0609 3904 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 21:59:49.0781 3904 BITS - ok 21:59:49.0828 3904 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 21:59:49.0984 3904 Browser - ok 21:59:50.0265 3904 catchme - ok 21:59:50.0296 3904 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 21:59:50.0437 3904 cbidf - ok 21:59:50.0453 3904 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 21:59:50.0578 3904 cbidf2k - ok 21:59:50.0671 3904 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 21:59:50.0718 3904 cd20xrnt - ok 21:59:50.0765 3904 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 21:59:50.0937 3904 Cdaudio - ok 21:59:51.0000 3904 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 21:59:51.0156 3904 Cdfs - ok 21:59:51.0234 3904 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 21:59:51.0281 3904 Cdrom - ok 21:59:51.0281 3904 Changer - ok 21:59:51.0312 3904 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 21:59:51.0437 3904 CiSvc - ok 21:59:51.0468 3904 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 21:59:51.0609 3904 ClipSrv - ok 21:59:51.0796 3904 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:59:51.0812 3904 clr_optimization_v2.0.50727_32 - ok 21:59:51.0875 3904 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 21:59:52.0031 3904 CmBatt - ok 21:59:52.0078 3904 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 21:59:52.0218 3904 CmdIde - ok 21:59:52.0265 3904 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 21:59:52.0421 3904 Compbatt - ok 21:59:52.0421 3904 COMSysApp - ok 21:59:52.0437 3904 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 21:59:52.0578 3904 Cpqarray - ok 21:59:52.0640 3904 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 21:59:52.0796 3904 CryptSvc - ok 21:59:52.0828 3904 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 21:59:52.0968 3904 dac2w2k - ok 21:59:52.0984 3904 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 21:59:53.0125 3904 dac960nt - ok 21:59:53.0203 3904 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 21:59:53.0218 3904 DcomLaunch - ok 21:59:53.0328 3904 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 21:59:53.0484 3904 Dhcp - ok 21:59:53.0531 3904 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 21:59:53.0640 3904 Disk - ok 21:59:53.0656 3904 dmadmin - ok 21:59:53.0718 3904 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 21:59:53.0937 3904 dmboot - ok 21:59:53.0984 3904 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 21:59:54.0093 3904 dmio - ok 21:59:54.0140 3904 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 21:59:54.0265 3904 dmload - ok 21:59:54.0312 3904 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 21:59:54.0421 3904 dmserver - ok 21:59:54.0468 3904 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 21:59:54.0593 3904 DMusic - ok 21:59:54.0656 3904 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 21:59:54.0718 3904 Dnscache - ok 21:59:54.0765 3904 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 21:59:54.0906 3904 Dot3svc - ok 21:59:54.0937 3904 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 21:59:55.0078 3904 dpti2o - ok 21:59:55.0125 3904 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 21:59:55.0234 3904 drmkaud - ok 21:59:55.0328 3904 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys 21:59:55.0359 3904 drvmcdb ( UnsignedFile.Multi.Generic ) - warning 21:59:55.0359 3904 drvmcdb - detected UnsignedFile.Multi.Generic (1) 21:59:55.0375 3904 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys 21:59:55.0375 3904 drvnddm ( UnsignedFile.Multi.Generic ) - warning 21:59:55.0375 3904 drvnddm - detected UnsignedFile.Multi.Generic (1) 21:59:55.0578 3904 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys 21:59:55.0593 3904 DSproct ( UnsignedFile.Multi.Generic ) - warning 21:59:55.0593 3904 DSproct - detected UnsignedFile.Multi.Generic (1) 21:59:55.0625 3904 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 21:59:55.0765 3904 E100B - ok 21:59:55.0812 3904 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 21:59:56.0062 3904 EapHost - ok 21:59:56.0187 3904 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 21:59:56.0343 3904 ERSvc - ok 21:59:56.0406 3904 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 21:59:56.0453 3904 Eventlog - ok 21:59:56.0515 3904 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 21:59:56.0562 3904 EventSystem - ok 21:59:56.0593 3904 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 21:59:56.0796 3904 Fastfat - ok 21:59:56.0859 3904 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 21:59:56.0906 3904 FastUserSwitchingCompatibility - ok 21:59:56.0984 3904 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe 21:59:57.0140 3904 Fax - ok 21:59:57.0156 3904 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 21:59:57.0281 3904 Fdc - ok 21:59:57.0312 3904 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 21:59:57.0515 3904 Fips - ok 21:59:57.0546 3904 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 21:59:57.0671 3904 Flpydisk - ok 21:59:57.0718 3904 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 21:59:57.0875 3904 FltMgr - ok 21:59:58.0125 3904 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 21:59:58.0140 3904 FontCache3.0.0.0 - ok 21:59:58.0187 3904 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 21:59:58.0421 3904 Fs_Rec - ok 21:59:58.0531 3904 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 21:59:58.0703 3904 Ftdisk - ok 21:59:58.0765 3904 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 21:59:58.0906 3904 Gpc - ok 21:59:59.0125 3904 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 21:59:59.0140 3904 gupdate - ok 21:59:59.0156 3904 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 21:59:59.0171 3904 gupdatem - ok 21:59:59.0187 3904 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 21:59:59.0406 3904 HDAudBus - ok 21:59:59.0656 3904 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 21:59:59.0843 3904 helpsvc - ok 21:59:59.0859 3904 HidServ - ok 21:59:59.0875 3904 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 22:00:00.0000 3904 HidUsb - ok 22:00:00.0046 3904 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 22:00:00.0171 3904 hkmsvc - ok 22:00:00.0203 3904 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 22:00:00.0343 3904 hpn - ok 22:00:00.0375 3904 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 22:00:00.0390 3904 HPZid412 - ok 22:00:00.0406 3904 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 22:00:00.0437 3904 HPZipr12 - ok 22:00:00.0453 3904 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 22:00:00.0484 3904 HPZius12 - ok 22:00:00.0546 3904 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 22:00:00.0609 3904 HSFHWAZL - ok 22:00:00.0734 3904 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 22:00:00.0812 3904 HSF_DPV - ok 22:00:00.0921 3904 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 22:00:00.0953 3904 HTTP - ok 22:00:01.0000 3904 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 22:00:01.0234 3904 HTTPFilter - ok 22:00:01.0359 3904 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 22:00:01.0468 3904 i2omgmt - ok 22:00:01.0500 3904 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 22:00:01.0625 3904 i2omp - ok 22:00:01.0656 3904 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 22:00:01.0812 3904 i8042prt - ok 22:00:02.0078 3904 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 22:00:02.0109 3904 idsvc - ok 22:00:02.0156 3904 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 22:00:02.0406 3904 Imapi - ok 22:00:02.0562 3904 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 22:00:02.0718 3904 ImapiService - ok 22:00:02.0750 3904 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 22:00:02.0906 3904 ini910u - ok 22:00:02.0906 3904 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 22:00:03.0031 3904 IntelIde - ok 22:00:03.0093 3904 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 22:00:03.0203 3904 intelppm - ok 22:00:03.0250 3904 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 22:00:03.0375 3904 Ip6Fw - ok 22:00:03.0406 3904 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 22:00:03.0546 3904 IpFilterDriver - ok 22:00:03.0578 3904 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 22:00:03.0687 3904 IpInIp - ok 22:00:03.0734 3904 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 22:00:03.0890 3904 IpNat - ok 22:00:03.0937 3904 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 22:00:04.0093 3904 IPSec - ok 22:00:04.0109 3904 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 22:00:04.0234 3904 IRENUM - ok 22:00:04.0296 3904 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 22:00:04.0437 3904 isapnp - ok 22:00:04.0656 3904 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 22:00:04.0671 3904 JavaQuickStarterService - ok 22:00:04.0703 3904 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 22:00:04.0906 3904 Kbdclass - ok 22:00:04.0968 3904 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 22:00:05.0203 3904 kmixer - ok 22:00:05.0343 3904 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 22:00:05.0359 3904 KSecDD - ok 22:00:05.0437 3904 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 22:00:05.0484 3904 lanmanserver - ok 22:00:05.0531 3904 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 22:00:05.0546 3904 lanmanworkstation - ok 22:00:05.0562 3904 lbrtfdc - ok 22:00:05.0640 3904 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 22:00:05.0796 3904 LmHosts - ok 22:00:05.0828 3904 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys 22:00:05.0937 3904 mbamchameleon - ok 22:00:06.0109 3904 McciCMService (944b3087b142cd9bf8da6b3039fbfba5) C:\Program Files\Common Files\Motive\McciCMService.exe 22:00:06.0156 3904 McciCMService ( UnsignedFile.Multi.Generic ) - warning 22:00:06.0156 3904 McciCMService - detected UnsignedFile.Multi.Generic (1) 22:00:06.0203 3904 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 22:00:06.0265 3904 mdmxsdk - ok 22:00:06.0312 3904 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 22:00:06.0515 3904 Messenger - ok 22:00:06.0593 3904 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys 22:00:06.0609 3904 mferkdk - ok 22:00:06.0640 3904 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys 22:00:06.0656 3904 mfesmfk - ok 22:00:06.0718 3904 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 22:00:06.0859 3904 mnmdd - ok 22:00:06.0890 3904 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 22:00:07.0015 3904 mnmsrvc - ok 22:00:07.0078 3904 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 22:00:07.0250 3904 Modem - ok 22:00:07.0343 3904 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 22:00:07.0484 3904 Mouclass - ok 22:00:07.0515 3904 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 22:00:07.0671 3904 mouhid - ok 22:00:07.0734 3904 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 22:00:07.0875 3904 MountMgr - ok 22:00:07.0906 3904 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 22:00:07.0921 3904 MpFilter - ok 22:00:08.0281 3904 MpKsl5095fd8e (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B8B8A9E-4BCA-4070-8D86-01F5C186A7FB}\MpKsl5095fd8e.sys 22:00:08.0312 3904 MpKsl5095fd8e - ok 22:00:08.0343 3904 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 22:00:08.0578 3904 mraid35x - ok 22:00:08.0625 3904 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 22:00:08.0640 3904 MREMP50 ( UnsignedFile.Multi.Generic ) - warning 22:00:08.0640 3904 MREMP50 - detected UnsignedFile.Multi.Generic (1) 22:00:08.0656 3904 MREMPR5 - ok 22:00:08.0656 3904 MRENDIS5 - ok 22:00:08.0765 3904 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 22:00:08.0781 3904 MRESP50 ( UnsignedFile.Multi.Generic ) - warning 22:00:08.0781 3904 MRESP50 - detected UnsignedFile.Multi.Generic (1) 22:00:08.0828 3904 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 22:00:08.0984 3904 MRxDAV - ok 22:00:09.0078 3904 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 22:00:09.0109 3904 MRxSmb - ok 22:00:09.0156 3904 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 22:00:09.0281 3904 MSDTC - ok 22:00:09.0296 3904 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 22:00:09.0468 3904 Msfs - ok 22:00:09.0468 3904 MSIServer - ok 22:00:09.0500 3904 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 22:00:09.0609 3904 MSKSSRV - ok 22:00:09.0750 3904 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe 22:00:09.0765 3904 MsMpSvc - ok 22:00:09.0765 3904 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 22:00:09.0890 3904 MSPCLOCK - ok 22:00:09.0890 3904 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 22:00:10.0015 3904 MSPQM - ok 22:00:10.0062 3904 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 22:00:10.0171 3904 mssmbios - ok 22:00:10.0250 3904 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 22:00:10.0296 3904 Mup - ok 22:00:10.0343 3904 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 22:00:10.0468 3904 napagent - ok 22:00:10.0546 3904 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 22:00:10.0656 3904 NDIS - ok 22:00:10.0750 3904 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 22:00:10.0796 3904 NdisTapi - ok 22:00:10.0843 3904 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 22:00:10.0984 3904 Ndisuio - ok 22:00:11.0015 3904 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 22:00:11.0140 3904 NdisWan - ok 22:00:11.0203 3904 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 22:00:11.0218 3904 NDProxy - ok 22:00:11.0218 3904 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 22:00:11.0375 3904 NetBIOS - ok 22:00:11.0406 3904 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 22:00:11.0531 3904 NetBT - ok 22:00:11.0578 3904 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 22:00:11.0718 3904 NetDDE - ok 22:00:11.0718 3904 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 22:00:11.0843 3904 NetDDEdsdm - ok 22:00:11.0890 3904 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 22:00:12.0000 3904 Netlogon - ok 22:00:12.0062 3904 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 22:00:12.0203 3904 Netman - ok 22:00:12.0421 3904 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:00:12.0437 3904 NetTcpPortSharing - ok 22:00:12.0500 3904 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 22:00:12.0625 3904 NIC1394 - ok 22:00:12.0687 3904 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 22:00:12.0703 3904 Nla - ok 22:00:12.0968 3904 nmservice (cd2fe9c33cfd0fe0af124e05907e5c3d) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe 22:00:13.0000 3904 nmservice - ok 22:00:13.0078 3904 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 22:00:13.0218 3904 Npfs - ok 22:00:13.0281 3904 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 22:00:13.0406 3904 Ntfs - ok 22:00:13.0468 3904 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 22:00:13.0578 3904 NtLmSsp - ok 22:00:13.0671 3904 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 22:00:13.0828 3904 NtmsSvc - ok 22:00:13.0890 3904 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 22:00:14.0062 3904 Null - ok 22:00:14.0265 3904 nv (f238620bc9d2fdf8734948c0a4441707) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 22:00:14.0390 3904 nv - ok 22:00:14.0578 3904 NVSvc (d54292149e9ed49ad149879b67ec24d1) C:\WINDOWS\system32\nvsvc32.exe 22:00:14.0609 3904 NVSvc - ok 22:00:14.0703 3904 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 22:00:14.0843 3904 NwlnkFlt - ok 22:00:14.0859 3904 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 22:00:15.0000 3904 NwlnkFwd - ok 22:00:15.0250 3904 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 22:00:15.0281 3904 odserv - ok 22:00:15.0343 3904 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 22:00:15.0484 3904 ohci1394 - ok 22:00:15.0546 3904 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys 22:00:15.0546 3904 omci ( UnsignedFile.Multi.Generic ) - warning 22:00:15.0546 3904 omci - detected UnsignedFile.Multi.Generic (1) 22:00:15.0609 3904 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:00:15.0640 3904 ose - ok 22:00:15.0671 3904 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 22:00:15.0906 3904 Parport - ok 22:00:15.0953 3904 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 22:00:16.0109 3904 PartMgr - ok 22:00:16.0140 3904 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 22:00:16.0281 3904 ParVdm - ok 22:00:16.0328 3904 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 22:00:16.0468 3904 PCI - ok 22:00:16.0484 3904 PCIDump - ok 22:00:16.0500 3904 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 22:00:16.0656 3904 PCIIde - ok 22:00:16.0687 3904 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 22:00:16.0796 3904 Pcmcia - ok 22:00:16.0812 3904 PDCOMP - ok 22:00:16.0812 3904 PDFRAME - ok 22:00:16.0812 3904 PDRELI - ok 22:00:16.0828 3904 PDRFRAME - ok 22:00:16.0859 3904 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 22:00:17.0000 3904 perc2 - ok 22:00:17.0140 3904 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 22:00:17.0281 3904 perc2hib - ok 22:00:17.0343 3904 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 22:00:17.0375 3904 PlugPlay - ok 22:00:17.0437 3904 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys 22:00:17.0453 3904 pnarp - ok 22:00:17.0500 3904 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 22:00:17.0609 3904 PolicyAgent - ok 22:00:17.0703 3904 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 22:00:17.0843 3904 PptpMiniport - ok 22:00:17.0859 3904 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 22:00:17.0968 3904 ProtectedStorage - ok 22:00:17.0984 3904 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 22:00:18.0171 3904 PSched - ok 22:00:18.0187 3904 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 22:00:18.0343 3904 Ptilink - ok 22:00:18.0390 3904 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys 22:00:18.0406 3904 purendis - ok 22:00:18.0484 3904 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys 22:00:18.0531 3904 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning 22:00:18.0531 3904 PxHelp20 - detected UnsignedFile.Multi.Generic (1) 22:00:18.0546 3904 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 22:00:18.0687 3904 ql1080 - ok 22:00:18.0703 3904 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 22:00:18.0953 3904 Ql10wnt - ok 22:00:19.0015 3904 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 22:00:19.0203 3904 ql12160 - ok 22:00:19.0203 3904 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 22:00:19.0343 3904 ql1240 - ok 22:00:19.0468 3904 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 22:00:19.0593 3904 ql1280 - ok 22:00:19.0640 3904 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 22:00:19.0765 3904 RasAcd - ok 22:00:19.0843 3904 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 22:00:20.0031 3904 RasAuto - ok 22:00:20.0125 3904 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 22:00:20.0234 3904 Rasl2tp - ok 22:00:20.0296 3904 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 22:00:20.0406 3904 RasMan - ok 22:00:20.0421 3904 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 22:00:20.0578 3904 RasPppoe - ok 22:00:20.0625 3904 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 22:00:20.0765 3904 Raspti - ok 22:00:20.0812 3904 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 22:00:20.0968 3904 Rdbss - ok 22:00:21.0031 3904 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 22:00:21.0156 3904 RDPCDD - ok 22:00:21.0171 3904 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 22:00:21.0296 3904 rdpdr - ok 22:00:21.0359 3904 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 22:00:21.0375 3904 RDPWD - ok 22:00:21.0453 3904 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 22:00:21.0578 3904 RDSessMgr - ok 22:00:21.0640 3904 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 22:00:21.0781 3904 redbook - ok 22:00:21.0812 3904 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 22:00:22.0015 3904 RemoteAccess - ok 22:00:22.0171 3904 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 22:00:22.0171 3904 rimmptsk - ok 22:00:22.0187 3904 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 22:00:22.0234 3904 rimsptsk - ok 22:00:22.0265 3904 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 22:00:22.0296 3904 rismxdp - ok 22:00:22.0328 3904 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 22:00:22.0437 3904 RpcLocator - ok 22:00:22.0515 3904 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 22:00:22.0531 3904 RpcSs - ok 22:00:22.0593 3904 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 22:00:22.0812 3904 RSVP - ok 22:00:22.0875 3904 RT80x86 (af07c72596f94fccac8fcd17229162a9) C:\WINDOWS\system32\DRIVERS\RT2860.sys 22:00:22.0937 3904 RT80x86 - ok 22:00:23.0015 3904 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 22:00:23.0125 3904 SamSs - ok 22:00:23.0187 3904 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 22:00:23.0312 3904 SCardSvr - ok 22:00:23.0375 3904 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 22:00:23.0593 3904 Schedule - ok 22:00:23.0656 3904 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 22:00:23.0875 3904 sdbus - ok 22:00:24.0000 3904 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 22:00:24.0203 3904 Secdrv - ok 22:00:24.0359 3904 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 22:00:24.0500 3904 seclogon - ok 22:00:24.0515 3904 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 22:00:24.0640 3904 SENS - ok 22:00:24.0671 3904 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 22:00:24.0796 3904 serenum - ok 22:00:24.0843 3904 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 22:00:24.0984 3904 Serial - ok 22:00:25.0046 3904 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 22:00:25.0187 3904 Sfloppy - ok 22:00:25.0250 3904 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 22:00:25.0406 3904 SharedAccess - ok 22:00:25.0468 3904 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 22:00:25.0484 3904 ShellHWDetection - ok 22:00:25.0484 3904 Simbad - ok 22:00:25.0546 3904 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 22:00:25.0734 3904 sisagp - ok 22:00:25.0859 3904 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 22:00:25.0921 3904 Sparrow - ok 22:00:25.0984 3904 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 22:00:26.0125 3904 splitter - ok 22:00:26.0187 3904 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 22:00:26.0203 3904 Spooler - ok 22:00:26.0250 3904 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 22:00:26.0390 3904 sr - ok 22:00:26.0468 3904 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 22:00:26.0687 3904 srservice - ok 22:00:26.0765 3904 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 22:00:26.0828 3904 Srv - ok 22:00:26.0875 3904 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys 22:00:26.0875 3904 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning 22:00:26.0875 3904 sscdbhk5 - detected UnsignedFile.Multi.Generic (1) 22:00:26.0921 3904 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 22:00:27.0140 3904 SSDPSRV - ok 22:00:27.0187 3904 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys 22:00:27.0203 3904 ssrtln ( UnsignedFile.Multi.Generic ) - warning 22:00:27.0203 3904 ssrtln - detected UnsignedFile.Multi.Generic (1) 22:00:27.0343 3904 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys 22:00:27.0484 3904 STHDA - ok 22:00:27.0562 3904 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 22:00:27.0765 3904 stisvc - ok 22:00:27.0890 3904 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 22:00:28.0046 3904 swenum - ok 22:00:28.0078 3904 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 22:00:28.0234 3904 swmidi - ok 22:00:28.0234 3904 SwPrv - ok 22:00:28.0265 3904 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 22:00:28.0437 3904 symc810 - ok 22:00:28.0562 3904 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 22:00:28.0687 3904 symc8xx - ok 22:00:28.0687 3904 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 22:00:28.0843 3904 sym_hi - ok 22:00:28.0843 3904 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 22:00:28.0984 3904 sym_u3 - ok 22:00:29.0046 3904 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys 22:00:29.0093 3904 SynTP - ok 22:00:29.0140 3904 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 22:00:29.0296 3904 sysaudio - ok 22:00:29.0328 3904 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 22:00:29.0437 3904 SysmonLog - ok 22:00:29.0500 3904 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 22:00:29.0718 3904 TapiSrv - ok 22:00:29.0781 3904 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 22:00:29.0828 3904 Tcpip - ok 22:00:29.0875 3904 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 22:00:30.0000 3904 TDPIPE - ok 22:00:30.0000 3904 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 22:00:30.0125 3904 TDTCP - ok 22:00:30.0171 3904 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 22:00:30.0375 3904 TermDD - ok 22:00:30.0453 3904 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 22:00:30.0687 3904 TermService - ok 22:00:30.0828 3904 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys 22:00:30.0875 3904 tfsnboio ( UnsignedFile.Multi.Generic ) - warning 22:00:30.0875 3904 tfsnboio - detected UnsignedFile.Multi.Generic (1) 22:00:30.0875 3904 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys 22:00:30.0906 3904 tfsncofs ( UnsignedFile.Multi.Generic ) - warning 22:00:30.0906 3904 tfsncofs - detected UnsignedFile.Multi.Generic (1) 22:00:30.0921 3904 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys 22:00:30.0968 3904 tfsndrct ( UnsignedFile.Multi.Generic ) - warning 22:00:30.0968 3904 tfsndrct - detected UnsignedFile.Multi.Generic (1) 22:00:30.0968 3904 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys 22:00:31.0000 3904 tfsndres ( UnsignedFile.Multi.Generic ) - warning 22:00:31.0000 3904 tfsndres - detected UnsignedFile.Multi.Generic (1) 22:00:31.0015 3904 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys 22:00:31.0015 3904 tfsnifs ( UnsignedFile.Multi.Generic ) - warning 22:00:31.0015 3904 tfsnifs - detected UnsignedFile.Multi.Generic (1) 22:00:31.0031 3904 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys 22:00:31.0031 3904 tfsnopio ( UnsignedFile.Multi.Generic ) - warning 22:00:31.0031 3904 tfsnopio - detected UnsignedFile.Multi.Generic (1) 22:00:31.0046 3904 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys 22:00:31.0046 3904 tfsnpool ( UnsignedFile.Multi.Generic ) - warning 22:00:31.0046 3904 tfsnpool - detected UnsignedFile.Multi.Generic (1) 22:00:31.0062 3904 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys 22:00:31.0078 3904 tfsnudf ( UnsignedFile.Multi.Generic ) - warning 22:00:31.0078 3904 tfsnudf - detected UnsignedFile.Multi.Generic (1) 22:00:31.0078 3904 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys 22:00:31.0093 3904 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning 22:00:31.0093 3904 tfsnudfa - detected UnsignedFile.Multi.Generic (1) 22:00:31.0187 3904 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 22:00:31.0218 3904 Themes - ok 22:00:31.0281 3904 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 22:00:31.0484 3904 TosIde - ok 22:00:31.0609 3904 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 22:00:31.0765 3904 TrkWks - ok 22:00:31.0796 3904 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 22:00:31.0921 3904 Udfs - ok 22:00:31.0968 3904 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 22:00:32.0031 3904 ultra - ok 22:00:32.0093 3904 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 22:00:32.0312 3904 Update - ok 22:00:32.0468 3904 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 22:00:32.0703 3904 upnphost - ok 22:00:32.0734 3904 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 22:00:32.0843 3904 UPS - ok 22:00:32.0906 3904 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 22:00:33.0015 3904 usbccgp - ok 22:00:33.0062 3904 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 22:00:33.0218 3904 usbehci - ok 22:00:33.0265 3904 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 22:00:33.0406 3904 usbhub - ok 22:00:33.0453 3904 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 22:00:33.0578 3904 usbprint - ok 22:00:33.0578 3904 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 22:00:33.0750 3904 usbscan - ok 22:00:33.0765 3904 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:00:33.0875 3904 USBSTOR - ok 22:00:33.0921 3904 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 22:00:34.0031 3904 usbuhci - ok 22:00:34.0109 3904 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 22:00:34.0265 3904 VgaSave - ok 22:00:34.0312 3904 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 22:00:34.0437 3904 viaagp - ok 22:00:34.0453 3904 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 22:00:34.0578 3904 ViaIde - ok 22:00:34.0625 3904 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 22:00:34.0765 3904 VolSnap - ok 22:00:34.0796 3904 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 22:00:34.0921 3904 VSS - ok 22:00:34.0968 3904 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 22:00:35.0125 3904 w32time - ok 22:00:35.0187 3904 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 22:00:35.0328 3904 Wanarp - ok 22:00:35.0453 3904 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 22:00:35.0500 3904 Wdf01000 - ok 22:00:35.0515 3904 WDICA - ok 22:00:35.0578 3904 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 22:00:35.0812 3904 wdmaud - ok 22:00:35.0875 3904 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 22:00:36.0031 3904 WebClient - ok 22:00:36.0109 3904 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 22:00:36.0187 3904 winachsf - ok 22:00:36.0359 3904 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 22:00:36.0546 3904 winmgmt - ok 22:00:36.0671 3904 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys 22:00:36.0687 3904 WinUSB - ok 22:00:36.0703 3904 wltrysvc - ok 22:00:36.0718 3904 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 22:00:36.0750 3904 WmdmPmSN - ok 22:00:36.0812 3904 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 22:00:36.0921 3904 WmiAcpi - ok 22:00:36.0984 3904 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 22:00:37.0109 3904 WmiApSrv - ok 22:00:37.0265 3904 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 22:00:37.0312 3904 WMPNetworkSvc - ok 22:00:37.0390 3904 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 22:00:37.0531 3904 WS2IFSL - ok 22:00:37.0609 3904 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 22:00:37.0765 3904 wscsvc - ok 22:00:37.0812 3904 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 22:00:37.0968 3904 wuauserv - ok 22:00:38.0000 3904 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 22:00:38.0015 3904 WudfPf - ok 22:00:38.0031 3904 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 22:00:38.0046 3904 WudfSvc - ok 22:00:38.0125 3904 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 22:00:38.0296 3904 WZCSVC - ok 22:00:38.0328 3904 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 22:00:38.0437 3904 xmlprov - ok 22:00:38.0437 3904 zumbus - ok 22:00:38.0484 3904 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 22:00:39.0156 3904 \Device\Harddisk0\DR0 - ok 22:00:39.0156 3904 Boot (0x1200) (1b0706897dda2c158a611faf9b9d83d1) \Device\Harddisk0\DR0\Partition0 22:00:39.0171 3904 \Device\Harddisk0\DR0\Partition0 - ok 22:00:39.0171 3904 ============================================================ 22:00:39.0171 3904 Scan finished 22:00:39.0171 3904 ============================================================ 22:00:39.0281 3956 Detected object count: 21 22:00:39.0281 3956 Actual detected object count: 21 22:01:32.0843 3956 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0843 3956 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:32.0843 3956 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0843 3956 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:32.0843 3956 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0843 3956 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:32.0859 3956 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0859 3956 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:32.0859 3956 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0859 3956 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:32.0859 3956 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0859 3956 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:32.0859 3956 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0859 3956 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:32.0859 3956 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0859 3956 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:32.0875 3956 omci ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0875 3956 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:32.0875 3956 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0875 3956 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:32.0875 3956 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0875 3956 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:32.0875 3956 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0875 3956 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:32.0875 3956 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0875 3956 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:32.0890 3956 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0890 3956 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:32.0890 3956 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0890 3956 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:32.0890 3956 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0890 3956 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:32.0890 3956 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0890 3956 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:32.0890 3956 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0890 3956 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:32.0906 3956 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0906 3956 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:32.0906 3956 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0906 3956 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:32.0906 3956 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user 22:01:32.0906 3956 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:01:53.0281 2816 Deinitialize success
  3. TeeGee123
    Mr. C, I ran TDSS two more times, not knowing if I predid it correctly. Here are those two subsequent reports: 21:35:27.0015 3564 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 21:35:27.0062 3564 ============================================================ 21:35:27.0062 3564 Current date / time: 2012/06/06 21:35:27.0062 21:35:27.0062 3564 SystemInfo: 21:35:27.0062 3564 21:35:27.0062 3564 OS Version: 5.1.2600 ServicePack: 3.0 21:35:27.0062 3564 Product type: Workstation 21:35:27.0062 3564 ComputerName: TONY 21:35:27.0062 3564 UserName: Tony Grausso 21:35:27.0062 3564 Windows directory: C:\WINDOWS 21:35:27.0062 3564 System windows directory: C:\WINDOWS 21:35:27.0062 3564 Processor architecture: Intel x86 21:35:27.0062 3564 Number of processors: 2 21:35:27.0062 3564 Page size: 0x1000 21:35:27.0062 3564 Boot type: Normal boot 21:35:27.0062 3564 ============================================================ 21:35:29.0359 3564 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 21:35:29.0359 3564 ============================================================ 21:35:29.0359 3564 \Device\Harddisk0\DR0: 21:35:29.0375 3564 MBR partitions: 21:35:29.0375 3564 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x11FFC12D 21:35:29.0421 3564 ============================================================ 21:35:29.0625 3564 C: <-> \Device\Harddisk0\DR0\Partition0 21:35:29.0656 3564 ============================================================ 21:35:29.0656 3564 Initialize success 21:35:29.0656 3564 ============================================================ 21:35:43.0062 3612 ============================================================ 21:35:43.0062 3612 Scan started 21:35:43.0062 3612 Mode: Manual; SigCheck; TDLFS; 21:35:43.0062 3612 ============================================================ 21:35:43.0390 3612 Abiosdsk - ok 21:35:43.0453 3612 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 21:35:47.0500 3612 abp480n5 - ok 21:35:47.0625 3612 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 21:35:47.0937 3612 ACPI - ok 21:35:48.0046 3612 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 21:35:48.0171 3612 ACPIEC - ok 21:35:48.0203 3612 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 21:35:48.0343 3612 adpu160m - ok 21:35:48.0390 3612 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 21:35:48.0562 3612 aec - ok 21:35:48.0609 3612 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys 21:35:48.0703 3612 AegisP ( UnsignedFile.Multi.Generic ) - warning 21:35:48.0703 3612 AegisP - detected UnsignedFile.Multi.Generic (1) 21:35:48.0765 3612 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 21:35:48.0843 3612 AFD - ok 21:35:48.0859 3612 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 21:35:48.0984 3612 agp440 - ok 21:35:49.0000 3612 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 21:35:49.0187 3612 agpCPQ - ok 21:35:49.0343 3612 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 21:35:49.0453 3612 Aha154x - ok 21:35:49.0484 3612 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 21:35:49.0687 3612 aic78u2 - ok 21:35:49.0812 3612 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 21:35:49.0937 3612 aic78xx - ok 21:35:49.0984 3612 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 21:35:50.0125 3612 Alerter - ok 21:35:50.0156 3612 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 21:35:50.0343 3612 ALG - ok 21:35:50.0500 3612 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 21:35:50.0640 3612 AliIde - ok 21:35:50.0656 3612 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 21:35:50.0781 3612 alim1541 - ok 21:35:50.0796 3612 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 21:35:50.0937 3612 amdagp - ok 21:35:50.0937 3612 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 21:35:51.0015 3612 amsint - ok 21:35:51.0078 3612 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 21:35:51.0109 3612 APPDRV ( UnsignedFile.Multi.Generic ) - warning 21:35:51.0109 3612 APPDRV - detected UnsignedFile.Multi.Generic (1) 21:35:51.0109 3612 AppMgmt - ok 21:35:51.0156 3612 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 21:35:51.0281 3612 Arp1394 - ok 21:35:51.0312 3612 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 21:35:51.0453 3612 asc - ok 21:35:51.0453 3612 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 21:35:51.0531 3612 asc3350p - ok 21:35:51.0546 3612 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 21:35:51.0687 3612 asc3550 - ok 21:35:51.0953 3612 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 21:35:52.0140 3612 aspnet_state - ok 21:35:52.0156 3612 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 21:35:52.0312 3612 AsyncMac - ok 21:35:52.0359 3612 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 21:35:52.0484 3612 atapi - ok 21:35:52.0484 3612 Atdisk - ok 21:35:52.0515 3612 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 21:35:52.0656 3612 Atmarpc - ok 21:35:52.0703 3612 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 21:35:52.0859 3612 AudioSrv - ok 21:35:52.0906 3612 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 21:35:53.0078 3612 audstub - ok 21:35:53.0156 3612 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 21:35:53.0296 3612 BCM43XX - ok 21:35:53.0328 3612 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 21:35:53.0375 3612 bcm4sbxp - ok 21:35:53.0437 3612 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 21:35:53.0609 3612 Beep - ok 21:35:53.0687 3612 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 21:35:54.0156 3612 BITS - ok 21:35:54.0203 3612 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 21:35:54.0375 3612 Browser - ok 21:35:54.0625 3612 catchme - ok 21:35:54.0671 3612 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 21:35:54.0812 3612 cbidf - ok 21:35:54.0828 3612 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 21:35:54.0953 3612 cbidf2k - ok 21:35:55.0062 3612 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 21:35:55.0109 3612 cd20xrnt - ok 21:35:55.0156 3612 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 21:35:55.0312 3612 Cdaudio - ok 21:35:55.0375 3612 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 21:35:55.0531 3612 Cdfs - ok 21:35:55.0609 3612 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 21:35:55.0671 3612 Cdrom - ok 21:35:55.0687 3612 Changer - ok 21:35:55.0718 3612 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 21:35:55.0843 3612 CiSvc - ok 21:35:55.0875 3612 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 21:35:56.0015 3612 ClipSrv - ok 21:35:56.0203 3612 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:35:56.0296 3612 clr_optimization_v2.0.50727_32 - ok 21:35:56.0390 3612 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 21:35:56.0625 3612 CmBatt - ok 21:35:56.0656 3612 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 21:35:56.0812 3612 CmdIde - ok 21:35:56.0859 3612 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 21:35:57.0000 3612 Compbatt - ok 21:35:57.0000 3612 COMSysApp - ok 21:35:57.0031 3612 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 21:35:57.0187 3612 Cpqarray - ok 21:35:57.0250 3612 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 21:35:57.0390 3612 CryptSvc - ok 21:35:57.0437 3612 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 21:35:57.0593 3612 dac2w2k - ok 21:35:57.0609 3612 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 21:35:57.0765 3612 dac960nt - ok 21:35:57.0843 3612 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 21:35:57.0937 3612 DcomLaunch - ok 21:35:58.0000 3612 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 21:35:58.0156 3612 Dhcp - ok 21:35:58.0203 3612 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 21:35:58.0312 3612 Disk - ok 21:35:58.0328 3612 dmadmin - ok 21:35:58.0375 3612 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 21:35:58.0531 3612 dmboot - ok 21:35:58.0578 3612 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 21:35:58.0703 3612 dmio - ok 21:35:58.0734 3612 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 21:35:58.0875 3612 dmload - ok 21:35:58.0921 3612 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 21:35:59.0046 3612 dmserver - ok 21:35:59.0093 3612 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 21:35:59.0203 3612 DMusic - ok 21:35:59.0265 3612 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 21:35:59.0625 3612 Dnscache - ok 21:35:59.0703 3612 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 21:35:59.0921 3612 Dot3svc - ok 21:35:59.0953 3612 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 21:36:00.0109 3612 dpti2o - ok 21:36:00.0140 3612 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 21:36:00.0281 3612 drmkaud - ok 21:36:00.0343 3612 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys 21:36:00.0406 3612 drvmcdb ( UnsignedFile.Multi.Generic ) - warning 21:36:00.0406 3612 drvmcdb - detected UnsignedFile.Multi.Generic (1) 21:36:00.0421 3612 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys 21:36:02.0078 3612 drvnddm ( UnsignedFile.Multi.Generic ) - warning 21:36:02.0078 3612 drvnddm - detected UnsignedFile.Multi.Generic (1) 21:36:02.0281 3612 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys 21:36:02.0296 3612 DSproct ( UnsignedFile.Multi.Generic ) - warning 21:36:02.0296 3612 DSproct - detected UnsignedFile.Multi.Generic (1) 21:36:02.0328 3612 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 21:36:02.0484 3612 E100B - ok 21:36:02.0531 3612 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 21:36:02.0750 3612 EapHost - ok 21:36:02.0906 3612 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 21:36:03.0046 3612 ERSvc - ok 21:36:03.0109 3612 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 21:36:03.0187 3612 Eventlog - ok 21:36:03.0328 3612 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 21:36:03.0390 3612 EventSystem - ok 21:36:03.0437 3612 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 21:36:03.0562 3612 Fastfat - ok 21:36:03.0625 3612 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 21:36:03.0703 3612 FastUserSwitchingCompatibility - ok 21:36:03.0765 3612 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe 21:36:03.0953 3612 Fax - ok 21:36:03.0968 3612 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 21:36:04.0093 3612 Fdc - ok 21:36:04.0140 3612 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 21:36:04.0296 3612 Fips - ok 21:36:04.0328 3612 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 21:36:04.0453 3612 Flpydisk - ok 21:36:04.0515 3612 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 21:36:04.0687 3612 FltMgr - ok 21:36:04.0921 3612 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 21:36:04.0937 3612 FontCache3.0.0.0 - ok 21:36:04.0984 3612 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 21:36:05.0171 3612 Fs_Rec - ok 21:36:05.0218 3612 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 21:36:05.0390 3612 Ftdisk - ok 21:36:05.0453 3612 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 21:36:05.0593 3612 Gpc - ok 21:36:05.0812 3612 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 21:36:05.0828 3612 gupdate - ok 21:36:05.0843 3612 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 21:36:05.0859 3612 gupdatem - ok 21:36:05.0875 3612 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 21:36:06.0031 3612 HDAudBus - ok 21:36:06.0171 3612 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 21:36:06.0281 3612 helpsvc - ok 21:36:06.0281 3612 HidServ - ok 21:36:06.0375 3612 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 21:36:06.0500 3612 HidUsb - ok 21:36:06.0546 3612 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 21:36:06.0765 3612 hkmsvc - ok 21:36:06.0875 3612 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 21:36:07.0015 3612 hpn - ok 21:36:07.0046 3612 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 21:36:07.0125 3612 HPZid412 - ok 21:36:07.0156 3612 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 21:36:07.0234 3612 HPZipr12 - ok 21:36:07.0296 3612 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 21:36:07.0312 3612 HPZius12 - ok 21:36:07.0375 3612 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 21:36:07.0531 3612 HSFHWAZL - ok 21:36:07.0671 3612 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 21:36:07.0781 3612 HSF_DPV - ok 21:36:07.0843 3612 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 21:36:07.0937 3612 HTTP - ok 21:36:07.0968 3612 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 21:36:08.0125 3612 HTTPFilter - ok 21:36:08.0171 3612 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 21:36:08.0281 3612 i2omgmt - ok 21:36:08.0312 3612 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 21:36:08.0437 3612 i2omp - ok 21:36:08.0468 3612 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 21:36:08.0625 3612 i8042prt - ok 21:36:08.0890 3612 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 21:36:08.0953 3612 idsvc - ok 21:36:09.0000 3612 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 21:36:09.0156 3612 Imapi - ok 21:36:09.0218 3612 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 21:36:09.0359 3612 ImapiService - ok 21:36:09.0406 3612 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 21:36:09.0562 3612 ini910u - ok 21:36:09.0578 3612 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 21:36:09.0703 3612 IntelIde - ok 21:36:09.0765 3612 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 21:36:09.0875 3612 intelppm - ok 21:36:09.0921 3612 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 21:36:10.0046 3612 Ip6Fw - ok 21:36:10.0078 3612 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 21:36:10.0218 3612 IpFilterDriver - ok 21:36:10.0250 3612 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 21:36:10.0375 3612 IpInIp - ok 21:36:10.0421 3612 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 21:36:10.0578 3612 IpNat - ok 21:36:10.0609 3612 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 21:36:10.0765 3612 IPSec - ok 21:36:10.0781 3612 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 21:36:10.0906 3612 IRENUM - ok 21:36:10.0953 3612 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 21:36:11.0078 3612 isapnp - ok 21:36:11.0281 3612 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 21:36:11.0296 3612 JavaQuickStarterService - ok 21:36:11.0312 3612 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 21:36:11.0453 3612 Kbdclass - ok 21:36:11.0515 3612 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 21:36:11.0671 3612 kmixer - ok 21:36:11.0750 3612 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 21:36:11.0984 3612 KSecDD - ok 21:36:12.0062 3612 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 21:36:12.0156 3612 lanmanserver - ok 21:36:12.0312 3612 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 21:36:12.0562 3612 lanmanworkstation - ok 21:36:12.0578 3612 lbrtfdc - ok 21:36:12.0671 3612 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 21:36:12.0828 3612 LmHosts - ok 21:36:12.0906 3612 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys 21:36:13.0031 3612 mbamchameleon - ok 21:36:13.0234 3612 McciCMService (944b3087b142cd9bf8da6b3039fbfba5) C:\Program Files\Common Files\Motive\McciCMService.exe 21:36:13.0515 3612 McciCMService ( UnsignedFile.Multi.Generic ) - warning 21:36:13.0515 3612 McciCMService - detected UnsignedFile.Multi.Generic (1) 21:36:13.0562 3612 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 21:36:13.0609 3612 mdmxsdk - ok 21:36:13.0640 3612 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 21:36:13.0765 3612 Messenger - ok 21:36:13.0796 3612 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys 21:36:13.0812 3612 mferkdk - ok 21:36:13.0828 3612 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys 21:36:13.0828 3612 mfesmfk - ok 21:36:13.0890 3612 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 21:36:14.0078 3612 mnmdd - ok 21:36:14.0109 3612 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 21:36:14.0312 3612 mnmsrvc - ok 21:36:14.0359 3612 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 21:36:14.0515 3612 Modem - ok 21:36:14.0562 3612 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 21:36:14.0687 3612 Mouclass - ok 21:36:14.0703 3612 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 21:36:14.0859 3612 mouhid - ok 21:36:14.0921 3612 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 21:36:15.0062 3612 MountMgr - ok 21:36:15.0093 3612 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 21:36:15.0125 3612 MpFilter - ok 21:36:15.0468 3612 MpKsl5095fd8e (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B8B8A9E-4BCA-4070-8D86-01F5C186A7FB}\MpKsl5095fd8e.sys 21:36:15.0500 3612 MpKsl5095fd8e - ok 21:36:15.0546 3612 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 21:36:15.0765 3612 mraid35x - ok 21:36:15.0906 3612 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 21:36:15.0968 3612 MREMP50 ( UnsignedFile.Multi.Generic ) - warning 21:36:15.0968 3612 MREMP50 - detected UnsignedFile.Multi.Generic (1) 21:36:15.0968 3612 MREMPR5 - ok 21:36:15.0984 3612 MRENDIS5 - ok 21:36:16.0000 3612 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 21:36:16.0078 3612 MRESP50 ( UnsignedFile.Multi.Generic ) - warning 21:36:16.0078 3612 MRESP50 - detected UnsignedFile.Multi.Generic (1) 21:36:16.0125 3612 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 21:36:16.0281 3612 MRxDAV - ok 21:36:16.0375 3612 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 21:36:16.0484 3612 MRxSmb - ok 21:36:16.0515 3612 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 21:36:16.0703 3612 MSDTC - ok 21:36:16.0750 3612 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 21:36:16.0953 3612 Msfs - ok 21:36:16.0953 3612 MSIServer - ok 21:36:17.0093 3612 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 21:36:17.0203 3612 MSKSSRV - ok 21:36:17.0328 3612 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe 21:36:17.0343 3612 MsMpSvc - ok 21:36:17.0390 3612 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 21:36:17.0500 3612 MSPCLOCK - ok 21:36:17.0500 3612 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 21:36:17.0640 3612 MSPQM - ok 21:36:17.0703 3612 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 21:36:17.0812 3612 mssmbios - ok 21:36:17.0953 3612 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 21:36:18.0015 3612 Mup - ok 21:36:18.0062 3612 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 21:36:18.0203 3612 napagent - ok 21:36:18.0265 3612 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 21:36:18.0515 3612 NDIS - ok 21:36:18.0625 3612 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 21:36:18.0718 3612 NdisTapi - ok 21:36:18.0765 3612 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 21:36:18.0921 3612 Ndisuio - ok 21:36:18.0937 3612 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 21:36:19.0078 3612 NdisWan - ok 21:36:19.0140 3612 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 21:36:19.0203 3612 NDProxy - ok 21:36:19.0250 3612 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 21:36:19.0390 3612 NetBIOS - ok 21:36:19.0437 3612 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 21:36:19.0562 3612 NetBT - ok 21:36:19.0609 3612 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 21:36:19.0765 3612 NetDDE - ok 21:36:19.0765 3612 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 21:36:19.0890 3612 NetDDEdsdm - ok 21:36:20.0015 3612 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:36:20.0125 3612 Netlogon - ok 21:36:20.0187 3612 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 21:36:20.0359 3612 Netman - ok 21:36:20.0562 3612 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:36:20.0593 3612 NetTcpPortSharing - ok 21:36:20.0671 3612 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 21:36:20.0875 3612 NIC1394 - ok 21:36:20.0953 3612 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 21:36:21.0000 3612 Nla - ok 21:36:21.0250 3612 nmservice (cd2fe9c33cfd0fe0af124e05907e5c3d) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe 21:36:21.0328 3612 nmservice - ok 21:36:21.0343 3612 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 21:36:21.0578 3612 Npfs - ok 21:36:21.0609 3612 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 21:36:21.0765 3612 Ntfs - ok 21:36:21.0828 3612 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:36:21.0937 3612 NtLmSsp - ok 21:36:22.0046 3612 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 21:36:22.0250 3612 NtmsSvc - ok 21:36:22.0296 3612 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 21:36:22.0546 3612 Null - ok 21:36:22.0765 3612 nv (f238620bc9d2fdf8734948c0a4441707) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 21:36:23.0171 3612 nv - ok 21:36:23.0359 3612 NVSvc (d54292149e9ed49ad149879b67ec24d1) C:\WINDOWS\system32\nvsvc32.exe 21:36:23.0406 3612 NVSvc - ok 21:36:23.0515 3612 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 21:36:23.0750 3612 NwlnkFlt - ok 21:36:23.0750 3612 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 21:36:23.0984 3612 NwlnkFwd - ok 21:36:24.0250 3612 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 21:36:24.0296 3612 odserv - ok 21:36:24.0343 3612 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 21:36:24.0500 3612 ohci1394 - ok 21:36:24.0546 3612 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys 21:36:24.0625 3612 omci ( UnsignedFile.Multi.Generic ) - warning 21:36:24.0625 3612 omci - detected UnsignedFile.Multi.Generic (1) 21:36:24.0656 3612 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:36:24.0671 3612 ose - ok 21:36:24.0687 3612 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 21:36:24.0828 3612 Parport - ok 21:36:24.0875 3612 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 21:36:25.0015 3612 PartMgr - ok 21:36:25.0046 3612 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 21:36:25.0187 3612 ParVdm - ok 21:36:25.0187 3612 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 21:36:25.0359 3612 PCI - ok 21:36:25.0375 3612 PCIDump - ok 21:36:25.0390 3612 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 21:36:25.0531 3612 PCIIde - ok 21:36:25.0593 3612 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 21:36:25.0703 3612 Pcmcia - ok 21:36:25.0718 3612 PDCOMP - ok 21:36:25.0718 3612 PDFRAME - ok 21:36:25.0718 3612 PDRELI - ok 21:36:25.0734 3612 PDRFRAME - ok 21:36:25.0765 3612 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 21:36:25.0890 3612 perc2 - ok 21:36:25.0921 3612 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 21:36:26.0062 3612 perc2hib - ok 21:36:26.0125 3612 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 21:36:26.0140 3612 PlugPlay - ok 21:36:26.0218 3612 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys 21:36:26.0234 3612 pnarp - ok 21:36:26.0281 3612 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:36:26.0390 3612 PolicyAgent - ok 21:36:26.0468 3612 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 21:36:26.0625 3612 PptpMiniport - ok 21:36:26.0640 3612 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:36:26.0750 3612 ProtectedStorage - ok 21:36:26.0765 3612 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 21:36:26.0953 3612 PSched - ok 21:36:26.0968 3612 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 21:36:27.0125 3612 Ptilink - ok 21:36:27.0171 3612 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys 21:36:27.0187 3612 purendis - ok 21:36:27.0265 3612 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys 21:36:27.0328 3612 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning 21:36:27.0328 3612 PxHelp20 - detected UnsignedFile.Multi.Generic (1) 21:36:27.0359 3612 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 21:36:27.0484 3612 ql1080 - ok 21:36:27.0515 3612 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 21:36:27.0656 3612 Ql10wnt - ok 21:36:27.0671 3612 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 21:36:27.0796 3612 ql12160 - ok 21:36:27.0812 3612 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 21:36:27.0937 3612 ql1240 - ok 21:36:27.0968 3612 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 21:36:28.0109 3612 ql1280 - ok 21:36:28.0140 3612 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 21:36:28.0265 3612 RasAcd - ok 21:36:28.0328 3612 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 21:36:28.0453 3612 RasAuto - ok 21:36:28.0500 3612 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 21:36:28.0609 3612 Rasl2tp - ok 21:36:28.0671 3612 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 21:36:28.0812 3612 RasMan - ok 21:36:28.0812 3612 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 21:36:28.0968 3612 RasPppoe - ok 21:36:29.0000 3612 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 21:36:29.0125 3612 Raspti - ok 21:36:29.0187 3612 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 21:36:29.0343 3612 Rdbss - ok 21:36:29.0390 3612 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 21:36:29.0531 3612 RDPCDD - ok 21:36:29.0562 3612 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 21:36:29.0687 3612 rdpdr - ok 21:36:29.0796 3612 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 21:36:29.0953 3612 RDPWD - ok 21:36:29.0984 3612 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 21:36:30.0109 3612 RDSessMgr - ok 21:36:30.0156 3612 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 21:36:30.0375 3612 redbook - ok 21:36:30.0500 3612 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 21:36:30.0609 3612 RemoteAccess - ok 21:36:30.0703 3612 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 21:36:30.0796 3612 rimmptsk - ok 21:36:30.0796 3612 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 21:36:30.0921 3612 rimsptsk - ok 21:36:30.0968 3612 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 21:36:31.0093 3612 rismxdp - ok 21:36:31.0140 3612 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 21:36:31.0343 3612 RpcLocator - ok 21:36:31.0500 3612 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 21:36:31.0515 3612 RpcSs - ok 21:36:31.0593 3612 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 21:36:31.0718 3612 RSVP - ok 21:36:31.0781 3612 RT80x86 (af07c72596f94fccac8fcd17229162a9) C:\WINDOWS\system32\DRIVERS\RT2860.sys 21:36:31.0921 3612 RT80x86 - ok 21:36:32.0015 3612 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:36:32.0187 3612 SamSs - ok 21:36:32.0250 3612 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 21:36:32.0421 3612 SCardSvr - ok 21:36:32.0484 3612 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 21:36:32.0640 3612 Schedule - ok 21:36:32.0703 3612 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 21:36:32.0843 3612 sdbus - ok 21:36:32.0875 3612 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 21:36:32.0984 3612 Secdrv - ok 21:36:33.0046 3612 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 21:36:33.0187 3612 seclogon - ok 21:36:33.0203 3612 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 21:36:33.0328 3612 SENS - ok 21:36:33.0359 3612 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 21:36:33.0484 3612 serenum - ok 21:36:33.0531 3612 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 21:36:33.0687 3612 Serial - ok 21:36:33.0734 3612 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 21:36:33.0875 3612 Sfloppy - ok 21:36:34.0000 3612 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 21:36:34.0187 3612 SharedAccess - ok 21:36:34.0234 3612 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 21:36:34.0250 3612 ShellHWDetection - ok 21:36:34.0265 3612 Simbad - ok 21:36:34.0312 3612 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 21:36:34.0437 3612 sisagp - ok 21:36:34.0453 3612 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 21:36:34.0515 3612 Sparrow - ok 21:36:34.0578 3612 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 21:36:34.0718 3612 splitter - ok 21:36:34.0828 3612 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 21:36:34.0906 3612 Spooler - ok 21:36:34.0937 3612 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 21:36:35.0062 3612 sr - ok 21:36:35.0125 3612 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 21:36:35.0281 3612 srservice - ok 21:36:35.0359 3612 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 21:36:35.0453 3612 Srv - ok 21:36:35.0468 3612 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys 21:36:35.0515 3612 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning 21:36:35.0515 3612 sscdbhk5 - detected UnsignedFile.Multi.Generic (1) 21:36:35.0562 3612 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 21:36:35.0718 3612 SSDPSRV - ok 21:36:35.0718 3612 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys 21:36:35.0765 3612 ssrtln ( UnsignedFile.Multi.Generic ) - warning 21:36:35.0765 3612 ssrtln - detected UnsignedFile.Multi.Generic (1) 21:36:35.0875 3612 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys 21:36:36.0000 3612 STHDA - ok 21:36:36.0125 3612 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 21:36:36.0265 3612 stisvc - ok 21:36:36.0406 3612 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 21:36:36.0609 3612 swenum - ok 21:36:36.0656 3612 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 21:36:36.0796 3612 swmidi - ok 21:36:36.0796 3612 SwPrv - ok 21:36:36.0843 3612 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 21:36:36.0984 3612 symc810 - ok 21:36:37.0000 3612 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 21:36:37.0125 3612 symc8xx - ok 21:36:37.0140 3612 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 21:36:37.0281 3612 sym_hi - ok 21:36:37.0281 3612 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 21:36:37.0421 3612 sym_u3 - ok 21:36:37.0500 3612 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys 21:36:37.0609 3612 SynTP - ok 21:36:37.0640 3612 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 21:36:37.0781 3612 sysaudio - ok 21:36:37.0812 3612 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 21:36:37.0953 3612 SysmonLog - ok 21:36:38.0015 3612 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 21:36:38.0250 3612 TapiSrv - ok 21:36:38.0421 3612 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 21:36:38.0515 3612 Tcpip - ok 21:36:38.0546 3612 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 21:36:38.0734 3612 TDPIPE - ok 21:36:38.0734 3612 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 21:36:38.0859 3612 TDTCP - ok 21:36:38.0906 3612 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 21:36:39.0062 3612 TermDD - ok 21:36:39.0125 3612 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 21:36:39.0312 3612 TermService - ok 21:36:39.0437 3612 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys 21:36:39.0500 3612 tfsnboio ( UnsignedFile.Multi.Generic ) - warning 21:36:39.0500 3612 tfsnboio - detected UnsignedFile.Multi.Generic (1) 21:36:39.0515 3612 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys 21:36:39.0593 3612 tfsncofs ( UnsignedFile.Multi.Generic ) - warning 21:36:39.0593 3612 tfsncofs - detected UnsignedFile.Multi.Generic (1) 21:36:39.0609 3612 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys 21:36:39.0687 3612 tfsndrct ( UnsignedFile.Multi.Generic ) - warning 21:36:39.0687 3612 tfsndrct - detected UnsignedFile.Multi.Generic (1) 21:36:39.0734 3612 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys 21:36:39.0812 3612 tfsndres ( UnsignedFile.Multi.Generic ) - warning 21:36:39.0812 3612 tfsndres - detected UnsignedFile.Multi.Generic (1) 21:36:39.0828 3612 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys 21:36:39.0968 3612 tfsnifs ( UnsignedFile.Multi.Generic ) - warning 21:36:39.0968 3612 tfsnifs - detected UnsignedFile.Multi.Generic (1) 21:36:39.0968 3612 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys 21:36:40.0046 3612 tfsnopio ( UnsignedFile.Multi.Generic ) - warning 21:36:40.0046 3612 tfsnopio - detected UnsignedFile.Multi.Generic (1) 21:36:40.0062 3612 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys 21:36:40.0125 3612 tfsnpool ( UnsignedFile.Multi.Generic ) - warning 21:36:40.0125 3612 tfsnpool - detected UnsignedFile.Multi.Generic (1) 21:36:40.0125 3612 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys 21:36:40.0265 3612 tfsnudf ( UnsignedFile.Multi.Generic ) - warning 21:36:40.0265 3612 tfsnudf - detected UnsignedFile.Multi.Generic (1) 21:36:40.0281 3612 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys 21:36:40.0406 3612 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning 21:36:40.0406 3612 tfsnudfa - detected UnsignedFile.Multi.Generic (1) 21:36:40.0468 3612 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 21:36:40.0484 3612 Themes - ok 21:36:40.0546 3612 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 21:36:40.0687 3612 TosIde - ok 21:36:40.0750 3612 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 21:36:40.0906 3612 TrkWks - ok 21:36:40.0921 3612 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 21:36:41.0046 3612 Udfs - ok 21:36:41.0078 3612 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 21:36:41.0140 3612 ultra - ok 21:36:41.0203 3612 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 21:36:41.0375 3612 Update - ok 21:36:41.0421 3612 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 21:36:41.0562 3612 upnphost - ok 21:36:41.0578 3612 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 21:36:41.0703 3612 UPS - ok 21:36:41.0765 3612 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 21:36:41.0875 3612 usbccgp - ok 21:36:41.0921 3612 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 21:36:42.0078 3612 usbehci - ok 21:36:42.0109 3612 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 21:36:42.0265 3612 usbhub - ok 21:36:42.0312 3612 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 21:36:42.0421 3612 usbprint - ok 21:36:42.0437 3612 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 21:36:42.0609 3612 usbscan - ok 21:36:42.0625 3612 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 21:36:42.0734 3612 USBSTOR - ok 21:36:42.0781 3612 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 21:36:42.0937 3612 usbuhci - ok 21:36:43.0000 3612 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 21:36:43.0109 3612 VgaSave - ok 21:36:43.0140 3612 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 21:36:43.0265 3612 viaagp - ok 21:36:43.0281 3612 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 21:36:43.0406 3612 ViaIde - ok 21:36:43.0437 3612 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 21:36:43.0593 3612 VolSnap - ok 21:36:43.0625 3612 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 21:36:43.0765 3612 VSS - ok 21:36:43.0812 3612 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 21:36:43.0953 3612 w32time - ok 21:36:44.0031 3612 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 21:36:44.0171 3612 Wanarp - ok 21:36:44.0296 3612 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 21:36:44.0328 3612 Wdf01000 - ok 21:36:44.0343 3612 WDICA - ok 21:36:44.0390 3612 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 21:36:44.0546 3612 wdmaud - ok 21:36:44.0609 3612 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 21:36:44.0765 3612 WebClient - ok 21:36:44.0843 3612 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 21:36:44.0937 3612 winachsf - ok 21:36:45.0093 3612 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 21:36:45.0218 3612 winmgmt - ok 21:36:45.0328 3612 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys 21:36:45.0343 3612 WinUSB - ok 21:36:45.0359 3612 wltrysvc - ok 21:36:45.0375 3612 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 21:36:45.0468 3612 WmdmPmSN - ok 21:36:45.0515 3612 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 21:36:45.0671 3612 WmiAcpi - ok 21:36:45.0703 3612 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 21:36:45.0828 3612 WmiApSrv - ok 21:36:45.0984 3612 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 21:36:46.0062 3612 WMPNetworkSvc - ok 21:36:46.0156 3612 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 21:36:46.0296 3612 WS2IFSL - ok 21:36:46.0343 3612 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 21:36:46.0500 3612 wscsvc - ok 21:36:46.0546 3612 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 21:36:46.0718 3612 wuauserv - ok 21:36:46.0734 3612 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 21:36:46.0796 3612 WudfPf - ok 21:36:46.0875 3612 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 21:36:46.0906 3612 WudfSvc - ok 21:36:46.0984 3612 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 21:36:47.0171 3612 WZCSVC - ok 21:36:47.0250 3612 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 21:36:47.0390 3612 xmlprov - ok 21:36:47.0421 3612 zumbus - ok 21:36:47.0484 3612 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 21:36:48.0078 3612 \Device\Harddisk0\DR0 - ok 21:36:48.0140 3612 Boot (0x1200) (1b0706897dda2c158a611faf9b9d83d1) \Device\Harddisk0\DR0\Partition0 21:36:48.0140 3612 \Device\Harddisk0\DR0\Partition0 - ok 21:36:48.0140 3612 ============================================================ 21:36:48.0140 3612 Scan finished 21:36:48.0140 3612 ============================================================ 21:36:48.0250 3604 Detected object count: 21 21:36:48.0250 3604 Actual detected object count: 21 21:37:37.0453 3604 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0453 3604 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:37.0453 3604 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0453 3604 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:37.0453 3604 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0453 3604 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:37.0453 3604 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0453 3604 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:37.0468 3604 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0468 3604 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:37.0468 3604 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0468 3604 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:37.0468 3604 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0468 3604 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:37.0468 3604 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0468 3604 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:37.0468 3604 omci ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0484 3604 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:37.0484 3604 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0484 3604 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:37.0484 3604 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0484 3604 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:37.0484 3604 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0484 3604 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:37.0484 3604 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0484 3604 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:37.0500 3604 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0500 3604 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:37.0500 3604 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0500 3604 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:37.0500 3604 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0500 3604 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:37.0500 3604 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0500 3604 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:37.0500 3604 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0500 3604 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:37.0500 3604 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0500 3604 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:37.0500 3604 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0500 3604 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:37.0515 3604 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user 21:37:37.0515 3604 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:42:57.0031 3556 Deinitialize success
  4. TeeGee123
    Success in running TDSSKiller!!! Not sure I ran it correctly, though. Here is the report: 21:26:57.0390 3104 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 21:26:57.0953 3104 ============================================================ 21:26:57.0953 3104 Current date / time: 2012/06/06 21:26:57.0953 21:26:57.0953 3104 SystemInfo: 21:26:57.0953 3104 21:26:57.0953 3104 OS Version: 5.1.2600 ServicePack: 3.0 21:26:57.0953 3104 Product type: Workstation 21:26:57.0953 3104 ComputerName: TONY 21:26:57.0953 3104 Windows directory: C:\WINDOWS 21:26:57.0953 3104 System windows directory: C:\WINDOWS 21:26:57.0953 3104 Processor architecture: Intel x86 21:26:57.0953 3104 Number of processors: 2 21:26:57.0953 3104 Page size: 0x1000 21:26:57.0953 3104 Boot type: Normal boot 21:26:57.0953 3104 ============================================================ 21:27:00.0890 3104 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 21:27:00.0937 3104 ============================================================ 21:27:00.0937 3104 \Device\Harddisk0\DR0: 21:27:00.0953 3104 MBR partitions: 21:27:00.0953 3104 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x11FFC12D 21:27:01.0031 3104 ============================================================ 21:27:01.0156 3104 C: <-> \Device\Harddisk0\DR0\Partition0 21:27:01.0171 3104 ============================================================ 21:27:01.0171 3104 Initialize success 21:27:01.0171 3104 ============================================================ 21:27:59.0984 3212 ============================================================ 21:27:59.0984 3212 Scan started 21:27:59.0984 3212 Mode: Manual; 21:27:59.0984 3212 ============================================================ 21:28:00.0890 3212 Abiosdsk - ok 21:28:00.0953 3212 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 21:28:00.0953 3212 abp480n5 - ok 21:28:01.0031 3212 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 21:28:01.0046 3212 ACPI - ok 21:28:01.0093 3212 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 21:28:01.0093 3212 ACPIEC - ok 21:28:01.0109 3212 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 21:28:01.0125 3212 adpu160m - ok 21:28:01.0171 3212 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 21:28:01.0187 3212 aec - ok 21:28:01.0281 3212 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys 21:28:01.0359 3212 AegisP - ok 21:28:01.0421 3212 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 21:28:01.0437 3212 AFD - ok 21:28:01.0484 3212 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 21:28:01.0500 3212 agp440 - ok 21:28:01.0515 3212 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 21:28:01.0515 3212 agpCPQ - ok 21:28:01.0546 3212 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 21:28:01.0546 3212 Aha154x - ok 21:28:01.0562 3212 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 21:28:01.0578 3212 aic78u2 - ok 21:28:01.0609 3212 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 21:28:01.0609 3212 aic78xx - ok 21:28:01.0656 3212 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 21:28:01.0656 3212 Alerter - ok 21:28:01.0718 3212 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 21:28:01.0734 3212 ALG - ok 21:28:01.0765 3212 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 21:28:01.0765 3212 AliIde - ok 21:28:01.0796 3212 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 21:28:01.0796 3212 alim1541 - ok 21:28:01.0812 3212 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 21:28:01.0812 3212 amdagp - ok 21:28:01.0843 3212 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 21:28:01.0859 3212 amsint - ok 21:28:01.0906 3212 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 21:28:01.0921 3212 APPDRV - ok 21:28:01.0921 3212 AppMgmt - ok 21:28:02.0000 3212 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 21:28:02.0000 3212 Arp1394 - ok 21:28:02.0031 3212 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 21:28:02.0031 3212 asc - ok 21:28:02.0062 3212 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 21:28:02.0062 3212 asc3350p - ok 21:28:02.0109 3212 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 21:28:02.0109 3212 asc3550 - ok 21:28:02.0359 3212 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 21:28:02.0421 3212 aspnet_state - ok 21:28:02.0453 3212 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 21:28:02.0453 3212 AsyncMac - ok 21:28:02.0468 3212 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 21:28:02.0484 3212 atapi - ok 21:28:02.0484 3212 Atdisk - ok 21:28:02.0531 3212 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 21:28:02.0546 3212 Atmarpc - ok 21:28:02.0593 3212 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 21:28:02.0609 3212 AudioSrv - ok 21:28:02.0687 3212 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 21:28:02.0687 3212 audstub - ok 21:28:02.0750 3212 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 21:28:02.0781 3212 BCM43XX - ok 21:28:02.0796 3212 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 21:28:02.0796 3212 bcm4sbxp - ok 21:28:02.0875 3212 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 21:28:02.0875 3212 Beep - ok 21:28:02.0984 3212 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 21:28:03.0453 3212 BITS - ok 21:28:03.0593 3212 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 21:28:03.0593 3212 Browser - ok 21:28:03.0890 3212 catchme - ok 21:28:03.0937 3212 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 21:28:03.0937 3212 cbidf - ok 21:28:03.0953 3212 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 21:28:03.0953 3212 cbidf2k - ok 21:28:03.0984 3212 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 21:28:03.0984 3212 cd20xrnt - ok 21:28:04.0046 3212 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 21:28:04.0046 3212 Cdaudio - ok 21:28:04.0140 3212 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 21:28:04.0140 3212 Cdfs - ok 21:28:04.0203 3212 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 21:28:04.0203 3212 Cdrom - ok 21:28:04.0218 3212 Changer - ok 21:28:04.0265 3212 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 21:28:04.0281 3212 CiSvc - ok 21:28:04.0312 3212 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 21:28:04.0328 3212 ClipSrv - ok 21:28:04.0531 3212 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:28:04.0593 3212 clr_optimization_v2.0.50727_32 - ok 21:28:04.0625 3212 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 21:28:04.0625 3212 CmBatt - ok 21:28:04.0687 3212 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 21:28:04.0687 3212 CmdIde - ok 21:28:04.0734 3212 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 21:28:04.0750 3212 Compbatt - ok 21:28:04.0750 3212 COMSysApp - ok 21:28:04.0812 3212 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 21:28:04.0812 3212 Cpqarray - ok 21:28:04.0859 3212 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 21:28:04.0875 3212 CryptSvc - ok 21:28:04.0921 3212 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 21:28:04.0937 3212 dac2w2k - ok 21:28:04.0968 3212 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 21:28:04.0968 3212 dac960nt - ok 21:28:05.0125 3212 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 21:28:05.0156 3212 DcomLaunch - ok 21:28:05.0250 3212 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 21:28:05.0250 3212 Dhcp - ok 21:28:05.0281 3212 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 21:28:05.0281 3212 Disk - ok 21:28:05.0281 3212 dmadmin - ok 21:28:05.0390 3212 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 21:28:05.0421 3212 dmboot - ok 21:28:05.0453 3212 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 21:28:05.0468 3212 dmio - ok 21:28:05.0500 3212 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 21:28:05.0500 3212 dmload - ok 21:28:05.0546 3212 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 21:28:05.0546 3212 dmserver - ok 21:28:05.0593 3212 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 21:28:05.0593 3212 DMusic - ok 21:28:05.0671 3212 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 21:28:05.0671 3212 Dnscache - ok 21:28:05.0765 3212 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 21:28:05.0781 3212 Dot3svc - ok 21:28:05.0828 3212 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 21:28:05.0828 3212 dpti2o - ok 21:28:05.0828 3212 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 21:28:05.0828 3212 drmkaud - ok 21:28:05.0890 3212 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys 21:28:05.0937 3212 drvmcdb - ok 21:28:05.0953 3212 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys 21:28:07.0578 3212 drvnddm - ok 21:28:07.0843 3212 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys 21:28:07.0859 3212 DSproct - ok 21:28:07.0890 3212 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 21:28:07.0890 3212 E100B - ok 21:28:07.0937 3212 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 21:28:07.0937 3212 EapHost - ok 21:28:08.0000 3212 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 21:28:08.0000 3212 ERSvc - ok 21:28:08.0093 3212 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 21:28:08.0093 3212 Eventlog - ok 21:28:08.0203 3212 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 21:28:08.0234 3212 EventSystem - ok 21:28:08.0390 3212 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 21:28:08.0406 3212 Fastfat - ok 21:28:08.0484 3212 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 21:28:08.0500 3212 FastUserSwitchingCompatibility - ok 21:28:08.0593 3212 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe 21:28:08.0609 3212 Fax - ok 21:28:08.0671 3212 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 21:28:08.0671 3212 Fdc - ok 21:28:08.0718 3212 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 21:28:08.0718 3212 Fips - ok 21:28:08.0781 3212 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 21:28:08.0781 3212 Flpydisk - ok 21:28:08.0843 3212 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 21:28:08.0859 3212 FltMgr - ok 21:28:09.0125 3212 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 21:28:09.0125 3212 FontCache3.0.0.0 - ok 21:28:09.0250 3212 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 21:28:09.0250 3212 Fs_Rec - ok 21:28:09.0312 3212 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 21:28:09.0312 3212 Ftdisk - ok 21:28:09.0375 3212 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 21:28:09.0375 3212 Gpc - ok 21:28:09.0609 3212 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 21:28:09.0625 3212 gupdate - ok 21:28:09.0640 3212 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 21:28:09.0640 3212 gupdatem - ok 21:28:09.0718 3212 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 21:28:09.0734 3212 HDAudBus - ok 21:28:09.0890 3212 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 21:28:09.0890 3212 helpsvc - ok 21:28:09.0906 3212 HidServ - ok 21:28:10.0031 3212 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 21:28:10.0031 3212 HidUsb - ok 21:28:10.0062 3212 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 21:28:10.0078 3212 hkmsvc - ok 21:28:10.0125 3212 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 21:28:10.0125 3212 hpn - ok 21:28:10.0156 3212 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 21:28:10.0156 3212 HPZid412 - ok 21:28:10.0171 3212 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 21:28:10.0171 3212 HPZipr12 - ok 21:28:10.0203 3212 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 21:28:10.0203 3212 HPZius12 - ok 21:28:10.0281 3212 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 21:28:10.0296 3212 HSFHWAZL - ok 21:28:10.0437 3212 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 21:28:10.0500 3212 HSF_DPV - ok 21:28:10.0593 3212 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 21:28:10.0625 3212 HTTP - ok 21:28:10.0687 3212 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 21:28:10.0687 3212 HTTPFilter - ok 21:28:10.0703 3212 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 21:28:10.0703 3212 i2omgmt - ok 21:28:10.0734 3212 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 21:28:10.0750 3212 i2omp - ok 21:28:10.0796 3212 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 21:28:10.0796 3212 i8042prt - ok 21:28:11.0093 3212 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 21:28:11.0140 3212 idsvc - ok 21:28:11.0156 3212 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 21:28:11.0156 3212 Imapi - ok 21:28:11.0218 3212 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 21:28:11.0250 3212 ImapiService - ok 21:28:11.0296 3212 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 21:28:11.0312 3212 ini910u - ok 21:28:11.0328 3212 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 21:28:11.0328 3212 IntelIde - ok 21:28:11.0390 3212 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 21:28:11.0390 3212 intelppm - ok 21:28:11.0437 3212 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 21:28:11.0437 3212 Ip6Fw - ok 21:28:11.0468 3212 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 21:28:11.0468 3212 IpFilterDriver - ok 21:28:11.0484 3212 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 21:28:11.0484 3212 IpInIp - ok 21:28:11.0546 3212 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 21:28:11.0562 3212 IpNat - ok 21:28:11.0578 3212 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 21:28:11.0578 3212 IPSec - ok 21:28:11.0625 3212 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 21:28:11.0625 3212 IRENUM - ok 21:28:11.0671 3212 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 21:28:11.0671 3212 isapnp - ok 21:28:11.0906 3212 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 21:28:11.0921 3212 JavaQuickStarterService - ok 21:28:11.0937 3212 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 21:28:11.0937 3212 Kbdclass - ok 21:28:11.0968 3212 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 21:28:11.0984 3212 kmixer - ok 21:28:12.0046 3212 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 21:28:12.0046 3212 KSecDD - ok 21:28:12.0156 3212 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 21:28:12.0187 3212 lanmanserver - ok 21:28:12.0265 3212 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 21:28:12.0343 3212 lanmanworkstation - ok 21:28:12.0359 3212 lbrtfdc - ok 21:28:12.0468 3212 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 21:28:12.0468 3212 LmHosts - ok 21:28:12.0546 3212 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys 21:28:12.0546 3212 mbamchameleon - ok 21:28:12.0703 3212 McciCMService (944b3087b142cd9bf8da6b3039fbfba5) C:\Program Files\Common Files\Motive\McciCMService.exe 21:28:12.0953 3212 McciCMService - ok 21:28:13.0031 3212 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 21:28:13.0031 3212 mdmxsdk - ok 21:28:13.0093 3212 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 21:28:13.0093 3212 Messenger - ok 21:28:13.0109 3212 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys 21:28:13.0125 3212 mferkdk - ok 21:28:13.0140 3212 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys 21:28:13.0140 3212 mfesmfk - ok 21:28:13.0187 3212 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 21:28:13.0187 3212 mnmdd - ok 21:28:13.0234 3212 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 21:28:13.0250 3212 mnmsrvc - ok 21:28:13.0296 3212 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 21:28:13.0296 3212 Modem - ok 21:28:13.0296 3212 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 21:28:13.0296 3212 Mouclass - ok 21:28:13.0359 3212 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 21:28:13.0359 3212 mouhid - ok 21:28:13.0406 3212 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 21:28:13.0406 3212 MountMgr - ok 21:28:13.0453 3212 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 21:28:13.0500 3212 MpFilter - ok 21:28:13.0765 3212 MpKsl306317a2 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B8B8A9E-4BCA-4070-8D86-01F5C186A7FB}\MpKsl306317a2.sys 21:28:13.0765 3212 MpKsl306317a2 - ok 21:28:13.0796 3212 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 21:28:13.0796 3212 mraid35x - ok 21:28:13.0906 3212 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 21:28:13.0968 3212 MREMP50 - ok 21:28:13.0968 3212 MREMPR5 - ok 21:28:13.0984 3212 MRENDIS5 - ok 21:28:14.0046 3212 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 21:28:14.0093 3212 MRESP50 - ok 21:28:14.0140 3212 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 21:28:14.0156 3212 MRxDAV - ok 21:28:14.0250 3212 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 21:28:14.0296 3212 MRxSmb - ok 21:28:14.0359 3212 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 21:28:14.0359 3212 MSDTC - ok 21:28:14.0421 3212 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 21:28:14.0421 3212 Msfs - ok 21:28:14.0437 3212 MSIServer - ok 21:28:14.0484 3212 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 21:28:14.0500 3212 MSKSSRV - ok 21:28:14.0640 3212 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe 21:28:14.0640 3212 MsMpSvc - ok 21:28:14.0687 3212 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 21:28:14.0687 3212 MSPCLOCK - ok 21:28:14.0687 3212 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 21:28:14.0687 3212 MSPQM - ok 21:28:14.0734 3212 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 21:28:14.0734 3212 mssmbios - ok 21:28:14.0796 3212 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 21:28:14.0796 3212 Mup - ok 21:28:14.0843 3212 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 21:28:14.0859 3212 napagent - ok 21:28:14.0921 3212 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 21:28:14.0937 3212 NDIS - ok 21:28:15.0015 3212 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 21:28:15.0015 3212 NdisTapi - ok 21:28:15.0031 3212 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 21:28:15.0031 3212 Ndisuio - ok 21:28:15.0078 3212 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 21:28:15.0078 3212 NdisWan - ok 21:28:15.0140 3212 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 21:28:15.0140 3212 NDProxy - ok 21:28:15.0156 3212 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 21:28:15.0171 3212 NetBIOS - ok 21:28:15.0187 3212 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 21:28:15.0203 3212 NetBT - ok 21:28:15.0281 3212 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 21:28:15.0296 3212 NetDDE - ok 21:28:15.0312 3212 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 21:28:15.0312 3212 NetDDEdsdm - ok 21:28:15.0375 3212 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:28:15.0375 3212 Netlogon - ok 21:28:15.0390 3212 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 21:28:15.0421 3212 Netman - ok 21:28:15.0640 3212 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:28:15.0656 3212 NetTcpPortSharing - ok 21:28:15.0734 3212 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 21:28:15.0734 3212 NIC1394 - ok 21:28:15.0812 3212 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 21:28:15.0828 3212 Nla - ok 21:28:16.0078 3212 nmservice (cd2fe9c33cfd0fe0af124e05907e5c3d) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe 21:28:16.0109 3212 nmservice - ok 21:28:16.0125 3212 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 21:28:16.0125 3212 Npfs - ok 21:28:16.0156 3212 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 21:28:16.0187 3212 Ntfs - ok 21:28:16.0281 3212 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:28:16.0281 3212 NtLmSsp - ok 21:28:16.0328 3212 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 21:28:16.0359 3212 NtmsSvc - ok 21:28:16.0453 3212 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 21:28:16.0453 3212 Null - ok 21:28:16.0640 3212 nv (f238620bc9d2fdf8734948c0a4441707) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 21:28:16.0828 3212 nv - ok 21:28:17.0015 3212 NVSvc (d54292149e9ed49ad149879b67ec24d1) C:\WINDOWS\system32\nvsvc32.exe 21:28:17.0015 3212 NVSvc - ok 21:28:17.0093 3212 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 21:28:17.0093 3212 NwlnkFlt - ok 21:28:17.0109 3212 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 21:28:17.0109 3212 NwlnkFwd - ok 21:28:17.0390 3212 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 21:28:17.0421 3212 odserv - ok 21:28:17.0500 3212 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 21:28:17.0500 3212 ohci1394 - ok 21:28:17.0578 3212 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys 21:28:17.0625 3212 omci - ok 21:28:17.0687 3212 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:28:17.0703 3212 ose - ok 21:28:17.0718 3212 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 21:28:17.0734 3212 Parport - ok 21:28:17.0734 3212 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 21:28:17.0750 3212 PartMgr - ok 21:28:17.0781 3212 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 21:28:17.0781 3212 ParVdm - ok 21:28:17.0796 3212 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 21:28:17.0796 3212 PCI - ok 21:28:17.0796 3212 PCIDump - ok 21:28:17.0859 3212 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 21:28:17.0859 3212 PCIIde - ok 21:28:17.0875 3212 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 21:28:17.0890 3212 Pcmcia - ok 21:28:17.0906 3212 PDCOMP - ok 21:28:17.0906 3212 PDFRAME - ok 21:28:17.0921 3212 PDRELI - ok 21:28:17.0921 3212 PDRFRAME - ok 21:28:17.0937 3212 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 21:28:17.0953 3212 perc2 - ok 21:28:17.0953 3212 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 21:28:17.0953 3212 perc2hib - ok 21:28:18.0046 3212 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 21:28:18.0046 3212 PlugPlay - ok 21:28:18.0125 3212 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys 21:28:18.0125 3212 pnarp - ok 21:28:18.0171 3212 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:28:18.0171 3212 PolicyAgent - ok 21:28:18.0234 3212 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 21:28:18.0234 3212 PptpMiniport - ok 21:28:18.0234 3212 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:28:18.0250 3212 ProtectedStorage - ok 21:28:18.0250 3212 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 21:28:18.0265 3212 PSched - ok 21:28:18.0296 3212 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 21:28:18.0296 3212 Ptilink - ok 21:28:18.0296 3212 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys 21:28:18.0312 3212 purendis - ok 21:28:18.0375 3212 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys 21:28:18.0406 3212 PxHelp20 - ok 21:28:18.0484 3212 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 21:28:18.0484 3212 ql1080 - ok 21:28:18.0515 3212 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 21:28:18.0515 3212 Ql10wnt - ok 21:28:18.0531 3212 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 21:28:18.0531 3212 ql12160 - ok 21:28:18.0546 3212 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 21:28:18.0546 3212 ql1240 - ok 21:28:18.0562 3212 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 21:28:18.0562 3212 ql1280 - ok 21:28:18.0609 3212 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 21:28:18.0609 3212 RasAcd - ok 21:28:18.0671 3212 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 21:28:18.0687 3212 RasAuto - ok 21:28:18.0734 3212 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 21:28:18.0734 3212 Rasl2tp - ok 21:28:18.0828 3212 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 21:28:18.0843 3212 RasMan - ok 21:28:18.0859 3212 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 21:28:18.0859 3212 RasPppoe - ok 21:28:18.0875 3212 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 21:28:18.0875 3212 Raspti - ok 21:28:18.0890 3212 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 21:28:18.0906 3212 Rdbss - ok 21:28:18.0953 3212 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 21:28:18.0953 3212 RDPCDD - ok 21:28:18.0984 3212 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 21:28:19.0000 3212 rdpdr - ok 21:28:19.0125 3212 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 21:28:19.0140 3212 RDPWD - ok 21:28:19.0187 3212 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 21:28:19.0203 3212 RDSessMgr - ok 21:28:19.0250 3212 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 21:28:19.0250 3212 redbook - ok 21:28:19.0328 3212 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 21:28:19.0328 3212 RemoteAccess - ok 21:28:19.0390 3212 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 21:28:19.0390 3212 rimmptsk - ok 21:28:19.0406 3212 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 21:28:19.0406 3212 rimsptsk - ok 21:28:19.0437 3212 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 21:28:19.0437 3212 rismxdp - ok 21:28:19.0500 3212 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 21:28:19.0500 3212 RpcLocator - ok 21:28:19.0593 3212 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 21:28:19.0593 3212 RpcSs - ok 21:28:19.0656 3212 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 21:28:19.0671 3212 RSVP - ok 21:28:19.0765 3212 RT80x86 (af07c72596f94fccac8fcd17229162a9) C:\WINDOWS\system32\DRIVERS\RT2860.sys 21:28:19.0796 3212 RT80x86 - ok 21:28:19.0875 3212 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:28:19.0890 3212 SamSs - ok 21:28:19.0953 3212 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 21:28:19.0968 3212 SCardSvr - ok 21:28:20.0046 3212 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 21:28:20.0062 3212 Schedule - ok 21:28:20.0093 3212 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 21:28:20.0093 3212 sdbus - ok 21:28:20.0156 3212 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 21:28:20.0156 3212 Secdrv - ok 21:28:20.0218 3212 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 21:28:20.0218 3212 seclogon - ok 21:28:20.0234 3212 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 21:28:20.0234 3212 SENS - ok 21:28:20.0281 3212 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 21:28:20.0296 3212 serenum - ok 21:28:20.0328 3212 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 21:28:20.0343 3212 Serial - ok 21:28:20.0359 3212 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 21:28:20.0375 3212 Sfloppy - ok 21:28:20.0437 3212 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 21:28:20.0484 3212 SharedAccess - ok 21:28:20.0578 3212 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 21:28:20.0578 3212 ShellHWDetection - ok 21:28:20.0593 3212 Simbad - ok 21:28:20.0656 3212 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 21:28:20.0671 3212 sisagp - ok 21:28:20.0734 3212 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 21:28:20.0734 3212 Sparrow - ok 21:28:20.0765 3212 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 21:28:20.0781 3212 splitter - ok 21:28:20.0859 3212 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 21:28:20.0859 3212 Spooler - ok 21:28:20.0906 3212 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 21:28:20.0921 3212 sr - ok 21:28:20.0968 3212 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 21:28:21.0000 3212 srservice - ok 21:28:21.0093 3212 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 21:28:21.0125 3212 Srv - ok 21:28:21.0218 3212 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys 21:28:21.0250 3212 sscdbhk5 - ok 21:28:21.0312 3212 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 21:28:21.0312 3212 SSDPSRV - ok 21:28:21.0328 3212 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys 21:28:21.0390 3212 ssrtln - ok 21:28:21.0546 3212 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys 21:28:21.0562 3212 STHDA - ok 21:28:21.0671 3212 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 21:28:21.0703 3212 stisvc - ok 21:28:21.0859 3212 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 21:28:21.0875 3212 swenum - ok 21:28:21.0890 3212 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 21:28:21.0890 3212 swmidi - ok 21:28:21.0906 3212 SwPrv - ok 21:28:21.0968 3212 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 21:28:21.0968 3212 symc810 - ok 21:28:21.0984 3212 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 21:28:21.0984 3212 symc8xx - ok 21:28:22.0000 3212 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 21:28:22.0000 3212 sym_hi - ok 21:28:22.0015 3212 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 21:28:22.0015 3212 sym_u3 - ok 21:28:22.0093 3212 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys 21:28:22.0109 3212 SynTP - ok 21:28:22.0125 3212 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 21:28:22.0125 3212 sysaudio - ok 21:28:22.0203 3212 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 21:28:22.0218 3212 SysmonLog - ok 21:28:22.0265 3212 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 21:28:22.0296 3212 TapiSrv - ok 21:28:22.0390 3212 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 21:28:22.0421 3212 Tcpip - ok 21:28:22.0484 3212 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 21:28:22.0484 3212 TDPIPE - ok 21:28:22.0515 3212 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 21:28:22.0515 3212 TDTCP - ok 21:28:22.0546 3212 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 21:28:22.0562 3212 TermDD - ok 21:28:22.0656 3212 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 21:28:22.0687 3212 TermService - ok 21:28:22.0781 3212 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys 21:28:22.0812 3212 tfsnboio - ok 21:28:22.0828 3212 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys 21:28:22.0875 3212 tfsncofs - ok 21:28:22.0921 3212 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys 21:28:22.0953 3212 tfsndrct - ok 21:28:22.0984 3212 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys 21:28:23.0000 3212 tfsndres - ok 21:28:23.0015 3212 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys 21:28:23.0125 3212 tfsnifs - ok 21:28:23.0140 3212 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys 21:28:23.0171 3212 tfsnopio - ok 21:28:23.0171 3212 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys 21:28:23.0203 3212 tfsnpool - ok 21:28:23.0218 3212 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys 21:28:23.0312 3212 tfsnudf - ok 21:28:23.0328 3212 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys 21:28:23.0390 3212 tfsnudfa - ok 21:28:23.0468 3212 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 21:28:23.0468 3212 Themes - ok 21:28:23.0531 3212 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 21:28:23.0531 3212 TosIde - ok 21:28:23.0578 3212 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 21:28:23.0593 3212 TrkWks - ok 21:28:23.0640 3212 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 21:28:23.0640 3212 Udfs - ok 21:28:23.0656 3212 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 21:28:23.0656 3212 ultra - ok 21:28:23.0718 3212 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 21:28:23.0734 3212 Update - ok 21:28:23.0781 3212 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 21:28:23.0796 3212 upnphost - ok 21:28:23.0812 3212 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 21:28:23.0812 3212 UPS - ok 21:28:23.0875 3212 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 21:28:23.0890 3212 usbccgp - ok 21:28:23.0906 3212 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 21:28:23.0906 3212 usbehci - ok 21:28:23.0937 3212 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 21:28:23.0937 3212 usbhub - ok 21:28:23.0984 3212 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 21:28:23.0984 3212 usbprint - ok 21:28:24.0000 3212 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 21:28:24.0000 3212 usbscan - ok 21:28:24.0078 3212 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 21:28:24.0078 3212 USBSTOR - ok 21:28:24.0093 3212 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 21:28:24.0093 3212 usbuhci - ok 21:28:24.0109 3212 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 21:28:24.0109 3212 VgaSave - ok 21:28:24.0156 3212 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 21:28:24.0171 3212 viaagp - ok 21:28:24.0203 3212 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 21:28:24.0203 3212 ViaIde - ok 21:28:24.0265 3212 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 21:28:24.0265 3212 VolSnap - ok 21:28:24.0328 3212 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 21:28:24.0359 3212 VSS - ok 21:28:24.0421 3212 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 21:28:24.0437 3212 w32time - ok 21:28:24.0546 3212 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 21:28:24.0546 3212 Wanarp - ok 21:28:24.0734 3212 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 21:28:24.0781 3212 Wdf01000 - ok 21:28:24.0781 3212 WDICA - ok 21:28:24.0828 3212 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 21:28:24.0843 3212 wdmaud - ok 21:28:24.0937 3212 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 21:28:24.0937 3212 WebClient - ok 21:28:25.0062 3212 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 21:28:25.0109 3212 winachsf - ok 21:28:25.0343 3212 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 21:28:25.0359 3212 winmgmt - ok 21:28:25.0468 3212 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys 21:28:25.0468 3212 WinUSB - ok 21:28:25.0468 3212 wltrysvc - ok 21:28:25.0515 3212 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 21:28:25.0515 3212 WmdmPmSN - ok 21:28:25.0578 3212 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 21:28:25.0578 3212 WmiAcpi - ok 21:28:25.0640 3212 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 21:28:25.0656 3212 WmiApSrv - ok 21:28:25.0859 3212 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 21:28:25.0906 3212 WMPNetworkSvc - ok 21:28:25.0968 3212 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 21:28:25.0968 3212 WS2IFSL - ok 21:28:26.0062 3212 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 21:28:26.0062 3212 wscsvc - ok 21:28:26.0187 3212 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 21:28:26.0187 3212 wuauserv - ok 21:28:26.0265 3212 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 21:28:26.0281 3212 WudfPf - ok 21:28:26.0312 3212 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 21:28:26.0312 3212 WudfSvc - ok 21:28:26.0421 3212 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 21:28:26.0468 3212 WZCSVC - ok 21:28:26.0546 3212 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 21:28:26.0562 3212 xmlprov - ok 21:28:26.0562 3212 zumbus - ok 21:28:26.0625 3212 MBR (0x1B8) (ccf8742ff645f8623f24306cbae1c5e4) \Device\Harddisk0\DR0 21:28:26.0671 3212 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected 21:28:26.0671 3212 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0) 21:28:26.0734 3212 Boot (0x1200) (1b0706897dda2c158a611faf9b9d83d1) \Device\Harddisk0\DR0\Partition0 21:28:26.0734 3212 \Device\Harddisk0\DR0\Partition0 - ok 21:28:26.0734 3212 ============================================================ 21:28:26.0734 3212 Scan finished 21:28:26.0734 3212 ============================================================ 21:28:26.0750 0200 Detected object count: 1 21:28:26.0750 0200 Actual detected object count: 1 21:30:51.0203 0200 \Device\Harddisk0\DR0\# - copied to quarantine 21:30:51.0375 0200 \Device\Harddisk0\DR0 - copied to quarantine 21:30:51.0843 0200 \Device\Harddisk0\DR0 - processing error 21:31:25.0171 0200 \Device\Harddisk0\DR0 - will be restored on reboot 21:31:25.0171 0200 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore 21:31:29.0953 4084 Deinitialize success
  5. TeeGee123
    Here is the Listparts report. Will next try the TDSKiller workaround. Please stay tuned. . . . Thanks. ListParts by Farbar Version: 03-06-2012 Ran by Tony Grausso (administrator) on 06-06-2012 at 21:17:00 Windows XP (X86) Running From: C:\Documents and Settings\Tony Grausso\Desktop Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 65% Total physical RAM: 1022.37 MB Available physical RAM: 357.35 MB Total Pagefile: 2459.93 MB Available Pagefile: 1878.54 MB Total Virtual: 2047.88 MB Available Virtual: 2001.18 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:143.99 GB) (Free:123.54 GB) NTFS ==>[Drive with boot components (Windows XP)] Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 149 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 55 MB 32 KB Partition 2 Primary 144 GB 55 MB Partition 3 Extended 2047 MB 144 GB Partition 4 Logical 2047 MB 144 GB Partition 5 Unknown 3075 MB 146 GB ====================================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C NTFS Partition 144 GB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 4 Type : DD Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== Disk: 0 Partition 5 Type : DB Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== ****** End Of Log ******
  6. TeeGee123
    aswMBR will not run. ???
  7. TeeGee123
    Just tried. No go.
  8. TeeGee123
    I re-ran OTL and allowed it to run on reboot. Here is the report for it: All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-2183708541-3629148959-1070128526-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found. Folder C:\ComboFix\ not found. File C:\Documents and Settings\All Users\Application Data\-zbKPpNp4NTSbMR not found. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User User: LocalService User: NetworkService User: Owner User: Tony Grausso ->Java cache emptied: 0 bytes Total Java Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 6100 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Owner ->Temp folder emptied: 0 bytes User: Tony Grausso ->Temp folder emptied: 33546 bytes ->Temporary Internet Files folder emptied: 21550799 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 1307 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4656 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 21.00 mb OTL by OldTimer - Version 3.2.46.1 log created on 06062012_123125 Files\Folders moved on Reboot... C:\Documents and Settings\Tony Grausso\Local Settings\Temporary Internet Files\Content.IE5\LNKJV9NX\index[1].htm moved successfully. C:\Documents and Settings\Tony Grausso\Local Settings\Temporary Internet Files\Content.IE5\GEE4ADJF\fastbutton[1].htm moved successfully. C:\Documents and Settings\Tony Grausso\Local Settings\Temporary Internet Files\Content.IE5\GEE4ADJF\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. File\Folder C:\Documents and Settings\Tony Grausso\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat not found! Registry entries deleted on Reboot...
  9. TeeGee123
    Here is the OTL log: All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-2183708541-3629148959-1070128526-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found. C:\ComboFix folder moved successfully. C:\Documents and Settings\All Users\Application Data\-zbKPpNp4NTSbMR moved successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User User: LocalService User: NetworkService User: Owner User: Tony Grausso ->Java cache emptied: 0 bytes Total Java Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 41620 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 3571846 bytes ->Flash cache emptied: 17786 bytes User: NetworkService ->Temp folder emptied: 25986 bytes ->Temporary Internet Files folder emptied: 1310854 bytes ->Flash cache emptied: 3040 bytes User: Owner ->Temp folder emptied: 0 bytes User: Tony Grausso ->Temp folder emptied: 131620 bytes ->Temporary Internet Files folder emptied: 19898882 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 1959350 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 1206508 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 163085 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 27.00 mb OTL by OldTimer - Version 3.2.46.1 log created on 06062012_121501 Files\Folders moved on Reboot... C:\Documents and Settings\Tony Grausso\Local Settings\Temporary Internet Files\Content.IE5\9JZLKEFK\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. C:\Documents and Settings\Tony Grausso\Local Settings\Temporary Internet Files\Content.IE5\95225KGM\index[1].htm moved successfully. C:\Documents and Settings\Tony Grausso\Local Settings\Temporary Internet Files\Content.IE5\1KEJYIGS\fastbutton[1].htm moved successfully. File move failed. C:\Documents and Settings\Tony Grausso\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be moved on reboot. Registry entries deleted on Reboot... I see a "file move failed" in the report. When I rebooted, I did see a window indicating a program wanted to run on start-up (OTL.exe) but I did not allow it to do so. Should I re-attempt this again, and let it run? Thanks.
  10. TeeGee123
    LDTate had me run ComboFix to help fix a trojan problem a week ago, although I had unistalled ComboFix via his instruction, or so I thought. I do not have any logs/reports to share. But here are the two OTL reports: OTL logfile created on: 6/5/2012 3:17:48 PM - Run 1 OTL by OldTimer - Version 3.2.46.1 Folder = C:\Documents and Settings\Tony Grausso\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1022.37 Mb Total Physical Memory | 473.25 Mb Available Physical Memory | 46.29% Memory free 2.40 Gb Paging File | 1.93 Gb Available in Paging File | 80.14% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 143.99 Gb Total Space | 123.96 Gb Free Space | 86.09% Space Free | Partition Type: NTFS Computer Name: TONY | User Name: Tony Grausso | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/05 15:16:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony Grausso\Desktop\OTL.exe PRC - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/02/13 16:00:00 | 001,899,520 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\CLink\McciTrayApp.exe PRC - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe PRC - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/12/05 10:56:50 | 001,736,704 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D8073\Belkinwcui.exe ========== Modules (No Company Name) ========== MOD - [2009/04/07 15:39:32 | 000,394,752 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll MOD - [2009/04/07 15:39:32 | 000,282,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll MOD - [2007/11/21 15:48:32 | 000,200,704 | ---- | M] () -- C:\Program Files\Belkin\F5D8073\BelkinwcuiDLL.dll MOD - [2007/03/30 16:00:44 | 000,081,920 | ---- | M] () -- C:\Program Files\Belkin\F5D8073\BelkinHWStatus.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012/03/16 10:38:13 | 000,136,176 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem) Google Update Service (gupdatem) SRV - [2012/03/16 10:38:13 | 000,136,176 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate) SRV - [2011/07/20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) SRV - [2008/07/29 19:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008/07/29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008/04/13 20:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm) SRV - [2008/04/13 20:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE) SRV - [2008/04/13 20:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger) SRV - [2008/04/13 20:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess) SRV - [2008/04/13 20:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter) SRV - [2006/11/22 18:35:50 | 000,020,480 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc) SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/18 21:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006/03/21 07:03:00 | 000,143,428 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\zumbus.sys -- (zumbus) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2012/02/13 15:59:46 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2012/02/13 15:59:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009/04/07 15:33:08 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis) DRV - [2009/04/07 15:33:08 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp) DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat) DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot) DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio) DRV - [2008/04/13 14:41:22 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\i2omp.sys -- (i2omp) DRV - [2008/04/13 14:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde) DRV - [2008/04/13 14:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde) DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr) DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia) DRV - [2008/04/13 14:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\viaagp.sys -- (viaagp) DRV - [2008/04/13 14:36:39 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\agpcpq.sys -- (agpCPQ) DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp) DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp) DRV - [2008/04/13 14:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\alim1541.sys -- (alim1541) DRV - [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\agp440.sys -- (agp440) DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs) DRV - [2007/07/28 15:48:40 | 000,537,216 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86) DRV - [2006/11/22 18:34:36 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2006/08/25 01:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2005/10/14 09:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005/10/14 09:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005/10/14 09:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV) DRV - [2005/07/21 21:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005/07/21 21:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2005/07/21 21:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004/08/04 06:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC) DRV - [2004/08/04 06:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm) DRV - [2004/08/04 06:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload) DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci) DRV - [2001/08/17 15:07:44 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\hpn.sys -- (hpn) DRV - [2001/08/17 15:07:44 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o) DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow) DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 15:07:42 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\perc2hib.sys -- (perc2hib) DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 15:07:40 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\perc2.sys -- (perc2) DRV - [2001/08/17 15:07:38 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aic78xx.sys -- (aic78xx) DRV - [2001/08/17 15:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aic78u2.sys -- (aic78u2) DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810) DRV - [2001/08/17 15:07:32 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra) DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160) DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080) DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280) DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 14:52:16 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1240.sys -- (ql1240) DRV - [2001/08/17 14:52:16 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql10wnt.sys -- (Ql10wnt) DRV - [2001/08/17 14:52:16 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dac960nt.sys -- (dac960nt) DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 14:52:08 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ini910u.sys -- (ini910u) DRV - [2001/08/17 14:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k) DRV - [2001/08/17 14:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf) DRV - [2001/08/17 14:52:06 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray) DRV - [2001/08/17 14:52:06 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cd20xrnt.sys -- (cd20xrnt) DRV - [2001/08/17 14:52:04 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc3350p.sys -- (asc3350p) DRV - [2001/08/17 14:52:04 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\amsint.sys -- (amsint) DRV - [2001/08/17 14:52:02 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aha154x.sys -- (Aha154x) DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc) DRV - [2001/08/17 14:52:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ABP480N5.SYS -- (abp480n5) DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550) DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde) DRV - [2001/08/17 14:51:56 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\toside.sys -- (TosIde) DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070518 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070518 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070518 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070518 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Tony Grausso\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Tony Grausso\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Tony Grausso\Application Data\Move Networks [2010/01/20 16:53:20 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012/05/28 10:40:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (SecureBrowsing bho) - {7632ABCA-B104-4fbc-9C70-419C4147061B} - C:\Program Files\M86Security Secure Browsing\SecureBrowsing.dll (M86Security LTD) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (M86 Security Secure Browsing) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - C:\Program Files\M86Security Secure Browsing\SecureBrowsing.dll (M86Security LTD) O3 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\..\Toolbar\WebBrowser: (M86 Security Secure Browsing) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - C:\Program Files\M86Security Secure Browsing\SecureBrowsing.dll (M86Security LTD) O4 - HKLM..\Run: [CLink_McciTrayApp] C:\Program Files\CLink\McciTrayApp.exe (Alcatel-Lucent) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) O4 - Startup: C:\Documents and Settings\Tony Grausso\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll File not found O15 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-2183708541-3629148959-1070128526-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241711260890 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6209BADF-7B7E-45E9-95EB-189B679EE4E2}: DhcpNameServer = 10.0.0.1 O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) O18 - Protocol\Handler\vsharechrome - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 () - file:///C:/DOCUME~1/TONYGR~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg O24 - Desktop Components:1 (My Current Home Page) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/06/05 15:16:15 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tony Grausso\Desktop\OTL.exe [2012/06/05 13:28:02 | 002,127,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tony Grausso\Desktop\explorer.exe.exe [2012/06/05 13:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT [2012/06/05 13:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/06/05 13:24:16 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Tony Grausso\Desktop\erunt_setup.exe [2012/06/05 13:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony Grausso\Desktop\RK_Quarantine [2012/06/04 20:07:22 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Tony Grausso\Desktop\aswMBR.exe [2012/06/04 14:12:14 | 009,989,040 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Tony Grausso\Desktop\AppRemover.exe [2012/06/04 13:52:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Tony Grausso\Desktop\dds.com [2012/05/31 16:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony Grausso\Application Data\Motive [2012/05/31 16:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CenturyLink Help [2012/05/31 16:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\CLink [2012/05/31 16:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sprint_Activation [2012/05/31 16:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive [2012/05/31 16:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive [2012/05/31 12:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys [2012/05/31 12:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx [2012/05/31 12:44:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2012/05/31 12:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared [2012/05/31 12:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks [2012/05/28 12:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony Grausso\Application Data\Finjan [2012/05/28 12:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\M86Security Secure Browsing [2012/05/28 12:07:02 | 000,000,000 | --SD | C] -- C:\ComboFix [2012/05/28 12:04:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/05/27 23:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony Grausso\Local Settings\Application Data\Sun [2012/05/27 23:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/05/27 23:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012/05/27 23:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony Grausso\Application Data\Oracle [2012/05/27 22:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012/05/27 22:28:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012/05/27 21:25:16 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/05/27 20:56:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/05/27 18:30:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/05/27 18:27:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tony Grausso\Start Menu\Programs\Administrative Tools [2012/05/24 14:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/24 11:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony Grausso\Application Data\Malwarebytes [2012/05/24 11:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/05/24 11:56:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/05/24 11:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/05/24 09:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony Grausso\Local Settings\Application Data\PCHealth [2012/05/23 20:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2012/05/23 20:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2012/05/23 10:05:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tony Grausso\Recent [2012/05/16 16:00:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8 [2012/05/16 15:41:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/05 15:16:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony Grausso\Desktop\OTL.exe [2012/06/05 15:12:13 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/06/05 15:06:36 | 000,443,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/06/05 15:06:36 | 000,072,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/06/05 15:02:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/06/05 15:02:14 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/06/05 15:02:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/06/05 15:02:04 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys [2012/06/05 14:48:01 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/06/05 13:28:08 | 002,127,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tony Grausso\Desktop\explorer.exe.exe [2012/06/05 13:26:22 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2012/06/05 13:26:17 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Desktop\NTREGOPT.lnk [2012/06/05 13:26:17 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Desktop\ERUNT.lnk [2012/06/05 13:24:29 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Tony Grausso\Desktop\erunt_setup.exe [2012/06/05 13:08:22 | 001,516,032 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Desktop\RogueKiller.exe [2012/06/05 05:52:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\defogger_reenable [2012/06/04 20:07:27 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Tony Grausso\Desktop\aswMBR.exe [2012/06/04 19:54:12 | 002,108,959 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Desktop\abckiller.com [2012/06/04 19:44:14 | 000,397,389 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Desktop\MiniToolBox.exe [2012/06/04 14:12:25 | 009,989,040 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Tony Grausso\Desktop\AppRemover.exe [2012/06/04 13:52:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Tony Grausso\Desktop\dds.com [2012/06/04 13:36:20 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Desktop\Defogger.exe [2012/06/02 05:08:22 | 000,017,781 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2012/05/31 12:45:28 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi [2012/05/28 10:40:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/05/27 22:46:12 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2012/05/27 21:25:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012/05/27 20:46:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/05/26 13:55:59 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2012/05/25 13:32:54 | 000,062,940 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012/05/24 11:56:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/23 09:43:41 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk [2012/05/23 09:43:41 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-zbKPpNp4NTSbMRr [2012/05/23 09:43:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-zbKPpNp4NTSbMR [2012/05/16 16:28:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/05/16 16:12:41 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/05/09 12:20:26 | 000,191,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/05/09 11:30:09 | 000,153,774 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Desktop\Seagrove Soap Fundraiser Seller Order Form Spring -Summer 2012 V2.pdf [2012/05/09 11:20:42 | 000,099,484 | ---- | M] () -- C:\Documents and Settings\Tony Grausso\Desktop\Seagrove Fundraiser Agreement Spring - Summer 2012 (1).pdf [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/05 14:32:01 | 1072,103,424 | -HS- | C] () -- C:\hiberfil.sys [2012/06/05 13:26:22 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2012/06/05 13:26:17 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Desktop\NTREGOPT.lnk [2012/06/05 13:26:17 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Desktop\ERUNT.lnk [2012/06/05 13:08:20 | 001,516,032 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Desktop\RogueKiller.exe [2012/06/05 05:52:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\defogger_reenable [2012/06/04 19:54:09 | 002,108,959 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Desktop\abckiller.com [2012/06/04 19:43:59 | 000,397,389 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Desktop\MiniToolBox.exe [2012/06/04 13:36:19 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Desktop\Defogger.exe [2012/05/31 12:45:19 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi [2012/05/27 22:55:52 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/05/27 22:45:54 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/05/27 21:25:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012/05/27 21:25:21 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/05/24 11:56:46 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/23 20:23:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/05/23 16:25:27 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk [2012/05/23 16:25:27 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2012/05/23 09:43:41 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-zbKPpNp4NTSbMRr [2012/05/23 09:43:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-zbKPpNp4NTSbMR [2012/05/09 11:30:09 | 000,153,774 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Desktop\Seagrove Soap Fundraiser Seller Order Form Spring -Summer 2012 V2.pdf [2012/05/09 11:20:42 | 000,099,484 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Desktop\Seagrove Fundraiser Agreement Spring - Summer 2012 (1).pdf [2012/04/16 12:17:48 | 000,017,407 | ---- | C] () -- C:\Documents and Settings\Tony Grausso\Local Settings\Application Data\dt.dat [2012/02/15 09:45:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll ========== LOP Check ========== [2011/11/14 12:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2011/11/14 13:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP [2011/11/14 13:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2 [2011/11/14 12:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup [2011/11/14 13:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter [2012/03/10 10:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan [2011/11/14 13:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX [2011/11/14 13:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt [2012/02/18 12:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2012/04/16 11:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2012/04/16 12:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2009/07/29 13:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2012/04/16 11:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony Grausso\Application Data\AVG2012 [2012/03/10 10:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony Grausso\Application Data\Canon [2012/05/28 12:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony Grausso\Application Data\Finjan [2010/04/07 09:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony Grausso\Application Data\InterVideo [2010/03/12 20:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony Grausso\Application Data\Leadertech [2012/05/27 23:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony Grausso\Application Data\Oracle [2010/11/07 16:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony Grausso\Application Data\vShare ========== Purity Check ========== < End of report > OTL Extras logfile created on: 6/5/2012 3:17:48 PM - Run 1 OTL by OldTimer - Version 3.2.46.1 Folder = C:\Documents and Settings\Tony Grausso\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1022.37 Mb Total Physical Memory | 473.25 Mb Available Physical Memory | 46.29% Memory free 2.40 Gb Paging File | 1.93 Gb Available in Paging File | 80.14% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 143.99 Gb Total Space | 123.96 Gb Free Space | 86.09% Space Free | Partition Type: NTFS Computer Name: TONY | User Name: Tony Grausso | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-2183708541-3629148959-1070128526-1006\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 26 "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4 "{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5BA1D11C-B981-4CAA-B2B5-B8ADF413EBA5}" = Pure Networks Platform "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com "{6CA19AED-BDAE-4874-A9A3-BE1D03EC40A9}" = Belkin F5D8073 N Wireless ExpressCard Adapter "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo XPack (DVD Only) "{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1 "{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "Canon MP280 series User Registration" = Canon MP280 series User Registration "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "CLink" = CenturyLink Help "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "ERUNT_is1" = ERUNT 1.1j "Finjan Secure Browsing" = M86Security Secure Browsing "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP-Color LaserJet 2600n" = Color LaserJet 2600n "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{6CA19AED-BDAE-4874-A9A3-BE1D03EC40A9}" = Belkin F5D8073 N Wireless ExpressCard Adapter "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Network MagicUninstall" = Network Magic "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "SearchAssist" = SearchAssist "SynTPDeinstKey" = Synaptics Pointing Device Driver "Veetle TV" = Veetle TV 0.9.18 "vShare" = vShare Plugin "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "winusb0100" = Microsoft WinUsb 1.0 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Works2005Setup" = Microsoft Works 2005 Setup Launcher "WUDF01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2183708541-3629148959-1070128526-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Media Player" = Move Media Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 5/27/2012 7:38:44 AM | Computer Name = TONY | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 5/27/2012 7:38:54 AM | Computer Name = TONY | Source = Microsoft Security Client | ID = 5000 Description = Error - 5/27/2012 5:23:56 PM | Computer Name = TONY | Source = WinMgmt | ID = 28 Description = WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory. Error - 5/27/2012 10:40:41 PM | Computer Name = TONY | Source = Microsoft Security Client | ID = 5000 Description = Error - 5/27/2012 10:40:59 PM | Computer Name = TONY | Source = Microsoft Security Client | ID = 5000 Description = Error - 5/27/2012 10:45:46 PM | Computer Name = TONY | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 5/28/2012 9:15:17 AM | Computer Name = TONY | Source = MPSampleSubmission | ID = 5000 Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.8403.0, P3 1.127.848.0, P4 1.127.848.0, P5 200015b3e9679dd8_9cca347a4659301f89105a5433539e9cad150c69, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL. Error - 5/30/2012 8:50:26 AM | Computer Name = TONY | Source = Application Error | ID = 1000 Description = Faulting application javara.exe, version 1.16.1.1763, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b. Error - 6/4/2012 10:30:51 AM | Computer Name = TONY | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x0112905d. Error - 6/4/2012 2:17:18 PM | Computer Name = TONY | Source = Application Hang | ID = 1002 Description = Hanging application appRemoverCore.exe, version 2.2.25.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ OSession Events ] Error - 5/9/2012 11:30:58 AM | Computer Name = TONY | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 601 seconds with 360 seconds of active time. This session ended with a crash. [ System Events ] Error - 6/5/2012 2:29:16 PM | Computer Name = TONY | Source = Service Control Manager | ID = 7001 Description = The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31 Error - 6/5/2012 2:29:16 PM | Computer Name = TONY | Source = Service Control Manager | ID = 7001 Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error - 6/5/2012 2:29:16 PM | Computer Name = TONY | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL Error - 6/5/2012 2:29:21 PM | Computer Name = TONY | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 6/5/2012 2:29:51 PM | Computer Name = TONY | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 6/5/2012 2:30:52 PM | Computer Name = TONY | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 6/5/2012 2:31:05 PM | Computer Name = TONY | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 6/5/2012 2:32:11 PM | Computer Name = TONY | Source = Service Control Manager | ID = 7000 Description = The Zune Bus Enumerator Driver service failed to start due to the following error: %%2 Error - 6/5/2012 2:34:26 PM | Computer Name = TONY | Source = DCOM | ID = 10010 Description = The server {BA126AE5-2166-11D1-B1D0-00805FC1270E} did not register with DCOM within the required timeout. Error - 6/5/2012 3:02:16 PM | Computer Name = TONY | Source = Service Control Manager | ID = 7000 Description = The Zune Bus Enumerator Driver service failed to start due to the following error: %%2 < End of report >
  11. TeeGee123
    It would not open in safemode. Here is another DDS report set: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 5/22/2007 7:35:49 PM System Uptime: 6/5/2012 2:31:38 PM (0 hours ago) . Motherboard: Dell Inc. | | 0XD720 Processor: Genuine Intel® CPU T2080 @ 1.73GHz | Microprocessor | 1729/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 144 GiB total, 123.958 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\21E4F961434FC000 Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\21E4F961434FC000 Service: NIC1394 . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . . Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.3) Adobe Shockwave Player 11.6 Belkin F5D8073 N Wireless ExpressCard Adapter Broadcom Management Programs Canon Easy-PhotoPrint EX Canon MP Navigator EX 4.0 Canon MP280 series MP Drivers Canon MP280 series User Registration Canon My Printer Canon Solution Menu EX CenturyLink Help Color LaserJet 2600n Conexant HDA D110 MDC V.92 Modem Corel Paint Shop Pro Photo XI Corel Snapfire Plus Dell Support 3.2.1 Dell System Restore Dell Wireless WLAN Card Digital Line Detect ERUNT 1.1j Google Earth Google Update Helper High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Format 11 SDK (KB973442) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB932716-v2) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) InterVideo XPack (DVD Only) Java Auto Updater Java 6 Update 26 Java 7 Update 4 JavaFX 2.1.0 M86Security Secure Browsing Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Security Client Microsoft Security Essentials Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Windows XP Video Decoder Checkup Utility Microsoft WinUsb 1.0 Microsoft Works Microsoft Works 2005 Setup Launcher Microsoft Works Suite Add-in for Microsoft Word Modem Helper Move Media Player MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NetWaiting Network Magic NVIDIA Drivers Pure Networks Platform QFolder QuickSet SearchAssist Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Sonic DLA Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager swMSM Synaptics Pointing Device Driver Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) URL Assistant Veetle TV 0.9.18 vShare Plugin WebEx Support Manager for Internet Explorer WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 11 Windows XP Service Pack 3 Works Upgrade . ==== Event Viewer Messages From Past Week ======== . 6/5/2012 2:29:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 6/5/2012 2:29:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/5/2012 2:29:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL 6/5/2012 2:29:16 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 6/5/2012 2:29:16 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 6/5/2012 2:29:16 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 6/5/2012 2:29:16 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 6/1/2012 8:41:48 AM, error: Dhcp [1002] - The IP address lease 10.0.0.21 for the Network Card with network address 0019B971369A has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message). 5/31/2012 9:27:29 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.966.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 5/30/2012 7:33:35 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.966.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 5/29/2012 2:48:01 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 5/29/2012 2:34:14 PM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified. . ==== End Of File =========================== . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1 Run by Tony Grausso at 14:40:40 on 2012-06-05 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.452 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\CLink\McciTrayApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Belkin\F5D8073\Belkinwcui.exe C:\Program Files\internet explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: SecureBrowsing bho: {7632abca-b104-4fbc-9c70-419c4147061b} - c:\program files\m86security secure browsing\SecureBrowsing.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll TB: M86 Security Secure Browsing: {b99f805c-f0b1-48ea-8c8b-753bfcbed913} - c:\program files\m86security secure browsing\SecureBrowsing.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" mRun: [CLink_McciTrayApp] "c:\program files\clink\McciTrayApp.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\tonygr~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2iexp.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL Trusted Zone: internet Trusted Zone: mcafee.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241711260890 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{6209BADF-7B7E-45E9-95EB-189B679EE4E2} : DhcpNameServer = 10.0.0.1 Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064] R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2007-7-28 537216] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-26 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-26 40552] S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-16 136176] S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-16 136176] . =============== Created Last 30 ================ . 2012-06-04 23:43:50 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f27a5d87-1402-4179-82d2-c0c1f2b8074c}\mpengine.dll 2012-06-04 16:40:15 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-05-31 20:52:34 -------- d-----w- c:\program files\CLink 2012-05-31 20:48:33 -------- d-----w- c:\program files\Sprint_Activation 2012-05-31 20:48:03 -------- d-----w- c:\program files\common files\Motive 2012-05-31 16:47:21 -------- d-----w- c:\program files\Linksys 2012-05-31 16:45:30 -------- d-----w- c:\program files\WebEx 2012-05-31 16:45:19 8892928 ----a-w- c:\documents and settings\all users\application data\atscie.msi 2012-05-31 16:44:58 23984 ----a-w- c:\windows\system32\drivers\pnarp.sys 2012-05-31 16:44:51 25264 ----a-w- c:\windows\system32\drivers\purendis.sys 2012-05-31 16:44:29 -------- d-----w- c:\program files\common files\Pure Networks Shared 2012-05-31 16:43:23 -------- d-----w- c:\documents and settings\all users\application data\Pure Networks 2012-05-28 16:09:05 -------- d-----w- c:\documents and settings\tony grausso\application data\Finjan 2012-05-28 16:09:04 -------- d-----w- c:\program files\M86Security Secure Browsing 2012-05-28 16:07:02 -------- d-s---w- C:\ComboFix 2012-05-28 03:47:05 -------- d-----w- c:\documents and settings\tony grausso\local settings\application data\Sun 2012-05-28 03:00:53 -------- d-----w- c:\program files\Oracle 2012-05-28 03:00:32 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-05-28 02:45:32 -------- d-----w- c:\program files\Microsoft Security Client 2012-05-28 01:25:16 -------- d-sha-r- C:\cmdcons 2012-05-24 15:57:01 -------- d-----w- c:\documents and settings\tony grausso\application data\Malwarebytes 2012-05-24 15:56:41 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-05-24 15:56:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-24 15:56:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-24 13:13:53 -------- d-----w- c:\documents and settings\tony grausso\local settings\application data\PCHealth 2012-05-23 14:08:08 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-05-23 14:08:08 -------- d-----w- c:\windows\system32\wbem\Repository 2012-05-16 20:00:41 -------- dc----w- c:\windows\ie8 2012-05-16 19:41:23 -------- d-----w- c:\windows\system32\Adobe . ==================== Find3M ==================== . 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 19:42:37 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-16 19:42:37 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-06 12:24:51 5486 --sha-w- c:\windows\system32\KGyGaAvL.sys 2012-04-06 12:24:41 88 --sh--r- c:\windows\system32\37AE522F6C.sys 2012-04-04 22:47:36 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-04-04 22:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys . ============= FINISH: 14:48:14.35 =============== While the scan shows AVG Anti-Virus Free Edition 2012 *Enabled/Updated*, I did remove this (twice) using AppRemover after uninstalling.
  12. TeeGee123
    Tried to open it in safemode. Did not work. ???
  13. TeeGee123
    So you want me to restart in safe mode then open TDSSKiller?
  14. TeeGee123
    Renamed it explore.exe but it did not run when doubleclicked.
  15. TeeGee123
    Should I quit/close the RogueKiller?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.