Jump to content

Fake hdd


Recommended Posts

OK. Mbam detected nothing.

There's still a serious issue because 4 of the tools you downloaded and saved do not run.

I will ask you to find them on your Desktop, and 1 by 1, Rename each and then run.

Renaming is initiated by doing a Right Click and then by selecting Rename (one of the options)

The 4 are aswMBR.exe, TDSSKILLER.exe, GooredFix.exe and GMER.exe

The instructions for running those are on previous forum-page for this topic.

I suggest you print that part and also this part too.

a) Locate aswMBR.exe >> right-click >> choose RENAME >> rename to CONE.exe

Run CONE.exe

Save the log.

b) Locate TDSSKILLER.exe >> right-click >> RENAME to CTWO.exe

Run CTWO.exe

Save the log

c) Locate GooredFix.exe >> right-click >> RENAME to CTHREE.exe

Run CTHREE.exe

Save the log

d) Locate GMER.exe >> right-click >> Rename to CFOUR.exe

run CFOUR.exe

Save the log

e) When done, Copy & Paste contents of each of those logs so that I can review

You can be sure there will be much more to do.

Again, do not do any sort of websurfing.

Link to post
Share on other sites

  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

I'd like to see if you can restart the system and put it in Windows' Safe Mode with Networking :excl:

Restart the pc and immediately (and before Windows loads) start tapping & retap the F8 function key on the keyboard. Be persistent.

That will result in a display of the Advanced Boot Options.

From there, use the UP Down keyboard arrows to select SAFE Mode with Networking

and tap Enter

This will load Windows with minimal startups and still allow internet connection.

Once in there, please try one more time to run the tools and then post the logs.

Also, run this :excl:

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop

{good video by the way. You obviously have a 2nd system handy & nearby ?? }

Link to post
Share on other sites

I still was not able to run the first one so I tried the second one later on and it didnt work either I asks me if I want to run when I double click then it does nothing. the last one i did run tho and they worked fine.

GooredFix by jpshortstuff (03.07.10.1)

Log created at 16:31 on 16/04/2012 (Administrator)

Firefox version [unable to determine]

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [06:46 30/06/2009]

"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [18:00 16/05/2011]

"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG2012\Firefox4\" [02:35 09/01/2002]

---------- Old Logs ----------

GooredFix[20.30.54_16-04-2012].txt

-=E.O.F=

GooredFix by jpshortstuff (03.07.10.1)

Log created at 16:30 on 16/04/2012 (Administrator)

Firefox version [unable to determine]

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [06:46 30/06/2009]

"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [18:00 16/05/2011]

"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG2012\Firefox4\" [02:35 09/01/2002]

-=E.O.F=-

Link to post
Share on other sites

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: victoria [Admin rights]

Mode: Scan -- Date: 04/16/2012 23:26:11

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6028GAL +++++

--- User ---

[MBR] db0825f109a6b80afa1e87224dac0290

[bSP] 3dcb6dcf65d4650354f099407482f1ff : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57223 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 1b99bcc909e7093228620aee4c80f8b3

[bSP] 3dcb6dcf65d4650354f099407482f1ff : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57223 Mo

1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 117194175 | Size: 7 Mo

+++++ PhysicalDrive1: Single Flash Reader USB Device +++++

--- User ---

[MBR] a01d0af9fd801c08dba6a1398b6e1032

[bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown

Partition table:

0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 249 | Size: 1937 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Howdy,

Sorry for the delay in getting back to you. I am just now getting over a chest cold.

Looking over the RogueKiller report, it appears that your system could well be infected with a TDL4 bootkit (which is blocking the running of some tools :(

Here's what I would suggest you do.

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
  • Then press the Delete button.
  • Next, click the DNS tab if it shows.... , and then click on the DNS Fix button
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

Step 2

Please download Listparts

Run the tool, click Scan and post the log (Result.txt) it makes.

Step 3

Reply and post the latest RKreport and the Result.txt for my review.

Step 4

Put & enforce a quarantine on this system.

Only visit this site, period. and the websites I guide you to.

Meantime, do not do websurfing on the infected machine.

Hopefully you have another (clean) pc to do this work.

Please make plans to build a CD/DVD that we will need to boot from.

Download the >> Gparted Live CD ISO << and burn it to CD or DVD as an ISO image.

and let me know after you have finished.

If your Windows version does not have an ISO burning capability,

you need to use something like Nero /Roxio or other iso-capable-burning software, and do an image burn. If you do a regular copy-burn the CD won't work. If you don't have ISO-burning capabilty, you can obtain a free .iso burner such as ImageBurn (ImgBurn):

ImgBurn is another free utility. You only need one for our purpose.

Imgburn is at http://www.imgburn.com/

Let me know once you have made this CD/DVD and we will proceed forward. It is quite possible I can help you to remove the hidden malware partition.

You should also keep in mind, it may be faster & safer if you have a mirror-image-disk backup from before the infection -- to re-image your system from that backup.

Alternatively, a wipe of your system and a clean install of Windows XP would be safest.

Link to post
Share on other sites

RogueKiller V7.3.3 [04/22/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: victoria [Admin rights]

Mode: DNSFix -- Date: 04/23/2012 20:32:12

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[5].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

ListParts by Farbar Version: 12-03-2012 03

Ran by victoria (administrator) on 23-04-2012 at 23:45:43

Windows XP (X86)

Running From: C:\Documents and Settings\victoria\Local Settings\Temporary Internet Files\Content.IE5\4XGWYJO0

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 53%

Total physical RAM: 1015.23 MB

Available physical RAM: 475.63 MB

Total Pagefile: 2442.52 MB

Available Pagefile: 1873.88 MB

Total Virtual: 2047.88 MB

Available Virtual: 1998.82 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:55.88 GB) (Free:40.51 GB) NTFS ==>[Drive with boot components (Windows XP)]

2 Drive e: () (Removable) (Total:1.89 GB) (Free:1.86 GB) FAT

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 56 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 56 GB 32 KB

Partition 2 Unknown 8025 KB 56 GB

======================================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 0 C NTFS Partition 56 GB Healthy Boot

======================================================================================================

Disk: 0

Partition 2

Type : 17 (Suspicious Type)

Hidden: Yes

Active: Yes

There is no volume associated with this partition.

======================================================================================================

****** End Of Log ******

Edited by Maurice Naggar
Highlights added
Link to post
Share on other sites

Hold the train then. Do you know, or, can you check if that system is able to boot off an external CD/DVD drive?

Also, check if it is able to boot from a USB device. Let me know. Apparently I'll have to change the approach on how to fix/quash the rogue hidden partition.

Link to post
Share on other sites

I couldnt find my old external drive so Where should I go from here. also I just happened to go into my computer and into the microsoft and there is a very large list of files I have never seen before all labels with numbers and letters. I t5ook a pic but have to upload it for you.

Link to post
Share on other sites

Hello,

Tell me if you uploaded the picture and where I might see it.

I need for you to be in Windows XP, normal mode is best, if you can. If not, then in Safe Mode with Networking.

Please follow my guidance. Ask if you have questions.

I am going to ask you to read very carefully. I am asking you to download to unique folder !!

Step 1. Close and save any open documents, and exit programs that you started.

Step 2. Download TDSSKiller.exe and SAVE it to a special folder

http://support.kaspe.../tdsskiller.exe

and be sure to SAVE it in this folder --> C:\Program Files\Malwarebytes' Anti-Malware\Chameleon

Step 3. Install the Chameleon driver by doing the following:

Press the Windows key + R and in the Run box, copy and paste the following command then press Enter. Copy All of the line from beginning to end {from the double-quote ...all the way to the last o ......ALL

"C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o

A black DOS prompt will appear with a prompt to press any key to continue, please do.

Step 4

Please read carefully and follow these steps.

  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please Copy & Paste that log in reply.

Link to post
Share on other sites

21:06:13.0265 1300 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57

21:06:40.0343 1300 ============================================================

21:06:46.0218 1300 Current date / time: 2012/05/17 21:06:40.0343

21:06:46.0656 1300 SystemInfo:

21:06:47.0156 1300

21:06:47.0843 1300 OS Version: 5.1.2600 ServicePack: 3.0

21:06:48.0468 1300 Product type: Workstation

21:06:48.0906 1300 ComputerName: VICTORIA-AE7A76

21:06:49.0531 1300 Windows directory: C:\WINDOWS

21:06:50.0031 1300 System windows directory: C:\WINDOWS

21:06:50.0593 1300 Processor architecture: Intel x86

21:06:51.0156 1300 Number of processors: 2

21:06:51.0812 1300 Page size: 0x1000

21:06:52.0281 1300 Boot type: Normal boot

21:06:58.0312 1300 ============================================================

21:10:48.0281 1300 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

21:10:54.0281 1300 Drive \Device\Harddisk1\DR3 - Size: 0x79280000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

21:10:54.0437 1300 ============================================================

21:10:54.0718 1300 \Device\Harddisk0\DR0:

21:10:55.0093 1300 MBR partitions:

21:10:55.0312 1300 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80

21:10:55.0593 1300 \Device\Harddisk1\DR3:

21:10:55.0875 1300 MBR partitions:

21:10:56.0250 1300 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x3C8907

21:10:56.0531 1300 ============================================================

21:10:56.0968 1300 C: <-> \Device\Harddisk0\DR0\Partition0

21:10:57.0250 1300 ============================================================

21:10:57.0656 1300 Initialize success

21:10:57.0875 1300 ============================================================

21:11:14.0093 1792 ============================================================

21:11:19.0937 1792 Scan started

21:11:25.0109 1792 Mode: Manual;

21:11:25.0406 1792 ============================================================

21:11:31.0734 1792 Abiosdsk - ok

21:11:35.0125 1792 abp480n5 - ok

21:11:42.0546 1792 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

21:11:59.0015 1792 ACPI - ok

21:12:04.0187 1792 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

21:13:14.0171 1792 ACPIEC - ok

21:13:14.0671 1792 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

21:13:15.0171 1792 AdobeFlashPlayerUpdateSvc - ok

21:13:15.0421 1792 adpu160m - ok

21:13:15.0906 1792 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

21:13:16.0656 1792 aec - ok

21:13:16.0968 1792 AESTAud (20f078136f3bdc4c0405c0527b769303) C:\WINDOWS\system32\drivers\AESTAud.sys

21:13:18.0203 1792 AESTAud - ok

21:13:18.0375 1792 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

21:13:23.0953 1792 AFD - ok

21:13:29.0156 1792 Aha154x - ok

21:13:35.0031 1792 aic78u2 - ok

21:13:40.0953 1792 aic78xx - ok

21:13:46.0953 1792 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

21:14:04.0171 1792 Alerter - ok

21:14:04.0625 1792 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

21:14:05.0359 1792 ALG - ok

21:14:05.0718 1792 AliIde - ok

21:14:05.0968 1792 amsint - ok

21:14:06.0281 1792 AppMgmt - ok

21:14:06.0562 1792 asc - ok

21:14:06.0781 1792 asc3350p - ok

21:14:07.0062 1792 asc3550 - ok

21:14:07.0515 1792 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

21:14:08.0062 1792 aspnet_state - ok

21:14:08.0406 1792 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

21:14:23.0937 1792 AsyncMac - ok

21:14:29.0031 1792 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

21:14:35.0312 1792 atapi - ok

21:14:41.0234 1792 Atdisk - ok

21:14:41.0656 1792 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

21:14:42.0671 1792 Atmarpc - ok

21:14:42.0890 1792 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

21:14:43.0546 1792 AudioSrv - ok

21:14:43.0656 1792 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

21:14:44.0578 1792 audstub - ok

21:14:47.0015 1792 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

21:15:01.0250 1792 AVGIDSAgent - ok

21:15:11.0312 1792 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

21:15:22.0109 1792 AVGIDSDriver - ok

21:15:22.0328 1792 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

21:15:22.0953 1792 AVGIDSEH - ok

21:15:23.0265 1792 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

21:15:23.0906 1792 AVGIDSFilter - ok

21:15:24.0375 1792 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

21:15:25.0109 1792 AVGIDSShim - ok

21:15:25.0500 1792 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

21:15:26.0031 1792 Avgldx86 - ok

21:15:26.0406 1792 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

21:15:26.0890 1792 Avgmfx86 - ok

21:15:27.0328 1792 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

21:15:28.0484 1792 Avgrkx86 - ok

21:15:34.0421 1792 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

21:15:46.0296 1792 Avgtdix - ok

21:15:52.0218 1792 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

21:15:52.0562 1792 avgwd - ok

21:15:53.0390 1792 BCM43XX (c89327377d4b62dc792e8930ea55f571) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

21:15:54.0125 1792 BCM43XX - ok

21:15:54.0578 1792 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

21:15:55.0562 1792 Beep - ok

21:16:01.0031 1792 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

21:16:13.0031 1792 BITS - ok

21:16:17.0968 1792 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

21:16:23.0125 1792 Browser - ok

21:16:23.0343 1792 btaudio - ok

21:16:23.0578 1792 BTDriver - ok

21:16:23.0828 1792 BTWDNDIS - ok

21:16:24.0125 1792 btwhid - ok

21:16:24.0468 1792 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

21:16:25.0265 1792 cbidf2k - ok

21:16:25.0687 1792 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

21:16:26.0875 1792 CCDECODE - ok

21:16:27.0125 1792 cd20xrnt - ok

21:16:27.0562 1792 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

21:16:39.0250 1792 Cdaudio - ok

21:16:45.0015 1792 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

21:16:50.0281 1792 Cdfs - ok

21:16:50.0531 1792 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

21:16:50.0937 1792 Cdrom - ok

21:16:50.0968 1792 Changer - ok

21:16:51.0046 1792 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

21:16:51.0390 1792 CiSvc - ok

21:16:51.0531 1792 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

21:16:52.0156 1792 ClipSrv - ok

21:16:52.0468 1792 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:16:52.0859 1792 clr_optimization_v2.0.50727_32 - ok

21:16:58.0062 1792 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

21:17:08.0359 1792 CmBatt - ok

21:17:08.0578 1792 CmdIde - ok

21:17:08.0765 1792 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

21:17:09.0687 1792 Compbatt - ok

21:17:09.0843 1792 COMSysApp - ok

21:17:10.0031 1792 Cpqarray - ok

21:17:10.0187 1792 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

21:17:10.0484 1792 CryptSvc - ok

21:17:10.0609 1792 dac2w2k - ok

21:17:10.0656 1792 dac960nt - ok

21:17:10.0921 1792 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

21:17:11.0296 1792 DcomLaunch - ok

21:17:11.0546 1792 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

21:17:11.0703 1792 Dhcp - ok

21:17:11.0968 1792 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

21:17:12.0437 1792 Disk - ok

21:17:12.0562 1792 dmadmin - ok

21:17:13.0000 1792 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

21:17:33.0265 1792 dmboot - ok

21:17:33.0625 1792 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

21:17:49.0859 1792 dmio - ok

21:17:50.0328 1792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

21:18:12.0546 1792 dmload - ok

21:18:18.0343 1792 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

21:18:27.0031 1792 dmserver - ok

21:18:27.0390 1792 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

21:18:28.0343 1792 DMusic - ok

21:18:28.0750 1792 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

21:18:29.0234 1792 Dnscache - ok

21:18:29.0390 1792 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

21:18:30.0328 1792 Dot3svc - ok

21:18:30.0640 1792 dpti2o - ok

21:18:30.0859 1792 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

21:18:31.0453 1792 drmkaud - ok

21:18:31.0796 1792 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

21:18:52.0265 1792 EapHost - ok

21:18:52.0484 1792 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

21:18:53.0062 1792 ERSvc - ok

21:18:53.0546 1792 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

21:18:54.0015 1792 Eventlog - ok

21:18:54.0359 1792 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

21:18:54.0687 1792 EventSystem - ok

21:18:55.0015 1792 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

21:18:55.0515 1792 Fastfat - ok

21:18:55.0671 1792 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

21:18:55.0937 1792 FastUserSwitchingCompatibility - ok

21:18:56.0015 1792 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

21:18:56.0187 1792 Fdc - ok

21:18:56.0265 1792 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

21:18:56.0671 1792 Fips - ok

21:18:56.0765 1792 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

21:18:57.0187 1792 Flpydisk - ok

21:18:57.0265 1792 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

21:18:57.0609 1792 FltMgr - ok

21:18:57.0796 1792 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

21:19:07.0937 1792 FontCache3.0.0.0 - ok

21:19:22.0875 1792 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

21:19:33.0421 1792 Fs_Rec - ok

21:19:33.0703 1792 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

21:19:34.0250 1792 Ftdisk - ok

21:19:34.0359 1792 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

21:19:34.0734 1792 GEARAspiWDM - ok

21:19:34.0781 1792 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

21:19:35.0203 1792 Gpc - ok

21:19:35.0343 1792 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

21:19:35.0687 1792 HDAudBus - ok

21:19:35.0812 1792 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

21:19:35.0984 1792 helpsvc - ok

21:19:36.0015 1792 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

21:19:36.0250 1792 HidServ - ok

21:19:36.0406 1792 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

21:19:36.0984 1792 HidUsb - ok

21:19:37.0015 1792 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

21:19:37.0531 1792 hkmsvc - ok

21:19:37.0718 1792 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

21:19:43.0484 1792 HP Port Resolver - ok

21:19:43.0656 1792 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

21:19:44.0046 1792 HP Status Server - ok

21:19:44.0281 1792 hpn - ok

21:19:44.0484 1792 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

21:19:44.0671 1792 hpqwmiex - ok

21:19:44.0859 1792 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

21:19:47.0375 1792 HPZid412 - ok

21:19:47.0656 1792 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

21:20:09.0906 1792 HPZius12 - ok

21:20:10.0109 1792 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

21:20:10.0359 1792 HTTP - ok

21:20:10.0484 1792 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

21:20:10.0859 1792 HTTPFilter - ok

21:20:10.0953 1792 i2omgmt - ok

21:20:11.0000 1792 i2omp - ok

21:20:11.0046 1792 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

21:20:11.0640 1792 i8042prt - ok

21:20:14.0218 1792 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

21:20:24.0281 1792 ialm - ok

21:20:29.0109 1792 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

21:20:36.0500 1792 IDriverT - ok

21:20:37.0031 1792 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

21:20:37.0281 1792 idsvc - ok

21:20:37.0515 1792 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

21:20:38.0390 1792 Imapi - ok

21:20:38.0515 1792 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

21:20:38.0718 1792 ImapiService - ok

21:20:38.0734 1792 ini910u - ok

21:20:38.0828 1792 IntelIde - ok

21:20:38.0906 1792 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

21:20:53.0890 1792 intelppm - ok

21:20:58.0968 1792 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

21:20:59.0187 1792 Ip6Fw - ok

21:20:59.0250 1792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

21:20:59.0546 1792 IpFilterDriver - ok

21:20:59.0546 1792 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

21:20:59.0796 1792 IpInIp - ok

21:20:59.0906 1792 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

21:21:00.0031 1792 IpNat - ok

21:21:00.0093 1792 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

21:21:00.0312 1792 IPSec - ok

21:21:00.0359 1792 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

21:21:00.0593 1792 IRENUM - ok

21:21:00.0703 1792 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

21:21:00.0953 1792 isapnp - ok

21:21:01.0109 1792 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe

21:21:01.0375 1792 JavaQuickStarterService - ok

21:21:01.0421 1792 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

21:21:01.0625 1792 Kbdclass - ok

21:21:01.0812 1792 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

21:21:02.0046 1792 kbdhid - ok

21:21:02.0281 1792 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

21:21:02.0421 1792 kmixer - ok

21:21:02.0500 1792 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

21:21:02.0656 1792 KSecDD - ok

21:21:02.0718 1792 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

21:21:02.0937 1792 LanmanServer - ok

21:21:03.0000 1792 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

21:21:03.0078 1792 lanmanworkstation - ok

21:21:03.0093 1792 lbrtfdc - ok

21:21:03.0203 1792 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

21:21:03.0406 1792 LmHosts - ok

21:21:03.0437 1792 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys

21:21:03.0531 1792 mbamchameleon - ok

21:21:03.0625 1792 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

21:21:03.0875 1792 Messenger - ok

21:21:08.0921 1792 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

21:21:29.0062 1792 mnmdd - ok

21:21:29.0406 1792 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

21:21:30.0218 1792 mnmsrvc - ok

21:21:30.0359 1792 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

21:21:30.0796 1792 Modem - ok

21:21:31.0015 1792 motccgp (a10fa04b73a9d97e5cf77eb1d5a88165) C:\WINDOWS\system32\DRIVERS\motccgp.sys

21:21:31.0484 1792 motccgp - ok

21:21:31.0562 1792 motccgpfl (aad6191a4daa519f04ab12b2af73e356) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys

21:21:32.0015 1792 motccgpfl - ok

21:21:32.0171 1792 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys

21:21:32.0578 1792 MotoSwitchService - ok

21:21:32.0671 1792 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

21:21:33.0125 1792 Mouclass - ok

21:21:33.0281 1792 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

21:21:33.0515 1792 mouhid - ok

21:21:33.0593 1792 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

21:21:44.0078 1792 MountMgr - ok

21:21:49.0046 1792 mraid35x - ok

21:21:54.0125 1792 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

21:21:59.0015 1792 MRxDAV - ok

21:21:59.0421 1792 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

21:21:59.0656 1792 MRxSmb - ok

21:21:59.0812 1792 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

21:22:00.0109 1792 MSDTC - ok

21:22:00.0265 1792 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

21:22:00.0625 1792 Msfs - ok

21:22:00.0656 1792 MSIServer - ok

21:22:00.0718 1792 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

21:22:01.0390 1792 MSKSSRV - ok

21:22:01.0500 1792 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

21:22:01.0953 1792 MSPCLOCK - ok

21:22:02.0000 1792 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

21:22:02.0312 1792 MSPQM - ok

21:22:02.0515 1792 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

21:22:02.0703 1792 mssmbios - ok

21:22:02.0796 1792 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

21:22:03.0109 1792 MSTEE - ok

21:22:03.0234 1792 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

21:22:03.0593 1792 Mup - ok

21:22:03.0703 1792 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

21:22:13.0953 1792 NABTSFEC - ok

21:22:23.0968 1792 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

21:22:40.0531 1792 napagent - ok

21:22:46.0046 1792 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

21:23:02.0640 1792 NDIS - ok

21:23:02.0937 1792 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

21:23:03.0953 1792 NdisIP - ok

21:23:04.0125 1792 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

21:23:04.0812 1792 NdisTapi - ok

21:23:05.0093 1792 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

21:23:05.0546 1792 Ndisuio - ok

21:23:05.0750 1792 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

21:23:06.0609 1792 NdisWan - ok

21:23:07.0046 1792 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

21:23:07.0750 1792 NDProxy - ok

21:23:08.0218 1792 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

21:23:19.0468 1792 NetBIOS - ok

21:23:20.0031 1792 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

21:23:21.0125 1792 NetBT - ok

21:23:22.0031 1792 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

21:23:23.0343 1792 NetDDE - ok

21:23:23.0875 1792 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

21:23:24.0796 1792 NetDDEdsdm - ok

21:23:25.0406 1792 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:23:37.0109 1792 Netlogon - ok

21:23:37.0812 1792 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

21:23:38.0890 1792 Netman - ok

21:23:39.0640 1792 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:23:40.0281 1792 NetTcpPortSharing - ok

21:23:40.0671 1792 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

21:23:41.0859 1792 Nla - ok

21:23:42.0484 1792 Nmea - ok

21:23:42.0984 1792 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

21:23:55.0421 1792 Npfs - ok

21:24:01.0640 1792 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

21:24:13.0250 1792 Ntfs - ok

21:24:13.0421 1792 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:24:13.0828 1792 NtLmSsp - ok

21:24:14.0156 1792 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

21:24:14.0656 1792 NtmsSvc - ok

21:24:14.0812 1792 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

21:24:15.0421 1792 Null - ok

21:24:15.0796 1792 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys

21:24:16.0109 1792 NWADI - ok

21:24:16.0359 1792 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

21:24:16.0765 1792 NwlnkFlt - ok

21:24:16.0781 1792 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

21:24:17.0296 1792 NwlnkFwd - ok

21:24:17.0921 1792 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

21:24:23.0359 1792 odserv - ok

21:24:29.0281 1792 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:24:41.0062 1792 ose - ok

21:24:41.0156 1792 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

21:24:41.0359 1792 Parport - ok

21:24:41.0609 1792 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

21:24:41.0968 1792 PartMgr - ok

21:24:42.0125 1792 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

21:24:42.0500 1792 ParVdm - ok

21:24:42.0781 1792 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys

21:24:42.0984 1792 PCASp50 - ok

21:24:43.0093 1792 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

21:24:43.0468 1792 PCI - ok

21:24:43.0468 1792 PCIDump - ok

21:24:43.0515 1792 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

21:24:43.0859 1792 PCIIde - ok

21:24:43.0937 1792 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

21:24:44.0203 1792 Pcmcia - ok

21:24:44.0218 1792 PCTINDIS5 - ok

21:24:44.0250 1792 PDCOMP - ok

21:24:44.0312 1792 PDFRAME - ok

21:24:44.0343 1792 PDRELI - ok

21:24:44.0406 1792 PDRFRAME - ok

21:24:44.0468 1792 perc2 - ok

21:24:44.0500 1792 perc2hib - ok

21:24:44.0718 1792 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

21:24:44.0812 1792 PlugPlay - ok

21:24:44.0890 1792 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:24:44.0968 1792 PolicyAgent - ok

21:24:45.0078 1792 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

21:24:45.0281 1792 PptpMiniport - ok

21:24:45.0281 1792 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:24:45.0375 1792 ProtectedStorage - ok

21:24:45.0406 1792 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

21:24:45.0687 1792 PSched - ok

21:24:45.0734 1792 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

21:25:00.0953 1792 Ptilink - ok

21:25:06.0000 1792 ql1080 - ok

21:25:11.0000 1792 Ql10wnt - ok

21:25:11.0062 1792 ql12160 - ok

21:25:11.0125 1792 ql1240 - ok

21:25:11.0156 1792 ql1280 - ok

21:25:11.0234 1792 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

21:25:11.0531 1792 RasAcd - ok

21:25:11.0656 1792 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

21:25:12.0093 1792 RasAuto - ok

21:25:12.0187 1792 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

21:25:12.0515 1792 Rasl2tp - ok

21:25:12.0656 1792 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

21:25:12.0765 1792 RasMan - ok

21:25:12.0796 1792 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

21:25:13.0062 1792 RasPppoe - ok

21:25:13.0125 1792 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

21:25:13.0640 1792 Raspti - ok

21:25:13.0734 1792 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

21:25:14.0187 1792 Rdbss - ok

21:25:14.0250 1792 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

21:25:14.0671 1792 RDPCDD - ok

21:25:14.0796 1792 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

21:25:15.0218 1792 RDPWD - ok

21:25:15.0390 1792 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

21:25:15.0828 1792 RDSessMgr - ok

21:25:21.0140 1792 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

21:25:31.0328 1792 redbook - ok

21:25:37.0031 1792 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

21:25:57.0875 1792 RemoteAccess - ok

21:25:57.0937 1792 RimUsb - ok

21:25:58.0171 1792 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

21:25:58.0765 1792 RimVSerPort - ok

21:25:58.0828 1792 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

21:25:59.0546 1792 ROOTMODEM - ok

21:25:59.0656 1792 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

21:26:00.0546 1792 RpcLocator - ok

21:26:00.0937 1792 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

21:26:01.0265 1792 RpcSs - ok

21:26:01.0437 1792 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

21:26:02.0359 1792 RSVP - ok

21:26:02.0781 1792 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:26:13.0921 1792 SamSs - ok

21:26:14.0328 1792 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

21:26:31.0640 1792 SCardSvr - ok

21:26:32.0671 1792 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

21:26:33.0609 1792 Schedule - ok

21:26:34.0015 1792 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

21:26:35.0218 1792 Secdrv - ok

21:26:35.0484 1792 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

21:26:36.0093 1792 seclogon - ok

21:26:36.0484 1792 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

21:26:43.0062 1792 SENS - ok

21:26:49.0093 1792 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

21:27:06.0031 1792 Serial - ok

21:27:28.0031 1792 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

21:27:29.0328 1792 Sfloppy - ok

21:27:29.0906 1792 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

21:27:30.0843 1792 SharedAccess - ok

21:27:31.0312 1792 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

21:27:32.0109 1792 ShellHWDetection - ok

21:27:32.0468 1792 Simbad - ok

21:27:32.0859 1792 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

21:27:34.0015 1792 SLIP - ok

21:27:39.0921 1792 Sparrow - ok

21:27:46.0156 1792 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

21:27:56.0593 1792 splitter - ok

21:27:57.0156 1792 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

21:27:57.0812 1792 Spooler - ok

21:27:58.0437 1792 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

21:27:59.0937 1792 sr - ok

21:28:01.0890 1792 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

21:28:17.0031 1792 srservice - ok

21:28:25.0125 1792 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

21:28:30.0437 1792 Srv - ok

21:28:31.0656 1792 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

21:29:05.0890 1792 sscdbus - ok

21:29:06.0234 1792 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

21:29:33.0953 1792 sscdmdfl - ok

21:29:34.0437 1792 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

21:29:57.0453 1792 sscdmdm - ok

21:30:02.0937 1792 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

21:30:03.0453 1792 SSDPSRV - ok

21:30:03.0718 1792 STacSV (cf7df19ec6eee8d51b7fccf4aae93906) c:\program files\idt\wdm\stacsv.exe

21:30:04.0140 1792 STacSV - ok

21:30:05.0187 1792 STHDA (0fa55f3ea8a0428ae296ab78a9a5067a) C:\WINDOWS\system32\drivers\sthda.sys

21:30:19.0375 1792 STHDA - ok

21:30:19.0921 1792 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

21:30:20.0703 1792 stisvc - ok

21:30:21.0171 1792 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

21:30:22.0281 1792 streamip - ok

21:30:22.0687 1792 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

21:30:23.0609 1792 swenum - ok

21:30:24.0062 1792 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

21:30:24.0562 1792 swmidi - ok

21:30:24.0984 1792 swmsflt (eda7336cd2e334b4db321bc60b7da11e) C:\WINDOWS\System32\drivers\swmsflt.sys

21:30:47.0046 1792 swmsflt - ok

21:30:53.0265 1792 swmx00 (5d3c9f767eaded3e14fa4ce6cf9f7725) C:\WINDOWS\system32\DRIVERS\swmx00.sys

21:31:00.0171 1792 swmx00 - ok

21:31:00.0734 1792 SWNC5E00 (e0919389fb29ed5c03b0b664236abe50) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys

21:31:01.0359 1792 SWNC5E00 - ok

21:31:01.0734 1792 SwPrv - ok

21:31:01.0828 1792 symc810 - ok

21:31:01.0859 1792 symc8xx - ok

21:31:02.0031 1792 sym_hi - ok

21:31:02.0312 1792 sym_u3 - ok

21:31:02.0718 1792 SynTP (aee6e411a915f50101895ba8dc5c15d4) C:\WINDOWS\system32\DRIVERS\SynTP.sys

21:31:03.0359 1792 SynTP - ok

21:31:03.0703 1792 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

21:31:14.0906 1792 sysaudio - ok

21:31:20.0046 1792 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

21:31:37.0234 1792 SysmonLog - ok

21:31:38.0031 1792 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

21:31:39.0062 1792 TapiSrv - ok

21:31:39.0781 1792 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

21:31:40.0453 1792 Tcpip - ok

21:31:41.0031 1792 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

21:31:42.0796 1792 TDPIPE - ok

21:31:43.0265 1792 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

21:32:11.0140 1792 TDTCP - ok

21:32:17.0296 1792 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

21:32:18.0375 1792 TermDD - ok

21:32:18.0765 1792 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

21:32:19.0781 1792 TermService - ok

21:32:20.0281 1792 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

21:32:21.0031 1792 Themes - ok

21:32:21.0484 1792 TosIde - ok

21:32:21.0812 1792 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

21:32:22.0578 1792 TrkWks - ok

21:32:22.0937 1792 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

21:32:35.0156 1792 Udfs - ok

21:32:41.0000 1792 ultra - ok

21:32:47.0125 1792 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

21:32:53.0765 1792 Update - ok

21:32:54.0187 1792 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

21:32:55.0312 1792 upnphost - ok

21:32:55.0718 1792 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

21:32:56.0593 1792 UPS - ok

21:32:56.0859 1792 USBAAPL - ok

21:32:57.0265 1792 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

21:33:03.0250 1792 usbaudio - ok

21:33:13.0937 1792 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

21:33:14.0796 1792 usbccgp - ok

21:33:15.0062 1792 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

21:33:16.0125 1792 usbehci - ok

21:33:16.0625 1792 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

21:33:17.0703 1792 usbhub - ok

21:33:18.0093 1792 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

21:33:24.0171 1792 usbprint - ok

21:33:24.0312 1792 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

21:33:25.0296 1792 usbscan - ok

21:33:25.0609 1792 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:33:26.0421 1792 usbstor - ok

21:33:26.0609 1792 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

21:33:27.0515 1792 usbuhci - ok

21:33:28.0046 1792 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

21:33:34.0406 1792 usbvideo - ok

21:33:40.0062 1792 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

21:33:41.0078 1792 VgaSave - ok

21:33:41.0296 1792 ViaIde - ok

21:33:41.0593 1792 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

21:33:42.0453 1792 VolSnap - ok

21:33:43.0031 1792 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

21:33:44.0000 1792 VSS - ok

21:33:44.0328 1792 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

21:33:45.0046 1792 W32Time - ok

21:33:51.0078 1792 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

21:34:03.0125 1792 Wanarp - ok

21:34:14.0046 1792 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

21:34:14.0796 1792 Wdf01000 - ok

21:34:15.0078 1792 WDICA - ok

21:34:15.0390 1792 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

21:34:16.0078 1792 wdmaud - ok

21:34:16.0406 1792 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

21:34:16.0890 1792 WebClient - ok

21:34:17.0359 1792 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

21:34:18.0078 1792 winmgmt - ok

21:34:18.0593 1792 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll

21:34:30.0296 1792 WmdmPmSN - ok

21:34:41.0031 1792 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

21:34:47.0406 1792 WmiAcpi - ok

21:34:47.0781 1792 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

21:34:48.0531 1792 WmiApSrv - ok

21:34:49.0343 1792 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe

21:34:50.0281 1792 WMPNetworkSvc - ok

21:34:50.0671 1792 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

21:34:51.0218 1792 WpdUsb - ok

21:34:51.0593 1792 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

21:34:52.0687 1792 WS2IFSL - ok

21:34:53.0046 1792 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

21:35:05.0000 1792 wscsvc - ok

21:35:10.0015 1792 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

21:35:16.0593 1792 WSTCODEC - ok

21:35:16.0843 1792 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

21:35:17.0468 1792 wuauserv - ok

21:35:17.0781 1792 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

21:35:18.0890 1792 WudfPf - ok

21:35:19.0218 1792 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

21:35:19.0765 1792 WudfRd - ok

21:35:20.0000 1792 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

21:35:20.0359 1792 WudfSvc - ok

21:35:20.0734 1792 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

21:35:21.0000 1792 WZCSVC - ok

21:35:21.0406 1792 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

21:35:22.0031 1792 xmlprov - ok

21:35:22.0546 1792 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

21:35:22.0937 1792 YahooAUService - ok

21:35:23.0125 1792 yukonwxp (849494d3f85a45231744ca7470246c71) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

21:35:23.0656 1792 yukonwxp - ok

21:35:23.0828 1792 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

21:35:23.0953 1792 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected

21:35:24.0000 1792 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)

21:35:24.0015 1792 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3

21:35:24.0156 1792 \Device\Harddisk1\DR3 - ok

21:35:24.0359 1792 Boot (0x1200) (2c995bfe91baede2c4561a7e25035f75) \Device\Harddisk0\DR0\Partition0

21:35:24.0609 1792 \Device\Harddisk0\DR0\Partition0 - ok

21:35:24.0687 1792 Boot (0x1200) (955cab1072e28514c22224a704965906) \Device\Harddisk1\DR3\Partition0

21:35:24.0734 1792 \Device\Harddisk1\DR3\Partition0 - ok

21:35:24.0765 1792 ============================================================

21:35:24.0765 1792 Scan finished

21:35:24.0937 1792 ============================================================

21:35:25.0109 2668 Detected object count: 1

21:35:25.0359 2668 Actual detected object count: 1

22:14:07.0546 2668 \Device\Harddisk0\DR0\# - copied to quarantine

22:14:08.0140 2668 \Device\Harddisk0\DR0 - copied to quarantine

22:14:33.0906 2668 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine

22:14:46.0984 2668 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine

22:15:15.0359 2668 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine

22:15:16.0468 2668 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine

22:15:18.0265 2668 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine

22:15:44.0796 2668 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine

22:15:47.0718 2668 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine

22:15:49.0906 2668 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine

22:16:17.0390 2668 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine

22:16:19.0796 2668 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

22:16:49.0703 2668 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

22:17:09.0968 2668 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

22:17:19.0687 2668 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

22:18:20.0171 2668 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine

22:18:25.0421 2668 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine

22:18:35.0359 2668 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine

22:19:10.0812 2668 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine

22:20:12.0359 2668 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine

22:20:29.0671 2668 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine

22:21:03.0046 2668 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine

22:21:08.0171 2668 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine

22:21:16.0625 2668 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine

22:21:16.0937 2668 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot

22:21:17.0156 2668 \Device\Harddisk0\DR0 - ok

22:21:17.0531 2668 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure

22:22:25.0625 3264 Deinitialize success

Link to post
Share on other sites

21:40:07.0203 3092 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57

21:40:07.0656 3092 ============================================================

21:40:07.0656 3092 Current date / time: 2012/05/18 21:40:07.0656

21:40:07.0656 3092 SystemInfo:

21:40:07.0656 3092

21:40:07.0656 3092 OS Version: 5.1.2600 ServicePack: 3.0

21:40:07.0656 3092 Product type: Workstation

21:40:07.0656 3092 ComputerName: VICTORIA-AE7A76

21:40:07.0656 3092 UserName: victoria

21:40:07.0656 3092 Windows directory: C:\WINDOWS

21:40:07.0656 3092 System windows directory: C:\WINDOWS

21:40:07.0656 3092 Processor architecture: Intel x86

21:40:07.0656 3092 Number of processors: 2

21:40:07.0656 3092 Page size: 0x1000

21:40:07.0656 3092 Boot type: Normal boot

21:40:07.0656 3092 ============================================================

21:40:23.0640 3092 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

21:40:23.0843 3092 Drive \Device\Harddisk1\DR2 - Size: 0x79280000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

21:40:23.0843 3092 ============================================================

21:40:23.0843 3092 \Device\Harddisk0\DR0:

21:40:29.0828 3092 MBR partitions:

21:40:29.0828 3092 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80

21:40:29.0828 3092 \Device\Harddisk1\DR2:

21:40:29.0828 3092 MBR partitions:

21:40:29.0828 3092 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x3C8907

21:40:29.0828 3092 ============================================================

21:40:31.0078 3092 C: <-> \Device\Harddisk0\DR0\Partition0

21:40:31.0078 3092 ============================================================

21:40:31.0093 3092 Initialize success

21:40:31.0093 3092 ============================================================

21:41:35.0843 1980 ============================================================

21:41:35.0843 1980 Scan started

21:41:35.0843 1980 Mode: Manual;

21:41:35.0843 1980 ============================================================

21:41:37.0109 1980 Abiosdsk - ok

21:41:37.0125 1980 abp480n5 - ok

21:41:37.0187 1980 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

21:41:37.0203 1980 ACPI - ok

21:41:37.0343 1980 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

21:41:37.0375 1980 ACPIEC - ok

21:41:37.0453 1980 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

21:41:37.0468 1980 AdobeFlashPlayerUpdateSvc - ok

21:41:37.0484 1980 adpu160m - ok

21:41:37.0531 1980 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

21:41:37.0531 1980 aec - ok

21:41:37.0625 1980 AESTAud (20f078136f3bdc4c0405c0527b769303) C:\WINDOWS\system32\drivers\AESTAud.sys

21:41:37.0625 1980 AESTAud - ok

21:41:37.0765 1980 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

21:41:37.0765 1980 AFD - ok

21:41:37.0781 1980 Aha154x - ok

21:41:37.0781 1980 aic78u2 - ok

21:41:37.0796 1980 aic78xx - ok

21:41:37.0890 1980 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

21:41:38.0046 1980 Alerter - ok

21:41:38.0203 1980 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

21:41:38.0203 1980 ALG - ok

21:41:38.0218 1980 AliIde - ok

21:41:38.0234 1980 amsint - ok

21:41:38.0234 1980 AppMgmt - ok

21:41:38.0250 1980 asc - ok

21:41:38.0281 1980 asc3350p - ok

21:41:38.0281 1980 asc3550 - ok

21:41:39.0203 1980 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

21:41:39.0406 1980 aspnet_state - ok

21:41:39.0484 1980 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

21:41:39.0500 1980 AsyncMac - ok

21:41:40.0046 1980 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

21:41:40.0046 1980 atapi - ok

21:41:40.0062 1980 Atdisk - ok

21:41:40.0296 1980 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

21:41:40.0359 1980 Atmarpc - ok

21:41:40.0687 1980 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

21:41:40.0703 1980 AudioSrv - ok

21:41:40.0812 1980 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

21:41:40.0843 1980 audstub - ok

21:41:49.0421 1980 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

21:41:49.0671 1980 AVGIDSAgent - ok

21:41:49.0890 1980 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

21:41:49.0906 1980 AVGIDSDriver - ok

21:41:49.0921 1980 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

21:41:49.0937 1980 AVGIDSEH - ok

21:41:50.0031 1980 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

21:41:50.0031 1980 AVGIDSFilter - ok

21:41:50.0078 1980 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

21:41:50.0078 1980 AVGIDSShim - ok

21:41:50.0125 1980 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

21:41:50.0140 1980 Avgldx86 - ok

21:41:50.0203 1980 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

21:41:50.0203 1980 Avgmfx86 - ok

21:41:50.0281 1980 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

21:41:50.0281 1980 Avgrkx86 - ok

21:41:50.0390 1980 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

21:41:50.0390 1980 Avgtdix - ok

21:41:50.0546 1980 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

21:41:50.0593 1980 avgwd - ok

21:41:50.0906 1980 BCM43XX (c89327377d4b62dc792e8930ea55f571) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

21:41:50.0984 1980 BCM43XX - ok

21:41:51.0031 1980 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

21:41:51.0031 1980 Beep - ok

21:41:51.0156 1980 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

21:41:51.0250 1980 BITS - ok

21:41:51.0296 1980 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

21:41:51.0296 1980 Browser - ok

21:41:51.0312 1980 btaudio - ok

21:41:51.0328 1980 BTDriver - ok

21:41:51.0343 1980 BTWDNDIS - ok

21:41:51.0359 1980 btwhid - ok

21:41:51.0406 1980 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

21:41:51.0453 1980 cbidf2k - ok

21:41:51.0515 1980 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

21:41:51.0515 1980 CCDECODE - ok

21:41:51.0531 1980 cd20xrnt - ok

21:41:51.0609 1980 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

21:41:51.0609 1980 Cdaudio - ok

21:41:51.0640 1980 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

21:41:51.0656 1980 Cdfs - ok

21:41:51.0750 1980 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

21:41:51.0750 1980 Cdrom - ok

21:41:51.0765 1980 Changer - ok

21:41:51.0828 1980 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

21:41:51.0828 1980 CiSvc - ok

21:41:51.0937 1980 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

21:41:51.0937 1980 ClipSrv - ok

21:41:52.0031 1980 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:41:52.0109 1980 clr_optimization_v2.0.50727_32 - ok

21:41:52.0218 1980 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

21:41:52.0234 1980 CmBatt - ok

21:41:52.0234 1980 CmdIde - ok

21:41:52.0281 1980 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

21:41:52.0281 1980 Compbatt - ok

21:41:52.0296 1980 COMSysApp - ok

21:41:52.0312 1980 Cpqarray - ok

21:41:52.0578 1980 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

21:41:52.0578 1980 CryptSvc - ok

21:41:52.0593 1980 dac2w2k - ok

21:41:52.0609 1980 dac960nt - ok

21:41:53.0812 1980 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

21:41:53.0859 1980 DcomLaunch - ok

21:41:54.0109 1980 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

21:41:54.0125 1980 Dhcp - ok

21:41:54.0312 1980 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

21:41:54.0390 1980 Disk - ok

21:41:54.0406 1980 dmadmin - ok

21:41:55.0203 1980 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

21:41:56.0156 1980 dmboot - ok

21:41:56.0546 1980 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

21:41:56.0703 1980 dmio - ok

21:41:56.0828 1980 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

21:41:56.0890 1980 dmload - ok

21:41:59.0265 1980 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

21:41:59.0296 1980 dmserver - ok

21:41:59.0359 1980 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

21:41:59.0359 1980 DMusic - ok

21:41:59.0500 1980 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

21:41:59.0531 1980 Dnscache - ok

21:42:00.0656 1980 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

21:42:00.0750 1980 Dot3svc - ok

21:42:00.0765 1980 dpti2o - ok

21:42:00.0984 1980 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

21:42:00.0984 1980 drmkaud - ok

21:42:01.0031 1980 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

21:42:01.0046 1980 EapHost - ok

21:42:01.0109 1980 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

21:42:01.0125 1980 ERSvc - ok

21:42:01.0234 1980 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

21:42:01.0281 1980 Eventlog - ok

21:42:01.0625 1980 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

21:42:01.0640 1980 EventSystem - ok

21:42:01.0843 1980 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

21:42:01.0875 1980 Fastfat - ok

21:42:02.0109 1980 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

21:42:02.0125 1980 FastUserSwitchingCompatibility - ok

21:42:02.0171 1980 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

21:42:02.0171 1980 Fdc - ok

21:42:02.0328 1980 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

21:42:02.0328 1980 Fips - ok

21:42:02.0437 1980 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

21:42:02.0437 1980 Flpydisk - ok

21:42:02.0562 1980 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

21:42:02.0593 1980 FltMgr - ok

21:42:02.0703 1980 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

21:42:02.0718 1980 FontCache3.0.0.0 - ok

21:42:02.0828 1980 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

21:42:02.0828 1980 Fs_Rec - ok

21:42:03.0062 1980 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

21:42:03.0062 1980 Ftdisk - ok

21:42:03.0187 1980 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

21:42:03.0265 1980 GEARAspiWDM - ok

21:42:03.0453 1980 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

21:42:03.0453 1980 Gpc - ok

21:42:03.0687 1980 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

21:42:03.0812 1980 HDAudBus - ok

21:42:04.0140 1980 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

21:42:04.0140 1980 helpsvc - ok

21:42:04.0171 1980 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

21:42:04.0171 1980 HidServ - ok

21:42:04.0250 1980 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

21:42:04.0281 1980 HidUsb - ok

21:42:04.0468 1980 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

21:42:04.0468 1980 hkmsvc - ok

21:42:05.0093 1980 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

21:42:05.0921 1980 HP Port Resolver - ok

21:42:06.0109 1980 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

21:42:06.0125 1980 HP Status Server - ok

21:42:06.0140 1980 hpn - ok

21:42:06.0593 1980 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

21:42:06.0593 1980 hpqwmiex - ok

21:42:06.0656 1980 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

21:42:06.0828 1980 HPZid412 - ok

21:42:06.0890 1980 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

21:42:06.0921 1980 HPZius12 - ok

21:42:07.0015 1980 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

21:42:07.0015 1980 HTTP - ok

21:42:07.0109 1980 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

21:42:07.0171 1980 HTTPFilter - ok

21:42:07.0187 1980 i2omgmt - ok

21:42:07.0187 1980 i2omp - ok

21:42:07.0921 1980 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

21:42:07.0937 1980 i8042prt - ok

21:42:10.0421 1980 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

21:42:10.0734 1980 ialm - ok

21:42:10.0875 1980 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

21:42:10.0984 1980 IDriverT - ok

21:42:11.0187 1980 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

21:42:11.0328 1980 idsvc - ok

21:42:11.0531 1980 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

21:42:11.0531 1980 Imapi - ok

21:42:12.0000 1980 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

21:42:12.0078 1980 ImapiService - ok

21:42:12.0078 1980 ini910u - ok

21:42:12.0109 1980 IntelIde - ok

21:42:12.0328 1980 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

21:42:12.0375 1980 intelppm - ok

21:42:12.0500 1980 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

21:42:12.0515 1980 Ip6Fw - ok

21:42:12.0546 1980 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

21:42:12.0546 1980 IpFilterDriver - ok

21:42:12.0562 1980 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

21:42:12.0562 1980 IpInIp - ok

21:42:12.0671 1980 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

21:42:12.0687 1980 IpNat - ok

21:42:12.0718 1980 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

21:42:12.0718 1980 IPSec - ok

21:42:12.0765 1980 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

21:42:12.0796 1980 IRENUM - ok

21:42:12.0828 1980 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

21:42:12.0843 1980 isapnp - ok

21:42:13.0031 1980 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe

21:42:13.0031 1980 JavaQuickStarterService - ok

21:42:13.0078 1980 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

21:42:13.0078 1980 Kbdclass - ok

21:42:13.0171 1980 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

21:42:13.0218 1980 kbdhid - ok

21:42:13.0281 1980 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

21:42:13.0296 1980 kmixer - ok

21:42:13.0343 1980 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

21:42:13.0359 1980 KSecDD - ok

21:42:13.0437 1980 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

21:42:13.0437 1980 LanmanServer - ok

21:42:13.0484 1980 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

21:42:13.0500 1980 lanmanworkstation - ok

21:42:13.0515 1980 lbrtfdc - ok

21:42:13.0578 1980 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

21:42:13.0578 1980 LmHosts - ok

21:42:13.0687 1980 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys

21:42:13.0703 1980 mbamchameleon - ok

21:42:13.0734 1980 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

21:42:13.0734 1980 MBAMProtector - ok

21:42:13.0843 1980 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

21:42:13.0890 1980 MBAMService - ok

21:42:13.0953 1980 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

21:42:13.0953 1980 Messenger - ok

21:42:13.0984 1980 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

21:42:14.0000 1980 mnmdd - ok

21:42:14.0046 1980 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

21:42:14.0062 1980 mnmsrvc - ok

21:42:14.0109 1980 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

21:42:14.0125 1980 Modem - ok

21:42:14.0187 1980 motccgp (a10fa04b73a9d97e5cf77eb1d5a88165) C:\WINDOWS\system32\DRIVERS\motccgp.sys

21:42:14.0203 1980 motccgp - ok

21:42:14.0234 1980 motccgpfl (aad6191a4daa519f04ab12b2af73e356) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys

21:42:14.0250 1980 motccgpfl - ok

21:42:14.0296 1980 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys

21:42:14.0296 1980 MotoSwitchService - ok

21:42:14.0359 1980 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

21:42:14.0375 1980 Mouclass - ok

21:42:14.0421 1980 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

21:42:14.0437 1980 mouhid - ok

21:42:14.0484 1980 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

21:42:14.0484 1980 MountMgr - ok

21:42:14.0500 1980 mraid35x - ok

21:42:14.0531 1980 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

21:42:14.0546 1980 MRxDAV - ok

21:42:14.0734 1980 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

21:42:14.0765 1980 MRxSmb - ok

21:42:14.0812 1980 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

21:42:14.0828 1980 MSDTC - ok

21:42:14.0906 1980 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

21:42:14.0921 1980 Msfs - ok

21:42:14.0921 1980 MSIServer - ok

21:42:14.0984 1980 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

21:42:15.0000 1980 MSKSSRV - ok

21:42:15.0015 1980 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

21:42:15.0015 1980 MSPCLOCK - ok

21:42:15.0031 1980 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

21:42:15.0031 1980 MSPQM - ok

21:42:15.0078 1980 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

21:42:15.0093 1980 mssmbios - ok

21:42:15.0093 1980 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

21:42:15.0109 1980 MSTEE - ok

21:42:15.0171 1980 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

21:42:15.0187 1980 Mup - ok

21:42:15.0234 1980 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

21:42:15.0234 1980 NABTSFEC - ok

21:42:15.0312 1980 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

21:42:15.0328 1980 napagent - ok

21:42:15.0375 1980 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

21:42:15.0390 1980 NDIS - ok

21:42:15.0421 1980 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

21:42:15.0421 1980 NdisIP - ok

21:42:15.0484 1980 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

21:42:15.0484 1980 NdisTapi - ok

21:42:15.0562 1980 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

21:42:15.0562 1980 Ndisuio - ok

21:42:15.0625 1980 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

21:42:15.0640 1980 NdisWan - ok

21:42:15.0750 1980 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

21:42:15.0750 1980 NDProxy - ok

21:42:15.0796 1980 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

21:42:15.0796 1980 NetBIOS - ok

21:42:15.0890 1980 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

21:42:15.0906 1980 NetBT - ok

21:42:15.0968 1980 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

21:42:15.0968 1980 NetDDE - ok

21:42:15.0984 1980 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

21:42:16.0000 1980 NetDDEdsdm - ok

21:42:16.0046 1980 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:42:16.0062 1980 Netlogon - ok

21:42:16.0125 1980 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

21:42:16.0140 1980 Netman - ok

21:42:16.0265 1980 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:42:16.0281 1980 NetTcpPortSharing - ok

21:42:16.0359 1980 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

21:42:16.0406 1980 Nla - ok

21:42:16.0421 1980 Nmea - ok

21:42:16.0468 1980 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

21:42:16.0468 1980 Npfs - ok

21:42:16.0656 1980 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

21:42:16.0703 1980 Ntfs - ok

21:42:16.0718 1980 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:42:16.0734 1980 NtLmSsp - ok

21:42:16.0906 1980 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

21:42:16.0968 1980 NtmsSvc - ok

21:42:17.0015 1980 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

21:42:17.0015 1980 Null - ok

21:42:17.0125 1980 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys

21:42:17.0156 1980 NWADI - ok

21:42:17.0187 1980 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

21:42:17.0203 1980 NwlnkFlt - ok

21:42:17.0218 1980 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

21:42:17.0234 1980 NwlnkFwd - ok

21:42:17.0453 1980 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

21:42:17.0671 1980 odserv - ok

21:42:17.0734 1980 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:42:17.0781 1980 ose - ok

21:42:17.0859 1980 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

21:42:17.0875 1980 Parport - ok

21:42:17.0921 1980 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

21:42:17.0937 1980 PartMgr - ok

21:42:17.0968 1980 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

21:42:17.0984 1980 ParVdm - ok

21:42:18.0093 1980 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys

21:42:18.0093 1980 PCASp50 - ok

21:42:18.0140 1980 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

21:42:18.0156 1980 PCI - ok

21:42:18.0171 1980 PCIDump - ok

21:42:18.0187 1980 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

21:42:18.0187 1980 PCIIde - ok

21:42:18.0250 1980 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

21:42:18.0250 1980 Pcmcia - ok

21:42:18.0265 1980 PCTINDIS5 - ok

21:42:18.0296 1980 PDCOMP - ok

21:42:18.0312 1980 PDFRAME - ok

21:42:18.0328 1980 PDRELI - ok

21:42:18.0343 1980 PDRFRAME - ok

21:42:18.0359 1980 perc2 - ok

21:42:18.0390 1980 perc2hib - ok

21:42:18.0468 1980 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

21:42:18.0468 1980 PlugPlay - ok

21:42:18.0515 1980 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:42:18.0515 1980 PolicyAgent - ok

21:42:18.0562 1980 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

21:42:18.0578 1980 PptpMiniport - ok

21:42:18.0578 1980 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:42:18.0578 1980 ProtectedStorage - ok

21:42:18.0609 1980 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

21:42:18.0609 1980 PSched - ok

21:42:18.0640 1980 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

21:42:18.0640 1980 Ptilink - ok

21:42:18.0656 1980 ql1080 - ok

21:42:18.0656 1980 Ql10wnt - ok

21:42:18.0671 1980 ql12160 - ok

21:42:18.0687 1980 ql1240 - ok

21:42:18.0703 1980 ql1280 - ok

21:42:18.0734 1980 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

21:42:18.0734 1980 RasAcd - ok

21:42:18.0812 1980 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

21:42:18.0828 1980 RasAuto - ok

21:42:18.0875 1980 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

21:42:18.0875 1980 Rasl2tp - ok

21:42:18.0906 1980 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

21:42:18.0921 1980 RasMan - ok

21:42:18.0937 1980 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

21:42:18.0937 1980 RasPppoe - ok

21:42:18.0968 1980 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

21:42:18.0968 1980 Raspti - ok

21:42:19.0093 1980 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

21:42:19.0093 1980 Rdbss - ok

21:42:19.0125 1980 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

21:42:19.0125 1980 RDPCDD - ok

21:42:19.0203 1980 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

21:42:19.0250 1980 RDPWD - ok

21:42:19.0343 1980 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

21:42:19.0359 1980 RDSessMgr - ok

21:42:19.0406 1980 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

21:42:19.0421 1980 redbook - ok

21:42:19.0468 1980 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

21:42:19.0468 1980 RemoteAccess - ok

21:42:19.0500 1980 RimUsb - ok

21:42:19.0562 1980 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

21:42:19.0578 1980 RimVSerPort - ok

21:42:19.0640 1980 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

21:42:19.0640 1980 ROOTMODEM - ok

21:42:19.0718 1980 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

21:42:19.0718 1980 RpcLocator - ok

21:42:19.0828 1980 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

21:42:19.0843 1980 RpcSs - ok

21:42:19.0921 1980 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

21:42:19.0937 1980 RSVP - ok

21:42:20.0000 1980 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:42:20.0000 1980 SamSs - ok

21:42:20.0062 1980 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

21:42:20.0078 1980 SCardSvr - ok

21:42:20.0140 1980 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

21:42:20.0156 1980 Schedule - ok

21:42:20.0218 1980 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

21:42:20.0218 1980 Secdrv - ok

21:42:20.0250 1980 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

21:42:20.0265 1980 seclogon - ok

21:42:20.0281 1980 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

21:42:20.0296 1980 SENS - ok

21:42:20.0343 1980 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

21:42:20.0343 1980 Serial - ok

21:42:20.0437 1980 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

21:42:20.0453 1980 Sfloppy - ok

21:42:20.0562 1980 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

21:42:20.0578 1980 SharedAccess - ok

21:42:20.0687 1980 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

21:42:20.0687 1980 ShellHWDetection - ok

21:42:20.0703 1980 Simbad - ok

21:42:20.0750 1980 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

21:42:20.0750 1980 SLIP - ok

21:42:20.0781 1980 Sparrow - ok

21:42:20.0828 1980 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

21:42:20.0828 1980 splitter - ok

21:42:20.0906 1980 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

21:42:20.0921 1980 Spooler - ok

21:42:20.0984 1980 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

21:42:20.0984 1980 sr - ok

21:42:21.0031 1980 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

21:42:21.0046 1980 srservice - ok

21:42:21.0140 1980 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

21:42:21.0156 1980 Srv - ok

21:42:21.0203 1980 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

21:42:21.0265 1980 sscdbus - ok

21:42:21.0328 1980 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

21:42:21.0375 1980 sscdmdfl - ok

21:42:21.0437 1980 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

21:42:21.0500 1980 sscdmdm - ok

21:42:21.0593 1980 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

21:42:21.0609 1980 SSDPSRV - ok

21:42:21.0734 1980 STacSV (cf7df19ec6eee8d51b7fccf4aae93906) c:\program files\idt\wdm\stacsv.exe

21:42:21.0750 1980 STacSV - ok

21:42:21.0953 1980 STHDA (0fa55f3ea8a0428ae296ab78a9a5067a) C:\WINDOWS\system32\drivers\sthda.sys

21:42:22.0062 1980 STHDA - ok

21:42:22.0125 1980 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

21:42:22.0140 1980 stisvc - ok

21:42:22.0203 1980 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

21:42:22.0203 1980 streamip - ok

21:42:22.0265 1980 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

21:42:22.0265 1980 swenum - ok

21:42:22.0328 1980 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

21:42:22.0343 1980 swmidi - ok

21:42:22.0390 1980 swmsflt (eda7336cd2e334b4db321bc60b7da11e) C:\WINDOWS\System32\drivers\swmsflt.sys

21:42:22.0390 1980 swmsflt - ok

21:42:22.0437 1980 swmx00 (5d3c9f767eaded3e14fa4ce6cf9f7725) C:\WINDOWS\system32\DRIVERS\swmx00.sys

21:42:22.0453 1980 swmx00 - ok

21:42:22.0500 1980 SWNC5E00 (e0919389fb29ed5c03b0b664236abe50) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys

21:42:22.0562 1980 SWNC5E00 - ok

21:42:22.0578 1980 SwPrv - ok

21:42:22.0593 1980 symc810 - ok

21:42:22.0609 1980 symc8xx - ok

21:42:22.0625 1980 sym_hi - ok

21:42:22.0640 1980 sym_u3 - ok

21:42:22.0765 1980 SynTP (aee6e411a915f50101895ba8dc5c15d4) C:\WINDOWS\system32\DRIVERS\SynTP.sys

21:42:22.0781 1980 SynTP - ok

21:42:22.0843 1980 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

21:42:22.0843 1980 sysaudio - ok

21:42:22.0906 1980 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

21:42:22.0921 1980 SysmonLog - ok

21:42:23.0187 1980 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

21:42:23.0265 1980 TapiSrv - ok

21:42:23.0343 1980 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

21:42:23.0359 1980 Tcpip - ok

21:42:23.0406 1980 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

21:42:23.0406 1980 TDPIPE - ok

21:42:23.0437 1980 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

21:42:23.0437 1980 TDTCP - ok

21:42:23.0484 1980 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

21:42:23.0484 1980 TermDD - ok

21:42:23.0687 1980 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

21:42:23.0734 1980 TermService - ok

21:42:23.0859 1980 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

21:42:23.0875 1980 Themes - ok

21:42:23.0875 1980 TosIde - ok

21:42:24.0015 1980 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

21:42:24.0015 1980 TrkWks - ok

21:42:24.0171 1980 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

21:42:24.0250 1980 Udfs - ok

21:42:24.0250 1980 ultra - ok

21:42:24.0609 1980 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

21:42:24.0703 1980 Update - ok

21:42:25.0656 1980 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

21:42:25.0953 1980 upnphost - ok

21:42:26.0000 1980 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

21:42:26.0000 1980 UPS - ok

21:42:26.0015 1980 USBAAPL - ok

21:42:26.0078 1980 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

21:42:26.0078 1980 usbaudio - ok

21:42:26.0140 1980 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

21:42:26.0140 1980 usbccgp - ok

21:42:26.0218 1980 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

21:42:26.0218 1980 usbehci - ok

21:42:26.0234 1980 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

21:42:26.0250 1980 usbhub - ok

21:42:26.0296 1980 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

21:42:26.0312 1980 usbprint - ok

21:42:26.0375 1980 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

21:42:26.0375 1980 usbscan - ok

21:42:26.0406 1980 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:42:26.0406 1980 usbstor - ok

21:42:26.0468 1980 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

21:42:26.0468 1980 usbuhci - ok

21:42:26.0515 1980 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

21:42:26.0515 1980 usbvideo - ok

21:42:26.0578 1980 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

21:42:26.0578 1980 VgaSave - ok

21:42:26.0593 1980 ViaIde - ok

21:42:26.0703 1980 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

21:42:26.0703 1980 VolSnap - ok

21:42:26.0765 1980 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

21:42:26.0781 1980 VSS - ok

21:42:26.0843 1980 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

21:42:26.0859 1980 W32Time - ok

21:42:26.0953 1980 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

21:42:26.0953 1980 Wanarp - ok

21:42:27.0046 1980 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

21:42:27.0078 1980 Wdf01000 - ok

21:42:27.0093 1980 WDICA - ok

21:42:27.0140 1980 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

21:42:27.0156 1980 wdmaud - ok

21:42:27.0203 1980 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

21:42:27.0203 1980 WebClient - ok

21:42:27.0312 1980 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

21:42:27.0328 1980 winmgmt - ok

21:42:27.0421 1980 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll

21:42:27.0421 1980 WmdmPmSN - ok

21:42:27.0484 1980 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

21:42:27.0484 1980 WmiAcpi - ok

21:42:27.0531 1980 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

21:42:27.0546 1980 WmiApSrv - ok

21:42:27.0937 1980 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe

21:42:28.0062 1980 WMPNetworkSvc - ok

21:42:28.0203 1980 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

21:42:28.0203 1980 WpdUsb - ok

21:42:28.0250 1980 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

21:42:28.0250 1980 WS2IFSL - ok

21:42:28.0296 1980 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

21:42:28.0312 1980 wscsvc - ok

21:42:28.0343 1980 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

21:42:28.0359 1980 WSTCODEC - ok

21:42:28.0437 1980 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

21:42:28.0453 1980 wuauserv - ok

21:42:28.0500 1980 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

21:42:28.0500 1980 WudfPf - ok

21:42:28.0562 1980 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

21:42:28.0562 1980 WudfRd - ok

21:42:28.0593 1980 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

21:42:28.0609 1980 WudfSvc - ok

21:42:28.0750 1980 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

21:42:28.0765 1980 WZCSVC - ok

21:42:28.0828 1980 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

21:42:28.0843 1980 xmlprov - ok

21:42:29.0015 1980 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

21:42:29.0046 1980 YahooAUService - ok

21:42:29.0109 1980 yukonwxp (849494d3f85a45231744ca7470246c71) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

21:42:29.0156 1980 yukonwxp - ok

21:42:29.0250 1980 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

21:42:30.0140 1980 \Device\Harddisk0\DR0 - ok

21:42:30.0156 1980 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2

21:42:30.0250 1980 \Device\Harddisk1\DR2 - ok

21:42:30.0265 1980 Boot (0x1200) (2c995bfe91baede2c4561a7e25035f75) \Device\Harddisk0\DR0\Partition0

21:42:30.0265 1980 \Device\Harddisk0\DR0\Partition0 - ok

21:42:30.0281 1980 Boot (0x1200) (955cab1072e28514c22224a704965906) \Device\Harddisk1\DR2\Partition0

21:42:30.0281 1980 \Device\Harddisk1\DR2\Partition0 - ok

21:42:30.0281 1980 ============================================================

21:42:30.0281 1980 Scan finished

21:42:30.0281 1980 ============================================================

21:42:30.0312 2208 Detected object count: 0

21:42:30.0312 2208 Actual detected object count: 0

21:46:09.0968 0976 Deinitialize success

Link to post
Share on other sites

wow. That's actually a better TDSSKILLER result this time.

Please advise me if you have an attached external hard drive currently plugged in. If you do, disconnect the external drive.

I would like for you to delete some of the tools we used before, and get current ones, so I can re-review the situation as of now.

Step 1

Delete the previous copy of aswMBR.exe & RogueKiller.exe & Listparts.exe

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 3

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop

Step 4

Please download Listparts

Run the tool, click Scan and post the log (Result.txt) it makes.

Step 5

Copy and Paste the contents of aswMBR log

RogueKiller log

Result.txt

Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-05-19 09:03:49

-----------------------------

09:03:49.171 OS Version: Windows 5.1.2600 Service Pack 3

09:03:49.171 Number of processors: 2 586 0x1C02

09:03:49.171 ComputerName: VICTORIA-AE7A76 UserName: victoria

09:03:54.421 Initialize success

09:05:09.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

09:05:09.781 Disk 0 Vendor: TOSHIBA_MK6028GAL BN101C Size: 57231MB BusType: 3

09:05:09.812 Disk 0 MBR read successfully

09:05:09.812 Disk 0 MBR scan

09:05:09.812 Disk 0 Windows XP default MBR code

09:05:09.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57223 MB offset 63

09:05:09.828 Disk 0 scanning sectors +117194175

09:05:09.937 Disk 0 scanning C:\WINDOWS\system32\drivers

09:05:21.140 Service scanning

09:05:59.843 Modules scanning

09:06:23.921 Scan finished successfully

09:06:59.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\victoria\Desktop\MBR.dat"

09:06:59.875 The log file has been saved successfully to "C:\Documents and Settings\victoria\Desktop\aswMBR.txt"

the fix button wasnt enabled

Link to post
Share on other sites

RogueKiller V7.4.5 [05/18/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: victoria [Admin rights]

Mode: Scan -- Date: 05/19/2012 09:10:18

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6028GAL +++++

--- User ---

[MBR] db0825f109a6b80afa1e87224dac0290

[bSP] 3dcb6dcf65d4650354f099407482f1ff : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57223 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Single Flash Reader USB Device +++++

--- User ---

[MBR] a01d0af9fd801c08dba6a1398b6e1032

[bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown

Partition table:

0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 249 | Size: 1937 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.