MBAM, Avast and MSE won't start or update

[shaolindan]

I have friend with a pc running Windows XP service pack 3 that started going to some weird sites on IE. It had MSE running which then stated that it was switched off and wouldn't start again. So I uninstalled and put avast free on. I also put on super anti-spyware and malbytes malware. All 3 scanned and found various things. (spyware first, avast second, malware third). Avast then scanned again and did a boot time scan which found and quarantined about 30 things, which i then cleared out. Now chrome started to behave strangely and IE now wouldn't load any pages. So I did another set of scans which finished with a boot time avast scan - now avast says web shield and mail shield are switched off - fix now and turn on have no effect.

I have tried Kaspersky TDSSKiller, Avast Anti-Rootkit and GMER. (locked files are sptd.sys and safeboot.sys).

no joy. Tried re-installing MSE - wont connect to the net for updates - so wont work - wont scan as service isnt installed. (now uninstalled again.

I suspect this PC has quite a devious rootkit/trojan/malware combo. Can anyone help?

After a reboot and boot time scan with avast for the second time - MBAM won't update and Outlook won't start.

I have attached various logs for you to look at. Any ideas?

aswMBR.txt

dds.txt

mbam-log-2012-08-13 (16-47-17).txt

mbam-log-2012-08-14 (12-58-32).txt

OTL.Txt

SUPERAntiSpyware Scan Log - 08-10-2012 - 14-54-35.log

SUPERAntiSpyware Scan Log - 08-14-2012 - 02-43-08.log

SUPERAntiSpyware Scan Log - 08-14-2012 - 15-11-20.log

[shaolindan]

Running a MBAM scan in safe mode now.

It now will not connect to the internet at all - when i try 'repair' in the network adaptor it says can't access TCP/IP.

[shaolindan]

MBAM scan in safe mode found nothing.

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[shaolindan]

Please note, that as the machine can't access (or at least won't let me access) the internet. I ran Rogue killer from a 2 GB usb stick.

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Administrator [Admin rights]

Mode: Scan -- Date: 08/15/2012 15:24:32

¤¤¤ Bad processes: 3 ¤¤¤

[sUSP PATH] Toolbox.exe -- C:\Documents and Settings\All Users\Application Data\Boxtools\Toolbox.exe -> KILLED [TermProc]

[sUSP PATH] tbhcn.exe -- C:\Documents and Settings\Administrator\Application Data\BrowserCompanion\tbhcn.exe -> KILLED [TermProc]

[sUSP PATH] c2c_service.exe -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 6 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : Boxoft Tools ("C:\Documents and Settings\All Users\Application Data\Boxtools\Boxofttoolbox.exe" -autorun) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-3155757178-1639063472-2327323849-500[...]\Run : Boxoft Tools ("C:\Documents and Settings\All Users\Application Data\Boxtools\Boxofttoolbox.exe" -autorun) -> FOUND

[] HKLM\[...]\Windows : () -> ACCESS DENIED

[sUSP PATH] tbhcn.lnk @Administrator : C:\Documents and Settings\Administrator\Application Data\BrowserCompanion\tbhcn.exe -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[] HKLM\[...]\Windows : () -> ACCESS DENIED

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L --> FOUND

¤¤¤ Driver: [LOADED] ¤¤¤

SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys @ 0xA779C5E0)

IRP[iRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFBB40)

IRP[iRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFBB40)

IRP[iRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFBB40)

IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFBB40)

IRP[iRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFBB40)

IRP[iRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFBB40)

¤¤¤ Infection : ZeroAccess ¤¤¤

[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAJS-60B4A0 +++++

--- User ---

[MBR] 7ffa4d8b694da962800062eb44850d15

[bSP] 686422e8372969b8920dcf35007a7d77 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 228110 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 467186265 | Size: 10244 Mo

2 - [XXXXXX] UNKNOWN (0x72) [VISIBLE] Offset (sectors): 488167155 | Size: 101 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: SanDisk U3 Cruzer Micro USB Device +++++

--- User ---

[MBR] 130acd088f1e6518594a52d3af0afd2b

[bSP] 75b70186a51ff3108b6a1c66de50b874 : Standard MBR Code

Partition table:

0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 245 | Size: 1952 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

OK, you have a real bad infection, you say you ran TDSSKiller > did it find anything and if so can you post the log, MrC

[shaolindan]

16:04:47.0343 1760 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05

16:04:47.0359 1760 ============================================================

16:04:47.0359 1760 Current date / time: 2012/08/15 16:04:47.0359

16:04:47.0359 1760 SystemInfo:

16:04:47.0359 1760

16:04:47.0359 1760 OS Version: 5.1.2600 ServicePack: 3.0

16:04:47.0359 1760 Product type: Workstation

16:04:47.0359 1760 ComputerName: ACCOUNTS

16:04:47.0359 1760 UserName: Administrator

16:04:47.0359 1760 Windows directory: C:\windows

16:04:47.0359 1760 System windows directory: C:\windows

16:04:47.0359 1760 Processor architecture: Intel x86

16:04:47.0359 1760 Number of processors: 2

16:04:47.0359 1760 Page size: 0x1000

16:04:47.0359 1760 Boot type: Normal boot

16:04:47.0359 1760 ============================================================

16:04:48.0687 1760 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

16:04:48.0687 1760 Drive \Device\Harddisk1\DR10 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

16:04:48.0703 1760 Drive \Device\Harddisk2\DR12 - Size: 0x7A1D2200 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

16:04:48.0703 1760 ============================================================

16:04:48.0703 1760 \Device\Harddisk0\DR0:

16:04:48.0703 1760 MBR partitions:

16:04:48.0703 1760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BD87359

16:04:48.0703 1760 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BD8B259, BlocksNum 0x140249A

16:04:48.0703 1760 \Device\Harddisk1\DR10:

16:04:48.0703 1760 MBR partitions:

16:04:48.0703 1760 \Device\Harddisk1\DR10\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982

16:04:48.0703 1760 \Device\Harddisk2\DR12:

16:04:48.0718 1760 MBR partitions:

16:04:48.0718 1760 \Device\Harddisk2\DR12\Partition1: MBR, Type 0x6, StartLBA 0xF5, BlocksNum 0x3D070B

16:04:48.0718 1760 ============================================================

16:04:48.0718 1760 C: <-> \Device\Harddisk0\DR0\Partition1

16:04:48.0750 1760 D: <-> \Device\Harddisk0\DR0\Partition2

16:04:48.0906 1760 F: <-> \Device\Harddisk1\DR10\Partition1

16:04:48.0906 1760 ============================================================

16:04:48.0906 1760 Initialize success

16:04:48.0906 1760 ============================================================

16:04:52.0843 1724 ============================================================

16:04:52.0843 1724 Scan started

16:04:52.0843 1724 Mode: Manual;

16:04:52.0843 1724 ============================================================

16:04:53.0640 1724 ================ Scan services =============================

16:04:53.0718 1724 [ c0393eb99a6c72c6bef9bfc4a72b33a6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

16:04:53.0718 1724 !SASCORE - ok

16:04:53.0828 1724 0040331241683126mcinstcleanup - ok

16:04:53.0875 1724 0040331241683126mcinstcleanup0040331241683126mcinstcleanupAlerter - ok

16:04:53.0875 1724 0040331241683126mcinstcleanupAlerter - ok

16:04:53.0937 1724 Abiosdsk - ok

16:04:53.0937 1724 abp480n5 - ok

16:04:53.0984 1724 [ 0f2d66d5f08ebe2f77bb904288dcf6f0 ] ac97intc C:\windows\system32\drivers\ac97intc.sys

16:04:53.0984 1724 ac97intc - ok

16:04:54.0015 1724 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys

16:04:54.0015 1724 ACPI - ok

16:04:54.0031 1724 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\windows\system32\drivers\ACPIEC.sys

16:04:54.0031 1724 ACPIEC - ok

16:04:54.0031 1724 [ 4e6e32df81005355056a76491d29d05c ] ADIHdAudAddService C:\windows\system32\drivers\ADIHdAud.sys

16:04:54.0031 1724 ADIHdAudAddService - ok

16:04:54.0046 1724 [ 9a11864873da202c996558b2106b0bbc ] adpu160m C:\windows\system32\DRIVERS\adpu160m.sys

16:04:54.0046 1724 adpu160m - ok

16:04:54.0078 1724 [ 0ea9b1f0c6c90a509c8603775366adb7 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys

16:04:54.0078 1724 adpu320 - ok

16:04:54.0093 1724 [ 058cdc314672a28a90566a787d9876e7 ] AEAudio C:\windows\system32\drivers\AEAudio.sys

16:04:54.0093 1724 AEAudio - ok

16:04:54.0109 1724 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\windows\system32\drivers\aec.sys

16:04:54.0109 1724 aec - ok

16:04:54.0140 1724 [ 7e775010ef291da96ad17ca4b17137d7 ] AFD C:\windows\System32\drivers\afd.sys

16:04:54.0140 1724 AFD - ok

16:04:54.0140 1724 Aha154x - ok

16:04:54.0156 1724 [ 19dd0fb48b0c18892f70e2e7d61a1529 ] aic78u2 C:\windows\system32\DRIVERS\aic78u2.sys

16:04:54.0156 1724 aic78u2 - ok

16:04:54.0156 1724 [ b7fe594a7468aa0132deb03fb8e34326 ] aic78xx C:\windows\system32\DRIVERS\aic78xx.sys

16:04:54.0156 1724 aic78xx - ok

16:04:54.0171 1724 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\windows\system32\alrsvc.dll

16:04:54.0171 1724 Alerter - ok

16:04:54.0187 1724 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\windows\System32\alg.exe

16:04:54.0187 1724 ALG - ok

16:04:54.0187 1724 AliIde - ok

16:04:54.0187 1724 amsint - ok

16:04:54.0250 1724 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

16:04:54.0250 1724 Apple Mobile Device - ok

16:04:54.0281 1724 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt C:\windows\System32\appmgmts.dll

16:04:54.0281 1724 AppMgmt - ok

16:04:54.0343 1724 [ 2eeda27c19259c2340324ef7180d086b ] ASBroker C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

16:04:54.0343 1724 ASBroker - ok

16:04:54.0343 1724 asc - ok

16:04:54.0343 1724 asc3350p - ok

16:04:54.0343 1724 asc3550 - ok

16:04:54.0375 1724 [ bb3c0521ecca4bb17ac55eb640df0fa5 ] ASChannel C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll

16:04:54.0375 1724 ASChannel - ok

16:04:54.0453 1724 [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

16:04:54.0468 1724 aspnet_state - ok

16:04:54.0484 1724 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

16:04:54.0484 1724 AsyncMac - ok

16:04:54.0500 1724 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\windows\system32\DRIVERS\atapi.sys

16:04:54.0500 1724 atapi - ok

16:04:54.0546 1724 [ eecc1d40aa10f85126708796aba1e7d5 ] atchksrv C:\Program Files\Intel\AMT\atchksrv.exe

16:04:54.0546 1724 atchksrv - ok

16:04:54.0562 1724 Atdisk - ok

16:04:54.0578 1724 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\windows\system32\DRIVERS\atmarpc.sys

16:04:54.0578 1724 Atmarpc - ok

16:04:54.0625 1724 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\windows\System32\audiosrv.dll

16:04:54.0625 1724 AudioSrv - ok

16:04:54.0640 1724 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\windows\system32\DRIVERS\audstub.sys

16:04:54.0640 1724 audstub - ok

16:04:54.0671 1724 B-Service - ok

16:04:54.0718 1724 [ 6163664c7e9cd110af70180c126c3fdc ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

16:04:54.0718 1724 BcmSqlStartupSvc - ok

16:04:54.0734 1724 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\windows\system32\drivers\Beep.sys

16:04:54.0734 1724 Beep - ok

16:04:54.0781 1724 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

16:04:54.0781 1724 Bonjour Service - ok

16:04:54.0812 1724 [ a06ce3399d16db864f55faeb1f1927a9 ] Browser C:\windows\System32\browser.dll

16:04:54.0812 1724 Browser - ok

16:04:54.0812 1724 catchme - ok

16:04:54.0843 1724 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\windows\system32\drivers\cbidf2k.sys

16:04:54.0843 1724 cbidf2k - ok

16:04:54.0843 1724 cd20xrnt - ok

16:04:54.0875 1724 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\windows\system32\drivers\Cdaudio.sys

16:04:54.0875 1724 Cdaudio - ok

16:04:54.0875 1724 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\windows\system32\drivers\Cdfs.sys

16:04:54.0875 1724 Cdfs - ok

16:04:54.0890 1724 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\windows\system32\DRIVERS\cdrom.sys

16:04:54.0890 1724 Cdrom - ok

16:04:54.0890 1724 Changer - ok

16:04:54.0921 1724 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\windows\system32\cisvc.exe

16:04:54.0921 1724 CiSvc - ok

16:04:54.0921 1724 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\windows\system32\clipsrv.exe

16:04:54.0921 1724 ClipSrv - ok

16:04:54.0953 1724 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:04:54.0984 1724 clr_optimization_v2.0.50727_32 - ok

16:04:54.0984 1724 CmdIde - ok

16:04:54.0984 1724 COMSysApp - ok

16:04:54.0984 1724 Cpqarray - ok

16:04:55.0015 1724 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\windows\System32\cryptsvc.dll

16:04:55.0015 1724 CryptSvc - ok

16:04:55.0015 1724 dac2w2k - ok

16:04:55.0015 1724 dac960nt - ok

16:04:55.0046 1724 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\windows\system32\rpcss.dll

16:04:55.0046 1724 DcomLaunch - ok

16:04:55.0062 1724 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\windows\System32\dhcpcsvc.dll

16:04:55.0062 1724 Dhcp - ok

16:04:55.0062 1724 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\windows\system32\DRIVERS\disk.sys

16:04:55.0062 1724 Disk - ok

16:04:55.0062 1724 dmadmin - ok

16:04:55.0125 1724 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\windows\system32\drivers\dmboot.sys

16:04:55.0125 1724 dmboot - ok

16:04:55.0156 1724 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\windows\system32\drivers\dmio.sys

16:04:55.0156 1724 dmio - ok

16:04:55.0171 1724 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\windows\system32\drivers\dmload.sys

16:04:55.0171 1724 dmload - ok

16:04:55.0203 1724 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\windows\System32\dmserver.dll

16:04:55.0203 1724 dmserver - ok

16:04:55.0203 1724 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\windows\system32\drivers\DMusic.sys

16:04:55.0203 1724 DMusic - ok

16:04:55.0234 1724 [ 474b4dc3983173e4b4c9740b0dac98a6 ] Dnscache C:\windows\System32\dnsrslvr.dll

16:04:55.0234 1724 Dnscache - ok

16:04:55.0250 1724 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\windows\System32\dot3svc.dll

16:04:55.0250 1724 Dot3svc - ok

16:04:55.0265 1724 [ 3e4b043f8bc6be1d4820cc6c9c500306 ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys

16:04:55.0281 1724 Dot4 - ok

16:04:55.0281 1724 [ 77ce63a8a34ae23d9fe4c7896d1debe7 ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys

16:04:55.0281 1724 Dot4Print - ok

16:04:55.0296 1724 [ e9674cdc15f5a26e9b1b42f8d0185d06 ] dot4ufd C:\windows\system32\DRIVERS\hppaufd0.sys

16:04:55.0296 1724 dot4ufd - ok

16:04:55.0296 1724 [ 40f3b93b4e5b0126f2f5c0a7a5e22660 ] dpti2o C:\windows\system32\DRIVERS\dpti2o.sys

16:04:55.0296 1724 dpti2o - ok

16:04:55.0328 1724 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

16:04:55.0328 1724 drmkaud - ok

16:04:55.0328 1724 [ 3fca03cbca11269f973b70fa483c88ef ] E100B C:\windows\system32\DRIVERS\e100b325.sys

16:04:55.0328 1724 E100B - ok

16:04:55.0359 1724 [ 34aaa3b298a852b3663e6e0d94d12945 ] e1express C:\windows\system32\DRIVERS\e1e5132.sys

16:04:55.0359 1724 e1express - ok

16:04:55.0390 1724 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\windows\System32\eapsvc.dll

16:04:55.0390 1724 EapHost - ok

16:04:55.0421 1724 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\windows\System32\ersvc.dll

16:04:55.0421 1724 ERSvc - ok

16:04:55.0453 1724 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\windows\system32\services.exe

16:04:55.0453 1724 Eventlog - ok

16:04:55.0468 1724 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\system32\es.dll

16:04:55.0484 1724 EventSystem - ok

16:04:55.0484 1724 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\windows\system32\drivers\Fastfat.sys

16:04:55.0500 1724 Fastfat - ok

16:04:55.0515 1724 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll

16:04:55.0515 1724 FastUserSwitchingCompatibility - ok

16:04:55.0546 1724 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\windows\system32\DRIVERS\fdc.sys

16:04:55.0546 1724 Fdc - ok

16:04:55.0562 1724 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\windows\system32\drivers\Fips.sys

16:04:55.0562 1724 Fips - ok

16:04:55.0578 1724 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\windows\system32\DRIVERS\flpydisk.sys

16:04:55.0578 1724 Flpydisk - ok

16:04:55.0625 1724 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

16:04:55.0625 1724 FltMgr - ok

16:04:55.0687 1724 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

16:04:55.0687 1724 FontCache3.0.0.0 - ok

16:04:55.0703 1724 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

16:04:55.0703 1724 Fs_Rec - ok

16:04:55.0703 1724 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\windows\system32\DRIVERS\ftdisk.sys

16:04:55.0703 1724 Ftdisk - ok

16:04:55.0718 1724 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys

16:04:55.0718 1724 GEARAspiWDM - ok

16:04:55.0750 1724 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\windows\system32\DRIVERS\msgpc.sys

16:04:55.0750 1724 Gpc - ok

16:04:55.0812 1724 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

16:04:55.0812 1724 gupdate - ok

16:04:55.0812 1724 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

16:04:55.0812 1724 gupdatem - ok

16:04:55.0843 1724 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

16:04:55.0843 1724 gusvc - ok

16:04:55.0859 1724 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys

16:04:55.0859 1724 HDAudBus - ok

16:04:55.0890 1724 [ c865d1f6d03595df213dc3c67e4e4c58 ] HECI C:\windows\system32\DRIVERS\HECI.sys

16:04:55.0890 1724 HECI - ok

16:04:55.0953 1724 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll

16:04:55.0953 1724 helpsvc - ok

16:04:55.0984 1724 [ deb04da35cc871b6d309b77e1443c796 ] HidServ C:\windows\System32\hidserv.dll

16:04:55.0984 1724 HidServ - ok

16:04:56.0031 1724 [ ccf82c5ec8a7326c3066de870c06daf1 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys

16:04:56.0031 1724 HidUsb - ok

16:04:56.0062 1724 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\windows\System32\kmsvc.dll

16:04:56.0078 1724 hkmsvc - ok

16:04:56.0140 1724 [ c5f00d15aa15cb7f55a027ff75e44bb7 ] HP Port Resolver C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE

16:04:56.0140 1724 HP Port Resolver - ok

16:04:56.0171 1724 [ c5a288e4ceef5a26d105117baa3763ab ] HP Status Server C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE

16:04:56.0171 1724 HP Status Server - ok

16:04:56.0203 1724 [ 58ed131aa616e4ef5f645a655ba9da9e ] HpFkCryptService C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

16:04:56.0203 1724 HpFkCryptService - ok

16:04:56.0218 1724 [ e4e0b356a8756066cf89080d9da69f22 ] HPFXBULK C:\windows\system32\drivers\hpfxbulk.sys

16:04:56.0218 1724 HPFXBULK - ok

16:04:56.0218 1724 hpn - ok

16:04:56.0250 1724 [ 04c1dcbb226c6ae647b794833ce3ceb6 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

16:04:56.0250 1724 hpqwmiex - ok

16:04:56.0265 1724 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\windows\system32\Drivers\HTTP.sys

16:04:56.0281 1724 HTTP - ok

16:04:56.0312 1724 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\windows\System32\w3ssl.dll

16:04:56.0312 1724 HTTPFilter - ok

16:04:56.0312 1724 i2omgmt - ok

16:04:56.0312 1724 i2omp - ok

16:04:56.0343 1724 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys

16:04:56.0343 1724 i8042prt - ok

16:04:56.0375 1724 [ 06b7ef73ba5f302eecc294cdf7e19702 ] i81x C:\windows\system32\DRIVERS\i81xnt5.sys

16:04:56.0375 1724 i81x - ok

16:04:56.0406 1724 [ 7b5b44efe5eb9dadfb8ee29700885d23 ] iAimFP0 C:\windows\system32\DRIVERS\wADV01nt.sys

16:04:56.0406 1724 iAimFP0 - ok

16:04:56.0406 1724 [ eb1f6bab6c22ede0ba551b527475f7e9 ] iAimFP1 C:\windows\system32\DRIVERS\wADV02NT.sys

16:04:56.0406 1724 iAimFP1 - ok

16:04:56.0406 1724 [ 03ce989d846c1aa81145cb22fcb86d06 ] iAimFP2 C:\windows\system32\DRIVERS\wADV05NT.sys

16:04:56.0406 1724 iAimFP2 - ok

16:04:56.0406 1724 [ 525849b4469de021d5d61b4db9be3a9d ] iAimFP3 C:\windows\system32\DRIVERS\wSiINTxx.sys

16:04:56.0406 1724 iAimFP3 - ok

16:04:56.0406 1724 [ 589c2bcdb5bd602bf7b63d210407ef8c ] iAimFP4 C:\windows\system32\DRIVERS\wVchNTxx.sys

16:04:56.0406 1724 iAimFP4 - ok

16:04:56.0421 1724 [ 0308aef61941e4af478fa1a0f83812f5 ] iAimFP5 C:\windows\system32\DRIVERS\wADV07nt.sys

16:04:56.0421 1724 iAimFP5 - ok

16:04:56.0421 1724 [ 714038a8aa5de08e12062202cd7eaeb5 ] iAimFP6 C:\windows\system32\DRIVERS\wADV08nt.sys

16:04:56.0421 1724 iAimFP6 - ok

16:04:56.0421 1724 [ 7bb3aa595e4507a788de1cdc63f4c8c4 ] iAimFP7 C:\windows\system32\DRIVERS\wADV09nt.sys

16:04:56.0421 1724 iAimFP7 - ok

16:04:56.0421 1724 [ d83bdd5c059667a2f647a6be5703a4d2 ] iAimTV0 C:\windows\system32\DRIVERS\wATV01nt.sys

16:04:56.0421 1724 iAimTV0 - ok

16:04:56.0437 1724 [ ed968d23354daa0d7c621580c012a1f6 ] iAimTV1 C:\windows\system32\DRIVERS\wATV02NT.sys

16:04:56.0453 1724 iAimTV1 - ok

16:04:56.0453 1724 [ d738273f218a224c1ddac04203f27a84 ] iAimTV3 C:\windows\system32\DRIVERS\wATV04nt.sys

16:04:56.0453 1724 iAimTV3 - ok

16:04:56.0453 1724 [ 0052d118995cbab152daabe6106d1442 ] iAimTV4 C:\windows\system32\DRIVERS\wCh7xxNT.sys

16:04:56.0453 1724 iAimTV4 - ok

16:04:56.0453 1724 [ 791cc45de6e50445be72e8ad6401ff45 ] iAimTV5 C:\windows\system32\DRIVERS\wATV10nt.sys

16:04:56.0453 1724 iAimTV5 - ok

16:04:56.0453 1724 [ 352fa0e98bc461ce1ce5d41f64db558d ] iAimTV6 C:\windows\system32\DRIVERS\wATV06nt.sys

16:04:56.0453 1724 iAimTV6 - ok

16:04:56.0578 1724 [ bffa387180121df1e4646c4ced3e16ca ] ialm C:\windows\system32\DRIVERS\igxpmp32.sys

16:04:56.0609 1724 ialm - ok

16:04:56.0656 1724 [ 997e8f5939f2d12cd9f2e6b395724c16 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys

16:04:56.0656 1724 iaStor - ok

16:04:56.0703 1724 [ daf66902f08796f9c694901660e5a64a ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

16:04:56.0703 1724 IDriverT - ok

16:04:56.0781 1724 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

16:04:56.0796 1724 idsvc - ok

16:04:56.0843 1724 [ d4b018a81ff3b145fa3022380971545c ] IFXSpMgtSrv C:\WINDOWS\system32\ifxspmgt.exe

16:04:56.0859 1724 IFXSpMgtSrv - ok

16:04:56.0890 1724 [ b46ed1763468a380931baa84d1e3ce96 ] IFXTCS C:\WINDOWS\system32\ifxtcs.exe

16:04:56.0890 1724 IFXTCS - ok

16:04:56.0921 1724 [ 91c5e9f49f32110ced27e2f902fad607 ] IFXTPM C:\windows\system32\DRIVERS\IFXTPM.SYS

16:04:56.0921 1724 IFXTPM - ok

16:04:56.0921 1724 ilnqjbvl - ok

16:04:56.0921 1724 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\windows\system32\DRIVERS\imapi.sys

16:04:56.0937 1724 Imapi - ok

16:04:56.0953 1724 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\windows\system32\imapi.exe

16:04:56.0953 1724 ImapiService - ok

16:04:56.0953 1724 ini910u - ok

16:04:56.0984 1724 [ b5466a9250342a7aa0cd1fba13420678 ] IntelIde C:\windows\system32\DRIVERS\intelide.sys

16:04:56.0984 1724 IntelIde - ok

16:04:57.0000 1724 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

16:04:57.0000 1724 intelppm - ok

16:04:57.0015 1724 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\windows\system32\drivers\ip6fw.sys

16:04:57.0015 1724 Ip6Fw - ok

16:04:57.0015 1724 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

16:04:57.0015 1724 IpFilterDriver - ok

16:04:57.0031 1724 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\windows\system32\DRIVERS\ipinip.sys

16:04:57.0031 1724 IpInIp - ok

16:04:57.0031 1724 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\windows\system32\DRIVERS\ipnat.sys

16:04:57.0031 1724 IpNat - ok

16:04:57.0078 1724 [ e6be7a41a28d8f2db174957454d32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

16:04:57.0078 1724 iPod Service - ok

16:04:57.0109 1724 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\windows\system32\DRIVERS\irenum.sys

16:04:57.0109 1724 IRENUM - ok

16:04:57.0140 1724 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys

16:04:57.0140 1724 isapnp - ok

16:04:57.0171 1724 [ 213822072085b5bbad9af30ab577d817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

16:04:57.0171 1724 IviRegMgr - ok

16:04:57.0234 1724 [ 09417134f248dfceea15c72bcc87f592 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

16:04:57.0234 1724 JavaQuickStarterService - ok

16:04:57.0250 1724 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

16:04:57.0250 1724 Kbdclass - ok

16:04:57.0250 1724 [ 9ef487a186dea361aa06913a75b3fa99 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys

16:04:57.0250 1724 kbdhid - ok

16:04:57.0281 1724 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\windows\system32\drivers\kmixer.sys

16:04:57.0281 1724 kmixer - ok

16:04:57.0312 1724 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\windows\system32\drivers\KSecDD.sys

16:04:57.0312 1724 KSecDD - ok

16:04:57.0328 1724 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] lanmanserver C:\windows\System32\srvsvc.dll

16:04:57.0343 1724 lanmanserver - ok

16:04:57.0359 1724 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\windows\System32\wkssvc.dll

16:04:57.0359 1724 lanmanworkstation - ok

16:04:57.0375 1724 lbrtfdc - ok

16:04:57.0375 1724 lmab_device - ok

16:04:57.0406 1724 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\windows\System32\lmhsvc.dll

16:04:57.0406 1724 LmHosts - ok

16:04:57.0437 1724 [ c518d248041c259fcfa7175c866915c3 ] LMS C:\Program Files\Intel\AMT\LMS.exe

16:04:57.0437 1724 LMS - ok

16:04:57.0453 1724 [ 6dfe7f2e8e8a337263aa5c92a215f161 ] MBAMProtector C:\windows\system32\drivers\mbam.sys

16:04:57.0453 1724 MBAMProtector - ok

16:04:57.0500 1724 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

16:04:57.0500 1724 MBAMService - ok

16:04:57.0515 1724 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\windows\System32\msgsvc.dll

16:04:57.0531 1724 Messenger - ok

16:04:57.0546 1724 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\windows\system32\drivers\mnmdd.sys

16:04:57.0546 1724 mnmdd - ok

16:04:57.0578 1724 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

16:04:57.0578 1724 mnmsrvc - ok

16:04:57.0609 1724 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\windows\system32\drivers\Modem.sys

16:04:57.0609 1724 Modem - ok

16:04:57.0640 1724 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\windows\system32\DRIVERS\mouclass.sys

16:04:57.0640 1724 Mouclass - ok

16:04:57.0718 1724 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

16:04:57.0718 1724 mouhid - ok

16:04:57.0750 1724 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\windows\system32\drivers\MountMgr.sys

16:04:57.0750 1724 MountMgr - ok

16:04:57.0750 1724 mraid35x - ok

16:04:57.0875 1724 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\windows\system32\DRIVERS\mrxdav.sys

16:04:57.0875 1724 MRxDAV - ok

16:04:57.0968 1724 [ f3aefb11abc521122b67095044169e98 ] MRxSmb C:\windows\system32\DRIVERS\mrxsmb.sys

16:04:57.0984 1724 MRxSmb - ok

16:04:58.0046 1724 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

16:04:58.0046 1724 MSDTC - ok

16:04:58.0093 1724 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\windows\system32\drivers\Msfs.sys

16:04:58.0093 1724 Msfs - ok

16:04:58.0093 1724 MSIServer - ok

16:04:58.0125 1724 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

16:04:58.0125 1724 MSKSSRV - ok

16:04:58.0125 1724 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

16:04:58.0125 1724 MSPCLOCK - ok

16:04:58.0125 1724 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\windows\system32\drivers\MSPQM.sys

16:04:58.0125 1724 MSPQM - ok

16:04:58.0140 1724 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys

16:04:58.0140 1724 mssmbios - ok

16:04:58.0203 1724 MSSQL$MSSMLBIZ - ok

16:04:58.0250 1724 [ adaf062116b4e6d96e44d26486a87af6 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

16:04:58.0250 1724 MSSQLServerADHelper - ok

16:04:58.0281 1724 [ 2f625d11385b1a94360bfc70aaefdee1 ] Mup C:\windows\system32\drivers\Mup.sys

16:04:58.0281 1724 Mup - ok

16:04:58.0312 1724 [ 0102140028fad045756796e1c685d695 ] napagent C:\windows\System32\qagentrt.dll

16:04:58.0312 1724 napagent - ok

16:04:58.0343 1724 [ 8716356e49a665bdc7b114725b60a456 ] NDIS C:\windows\system32\drivers\NDIS.sys

16:04:58.0343 1724 NDIS - ok

16:04:58.0359 1724 [ 1ab3d00c991ab086e69db84b6c0ed78f ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

16:04:58.0359 1724 NdisTapi - ok

16:04:58.0375 1724 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

16:04:58.0375 1724 Ndisuio - ok

16:04:58.0390 1724 [ 5526cfebb619f7f763bd6a2e1b618078 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

16:04:58.0390 1724 NdisWan - ok

16:04:58.0406 1724 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\windows\system32\drivers\NDProxy.sys

16:04:58.0406 1724 NDProxy - ok

16:04:58.0421 1724 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

16:04:58.0421 1724 NetBIOS - ok

16:04:58.0437 1724 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\windows\system32\DRIVERS\netbt.sys

16:04:58.0437 1724 NetBT - ok

16:04:58.0468 1724 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\windows\system32\netdde.exe

16:04:58.0468 1724 NetDDE - ok

16:04:58.0468 1724 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\windows\system32\netdde.exe

16:04:58.0484 1724 NetDDEdsdm - ok

16:04:58.0484 1724 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\windows\system32\lsass.exe

16:04:58.0484 1724 Netlogon - ok

16:04:58.0515 1724 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\windows\System32\netman.dll

16:04:58.0515 1724 Netman - ok

16:04:58.0546 1724 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:04:58.0546 1724 NetTcpPortSharing - ok

16:04:58.0562 1724 [ 832e4dd8964ab7acc880b2837cb1ed20 ] Nla C:\windows\System32\mswsock.dll

16:04:58.0562 1724 Nla - ok

16:04:58.0562 1724 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\windows\system32\drivers\Npfs.sys

16:04:58.0562 1724 Npfs - ok

16:04:58.0578 1724 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\windows\system32\drivers\Ntfs.sys

16:04:58.0593 1724 Ntfs - ok

16:04:58.0593 1724 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\windows\system32\lsass.exe

16:04:58.0593 1724 NtLmSsp - ok

16:04:58.0609 1724 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\windows\system32\ntmssvc.dll

16:04:58.0625 1724 NtmsSvc - ok

16:04:58.0640 1724 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\windows\system32\drivers\Null.sys

16:04:58.0640 1724 Null - ok

16:04:58.0656 1724 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\windows\system32\DRIVERS\nwlnkflt.sys

16:04:58.0656 1724 NwlnkFlt - ok

16:04:58.0656 1724 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\windows\system32\DRIVERS\nwlnkfwd.sys

16:04:58.0656 1724 NwlnkFwd - ok

16:04:58.0734 1724 [ 1f0e05dff4f5a833168e49be1256f002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

16:04:58.0750 1724 odserv - ok

16:04:58.0765 1724 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:04:58.0765 1724 ose - ok

16:04:58.0781 1724 [ c90018bafdc7098619a4a95b046b30f3 ] P3 C:\windows\system32\DRIVERS\p3.sys

16:04:58.0781 1724 P3 - ok

16:04:58.0781 1724 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\windows\system32\DRIVERS\parport.sys

16:04:58.0781 1724 Parport - ok

16:04:58.0796 1724 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\windows\system32\drivers\PartMgr.sys

16:04:58.0796 1724 PartMgr - ok

16:04:58.0812 1724 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\windows\system32\drivers\ParVdm.sys

16:04:58.0812 1724 ParVdm - ok

16:04:58.0859 1724 [ 2a42ddaeaae7743c55a3fa68a7ad9538 ] PCA C:\WINDOWS\SMINST\PCAngel.exe

16:04:58.0859 1724 PCA - ok

16:04:58.0875 1724 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\windows\system32\DRIVERS\pci.sys

16:04:58.0875 1724 PCI - ok

16:04:58.0875 1724 PCIDump - ok

16:04:58.0906 1724 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde C:\windows\system32\DRIVERS\pciide.sys

16:04:58.0906 1724 PCIIde - ok

16:04:58.0906 1724 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\windows\system32\drivers\Pcmcia.sys

16:04:58.0906 1724 Pcmcia - ok

16:04:58.0937 1724 [ 5b6c11de7e839c05248ced8825470fef ] pcouffin C:\windows\system32\Drivers\pcouffin.sys

16:04:58.0937 1724 pcouffin - ok

16:04:58.0937 1724 PDCOMP - ok

16:04:58.0984 1724 pdfcDispatcher - ok

16:04:58.0984 1724 PDFRAME - ok

16:04:58.0984 1724 PDRELI - ok

16:04:58.0984 1724 PDRFRAME - ok

16:04:58.0984 1724 perc2 - ok

16:04:58.0984 1724 perc2hib - ok

16:04:59.0031 1724 [ c7d5cf6c7dbe6d96de252457721bd0e8 ] PersonalSecureDrive C:\windows\System32\drivers\psd.sys

16:04:59.0031 1724 PersonalSecureDrive - ok

16:04:59.0062 1724 [ 7e5044241347da7ab89137572a4e461d ] PersonalSecureDriveService C:\WINDOWS\system32\IfxPsdSv.exe

16:04:59.0062 1724 PersonalSecureDriveService - ok

16:04:59.0078 1724 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\windows\system32\services.exe

16:04:59.0078 1724 PlugPlay - ok

16:04:59.0109 1724 [ a38b3ce68e7f126190cde4aa3fdf050f ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe

16:04:59.0109 1724 Pml Driver HPZ12 - ok

16:04:59.0109 1724 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\windows\system32\lsass.exe

16:04:59.0109 1724 PolicyAgent - ok

16:04:59.0125 1724 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

16:04:59.0125 1724 PptpMiniport - ok

16:04:59.0125 1724 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\windows\system32\lsass.exe

16:04:59.0125 1724 ProtectedStorage - ok

16:04:59.0125 1724 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\windows\system32\DRIVERS\psched.sys

16:04:59.0125 1724 PSched - ok

16:04:59.0156 1724 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\windows\system32\DRIVERS\ptilink.sys

16:04:59.0156 1724 Ptilink - ok

16:04:59.0156 1724 ql1080 - ok

16:04:59.0156 1724 Ql10wnt - ok

16:04:59.0156 1724 ql12160 - ok

16:04:59.0156 1724 ql1240 - ok

16:04:59.0156 1724 ql1280 - ok

16:04:59.0312 1724 [ 9054c4b91761773f0efa59bed70c54b6 ] RapportCerberus_42020 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys

16:04:59.0328 1724 RapportCerberus_42020 - ok

16:04:59.0375 1724 [ 093b6a040bcf3fd4a0fff397baf28330 ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

16:04:59.0375 1724 RapportEI - ok

16:04:59.0437 1724 [ 35199ec35edc7dcba71fda711dfb05c0 ] RapportIaso c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys

16:04:59.0437 1724 RapportIaso - ok

16:04:59.0437 1724 [ 660436fbe447ebc73873ef2b0b2094b4 ] RapportKELL C:\windows\system32\Drivers\RapportKELL.sys

16:04:59.0437 1724 RapportKELL - ok

16:04:59.0468 1724 [ 61b37c0b3fd7da7414c20d917469bfff ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

16:04:59.0468 1724 RapportMgmtService - ok

16:04:59.0468 1724 [ 3de33a522bb73e161f20d444687e978b ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

16:04:59.0484 1724 RapportPG - ok

16:04:59.0484 1724 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

16:04:59.0484 1724 RasAcd - ok

16:04:59.0500 1724 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\windows\System32\rasauto.dll

16:04:59.0515 1724 RasAuto - ok

16:04:59.0515 1724 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

16:04:59.0515 1724 Rasl2tp - ok

16:04:59.0546 1724 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\windows\System32\rasmans.dll

16:04:59.0546 1724 RasMan - ok

16:04:59.0562 1724 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

16:04:59.0562 1724 RasPppoe - ok

16:04:59.0578 1724 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\windows\system32\DRIVERS\raspti.sys

16:04:59.0578 1724 Raspti - ok

16:04:59.0578 1724 rbadma - ok

16:04:59.0593 1724 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\windows\system32\DRIVERS\rdbss.sys

16:04:59.0593 1724 Rdbss - ok

16:04:59.0593 1724 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

16:04:59.0593 1724 RDPCDD - ok

16:04:59.0640 1724 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\windows\system32\DRIVERS\rdpdr.sys

16:04:59.0640 1724 rdpdr - ok

16:04:59.0640 1724 [ 6728e45b66f93c08f11de2e316fc70dd ] RDPWD C:\windows\system32\drivers\RDPWD.sys

16:04:59.0640 1724 RDPWD - ok

16:04:59.0671 1724 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

16:04:59.0671 1724 RDSessMgr - ok

16:04:59.0671 1724 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\windows\system32\DRIVERS\redbook.sys

16:04:59.0687 1724 redbook - ok

16:04:59.0703 1724 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\windows\System32\mprdim.dll

16:04:59.0703 1724 RemoteAccess - ok

16:04:59.0734 1724 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry C:\windows\system32\regsvc.dll

16:04:59.0734 1724 RemoteRegistry - ok

16:04:59.0765 1724 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\windows\system32\locator.exe

16:04:59.0765 1724 RpcLocator - ok

16:04:59.0781 1724 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\windows\System32\rpcss.dll

16:04:59.0781 1724 RpcSs - ok

16:04:59.0812 1724 [ 02ff0fbd2945b7dd67db3fb0248ae61e ] RsvLock C:\windows\system32\drivers\RsvLock.sys

16:04:59.0812 1724 RsvLock - ok

16:04:59.0843 1724 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\windows\system32\rsvp.exe

16:04:59.0843 1724 RSVP - ok

16:04:59.0859 1724 [ 0e448c0306ba36cfd5c2388046e4ace0 ] SafeBoot C:\windows\system32\drivers\SafeBoot.sys

16:04:59.0859 1724 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 0e448c0306ba36cfd5c2388046e4ace0

16:04:59.0859 1724 SafeBoot ( LockedFile.Multi.Generic ) - warning

16:04:59.0859 1724 SafeBoot - detected LockedFile.Multi.Generic (1)

16:04:59.0875 1724 [ 67d7be21042e057ad8ad18801854446d ] Sage AutoUpdate Manager Service C:\Program Files\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe

16:04:59.0875 1724 Sage AutoUpdate Manager Service - ok

16:04:59.0921 1724 [ adccd87a7864590924d94778781460d4 ] Sage SData Service C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe

16:04:59.0921 1724 Sage SData Service - ok

16:04:59.0937 1724 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\windows\system32\lsass.exe

16:04:59.0937 1724 SamSs - ok

16:04:59.0984 1724 [ 39763504067962108505bff25f024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

16:04:59.0984 1724 SASDIFSV - ok

16:04:59.0984 1724 [ 77b9fc20084b48408ad3e87570eb4a85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

16:04:59.0984 1724 SASKUTIL - ok

16:05:00.0000 1724 [ f6367fb350f8e5d3f6dd8040e4c0e33b ] SbAlg C:\windows\system32\drivers\SbAlg.sys

16:05:00.0000 1724 SbAlg - ok

16:05:00.0000 1724 [ d48f49ef1cfd73d7371b96839529bc89 ] SbFsLock C:\windows\system32\drivers\SbFsLock.sys

16:05:00.0000 1724 SbFsLock - ok

16:05:00.0031 1724 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\windows\System32\SCardSvr.exe

16:05:00.0031 1724 SCardSvr - ok

16:05:00.0062 1724 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\windows\system32\schedsvc.dll

16:05:00.0062 1724 Schedule - ok

16:05:00.0062 1724 SDManager - ok

16:05:00.0093 1724 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\windows\system32\DRIVERS\secdrv.sys

16:05:00.0093 1724 Secdrv - ok

16:05:00.0109 1724 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\windows\System32\seclogon.dll

16:05:00.0109 1724 seclogon - ok

16:05:00.0125 1724 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\windows\system32\sens.dll

16:05:00.0125 1724 SENS - ok

16:05:00.0125 1724 [ 0f29512ccd6bead730039fb4bd2c85ce ] serenum C:\windows\system32\DRIVERS\serenum.sys

16:05:00.0125 1724 serenum - ok

16:05:00.0140 1724 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\windows\system32\DRIVERS\serial.sys

16:05:00.0140 1724 Serial - ok

16:05:00.0171 1724 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\windows\system32\drivers\Sfloppy.sys

16:05:00.0171 1724 Sfloppy - ok

16:05:00.0171 1724 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\windows\System32\shsvcs.dll

16:05:00.0187 1724 ShellHWDetection - ok

16:05:00.0187 1724 Simbad - ok

16:05:00.0265 1724 [ 0f97e7a47a52f4a36969f0fc319654c2 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

16:05:00.0328 1724 Skype C2C Service - ok

16:05:00.0375 1724 [ c70aebd3608ed9fcea2a1bae83567ffc ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

16:05:00.0375 1724 SkypeUpdate - ok

16:05:00.0375 1724 Sparrow - ok

16:05:00.0406 1724 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\windows\system32\drivers\splitter.sys

16:05:00.0406 1724 splitter - ok

16:05:00.0437 1724 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\windows\system32\spoolsv.exe

16:05:00.0437 1724 Spooler - ok

16:05:00.0484 1724 [ 1a606a8d611816adc47d2b25dbedcb1f ] sptd C:\windows\system32\Drivers\sptd.sys

16:05:00.0484 1724 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: 1a606a8d611816adc47d2b25dbedcb1f

16:05:00.0484 1724 sptd ( LockedFile.Multi.Generic ) - warning

16:05:00.0484 1724 sptd - detected LockedFile.Multi.Generic (1)

16:05:00.0531 1724 [ d2b096cd2f56fac6eeeed9a77ddf6dc8 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

16:05:00.0531 1724 SQLBrowser - ok

16:05:00.0562 1724 [ d2f4f32b59440011174b4f8137af4e0c ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

16:05:00.0562 1724 SQLWriter - ok

16:05:00.0562 1724 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\windows\system32\DRIVERS\sr.sys

16:05:00.0562 1724 sr - ok

16:05:00.0609 1724 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\windows\system32\srsvc.dll

16:05:00.0609 1724 srservice - ok

16:05:00.0609 1724 [ 0f6aefad3641a657e18081f52d0c15af ] Srv C:\windows\system32\DRIVERS\srv.sys

16:05:00.0609 1724 Srv - ok

16:05:00.0640 1724 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

16:05:00.0640 1724 SSDPSRV - ok

16:05:00.0671 1724 [ 61b8922afc74f1ebb31e34f43320d2cc ] StarPortLite C:\windows\system32\DRIVERS\StarPortLite.sys

16:05:00.0671 1724 StarPortLite - ok

16:05:00.0703 1724 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\windows\system32\wiaservc.dll

16:05:00.0703 1724 stisvc - ok

16:05:00.0734 1724 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\windows\system32\DRIVERS\swenum.sys

16:05:00.0734 1724 swenum - ok

16:05:00.0734 1724 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\windows\system32\drivers\swmidi.sys

16:05:00.0734 1724 swmidi - ok

16:05:00.0734 1724 SwPrv - ok

16:05:00.0765 1724 [ 1ff3217614018630d0a6758630fc698c ] symc810 C:\windows\system32\DRIVERS\symc810.sys

16:05:00.0765 1724 symc810 - ok

16:05:00.0781 1724 [ 070e001d95cf725186ef8b20335f933c ] symc8xx C:\windows\system32\DRIVERS\symc8xx.sys

16:05:00.0781 1724 symc8xx - ok

16:05:00.0796 1724 [ f2b7e8416f508368ac6730e2ae1c614f ] Symmpi C:\windows\system32\DRIVERS\symmpi.sys

16:05:00.0796 1724 Symmpi - ok

16:05:00.0796 1724 [ 80ac1c4abbe2df3b738bf15517a51f2c ] sym_hi C:\windows\system32\DRIVERS\sym_hi.sys

16:05:00.0796 1724 sym_hi - ok

16:05:00.0812 1724 [ bf4fab949a382a8e105f46ebb4937058 ] sym_u3 C:\windows\system32\DRIVERS\sym_u3.sys

16:05:00.0812 1724 sym_u3 - ok

16:05:00.0828 1724 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\windows\system32\drivers\sysaudio.sys

16:05:00.0828 1724 sysaudio - ok

16:05:00.0859 1724 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\windows\system32\smlogsvc.exe

16:05:00.0859 1724 SysmonLog - ok

16:05:00.0890 1724 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\windows\System32\tapisrv.dll

16:05:00.0890 1724 TapiSrv - ok

16:05:00.0906 1724 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\windows\system32\DRIVERS\tcpip.sys

16:05:00.0906 1724 Tcpip - ok

16:05:00.0937 1724 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\windows\system32\drivers\TDPIPE.sys

16:05:00.0937 1724 TDPIPE - ok

16:05:00.0937 1724 tdpqhhzhczmx - ok

16:05:00.0953 1724 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\windows\system32\drivers\TDTCP.sys

16:05:00.0953 1724 TDTCP - ok

16:05:00.0968 1724 [ 88155247177638048422893737429d9e ] TermDD C:\windows\system32\DRIVERS\termdd.sys

16:05:00.0968 1724 TermDD - ok

16:05:01.0000 1724 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\windows\System32\termsrv.dll

16:05:01.0000 1724 TermService - ok

16:05:01.0015 1724 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\windows\System32\shsvcs.dll

16:05:01.0015 1724 Themes - ok

16:05:01.0031 1724 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

16:05:01.0031 1724 TlntSvr - ok

16:05:01.0046 1724 TosIde - ok

16:05:01.0062 1724 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\windows\system32\trkwks.dll

16:05:01.0062 1724 TrkWks - ok

16:05:01.0078 1724 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\windows\system32\drivers\Udfs.sys

16:05:01.0078 1724 Udfs - ok

16:05:01.0078 1724 ultra - ok

16:05:01.0140 1724 [ 0558985bd646203df5f36bf0fbd241a3 ] UNS C:\Program Files\Intel\AMT\UNS.exe

16:05:01.0171 1724 UNS - ok

16:05:01.0203 1724 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\windows\System32\upnphost.dll

16:05:01.0218 1724 upnphost - ok

16:05:01.0250 1724 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\windows\System32\ups.exe

16:05:01.0250 1724 UPS - ok

16:05:01.0281 1724 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

16:05:01.0281 1724 usbccgp - ok

16:05:01.0312 1724 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys

16:05:01.0312 1724 usbehci - ok

16:05:01.0312 1724 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

16:05:01.0312 1724 usbhub - ok

16:05:01.0328 1724 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys

16:05:01.0328 1724 usbprint - ok

16:05:01.0343 1724 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys

16:05:01.0343 1724 usbscan - ok

16:05:01.0359 1724 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

16:05:01.0359 1724 USBSTOR - ok

16:05:01.0375 1724 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys

16:05:01.0375 1724 usbuhci - ok

16:05:01.0390 1724 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\windows\System32\drivers\vga.sys

16:05:01.0390 1724 VgaSave - ok

16:05:01.0421 1724 [ 3b3efcda263b8ac14fdf9cbdd0791b2e ] ViaIde C:\windows\system32\DRIVERS\viaide.sys

16:05:01.0421 1724 ViaIde - ok

16:05:01.0437 1724 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\windows\system32\drivers\VolSnap.sys

16:05:01.0437 1724 VolSnap - ok

16:05:01.0468 1724 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\windows\System32\vssvc.exe

16:05:01.0484 1724 VSS - ok

16:05:01.0500 1724 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time C:\windows\system32\w32time.dll

16:05:01.0500 1724 W32Time - ok

16:05:01.0515 1724 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys

16:05:01.0515 1724 Wanarp - ok

16:05:01.0515 1724 WDICA - ok

16:05:01.0546 1724 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\windows\system32\drivers\wdmaud.sys

16:05:01.0546 1724 wdmaud - ok

16:05:01.0578 1724 [ 325718c52130abb9fb96a437a492d119 ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

16:05:01.0578 1724 Web Assistant Updater - ok

16:05:01.0609 1724 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\windows\System32\webclnt.dll

16:05:01.0609 1724 WebClient - ok

16:05:01.0656 1724 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\windows\system32\wbem\WMIsvc.dll

16:05:01.0656 1724 winmgmt - ok

16:05:01.0671 1724 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN C:\windows\system32\MsPMSNSv.dll

16:05:01.0687 1724 WmdmPmSN - ok

16:05:01.0703 1724 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi C:\windows\System32\advapi32.dll

16:05:01.0718 1724 Wmi - ok

16:05:01.0750 1724 [ c42584fd66ce9e17403aebca199f7bdb ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys

16:05:01.0750 1724 WmiAcpi - ok

16:05:01.0765 1724 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

16:05:01.0765 1724 WmiApSrv - ok

16:05:01.0843 1724 [ f74e3d9a7fa9556c3bbb14d4e5e63d3b ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

16:05:01.0859 1724 WMPNetworkSvc - ok

16:05:01.0875 1724 [ 6abe6e225adb5a751622a9cc3bc19ce8 ] WS2IFSL C:\windows\System32\drivers\ws2ifsl.sys

16:05:01.0875 1724 WS2IFSL - ok

16:05:01.0906 1724 [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf C:\windows\system32\DRIVERS\WudfPf.sys

16:05:01.0921 1724 WudfPf - ok

16:05:01.0921 1724 [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd C:\windows\system32\DRIVERS\wudfrd.sys

16:05:01.0921 1724 WudfRd - ok

16:05:01.0937 1724 [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc C:\windows\System32\WUDFSvc.dll

16:05:01.0937 1724 WudfSvc - ok

16:05:01.0984 1724 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\windows\System32\wzcsvc.dll

16:05:01.0984 1724 WZCSVC - ok

16:05:02.0015 1724 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\windows\System32\xmlprov.dll

16:05:02.0031 1724 xmlprov - ok

16:05:02.0031 1724 ================ Scan global ===============================

16:05:02.0078 1724 (42f1f4c0afb08410e5f02d4b13ebb623) C:\windows\system32\basesrv.dll

16:05:02.0109 1724 (42b5427fac23bf6f1f31e466b7feb084) C:\windows\system32\winsrv.dll

16:05:02.0125 1724 (42b5427fac23bf6f1f31e466b7feb084) C:\windows\system32\winsrv.dll

16:05:02.0125 1724 (65df52f5b8b6e9bbd183505225c37315) C:\windows\system32\services.exe

16:05:02.0125 1724 [Global] - ok

16:05:02.0125 1724 ================ Scan MBR ==================================

16:05:02.0140 1724 MBR (0x1B8) (665b9f93d7bab6e25c7f99d73a4f8d6a) \Device\Harddisk0\DR0

16:05:02.0296 1724 \Device\Harddisk0\DR0 - ok

16:05:02.0312 1724 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR10

16:05:02.0312 1724 \Device\Harddisk1\DR10 - ok

16:05:02.0328 1724 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk2\DR12

16:05:02.0328 1724 \Device\Harddisk2\DR12 - ok

16:05:02.0328 1724 ================ Scan VBR ==================================

16:05:02.0328 1724 Boot (0x1200) (98e79a060b64c80309b7b4d85dd341db) \Device\Harddisk0\DR0\Partition1

16:05:02.0328 1724 \Device\Harddisk0\DR0\Partition1 - ok

16:05:02.0359 1724 Boot (0x1200) (d3a10b29fd5ebea985860bc3ae412394) \Device\Harddisk0\DR0\Partition2

16:05:02.0359 1724 \Device\Harddisk0\DR0\Partition2 - ok

16:05:02.0359 1724 Boot (0x1200) (201b7e9aa171ac7a3e4653284202f6f9) \Device\Harddisk1\DR10\Partition1

16:05:02.0359 1724 \Device\Harddisk1\DR10\Partition1 - ok

16:05:02.0375 1724 Boot (0x1200) (d918a32833385aa4c41683ae967f7e4c) \Device\Harddisk2\DR12\Partition1

16:05:02.0375 1724 \Device\Harddisk2\DR12\Partition1 - ok

16:05:02.0375 1724 ============================================================

16:05:02.0375 1724 Scan finished

16:05:02.0375 1724 ============================================================

16:05:02.0375 3860 Detected object count: 2

16:05:02.0375 3860 Actual detected object count: 2

16:05:07.0171 3860 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user

16:05:07.0171 3860 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip

16:05:07.0171 3860 sptd ( LockedFile.Multi.Generic ) - skipped by user

16:05:07.0171 3860 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

[MrCharlie]

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards and......

• There's a possibility that you'll lose your internet connections which I may not be able to correct and will require a repair install.
  
• There's also a possibility that during the cleaning procedure the computer will become unusable (won't boot) which will result in a repair install or complete format and install.
  
• I strongly suggest you back up all of the important items on the system before we continue.
  

Please let me know you have read this and agree to it.

Let me know what you decide to do. MrC

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!