waves

Members

View Profile See their activity

Posts
9
Joined
November 24, 2012
Last visited
December 8, 2012

Reputation

0 Neutral

How do I backup files and start over after a rootkit?

waves replied to waves's topic in Resolved Malware Removal Logs

The computer is really slow when loading Firefox or new webpages but I haven't noticed any Google redirects. That being said, I'm still worried, even if the scan came back clean.. how can I be sure that the computer is 100% clean? Also, while the scan was loading, One-Click Maintenance (I'm not familar with this; our computer repairman installed and used this a few years back) popped up and said there were something like 96 registry errors. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.07.11 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 Laurel :: RUSTY [administrator] 12/7/2012 4:45:10 PM mbam-log-2012-12-07 (16-45-10).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 403341 Time elapsed: 2 hour(s), 16 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
How do I backup files and start over after a rootkit?

waves replied to waves's topic in Resolved Malware Removal Logs

When I was on the Adobe website, a small blue bar popped up at the bottom of the screen. I didn't catch what it said because I closed it accidentially, but it had some text in an arrow shaped box (if that makes sense) with more text in another box, and so on. What was it? Anyway, here's the TDSSKiller log: 16:07:05.0468 0860 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 16:07:06.0078 0860 ============================================================ 16:07:06.0078 0860 Current date / time: 2012/12/04 16:07:06.0078 16:07:06.0078 0860 SystemInfo: 16:07:06.0078 0860 16:07:06.0078 0860 OS Version: 5.1.2600 ServicePack: 3.0 16:07:06.0078 0860 Product type: Workstation 16:07:06.0078 0860 ComputerName: RUSTY 16:07:06.0078 0860 UserName: Laurel 16:07:06.0078 0860 Windows directory: C:\WINDOWS 16:07:06.0078 0860 System windows directory: C:\WINDOWS 16:07:06.0078 0860 Processor architecture: Intel x86 16:07:06.0078 0860 Number of processors: 1 16:07:06.0078 0860 Page size: 0x1000 16:07:06.0078 0860 Boot type: Normal boot 16:07:06.0078 0860 ============================================================ 16:07:09.0140 0860 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 16:07:09.0140 0860 ============================================================ 16:07:09.0140 0860 \Device\Harddisk0\DR0: 16:07:09.0140 0860 MBR partitions: 16:07:09.0140 0860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x445C7EE 16:07:09.0140 0860 ============================================================ 16:07:09.0218 0860 C: <-> \Device\Harddisk0\DR0\Partition1 16:07:09.0218 0860 ============================================================ 16:07:09.0218 0860 Initialize success 16:07:09.0218 0860 ============================================================ 16:08:08.0796 2684 ============================================================ 16:08:08.0796 2684 Scan started 16:08:08.0796 2684 Mode: Manual; 16:08:08.0796 2684 ============================================================ 16:08:09.0906 2684 ================ Scan system memory ======================== 16:08:09.0906 2684 System memory - ok 16:08:09.0921 2684 ================ Scan services ============================= 16:08:10.0062 2684 Abiosdsk - ok 16:08:10.0125 2684 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 16:08:10.0125 2684 abp480n5 - ok 16:08:10.0187 2684 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 16:08:10.0187 2684 ACPI - ok 16:08:10.0250 2684 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 16:08:10.0250 2684 ACPIEC - ok 16:08:10.0390 2684 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 16:08:10.0390 2684 AdobeFlashPlayerUpdateSvc - ok 16:08:10.0437 2684 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys 16:08:10.0437 2684 adpu160m - ok 16:08:10.0484 2684 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 16:08:10.0484 2684 aec - ok 16:08:10.0531 2684 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 16:08:10.0531 2684 AFD - ok 16:08:10.0578 2684 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys 16:08:10.0578 2684 agp440 - ok 16:08:10.0593 2684 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 16:08:10.0593 2684 agpCPQ - ok 16:08:10.0656 2684 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys 16:08:10.0656 2684 Aha154x - ok 16:08:10.0687 2684 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys 16:08:10.0687 2684 aic78u2 - ok 16:08:10.0703 2684 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys 16:08:10.0703 2684 aic78xx - ok 16:08:10.0750 2684 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll 16:08:10.0750 2684 Alerter - ok 16:08:10.0765 2684 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe 16:08:10.0765 2684 ALG - ok 16:08:10.0812 2684 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys 16:08:10.0812 2684 AliIde - ok 16:08:10.0843 2684 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys 16:08:10.0843 2684 alim1541 - ok 16:08:10.0875 2684 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys 16:08:10.0875 2684 amdagp - ok 16:08:10.0890 2684 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys 16:08:10.0890 2684 amsint - ok 16:08:10.0906 2684 AppMgmt - ok 16:08:10.0937 2684 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys 16:08:10.0953 2684 asc - ok 16:08:10.0968 2684 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys 16:08:10.0968 2684 asc3350p - ok 16:08:10.0984 2684 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys 16:08:10.0984 2684 asc3550 - ok 16:08:11.0031 2684 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys 16:08:11.0093 2684 ASCTRM - ok 16:08:11.0250 2684 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 16:08:11.0250 2684 aspnet_state - ok 16:08:11.0312 2684 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16:08:11.0312 2684 AsyncMac - ok 16:08:11.0343 2684 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 16:08:11.0359 2684 atapi - ok 16:08:11.0375 2684 Atdisk - ok 16:08:11.0421 2684 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 16:08:11.0437 2684 Atmarpc - ok 16:08:11.0484 2684 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 16:08:11.0484 2684 AudioSrv - ok 16:08:11.0546 2684 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 16:08:11.0546 2684 audstub - ok 16:08:11.0578 2684 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 16:08:11.0578 2684 Beep - ok 16:08:11.0625 2684 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll 16:08:11.0640 2684 BITS - ok 16:08:11.0765 2684 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 16:08:11.0781 2684 Bonjour Service - ok 16:08:11.0843 2684 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll 16:08:11.0859 2684 Browser - ok 16:08:11.0875 2684 bvrp_pci - ok 16:08:11.0921 2684 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 16:08:11.0937 2684 cbidf - ok 16:08:11.0953 2684 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 16:08:11.0953 2684 cbidf2k - ok 16:08:12.0015 2684 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 16:08:12.0015 2684 cd20xrnt - ok 16:08:12.0031 2684 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 16:08:12.0031 2684 Cdaudio - ok 16:08:12.0078 2684 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 16:08:12.0078 2684 Cdfs - ok 16:08:12.0125 2684 [ BF79E659C506674C0497CC9C61F1A165 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys 16:08:12.0125 2684 Cdr4_xp - ok 16:08:12.0156 2684 [ 2C41CD49D82D5FD85C72D57B6CA25471 ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys 16:08:12.0156 2684 Cdralw2k - ok 16:08:12.0187 2684 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 16:08:12.0187 2684 Cdrom - ok 16:08:12.0265 2684 [ 8C7746ACDE6225A46B58ED7AE09EC166 ] cdudf_xp C:\WINDOWS\system32\drivers\cdudf_xp.sys 16:08:12.0359 2684 cdudf_xp - ok 16:08:12.0390 2684 Changer - ok 16:08:12.0437 2684 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe 16:08:12.0437 2684 CiSvc - ok 16:08:12.0468 2684 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 16:08:12.0484 2684 ClipSrv - ok 16:08:12.0531 2684 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:08:12.0531 2684 clr_optimization_v2.0.50727_32 - ok 16:08:12.0593 2684 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys 16:08:12.0593 2684 CmdIde - ok 16:08:12.0609 2684 COMSysApp - ok 16:08:12.0656 2684 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys 16:08:12.0656 2684 Cpqarray - ok 16:08:12.0703 2684 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 16:08:12.0703 2684 CryptSvc - ok 16:08:12.0765 2684 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 16:08:12.0765 2684 dac2w2k - ok 16:08:12.0796 2684 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys 16:08:12.0812 2684 dac960nt - ok 16:08:12.0875 2684 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 16:08:12.0890 2684 DcomLaunch - ok 16:08:12.0937 2684 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 16:08:12.0937 2684 Dhcp - ok 16:08:12.0968 2684 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 16:08:12.0968 2684 Disk - ok 16:08:12.0984 2684 dmadmin - ok 16:08:13.0031 2684 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 16:08:13.0062 2684 dmboot - ok 16:08:13.0109 2684 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys 16:08:13.0109 2684 dmio - ok 16:08:13.0171 2684 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 16:08:13.0171 2684 dmload - ok 16:08:13.0250 2684 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll 16:08:13.0250 2684 dmserver - ok 16:08:13.0312 2684 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 16:08:13.0312 2684 DMusic - ok 16:08:13.0375 2684 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 16:08:13.0375 2684 Dnscache - ok 16:08:13.0500 2684 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 16:08:13.0546 2684 Dot3svc - ok 16:08:13.0578 2684 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys 16:08:13.0578 2684 dpti2o - ok 16:08:13.0593 2684 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 16:08:13.0609 2684 drmkaud - ok 16:08:13.0656 2684 [ 800DE2DFA19DB3FD87AA95308BA0C17B ] dvd_2K C:\WINDOWS\system32\drivers\dvd_2K.sys 16:08:13.0687 2684 dvd_2K - ok 16:08:13.0750 2684 [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys 16:08:13.0750 2684 E100B - ok 16:08:13.0796 2684 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll 16:08:13.0812 2684 EapHost - ok 16:08:13.0843 2684 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll 16:08:13.0843 2684 ERSvc - ok 16:08:13.0890 2684 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe 16:08:13.0890 2684 Eventlog - ok 16:08:13.0953 2684 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll 16:08:13.0953 2684 EventSystem - ok 16:08:14.0078 2684 [ E081184B8A58DC49BFE2200D56C297B2 ] F-Secure BlackLight Sensor C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe 16:08:14.0078 2684 F-Secure BlackLight Sensor - ok 16:08:14.0125 2684 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 16:08:14.0125 2684 Fastfat - ok 16:08:14.0203 2684 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 16:08:14.0203 2684 FastUserSwitchingCompatibility - ok 16:08:14.0265 2684 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe 16:08:14.0281 2684 Fax - ok 16:08:14.0296 2684 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys 16:08:14.0296 2684 Fdc - ok 16:08:14.0343 2684 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 16:08:14.0343 2684 Fips - ok 16:08:14.0390 2684 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys 16:08:14.0390 2684 Flpydisk - ok 16:08:14.0437 2684 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 16:08:14.0453 2684 FltMgr - ok 16:08:14.0515 2684 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 16:08:14.0531 2684 FontCache3.0.0.0 - ok 16:08:14.0578 2684 fsbl - ok 16:08:14.0609 2684 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 16:08:14.0609 2684 Fs_Rec - ok 16:08:14.0640 2684 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 16:08:14.0640 2684 Ftdisk - ok 16:08:14.0687 2684 [ 72FE2BEA6863D4EB93442A1C4FB5CA48 ] GcKernel C:\WINDOWS\system32\DRIVERS\GcKernel.sys 16:08:14.0687 2684 GcKernel - ok 16:08:14.0734 2684 [ 5DC17164F66380CBFEFD895C18467773 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 16:08:14.0734 2684 GEARAspiWDM - ok 16:08:14.0765 2684 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 16:08:14.0781 2684 Gpc - ok 16:08:14.0859 2684 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 16:08:14.0859 2684 helpsvc - ok 16:08:14.0906 2684 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll 16:08:14.0906 2684 HidServ - ok 16:08:14.0968 2684 [ BD205320308FB41C88A4049A2D1764B4 ] HIDSwvd C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys 16:08:14.0968 2684 HIDSwvd - ok 16:08:15.0000 2684 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 16:08:15.0000 2684 HidUsb - ok 16:08:15.0046 2684 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 16:08:15.0046 2684 hkmsvc - ok 16:08:15.0078 2684 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys 16:08:15.0078 2684 hpn - ok 16:08:15.0140 2684 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 16:08:15.0140 2684 HTTP - ok 16:08:15.0187 2684 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 16:08:15.0187 2684 HTTPFilter - ok 16:08:15.0250 2684 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys 16:08:15.0250 2684 i2omgmt - ok 16:08:15.0281 2684 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys 16:08:15.0281 2684 i2omp - ok 16:08:15.0328 2684 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 16:08:15.0328 2684 i8042prt - ok 16:08:15.0421 2684 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 16:08:15.0484 2684 ialm - ok 16:08:15.0656 2684 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 16:08:15.0656 2684 IDriverT - ok 16:08:15.0750 2684 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 16:08:15.0828 2684 idsvc - ok 16:08:15.0875 2684 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\drivers\Imapi.sys 16:08:15.0890 2684 Imapi - ok 16:08:15.0937 2684 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\Imapi.exe 16:08:15.0937 2684 ImapiService - ok 16:08:15.0968 2684 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys 16:08:15.0968 2684 ini910u - ok 16:08:16.0078 2684 [ 7509C548400F4C9E0211E3F6E66ABBE6 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys 16:08:16.0109 2684 IntelC51 - ok 16:08:16.0171 2684 [ 9584FFDD41D37F2C239681D0DAC2513E ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys 16:08:16.0218 2684 IntelC52 - ok 16:08:16.0250 2684 [ CF0B937710CEC6EF39416EDECD803CBB ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys 16:08:16.0265 2684 IntelC53 - ok 16:08:16.0359 2684 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys 16:08:16.0359 2684 IntelIde - ok 16:08:16.0406 2684 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 16:08:16.0406 2684 intelppm - ok 16:08:16.0437 2684 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 16:08:16.0453 2684 Ip6Fw - ok 16:08:16.0500 2684 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 16:08:16.0500 2684 IpFilterDriver - ok 16:08:16.0546 2684 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 16:08:16.0546 2684 IpInIp - ok 16:08:16.0625 2684 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 16:08:16.0625 2684 IpNat - ok 16:08:16.0687 2684 [ 1CB96E83FD76EB5580451CEF29E24303 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 16:08:16.0718 2684 iPod Service - ok 16:08:16.0750 2684 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 16:08:16.0750 2684 IPSec - ok 16:08:16.0796 2684 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 16:08:16.0796 2684 IRENUM - ok 16:08:16.0843 2684 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 16:08:16.0859 2684 isapnp - ok 16:08:16.0875 2684 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 16:08:16.0875 2684 Kbdclass - ok 16:08:16.0906 2684 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16:08:16.0906 2684 kbdhid - ok 16:08:16.0953 2684 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 16:08:16.0953 2684 kmixer - ok 16:08:17.0000 2684 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 16:08:17.0000 2684 KSecDD - ok 16:08:17.0062 2684 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 16:08:17.0062 2684 lanmanserver - ok 16:08:17.0125 2684 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 16:08:17.0140 2684 lanmanworkstation - ok 16:08:17.0156 2684 lbrtfdc - ok 16:08:17.0218 2684 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 16:08:17.0218 2684 LmHosts - ok 16:08:17.0234 2684 lxcc_device - ok 16:08:17.0296 2684 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll 16:08:17.0296 2684 Messenger - ok 16:08:17.0359 2684 [ 0A35AD036DE912858A1C5E9637840724 ] mmc_2K C:\WINDOWS\system32\drivers\mmc_2K.sys 16:08:17.0406 2684 mmc_2K - ok 16:08:17.0437 2684 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 16:08:17.0437 2684 mnmdd - ok 16:08:17.0500 2684 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 16:08:17.0500 2684 mnmsrvc - ok 16:08:17.0562 2684 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 16:08:17.0562 2684 Modem - ok 16:08:17.0609 2684 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys 16:08:17.0609 2684 MODEMCSA - ok 16:08:17.0625 2684 [ 59B8B11FF70728EEC60E72131C58B716 ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys 16:08:17.0625 2684 mohfilt - ok 16:08:17.0671 2684 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 16:08:17.0671 2684 Mouclass - ok 16:08:17.0718 2684 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 16:08:17.0718 2684 mouhid - ok 16:08:17.0750 2684 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 16:08:17.0750 2684 MountMgr - ok 16:08:17.0828 2684 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 16:08:17.0828 2684 MozillaMaintenance - ok 16:08:17.0890 2684 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys 16:08:17.0906 2684 MpFilter - ok 16:08:17.0953 2684 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys 16:08:17.0953 2684 mraid35x - ok 16:08:17.0984 2684 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 16:08:18.0000 2684 MRxDAV - ok 16:08:18.0062 2684 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 16:08:18.0078 2684 MRxSmb - ok 16:08:18.0109 2684 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe 16:08:18.0125 2684 MSDTC - ok 16:08:18.0187 2684 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 16:08:18.0187 2684 Msfs - ok 16:08:18.0203 2684 MSIServer - ok 16:08:18.0250 2684 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 16:08:18.0250 2684 MSKSSRV - ok 16:08:18.0328 2684 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 16:08:18.0343 2684 MsMpSvc - ok 16:08:18.0390 2684 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 16:08:18.0390 2684 MSPCLOCK - ok 16:08:18.0421 2684 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 16:08:18.0421 2684 MSPQM - ok 16:08:18.0468 2684 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16:08:18.0468 2684 mssmbios - ok 16:08:18.0515 2684 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 16:08:18.0515 2684 Mup - ok 16:08:18.0609 2684 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll 16:08:18.0656 2684 napagent - ok 16:08:18.0734 2684 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 16:08:18.0734 2684 NDIS - ok 16:08:18.0796 2684 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 16:08:18.0796 2684 NdisTapi - ok 16:08:18.0843 2684 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16:08:18.0843 2684 Ndisuio - ok 16:08:18.0875 2684 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 16:08:18.0875 2684 NdisWan - ok 16:08:18.0937 2684 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 16:08:18.0937 2684 NDProxy - ok 16:08:18.0953 2684 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 16:08:18.0968 2684 NetBIOS - ok 16:08:19.0000 2684 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 16:08:19.0015 2684 NetBT - ok 16:08:19.0046 2684 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe 16:08:19.0062 2684 NetDDE - ok 16:08:19.0078 2684 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 16:08:19.0078 2684 NetDDEdsdm - ok 16:08:19.0125 2684 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe 16:08:19.0125 2684 Netlogon - ok 16:08:19.0171 2684 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll 16:08:19.0171 2684 Netman - ok 16:08:19.0312 2684 [ 02D0798F376FCBD0210EDA58476D0B1B ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe 16:08:19.0453 2684 NetSvc - ok 16:08:19.0515 2684 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:08:19.0515 2684 NetTcpPortSharing - ok 16:08:19.0562 2684 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll 16:08:19.0562 2684 Nla - ok 16:08:19.0640 2684 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 16:08:19.0640 2684 Npfs - ok 16:08:19.0687 2684 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 16:08:19.0718 2684 Ntfs - ok 16:08:19.0734 2684 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 16:08:19.0734 2684 NtLmSsp - ok 16:08:19.0796 2684 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 16:08:19.0828 2684 NtmsSvc - ok 16:08:19.0843 2684 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 16:08:19.0843 2684 Null - ok 16:08:19.0937 2684 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 16:08:20.0015 2684 nv - ok 16:08:20.0062 2684 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 16:08:20.0062 2684 NwlnkFlt - ok 16:08:20.0093 2684 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 16:08:20.0093 2684 NwlnkFwd - ok 16:08:20.0156 2684 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 16:08:20.0156 2684 Parport - ok 16:08:20.0187 2684 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 16:08:20.0203 2684 PartMgr - ok 16:08:20.0250 2684 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 16:08:20.0250 2684 ParVdm - ok 16:08:20.0281 2684 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 16:08:20.0296 2684 PCI - ok 16:08:20.0312 2684 PCIDump - ok 16:08:20.0343 2684 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 16:08:20.0359 2684 PCIIde - ok 16:08:20.0406 2684 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 16:08:20.0406 2684 Pcmcia - ok 16:08:20.0421 2684 PDCOMP - ok 16:08:20.0437 2684 PDFRAME - ok 16:08:20.0468 2684 PDRELI - ok 16:08:20.0484 2684 PDRFRAME - ok 16:08:20.0515 2684 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys 16:08:20.0515 2684 perc2 - ok 16:08:20.0546 2684 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys 16:08:20.0546 2684 perc2hib - ok 16:08:20.0609 2684 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe 16:08:20.0609 2684 PlugPlay - ok 16:08:20.0640 2684 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 16:08:20.0640 2684 PolicyAgent - ok 16:08:20.0687 2684 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 16:08:20.0687 2684 PptpMiniport - ok 16:08:20.0703 2684 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 16:08:20.0703 2684 ProtectedStorage - ok 16:08:20.0734 2684 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 16:08:20.0734 2684 PSched - ok 16:08:20.0796 2684 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 16:08:20.0796 2684 Ptilink - ok 16:08:20.0828 2684 [ 1840112F3F3B7ECE84DBBD93A70C4135 ] pwd_2K C:\WINDOWS\system32\drivers\pwd_2K.sys 16:08:20.0890 2684 pwd_2K - ok 16:08:20.0953 2684 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 16:08:20.0953 2684 PxHelp20 - ok 16:08:21.0015 2684 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys 16:08:21.0015 2684 ql1080 - ok 16:08:21.0046 2684 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 16:08:21.0046 2684 Ql10wnt - ok 16:08:21.0078 2684 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys 16:08:21.0078 2684 ql12160 - ok 16:08:21.0093 2684 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys 16:08:21.0109 2684 ql1240 - ok 16:08:21.0125 2684 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys 16:08:21.0125 2684 ql1280 - ok 16:08:21.0156 2684 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 16:08:21.0171 2684 RasAcd - ok 16:08:21.0234 2684 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll 16:08:21.0234 2684 RasAuto - ok 16:08:21.0281 2684 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 16:08:21.0296 2684 Rasl2tp - ok 16:08:21.0328 2684 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll 16:08:21.0343 2684 RasMan - ok 16:08:21.0375 2684 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 16:08:21.0375 2684 RasPppoe - ok 16:08:21.0406 2684 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 16:08:21.0406 2684 Raspti - ok 16:08:21.0453 2684 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 16:08:21.0468 2684 Rdbss - ok 16:08:21.0500 2684 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 16:08:21.0500 2684 RDPCDD - ok 16:08:21.0562 2684 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 16:08:21.0562 2684 rdpdr - ok 16:08:21.0640 2684 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 16:08:21.0640 2684 RDPWD - ok 16:08:21.0687 2684 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 16:08:21.0687 2684 RDSessMgr - ok 16:08:21.0718 2684 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 16:08:21.0718 2684 redbook - ok 16:08:21.0750 2684 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 16:08:21.0750 2684 RemoteAccess - ok 16:08:21.0796 2684 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe 16:08:21.0796 2684 RpcLocator - ok 16:08:21.0843 2684 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll 16:08:21.0843 2684 RpcSs - ok 16:08:21.0890 2684 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe 16:08:21.0906 2684 RSVP - ok 16:08:21.0937 2684 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe 16:08:21.0937 2684 SamSs - ok 16:08:22.0000 2684 [ 30D94039A729571146EB9D736EC1AADD ] SbcpHid C:\WINDOWS\system32\Drivers\SbcpHid.sys 16:08:22.0078 2684 SbcpHid - ok 16:08:22.0109 2684 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 16:08:22.0109 2684 SCardSvr - ok 16:08:22.0171 2684 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll 16:08:22.0187 2684 Schedule - ok 16:08:22.0250 2684 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 16:08:22.0250 2684 Secdrv - ok 16:08:22.0296 2684 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll 16:08:22.0296 2684 seclogon - ok 16:08:22.0390 2684 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys 16:08:22.0421 2684 senfilt - ok 16:08:22.0500 2684 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll 16:08:22.0500 2684 SENS - ok 16:08:22.0562 2684 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 16:08:22.0562 2684 serenum - ok 16:08:22.0609 2684 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 16:08:22.0609 2684 Serial - ok 16:08:22.0656 2684 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 16:08:22.0656 2684 Sfloppy - ok 16:08:22.0703 2684 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 16:08:22.0718 2684 SharedAccess - ok 16:08:22.0765 2684 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 16:08:22.0765 2684 ShellHWDetection - ok 16:08:22.0781 2684 Simbad - ok 16:08:22.0812 2684 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys 16:08:22.0828 2684 sisagp - ok 16:08:22.0890 2684 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys 16:08:22.0906 2684 smwdm - ok 16:08:22.0968 2684 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 16:08:22.0968 2684 SONYPVU1 - ok 16:08:23.0000 2684 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys 16:08:23.0000 2684 Sparrow - ok 16:08:23.0015 2684 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 16:08:23.0031 2684 splitter - ok 16:08:23.0062 2684 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 16:08:23.0078 2684 Spooler - ok 16:08:23.0156 2684 [ 7F1B7C4D446CD3F926AF45B8C48BD593 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys 16:08:23.0156 2684 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7F1B7C4D446CD3F926AF45B8C48BD593 16:08:23.0156 2684 sptd ( LockedFile.Multi.Generic ) - warning 16:08:23.0156 2684 sptd - detected LockedFile.Multi.Generic (1) 16:08:23.0203 2684 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 16:08:23.0218 2684 sr - ok 16:08:23.0265 2684 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll 16:08:23.0265 2684 srservice - ok 16:08:23.0343 2684 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 16:08:23.0359 2684 Srv - ok 16:08:23.0390 2684 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 16:08:23.0406 2684 SSDPSRV - ok 16:08:23.0468 2684 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll 16:08:23.0515 2684 stisvc - ok 16:08:23.0562 2684 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 16:08:23.0562 2684 swenum - ok 16:08:23.0593 2684 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 16:08:23.0593 2684 swmidi - ok 16:08:23.0609 2684 SwPrv - ok 16:08:23.0656 2684 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys 16:08:23.0656 2684 symc810 - ok 16:08:23.0671 2684 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys 16:08:23.0671 2684 symc8xx - ok 16:08:23.0687 2684 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys 16:08:23.0687 2684 sym_hi - ok 16:08:23.0718 2684 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys 16:08:23.0718 2684 sym_u3 - ok 16:08:23.0765 2684 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 16:08:23.0765 2684 sysaudio - ok 16:08:23.0796 2684 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 16:08:23.0812 2684 SysmonLog - ok 16:08:23.0843 2684 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 16:08:23.0843 2684 TapiSrv - ok 16:08:23.0906 2684 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 16:08:23.0921 2684 Tcpip - ok 16:08:23.0968 2684 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 16:08:23.0968 2684 TDPIPE - ok 16:08:24.0015 2684 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 16:08:24.0015 2684 TDTCP - ok 16:08:24.0078 2684 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 16:08:24.0078 2684 TermDD - ok 16:08:24.0140 2684 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll 16:08:24.0187 2684 TermService - ok 16:08:24.0234 2684 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll 16:08:24.0234 2684 Themes - ok 16:08:24.0312 2684 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys 16:08:24.0312 2684 TosIde - ok 16:08:24.0359 2684 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll 16:08:24.0359 2684 TrkWks - ok 16:08:24.0421 2684 [ E1B5BFBA7F1CDE1FC28934639E83B3CF ] UdfReadr_xp C:\WINDOWS\system32\drivers\UdfReadr_xp.sys 16:08:24.0484 2684 UdfReadr_xp - ok 16:08:24.0531 2684 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 16:08:24.0531 2684 Udfs - ok 16:08:24.0562 2684 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys 16:08:24.0562 2684 ultra - ok 16:08:24.0625 2684 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 16:08:24.0640 2684 Update - ok 16:08:24.0687 2684 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll 16:08:24.0687 2684 upnphost - ok 16:08:24.0718 2684 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe 16:08:24.0718 2684 UPS - ok 16:08:24.0734 2684 USBAAPL - ok 16:08:24.0765 2684 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 16:08:24.0781 2684 usbaudio - ok 16:08:24.0812 2684 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 16:08:24.0828 2684 usbccgp - ok 16:08:24.0843 2684 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 16:08:24.0843 2684 usbehci - ok 16:08:24.0875 2684 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 16:08:24.0890 2684 usbhub - ok 16:08:24.0906 2684 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 16:08:24.0906 2684 usbprint - ok 16:08:24.0937 2684 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 16:08:24.0953 2684 usbscan - ok 16:08:24.0984 2684 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:08:24.0984 2684 USBSTOR - ok 16:08:25.0015 2684 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 16:08:25.0015 2684 usbuhci - ok 16:08:25.0062 2684 [ D3986793DEDC6BB93DB4DA5A793E42CE ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll 16:08:25.0062 2684 UxTuneUp - ok 16:08:25.0125 2684 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 16:08:25.0125 2684 VgaSave - ok 16:08:25.0171 2684 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys 16:08:25.0171 2684 viaagp - ok 16:08:25.0203 2684 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys 16:08:25.0203 2684 ViaIde - ok 16:08:25.0281 2684 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 16:08:25.0281 2684 VolSnap - ok 16:08:25.0343 2684 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe 16:08:25.0359 2684 VSS - ok 16:08:25.0390 2684 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll 16:08:25.0406 2684 w32time - ok 16:08:25.0468 2684 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 16:08:25.0468 2684 Wanarp - ok 16:08:25.0484 2684 wanatw - ok 16:08:25.0500 2684 WDICA - ok 16:08:25.0546 2684 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 16:08:25.0546 2684 wdmaud - ok 16:08:25.0593 2684 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll 16:08:25.0593 2684 WebClient - ok 16:08:25.0703 2684 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 16:08:25.0703 2684 winmgmt - ok 16:08:25.0765 2684 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 16:08:25.0765 2684 WmdmPmSN - ok 16:08:25.0812 2684 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 16:08:25.0828 2684 WmiApSrv - ok 16:08:25.0953 2684 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe 16:08:26.0015 2684 WMPNetworkSvc - ok 16:08:26.0031 2684 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 16:08:26.0046 2684 WS2IFSL - ok 16:08:26.0078 2684 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll 16:08:26.0093 2684 wscsvc - ok 16:08:26.0140 2684 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll 16:08:26.0140 2684 wuauserv - ok 16:08:26.0218 2684 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 16:08:26.0218 2684 WudfPf - ok 16:08:26.0281 2684 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 16:08:26.0281 2684 WudfRd - ok 16:08:26.0328 2684 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 16:08:26.0328 2684 WudfSvc - ok 16:08:26.0406 2684 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 16:08:26.0437 2684 WZCSVC - ok 16:08:26.0468 2684 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 16:08:26.0484 2684 xmlprov - ok 16:08:26.0500 2684 ================ Scan global =============================== 16:08:26.0546 2684 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll 16:08:26.0625 2684 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 16:08:26.0718 2684 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 16:08:26.0750 2684 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe 16:08:26.0750 2684 [Global] - ok 16:08:26.0750 2684 ================ Scan MBR ================================== 16:08:26.0781 2684 [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0 16:08:26.0968 2684 \Device\Harddisk0\DR0 - ok 16:08:26.0984 2684 ================ Scan VBR ================================== 16:08:26.0984 2684 [ F1E789B7E2561AAEE3E8BEFAE321566F ] \Device\Harddisk0\DR0\Partition1 16:08:26.0984 2684 \Device\Harddisk0\DR0\Partition1 - ok 16:08:27.0000 2684 ============================================================ 16:08:27.0000 2684 Scan finished 16:08:27.0000 2684 ============================================================ 16:08:27.0031 3936 Detected object count: 1 16:08:27.0031 3936 Actual detected object count: 1 16:13:35.0812 3936 sptd ( LockedFile.Multi.Generic ) - skipped by user 16:13:35.0812 3936 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 16:07:05.0468 0860 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 16:07:06.0078 0860 ============================================================ 16:07:06.0078 0860 Current date / time: 2012/12/04 16:07:06.0078 16:07:06.0078 0860 SystemInfo: 16:07:06.0078 0860 16:07:06.0078 0860 OS Version: 5.1.2600 ServicePack: 3.0 16:07:06.0078 0860 Product type: Workstation 16:07:06.0078 0860 ComputerName: RUSTY 16:07:06.0078 0860 UserName: Laurel 16:07:06.0078 0860 Windows directory: C:\WINDOWS 16:07:06.0078 0860 System windows directory: C:\WINDOWS 16:07:06.0078 0860 Processor architecture: Intel x86 16:07:06.0078 0860 Number of processors: 1 16:07:06.0078 0860 Page size: 0x1000 16:07:06.0078 0860 Boot type: Normal boot 16:07:06.0078 0860 ============================================================ 16:07:09.0140 0860 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 16:07:09.0140 0860 ============================================================ 16:07:09.0140 0860 \Device\Harddisk0\DR0: 16:07:09.0140 0860 MBR partitions: 16:07:09.0140 0860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x445C7EE 16:07:09.0140 0860 ============================================================ 16:07:09.0218 0860 C: <-> \Device\Harddisk0\DR0\Partition1 16:07:09.0218 0860 ============================================================ 16:07:09.0218 0860 Initialize success 16:07:09.0218 0860 ============================================================ 16:08:08.0796 2684 ============================================================ 16:08:08.0796 2684 Scan started 16:08:08.0796 2684 Mode: Manual; 16:08:08.0796 2684 ============================================================ 16:08:09.0906 2684 ================ Scan system memory ======================== 16:08:09.0906 2684 System memory - ok 16:08:09.0921 2684 ================ Scan services ============================= 16:08:10.0062 2684 Abiosdsk - ok 16:08:10.0125 2684 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 16:08:10.0125 2684 abp480n5 - ok 16:08:10.0187 2684 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 16:08:10.0187 2684 ACPI - ok 16:08:10.0250 2684 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 16:08:10.0250 2684 ACPIEC - ok 16:08:10.0390 2684 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 16:08:10.0390 2684 AdobeFlashPlayerUpdateSvc - ok 16:08:10.0437 2684 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys 16:08:10.0437 2684 adpu160m - ok 16:08:10.0484 2684 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 16:08:10.0484 2684 aec - ok 16:08:10.0531 2684 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 16:08:10.0531 2684 AFD - ok 16:08:10.0578 2684 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys 16:08:10.0578 2684 agp440 - ok 16:08:10.0593 2684 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 16:08:10.0593 2684 agpCPQ - ok 16:08:10.0656 2684 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys 16:08:10.0656 2684 Aha154x - ok 16:08:10.0687 2684 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys 16:08:10.0687 2684 aic78u2 - ok 16:08:10.0703 2684 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys 16:08:10.0703 2684 aic78xx - ok 16:08:10.0750 2684 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll 16:08:10.0750 2684 Alerter - ok 16:08:10.0765 2684 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe 16:08:10.0765 2684 ALG - ok 16:08:10.0812 2684 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys 16:08:10.0812 2684 AliIde - ok 16:08:10.0843 2684 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys 16:08:10.0843 2684 alim1541 - ok 16:08:10.0875 2684 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys 16:08:10.0875 2684 amdagp - ok 16:08:10.0890 2684 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys 16:08:10.0890 2684 amsint - ok 16:08:10.0906 2684 AppMgmt - ok 16:08:10.0937 2684 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys 16:08:10.0953 2684 asc - ok 16:08:10.0968 2684 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys 16:08:10.0968 2684 asc3350p - ok 16:08:10.0984 2684 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys 16:08:10.0984 2684 asc3550 - ok 16:08:11.0031 2684 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys 16:08:11.0093 2684 ASCTRM - ok 16:08:11.0250 2684 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 16:08:11.0250 2684 aspnet_state - ok 16:08:11.0312 2684 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16:08:11.0312 2684 AsyncMac - ok 16:08:11.0343 2684 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 16:08:11.0359 2684 atapi - ok 16:08:11.0375 2684 Atdisk - ok 16:08:11.0421 2684 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 16:08:11.0437 2684 Atmarpc - ok 16:08:11.0484 2684 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 16:08:11.0484 2684 AudioSrv - ok 16:08:11.0546 2684 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 16:08:11.0546 2684 audstub - ok 16:08:11.0578 2684 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 16:08:11.0578 2684 Beep - ok 16:08:11.0625 2684 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll 16:08:11.0640 2684 BITS - ok 16:08:11.0765 2684 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 16:08:11.0781 2684 Bonjour Service - ok 16:08:11.0843 2684 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll 16:08:11.0859 2684 Browser - ok 16:08:11.0875 2684 bvrp_pci - ok 16:08:11.0921 2684 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 16:08:11.0937 2684 cbidf - ok 16:08:11.0953 2684 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 16:08:11.0953 2684 cbidf2k - ok 16:08:12.0015 2684 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 16:08:12.0015 2684 cd20xrnt - ok 16:08:12.0031 2684 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 16:08:12.0031 2684 Cdaudio - ok 16:08:12.0078 2684 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 16:08:12.0078 2684 Cdfs - ok 16:08:12.0125 2684 [ BF79E659C506674C0497CC9C61F1A165 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys 16:08:12.0125 2684 Cdr4_xp - ok 16:08:12.0156 2684 [ 2C41CD49D82D5FD85C72D57B6CA25471 ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys 16:08:12.0156 2684 Cdralw2k - ok 16:08:12.0187 2684 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 16:08:12.0187 2684 Cdrom - ok 16:08:12.0265 2684 [ 8C7746ACDE6225A46B58ED7AE09EC166 ] cdudf_xp C:\WINDOWS\system32\drivers\cdudf_xp.sys 16:08:12.0359 2684 cdudf_xp - ok 16:08:12.0390 2684 Changer - ok 16:08:12.0437 2684 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe 16:08:12.0437 2684 CiSvc - ok 16:08:12.0468 2684 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 16:08:12.0484 2684 ClipSrv - ok 16:08:12.0531 2684 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:08:12.0531 2684 clr_optimization_v2.0.50727_32 - ok 16:08:12.0593 2684 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys 16:08:12.0593 2684 CmdIde - ok 16:08:12.0609 2684 COMSysApp - ok 16:08:12.0656 2684 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys 16:08:12.0656 2684 Cpqarray - ok 16:08:12.0703 2684 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 16:08:12.0703 2684 CryptSvc - ok 16:08:12.0765 2684 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 16:08:12.0765 2684 dac2w2k - ok 16:08:12.0796 2684 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys 16:08:12.0812 2684 dac960nt - ok 16:08:12.0875 2684 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 16:08:12.0890 2684 DcomLaunch - ok 16:08:12.0937 2684 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 16:08:12.0937 2684 Dhcp - ok 16:08:12.0968 2684 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 16:08:12.0968 2684 Disk - ok 16:08:12.0984 2684 dmadmin - ok 16:08:13.0031 2684 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 16:08:13.0062 2684 dmboot - ok 16:08:13.0109 2684 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys 16:08:13.0109 2684 dmio - ok 16:08:13.0171 2684 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 16:08:13.0171 2684 dmload - ok 16:08:13.0250 2684 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll 16:08:13.0250 2684 dmserver - ok 16:08:13.0312 2684 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 16:08:13.0312 2684 DMusic - ok 16:08:13.0375 2684 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 16:08:13.0375 2684 Dnscache - ok 16:08:13.0500 2684 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 16:08:13.0546 2684 Dot3svc - ok 16:08:13.0578 2684 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys 16:08:13.0578 2684 dpti2o - ok 16:08:13.0593 2684 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 16:08:13.0609 2684 drmkaud - ok 16:08:13.0656 2684 [ 800DE2DFA19DB3FD87AA95308BA0C17B ] dvd_2K C:\WINDOWS\system32\drivers\dvd_2K.sys 16:08:13.0687 2684 dvd_2K - ok 16:08:13.0750 2684 [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys 16:08:13.0750 2684 E100B - ok 16:08:13.0796 2684 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll 16:08:13.0812 2684 EapHost - ok 16:08:13.0843 2684 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll 16:08:13.0843 2684 ERSvc - ok 16:08:13.0890 2684 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe 16:08:13.0890 2684 Eventlog - ok 16:08:13.0953 2684 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll 16:08:13.0953 2684 EventSystem - ok 16:08:14.0078 2684 [ E081184B8A58DC49BFE2200D56C297B2 ] F-Secure BlackLight Sensor C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe 16:08:14.0078 2684 F-Secure BlackLight Sensor - ok 16:08:14.0125 2684 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 16:08:14.0125 2684 Fastfat - ok 16:08:14.0203 2684 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 16:08:14.0203 2684 FastUserSwitchingCompatibility - ok 16:08:14.0265 2684 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe 16:08:14.0281 2684 Fax - ok 16:08:14.0296 2684 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys 16:08:14.0296 2684 Fdc - ok 16:08:14.0343 2684 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 16:08:14.0343 2684 Fips - ok 16:08:14.0390 2684 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys 16:08:14.0390 2684 Flpydisk - ok 16:08:14.0437 2684 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 16:08:14.0453 2684 FltMgr - ok 16:08:14.0515 2684 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 16:08:14.0531 2684 FontCache3.0.0.0 - ok 16:08:14.0578 2684 fsbl - ok 16:08:14.0609 2684 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 16:08:14.0609 2684 Fs_Rec - ok 16:08:14.0640 2684 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 16:08:14.0640 2684 Ftdisk - ok 16:08:14.0687 2684 [ 72FE2BEA6863D4EB93442A1C4FB5CA48 ] GcKernel C:\WINDOWS\system32\DRIVERS\GcKernel.sys 16:08:14.0687 2684 GcKernel - ok 16:08:14.0734 2684 [ 5DC17164F66380CBFEFD895C18467773 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 16:08:14.0734 2684 GEARAspiWDM - ok 16:08:14.0765 2684 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 16:08:14.0781 2684 Gpc - ok 16:08:14.0859 2684 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 16:08:14.0859 2684 helpsvc - ok 16:08:14.0906 2684 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll 16:08:14.0906 2684 HidServ - ok 16:08:14.0968 2684 [ BD205320308FB41C88A4049A2D1764B4 ] HIDSwvd C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys 16:08:14.0968 2684 HIDSwvd - ok 16:08:15.0000 2684 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 16:08:15.0000 2684 HidUsb - ok 16:08:15.0046 2684 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 16:08:15.0046 2684 hkmsvc - ok 16:08:15.0078 2684 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys 16:08:15.0078 2684 hpn - ok 16:08:15.0140 2684 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 16:08:15.0140 2684 HTTP - ok 16:08:15.0187 2684 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 16:08:15.0187 2684 HTTPFilter - ok 16:08:15.0250 2684 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys 16:08:15.0250 2684 i2omgmt - ok 16:08:15.0281 2684 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys 16:08:15.0281 2684 i2omp - ok 16:08:15.0328 2684 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 16:08:15.0328 2684 i8042prt - ok 16:08:15.0421 2684 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 16:08:15.0484 2684 ialm - ok 16:08:15.0656 2684 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 16:08:15.0656 2684 IDriverT - ok 16:08:15.0750 2684 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 16:08:15.0828 2684 idsvc - ok 16:08:15.0875 2684 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\drivers\Imapi.sys 16:08:15.0890 2684 Imapi - ok 16:08:15.0937 2684 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\Imapi.exe 16:08:15.0937 2684 ImapiService - ok 16:08:15.0968 2684 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys 16:08:15.0968 2684 ini910u - ok 16:08:16.0078 2684 [ 7509C548400F4C9E0211E3F6E66ABBE6 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys 16:08:16.0109 2684 IntelC51 - ok 16:08:16.0171 2684 [ 9584FFDD41D37F2C239681D0DAC2513E ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys 16:08:16.0218 2684 IntelC52 - ok 16:08:16.0250 2684 [ CF0B937710CEC6EF39416EDECD803CBB ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys 16:08:16.0265 2684 IntelC53 - ok 16:08:16.0359 2684 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys 16:08:16.0359 2684 IntelIde - ok 16:08:16.0406 2684 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 16:08:16.0406 2684 intelppm - ok 16:08:16.0437 2684 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 16:08:16.0453 2684 Ip6Fw - ok 16:08:16.0500 2684 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 16:08:16.0500 2684 IpFilterDriver - ok 16:08:16.0546 2684 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 16:08:16.0546 2684 IpInIp - ok 16:08:16.0625 2684 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 16:08:16.0625 2684 IpNat - ok 16:08:16.0687 2684 [ 1CB96E83FD76EB5580451CEF29E24303 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 16:08:16.0718 2684 iPod Service - ok 16:08:16.0750 2684 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 16:08:16.0750 2684 IPSec - ok 16:08:16.0796 2684 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 16:08:16.0796 2684 IRENUM - ok 16:08:16.0843 2684 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 16:08:16.0859 2684 isapnp - ok 16:08:16.0875 2684 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 16:08:16.0875 2684 Kbdclass - ok 16:08:16.0906 2684 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16:08:16.0906 2684 kbdhid - ok 16:08:16.0953 2684 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 16:08:16.0953 2684 kmixer - ok 16:08:17.0000 2684 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 16:08:17.0000 2684 KSecDD - ok 16:08:17.0062 2684 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 16:08:17.0062 2684 lanmanserver - ok 16:08:17.0125 2684 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 16:08:17.0140 2684 lanmanworkstation - ok 16:08:17.0156 2684 lbrtfdc - ok 16:08:17.0218 2684 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 16:08:17.0218 2684 LmHosts - ok 16:08:17.0234 2684 lxcc_device - ok 16:08:17.0296 2684 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll 16:08:17.0296 2684 Messenger - ok 16:08:17.0359 2684 [ 0A35AD036DE912858A1C5E9637840724 ] mmc_2K C:\WINDOWS\system32\drivers\mmc_2K.sys 16:08:17.0406 2684 mmc_2K - ok 16:08:17.0437 2684 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 16:08:17.0437 2684 mnmdd - ok 16:08:17.0500 2684 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 16:08:17.0500 2684 mnmsrvc - ok 16:08:17.0562 2684 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 16:08:17.0562 2684 Modem - ok 16:08:17.0609 2684 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys 16:08:17.0609 2684 MODEMCSA - ok 16:08:17.0625 2684 [ 59B8B11FF70728EEC60E72131C58B716 ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys 16:08:17.0625 2684 mohfilt - ok 16:08:17.0671 2684 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 16:08:17.0671 2684 Mouclass - ok 16:08:17.0718 2684 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 16:08:17.0718 2684 mouhid - ok 16:08:17.0750 2684 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 16:08:17.0750 2684 MountMgr - ok 16:08:17.0828 2684 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 16:08:17.0828 2684 MozillaMaintenance - ok 16:08:17.0890 2684 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys 16:08:17.0906 2684 MpFilter - ok 16:08:17.0953 2684 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys 16:08:17.0953 2684 mraid35x - ok 16:08:17.0984 2684 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 16:08:18.0000 2684 MRxDAV - ok 16:08:18.0062 2684 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 16:08:18.0078 2684 MRxSmb - ok 16:08:18.0109 2684 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe 16:08:18.0125 2684 MSDTC - ok 16:08:18.0187 2684 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 16:08:18.0187 2684 Msfs - ok 16:08:18.0203 2684 MSIServer - ok 16:08:18.0250 2684 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 16:08:18.0250 2684 MSKSSRV - ok 16:08:18.0328 2684 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 16:08:18.0343 2684 MsMpSvc - ok 16:08:18.0390 2684 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 16:08:18.0390 2684 MSPCLOCK - ok 16:08:18.0421 2684 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 16:08:18.0421 2684 MSPQM - ok 16:08:18.0468 2684 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16:08:18.0468 2684 mssmbios - ok 16:08:18.0515 2684 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 16:08:18.0515 2684 Mup - ok 16:08:18.0609 2684 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll 16:08:18.0656 2684 napagent - ok 16:08:18.0734 2684 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 16:08:18.0734 2684 NDIS - ok 16:08:18.0796 2684 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 16:08:18.0796 2684 NdisTapi - ok 16:08:18.0843 2684 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16:08:18.0843 2684 Ndisuio - ok 16:08:18.0875 2684 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 16:08:18.0875 2684 NdisWan - ok 16:08:18.0937 2684 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 16:08:18.0937 2684 NDProxy - ok 16:08:18.0953 2684 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 16:08:18.0968 2684 NetBIOS - ok 16:08:19.0000 2684 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 16:08:19.0015 2684 NetBT - ok 16:08:19.0046 2684 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe 16:08:19.0062 2684 NetDDE - ok 16:08:19.0078 2684 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 16:08:19.0078 2684 NetDDEdsdm - ok 16:08:19.0125 2684 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe 16:08:19.0125 2684 Netlogon - ok 16:08:19.0171 2684 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll 16:08:19.0171 2684 Netman - ok 16:08:19.0312 2684 [ 02D0798F376FCBD0210EDA58476D0B1B ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe 16:08:19.0453 2684 NetSvc - ok 16:08:19.0515 2684 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:08:19.0515 2684 NetTcpPortSharing - ok 16:08:19.0562 2684 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll 16:08:19.0562 2684 Nla - ok 16:08:19.0640 2684 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 16:08:19.0640 2684 Npfs - ok 16:08:19.0687 2684 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 16:08:19.0718 2684 Ntfs - ok 16:08:19.0734 2684 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 16:08:19.0734 2684 NtLmSsp - ok 16:08:19.0796 2684 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 16:08:19.0828 2684 NtmsSvc - ok 16:08:19.0843 2684 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 16:08:19.0843 2684 Null - ok 16:08:19.0937 2684 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 16:08:20.0015 2684 nv - ok 16:08:20.0062 2684 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 16:08:20.0062 2684 NwlnkFlt - ok 16:08:20.0093 2684 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 16:08:20.0093 2684 NwlnkFwd - ok 16:08:20.0156 2684 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 16:08:20.0156 2684 Parport - ok 16:08:20.0187 2684 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 16:08:20.0203 2684 PartMgr - ok 16:08:20.0250 2684 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 16:08:20.0250 2684 ParVdm - ok 16:08:20.0281 2684 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 16:08:20.0296 2684 PCI - ok 16:08:20.0312 2684 PCIDump - ok 16:08:20.0343 2684 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 16:08:20.0359 2684 PCIIde - ok 16:08:20.0406 2684 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 16:08:20.0406 2684 Pcmcia - ok 16:08:20.0421 2684 PDCOMP - ok 16:08:20.0437 2684 PDFRAME - ok 16:08:20.0468 2684 PDRELI - ok 16:08:20.0484 2684 PDRFRAME - ok 16:08:20.0515 2684 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys 16:08:20.0515 2684 perc2 - ok 16:08:20.0546 2684 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys 16:08:20.0546 2684 perc2hib - ok 16:08:20.0609 2684 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe 16:08:20.0609 2684 PlugPlay - ok 16:08:20.0640 2684 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 16:08:20.0640 2684 PolicyAgent - ok 16:08:20.0687 2684 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 16:08:20.0687 2684 PptpMiniport - ok 16:08:20.0703 2684 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 16:08:20.0703 2684 ProtectedStorage - ok 16:08:20.0734 2684 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 16:08:20.0734 2684 PSched - ok 16:08:20.0796 2684 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 16:08:20.0796 2684 Ptilink - ok 16:08:20.0828 2684 [ 1840112F3F3B7ECE84DBBD93A70C4135 ] pwd_2K C:\WINDOWS\system32\drivers\pwd_2K.sys 16:08:20.0890 2684 pwd_2K - ok 16:08:20.0953 2684 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 16:08:20.0953 2684 PxHelp20 - ok 16:08:21.0015 2684 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys 16:08:21.0015 2684 ql1080 - ok 16:08:21.0046 2684 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 16:08:21.0046 2684 Ql10wnt - ok 16:08:21.0078 2684 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys 16:08:21.0078 2684 ql12160 - ok 16:08:21.0093 2684 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys 16:08:21.0109 2684 ql1240 - ok 16:08:21.0125 2684 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys 16:08:21.0125 2684 ql1280 - ok 16:08:21.0156 2684 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 16:08:21.0171 2684 RasAcd - ok 16:08:21.0234 2684 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll 16:08:21.0234 2684 RasAuto - ok 16:08:21.0281 2684 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 16:08:21.0296 2684 Rasl2tp - ok 16:08:21.0328 2684 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll 16:08:21.0343 2684 RasMan - ok 16:08:21.0375 2684 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 16:08:21.0375 2684 RasPppoe - ok 16:08:21.0406 2684 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 16:08:21.0406 2684 Raspti - ok 16:08:21.0453 2684 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 16:08:21.0468 2684 Rdbss - ok 16:08:21.0500 2684 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 16:08:21.0500 2684 RDPCDD - ok 16:08:21.0562 2684 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 16:08:21.0562 2684 rdpdr - ok 16:08:21.0640 2684 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 16:08:21.0640 2684 RDPWD - ok 16:08:21.0687 2684 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 16:08:21.0687 2684 RDSessMgr - ok 16:08:21.0718 2684 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 16:08:21.0718 2684 redbook - ok 16:08:21.0750 2684 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 16:08:21.0750 2684 RemoteAccess - ok 16:08:21.0796 2684 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe 16:08:21.0796 2684 RpcLocator - ok 16:08:21.0843 2684 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll 16:08:21.0843 2684 RpcSs - ok 16:08:21.0890 2684 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe 16:08:21.0906 2684 RSVP - ok 16:08:21.0937 2684 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe 16:08:21.0937 2684 SamSs - ok 16:08:22.0000 2684 [ 30D94039A729571146EB9D736EC1AADD ] SbcpHid C:\WINDOWS\system32\Drivers\SbcpHid.sys 16:08:22.0078 2684 SbcpHid - ok 16:08:22.0109 2684 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 16:08:22.0109 2684 SCardSvr - ok 16:08:22.0171 2684 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll 16:08:22.0187 2684 Schedule - ok 16:08:22.0250 2684 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 16:08:22.0250 2684 Secdrv - ok 16:08:22.0296 2684 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll 16:08:22.0296 2684 seclogon - ok 16:08:22.0390 2684 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys 16:08:22.0421 2684 senfilt - ok 16:08:22.0500 2684 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll 16:08:22.0500 2684 SENS - ok 16:08:22.0562 2684 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 16:08:22.0562 2684 serenum - ok 16:08:22.0609 2684 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 16:08:22.0609 2684 Serial - ok 16:08:22.0656 2684 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 16:08:22.0656 2684 Sfloppy - ok 16:08:22.0703 2684 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 16:08:22.0718 2684 SharedAccess - ok 16:08:22.0765 2684 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 16:08:22.0765 2684 ShellHWDetection - ok 16:08:22.0781 2684 Simbad - ok 16:08:22.0812 2684 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys 16:08:22.0828 2684 sisagp - ok 16:08:22.0890 2684 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys 16:08:22.0906 2684 smwdm - ok 16:08:22.0968 2684 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 16:08:22.0968 2684 SONYPVU1 - ok 16:08:23.0000 2684 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys 16:08:23.0000 2684 Sparrow - ok 16:08:23.0015 2684 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 16:08:23.0031 2684 splitter - ok 16:08:23.0062 2684 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 16:08:23.0078 2684 Spooler - ok 16:08:23.0156 2684 [ 7F1B7C4D446CD3F926AF45B8C48BD593 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys 16:08:23.0156 2684 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7F1B7C4D446CD3F926AF45B8C48BD593 16:08:23.0156 2684 sptd ( LockedFile.Multi.Generic ) - warning 16:08:23.0156 2684 sptd - detected LockedFile.Multi.Generic (1) 16:08:23.0203 2684 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 16:08:23.0218 2684 sr - ok 16:08:23.0265 2684 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll 16:08:23.0265 2684 srservice - ok 16:08:23.0343 2684 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 16:08:23.0359 2684 Srv - ok 16:08:23.0390 2684 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 16:08:23.0406 2684 SSDPSRV - ok 16:08:23.0468 2684 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll 16:08:23.0515 2684 stisvc - ok 16:08:23.0562 2684 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 16:08:23.0562 2684 swenum - ok 16:08:23.0593 2684 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 16:08:23.0593 2684 swmidi - ok 16:08:23.0609 2684 SwPrv - ok 16:08:23.0656 2684 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys 16:08:23.0656 2684 symc810 - ok 16:08:23.0671 2684 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys 16:08:23.0671 2684 symc8xx - ok 16:08:23.0687 2684 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys 16:08:23.0687 2684 sym_hi - ok 16:08:23.0718 2684 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys 16:08:23.0718 2684 sym_u3 - ok 16:08:23.0765 2684 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 16:08:23.0765 2684 sysaudio - ok 16:08:23.0796 2684 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 16:08:23.0812 2684 SysmonLog - ok 16:08:23.0843 2684 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 16:08:23.0843 2684 TapiSrv - ok 16:08:23.0906 2684 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 16:08:23.0921 2684 Tcpip - ok 16:08:23.0968 2684 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 16:08:23.0968 2684 TDPIPE - ok 16:08:24.0015 2684 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 16:08:24.0015 2684 TDTCP - ok 16:08:24.0078 2684 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 16:08:24.0078 2684 TermDD - ok 16:08:24.0140 2684 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll 16:08:24.0187 2684 TermService - ok 16:08:24.0234 2684 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll 16:08:24.0234 2684 Themes - ok 16:08:24.0312 2684 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys 16:08:24.0312 2684 TosIde - ok 16:08:24.0359 2684 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll 16:08:24.0359 2684 TrkWks - ok 16:08:24.0421 2684 [ E1B5BFBA7F1CDE1FC28934639E83B3CF ] UdfReadr_xp C:\WINDOWS\system32\drivers\UdfReadr_xp.sys 16:08:24.0484 2684 UdfReadr_xp - ok 16:08:24.0531 2684 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 16:08:24.0531 2684 Udfs - ok 16:08:24.0562 2684 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys 16:08:24.0562 2684 ultra - ok 16:08:24.0625 2684 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 16:08:24.0640 2684 Update - ok 16:08:24.0687 2684 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll 16:08:24.0687 2684 upnphost - ok 16:08:24.0718 2684 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe 16:08:24.0718 2684 UPS - ok 16:08:24.0734 2684 USBAAPL - ok 16:08:24.0765 2684 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 16:08:24.0781 2684 usbaudio - ok 16:08:24.0812 2684 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 16:08:24.0828 2684 usbccgp - ok 16:08:24.0843 2684 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 16:08:24.0843 2684 usbehci - ok 16:08:24.0875 2684 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 16:08:24.0890 2684 usbhub - ok 16:08:24.0906 2684 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 16:08:24.0906 2684 usbprint - ok 16:08:24.0937 2684 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 16:08:24.0953 2684 usbscan - ok 16:08:24.0984 2684 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:08:24.0984 2684 USBSTOR - ok 16:08:25.0015 2684 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 16:08:25.0015 2684 usbuhci - ok 16:08:25.0062 2684 [ D3986793DEDC6BB93DB4DA5A793E42CE ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll 16:08:25.0062 2684 UxTuneUp - ok 16:08:25.0125 2684 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 16:08:25.0125 2684 VgaSave - ok 16:08:25.0171 2684 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys 16:08:25.0171 2684 viaagp - ok 16:08:25.0203 2684 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys 16:08:25.0203 2684 ViaIde - ok 16:08:25.0281 2684 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 16:08:25.0281 2684 VolSnap - ok 16:08:25.0343 2684 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe 16:08:25.0359 2684 VSS - ok 16:08:25.0390 2684 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll 16:08:25.0406 2684 w32time - ok 16:08:25.0468 2684 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 16:08:25.0468 2684 Wanarp - ok 16:08:25.0484 2684 wanatw - ok 16:08:25.0500 2684 WDICA - ok 16:08:25.0546 2684 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 16:08:25.0546 2684 wdmaud - ok 16:08:25.0593 2684 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll 16:08:25.0593 2684 WebClient - ok 16:08:25.0703 2684 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 16:08:25.0703 2684 winmgmt - ok 16:08:25.0765 2684 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 16:08:25.0765 2684 WmdmPmSN - ok 16:08:25.0812 2684 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 16:08:25.0828 2684 WmiApSrv - ok 16:08:25.0953 2684 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe 16:08:26.0015 2684 WMPNetworkSvc - ok 16:08:26.0031 2684 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 16:08:26.0046 2684 WS2IFSL - ok 16:08:26.0078 2684 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll 16:08:26.0093 2684 wscsvc - ok 16:08:26.0140 2684 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll 16:08:26.0140 2684 wuauserv - ok 16:08:26.0218 2684 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 16:08:26.0218 2684 WudfPf - ok 16:08:26.0281 2684 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 16:08:26.0281 2684 WudfRd - ok 16:08:26.0328 2684 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 16:08:26.0328 2684 WudfSvc - ok 16:08:26.0406 2684 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 16:08:26.0437 2684 WZCSVC - ok 16:08:26.0468 2684 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 16:08:26.0484 2684 xmlprov - ok 16:08:26.0500 2684 ================ Scan global =============================== 16:08:26.0546 2684 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll 16:08:26.0625 2684 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 16:08:26.0718 2684 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 16:08:26.0750 2684 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe 16:08:26.0750 2684 [Global] - ok 16:08:26.0750 2684 ================ Scan MBR ================================== 16:08:26.0781 2684 [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0 16:08:26.0968 2684 \Device\Harddisk0\DR0 - ok 16:08:26.0984 2684 ================ Scan VBR ================================== 16:08:26.0984 2684 [ F1E789B7E2561AAEE3E8BEFAE321566F ] \Device\Harddisk0\DR0\Partition1 16:08:26.0984 2684 \Device\Harddisk0\DR0\Partition1 - ok 16:08:27.0000 2684 ============================================================ 16:08:27.0000 2684 Scan finished 16:08:27.0000 2684 ============================================================ 16:08:27.0031 3936 Detected object count: 1 16:08:27.0031 3936 Actual detected object count: 1 16:13:35.0812 3936 sptd ( LockedFile.Multi.Generic ) - skipped by user 16:13:35.0812 3936 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
How do I backup files and start over after a rootkit?

waves replied to waves's topic in Resolved Malware Removal Logs

checkup.txt: Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 3 x86 Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET Online Scanner v3 Microsoft Security Essentials `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 TuneUp Utilities 2007 Java 6 Update 31 Java version out of Date! Adobe Flash Player 9 Flash Player out of Date! Adobe Flash Player 11.4.402.287 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 16.0.2 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 39% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
How do I backup files and start over after a rootkit?

waves replied to waves's topic in Resolved Malware Removal Logs

RogueKiller: RogueKiller V8.3.1 [Dec 2 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Laurel [Admin rights] Mode : Scan -- Date : 12/03/2012 15:00:07 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST340014A +++++ --- User --- [MBR] ac3c79f542f12c1061531a0e14fa2945 [bSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 35000 Mo 2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 71762355 | Size: 3098 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_12032012_02d1500.txt >> RKreport[1]_S_12032012_02d1500.txt
How do I backup files and start over after a rootkit?

waves replied to waves's topic in Resolved Malware Removal Logs

I ran the BitDefender scan in IE and it said "Good news! We found no active infections on your PC!" with no option to view a log.
How do I backup files and start over after a rootkit?

waves replied to waves's topic in Resolved Malware Removal Logs

info.txt: info.txt logfile of random's system information tool 1.09 2012-12-03 14:27:17 ======Uninstall list====== -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNNMP.exe /UNINSTALL -->C:\WINDOWS\UNNVEContent.exe /UNINSTALL -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe -maintain plugin Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001} Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log Apple Application Support-->MsiExec.exe /I{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" Barbarossa Kampagne Version 2.0-->"C:\Program Files\Ubi Soft\IL2 Sturmovik\unins000.exe" BIG-IP Edge Client Components (All Users)-->"C:\Documents and Settings\All Users\Application Data\F5 Networks\f5unistall.exe" /uninstall Bonjour Print Services-->MsiExec.exe /I{9D210D79-AEC5-453B-960C-4DD2C73931E1} Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8} Canadian Pacific Alco C630 Locomotives-->MsiExec.exe /I{7B40232B-C068-4E3A-A4BA-F7CBD5BB0B95} Canadian Pacific Holiday Train-->MsiExec.exe /I{7235275B-B4A9-43E0-8C05-86734380E63E} CD Box Labeler Pro-->"C:\Program Files\Green Point Software\CD Box Labeler Pro\unins000.exe" CPR AC4400 9590-->MsiExec.exe /I{28644560-6A34-4D36-B016-C49A17D96901} CPR CLC-FM Locomotive Pack-->MsiExec.exe /I{E005E648-37A3-48DE-AEBB-EFE7337E5073} CPR GP38 3012-->MsiExec.exe /I{68946AFE-50D4-44CF-A495-F31D31ABC519} CPR Green Goat GG20B locomotives-->MsiExec.exe /I{D61CED72-63CA-403D-B330-8C98648802E7} CPR Heritage RSD17-->MsiExec.exe /I{C12B8127-0D92-4E89-B4D0-58B9548F19B8} Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} DVD Photo Slideshow Pro 7.61-->C:\Program Files\DVD Photo Slideshow Professional\uninst.exe Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0} ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe" ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe European Air War-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MicroProse Software\European Air War\Uninst.isu" EZ Vinyl Converter 2.0.0 by MixMeister-->"C:\Program Files\MixMeister EZ Vinyl Converter\unins000.exe" Free Audio CD Burner version 1.3-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe" Free Studio version 4.8-->"C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe" Free YouTube to MP3 Converter version 3.5-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe" Game Console - WildGames-->"C:\Program Files\WildGames\Game Console - WildGames\Uninstall.exe" Handbrake 0.9.4-->C:\Program Files\Handbrake\uninst.exe Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe" Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe" Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe" Hotfix for Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe" Hotfix for Windows XP (KB2756822)-->"C:\WINDOWS\$NtUninstallKB2756822$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe" Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe" Intel® 537EP V9x DFV PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DFV PCI Modem" Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572 Intel® PRO Network Adapters and Drivers-->Prounstl.exe Intel® PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7} iPod for Windows 2006-01-10-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033 iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B} Java 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF} Lexmark 3300 Series-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxccUNST.EXE -NOLICENSE Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\Uninst.exe Mahjongg Platinum 2-->"C:\Program Files\Selectsoft\Mahjongg Platinum 2\uninstall.exe" Malwarebytes Anti-Malware version 1.62.0.1300-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 Security Update (KB2656370)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2656370\M2656370Uninstall.msp" Microsoft .NET Framework 1.1 Security Update (KB2698023)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2698023\M2698023Uninstall.msp" Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Security Client-->MsiExec.exe /X{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD} Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWudf01009$\spuninst\spuninst.exe" MLT Kicking Horse Pass CPR Demo Route-->MsiExec.exe /I{9AF14D4E-8224-4F4C-8D99-A8E3CB4E6142} Moraff's MahJongg 2005 Luxury Edition-->"C:\Program Files\Moraff's MahJongg 2005 Luxury Edition\Uninstall\unins000.exe" Mozilla Firefox 16.0.2 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe" MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID="" Norton Security Scan-->MsiExec.exe /X{3FADAA19-E595-44CA-A072-58B6B0851768} Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F} Pandrol Jackson Railgrinding Train-->MsiExec.exe /I{20EBB977-2426-4C0C-ABCD-D99918DB14A9} QuickTax 2007-->MsiExec.exe /X{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71} QuickTax 2008-->MsiExec.exe /X{AA0D2D5F-612B-45D3-8759-DA87206E5CC9} QuickTax 2009-->MsiExec.exe /X{ECB9C58E-C565-4683-9599-B72290BD3B25} QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0 Royal Canadian Pacific Luxury Train-->MsiExec.exe /I{C120D99B-6628-4974-86A9-94FB4724A2F1} Safari-->MsiExec.exe /I{EAFEF30E-3789-49C7-A6D9-77C12E005BAC} SD40-2_Content_Update-->MsiExec.exe /I{BF7C1B99-A250-45EF-B186-0C33B7308F95} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT="" Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB2183461)-->"C:\WINDOWS\ie7updates\KB2183461-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB2360131)-->"C:\WINDOWS\ie7updates\KB2360131-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB2416400)-->"C:\WINDOWS\ie7updates\KB2416400-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB2482017)-->"C:\WINDOWS\ie7updates\KB2482017-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB2497640)-->"C:\WINDOWS\ie7updates\KB2497640-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB2530548)-->"C:\WINDOWS\ie7updates\KB2530548-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB2544521)-->"C:\WINDOWS\ie7updates\KB2544521-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB2559049)-->"C:\WINDOWS\ie7updates\KB2559049-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB2586448)-->"C:\WINDOWS\ie7updates\KB2586448-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB2618444)-->"C:\WINDOWS\ie7updates\KB2618444-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB2647516)-->"C:\WINDOWS\ie7updates\KB2647516-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB2675157)-->"C:\WINDOWS\ie7updates\KB2675157-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB2699988)-->"C:\WINDOWS\ie7updates\KB2699988-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB2722913)-->"C:\WINDOWS\ie7updates\KB2722913-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB2744842)-->"C:\WINDOWS\ie7updates\KB2744842-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe" Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe" Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe" Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe" Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe" Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe" Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe" Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe" Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe" Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe" Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe" Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe" Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe" Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe" Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe" Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe" Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe" Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe" Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe" Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe" Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe" Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe" Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe" Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe" Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe" Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe" Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe" Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe" Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe" Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe" Security Update for Windows XP (KB2491683)-->"C:\WINDOWS\$NtUninstallKB2491683$\spuninst\spuninst.exe" Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe" Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe" Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe" Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe" Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe" Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe" Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe" Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe" Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe" Security Update for Windows XP (KB2510581)-->"C:\WINDOWS\$NtUninstallKB2510581$\spuninst\spuninst.exe" Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe" Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe" Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe" Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe" Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe" Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe" Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe" Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe" Security Update for Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe" Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe" Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe" Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe" Security Update for Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe" Security Update for Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe" Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe" Security Update for Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe" Security Update for Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe" Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe" Security Update for Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe" Security Update for Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe" Security Update for Windows XP (KB2621440)-->"C:\WINDOWS\$NtUninstallKB2621440$\spuninst\spuninst.exe" Security Update for Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe" Security Update for Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe" Security Update for Windows XP (KB2633171)-->"C:\WINDOWS\$NtUninstallKB2633171$\spuninst\spuninst.exe" Security Update for Windows XP (KB2639417)-->"C:\WINDOWS\$NtUninstallKB2639417$\spuninst\spuninst.exe" Security Update for Windows XP (KB2641653)-->"C:\WINDOWS\$NtUninstallKB2641653$\spuninst\spuninst.exe" Security Update for Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe" Security Update for Windows XP (KB2647518)-->"C:\WINDOWS\$NtUninstallKB2647518$\spuninst\spuninst.exe" Security Update for Windows XP (KB2653956)-->"C:\WINDOWS\$NtUninstallKB2653956$\spuninst\spuninst.exe" Security Update for Windows XP (KB2655992)-->"C:\WINDOWS\$NtUninstallKB2655992$\spuninst\spuninst.exe" Security Update for Windows XP (KB2659262)-->"C:\WINDOWS\$NtUninstallKB2659262$\spuninst\spuninst.exe" Security Update for Windows XP (KB2660465)-->"C:\WINDOWS\$NtUninstallKB2660465$\spuninst\spuninst.exe" Security Update for Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe" Security Update for Windows XP (KB2676562)-->"C:\WINDOWS\$NtUninstallKB2676562$\spuninst\spuninst.exe" Security Update for Windows XP (KB2685939)-->"C:\WINDOWS\$NtUninstallKB2685939$\spuninst\spuninst.exe" Security Update for Windows XP (KB2686509)-->"C:\WINDOWS\$NtUninstallKB2686509$\spuninst\spuninst.exe" Security Update for Windows XP (KB2691442)-->"C:\WINDOWS\$NtUninstallKB2691442$\spuninst\spuninst.exe" Security Update for Windows XP (KB2695962)-->"C:\WINDOWS\$NtUninstallKB2695962$\spuninst\spuninst.exe" Security Update for Windows XP (KB2698365)-->"C:\WINDOWS\$NtUninstallKB2698365$\spuninst\spuninst.exe" Security Update for Windows XP (KB2705219)-->"C:\WINDOWS\$NtUninstallKB2705219$\spuninst\spuninst.exe" Security Update for Windows XP (KB2707511)-->"C:\WINDOWS\$NtUninstallKB2707511$\spuninst\spuninst.exe" Security Update for Windows XP (KB2709162)-->"C:\WINDOWS\$NtUninstallKB2709162$\spuninst\spuninst.exe" Security Update for Windows XP (KB2712808)-->"C:\WINDOWS\$NtUninstallKB2712808$\spuninst\spuninst.exe" Security Update for Windows XP (KB2718523)-->"C:\WINDOWS\$NtUninstallKB2718523$\spuninst\spuninst.exe" Security Update for Windows XP (KB2719985)-->"C:\WINDOWS\$NtUninstallKB2719985$\spuninst\spuninst.exe" Security Update for Windows XP (KB2723135)-->"C:\WINDOWS\$NtUninstallKB2723135$\spuninst\spuninst.exe" Security Update for Windows XP (KB2724197)-->"C:\WINDOWS\$NtUninstallKB2724197$\spuninst\spuninst.exe" Security Update for Windows XP (KB2727528)-->"C:\WINDOWS\$NtUninstallKB2727528$\spuninst\spuninst.exe" Security Update for Windows XP (KB2731847)-->"C:\WINDOWS\$NtUninstallKB2731847$\spuninst\spuninst.exe" Security Update for Windows XP (KB2761226)-->"C:\WINDOWS\$NtUninstallKB2761226$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe" Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Security Update for Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe" Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe" Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe" Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe" Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe" Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe" Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe" Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe" Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe" Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe" Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe" Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe" Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe" Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe" Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe" Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe" Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe" Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe" Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe" Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe" Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe" Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Shaw Internet Update 3.3.1-->"C:\Progra~1\Shaw\Update\unins000.exe" Shaw Support 3.1.30-->"C:\Program Files\shaw\unins000.exe" Sperry Rail Detector Car-->MsiExec.exe /I{3D9DA157-F7E4-41CD-84C0-85B68AC2A97E} The CPR Canadian - 1955-->MsiExec.exe /I{1FE78F4C-6088-478C-9B46-EBB9042F90EB} The CPR Empress-->MsiExec.exe /I{69122487-668B-4CA1-B001-CD363506EE6C} The Sims Deluxe Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l0009 TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B} Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe" Update for Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe" Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe" Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe" Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe" Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe" Update for Windows XP (KB2607712)-->"C:\WINDOWS\$NtUninstallKB2607712$\spuninst\spuninst.exe" Update for Windows XP (KB2616676)-->"C:\WINDOWS\$NtUninstallKB2616676$\spuninst\spuninst.exe" Update for Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe" Update for Windows XP (KB2661254-v2)-->"C:\WINDOWS\$NtUninstallKB2661254-v2$\spuninst\spuninst.exe" Update for Windows XP (KB2718704)-->"C:\WINDOWS\$NtUninstallKB2718704$\spuninst\spuninst.exe" Update for Windows XP (KB2736233)-->"C:\WINDOWS\$NtUninstallKB2736233$\spuninst\spuninst.exe" Update for Windows XP (KB2749655)-->"C:\WINDOWS\$NtUninstallKB2749655$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe" Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71} Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5} Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5} Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 10 Hotfix - KB895316-->"C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe" Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89} Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48} ======Security center information====== AV: Microsoft Security Essentials ======System event log====== Computer Name: RUSTY Event Code: 2001 Message: Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1320.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Record Number: 41597 Source Name: Microsoft Antimalware Time Written: 20121010084904.000000-360 Event Type: error User: Computer Name: RUSTY Event Code: 19 Message: Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer. Record Number: 41551 Source Name: Print Time Written: 20121009083856.000000-360 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: RUSTY Event Code: 19 Message: Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer. Record Number: 41400 Source Name: Print Time Written: 20121004151941.000000-360 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: RUSTY Event Code: 19 Message: Sharing printer failed + 1722, Printer LexmarkFax share name Printer2. Record Number: 41119 Source Name: Print Time Written: 20120926082454.000000-360 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: RUSTY Event Code: 19 Message: Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer. Record Number: 40941 Source Name: Print Time Written: 20120920084647.000000-360 Event Type: error User: NT AUTHORITY\SYSTEM =====Application event log===== Computer Name: RUSTY Event Code: 482 Message: svchost (1092) An attempt to write to the file "C:\WINDOWS\system32\CatRoot2\edb.log" at offset 107008 (0x000000000001a200) for 512 (0x00000200) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup. Record Number: 562 Source Name: ESENT Time Written: 20100723055244.000000-360 Event Type: error User: Computer Name: RUSTY Event Code: 408 Message: Catalog Database (1092) Unable to write to logfile C:\WINDOWS\system32\CatRoot2\edb.log. Error -1808 (0xfffff8f0). Record Number: 561 Source Name: ESENT Time Written: 20100723055244.000000-360 Event Type: error User: Computer Name: RUSTY Event Code: 482 Message: svchost (1092) An attempt to write to the file "C:\WINDOWS\system32\CatRoot2\edb.log" at offset 107008 (0x000000000001a200) for 512 (0x00000200) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup. Record Number: 560 Source Name: ESENT Time Written: 20100723055244.000000-360 Event Type: error User: Computer Name: RUSTY Event Code: 408 Message: Catalog Database (1092) Unable to write to logfile C:\WINDOWS\system32\CatRoot2\edb.log. Error -1808 (0xfffff8f0). Record Number: 559 Source Name: ESENT Time Written: 20100723055244.000000-360 Event Type: error User: Computer Name: RUSTY Event Code: 482 Message: svchost (1092) An attempt to write to the file "C:\WINDOWS\system32\CatRoot2\edb.log" at offset 107008 (0x000000000001a200) for 512 (0x00000200) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup. Record Number: 558 Source Name: ESENT Time Written: 20100723055244.000000-360 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel "PROCESSOR_REVISION"=0401 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip -----------------EOF-----------------
How do I backup files and start over after a rootkit?

waves replied to waves's topic in Resolved Malware Removal Logs

Step 3: log.txt: Logfile of random's system information tool 1.09 (written by random/random) Run by Laurel at 2012-12-03 14:25:35 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 2 GB (7%) free of 35 GB Total RAM: 1278 MB (62% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:27:07 PM, on 12/3/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17114) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\Laurel\My Documents\Downloads\RSIT.exe C:\Program Files\trend micro\Laurel.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://employees.cpr.ca/vdesk/cachecleaner.cab#version=7000,2011,0622,1013 O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://employees.cpr.ca/vdesk/terminal/InstallerControl.cab#version=7000,2011,0622,1118 O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab? O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ,mj.shawcable.net,mj.shawcable.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ,mj.shawcable.net,mj.shawcable.net O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ,mj.shawcable.net,mj.shawcable.net O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll O18 - Protocol: intu-qt2009 - {03947252-2355-4E9B-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: F-Secure BlackLight Sensor - F-Secure Corporation - C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 7551 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1-Click Maintenance.job C:\WINDOWS\tasks\Adobe Flash Player Updater.job C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job =========Mozilla firefox========= ProfilePath - C:\Documents and Settings\Laurel\Application Data\Mozilla\Firefox\Profiles\kusos9lw.default "{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.4.402.287 Plugin "Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=iTunes Detector Plug-in "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5] "Description"=Windows Presentation Foundation plug-in for Mozilla browsers "Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll C:\Program Files\Mozilla Firefox\extensions\ {3112ca9c-de6d-4884-a869-9855de68056c} {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files\Mozilla Firefox\components\ binary.manifest browsercomps.dll C:\Program Files\Mozilla Firefox\plugins\ np32dsw.dll npdeployJava1.dll nppdf32.dll ShockwavePlugin.class C:\Program Files\Mozilla Firefox\searchplugins\ amazondotcom.xml bing.xml eBay.xml google.xml twitter.xml wikipedia.xml yahoo.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-04 325408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-04 42272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-04-04 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "LXCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 [] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696] ""= [] "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-09-12 947176] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] C:\Program Files\Dell Support\DSAgnt.exe /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2005-01-19 299008] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe] C:\Program Files\Lexmark 3300 Series\lxccmon.exe [2005-02-21 192512] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-04-25 26112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk] C:\PROGRA~1\Nikon\PICTUR~1\NKBMON~1.EXE [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoSetActiveDesktop"=0 "NoActiveDesktopChanges"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoSetActiveDesktop"=0 "NoActiveDesktopChanges"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "vidc.I420"=i420vfw.dll "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "vidc.iyuv"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvu9"=tsbyuv.dll "vidc.yvyu"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.l3acm"=l3codecx.acm "wave"=serwvdrv.dll "wave1"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "msacm.siren"=sirenacm.dll "vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll "vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll "vidc.yv12"=yv12vfw.dll "wave2"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux"=wdmaud.drv "wave3"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux1"=wdmaud.drv ======List of files/folders created in the last 3 months====== 2012-12-03 14:25:42 ----D---- C:\Program Files\trend micro 2012-12-03 14:25:35 ----DC---- C:\rsit 2012-12-03 14:20:22 ----D---- C:\WINDOWS\ERDNT 2012-12-03 14:19:32 ----D---- C:\Program Files\ERUNT 2012-11-15 08:46:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2727528$ 2012-11-15 08:46:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2761226$ 2012-10-28 09:36:56 ----D---- C:\Program Files\Mozilla Firefox 2012-10-10 08:56:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2724197$ 2012-10-10 08:50:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2756822$ 2012-10-10 08:50:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2749655$ 2012-10-10 08:49:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2661254-v2$ 2012-10-10 08:48:09 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe 2012-09-12 06:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2736233$ ======List of files/folders modified in the last 3 months====== 2012-12-03 14:26:21 ----D---- C:\WINDOWS\Prefetch 2012-12-03 14:25:47 ----SD---- C:\WINDOWS\Tasks 2012-12-03 14:25:42 ----D---- C:\Program Files 2012-12-03 14:20:22 ----D---- C:\WINDOWS 2012-12-03 14:17:00 ----D---- C:\WINDOWS\Temp 2012-12-03 14:16:15 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt 2012-12-03 14:16:14 ----D---- C:\WINDOWS\system32\CatRoot2 2012-12-03 08:30:41 ----A---- C:\WINDOWS\SchedLgU.Txt 2012-12-03 05:37:31 ----D---- C:\Program Files\Lx_cats 2012-11-30 07:44:51 ----D---- C:\WINDOWS\system32\drivers\ETC 2012-11-17 09:16:19 ----D---- C:\WINDOWS\Microsoft.NET 2012-11-17 09:16:07 ----RSD---- C:\WINDOWS\ASSEMBLY 2012-11-16 07:25:37 ----D---- C:\WINDOWS\SYSTEM32 2012-11-15 08:55:03 ----SHD---- C:\WINDOWS\Installer 2012-11-15 08:55:00 ----SHDC---- C:\Config.Msi 2012-11-15 08:47:37 ----A---- C:\WINDOWS\system32\MRT.exe 2012-11-15 08:46:40 ----HD---- C:\WINDOWS\INF 2012-11-15 08:46:37 ----RSHD---- C:\WINDOWS\system32\DLLCACHE 2012-11-15 08:46:23 ----A---- C:\WINDOWS\imsins.BAK 2012-11-14 08:49:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2012-11-14 08:48:19 ----D---- C:\WINDOWS\WinSxS 2012-11-14 08:45:00 ----HD---- C:\WINDOWS\$hf_mig$ 2012-11-04 18:58:41 ----D---- C:\WINDOWS\network diagnostic 2012-10-28 09:44:16 ----D---- C:\Program Files\Mozilla Maintenance Service 2012-10-10 08:48:42 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe 2012-10-02 12:04:21 ----A---- C:\WINDOWS\system32\synceng.dll 2012-10-02 08:51:09 ----D---- C:\WINDOWS\system32\DRIVERS 2012-10-02 08:50:55 ----D---- C:\Program Files\Microsoft Security Client 2012-09-22 09:03:54 ----D---- C:\WINDOWS\system32\en-US 2012-09-22 09:03:54 ----D---- C:\Program Files\Internet Explorer 2012-09-11 06:34:38 ----N---- C:\WINDOWS\system32\tzchange.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] R0 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] R0 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] R0 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2012-08-30 193552] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-10-18 36624] R0 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-03-07 716272] R0 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-18 2432] R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-18 2560] R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2007-06-09 241280] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 MpKsla9b150a6;MpKsla9b150a6; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D46A6439-D930-4EA2-9368-9C71DA3CC867}\MpKsla9b150a6.sys [] R1 pwd_2K;pwd_2K; C:\WINDOWS\system32\drivers\pwd_2K.sys [2007-06-09 144250] R1 SbcpHid;SbcpHid; \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys [] R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2007-06-09 206464] R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-04-25 8552] R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2007-06-09 25930] R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332] R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525] R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929] R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157] R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2007-06-09 30662] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] S3 aa5hvmsz;aa5hvmsz; C:\WINDOWS\system32\drivers\aa5hvmsz.sys [] S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [] S3 fsbl;F-Secure BlackLight Engine Driver; \??\C:\Program Files\Shaw Secure\Anti-Virus\fsbldrv.sys [] S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2008-04-13 59136] S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224] S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-04-04 153376] R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-09-12 20472] R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor; C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe [2011-09-08 167936] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104] S3 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-02-25 466944] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-28 115168] S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
How do I backup files and start over after a rootkit?

waves replied to waves's topic in Resolved Malware Removal Logs

Hello, I will definitely try those steps but I will have to wait a day or two until I can do so. Thanks.
How do I backup files and start over after a rootkit?

waves posted a topic in Resolved Malware Removal Logs

Hi all, Back in August, my parents' computer was infected with the Live Security Platinum/zeroaccess rootkit. I tried removing it at the time, but it was taking way too much time and it was still having problems, so I am planning on saving the computer's files, photos, etc. and starting over. I heard that even if you try to remove the virus, your computer may not be 100% safe, which is why I'd rather start over and re-install Windows. This is what I did to try and remove the virus: http://www.bleepingc...opic464360.html I didn't do anything else to the computer after my last post there. No one has used the computer since then. Is it possible to save everything onto a external hard drive or USB storage without transferring infected files? If so, how do I ensure this doesn't happen and spread to another computer? How do I erase everything on the hard drive (or whatever it is that I could do to erase everything, including the virus)? I don't know a lot about computers so I apologize for all the questions. Thank you.

Sign In

waves

Posts

Joined

Last visited

Reputation

How do I backup files and start over after a rootkit?

How do I backup files and start over after a rootkit?

How do I backup files and start over after a rootkit?

How do I backup files and start over after a rootkit?

How do I backup files and start over after a rootkit?

How do I backup files and start over after a rootkit?

How do I backup files and start over after a rootkit?

How do I backup files and start over after a rootkit?

How do I backup files and start over after a rootkit?

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information