Jump to content

Happili Trojan Infection on my laptop


Recommended Posts

I was told to post the DDS txt and Attach txt to receive help to clean my machine. This is my 1st time on this forum so please bear with me ;) Here it is:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1

Run by WCC User at 22:13:35 on 2012-08-18

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1202 [GMT -5:00]

.

AV: Sophos Anti-Virus *Enabled/Outdated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

.

============== Running Processes ===============

.

C:\WINNT\system32\svchost -k DcomLaunch

svchost.exe

C:\WINNT\System32\svchost.exe -k netsvcs

C:\WINNT\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINNT\system32\spoolsv.exe

svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\WINNT\System32\spool\DRIVERS\W32X86\3\lxdnserv.exe

C:\WINNT\system32\lxdncoms.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINNT\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINNT\system32\wscntfy.exe

C:\Program Files\Ares\Ares.exe

C:\WINNT\system32\RUNDLL32.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page =

uSearch Bar =

mSearchAssistant =

uURLSearchHooks: H - No File

BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll

BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ares] "c:\program files\ares\Ares.exe" -h

uRun: [Gearbox Software] RUNDLL32.EXE "c:\documents and settings\wcc user\local settings\application data\gearbox software\hrghtmyc.dll",FECoreInstance

uRunOnce: [shockwave Updater] c:\winnt\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.adobe.com...ckwave/welcome/"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342226348787

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342226341053

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{609D51A0-9452-488C-862B-B2E3B5300C72} : DhcpNameServer = 192.168.1.254

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\wcc user\application data\mozilla\firefox\profiles\3ja55s3j.default\

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\real\realplayer enterprise\netscape6\nppl3260.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: XULRunner: {0318A8D4-1E59-4E5F-AEBC-C0D5639ADF9C} - c:\documents and settings\wcc user\local settings\application data\{0318A8D4-1E59-4E5F-AEBC-C0D5639ADF9C}

FF - Ext: XULRunner: {E393A7B2-53F2-4E74-8B0F-F2719B079DA4} - c:\documents and settings\wcc user\local settings\application data\{E393A7B2-53F2-4E74-8B0F-F2719B079DA4}

FF - Ext: XULRunner: {43C7B45A-A2E1-49DC-B148-392BD76B7808} - c:\documents and settings\wcc user\local settings\application data\{43C7B45A-A2E1-49DC-B148-392BD76B7808}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 DwProt;DrWeb Protection;c:\winnt\system32\drivers\dwprot.sys [2012-8-17 149272]

R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\winnt\system32\drivers\nipplpt.sys [2008-8-28 34671]

R1 SAVOnAccessControl;SAVOnAccessControl;c:\winnt\system32\drivers\savonaccesscontrol.sys [2008-8-14 153344]

R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\winnt\system32\drivers\savonaccessfilter.sys [2008-8-14 24064]

R2 lxdn_device;lxdn_device;c:\winnt\system32\lxdncoms.exe -service --> c:\winnt\system32\lxdncoms.exe -service [?]

R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\winnt\system32\spool\drivers\w32x86\3\lxdnserv.exe [2011-5-17 98984]

R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-8 163056]

R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-4 97520]

R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-9-21 230640]

R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-10-8 1541360]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\winnt\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-18 250056]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]

S4 SophosBootDriver;SophosBootDriver;c:\winnt\system32\drivers\SophosBootDriver.sys [2008-10-3 14976]

.

=============== Created Last 30 ================

.

2012-08-18 04:33:36 149272 ----a-w- c:\winnt\system32\drivers\dwprot.sys

2012-08-18 04:00:38 -------- d-----w- c:\documents and settings\wcc user\Doctor Web

2012-08-18 02:16:11 -------- d-----w- c:\documents and settings\wcc user\DoctorWeb

2012-08-18 01:54:07 -------- d-----w- c:\documents and settings\wcc user\local settings\application data\Sun

2012-08-18 01:53:17 -------- d-----w- c:\program files\Oracle

2012-08-18 01:53:11 772544 ----a-w- c:\winnt\system32\npDeployJava1.dll

2012-08-18 01:53:11 143872 ----a-w- c:\winnt\system32\javacpl.cpl

.

==================== Find3M ====================

.

2012-08-15 02:19:55 70344 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl

2012-08-15 02:19:55 426184 ----a-w- c:\winnt\system32\FlashPlayerApp.exe

2012-07-06 13:58:51 78336 ----a-w- c:\winnt\system32\browser.dll

2012-07-04 14:05:18 139784 ----a-w- c:\winnt\system32\drivers\rdpwd.sys

2012-07-03 18:46:44 22344 ----a-w- c:\winnt\system32\drivers\mbam.sys

2012-07-03 13:40:15 1866112 ----a-w- c:\winnt\system32\win32k.sys

2012-07-02 17:49:33 916992 ----a-w- c:\winnt\system32\wininet.dll

2012-07-02 17:49:32 43520 ------w- c:\winnt\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ------w- c:\winnt\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ------w- c:\winnt\system32\html.iec

2012-06-07 01:59:42 1070152 ----a-w- c:\winnt\system32\MSCOMCTL.OCX

2012-06-05 15:50:25 1372672 ----a-w- c:\winnt\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\winnt\system32\msxml3.dll

2012-06-04 22:35:26 222448 ----a-w- c:\winnt\system32\muweb.dll

2012-06-04 04:32:08 152576 ----a-w- c:\winnt\system32\schannel.dll

2012-06-02 20:19:44 22040 ----a-w- c:\winnt\system32\wucltui.dll.mui

2012-06-02 20:19:38 219160 ----a-w- c:\winnt\system32\wuaucpl.cpl

2012-06-02 20:19:38 15384 ----a-w- c:\winnt\system32\wuaucpl.cpl.mui

2012-06-02 20:19:34 15384 ----a-w- c:\winnt\system32\wuapi.dll.mui

2012-06-02 20:19:30 17944 ----a-w- c:\winnt\system32\wuaueng.dll.mui

2012-06-02 20:18:58 275696 ----a-w- c:\winnt\system32\mucltui.dll

2012-06-02 20:18:58 17136 ----a-w- c:\winnt\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\winnt\system32\crypt32.dll

.

============= FINISH: 22:13:53.67 ===============

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 8/18/2008 9:23:16 AM

System Uptime: 8/18/2012 9:53:14 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0HN341

Processor: Intel® Core™2 Duo CPU T7500 @ 2.20GHz | Microprocessor | 2193/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 86.309 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

µTorrent

ABBYY FineReader 6.0 Sprint

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Shockwave Player

Apple Software Update

Ares 2.1.1

Audacity 1.2.6

AutoUpdate

Broadcom Gigabit Integrated Controller

CCleaner (remove only)

Conexant HDA D330 MDC V.92 Modem

Dell Resource CD

Dell Touchpad

DivX Codec

DivX Converter

DivX Plus Web Player

DivX Version Checker

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.0 (KB932471)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB954550-v5)

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

Intel® PROSet/Wireless Software

James Bond 007: Nightfire

Java Auto Updater

Java™ 7 Update 5

JavaFX 2.1.1

Lexmark 2600 Series

Lexmark Fax Solutions

Lexmark Toolbar

Lexmark Tools for Office

Malwarebytes Anti-Malware version 1.62.0.1300

mCore

mDriver

mDrWiFi

mHlpDell

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

mIWA

mLogView

mMHouse

Move Networks Media Player for Internet Explorer

Mozilla Firefox (3.5.6)

mp2_screensaver_1024x768 Screen Saver

mPfMgr

mPfWiz

mProSafe

mSCfg

mSSO

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

mWlsSafe

mWMI

mZConfig

Novell iPrint Client v04.32.00

NVIDIA Drivers

OGA Notifier 2.0.0048.0

Only Astrology

PowerDVD

QuickTime

RealPlayer Enterprise

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Express Labeler

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 7 (KB2699988)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

SigmaTel Audio

Sonic Activation Module

Sophos Anti-Virus

Sophos AutoUpdate

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2718704)

VC80CRTRedist - 8.0.50727.4053

WebFldrs XP

WildTangent Web Driver

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

Windows XP Service Pack 3

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

8/16/2012 9:51:58 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.66. The machine with the IP address 192.168.1.65 did not allow the name to be claimed by this machine.

8/16/2012 10:09:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor

.

==== End Of File ===========================

Link to post
Share on other sites

  • Replies 60
  • Created
  • Last Reply

Top Posters In This Topic

Welcome to the forum.

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against the forums policy:

http://forums.malwar...showtopic=97700

----------------------------------------

Then........

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Here's the scan report as requested:

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: WCC User [Admin rights]

Mode: Scan -- Date: 08/22/2012 14:46:48

¤¤¤ Bad processes: 2 ¤¤¤

[sUSP PATH] hrghtmyc.dll -- C:\Documents and Settings\WCC User\Local Settings\Application Data\Gearbox Software\hrghtmyc.dll -> UNLOADED

[sUSP PATH] hrghtmyc.dll -- C:\Documents and Settings\WCC User\Local Settings\Application Data\Gearbox Software\hrghtmyc.dll -> KILLED [TermProc]

¤¤¤ Registry Entries: 6 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : Gearbox Software (RUNDLL32.EXE "C:\Documents and Settings\WCC User\Local Settings\Application Data\Gearbox Software\hrghtmyc.dll",FECoreInstance) -> FOUND

[HJ NAME] HKUS\.DEFAULT[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-4070995279-3405039426-2564294346-1003[...]\Run : Gearbox Software (RUNDLL32.EXE "C:\Documents and Settings\WCC User\Local Settings\Application Data\Gearbox Software\hrghtmyc.dll",FECoreInstance) -> FOUND

[HJ NAME] HKUS\S-1-5-18[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) -> FOUND

[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS722012K9A300 +++++

--- User ---

[MBR] 76069eacabae464a1d4e3b0472bc76d3

[bSP] b34fcff8b3e56fdc7f65597d7054e2c4 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114470 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[sUSP PATH] hrghtmyc.dll -- C:\Documents and Settings\WCC User\Local Settings\Application Data\Gearbox Software\hrghtmyc.dll -> UNLOADED

[sUSP PATH] hrghtmyc.dll -- C:\Documents and Settings\WCC User\Local Settings\Application Data\Gearbox Software\hrghtmyc.dll -> KILLED [TermProc]

Now click Delete on the right hand column under Options

~~~~~~~~~~~~~~~

Next click on the Registry tab and put a check next to these and uncheck the rest. (if found)

[sUSP PATH] HKCU\[...]\Run : Gearbox Software (RUNDLL32.EXE "C:\Documents and Settings\WCC User\Local Settings\Application Data\Gearbox Software\hrghtmyc.dll",FECoreInstance) -> FOUND

[HJ NAME] HKUS\.DEFAULT[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-4070995279-3405039426-2564294346-1003[...]\Run : Gearbox Software (RUNDLL32.EXE "C:\Documents and Settings\WCC User\Local Settings\Application Data\Gearbox Software\hrghtmyc.dll",FECoreInstance) -> FOUND

[HJ NAME] HKUS\S-1-5-18[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) -> FOUND

[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Now click Delete on the right hand column under Options

~~~~~~~~~~~~~~~~~~~~

Next........

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

I've got 3 logs in my computer: 1

2011/04/26 22:46:02.0343 0364 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/26 22:46:02.0359 0364 ================================================================================

2011/04/26 22:46:02.0359 0364 SystemInfo:

2011/04/26 22:46:02.0359 0364

2011/04/26 22:46:02.0359 0364 OS Version: 5.1.2600 ServicePack: 3.0

2011/04/26 22:46:02.0359 0364 Product type: Workstation

2011/04/26 22:46:02.0359 0364 ComputerName: AC042-010211

2011/04/26 22:46:02.0359 0364 UserName: Administrator

2011/04/26 22:46:02.0359 0364 Windows directory: C:\WINNT

2011/04/26 22:46:02.0359 0364 System windows directory: C:\WINNT

2011/04/26 22:46:02.0359 0364 Processor architecture: Intel x86

2011/04/26 22:46:02.0359 0364 Number of processors: 2

2011/04/26 22:46:02.0359 0364 Page size: 0x1000

2011/04/26 22:46:02.0359 0364 Boot type: Safe boot with network

2011/04/26 22:46:02.0359 0364 ================================================================================

2011/04/26 22:46:02.0625 0364 Initialize success

2011/04/26 22:46:09.0000 0376 ================================================================================

2011/04/26 22:46:09.0015 0376 Scan started

2011/04/26 22:46:09.0015 0376 Mode: Manual;

2011/04/26 22:46:09.0015 0376 ================================================================================

2011/04/26 22:46:10.0671 0376 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINNT\system32\DRIVERS\ACPI.sys

2011/04/26 22:46:10.0703 0376 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINNT\system32\drivers\ACPIEC.sys

2011/04/26 22:46:10.0781 0376 aec (8bed39e3c35d6a489438b8141717a557) C:\WINNT\system32\drivers\aec.sys

2011/04/26 22:46:10.0812 0376 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINNT\system32\DRIVERS\AegisP.sys

2011/04/26 22:46:10.0859 0376 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINNT\System32\drivers\afd.sys

2011/04/26 22:46:11.0031 0376 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINNT\system32\DRIVERS\Apfiltr.sys

2011/04/26 22:46:11.0062 0376 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINNT\system32\DRIVERS\arp1394.sys

2011/04/26 22:46:11.0265 0376 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINNT\system32\DRIVERS\asyncmac.sys

2011/04/26 22:46:11.0296 0376 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINNT\system32\DRIVERS\atapi.sys

2011/04/26 22:46:11.0343 0376 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINNT\system32\DRIVERS\atmarpc.sys

2011/04/26 22:46:11.0390 0376 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINNT\system32\DRIVERS\audstub.sys

2011/04/26 22:46:11.0437 0376 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINNT\system32\DRIVERS\b57xp32.sys

2011/04/26 22:46:11.0484 0376 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINNT\system32\drivers\Beep.sys

2011/04/26 22:46:11.0515 0376 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINNT\system32\drivers\cbidf2k.sys

2011/04/26 22:46:11.0578 0376 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINNT\system32\drivers\Cdaudio.sys

2011/04/26 22:46:11.0609 0376 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINNT\system32\drivers\Cdfs.sys

2011/04/26 22:46:11.0625 0376 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINNT\system32\DRIVERS\cdrom.sys

2011/04/26 22:46:11.0703 0376 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINNT\system32\DRIVERS\CmBatt.sys

2011/04/26 22:46:11.0765 0376 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINNT\system32\DRIVERS\compbatt.sys

2011/04/26 22:46:11.0953 0376 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINNT\system32\DRIVERS\disk.sys

2011/04/26 22:46:12.0015 0376 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINNT\system32\DLA\DLABMFSM.SYS

2011/04/26 22:46:12.0046 0376 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINNT\system32\DLA\DLABOIOM.SYS

2011/04/26 22:46:12.0078 0376 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINNT\system32\Drivers\DLACDBHM.SYS

2011/04/26 22:46:12.0109 0376 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINNT\system32\DLA\DLADResM.SYS

2011/04/26 22:46:12.0140 0376 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINNT\system32\DLA\DLAIFS_M.SYS

2011/04/26 22:46:12.0171 0376 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINNT\system32\DLA\DLAOPIOM.SYS

2011/04/26 22:46:12.0203 0376 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINNT\system32\DLA\DLAPoolM.SYS

2011/04/26 22:46:12.0218 0376 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINNT\system32\Drivers\DLARTL_M.SYS

2011/04/26 22:46:12.0250 0376 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINNT\system32\DLA\DLAUDFAM.SYS

2011/04/26 22:46:12.0281 0376 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINNT\system32\DLA\DLAUDF_M.SYS

2011/04/26 22:46:12.0343 0376 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINNT\system32\drivers\dmboot.sys

2011/04/26 22:46:12.0453 0376 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINNT\system32\drivers\dmio.sys

2011/04/26 22:46:12.0468 0376 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINNT\system32\drivers\dmload.sys

2011/04/26 22:46:12.0531 0376 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINNT\system32\drivers\DMusic.sys

2011/04/26 22:46:12.0609 0376 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINNT\system32\drivers\drmkaud.sys

2011/04/26 22:46:12.0640 0376 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINNT\system32\Drivers\DRVMCDB.SYS

2011/04/26 22:46:12.0671 0376 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINNT\system32\Drivers\DRVNDDM.SYS

2011/04/26 22:46:12.0765 0376 Fastfat (38d332a6d56af32635675f132548343e) C:\WINNT\system32\drivers\Fastfat.sys

2011/04/26 22:46:12.0812 0376 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINNT\system32\drivers\Fdc.sys

2011/04/26 22:46:12.0828 0376 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINNT\system32\drivers\Fips.sys

2011/04/26 22:46:12.0859 0376 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINNT\system32\drivers\Flpydisk.sys

2011/04/26 22:46:12.0890 0376 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINNT\system32\drivers\fltmgr.sys

2011/04/26 22:46:12.0921 0376 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINNT\system32\drivers\Fs_Rec.sys

2011/04/26 22:46:12.0953 0376 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINNT\system32\DRIVERS\ftdisk.sys

2011/04/26 22:46:12.0984 0376 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINNT\system32\DRIVERS\msgpc.sys

2011/04/26 22:46:13.0000 0376 guardian2 (7dadeb7f2215b1f883267cad67f091c1) C:\WINNT\system32\Drivers\oz776.sys

2011/04/26 22:46:13.0062 0376 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINNT\system32\DRIVERS\HDAudBus.sys

2011/04/26 22:46:13.0218 0376 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINNT\system32\DRIVERS\hidusb.sys

2011/04/26 22:46:13.0296 0376 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINNT\system32\DRIVERS\HSFHWAZL.sys

2011/04/26 22:46:13.0359 0376 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINNT\system32\DRIVERS\HSF_DPV.sys

2011/04/26 22:46:13.0531 0376 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINNT\system32\Drivers\HTTP.sys

2011/04/26 22:46:13.0656 0376 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINNT\system32\DRIVERS\i8042prt.sys

2011/04/26 22:46:13.0828 0376 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINNT\system32\DRIVERS\igxpmp32.sys

2011/04/26 22:46:14.0109 0376 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINNT\system32\drivers\iaStor.sys

2011/04/26 22:46:14.0156 0376 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINNT\system32\DRIVERS\imapi.sys

2011/04/26 22:46:14.0250 0376 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINNT\system32\DRIVERS\intelppm.sys

2011/04/26 22:46:14.0296 0376 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINNT\system32\drivers\ip6fw.sys

2011/04/26 22:46:14.0312 0376 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINNT\system32\DRIVERS\ipfltdrv.sys

2011/04/26 22:46:14.0343 0376 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINNT\system32\DRIVERS\ipinip.sys

2011/04/26 22:46:14.0375 0376 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINNT\system32\DRIVERS\ipnat.sys

2011/04/26 22:46:14.0406 0376 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINNT\system32\DRIVERS\ipsec.sys

2011/04/26 22:46:14.0437 0376 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINNT\system32\DRIVERS\irenum.sys

2011/04/26 22:46:14.0484 0376 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINNT\system32\DRIVERS\isapnp.sys

2011/04/26 22:46:14.0515 0376 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINNT\system32\DRIVERS\kbdclass.sys

2011/04/26 22:46:14.0578 0376 kmixer (692bcf44383d056aed41b045a323d378) C:\WINNT\system32\drivers\kmixer.sys

2011/04/26 22:46:14.0609 0376 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINNT\system32\drivers\KSecDD.sys

2011/04/26 22:46:14.0812 0376 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINNT\system32\DRIVERS\mdmxsdk.sys

2011/04/26 22:46:14.0843 0376 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINNT\system32\drivers\mnmdd.sys

2011/04/26 22:46:14.0875 0376 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINNT\system32\drivers\Modem.sys

2011/04/26 22:46:14.0921 0376 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINNT\system32\DRIVERS\mouclass.sys

2011/04/26 22:46:14.0953 0376 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINNT\system32\DRIVERS\mouhid.sys

2011/04/26 22:46:14.0984 0376 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINNT\system32\drivers\MountMgr.sys

2011/04/26 22:46:15.0031 0376 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINNT\system32\DRIVERS\mrxdav.sys

2011/04/26 22:46:15.0093 0376 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINNT\system32\DRIVERS\mrxsmb.sys

2011/04/26 22:46:15.0187 0376 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINNT\system32\drivers\Msfs.sys

2011/04/26 22:46:15.0234 0376 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINNT\system32\drivers\MSKSSRV.sys

2011/04/26 22:46:15.0250 0376 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINNT\system32\drivers\MSPCLOCK.sys

2011/04/26 22:46:15.0281 0376 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINNT\system32\drivers\MSPQM.sys

2011/04/26 22:46:15.0328 0376 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINNT\system32\DRIVERS\mssmbios.sys

2011/04/26 22:46:15.0343 0376 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINNT\system32\drivers\Mup.sys

2011/04/26 22:46:15.0390 0376 NDIS (1df7f42665c94b825322fae71721130d) C:\WINNT\system32\drivers\NDIS.sys

2011/04/26 22:46:15.0406 0376 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINNT\system32\DRIVERS\ndistapi.sys

2011/04/26 22:46:15.0453 0376 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINNT\system32\DRIVERS\ndisuio.sys

2011/04/26 22:46:15.0484 0376 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINNT\system32\DRIVERS\ndiswan.sys

2011/04/26 22:46:15.0515 0376 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINNT\system32\drivers\NDProxy.sys

2011/04/26 22:46:15.0546 0376 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINNT\system32\DRIVERS\netbios.sys

2011/04/26 22:46:15.0625 0376 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINNT\system32\DRIVERS\netbt.sys

2011/04/26 22:46:15.0765 0376 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINNT\system32\DRIVERS\NETw4x32.sys

2011/04/26 22:46:15.0875 0376 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINNT\system32\DRIVERS\nic1394.sys

2011/04/26 22:46:15.0937 0376 nipplpt2 (5b688d6e2b939525f10456976dcf1dd7) C:\WINNT\system32\drivers\nipplpt.sys

2011/04/26 22:46:15.0968 0376 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINNT\system32\drivers\Npfs.sys

2011/04/26 22:46:16.0000 0376 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINNT\system32\drivers\Ntfs.sys

2011/04/26 22:46:16.0078 0376 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINNT\system32\drivers\Null.sys

2011/04/26 22:46:16.0265 0376 nv (8129d762cc3e3c5ab9cf2eabc377fb73) C:\WINNT\system32\DRIVERS\nv4_mini.sys

2011/04/26 22:46:16.0453 0376 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINNT\system32\DRIVERS\nwlnkflt.sys

2011/04/26 22:46:16.0484 0376 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINNT\system32\DRIVERS\nwlnkfwd.sys

2011/04/26 22:46:16.0531 0376 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINNT\system32\DRIVERS\ohci1394.sys

2011/04/26 22:46:16.0578 0376 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINNT\system32\drivers\Parport.sys

2011/04/26 22:46:16.0609 0376 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINNT\system32\drivers\PartMgr.sys

2011/04/26 22:46:16.0625 0376 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINNT\system32\drivers\ParVdm.sys

2011/04/26 22:46:16.0656 0376 PCI (a219903ccf74233761d92bef471a07b1) C:\WINNT\system32\DRIVERS\pci.sys

2011/04/26 22:46:16.0718 0376 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINNT\system32\DRIVERS\pciide.sys

2011/04/26 22:46:16.0750 0376 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINNT\system32\DRIVERS\pcmcia.sys

2011/04/26 22:46:16.0984 0376 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINNT\system32\DRIVERS\raspptp.sys

2011/04/26 22:46:17.0031 0376 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINNT\system32\DRIVERS\psched.sys

2011/04/26 22:46:17.0046 0376 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINNT\system32\DRIVERS\ptilink.sys

2011/04/26 22:46:17.0078 0376 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINNT\system32\Drivers\PxHelp20.sys

2011/04/26 22:46:17.0250 0376 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINNT\system32\DRIVERS\rasacd.sys

2011/04/26 22:46:17.0296 0376 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINNT\system32\DRIVERS\rasl2tp.sys

2011/04/26 22:46:17.0328 0376 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINNT\system32\DRIVERS\raspppoe.sys

2011/04/26 22:46:17.0343 0376 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINNT\system32\DRIVERS\raspti.sys

2011/04/26 22:46:17.0390 0376 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINNT\system32\DRIVERS\rdbss.sys

2011/04/26 22:46:17.0406 0376 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINNT\system32\DRIVERS\RDPCDD.sys

2011/04/26 22:46:17.0453 0376 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINNT\system32\DRIVERS\rdpdr.sys

2011/04/26 22:46:17.0500 0376 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINNT\system32\drivers\RDPWD.sys

2011/04/26 22:46:17.0640 0376 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINNT\system32\DRIVERS\redbook.sys

2011/04/26 22:46:17.0734 0376 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINNT\system32\DRIVERS\s24trans.sys

2011/04/26 22:46:17.0796 0376 SAVOnAccessControl (d9df915972694b5274facc8d00492acd) C:\WINNT\system32\DRIVERS\savonaccesscontrol.sys

2011/04/26 22:46:17.0843 0376 SAVOnAccessFilter (31b35cca652a3553fa4fb99ea79c35bf) C:\WINNT\system32\DRIVERS\savonaccessfilter.sys

2011/04/26 22:46:17.0921 0376 Secdrv (890cada2ab7acf53a5f9cce7515522a2) C:\WINNT\system32\DRIVERS\secdrv.sys

2011/04/26 22:46:17.0953 0376 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINNT\system32\DRIVERS\serenum.sys

2011/04/26 22:46:18.0000 0376 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINNT\system32\DRIVERS\serial.sys

2011/04/26 22:46:18.0062 0376 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINNT\system32\DRIVERS\sfloppy.sys

2011/04/26 22:46:18.0171 0376 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINNT\system32\DRIVERS\SophosBootDriver.sys

2011/04/26 22:46:18.0234 0376 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINNT\system32\drivers\splitter.sys

2011/04/26 22:46:18.0359 0376 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINNT\system32\DRIVERS\sr.sys

2011/04/26 22:46:18.0406 0376 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINNT\system32\DRIVERS\srv.sys

2011/04/26 22:46:18.0500 0376 STHDA (31ba85e1cff39a57f702a2a0877bb8e1) C:\WINNT\system32\drivers\sthda.sys

2011/04/26 22:46:18.0562 0376 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINNT\system32\DRIVERS\swenum.sys

2011/04/26 22:46:18.0593 0376 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINNT\system32\drivers\swmidi.sys

2011/04/26 22:46:18.0734 0376 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINNT\system32\drivers\sysaudio.sys

2011/04/26 22:46:18.0796 0376 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINNT\system32\DRIVERS\tcpip.sys

2011/04/26 22:46:18.0843 0376 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINNT\system32\drivers\TDPIPE.sys

2011/04/26 22:46:18.0937 0376 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINNT\system32\drivers\TDTCP.sys

2011/04/26 22:46:18.0953 0376 TermDD (88155247177638048422893737429d9e) C:\WINNT\system32\DRIVERS\termdd.sys

2011/04/26 22:46:19.0078 0376 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINNT\system32\drivers\Udfs.sys

2011/04/26 22:46:19.0156 0376 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINNT\system32\DRIVERS\update.sys

2011/04/26 22:46:19.0218 0376 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINNT\system32\DRIVERS\usbccid.sys

2011/04/26 22:46:19.0250 0376 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINNT\system32\DRIVERS\usbehci.sys

2011/04/26 22:46:19.0281 0376 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINNT\system32\DRIVERS\usbhub.sys

2011/04/26 22:46:19.0343 0376 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINNT\system32\DRIVERS\usbscan.sys

2011/04/26 22:46:19.0375 0376 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINNT\system32\DRIVERS\USBSTOR.SYS

2011/04/26 22:46:19.0406 0376 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINNT\system32\DRIVERS\usbuhci.sys

2011/04/26 22:46:19.0421 0376 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINNT\System32\drivers\vga.sys

2011/04/26 22:46:19.0500 0376 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINNT\system32\drivers\VolSnap.sys

2011/04/26 22:46:19.0562 0376 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINNT\system32\DRIVERS\wanarp.sys

2011/04/26 22:46:19.0609 0376 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINNT\system32\drivers\wdmaud.sys

2011/04/26 22:46:19.0687 0376 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINNT\system32\DRIVERS\HSF_CNXT.sys

2011/04/26 22:46:19.0875 0376 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINNT\system32\DRIVERS\wmiacpi.sys

2011/04/26 22:46:19.0953 0376 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINNT\system32\DRIVERS\wpdusb.sys

2011/04/26 22:46:20.0015 0376 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINNT\system32\DRIVERS\WudfPf.sys

2011/04/26 22:46:20.0046 0376 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINNT\system32\DRIVERS\wudfrd.sys

2011/04/26 22:46:20.0156 0376 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/04/26 22:46:20.0671 0376 ================================================================================

2011/04/26 22:46:20.0671 0376 Scan finished

2011/04/26 22:46:20.0671 0376 ================================================================================

2011/04/26 22:46:20.0687 0196 Detected object count: 1

2011/04/26 22:46:34.0390 0196 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/04/26 22:46:34.0390 0196 \HardDisk0 - ok

2011/04/26 22:46:34.0390 0196 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/04/26 22:46:41.0640 0356 Deinitialize success

2

2011/04/26 22:48:17.0984 1696 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/26 22:48:18.0000 1696 ================================================================================

2011/04/26 22:48:18.0000 1696 SystemInfo:

2011/04/26 22:48:18.0000 1696

2011/04/26 22:48:18.0000 1696 OS Version: 5.1.2600 ServicePack: 3.0

2011/04/26 22:48:18.0000 1696 Product type: Workstation

2011/04/26 22:48:18.0000 1696 ComputerName: AC042-010211

2011/04/26 22:48:18.0000 1696 UserName: WCC User

2011/04/26 22:48:18.0000 1696 Windows directory: C:\WINNT

2011/04/26 22:48:18.0000 1696 System windows directory: C:\WINNT

2011/04/26 22:48:18.0000 1696 Processor architecture: Intel x86

2011/04/26 22:48:18.0000 1696 Number of processors: 2

2011/04/26 22:48:18.0000 1696 Page size: 0x1000

2011/04/26 22:48:18.0000 1696 Boot type: Normal boot

2011/04/26 22:48:18.0000 1696 ================================================================================

2011/04/26 22:48:18.0718 1696 Initialize success

2011/04/26 22:48:20.0468 2984 ================================================================================

2011/04/26 22:48:20.0468 2984 Scan started

2011/04/26 22:48:20.0468 2984 Mode: Manual;

2011/04/26 22:48:20.0468 2984 ================================================================================

2011/04/26 22:48:22.0937 2984 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINNT\system32\DRIVERS\ACPI.sys

2011/04/26 22:48:23.0078 2984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINNT\system32\drivers\ACPIEC.sys

2011/04/26 22:48:23.0250 2984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINNT\system32\drivers\aec.sys

2011/04/26 22:48:23.0531 2984 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINNT\system32\DRIVERS\AegisP.sys

2011/04/26 22:48:23.0656 2984 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINNT\System32\drivers\afd.sys

2011/04/26 22:48:23.0921 2984 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINNT\system32\DRIVERS\Apfiltr.sys

2011/04/26 22:48:24.0046 2984 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINNT\system32\DRIVERS\arp1394.sys

2011/04/26 22:48:24.0343 2984 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINNT\system32\DRIVERS\asyncmac.sys

2011/04/26 22:48:24.0375 2984 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINNT\system32\DRIVERS\atapi.sys

2011/04/26 22:48:24.0515 2984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINNT\system32\DRIVERS\atmarpc.sys

2011/04/26 22:48:24.0593 2984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINNT\system32\DRIVERS\audstub.sys

2011/04/26 22:48:24.0703 2984 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINNT\system32\DRIVERS\b57xp32.sys

2011/04/26 22:48:24.0890 2984 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINNT\system32\drivers\Beep.sys

2011/04/26 22:48:25.0015 2984 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINNT\system32\drivers\cbidf2k.sys

2011/04/26 22:48:25.0312 2984 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINNT\system32\drivers\Cdaudio.sys

2011/04/26 22:48:25.0484 2984 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINNT\system32\drivers\Cdfs.sys

2011/04/26 22:48:25.0578 2984 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINNT\system32\DRIVERS\cdrom.sys

2011/04/26 22:48:25.0687 2984 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINNT\system32\DRIVERS\CmBatt.sys

2011/04/26 22:48:26.0140 2984 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINNT\system32\DRIVERS\compbatt.sys

2011/04/26 22:48:26.0343 2984 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINNT\system32\DRIVERS\disk.sys

2011/04/26 22:48:26.0437 2984 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINNT\system32\DLA\DLABMFSM.SYS

2011/04/26 22:48:26.0562 2984 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINNT\system32\DLA\DLABOIOM.SYS

2011/04/26 22:48:26.0656 2984 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINNT\system32\Drivers\DLACDBHM.SYS

2011/04/26 22:48:26.0703 2984 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINNT\system32\DLA\DLADResM.SYS

2011/04/26 22:48:26.0781 2984 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINNT\system32\DLA\DLAIFS_M.SYS

2011/04/26 22:48:26.0812 2984 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINNT\system32\DLA\DLAOPIOM.SYS

2011/04/26 22:48:26.0859 2984 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINNT\system32\DLA\DLAPoolM.SYS

2011/04/26 22:48:26.0906 2984 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINNT\system32\Drivers\DLARTL_M.SYS

2011/04/26 22:48:26.0953 2984 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINNT\system32\DLA\DLAUDFAM.SYS

2011/04/26 22:48:26.0984 2984 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINNT\system32\DLA\DLAUDF_M.SYS

2011/04/26 22:48:27.0046 2984 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINNT\system32\drivers\dmboot.sys

2011/04/26 22:48:27.0093 2984 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINNT\system32\drivers\dmio.sys

2011/04/26 22:48:27.0125 2984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINNT\system32\drivers\dmload.sys

2011/04/26 22:48:27.0187 2984 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINNT\system32\drivers\DMusic.sys

2011/04/26 22:48:27.0234 2984 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINNT\system32\drivers\drmkaud.sys

2011/04/26 22:48:27.0250 2984 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINNT\system32\Drivers\DRVMCDB.SYS

2011/04/26 22:48:27.0281 2984 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINNT\system32\Drivers\DRVNDDM.SYS

2011/04/26 22:48:27.0375 2984 Fastfat (38d332a6d56af32635675f132548343e) C:\WINNT\system32\drivers\Fastfat.sys

2011/04/26 22:48:27.0406 2984 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINNT\system32\drivers\Fdc.sys

2011/04/26 22:48:27.0437 2984 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINNT\system32\drivers\Fips.sys

2011/04/26 22:48:27.0468 2984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINNT\system32\drivers\Flpydisk.sys

2011/04/26 22:48:27.0500 2984 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINNT\system32\drivers\fltmgr.sys

2011/04/26 22:48:27.0593 2984 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINNT\system32\drivers\Fs_Rec.sys

2011/04/26 22:48:27.0609 2984 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINNT\system32\DRIVERS\ftdisk.sys

2011/04/26 22:48:27.0656 2984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINNT\system32\DRIVERS\msgpc.sys

2011/04/26 22:48:27.0687 2984 guardian2 (7dadeb7f2215b1f883267cad67f091c1) C:\WINNT\system32\Drivers\oz776.sys

2011/04/26 22:48:27.0734 2984 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINNT\system32\DRIVERS\HDAudBus.sys

2011/04/26 22:48:27.0765 2984 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINNT\system32\DRIVERS\hidusb.sys

2011/04/26 22:48:27.0828 2984 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINNT\system32\DRIVERS\HSFHWAZL.sys

2011/04/26 22:48:27.0906 2984 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINNT\system32\DRIVERS\HSF_DPV.sys

2011/04/26 22:48:28.0125 2984 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINNT\system32\Drivers\HTTP.sys

2011/04/26 22:48:28.0187 2984 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINNT\system32\DRIVERS\i8042prt.sys

2011/04/26 22:48:28.0375 2984 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINNT\system32\DRIVERS\igxpmp32.sys

2011/04/26 22:48:28.0578 2984 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINNT\system32\drivers\iaStor.sys

2011/04/26 22:48:28.0625 2984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINNT\system32\DRIVERS\imapi.sys

2011/04/26 22:48:28.0750 2984 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINNT\system32\DRIVERS\intelppm.sys

2011/04/26 22:48:28.0781 2984 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINNT\system32\drivers\ip6fw.sys

2011/04/26 22:48:28.0796 2984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINNT\system32\DRIVERS\ipfltdrv.sys

2011/04/26 22:48:28.0828 2984 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINNT\system32\DRIVERS\ipinip.sys

2011/04/26 22:48:28.0859 2984 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINNT\system32\DRIVERS\ipnat.sys

2011/04/26 22:48:28.0890 2984 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINNT\system32\DRIVERS\ipsec.sys

2011/04/26 22:48:28.0906 2984 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINNT\system32\DRIVERS\irenum.sys

2011/04/26 22:48:28.0937 2984 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINNT\system32\DRIVERS\isapnp.sys

2011/04/26 22:48:28.0968 2984 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINNT\system32\DRIVERS\kbdclass.sys

2011/04/26 22:48:29.0000 2984 kmixer (692bcf44383d056aed41b045a323d378) C:\WINNT\system32\drivers\kmixer.sys

2011/04/26 22:48:29.0031 2984 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINNT\system32\drivers\KSecDD.sys

2011/04/26 22:48:29.0109 2984 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINNT\system32\DRIVERS\mdmxsdk.sys

2011/04/26 22:48:29.0125 2984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINNT\system32\drivers\mnmdd.sys

2011/04/26 22:48:29.0156 2984 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINNT\system32\drivers\Modem.sys

2011/04/26 22:48:29.0187 2984 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINNT\system32\DRIVERS\mouclass.sys

2011/04/26 22:48:29.0218 2984 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINNT\system32\DRIVERS\mouhid.sys

2011/04/26 22:48:29.0234 2984 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINNT\system32\drivers\MountMgr.sys

2011/04/26 22:48:29.0265 2984 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINNT\system32\DRIVERS\mrxdav.sys

2011/04/26 22:48:29.0328 2984 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINNT\system32\DRIVERS\mrxsmb.sys

2011/04/26 22:48:29.0453 2984 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINNT\system32\drivers\Msfs.sys

2011/04/26 22:48:29.0484 2984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINNT\system32\drivers\MSKSSRV.sys

2011/04/26 22:48:29.0500 2984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINNT\system32\drivers\MSPCLOCK.sys

2011/04/26 22:48:29.0531 2984 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINNT\system32\drivers\MSPQM.sys

2011/04/26 22:48:29.0562 2984 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINNT\system32\DRIVERS\mssmbios.sys

2011/04/26 22:48:29.0593 2984 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINNT\system32\drivers\Mup.sys

2011/04/26 22:48:29.0625 2984 NDIS (1df7f42665c94b825322fae71721130d) C:\WINNT\system32\drivers\NDIS.sys

2011/04/26 22:48:29.0656 2984 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINNT\system32\DRIVERS\ndistapi.sys

2011/04/26 22:48:29.0687 2984 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINNT\system32\DRIVERS\ndisuio.sys

2011/04/26 22:48:29.0703 2984 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINNT\system32\DRIVERS\ndiswan.sys

2011/04/26 22:48:29.0734 2984 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINNT\system32\drivers\NDProxy.sys

2011/04/26 22:48:29.0750 2984 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINNT\system32\DRIVERS\netbios.sys

2011/04/26 22:48:29.0796 2984 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINNT\system32\DRIVERS\netbt.sys

2011/04/26 22:48:29.0921 2984 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINNT\system32\DRIVERS\NETw4x32.sys

2011/04/26 22:48:30.0250 2984 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINNT\system32\DRIVERS\nic1394.sys

2011/04/26 22:48:30.0281 2984 nipplpt2 (5b688d6e2b939525f10456976dcf1dd7) C:\WINNT\system32\drivers\nipplpt.sys

2011/04/26 22:48:30.0343 2984 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINNT\system32\drivers\Npfs.sys

2011/04/26 22:48:30.0375 2984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINNT\system32\drivers\Ntfs.sys

2011/04/26 22:48:30.0453 2984 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINNT\system32\drivers\Null.sys

2011/04/26 22:48:30.0640 2984 nv (8129d762cc3e3c5ab9cf2eabc377fb73) C:\WINNT\system32\DRIVERS\nv4_mini.sys

2011/04/26 22:48:30.0875 2984 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINNT\system32\DRIVERS\nwlnkflt.sys

2011/04/26 22:48:30.0937 2984 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINNT\system32\DRIVERS\nwlnkfwd.sys

2011/04/26 22:48:31.0046 2984 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINNT\system32\DRIVERS\ohci1394.sys

2011/04/26 22:48:31.0109 2984 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINNT\system32\drivers\Parport.sys

2011/04/26 22:48:31.0125 2984 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINNT\system32\drivers\PartMgr.sys

2011/04/26 22:48:31.0140 2984 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINNT\system32\drivers\ParVdm.sys

2011/04/26 22:48:31.0156 2984 PCI (a219903ccf74233761d92bef471a07b1) C:\WINNT\system32\DRIVERS\pci.sys

2011/04/26 22:48:31.0203 2984 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINNT\system32\DRIVERS\pciide.sys

2011/04/26 22:48:31.0218 2984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINNT\system32\DRIVERS\pcmcia.sys

2011/04/26 22:48:31.0343 2984 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINNT\system32\DRIVERS\raspptp.sys

2011/04/26 22:48:31.0375 2984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINNT\system32\DRIVERS\psched.sys

2011/04/26 22:48:31.0390 2984 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINNT\system32\DRIVERS\ptilink.sys

2011/04/26 22:48:31.0437 2984 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINNT\system32\Drivers\PxHelp20.sys

2011/04/26 22:48:31.0593 2984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINNT\system32\DRIVERS\rasacd.sys

2011/04/26 22:48:31.0625 2984 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINNT\system32\DRIVERS\rasl2tp.sys

2011/04/26 22:48:31.0640 2984 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINNT\system32\DRIVERS\raspppoe.sys

2011/04/26 22:48:31.0671 2984 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINNT\system32\DRIVERS\raspti.sys

2011/04/26 22:48:31.0703 2984 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINNT\system32\DRIVERS\rdbss.sys

2011/04/26 22:48:31.0734 2984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINNT\system32\DRIVERS\RDPCDD.sys

2011/04/26 22:48:31.0765 2984 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINNT\system32\DRIVERS\rdpdr.sys

2011/04/26 22:48:31.0796 2984 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINNT\system32\drivers\RDPWD.sys

2011/04/26 22:48:31.0828 2984 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINNT\system32\DRIVERS\redbook.sys

2011/04/26 22:48:31.0890 2984 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINNT\system32\DRIVERS\s24trans.sys

2011/04/26 22:48:31.0921 2984 SAVOnAccessControl (d9df915972694b5274facc8d00492acd) C:\WINNT\system32\DRIVERS\savonaccesscontrol.sys

2011/04/26 22:48:32.0000 2984 SAVOnAccessFilter (31b35cca652a3553fa4fb99ea79c35bf) C:\WINNT\system32\DRIVERS\savonaccessfilter.sys

2011/04/26 22:48:32.0171 2984 Secdrv (890cada2ab7acf53a5f9cce7515522a2) C:\WINNT\system32\DRIVERS\secdrv.sys

2011/04/26 22:48:32.0203 2984 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINNT\system32\DRIVERS\serenum.sys

2011/04/26 22:48:32.0234 2984 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINNT\system32\DRIVERS\serial.sys

2011/04/26 22:48:32.0296 2984 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINNT\system32\DRIVERS\sfloppy.sys

2011/04/26 22:48:32.0343 2984 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINNT\system32\DRIVERS\SophosBootDriver.sys

2011/04/26 22:48:32.0406 2984 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINNT\system32\drivers\splitter.sys

2011/04/26 22:48:32.0421 2984 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINNT\system32\DRIVERS\sr.sys

2011/04/26 22:48:32.0468 2984 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINNT\system32\DRIVERS\srv.sys

2011/04/26 22:48:32.0531 2984 STHDA (31ba85e1cff39a57f702a2a0877bb8e1) C:\WINNT\system32\drivers\sthda.sys

2011/04/26 22:48:32.0578 2984 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINNT\system32\DRIVERS\swenum.sys

2011/04/26 22:48:32.0609 2984 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINNT\system32\drivers\swmidi.sys

2011/04/26 22:48:32.0687 2984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINNT\system32\drivers\sysaudio.sys

2011/04/26 22:48:32.0828 2984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINNT\system32\DRIVERS\tcpip.sys

2011/04/26 22:48:32.0890 2984 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINNT\system32\drivers\TDPIPE.sys

2011/04/26 22:48:32.0906 2984 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINNT\system32\drivers\TDTCP.sys

2011/04/26 22:48:33.0031 2984 TermDD (88155247177638048422893737429d9e) C:\WINNT\system32\DRIVERS\termdd.sys

2011/04/26 22:48:33.0093 2984 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINNT\system32\drivers\Udfs.sys

2011/04/26 22:48:33.0156 2984 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINNT\system32\DRIVERS\update.sys

2011/04/26 22:48:33.0203 2984 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINNT\system32\DRIVERS\usbccid.sys

2011/04/26 22:48:33.0250 2984 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINNT\system32\DRIVERS\usbehci.sys

2011/04/26 22:48:33.0265 2984 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINNT\system32\DRIVERS\usbhub.sys

2011/04/26 22:48:33.0328 2984 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINNT\system32\DRIVERS\usbscan.sys

2011/04/26 22:48:33.0375 2984 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINNT\system32\DRIVERS\USBSTOR.SYS

2011/04/26 22:48:33.0406 2984 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINNT\system32\DRIVERS\usbuhci.sys

2011/04/26 22:48:33.0421 2984 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINNT\System32\drivers\vga.sys

2011/04/26 22:48:33.0484 2984 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINNT\system32\drivers\VolSnap.sys

2011/04/26 22:48:33.0546 2984 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINNT\system32\DRIVERS\wanarp.sys

2011/04/26 22:48:33.0609 2984 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINNT\system32\drivers\wdmaud.sys

2011/04/26 22:48:33.0687 2984 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINNT\system32\DRIVERS\HSF_CNXT.sys

2011/04/26 22:48:33.0859 2984 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINNT\system32\DRIVERS\wmiacpi.sys

2011/04/26 22:48:33.0921 2984 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINNT\system32\DRIVERS\wpdusb.sys

2011/04/26 22:48:33.0968 2984 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINNT\system32\DRIVERS\WudfPf.sys

2011/04/26 22:48:34.0015 2984 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINNT\system32\DRIVERS\wudfrd.sys

2011/04/26 22:48:34.0890 2984 ================================================================================

2011/04/26 22:48:34.0890 2984 Scan finished

2011/04/26 22:48:34.0890 2984 ================================================================================

2011/04/26 22:48:42.0312 1692 Deinitialize success

Link to post
Share on other sites

Last one since it was 2 long:

15:13:54.0671 3100 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03

15:13:55.0046 3100 ============================================================

15:13:55.0046 3100 Current date / time: 2012/08/22 15:13:55.0046

15:13:55.0046 3100 SystemInfo:

15:13:55.0046 3100

15:13:55.0046 3100 OS Version: 5.1.2600 ServicePack: 3.0

15:13:55.0046 3100 Product type: Workstation

15:13:55.0046 3100 ComputerName: AC042-010211

15:13:55.0046 3100 UserName: WCC User

15:13:55.0046 3100 Windows directory: C:\WINNT

15:13:55.0046 3100 System windows directory: C:\WINNT

15:13:55.0046 3100 Processor architecture: Intel x86

15:13:55.0046 3100 Number of processors: 2

15:13:55.0046 3100 Page size: 0x1000

15:13:55.0046 3100 Boot type: Normal boot

15:13:55.0046 3100 ============================================================

15:13:56.0734 3100 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

15:13:56.0734 3100 ============================================================

15:13:56.0734 3100 \Device\Harddisk0\DR0:

15:13:56.0734 3100 MBR partitions:

15:13:56.0734 3100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782

15:13:56.0734 3100 ============================================================

15:13:56.0765 3100 C: <-> \Device\Harddisk0\DR0\Partition1

15:13:56.0765 3100 ============================================================

15:13:56.0765 3100 Initialize success

15:13:56.0765 3100 ============================================================

15:15:10.0531 2480 ============================================================

15:15:10.0531 2480 Scan started

15:15:10.0531 2480 Mode: Manual; SigCheck; TDLFS;

15:15:10.0531 2480 ============================================================

15:15:11.0343 2480 ================ Scan system memory ========================

15:15:12.0781 2480 System memory - ok

15:15:12.0781 2480 ================ Scan services =============================

15:15:12.0921 2480 Abiosdsk - ok

15:15:12.0921 2480 abp480n5 - ok

15:15:12.0953 2480 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINNT\system32\DRIVERS\ACPI.sys

15:15:14.0609 2480 ACPI - ok

15:15:14.0671 2480 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINNT\system32\drivers\ACPIEC.sys

15:15:14.0796 2480 ACPIEC - ok

15:15:14.0890 2480 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe

15:15:14.0968 2480 AdobeFlashPlayerUpdateSvc - ok

15:15:14.0968 2480 adpu160m - ok

15:15:14.0984 2480 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINNT\system32\drivers\aec.sys

15:15:15.0078 2480 aec - ok

15:15:15.0109 2480 [ A1AD1A4A9F18D900CA9C93FA3EFDCB56 ] AegisP C:\WINNT\system32\DRIVERS\AegisP.sys

15:15:15.0156 2480 AegisP - ok

15:15:15.0203 2480 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINNT\System32\drivers\afd.sys

15:15:15.0250 2480 AFD - ok

15:15:15.0250 2480 Aha154x - ok

15:15:15.0250 2480 aic78u2 - ok

15:15:15.0265 2480 aic78xx - ok

15:15:15.0312 2480 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINNT\system32\alrsvc.dll

15:15:15.0484 2480 Alerter - ok

15:15:15.0546 2480 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINNT\System32\alg.exe

15:15:15.0703 2480 ALG - ok

15:15:15.0703 2480 AliIde - ok

15:15:15.0718 2480 amsint - ok

15:15:15.0765 2480 [ B8D65DA679A4A8D048783EDE2691B5D4 ] ApfiltrService C:\WINNT\system32\DRIVERS\Apfiltr.sys

15:15:15.0812 2480 ApfiltrService - ok

15:15:15.0828 2480 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINNT\System32\appmgmts.dll

15:15:16.0015 2480 AppMgmt - ok

15:15:16.0046 2480 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINNT\system32\DRIVERS\arp1394.sys

15:15:16.0203 2480 Arp1394 - ok

15:15:16.0218 2480 asc - ok

15:15:16.0218 2480 asc3350p - ok

15:15:16.0234 2480 asc3550 - ok

15:15:16.0343 2480 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

15:15:16.0421 2480 aspnet_state - ok

15:15:16.0453 2480 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINNT\system32\DRIVERS\asyncmac.sys

15:15:16.0546 2480 AsyncMac - ok

15:15:16.0562 2480 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINNT\system32\DRIVERS\atapi.sys

15:15:16.0656 2480 atapi - ok

15:15:16.0656 2480 Atdisk - ok

15:15:16.0671 2480 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINNT\system32\DRIVERS\atmarpc.sys

15:15:16.0765 2480 Atmarpc - ok

15:15:16.0796 2480 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINNT\System32\audiosrv.dll

15:15:16.0890 2480 AudioSrv - ok

15:15:16.0937 2480 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINNT\system32\DRIVERS\audstub.sys

15:15:17.0015 2480 audstub - ok

15:15:17.0046 2480 [ F96038AA1EC4013A93D2420FC689D1E9 ] b57w2k C:\WINNT\system32\DRIVERS\b57xp32.sys

15:15:17.0093 2480 b57w2k - ok

15:15:17.0109 2480 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINNT\system32\drivers\Beep.sys

15:15:17.0203 2480 Beep - ok

15:15:17.0250 2480 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINNT\system32\qmgr.dll

15:15:17.0437 2480 BITS - ok

15:15:17.0484 2480 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINNT\System32\browser.dll

15:15:17.0531 2480 Browser - ok

15:15:17.0546 2480 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINNT\system32\drivers\cbidf2k.sys

15:15:17.0640 2480 cbidf2k - ok

15:15:17.0640 2480 cd20xrnt - ok

15:15:17.0640 2480 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINNT\system32\drivers\Cdaudio.sys

15:15:17.0765 2480 Cdaudio - ok

15:15:17.0781 2480 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINNT\system32\drivers\Cdfs.sys

15:15:17.0890 2480 Cdfs - ok

15:15:17.0890 2480 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINNT\system32\DRIVERS\cdrom.sys

15:15:18.0000 2480 Cdrom - ok

15:15:18.0000 2480 Changer - ok

15:15:18.0015 2480 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINNT\system32\cisvc.exe

15:15:18.0140 2480 CiSvc - ok

15:15:18.0156 2480 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINNT\system32\clipsrv.exe

15:15:18.0265 2480 ClipSrv - ok

15:15:18.0281 2480 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:15:18.0421 2480 clr_optimization_v2.0.50727_32 - ok

15:15:18.0437 2480 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINNT\system32\DRIVERS\CmBatt.sys

15:15:18.0546 2480 CmBatt - ok

15:15:18.0546 2480 CmdIde - ok

15:15:18.0546 2480 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINNT\system32\DRIVERS\compbatt.sys

15:15:18.0640 2480 Compbatt - ok

15:15:18.0640 2480 COMSysApp - ok

15:15:18.0656 2480 Cpqarray - ok

15:15:18.0703 2480 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINNT\System32\cryptsvc.dll

15:15:18.0781 2480 CryptSvc - ok

15:15:18.0796 2480 dac2w2k - ok

15:15:18.0796 2480 dac960nt - ok

15:15:18.0843 2480 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINNT\system32\rpcss.dll

15:15:18.0890 2480 DcomLaunch - ok

15:15:18.0937 2480 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINNT\System32\dhcpcsvc.dll

15:15:19.0031 2480 Dhcp - ok

15:15:19.0046 2480 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINNT\system32\DRIVERS\disk.sys

15:15:19.0156 2480 Disk - ok

15:15:19.0187 2480 [ 0659E6E0A95564F958D9DF7313F7701E ] DLABMFSM C:\WINNT\system32\DLA\DLABMFSM.SYS

15:15:19.0265 2480 DLABMFSM - ok

15:15:19.0265 2480 [ 8691C78908F0BD66170669DB268369F2 ] DLABOIOM C:\WINNT\system32\DLA\DLABOIOM.SYS

15:15:19.0312 2480 DLABOIOM - ok

15:15:19.0312 2480 [ 76167B5EB2DFFC729EDC36386876B40B ] DLACDBHM C:\WINNT\system32\Drivers\DLACDBHM.SYS

15:15:19.0328 2480 DLACDBHM - ok

15:15:19.0328 2480 [ 5615744A1056933B90E6AC54FEB86F35 ] DLADResM C:\WINNT\system32\DLA\DLADResM.SYS

15:15:19.0359 2480 DLADResM - ok

15:15:19.0359 2480 [ 1AECA2AFA5005CE4A550CF8EB55A8C88 ] DLAIFS_M C:\WINNT\system32\DLA\DLAIFS_M.SYS

15:15:19.0390 2480 DLAIFS_M - ok

15:15:19.0390 2480 [ 840E7F6ABB885C72B9FFDDB022EF5B6D ] DLAOPIOM C:\WINNT\system32\DLA\DLAOPIOM.SYS

15:15:19.0453 2480 DLAOPIOM - ok

15:15:19.0453 2480 [ 0294D18731AC05DA80132CE88F8A876B ] DLAPoolM C:\WINNT\system32\DLA\DLAPoolM.SYS

15:15:19.0500 2480 DLAPoolM - ok

15:15:19.0500 2480 [ 91886FED52A3F9966207BCE46CFD794F ] DLARTL_M C:\WINNT\system32\Drivers\DLARTL_M.SYS

15:15:19.0515 2480 DLARTL_M - ok

15:15:19.0531 2480 [ CCA4E121D599D7D1706A30F603731E59 ] DLAUDFAM C:\WINNT\system32\DLA\DLAUDFAM.SYS

15:15:19.0546 2480 DLAUDFAM - ok

15:15:19.0562 2480 [ 7DAB85C33135DF24419951DA4E7D38E5 ] DLAUDF_M C:\WINNT\system32\DLA\DLAUDF_M.SYS

15:15:19.0593 2480 DLAUDF_M - ok

15:15:19.0593 2480 dmadmin - ok

15:15:19.0625 2480 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINNT\system32\drivers\dmboot.sys

15:15:19.0734 2480 dmboot - ok

15:15:19.0750 2480 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINNT\system32\drivers\dmio.sys

15:15:19.0843 2480 dmio - ok

15:15:19.0859 2480 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINNT\system32\drivers\dmload.sys

15:15:19.0937 2480 dmload - ok

15:15:19.0953 2480 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINNT\System32\dmserver.dll

15:15:20.0062 2480 dmserver - ok

15:15:20.0078 2480 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINNT\system32\drivers\DMusic.sys

15:15:20.0171 2480 DMusic - ok

15:15:20.0187 2480 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINNT\System32\dnsrslvr.dll

15:15:20.0234 2480 Dnscache - ok

15:15:20.0265 2480 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINNT\System32\dot3svc.dll

15:15:20.0375 2480 Dot3svc - ok

15:15:20.0375 2480 dpti2o - ok

15:15:20.0421 2480 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINNT\system32\drivers\drmkaud.sys

15:15:20.0515 2480 drmkaud - ok

15:15:20.0531 2480 [ C00440385CF9F3D142917C63F989E244 ] DRVMCDB C:\WINNT\system32\Drivers\DRVMCDB.SYS

15:15:20.0546 2480 DRVMCDB - ok

15:15:20.0546 2480 [ 6E6AB29D3C06E64CE81FEACDA85394B5 ] DRVNDDM C:\WINNT\system32\Drivers\DRVNDDM.SYS

15:15:20.0562 2480 DRVNDDM - ok

15:15:20.0578 2480 [ 6C5ABE3C6D8ADC67A988A0C3F68FAC24 ] DwProt C:\WINNT\system32\drivers\dwprot.sys

15:15:20.0625 2480 DwProt - ok

15:15:20.0625 2480 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINNT\System32\eapsvc.dll

15:15:20.0718 2480 EapHost - ok

15:15:20.0750 2480 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINNT\System32\ersvc.dll

15:15:20.0828 2480 ERSvc - ok

15:15:20.0890 2480 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINNT\system32\services.exe

15:15:20.0906 2480 Eventlog - ok

15:15:20.0968 2480 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINNT\system32\es.dll

15:15:20.0984 2480 EventSystem - ok

15:15:21.0140 2480 [ E71B03FF6B819AE1A286AA27E956D523 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

15:15:21.0156 2480 EvtEng ( UnsignedFile.Multi.Generic ) - warning

15:15:21.0156 2480 EvtEng - detected UnsignedFile.Multi.Generic (1)

15:15:21.0203 2480 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINNT\system32\drivers\Fastfat.sys

15:15:21.0296 2480 Fastfat - ok

15:15:21.0343 2480 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINNT\System32\shsvcs.dll

15:15:21.0406 2480 FastUserSwitchingCompatibility - ok

15:15:21.0421 2480 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINNT\system32\drivers\Fdc.sys

15:15:21.0593 2480 Fdc - ok

15:15:21.0640 2480 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINNT\system32\drivers\Fips.sys

15:15:21.0734 2480 Fips - ok

15:15:21.0734 2480 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINNT\system32\drivers\Flpydisk.sys

15:15:21.0828 2480 Flpydisk - ok

15:15:21.0843 2480 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINNT\system32\drivers\fltmgr.sys

15:15:21.0921 2480 FltMgr - ok

15:15:22.0015 2480 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

15:15:22.0046 2480 FontCache3.0.0.0 - ok

15:15:22.0062 2480 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINNT\system32\drivers\Fs_Rec.sys

15:15:22.0156 2480 Fs_Rec - ok

15:15:22.0171 2480 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINNT\system32\DRIVERS\ftdisk.sys

15:15:22.0250 2480 Ftdisk - ok

15:15:22.0265 2480 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINNT\system32\DRIVERS\msgpc.sys

15:15:22.0343 2480 Gpc - ok

15:15:22.0359 2480 [ 7DADEB7F2215B1F883267CAD67F091C1 ] guardian2 C:\WINNT\system32\Drivers\oz776.sys

15:15:22.0406 2480 guardian2 - ok

15:15:22.0468 2480 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

15:15:22.0484 2480 gupdate - ok

15:15:22.0484 2480 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

15:15:22.0500 2480 gupdatem - ok

15:15:22.0546 2480 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

15:15:22.0562 2480 gusvc - ok

15:15:22.0593 2480 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINNT\system32\DRIVERS\HDAudBus.sys

15:15:22.0687 2480 HDAudBus - ok

15:15:22.0765 2480 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll

15:15:22.0859 2480 helpsvc - ok

15:15:22.0906 2480 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINNT\System32\hidserv.dll

15:15:23.0093 2480 HidServ - ok

15:15:23.0109 2480 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINNT\system32\DRIVERS\hidusb.sys

15:15:23.0203 2480 hidusb - ok

15:15:23.0250 2480 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINNT\System32\kmsvc.dll

15:15:23.0343 2480 hkmsvc - ok

15:15:23.0484 2480 [ C5F00D15AA15CB7F55A027FF75E44BB7 ] HP Port Resolver C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE

15:15:23.0515 2480 HP Port Resolver ( UnsignedFile.Multi.Generic ) - warning

15:15:23.0515 2480 HP Port Resolver - detected UnsignedFile.Multi.Generic (1)

15:15:23.0562 2480 [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE

15:15:23.0609 2480 HP Status Server ( UnsignedFile.Multi.Generic ) - warning

15:15:23.0609 2480 HP Status Server - detected UnsignedFile.Multi.Generic (1)

15:15:23.0609 2480 hpn - ok

15:15:23.0625 2480 [ B1526810210980BED9D22315946C919D ] HSFHWAZL C:\WINNT\system32\DRIVERS\HSFHWAZL.sys

15:15:23.0687 2480 HSFHWAZL - ok

15:15:23.0750 2480 [ DDBD528E60F5961C142A490DC4EA7780 ] HSF_DPV C:\WINNT\system32\DRIVERS\HSF_DPV.sys

15:15:23.0796 2480 HSF_DPV - ok

15:15:23.0859 2480 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINNT\system32\Drivers\HTTP.sys

15:15:23.0921 2480 HTTP - ok

15:15:23.0953 2480 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINNT\System32\w3ssl.dll

15:15:24.0078 2480 HTTPFilter - ok

15:15:24.0093 2480 i2omgmt - ok

15:15:24.0093 2480 i2omp - ok

15:15:24.0109 2480 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINNT\system32\DRIVERS\i8042prt.sys

15:15:24.0281 2480 i8042prt - ok

15:15:24.0375 2480 [ 582F2D900A3AC34C98FBDC2C0ABEF6B9 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

15:15:24.0390 2480 IAANTMON - ok

15:15:24.0578 2480 [ 200CCA76CD0E0F7EEC78FA56C29B4D67 ] ialm C:\WINNT\system32\DRIVERS\igxpmp32.sys

15:15:24.0781 2480 ialm - ok

15:15:24.0796 2480 [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor C:\WINNT\system32\drivers\iaStor.sys

15:15:24.0812 2480 iaStor - ok

15:15:24.0890 2480 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:15:25.0046 2480 idsvc - ok

15:15:25.0093 2480 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINNT\system32\DRIVERS\imapi.sys

15:15:25.0187 2480 Imapi - ok

15:15:25.0218 2480 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINNT\system32\imapi.exe

15:15:25.0328 2480 ImapiService - ok

15:15:25.0328 2480 ini910u - ok

15:15:25.0328 2480 IntelIde - ok

15:15:25.0375 2480 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINNT\system32\DRIVERS\intelppm.sys

15:15:25.0453 2480 intelppm - ok

15:15:25.0468 2480 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINNT\system32\drivers\ip6fw.sys

15:15:25.0562 2480 Ip6Fw - ok

15:15:25.0578 2480 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINNT\system32\DRIVERS\ipfltdrv.sys

15:15:25.0656 2480 IpFilterDriver - ok

15:15:25.0671 2480 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINNT\system32\DRIVERS\ipinip.sys

15:15:25.0765 2480 IpInIp - ok

15:15:25.0781 2480 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINNT\system32\DRIVERS\ipnat.sys

15:15:25.0875 2480 IpNat - ok

15:15:25.0906 2480 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINNT\system32\DRIVERS\ipsec.sys

15:15:25.0984 2480 IPSec - ok

15:15:25.0984 2480 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINNT\system32\DRIVERS\irenum.sys

15:15:26.0062 2480 IRENUM - ok

15:15:26.0093 2480 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINNT\system32\DRIVERS\isapnp.sys

15:15:26.0187 2480 isapnp - ok

15:15:26.0234 2480 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

15:15:26.0250 2480 JavaQuickStarterService - ok

15:15:26.0265 2480 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINNT\system32\DRIVERS\kbdclass.sys

15:15:26.0343 2480 Kbdclass - ok

15:15:26.0359 2480 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINNT\system32\drivers\kmixer.sys

15:15:26.0453 2480 kmixer - ok

15:15:26.0468 2480 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINNT\system32\drivers\KSecDD.sys

15:15:26.0546 2480 KSecDD - ok

15:15:26.0593 2480 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINNT\System32\srvsvc.dll

15:15:26.0625 2480 lanmanserver - ok

15:15:26.0671 2480 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINNT\System32\wkssvc.dll

15:15:26.0734 2480 lanmanworkstation - ok

15:15:26.0734 2480 lbrtfdc - ok

15:15:26.0781 2480 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINNT\System32\lmhsvc.dll

15:15:26.0890 2480 LmHosts - ok

15:15:26.0937 2480 [ 6EC65465744C0B9495AEA4D51947DB49 ] lxdnCATSCustConnectService C:\WINNT\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe

15:15:26.0953 2480 lxdnCATSCustConnectService - ok

15:15:26.0953 2480 lxdn_device - ok

15:15:27.0046 2480 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

15:15:27.0078 2480 MDM ( UnsignedFile.Multi.Generic ) - warning

15:15:27.0078 2480 MDM - detected UnsignedFile.Multi.Generic (1)

15:15:27.0093 2480 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINNT\system32\DRIVERS\mdmxsdk.sys

15:15:27.0109 2480 mdmxsdk - ok

15:15:27.0156 2480 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINNT\System32\msgsvc.dll

15:15:27.0312 2480 Messenger - ok

15:15:27.0343 2480 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINNT\system32\drivers\mnmdd.sys

15:15:27.0421 2480 mnmdd - ok

15:15:27.0453 2480 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINNT\system32\mnmsrvc.exe

15:15:27.0562 2480 mnmsrvc - ok

15:15:27.0578 2480 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINNT\system32\drivers\Modem.sys

15:15:27.0671 2480 Modem - ok

15:15:27.0687 2480 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINNT\system32\DRIVERS\mouclass.sys

15:15:27.0781 2480 Mouclass - ok

15:15:27.0781 2480 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINNT\system32\DRIVERS\mouhid.sys

15:15:27.0875 2480 mouhid - ok

15:15:27.0890 2480 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINNT\system32\drivers\MountMgr.sys

15:15:27.0984 2480 MountMgr - ok

15:15:27.0984 2480 mraid35x - ok

15:15:28.0000 2480 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINNT\system32\DRIVERS\mrxdav.sys

15:15:28.0109 2480 MRxDAV - ok

15:15:28.0156 2480 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINNT\system32\DRIVERS\mrxsmb.sys

15:15:28.0203 2480 MRxSmb - ok

15:15:28.0265 2480 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINNT\system32\msdtc.exe

15:15:28.0359 2480 MSDTC - ok

15:15:28.0359 2480 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINNT\system32\drivers\Msfs.sys

15:15:28.0437 2480 Msfs - ok

15:15:28.0453 2480 MSIServer - ok

15:15:28.0468 2480 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINNT\system32\drivers\MSKSSRV.sys

15:15:28.0546 2480 MSKSSRV - ok

15:15:28.0562 2480 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINNT\system32\drivers\MSPCLOCK.sys

15:15:28.0640 2480 MSPCLOCK - ok

15:15:28.0640 2480 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINNT\system32\drivers\MSPQM.sys

15:15:28.0718 2480 MSPQM - ok

15:15:28.0734 2480 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINNT\system32\DRIVERS\mssmbios.sys

15:15:28.0828 2480 mssmbios - ok

15:15:28.0843 2480 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINNT\system32\drivers\Mup.sys

15:15:28.0890 2480 Mup - ok

15:15:28.0937 2480 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINNT\System32\qagentrt.dll

15:15:29.0031 2480 napagent - ok

15:15:29.0062 2480 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINNT\system32\drivers\NDIS.sys

15:15:29.0156 2480 NDIS - ok

15:15:29.0171 2480 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINNT\system32\DRIVERS\ndistapi.sys

15:15:29.0203 2480 NdisTapi - ok

15:15:29.0203 2480 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINNT\system32\DRIVERS\ndisuio.sys

15:15:29.0296 2480 Ndisuio - ok

15:15:29.0296 2480 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINNT\system32\DRIVERS\ndiswan.sys

15:15:29.0375 2480 NdisWan - ok

15:15:29.0406 2480 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINNT\system32\drivers\NDProxy.sys

15:15:29.0437 2480 NDProxy - ok

15:15:29.0453 2480 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINNT\system32\DRIVERS\netbios.sys

15:15:29.0546 2480 NetBIOS - ok

15:15:29.0562 2480 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINNT\system32\DRIVERS\netbt.sys

15:15:29.0671 2480 NetBT - ok

15:15:29.0703 2480 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINNT\system32\netdde.exe

15:15:29.0828 2480 NetDDE - ok

15:15:29.0828 2480 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINNT\system32\netdde.exe

15:15:29.0906 2480 NetDDEdsdm - ok

15:15:29.0953 2480 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINNT\system32\lsass.exe

15:15:30.0046 2480 Netlogon - ok

15:15:30.0078 2480 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINNT\System32\netman.dll

15:15:30.0156 2480 Netman - ok

15:15:30.0234 2480 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:15:30.0312 2480 NetTcpPortSharing - ok

15:15:30.0390 2480 [ B5AB1108B377B5F3D37409FABDA01453 ] NETw4x32 C:\WINNT\system32\DRIVERS\NETw4x32.sys

15:15:30.0484 2480 NETw4x32 - ok

15:15:30.0546 2480 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINNT\system32\DRIVERS\nic1394.sys

15:15:30.0640 2480 NIC1394 - ok

15:15:30.0687 2480 [ 5B688D6E2B939525F10456976DCF1DD7 ] nipplpt2 C:\WINNT\system32\drivers\nipplpt.sys

15:15:30.0703 2480 nipplpt2 ( UnsignedFile.Multi.Generic ) - warning

15:15:30.0703 2480 nipplpt2 - detected UnsignedFile.Multi.Generic (1)

15:15:30.0750 2480 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINNT\System32\mswsock.dll

15:15:30.0796 2480 Nla - ok

15:15:30.0812 2480 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINNT\system32\drivers\Npfs.sys

15:15:30.0968 2480 Npfs - ok

15:15:31.0031 2480 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINNT\system32\drivers\Ntfs.sys

15:15:31.0187 2480 Ntfs - ok

15:15:31.0218 2480 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINNT\system32\lsass.exe

15:15:31.0296 2480 NtLmSsp - ok

15:15:31.0343 2480 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINNT\system32\ntmssvc.dll

15:15:31.0453 2480 NtmsSvc - ok

15:15:31.0500 2480 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINNT\system32\drivers\Null.sys

15:15:31.0578 2480 Null - ok

15:15:31.0765 2480 [ 8129D762CC3E3C5AB9CF2EABC377FB73 ] nv C:\WINNT\system32\DRIVERS\nv4_mini.sys

15:15:32.0000 2480 nv - ok

15:15:32.0031 2480 [ 7EE6243758619A391491148EABF0E7B7 ] NVSvc C:\WINNT\system32\nvsvc32.exe

15:15:32.0046 2480 NVSvc - ok

15:15:32.0046 2480 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINNT\system32\DRIVERS\nwlnkflt.sys

15:15:32.0187 2480 NwlnkFlt - ok

15:15:32.0203 2480 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINNT\system32\DRIVERS\nwlnkfwd.sys

15:15:32.0406 2480 NwlnkFwd - ok

15:15:32.0515 2480 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

15:15:32.0562 2480 odserv - ok

15:15:32.0593 2480 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINNT\system32\DRIVERS\ohci1394.sys

15:15:32.0671 2480 ohci1394 - ok

15:15:32.0718 2480 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:15:32.0750 2480 ose - ok

15:15:32.0796 2480 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINNT\system32\drivers\Parport.sys

15:15:32.0875 2480 Parport - ok

15:15:32.0890 2480 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINNT\system32\drivers\PartMgr.sys

15:15:32.0968 2480 PartMgr - ok

15:15:33.0015 2480 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINNT\system32\drivers\ParVdm.sys

15:15:33.0093 2480 ParVdm - ok

15:15:33.0109 2480 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINNT\system32\DRIVERS\pci.sys

15:15:33.0187 2480 PCI - ok

15:15:33.0203 2480 PCIDump - ok

15:15:33.0203 2480 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINNT\system32\DRIVERS\pciide.sys

15:15:33.0296 2480 PCIIde - ok

15:15:33.0312 2480 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINNT\system32\DRIVERS\pcmcia.sys

15:15:33.0406 2480 Pcmcia - ok

15:15:33.0406 2480 PDCOMP - ok

15:15:33.0406 2480 PDFRAME - ok

15:15:33.0421 2480 PDRELI - ok

15:15:33.0421 2480 PDRFRAME - ok

15:15:33.0421 2480 perc2 - ok

15:15:33.0437 2480 perc2hib - ok

15:15:33.0453 2480 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINNT\system32\services.exe

15:15:33.0468 2480 PlugPlay - ok

15:15:33.0468 2480 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINNT\system32\lsass.exe

15:15:33.0546 2480 PolicyAgent - ok

15:15:33.0562 2480 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINNT\system32\DRIVERS\raspptp.sys

15:15:33.0656 2480 PptpMiniport - ok

15:15:33.0671 2480 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINNT\system32\lsass.exe

15:15:33.0750 2480 ProtectedStorage - ok

15:15:33.0750 2480 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINNT\system32\DRIVERS\psched.sys

15:15:33.0843 2480 PSched - ok

15:15:33.0843 2480 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINNT\system32\DRIVERS\ptilink.sys

15:15:33.0937 2480 Ptilink - ok

15:15:33.0937 2480 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINNT\system32\Drivers\PxHelp20.sys

15:15:33.0953 2480 PxHelp20 - ok

15:15:33.0953 2480 ql1080 - ok

15:15:33.0968 2480 Ql10wnt - ok

15:15:33.0968 2480 ql12160 - ok

15:15:33.0968 2480 ql1240 - ok

15:15:33.0968 2480 ql1280 - ok

15:15:34.0015 2480 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINNT\system32\DRIVERS\rasacd.sys

15:15:34.0093 2480 RasAcd - ok

15:15:34.0140 2480 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINNT\System32\rasauto.dll

15:15:34.0234 2480 RasAuto - ok

15:15:34.0250 2480 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINNT\system32\DRIVERS\rasl2tp.sys

15:15:34.0328 2480 Rasl2tp - ok

15:15:34.0343 2480 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINNT\System32\rasmans.dll

15:15:34.0437 2480 RasMan - ok

15:15:34.0437 2480 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINNT\system32\DRIVERS\raspppoe.sys

15:15:34.0515 2480 RasPppoe - ok

15:15:34.0531 2480 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINNT\system32\DRIVERS\raspti.sys

15:15:34.0640 2480 Raspti - ok

15:15:34.0656 2480 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINNT\system32\DRIVERS\rdbss.sys

15:15:34.0734 2480 Rdbss - ok

15:15:34.0750 2480 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINNT\system32\DRIVERS\RDPCDD.sys

15:15:34.0843 2480 RDPCDD - ok

15:15:34.0859 2480 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINNT\system32\DRIVERS\rdpdr.sys

15:15:34.0937 2480 rdpdr - ok

15:15:34.0968 2480 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINNT\system32\drivers\RDPWD.sys

15:15:35.0015 2480 RDPWD - ok

15:15:35.0078 2480 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINNT\system32\sessmgr.exe

15:15:35.0187 2480 RDSessMgr - ok

15:15:35.0203 2480 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINNT\system32\DRIVERS\redbook.sys

15:15:35.0281 2480 redbook - ok

15:15:35.0328 2480 [ 2CF574D0965F58E514A2DC94114D7ECA ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

15:15:35.0343 2480 RegSrvc ( UnsignedFile.Multi.Generic ) - warning

15:15:35.0343 2480 RegSrvc - detected UnsignedFile.Multi.Generic (1)

15:15:35.0390 2480 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINNT\System32\mprdim.dll

15:15:35.0484 2480 RemoteAccess - ok

15:15:35.0500 2480 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINNT\system32\regsvc.dll

15:15:35.0593 2480 RemoteRegistry - ok

15:15:35.0625 2480 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINNT\system32\locator.exe

15:15:35.0718 2480 RpcLocator - ok

15:15:35.0750 2480 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINNT\system32\rpcss.dll

15:15:35.0765 2480 RpcSs - ok

15:15:35.0796 2480 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINNT\system32\rsvp.exe

15:15:35.0937 2480 RSVP - ok

15:15:35.0968 2480 [ 874173EDBD4F2FE711F245855A2FFA23 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

15:15:36.0000 2480 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning

15:15:36.0000 2480 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)

15:15:36.0031 2480 [ EADFB87F911A7A75D1B80617F92901E8 ] s24trans C:\WINNT\system32\DRIVERS\s24trans.sys

15:15:36.0046 2480 s24trans ( UnsignedFile.Multi.Generic ) - warning

15:15:36.0046 2480 s24trans - detected UnsignedFile.Multi.Generic (1)

15:15:36.0062 2480 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINNT\system32\lsass.exe

15:15:36.0140 2480 SamSs - ok

15:15:36.0265 2480 [ BD57B12FA4C21B1CE7DA3570410BF12D ] SAVAdminService C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

15:15:36.0281 2480 SAVAdminService - ok

15:15:36.0296 2480 [ D9DF915972694B5274FACC8D00492ACD ] SAVOnAccessControl C:\WINNT\system32\DRIVERS\savonaccesscontrol.sys

15:15:36.0343 2480 SAVOnAccessControl - ok

15:15:36.0375 2480 [ 31B35CCA652A3553FA4FB99EA79C35BF ] SAVOnAccessFilter C:\WINNT\system32\DRIVERS\savonaccessfilter.sys

15:15:36.0406 2480 SAVOnAccessFilter - ok

15:15:36.0421 2480 [ 836AEC603665F6DB83965EE57B3DCF57 ] SAVService C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

15:15:36.0437 2480 SAVService - ok

15:15:36.0484 2480 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINNT\System32\SCardSvr.exe

15:15:36.0609 2480 SCardSvr - ok

15:15:36.0625 2480 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINNT\system32\schedsvc.dll

15:15:36.0750 2480 Schedule - ok

15:15:36.0812 2480 [ 890CADA2AB7ACF53A5F9CCE7515522A2 ] Secdrv C:\WINNT\system32\DRIVERS\secdrv.sys

15:15:36.0812 2480 Secdrv ( UnsignedFile.Multi.Generic ) - warning

15:15:36.0812 2480 Secdrv - detected UnsignedFile.Multi.Generic (1)

15:15:36.0828 2480 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINNT\System32\seclogon.dll

15:15:36.0921 2480 seclogon - ok

15:15:36.0937 2480 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINNT\system32\sens.dll

15:15:37.0015 2480 SENS - ok

15:15:37.0031 2480 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINNT\system32\DRIVERS\serenum.sys

15:15:37.0125 2480 serenum - ok

15:15:37.0140 2480 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINNT\system32\DRIVERS\serial.sys

15:15:37.0234 2480 Serial - ok

15:15:37.0250 2480 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINNT\system32\DRIVERS\sfloppy.sys

15:15:37.0343 2480 Sfloppy - ok

15:15:37.0375 2480 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINNT\System32\ipnathlp.dll

15:15:37.0468 2480 SharedAccess - ok

15:15:37.0484 2480 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINNT\System32\shsvcs.dll

15:15:37.0515 2480 ShellHWDetection - ok

15:15:37.0515 2480 Simbad - ok

15:15:37.0578 2480 [ E4A3CFFD81B4169128F187729E137417 ] Sophos AutoUpdate Service C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

15:15:37.0593 2480 Sophos AutoUpdate Service - ok

15:15:37.0609 2480 [ 3BDF94E0827D13E44249A646F6C0EB7C ] SophosBootDriver C:\WINNT\system32\DRIVERS\SophosBootDriver.sys

15:15:37.0656 2480 SophosBootDriver - ok

15:15:37.0656 2480 Sparrow - ok

15:15:37.0687 2480 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINNT\system32\drivers\splitter.sys

15:15:37.0765 2480 splitter - ok

15:15:37.0812 2480 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINNT\system32\spoolsv.exe

15:15:37.0828 2480 Spooler - ok

15:15:37.0843 2480 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINNT\system32\DRIVERS\sr.sys

15:15:37.0937 2480 sr - ok

15:15:37.0984 2480 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINNT\system32\srsvc.dll

15:15:38.0078 2480 srservice - ok

15:15:38.0125 2480 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINNT\system32\DRIVERS\srv.sys

15:15:38.0156 2480 Srv - ok

15:15:38.0187 2480 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINNT\System32\ssdpsrv.dll

15:15:38.0281 2480 SSDPSRV - ok

15:15:38.0312 2480 [ 686FA4ACFDCB4E16B7F0230B88F6D17E ] STacSV C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

15:15:38.0343 2480 STacSV ( UnsignedFile.Multi.Generic ) - warning

15:15:38.0343 2480 STacSV - detected UnsignedFile.Multi.Generic (1)

15:15:38.0406 2480 [ 31BA85E1CFF39A57F702A2A0877BB8E1 ] STHDA C:\WINNT\system32\drivers\sthda.sys

15:15:38.0453 2480 STHDA - ok

15:15:38.0531 2480 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINNT\system32\wiaservc.dll

15:15:38.0640 2480 stisvc - ok

15:15:38.0687 2480 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

15:15:38.0734 2480 stllssvr ( UnsignedFile.Multi.Generic ) - warning

15:15:38.0734 2480 stllssvr - detected UnsignedFile.Multi.Generic (1)

15:15:38.0734 2480 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINNT\system32\DRIVERS\swenum.sys

15:15:38.0843 2480 swenum - ok

15:15:38.0953 2480 [ AB22D10457BB1B8BB587C61AF03F909F ] swi_service C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

15:15:39.0046 2480 swi_service - ok

15:15:39.0093 2480 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINNT\system32\drivers\swmidi.sys

15:15:39.0281 2480 swmidi - ok

15:15:39.0281 2480 SwPrv - ok

15:15:39.0296 2480 symc810 - ok

15:15:39.0296 2480 symc8xx - ok

15:15:39.0312 2480 sym_hi - ok

15:15:39.0312 2480 sym_u3 - ok

15:15:39.0359 2480 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINNT\system32\drivers\sysaudio.sys

15:15:39.0437 2480 sysaudio - ok

15:15:39.0468 2480 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINNT\system32\smlogsvc.exe

15:15:39.0578 2480 SysmonLog - ok

15:15:39.0640 2480 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINNT\System32\tapisrv.dll

15:15:39.0734 2480 TapiSrv - ok

15:15:39.0765 2480 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINNT\system32\DRIVERS\tcpip.sys

15:15:39.0781 2480 Tcpip - ok

15:15:39.0828 2480 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINNT\system32\drivers\TDPIPE.sys

15:15:39.0906 2480 TDPIPE - ok

15:15:39.0906 2480 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINNT\system32\drivers\TDTCP.sys

15:15:40.0000 2480 TDTCP - ok

15:15:40.0031 2480 [ 88155247177638048422893737429D9E ] TermDD C:\WINNT\system32\DRIVERS\termdd.sys

15:15:40.0109 2480 TermDD - ok

15:15:40.0140 2480 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINNT\System32\termsrv.dll

15:15:40.0234 2480 TermService - ok

15:15:40.0250 2480 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINNT\System32\shsvcs.dll

15:15:40.0265 2480 Themes - ok

15:15:40.0281 2480 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINNT\system32\tlntsvr.exe

15:15:40.0437 2480 TlntSvr - ok

15:15:40.0437 2480 TosIde - ok

15:15:40.0453 2480 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINNT\system32\trkwks.dll

15:15:40.0546 2480 TrkWks - ok

15:15:40.0578 2480 [ B3C9C35DC93563B8D19AD414EDF2FC82 ] TrueSight c:\winnt\system32\drivers\TrueSight.sys

15:15:40.0578 2480 TrueSight ( UnsignedFile.Multi.Generic ) - warning

15:15:40.0578 2480 TrueSight - detected UnsignedFile.Multi.Generic (1)

15:15:40.0593 2480 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINNT\system32\drivers\Udfs.sys

15:15:40.0687 2480 Udfs - ok

15:15:40.0687 2480 UIUSys - ok

15:15:40.0703 2480 ultra - ok

15:15:40.0703 2480 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINNT\system32\DRIVERS\update.sys

15:15:40.0828 2480 Update - ok

15:15:40.0875 2480 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINNT\System32\upnphost.dll

15:15:40.0968 2480 upnphost - ok

15:15:40.0984 2480 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINNT\System32\ups.exe

15:15:41.0109 2480 UPS - ok

15:15:41.0156 2480 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINNT\system32\DRIVERS\usbccgp.sys

15:15:41.0250 2480 usbccgp - ok

15:15:41.0250 2480 [ 6B5E4D5E6E5ECD6ACD14AED59768CE5C ] USBCCID C:\WINNT\system32\DRIVERS\usbccid.sys

15:15:41.0281 2480 USBCCID - ok

15:15:41.0296 2480 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINNT\system32\DRIVERS\usbehci.sys

15:15:41.0390 2480 usbehci - ok

15:15:41.0406 2480 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINNT\system32\DRIVERS\usbhub.sys

15:15:41.0500 2480 usbhub - ok

15:15:41.0515 2480 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINNT\system32\DRIVERS\usbprint.sys

15:15:41.0625 2480 usbprint - ok

15:15:41.0640 2480 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINNT\system32\DRIVERS\usbscan.sys

15:15:41.0750 2480 usbscan - ok

15:15:41.0781 2480 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINNT\system32\DRIVERS\USBSTOR.SYS

15:15:41.0859 2480 usbstor - ok

15:15:41.0875 2480 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINNT\system32\DRIVERS\usbuhci.sys

15:15:41.0968 2480 usbuhci - ok

15:15:41.0984 2480 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINNT\System32\drivers\vga.sys

15:15:42.0062 2480 VgaSave - ok

15:15:42.0078 2480 ViaIde - ok

15:15:42.0093 2480 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINNT\system32\drivers\VolSnap.sys

15:15:42.0187 2480 VolSnap - ok

15:15:42.0203 2480 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINNT\System32\vssvc.exe

15:15:42.0312 2480 VSS - ok

15:15:42.0328 2480 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINNT\system32\w32time.dll

15:15:42.0421 2480 W32Time - ok

15:15:42.0421 2480 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINNT\system32\DRIVERS\wanarp.sys

15:15:42.0515 2480 Wanarp - ok

15:15:42.0515 2480 WDICA - ok

15:15:42.0531 2480 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINNT\system32\drivers\wdmaud.sys

15:15:42.0609 2480 wdmaud - ok

15:15:42.0625 2480 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINNT\System32\webclnt.dll

15:15:42.0703 2480 WebClient - ok

15:15:42.0734 2480 [ 96AFF1738271755A39B52EEF7E35F98F ] winachsf C:\WINNT\system32\DRIVERS\HSF_CNXT.sys

15:15:42.0765 2480 winachsf - ok

15:15:42.0843 2480 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINNT\system32\wbem\WMIsvc.dll

15:15:42.0937 2480 winmgmt - ok

15:15:42.0984 2480 [ 4307641CA3389A210295FDFFD2A73DEE ] WLANKEEPER C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

15:15:43.0015 2480 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning

15:15:43.0015 2480 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)

15:15:43.0046 2480 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINNT\system32\MsPMSNSv.dll

15:15:43.0140 2480 WmdmPmSN - ok

15:15:43.0203 2480 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINNT\System32\advapi32.dll

15:15:43.0234 2480 Wmi - ok

15:15:43.0281 2480 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINNT\system32\DRIVERS\wmiacpi.sys

15:15:43.0375 2480 WmiAcpi - ok

15:15:43.0390 2480 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINNT\system32\wbem\wmiapsrv.exe

15:15:43.0500 2480 WmiApSrv - ok

15:15:43.0593 2480 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

15:15:43.0718 2480 WMPNetworkSvc - ok

15:15:43.0734 2480 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINNT\system32\DRIVERS\wpdusb.sys

15:15:43.0765 2480 WpdUsb - ok

15:15:43.0812 2480 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINNT\system32\wscsvc.dll

15:15:43.0968 2480 wscsvc - ok

15:15:43.0968 2480 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINNT\system32\wuauserv.dll

15:15:44.0109 2480 wuauserv - ok

15:15:44.0125 2480 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINNT\system32\DRIVERS\WudfPf.sys

15:15:44.0156 2480 WudfPf - ok

15:15:44.0171 2480 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINNT\system32\DRIVERS\wudfrd.sys

15:15:44.0187 2480 WudfRd - ok

15:15:44.0203 2480 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINNT\System32\WUDFSvc.dll

15:15:44.0234 2480 WudfSvc - ok

15:15:44.0250 2480 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINNT\System32\wzcsvc.dll

15:15:44.0343 2480 WZCSVC - ok

15:15:44.0359 2480 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINNT\System32\xmlprov.dll

15:15:44.0468 2480 xmlprov - ok

15:15:44.0484 2480 ================ Scan global ===============================

15:15:44.0515 2480 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINNT\system32\basesrv.dll

15:15:44.0562 2480 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINNT\system32\winsrv.dll

15:15:44.0562 2480 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINNT\system32\winsrv.dll

15:15:44.0593 2480 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINNT\system32\services.exe

15:15:44.0593 2480 [Global] - ok

15:15:44.0593 2480 ================ Scan MBR ==================================

15:15:44.0609 2480 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0

15:15:44.0781 2480 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

15:15:44.0781 2480 \Device\Harddisk0\DR0 - detected TDSS File System (1)

15:15:44.0781 2480 ================ Scan VBR ==================================

15:15:44.0796 2480 [ F23887E2925FC9A644B88C19D251002E ] \Device\Harddisk0\DR0\Partition1

15:15:44.0796 2480 \Device\Harddisk0\DR0\Partition1 - ok

15:15:44.0796 2480 ============================================================

15:15:44.0796 2480 Scan finished

15:15:44.0796 2480 ============================================================

15:15:44.0906 0924 Detected object count: 14

15:15:44.0906 0924 Actual detected object count: 14

15:16:30.0343 0924 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user

15:16:30.0343 0924 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:16:30.0343 0924 HP Port Resolver ( UnsignedFile.Multi.Generic ) - skipped by user

15:16:30.0343 0924 HP Port Resolver ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:16:30.0343 0924 HP Status Server ( UnsignedFile.Multi.Generic ) - skipped by user

15:16:30.0343 0924 HP Status Server ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:16:30.0343 0924 MDM ( UnsignedFile.Multi.Generic ) - skipped by user

15:16:30.0343 0924 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:16:30.0343 0924 nipplpt2 ( UnsignedFile.Multi.Generic ) - skipped by user

15:16:30.0343 0924 nipplpt2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:16:30.0359 0924 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user

15:16:30.0359 0924 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:16:30.0359 0924 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user

15:16:30.0359 0924 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:16:30.0359 0924 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

15:16:30.0359 0924 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:16:30.0359 0924 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user

15:16:30.0359 0924 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:16:30.0359 0924 STacSV ( UnsignedFile.Multi.Generic ) - skipped by user

15:16:30.0359 0924 STacSV ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:16:30.0359 0924 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user

15:16:30.0359 0924 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:16:30.0359 0924 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user

15:16:30.0359 0924 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:16:30.0359 0924 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user

15:16:30.0359 0924 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:16:30.0359 0924 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

15:16:30.0359 0924 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

15:17:16.0921 2300 ============================================================

15:17:16.0921 2300 Scan started

15:17:16.0921 2300 Mode: Manual; SigCheck; TDLFS;

15:17:16.0921 2300 ============================================================

15:17:17.0968 2300 ================ Scan system memory ========================

15:17:18.0578 2300 System memory - ok

15:17:18.0578 2300 ================ Scan services =============================

15:17:18.0687 2300 Abiosdsk - ok

15:17:18.0687 2300 abp480n5 - ok

15:17:18.0718 2300 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINNT\system32\DRIVERS\ACPI.sys

15:17:19.0015 2300 ACPI - ok

15:17:19.0046 2300 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINNT\system32\drivers\ACPIEC.sys

15:17:19.0125 2300 ACPIEC - ok

15:17:19.0218 2300 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe

15:17:19.0250 2300 AdobeFlashPlayerUpdateSvc - ok

15:17:19.0265 2300 adpu160m - ok

15:17:19.0281 2300 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINNT\system32\drivers\aec.sys

15:17:19.0437 2300 aec - ok

15:17:19.0453 2300 [ A1AD1A4A9F18D900CA9C93FA3EFDCB56 ] AegisP C:\WINNT\system32\DRIVERS\AegisP.sys

15:17:19.0468 2300 AegisP - ok

15:17:19.0515 2300 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINNT\System32\drivers\afd.sys

15:17:19.0546 2300 AFD - ok

15:17:19.0562 2300 Aha154x - ok

15:17:19.0562 2300 aic78u2 - ok

15:17:19.0578 2300 aic78xx - ok

15:17:19.0625 2300 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINNT\system32\alrsvc.dll

15:17:19.0750 2300 Alerter - ok

15:17:19.0765 2300 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINNT\System32\alg.exe

15:17:19.0859 2300 ALG - ok

15:17:19.0859 2300 AliIde - ok

15:17:19.0875 2300 amsint - ok

15:17:19.0906 2300 [ B8D65DA679A4A8D048783EDE2691B5D4 ] ApfiltrService C:\WINNT\system32\DRIVERS\Apfiltr.sys

15:17:19.0921 2300 ApfiltrService - ok

15:17:19.0937 2300 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINNT\System32\appmgmts.dll

15:17:20.0031 2300 AppMgmt - ok

15:17:20.0031 2300 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINNT\system32\DRIVERS\arp1394.sys

15:17:20.0140 2300 Arp1394 - ok

15:17:20.0140 2300 asc - ok

15:17:20.0140 2300 asc3350p - ok

15:17:20.0140 2300 asc3550 - ok

15:17:20.0265 2300 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

15:17:20.0281 2300 aspnet_state - ok

15:17:20.0296 2300 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINNT\system32\DRIVERS\asyncmac.sys

15:17:20.0406 2300 AsyncMac - ok

15:17:20.0421 2300 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINNT\system32\DRIVERS\atapi.sys

15:17:20.0500 2300 atapi - ok

15:17:20.0515 2300 Atdisk - ok

15:17:20.0515 2300 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINNT\system32\DRIVERS\atmarpc.sys

15:17:20.0609 2300 Atmarpc - ok

15:17:20.0625 2300 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINNT\System32\audiosrv.dll

15:17:20.0718 2300 AudioSrv - ok

15:17:20.0718 2300 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINNT\system32\DRIVERS\audstub.sys

15:17:20.0812 2300 audstub - ok

15:17:20.0828 2300 [ F96038AA1EC4013A93D2420FC689D1E9 ] b57w2k C:\WINNT\system32\DRIVERS\b57xp32.sys

15:17:20.0843 2300 b57w2k - ok

15:17:20.0859 2300 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINNT\system32\drivers\Beep.sys

15:17:20.0953 2300 Beep - ok

15:17:21.0000 2300 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINNT\system32\qmgr.dll

15:17:21.0125 2300 BITS - ok

15:17:21.0156 2300 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINNT\System32\browser.dll

15:17:21.0171 2300 Browser - ok

15:17:21.0187 2300 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINNT\system32\drivers\cbidf2k.sys

15:17:21.0281 2300 cbidf2k - ok

15:17:21.0281 2300 cd20xrnt - ok

15:17:21.0281 2300 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINNT\system32\drivers\Cdaudio.sys

15:17:21.0390 2300 Cdaudio - ok

15:17:21.0390 2300 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINNT\system32\drivers\Cdfs.sys

15:17:21.0484 2300 Cdfs - ok

15:17:21.0484 2300 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINNT\system32\DRIVERS\cdrom.sys

15:17:21.0578 2300 Cdrom - ok

15:17:21.0578 2300 Changer - ok

15:17:21.0609 2300 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINNT\system32\cisvc.exe

15:17:21.0718 2300 CiSvc - ok

15:17:21.0750 2300 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINNT\system32\clipsrv.exe

15:17:21.0828 2300 ClipSrv - ok

15:17:21.0859 2300 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:17:21.0875 2300 clr_optimization_v2.0.50727_32 - ok

15:17:21.0875 2300 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINNT\system32\DRIVERS\CmBatt.sys

15:17:21.0968 2300 CmBatt - ok

15:17:21.0968 2300 CmdIde - ok

15:17:22.0015 2300 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINNT\system32\DRIVERS\compbatt.sys

15:17:22.0109 2300 Compbatt - ok

15:17:22.0109 2300 COMSysApp - ok

15:17:22.0125 2300 Cpqarray - ok

15:17:22.0156 2300 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINNT\System32\cryptsvc.dll

15:17:22.0234 2300 CryptSvc - ok

15:17:22.0250 2300 dac2w2k - ok

15:17:22.0250 2300 dac960nt - ok

15:17:22.0296 2300 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINNT\system32\rpcss.dll

15:17:22.0328 2300 DcomLaunch - ok

15:17:22.0375 2300 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINNT\System32\dhcpcsvc.dll

15:17:22.0453 2300 Dhcp - ok

15:17:22.0484 2300 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINNT\system32\DRIVERS\disk.sys

15:17:22.0562 2300 Disk - ok

15:17:22.0625 2300 [ 0659E6E0A95564F958D9DF7313F7701E ] DLABMFSM C:\WINNT\system32\DLA\DLABMFSM.SYS

15:17:22.0625 2300 DLABMFSM - ok

15:17:22.0640 2300 [ 8691C78908F0BD66170669DB268369F2 ] DLABOIOM C:\WINNT\system32\DLA\DLABOIOM.SYS

15:17:22.0640 2300 DLABOIOM - ok

15:17:22.0656 2300 [ 76167B5EB2DFFC729EDC36386876B40B ] DLACDBHM C:\WINNT\system32\Drivers\DLACDBHM.SYS

15:17:22.0656 2300 DLACDBHM - ok

15:17:22.0687 2300 [ 5615744A1056933B90E6AC54FEB86F35 ] DLADResM C:\WINNT\system32\DLA\DLADResM.SYS

15:17:22.0687 2300 DLADResM - ok

15:17:22.0703 2300 [ 1AECA2AFA5005CE4A550CF8EB55A8C88 ] DLAIFS_M C:\WINNT\system32\DLA\DLAIFS_M.SYS

15:17:22.0703 2300 DLAIFS_M - ok

15:17:22.0718 2300 [ 840E7F6ABB885C72B9FFDDB022EF5B6D ] DLAOPIOM C:\WINNT\system32\DLA\DLAOPIOM.SYS

15:17:22.0718 2300 DLAOPIOM - ok

15:17:22.0734 2300 [ 0294D18731AC05DA80132CE88F8A876B ] DLAPoolM C:\WINNT\system32\DLA\DLAPoolM.SYS

15:17:22.0734 2300 DLAPoolM - ok

15:17:22.0750 2300 [ 91886FED52A3F9966207BCE46CFD794F ] DLARTL_M C:\WINNT\system32\Drivers\DLARTL_M.SYS

15:17:22.0750 2300 DLARTL_M - ok

15:17:22.0765 2300 [ CCA4E121D599D7D1706A30F603731E59 ] DLAUDFAM C:\WINNT\system32\DLA\DLAUDFAM.SYS

15:17:22.0765 2300 DLAUDFAM - ok

15:17:22.0781 2300 [ 7DAB85C33135DF24419951DA4E7D38E5 ] DLAUDF_M C:\WINNT\system32\DLA\DLAUDF_M.SYS

15:17:22.0796 2300 DLAUDF_M - ok

15:17:22.0796 2300 dmadmin - ok

15:17:22.0828 2300 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINNT\system32\drivers\dmboot.sys

15:17:22.0937 2300 dmboot - ok

15:17:22.0937 2300 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINNT\system32\drivers\dmio.sys

15:17:23.0046 2300 dmio - ok

15:17:23.0046 2300 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINNT\system32\drivers\dmload.sys

15:17:23.0156 2300 dmload - ok

15:17:23.0171 2300 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINNT\System32\dmserver.dll

15:17:23.0250 2300 dmserver - ok

15:17:23.0265 2300 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINNT\system32\drivers\DMusic.sys

15:17:23.0359 2300 DMusic - ok

15:17:23.0375 2300 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINNT\System32\dnsrslvr.dll

15:17:23.0406 2300 Dnscache - ok

15:17:23.0421 2300 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINNT\System32\dot3svc.dll

15:17:23.0515 2300 Dot3svc - ok

15:17:23.0515 2300 dpti2o - ok

15:17:23.0531 2300 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINNT\system32\drivers\drmkaud.sys

15:17:23.0625 2300 drmkaud - ok

15:17:23.0625 2300 [ C00440385CF9F3D142917C63F989E244 ] DRVMCDB C:\WINNT\system32\Drivers\DRVMCDB.SYS

15:17:23.0640 2300 DRVMCDB - ok

15:17:23.0640 2300 [ 6E6AB29D3C06E64CE81FEACDA85394B5 ] DRVNDDM C:\WINNT\system32\Drivers\DRVNDDM.SYS

15:17:23.0656 2300 DRVNDDM - ok

15:17:23.0687 2300 [ 6C5ABE3C6D8ADC67A988A0C3F68FAC24 ] DwProt C:\WINNT\system32\drivers\dwprot.sys

15:17:23.0703 2300 DwProt - ok

15:17:23.0718 2300 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINNT\System32\eapsvc.dll

15:17:23.0796 2300 EapHost - ok

15:17:23.0812 2300 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINNT\System32\ersvc.dll

15:17:23.0921 2300 ERSvc - ok

15:17:23.0953 2300 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINNT\system32\services.exe

15:17:23.0968 2300 Eventlog - ok

15:17:24.0031 2300 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINNT\system32\es.dll

15:17:24.0062 2300 EventSystem - ok

15:17:24.0218 2300 [ E71B03FF6B819AE1A286AA27E956D523 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

15:17:24.0234 2300 EvtEng ( UnsignedFile.Multi.Generic ) - warning

15:17:24.0234 2300 EvtEng - detected UnsignedFile.Multi.Generic (1)

15:17:24.0281 2300 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINNT\system32\drivers\Fastfat.sys

15:17:24.0375 2300 Fastfat - ok

15:17:24.0421 2300 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINNT\System32\shsvcs.dll

15:17:24.0453 2300 FastUserSwitchingCompatibility - ok

15:17:24.0468 2300 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINNT\system32\drivers\Fdc.sys

15:17:24.0578 2300 Fdc - ok

15:17:24.0640 2300 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINNT\system32\drivers\Fips.sys

15:17:24.0796 2300 Fips - ok

15:17:24.0796 2300 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINNT\system32\drivers\Flpydisk.sys

15:17:24.0921 2300 Flpydisk - ok

15:17:24.0937 2300 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINNT\system32\drivers\fltmgr.sys

15:17:25.0031 2300 FltMgr - ok

15:17:25.0109 2300 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

15:17:25.0109 2300 FontCache3.0.0.0 - ok

15:17:25.0125 2300 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINNT\system32\drivers\Fs_Rec.sys

15:17:25.0218 2300 Fs_Rec - ok

15:17:25.0218 2300 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINNT\system32\DRIVERS\ftdisk.sys

15:17:25.0312 2300 Ftdisk - ok

15:17:25.0328 2300 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINNT\system32\DRIVERS\msgpc.sys

15:17:25.0421 2300 Gpc - ok

15:17:25.0421 2300 [ 7DADEB7F2215B1F883267CAD67F091C1 ] guardian2 C:\WINNT\system32\Drivers\oz776.sys

15:17:25.0437 2300 guardian2 - ok

15:17:25.0500 2300 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

15:17:25.0515 2300 gupdate - ok

15:17:25.0531 2300 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

15:17:25.0531 2300 gupdatem - ok

15:17:25.0578 2300 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

15:17:25.0593 2300 gusvc - ok

15:17:25.0640 2300 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINNT\system32\DRIVERS\HDAudBus.sys

15:17:25.0718 2300 HDAudBus - ok

15:17:25.0812 2300 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll

15:17:25.0890 2300 helpsvc - ok

15:17:25.0906 2300 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINNT\System32\hidserv.dll

15:17:26.0000 2300 HidServ - ok

15:17:26.0015 2300 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINNT\system32\DRIVERS\hidusb.sys

15:17:26.0109 2300 hidusb - ok

15:17:26.0140 2300 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINNT\System32\kmsvc.dll

15:17:26.0234 2300 hkmsvc - ok

15:17:26.0359 2300 [ C5F00D15AA15CB7F55A027FF75E44BB7 ] HP Port Resolver C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE

15:17:26.0375 2300 HP Port Resolver ( UnsignedFile.Multi.Generic ) - warning

15:17:26.0375 2300 HP Port Resolver - detected UnsignedFile.Multi.Generic (1)

15:17:26.0421 2300 [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE

15:17:26.0453 2300 HP Status Server ( UnsignedFile.Multi.Generic ) - warning

15:17:26.0453 2300 HP Status Server - detected UnsignedFile.Multi.Generic (1)

15:17:26.0453 2300 hpn - ok

15:17:26.0468 2300 [ B1526810210980BED9D22315946C919D ] HSFHWAZL C:\WINNT\system32\DRIVERS\HSFHWAZL.sys

15:17:26.0500 2300 HSFHWAZL - ok

15:17:26.0546 2300 [ DDBD528E60F5961C142A490DC4EA7780 ] HSF_DPV C:\WINNT\system32\DRIVERS\HSF_DPV.sys

15:17:26.0578 2300 HSF_DPV - ok

15:17:26.0625 2300 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINNT\system32\Drivers\HTTP.sys

15:17:26.0640 2300 HTTP - ok

15:17:26.0687 2300 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINNT\System32\w3ssl.dll

15:17:26.0765 2300 HTTPFilter - ok

15:17:26.0781 2300 i2omgmt - ok

15:17:26.0781 2300 i2omp - ok

15:17:26.0796 2300 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINNT\system32\DRIVERS\i8042prt.sys

15:17:26.0890 2300 i8042prt - ok

15:17:26.0953 2300 [ 582F2D900A3AC34C98FBDC2C0ABEF6B9 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

15:17:26.0968 2300 IAANTMON - ok

15:17:27.0156 2300 [ 200CCA76CD0E0F7EEC78FA56C29B4D67 ] ialm C:\WINNT\system32\DRIVERS\igxpmp32.sys

15:17:27.0328 2300 ialm - ok

15:17:27.0359 2300 [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor C:\WINNT\system32\drivers\iaStor.sys

15:17:27.0359 2300 iaStor - ok

15:17:27.0437 2300 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:17:27.0468 2300 idsvc - ok

15:17:27.0484 2300 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINNT\system32\DRIVERS\imapi.sys

15:17:27.0578 2300 Imapi - ok

15:17:27.0625 2300 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINNT\system32\imapi.exe

15:17:27.0718 2300 ImapiService - ok

15:17:27.0718 2300 ini910u - ok

15:17:27.0734 2300 IntelIde - ok

15:17:27.0750 2300 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINNT\system32\DRIVERS\intelppm.sys

15:17:27.0828 2300 intelppm - ok

15:17:27.0843 2300 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINNT\system32\drivers\ip6fw.sys

15:17:27.0937 2300 Ip6Fw - ok

15:17:27.0953 2300 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINNT\system32\DRIVERS\ipfltdrv.sys

15:17:28.0031 2300 IpFilterDriver - ok

15:17:28.0046 2300 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINNT\system32\DRIVERS\ipinip.sys

15:17:28.0140 2300 IpInIp - ok

15:17:28.0156 2300 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINNT\system32\DRIVERS\ipnat.sys

15:17:28.0250 2300 IpNat - ok

15:17:28.0265 2300 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINNT\system32\DRIVERS\ipsec.sys

15:17:28.0343 2300 IPSec - ok

15:17:28.0359 2300 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINNT\system32\DRIVERS\irenum.sys

15:17:28.0437 2300 IRENUM - ok

15:17:28.0437 2300 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINNT\system32\DRIVERS\isapnp.sys

15:17:28.0531 2300 isapnp - ok

15:17:28.0578 2300 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

15:17:28.0593 2300 JavaQuickStarterService - ok

15:17:28.0609 2300 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINNT\system32\DRIVERS\kbdclass.sys

15:17:28.0687 2300 Kbdclass - ok

15:17:28.0703 2300 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINNT\system32\drivers\kmixer.sys

15:17:28.0781 2300 kmixer - ok

15:17:28.0812 2300 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINNT\system32\drivers\KSecDD.sys

15:17:28.0843 2300 KSecDD - ok

15:17:28.0890 2300 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINNT\System32\srvsvc.dll

15:17:28.0921 2300 lanmanserver - ok

15:17:28.0953 2300 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINNT\System32\wkssvc.dll

15:17:28.0968 2300 lanmanworkstation - ok

15:17:28.0984 2300 lbrtfdc - ok

15:17:29.0031 2300 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINNT\System32\lmhsvc.dll

15:17:29.0109 2300 LmHosts - ok

15:17:29.0140 2300 [ 6EC65465744C0B9495AEA4D51947DB49 ] lxdnCATSCustConnectService C:\WINNT\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe

15:17:29.0156 2300 lxdnCATSCustConnectService - ok

15:17:29.0156 2300 lxdn_device - ok

15:17:29.0250 2300 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

15:17:29.0265 2300 MDM ( UnsignedFile.Multi.Generic ) - warning

15:17:29.0265 2300 MDM - detected UnsignedFile.Multi.Generic (1)

15:17:29.0296 2300 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINNT\system32\DRIVERS\mdmxsdk.sys

15:17:29.0312 2300 mdmxsdk - ok

15:17:29.0343 2300 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINNT\System32\msgsvc.dll

15:17:29.0437 2300 Messenger - ok

15:17:29.0453 2300 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINNT\system32\drivers\mnmdd.sys

15:17:29.0531 2300 mnmdd - ok

15:17:29.0546 2300 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINNT\system32\mnmsrvc.exe

15:17:29.0656 2300 mnmsrvc - ok

15:17:29.0656 2300 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINNT\system32\drivers\Modem.sys

15:17:29.0750 2300 Modem - ok

15:17:29.0765 2300 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINNT\system32\DRIVERS\mouclass.sys

15:17:29.0843 2300 Mouclass - ok

15:17:29.0859 2300 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINNT\system32\DRIVERS\mouhid.sys

15:17:29.0953 2300 mouhid - ok

15:17:29.0968 2300 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINNT\system32\drivers\MountMgr.sys

15:17:30.0046 2300 MountMgr - ok

15:17:30.0062 2300 mraid35x - ok

15:17:30.0062 2300 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINNT\system32\DRIVERS\mrxdav.sys

15:17:30.0156 2300 MRxDAV - ok

15:17:30.0218 2300 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINNT\system32\DRIVERS\mrxsmb.sys

15:17:30.0250 2300 MRxSmb - ok

15:17:30.0296 2300 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINNT\system32\msdtc.exe

15:17:30.0390 2300 MSDTC - ok

15:17:30.0406 2300 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINNT\system32\drivers\Msfs.sys

15:17:30.0484 2300 Msfs - ok

15:17:30.0484 2300 MSIServer - ok

15:17:30.0500 2300 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINNT\system32\drivers\MSKSSRV.sys

15:17:30.0578 2300 MSKSSRV - ok

15:17:30.0593 2300 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINNT\system32\drivers\MSPCLOCK.sys

15:17:30.0671 2300 MSPCLOCK - ok

15:17:30.0671 2300 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINNT\system32\drivers\MSPQM.sys

15:17:30.0750 2300 MSPQM - ok

15:17:30.0781 2300 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINNT\system32\DRIVERS\mssmbios.sys

15:17:30.0859 2300 mssmbios - ok

15:17:30.0875 2300 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINNT\system32\drivers\Mup.sys

15:17:30.0890 2300 Mup - ok

15:17:30.0937 2300 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINNT\System32\qagentrt.dll

15:17:31.0015 2300 napagent - ok

15:17:31.0046 2300 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINNT\system32\drivers\NDIS.sys

15:17:31.0125 2300 NDIS - ok

15:17:31.0171 2300 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINNT\system32\DRIVERS\ndistapi.sys

15:17:31.0203 2300 NdisTapi - ok

15:17:31.0203 2300 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINNT\system32\DRIVERS\ndisuio.sys

15:17:31.0296 2300 Ndisuio - ok

15:17:31.0296 2300 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINNT\system32\DRIVERS\ndiswan.sys

15:17:31.0375 2300 NdisWan - ok

15:17:31.0406 2300 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINNT\system32\drivers\NDProxy.sys

15:17:31.0437 2300 NDProxy - ok

15:17:31.0437 2300 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINNT\system32\DRIVERS\netbios.sys

15:17:31.0515 2300 NetBIOS - ok

15:17:31.0531 2300 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINNT\system32\DRIVERS\netbt.sys

15:17:31.0625 2300 NetBT - ok

15:17:31.0656 2300 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINNT\system32\netdde.exe

15:17:31.0750 2300 NetDDE - ok

15:17:31.0765 2300 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINNT\system32\netdde.exe

15:17:31.0843 2300 NetDDEdsdm - ok

15:17:31.0890 2300 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINNT\system32\lsass.exe

15:17:31.0984 2300 Netlogon - ok

15:17:32.0015 2300 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINNT\System32\netman.dll

15:17:32.0109 2300 Netman - ok

15:17:32.0171 2300 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:17:32.0187 2300 NetTcpPortSharing - ok

15:17:32.0281 2300 [ B5AB1108B377B5F3D37409FABDA01453 ] NETw4x32 C:\WINNT\system32\DRIVERS\NETw4x32.sys

15:17:32.0343 2300 NETw4x32 - ok

15:17:32.0390 2300 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINNT\system32\DRIVERS\nic1394.sys

15:17:32.0484 2300 NIC1394 - ok

15:17:32.0531 2300 [ 5B688D6E2B939525F10456976DCF1DD7 ] nipplpt2 C:\WINNT\system32\drivers\nipplpt.sys

15:17:32.0546 2300 nipplpt2 ( UnsignedFile.Multi.Generic ) - warning

15:17:32.0546 2300 nipplpt2 - detected UnsignedFile.Multi.Generic (1)

15:17:32.0593 2300 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINNT\System32\mswsock.dll

15:17:32.0609 2300 Nla - ok

15:17:32.0625 2300 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINNT\system32\drivers\Npfs.sys

15:17:32.0718 2300 Npfs - ok

15:17:32.0750 2300 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINNT\system32\drivers\Ntfs.sys

15:17:32.0843 2300 Ntfs - ok

15:17:32.0875 2300 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINNT\system32\lsass.exe

15:17:32.0953 2300 NtLmSsp - ok

15:17:33.0015 2300 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINNT\system32\ntmssvc.dll

15:17:33.0093 2300 NtmsSvc - ok

15:17:33.0140 2300 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINNT\system32\drivers\Null.sys

15:17:33.0218 2300 Null - ok

15:17:33.0406 2300 [ 8129D762CC3E3C5AB9CF2EABC377FB73 ] nv C:\WINNT\system32\DRIVERS\nv4_mini.sys

15:17:33.0546 2300 nv - ok

15:17:33.0625 2300 [ 7EE6243758619A391491148EABF0E7B7 ] NVSvc C:\WINNT\system32\nvsvc32.exe

15:17:33.0640 2300 NVSvc - ok

15:17:33.0656 2300 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINNT\system32\DRIVERS\nwlnkflt.sys

15:17:33.0750 2300 NwlnkFlt - ok

15:17:33.0750 2300 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINNT\system32\DRIVERS\nwlnkfwd.sys

15:17:33.0937 2300 NwlnkFwd - ok

15:17:34.0062 2300 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

15:17:34.0078 2300 odserv - ok

15:17:34.0109 2300 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINNT\system32\DRIVERS\ohci1394.sys

15:17:34.0187 2300 ohci1394 - ok

15:17:34.0234 2300 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:17:34.0234 2300 ose - ok

15:17:34.0281 2300 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINNT\system32\drivers\Parport.sys

15:17:34.0359 2300 Parport - ok

15:17:34.0359 2300 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINNT\system32\drivers\PartMgr.sys

15:17:34.0453 2300 PartMgr - ok

15:17:34.0468 2300 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINNT\system32\drivers\ParVdm.sys

15:17:34.0562 2300 ParVdm - ok

15:17:34.0578 2300 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINNT\system32\DRIVERS\pci.sys

15:17:34.0671 2300 PCI - ok

15:17:34.0671 2300 PCIDump - ok

15:17:34.0671 2300 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINNT\system32\DRIVERS\pciide.sys

15:17:34.0765 2300 PCIIde - ok

15:17:34.0781 2300 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINNT\system32\DRIVERS\pcmcia.sys

15:17:34.0875 2300 Pcmcia - ok

15:17:34.0890 2300 PDCOMP - ok

15:17:34.0890 2300 PDFRAME - ok

15:17:34.0890 2300 PDRELI - ok

15:17:34.0890 2300 PDRFRAME - ok

15:17:34.0906 2300 perc2 - ok

15:17:34.0906 2300 perc2hib - ok

15:17:34.0921 2300 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINNT\system32\services.exe

15:17:34.0937 2300 PlugPlay - ok

15:17:34.0953 2300 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINNT\system32\lsass.exe

15:17:35.0031 2300 PolicyAgent - ok

15:17:35.0046 2300 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINNT\system32\DRIVERS\raspptp.sys

15:17:35.0140 2300 PptpMiniport - ok

15:17:35.0140 2300 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINNT\system32\lsass.exe

15:17:35.0218 2300 ProtectedStorage - ok

15:17:35.0218 2300 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINNT\system32\DRIVERS\psched.sys

15:17:35.0328 2300 PSched - ok

15:17:35.0328 2300 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINNT\system32\DRIVERS\ptilink.sys

15:17:35.0421 2300 Ptilink - ok

15:17:35.0421 2300 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINNT\system32\Drivers\PxHelp20.sys

15:17:35.0437 2300 PxHelp20 - ok

15:17:35.0437 2300 ql1080 - ok

15:17:35.0453 2300 Ql10wnt - ok

15:17:35.0453 2300 ql12160 - ok

15:17:35.0453 2300 ql1240 - ok

15:17:35.0453 2300 ql1280 - ok

15:17:35.0468 2300 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINNT\system32\DRIVERS\rasacd.sys

15:17:35.0562 2300 RasAcd - ok

15:17:35.0593 2300 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINNT\System32\rasauto.dll

15:17:35.0687 2300 RasAuto - ok

15:17:35.0703 2300 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINNT\system32\DRIVERS\rasl2tp.sys

15:17:35.0781 2300 Rasl2tp - ok

15:17:35.0796 2300 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINNT\System32\rasmans.dll

15:17:35.0890 2300 RasMan - ok

15:17:35.0890 2300 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINNT\system32\DRIVERS\raspppoe.sys

15:17:35.0968 2300 RasPppoe - ok

15:17:36.0000 2300 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINNT\system32\DRIVERS\raspti.sys

15:17:36.0093 2300 Raspti - ok

15:17:36.0125 2300 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINNT\system32\DRIVERS\rdbss.sys

15:17:36.0203 2300 Rdbss - ok

15:17:36.0203 2300 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINNT\system32\DRIVERS\RDPCDD.sys

15:17:36.0296 2300 RDPCDD - ok

15:17:36.0312 2300 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINNT\system32\DRIVERS\rdpdr.sys

15:17:36.0406 2300 rdpdr - ok

15:17:36.0437 2300 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINNT\system32\drivers\RDPWD.sys

15:17:36.0453 2300 RDPWD - ok

15:17:36.0484 2300 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINNT\system32\sessmgr.exe

15:17:36.0562 2300 RDSessMgr - ok

15:17:36.0578 2300 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINNT\system32\DRIVERS\redbook.sys

15:17:36.0671 2300 redbook - ok

15:17:36.0718 2300 [ 2CF574D0965F58E514A2DC94114D7ECA ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

15:17:36.0734 2300 RegSrvc ( UnsignedFile.Multi.Generic ) - warning

15:17:36.0734 2300 RegSrvc - detected UnsignedFile.Multi.Generic (1)

15:17:36.0765 2300 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINNT\System32\mprdim.dll

15:17:36.0859 2300 RemoteAccess - ok

15:17:36.0859 2300 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINNT\system32\regsvc.dll

15:17:36.0953 2300 RemoteRegistry - ok

15:17:37.0000 2300 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINNT\system32\locator.exe

15:17:37.0078 2300 RpcLocator - ok

15:17:37.0109 2300 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINNT\system32\rpcss.dll

15:17:37.0125 2300 RpcSs - ok

15:17:37.0156 2300 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINNT\system32\rsvp.exe

15:17:37.0234 2300 RSVP - ok

15:17:37.0281 2300 [ 874173EDBD4F2FE711F245855A2FFA23 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

15:17:37.0312 2300 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning

15:17:37.0312 2300 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)

15:17:37.0328 2300 [ EADFB87F911A7A75D1B80617F92901E8 ] s24trans C:\WINNT\system32\DRIVERS\s24trans.sys

15:17:37.0343 2300 s24trans ( UnsignedFile.Multi.Generic ) - warning

15:17:37.0343 2300 s24trans - detected UnsignedFile.Multi.Generic (1)

15:17:37.0359 2300 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINNT\system32\lsass.exe

15:17:37.0437 2300 SamSs - ok

15:17:37.0546 2300 [ BD57B12FA4C21B1CE7DA3570410BF12D ] SAVAdminService C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

15:17:37.0562 2300 SAVAdminService - ok

15:17:37.0578 2300 [ D9DF915972694B5274FACC8D00492ACD ] SAVOnAccessControl C:\WINNT\system32\DRIVERS\savonaccesscontrol.sys

15:17:37.0609 2300 SAVOnAccessControl - ok

15:17:37.0625 2300 [ 31B35CCA652A3553FA4FB99EA79C35BF ] SAVOnAccessFilter C:\WINNT\system32\DRIVERS\savonaccessfilter.sys

15:17:37.0656 2300 SAVOnAccessFilter - ok

15:17:37.0687 2300 [ 836AEC603665F6DB83965EE57B3DCF57 ] SAVService C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

15:17:37.0703 2300 SAVService - ok

15:17:37.0765 2300 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINNT\System32\SCardSvr.exe

15:17:37.0921 2300 SCardSvr - ok

15:17:37.0937 2300 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINNT\system32\schedsvc.dll

15:17:38.0093 2300 Schedule - ok

15:17:38.0109 2300 [ 890CADA2AB7ACF53A5F9CCE7515522A2 ] Secdrv C:\WINNT\system32\DRIVERS\secdrv.sys

15:17:38.0140 2300 Secdrv ( UnsignedFile.Multi.Generic ) - warning

15:17:38.0140 2300 Secdrv - detected UnsignedFile.Multi.Generic (1)

15:17:38.0140 2300 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINNT\System32\seclogon.dll

15:17:38.0296 2300 seclogon - ok

15:17:38.0312 2300 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINNT\system32\sens.dll

15:17:38.0390 2300 SENS - ok

15:17:38.0406 2300 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINNT\system32\DRIVERS\serenum.sys

15:17:38.0500 2300 serenum - ok

15:17:38.0515 2300 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINNT\system32\DRIVERS\serial.sys

15:17:38.0609 2300 Serial - ok

15:17:38.0625 2300 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINNT\system32\DRIVERS\sfloppy.sys

15:17:38.0718 2300 Sfloppy - ok

15:17:38.0750 2300 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINNT\System32\ipnathlp.dll

15:17:38.0843 2300 SharedAccess - ok

15:17:38.0859 2300 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINNT\System32\shsvcs.dll

15:17:38.0875 2300 ShellHWDetection - ok

15:17:38.0875 2300 Simbad - ok

15:17:38.0937 2300 [ E4A3CFFD81B4169128F187729E137417 ] Sophos AutoUpdate Service C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

15:17:38.0953 2300 Sophos AutoUpdate Service - ok

15:17:38.0984 2300 [ 3BDF94E0827D13E44249A646F6C0EB7C ] SophosBootDriver C:\WINNT\system32\DRIVERS\SophosBootDriver.sys

15:17:39.0015 2300 SophosBootDriver - ok

15:17:39.0015 2300 Sparrow - ok

15:17:39.0046 2300 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINNT\system32\drivers\splitter.sys

15:17:39.0140 2300 splitter - ok

15:17:39.0187 2300 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINNT\system32\spoolsv.exe

15:17:39.0187 2300 Spooler - ok

15:17:39.0203 2300 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINNT\system32\DRIVERS\sr.sys

15:17:39.0312 2300 sr - ok

15:17:39.0343 2300 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINNT\system32\srsvc.dll

15:17:39.0437 2300 srservice - ok

15:17:39.0484 2300 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINNT\system32\DRIVERS\srv.sys

15:17:39.0515 2300 Srv - ok

15:17:39.0546 2300 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINNT\System32\ssdpsrv.dll

15:17:39.0640 2300 SSDPSRV - ok

15:17:39.0671 2300 [ 686FA4ACFDCB4E16B7F0230B88F6D17E ] STacSV C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

15:17:39.0687 2300 STacSV ( UnsignedFile.Multi.Generic ) - warning

15:17:39.0687 2300 STacSV - detected UnsignedFile.Multi.Generic (1)

15:17:39.0750 2300 [ 31BA85E1CFF39A57F702A2A0877BB8E1 ] STHDA C:\WINNT\system32\drivers\sthda.sys

15:17:39.0796 2300 STHDA - ok

15:17:39.0843 2300 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINNT\system32\wiaservc.dll

15:17:39.0984 2300 stisvc - ok

15:17:40.0031 2300 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

15:17:40.0046 2300 stllssvr ( UnsignedFile.Multi.Generic ) - warning

15:17:40.0046 2300 stllssvr - detected UnsignedFile.Multi.Generic (1)

15:17:40.0062 2300 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINNT\system32\DRIVERS\swenum.sys

15:17:40.0156 2300 swenum - ok

15:17:40.0234 2300 [ AB22D10457BB1B8BB587C61AF03F909F ] swi_service C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

15:17:40.0281 2300 swi_service - ok

15:17:40.0296 2300 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINNT\system32\drivers\swmidi.sys

15:17:40.0375 2300 swmidi - ok

15:17:40.0390 2300 SwPrv - ok

15:17:40.0390 2300 symc810 - ok

15:17:40.0390 2300 symc8xx - ok

15:17:40.0406 2300 sym_hi - ok

15:17:40.0406 2300 sym_u3 - ok

15:17:40.0453 2300 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINNT\system32\drivers\sysaudio.sys

15:17:40.0531 2300 sysaudio - ok

15:17:40.0562 2300 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINNT\system32\smlogsvc.exe

15:17:40.0671 2300 SysmonLog - ok

15:17:40.0718 2300 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINNT\System32\tapisrv.dll

15:17:40.0812 2300 TapiSrv - ok

15:17:40.0828 2300 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINNT\system32\DRIVERS\tcpip.sys

15:17:40.0843 2300 Tcpip - ok

15:17:40.0890 2300 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINNT\system32\drivers\TDPIPE.sys

15:17:40.0984 2300 TDPIPE - ok

15:17:40.0984 2300 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINNT\system32\drivers\TDTCP.sys

15:17:41.0078 2300 TDTCP - ok

15:17:41.0093 2300 [ 88155247177638048422893737429D9E ] TermDD C:\WINNT\system32\DRIVERS\termdd.sys

15:17:41.0187 2300 TermDD - ok

15:17:41.0203 2300 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINNT\System32\termsrv.dll

15:17:41.0296 2300 TermService - ok

15:17:41.0312 2300 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINNT\System32\shsvcs.dll

15:17:41.0328 2300 Themes - ok

15:17:41.0343 2300 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINNT\system32\tlntsvr.exe

15:17:41.0453 2300 TlntSvr - ok

15:17:41.0453 2300 TosIde - ok

15:17:41.0468 2300 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINNT\system32\trkwks.dll

15:17:41.0562 2300 TrkWks - ok

15:17:41.0593 2300 [ B3C9C35DC93563B8D19AD414EDF2FC82 ] TrueSight c:\winnt\system32\drivers\TrueSight.sys

15:17:41.0593 2300 TrueSight ( UnsignedFile.Multi.Generic ) - warning

15:17:41.0593 2300 TrueSight - detected UnsignedFile.Multi.Generic (1)

15:17:41.0609 2300 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINNT\system32\drivers\Udfs.sys

15:17:41.0703 2300 Udfs - ok

15:17:41.0703 2300 UIUSys - ok

15:17:41.0718 2300 ultra - ok

15:17:41.0718 2300 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINNT\system32\DRIVERS\update.sys

15:17:41.0843 2300 Update - ok

15:17:41.0890 2300 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINNT\System32\upnphost.dll

15:17:41.0968 2300 upnphost - ok

15:17:42.0000 2300 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINNT\System32\ups.exe

15:17:42.0093 2300 UPS - ok

15:17:42.0125 2300 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINNT\system32\DRIVERS\usbccgp.sys

15:17:42.0218 2300 usbccgp - ok

15:17:42.0218 2300 [ 6B5E4D5E6E5ECD6ACD14AED59768CE5C ] USBCCID C:\WINNT\system32\DRIVERS\usbccid.sys

15:17:42.0234 2300 USBCCID - ok

15:17:42.0250 2300 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINNT\system32\DRIVERS\usbehci.sys

15:17:42.0343 2300 usbehci - ok

15:17:42.0359 2300 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINNT\system32\DRIVERS\usbhub.sys

15:17:42.0453 2300 usbhub - ok

15:17:42.0484 2300 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINNT\system32\DRIVERS\usbprint.sys

15:17:42.0578 2300 usbprint - ok

15:17:42.0609 2300 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINNT\system32\DRIVERS\usbscan.sys

15:17:42.0703 2300 usbscan - ok

15:17:42.0718 2300 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINNT\system32\DRIVERS\USBSTOR.SYS

15:17:42.0812 2300 usbstor - ok

15:17:42.0828 2300 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINNT\system32\DRIVERS\usbuhci.sys

15:17:42.0921 2300 usbuhci - ok

15:17:42.0968 2300 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINNT\System32\drivers\vga.sys

15:17:43.0062 2300 VgaSave - ok

15:17:43.0062 2300 ViaIde - ok

15:17:43.0078 2300 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINNT\system32\drivers\VolSnap.sys

15:17:43.0171 2300 VolSnap - ok

15:17:43.0234 2300 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINNT\System32\vssvc.exe

15:17:43.0312 2300 VSS - ok

15:17:43.0343 2300 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINNT\system32\w32time.dll

15:17:43.0421 2300 W32Time - ok

15:17:43.0437 2300 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINNT\system32\DRIVERS\wanarp.sys

15:17:43.0515 2300 Wanarp - ok

15:17:43.0515 2300 WDICA - ok

15:17:43.0531 2300 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINNT\system32\drivers\wdmaud.sys

15:17:43.0625 2300 wdmaud - ok

15:17:43.0625 2300 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINNT\System32\webclnt.dll

15:17:43.0718 2300 WebClient - ok

15:17:43.0734 2300 [ 96AFF1738271755A39B52EEF7E35F98F ] winachsf C:\WINNT\system32\DRIVERS\HSF_CNXT.sys

15:17:43.0765 2300 winachsf - ok

15:17:43.0843 2300 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINNT\system32\wbem\WMIsvc.dll

15:17:43.0921 2300 winmgmt - ok

15:17:43.0968 2300 [ 4307641CA3389A210295FDFFD2A73DEE ] WLANKEEPER C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

15:17:43.0984 2300 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning

15:17:43.0984 2300 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)

15:17:44.0031 2300 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINNT\system32\MsPMSNSv.dll

15:17:44.0046 2300 WmdmPmSN - ok

15:17:44.0109 2300 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINNT\System32\advapi32.dll

15:17:44.0156 2300 Wmi - ok

15:17:44.0203 2300 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINNT\system32\DRIVERS\wmiacpi.sys

15:17:44.0296 2300 WmiAcpi - ok

15:17:44.0343 2300 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINNT\system32\wbem\wmiapsrv.exe

15:17:44.0453 2300 WmiApSrv - ok

15:17:44.0562 2300 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

15:17:44.0609 2300 WMPNetworkSvc - ok

15:17:44.0656 2300 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINNT\system32\DRIVERS\wpdusb.sys

15:17:44.0671 2300 WpdUsb - ok

15:17:44.0703 2300 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINNT\system32\wscsvc.dll

15:17:44.0828 2300 wscsvc - ok

15:17:44.0828 2300 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINNT\system32\wuauserv.dll

15:17:44.0984 2300 wuauserv - ok

15:17:45.0015 2300 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINNT\system32\DRIVERS\WudfPf.sys

15:17:45.0046 2300 WudfPf - ok

15:17:45.0046 2300 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINNT\system32\DRIVERS\wudfrd.sys

15:17:45.0093 2300 WudfRd - ok

15:17:45.0109 2300 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINNT\System32\WUDFSvc.dll

15:17:45.0140 2300 WudfSvc - ok

15:17:45.0156 2300 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINNT\System32\wzcsvc.dll

15:17:45.0250 2300 WZCSVC - ok

15:17:45.0265 2300 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINNT\System32\xmlprov.dll

15:17:45.0343 2300 xmlprov - ok

15:17:45.0359 2300 ================ Scan global ===============================

15:17:45.0390 2300 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINNT\system32\basesrv.dll

15:17:45.0468 2300 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINNT\system32\winsrv.dll

15:17:45.0484 2300 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINNT\system32\winsrv.dll

15:17:45.0500 2300 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINNT\system32\services.exe

15:17:45.0500 2300 [Global] - ok

15:17:45.0500 2300 ================ Scan MBR ==================================

15:17:45.0531 2300 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0

15:17:45.0718 2300 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

15:17:45.0718 2300 \Device\Harddisk0\DR0 - detected TDSS File System (1)

15:17:45.0718 2300 ================ Scan VBR ==================================

15:17:45.0718 2300 [ F23887E2925FC9A644B88C19D251002E ] \Device\Harddisk0\DR0\Partition1

15:17:45.0718 2300 \Device\Harddisk0\DR0\Partition1 - ok

15:17:45.0718 2300 ============================================================

15:17:45.0718 2300 Scan finished

15:17:45.0718 2300 ============================================================

15:17:45.0718 3076 Detected object count: 14

15:17:45.0718 3076 Actual detected object count: 14

15:19:57.0281 3076 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user

15:19:57.0281 3076 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:19:57.0281 3076 HP Port Resolver ( UnsignedFile.Multi.Generic ) - skipped by user

15:19:57.0281 3076 HP Port Resolver ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:19:57.0281 3076 HP Status Server ( UnsignedFile.Multi.Generic ) - skipped by user

15:19:57.0281 3076 HP Status Server ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:19:57.0296 3076 MDM ( UnsignedFile.Multi.Generic ) - skipped by user

15:19:57.0296 3076 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:19:57.0296 3076 nipplpt2 ( UnsignedFile.Multi.Generic ) - skipped by user

15:19:57.0296 3076 nipplpt2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:19:57.0296 3076 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user

15:19:57.0296 3076 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:19:57.0296 3076 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user

15:19:57.0296 3076 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:19:57.0296 3076 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

15:19:57.0296 3076 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:19:57.0296 3076 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user

15:19:57.0296 3076 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:19:57.0312 3076 STacSV ( UnsignedFile.Multi.Generic ) - skipped by user

15:19:57.0312 3076 STacSV ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:19:57.0312 3076 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user

15:19:57.0312 3076 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:19:57.0312 3076 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user

15:19:57.0312 3076 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:19:57.0312 3076 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user

15:19:57.0312 3076 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:19:57.0312 3076 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

15:19:57.0312 3076 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

15:20:01.0015 3448 Deinitialize success

Link to post
Share on other sites

Run TDSSKiller again and choose Delete for this one only: (no need to post the log)

15:19:57.0312 3076 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

15:19:57.0312 3076 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

~~~~~~~~~~~~~~~~

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Here is combofix. txt what does all this mean? Also it couldnt install system restore when scanning or something how do i deal with this since some files were deleted after the scan?

ComboFix 12-08-22.03 - WCC User 08/22/2012 17:22:26.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1429 [GMT -5:00]

Running from: c:\documents and settings\WCC User\My Documents\ComboFix.exe

AV: Sophos Anti-Virus *Disabled/Outdated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\WCC User\Desktop\Download programs.url

c:\documents and settings\WCC User\Desktop\Games.url

c:\documents and settings\WCC User\Desktop\Translator.url

c:\documents and settings\WCC User\Desktop\Videos.url

c:\documents and settings\WCC User\Favorites\Download programs.url

c:\documents and settings\WCC User\Favorites\Games.url

c:\documents and settings\WCC User\Favorites\Translator.url

c:\documents and settings\WCC User\Favorites\Videos.url

c:\documents and settings\WCC User\gta3.exe

c:\documents and settings\WCC User\Local Settings\Application Data\{43C7B45A-A2E1-49DC-B148-392BD76B7808}

c:\documents and settings\WCC User\Local Settings\Application Data\{43C7B45A-A2E1-49DC-B148-392BD76B7808}\chrome.manifest

c:\documents and settings\WCC User\Local Settings\Application Data\{43C7B45A-A2E1-49DC-B148-392BD76B7808}\chrome\content\overlay.xul

c:\documents and settings\WCC User\Local Settings\Application Data\{43C7B45A-A2E1-49DC-B148-392BD76B7808}\install.rdf

c:\documents and settings\WCC User\myth.acm

c:\documents and settings\WCC User\mythxpak.exe

c:\documents and settings\WCC User\mythXuha.exe

c:\documents and settings\WCC User\Start Menu\Programs\Download programs.url

c:\documents and settings\WCC User\Start Menu\Programs\Games.url

c:\documents and settings\WCC User\Start Menu\Programs\Translator.url

c:\documents and settings\WCC User\Start Menu\Programs\Videos.url

c:\winnt\system32\AegisI5Installer.exe

c:\winnt\system32\URTTemp

c:\winnt\system32\URTTemp\fusion.dll

c:\winnt\system32\URTTemp\mscoree.dll

c:\winnt\system32\URTTemp\mscoree.dll.local

c:\winnt\system32\URTTemp\mscorsn.dll

c:\winnt\system32\URTTemp\mscorwks.dll

c:\winnt\system32\URTTemp\msvcr71.dll

c:\winnt\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))

.

.

2012-08-22 22:08 . 2012-08-22 22:08 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-18 04:33 . 2012-08-18 04:33 149272 ----a-w- c:\winnt\system32\drivers\dwprot.sys

2012-08-18 04:00 . 2012-08-18 04:00 -------- d-----w- c:\documents and settings\WCC User\Doctor Web

2012-08-18 02:16 . 2012-08-18 02:16 -------- d-----w- c:\documents and settings\WCC User\DoctorWeb

2012-08-18 01:54 . 2012-08-18 01:54 -------- d-----w- c:\documents and settings\WCC User\Local Settings\Application Data\Sun

2012-08-18 01:53 . 2012-08-18 01:53 -------- d-----w- c:\program files\Common Files\Java

2012-08-18 01:53 . 2012-08-18 01:53 -------- d-----w- c:\program files\Oracle

2012-08-18 01:53 . 2012-08-18 01:53 -------- d-----w- c:\documents and settings\WCC User\Application Data\Oracle

2012-08-18 01:53 . 2012-07-06 03:07 143872 ----a-w- c:\winnt\system32\javacpl.cpl

2012-08-18 01:53 . 2012-07-06 03:06 772544 ----a-w- c:\winnt\system32\npDeployJava1.dll

2012-08-18 01:52 . 2012-08-18 01:52 -------- d-----w- c:\program files\Java

2012-08-18 01:52 . 2012-08-18 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2012-07-29 01:19 . 2012-07-29 01:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 02:19 . 2012-07-19 01:50 70344 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl

2012-08-15 02:19 . 2012-07-19 01:50 426184 ----a-w- c:\winnt\system32\FlashPlayerApp.exe

2012-07-06 13:58 . 1980-01-01 00:00 78336 ----a-w- c:\winnt\system32\browser.dll

2012-07-04 14:05 . 2007-11-28 17:38 139784 ----a-w- c:\winnt\system32\drivers\rdpwd.sys

2012-07-03 18:46 . 2011-04-26 23:43 22344 ----a-w- c:\winnt\system32\drivers\mbam.sys

2012-07-03 13:40 . 1980-01-01 00:00 1866112 ----a-w- c:\winnt\system32\win32k.sys

2012-07-02 17:49 . 1980-01-01 00:00 916992 ----a-w- c:\winnt\system32\wininet.dll

2012-07-02 17:49 . 1980-01-01 00:00 43520 ------w- c:\winnt\system32\licmgr10.dll

2012-07-02 17:49 . 1980-01-01 00:00 1469440 ------w- c:\winnt\system32\inetcpl.cpl

2012-07-02 12:05 . 1980-01-01 00:00 385024 ------w- c:\winnt\system32\html.iec

2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:\winnt\system32\MSCOMCTL.OCX

2012-06-05 15:50 . 2007-05-15 21:43 1372672 ----a-w- c:\winnt\system32\msxml6.dll

2012-06-05 15:50 . 1980-01-01 00:00 1172480 ----a-w- c:\winnt\system32\msxml3.dll

2012-06-04 22:35 . 2007-11-28 17:38 210968 ----a-w- c:\winnt\system32\wuweb.dll

2012-06-04 22:35 . 2007-07-31 01:18 222448 ----a-w- c:\winnt\system32\muweb.dll

2012-06-04 04:32 . 1980-01-01 00:00 152576 ----a-w- c:\winnt\system32\schannel.dll

2012-06-02 20:19 . 2007-11-28 20:32 22040 ----a-w- c:\winnt\system32\wucltui.dll.mui

2012-06-02 20:19 . 2007-11-28 20:32 15384 ----a-w- c:\winnt\system32\wuaucpl.cpl.mui

2012-06-02 20:19 . 2007-11-28 17:38 329240 ----a-w- c:\winnt\system32\wucltui.dll

2012-06-02 20:19 . 2007-11-28 17:38 219160 ----a-w- c:\winnt\system32\wuaucpl.cpl

2012-06-02 20:19 . 2012-07-14 00:39 15384 ----a-w- c:\winnt\system32\wuapi.dll.mui

2012-06-02 20:19 . 2007-11-28 20:32 45080 ----a-w- c:\winnt\system32\wups2.dll

2012-06-02 20:19 . 2007-11-28 17:38 53784 ----a-w- c:\winnt\system32\wuauclt.exe

2012-06-02 20:19 . 2007-11-28 17:38 35864 ----a-w- c:\winnt\system32\wups.dll

2012-06-02 20:19 . 1980-01-01 00:00 97304 ----a-w- c:\winnt\system32\cdm.dll

2012-06-02 20:19 . 2007-11-28 20:32 17944 ----a-w- c:\winnt\system32\wuaueng.dll.mui

2012-06-02 20:19 . 2007-11-28 17:38 577048 ----a-w- c:\winnt\system32\wuapi.dll

2012-06-02 20:19 . 2007-11-28 17:38 1933848 ----a-w- c:\winnt\system32\wuaueng.dll

2012-06-02 20:18 . 2008-08-14 21:30 275696 ----a-w- c:\winnt\system32\mucltui.dll

2012-06-02 20:18 . 2008-08-14 21:30 17136 ----a-w- c:\winnt\system32\mucltui.dll.mui

2012-05-31 13:22 . 1980-01-01 00:00 599040 ----a-w- c:\winnt\system32\crypt32.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-31 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2007-01-25 23:34 159744 ----a-w- c:\program files\Apoint\Apoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 10:42 15360 ----a-w- c:\winnt\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]

2009-01-29 15:43 320168 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2007-05-16 21:50 162584 ----a-w- c:\winnt\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2007-02-12 19:37 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-05-16 21:50 138008 ----a-w- c:\winnt\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]

2007-07-25 22:30 974848 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]

2007-07-25 22:32 823296 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Event Monitor]

2007-09-06 15:45 45056 ----a-w- c:\winnt\system32\iprntlgn.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Tray]

2007-09-06 15:45 40960 ----a-w- c:\winnt\system32\iprntctl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnamon]

2009-01-29 15:43 16040 ----a-w- c:\program files\Lexmark 2600 Series\lxdnamon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe]

2009-01-29 15:43 660136 ----a-w- c:\program files\Lexmark 2600 Series\lxdnmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2007-04-29 01:05 8429568 ----a-w- c:\winnt\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]

2007-04-29 01:05 67584 ----a-w- c:\winnt\system32\nvhotkey.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2007-04-29 01:05 81920 ----a-w- c:\winnt\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2006-10-20 23:23 118784 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2007-05-16 21:50 138008 ----a-w- c:\winnt\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-10-20 02:16 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-02-19 20:26 303104 ----a-w- c:\winnt\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sophos AutoUpdate Monitor]

2010-09-21 16:16 439536 ----a-w- c:\program files\Sophos\AutoUpdate\ALMon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-17 16:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2011-08-31 16:38 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2007-11-28 19:34 151552 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\WINNT\\system32\\lxdncoms.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=

"c:\\WINNT\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=

"c:\\WINNT\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=

"c:\\WINNT\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=

"c:\\WINNT\\system32\\spool\\drivers\\w32x86\\3\\lxdnwbgw.exe"=

.

R0 DwProt;DrWeb Protection;c:\winnt\system32\drivers\dwprot.sys [8/17/2012 11:33 PM 149272]

R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\winnt\system32\drivers\nipplpt.sys [8/28/2008 9:30 AM 34671]

R1 SAVOnAccessControl;SAVOnAccessControl;c:\winnt\system32\drivers\savonaccesscontrol.sys [8/14/2008 3:31 PM 153344]

R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\winnt\system32\drivers\savonaccessfilter.sys [8/14/2008 3:31 PM 24064]

R2 lxdn_device;lxdn_device;c:\winnt\system32\lxdncoms.exe -service --> c:\winnt\system32\lxdncoms.exe -service [?]

R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\winnt\system32\spool\drivers\w32x86\3\lxdnserv.exe [5/17/2011 1:27 PM 98984]

R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/8/2010 10:15 AM 163056]

R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [6/4/2010 6:23 AM 97520]

R2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [10/8/2010 10:15 AM 1541360]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 1:41 PM 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/18/2012 8:50 PM 250056]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 1:41 PM 135664]

S4 SophosBootDriver;SophosBootDriver;c:\winnt\system32\drivers\SophosBootDriver.sys [10/3/2008 12:35 PM 14976]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-22 c:\winnt\Tasks\Adobe Flash Player Updater.job

- c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-19 02:19]

.

2012-08-18 c:\winnt\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]

.

2012-08-22 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 18:41]

.

2012-08-22 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 18:41]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\WCC User\Application Data\Mozilla\Firefox\Profiles\3ja55s3j.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: XULRunner: {0318A8D4-1E59-4E5F-AEBC-C0D5639ADF9C} - c:\documents and settings\WCC User\Local Settings\Application Data\{0318A8D4-1E59-4E5F-AEBC-C0D5639ADF9C}

FF - Ext: XULRunner: {E393A7B2-53F2-4E74-8B0F-F2719B079DA4} - c:\documents and settings\WCC User\Local Settings\Application Data\{E393A7B2-53F2-4E74-8B0F-F2719B079DA4}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-ares - c:\program files\Ares\Ares.exe

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-ares - c:\program files\Ares\Ares.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-22 17:27

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(844)

c:\winnt\system32\WININET.dll

c:\winnt\system32\ieframe.dll

c:\winnt\system32\webcheck.dll

c:\winnt\system32\WPDShServiceObj.dll

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\winnt\system32\DLAAPI_W.DLL

c:\winnt\system32\CDRTC.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

c:\winnt\system32\PortableDeviceTypes.dll

c:\winnt\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\winnt\System32\SCardSvr.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

c:\winnt\system32\lxdncoms.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Sophos\AutoUpdate\ALsvc.exe

c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\winnt\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2012-08-22 17:30:05 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-22 22:30

.

Pre-Run: 91,994,480,640 bytes free

Post-Run: 93,881,016,320 bytes free

.

- - End Of File - - 834EA65E6A4BA74EE53FCCBF04E9864F

Link to post
Share on other sites

And this also what does it mean?

ORPHANS REMOVED - - - -

.

HKCU-Run-ares - c:\program files\Ares\Ares.exe

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-ares - c:\program files\Ares\Ares.exe

Link to post
Share on other sites

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

You don't have to worry about it.

~~~~~~~~~~~~~~

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

What about the 2nd part about orphans? Also it deleted this from my favorites and desktop, how do i get it back?

c:\documents and settings\WCC User\Desktop\Download programs.url

c:\documents and settings\WCC User\Desktop\Games.url

c:\documents and settings\WCC User\Desktop\Translator.url

c:\documents and settings\WCC User\Desktop\Videos.url

c:\documents and settings\WCC User\Favorites\Download programs.url

c:\documents and settings\WCC User\Favorites\Games.url

c:\documents and settings\WCC User\Favorites\Translator.url

c:\documents and settings\WCC User\Favorites\Videos.url

Link to post
Share on other sites

Here is the MBAM log of the quick scan:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.21.12

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

WCC User :: AC042-010211 [administrator]

8/22/2012 8:10:16 PM

mbam-log-2012-08-22 (20-10-16).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 205975

Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    ComboFix-quarantined-files.txt
    :folderfind
    Qoobox


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Link to post
Share on other sites

Nevermind this is what was posted:

SystemLook 30.07.11 by jpshortstuff

Log created at 20:54 on 22/08/2012 by WCC User

Administrator - Elevation successful

========== filefind ==========

Searching for "ComboFix-quarantined-files.txt "

C:\Qoobox\ComboFix-quarantined-files.txt --a---- 4800 bytes [22:30 22/08/2012] [22:30 22/08/2012] A9059FCF1C0E3522BE9ECB190DFF13F1

========== folderfind ==========

Searching for "Qoobox"

C:\Qoobox d------ [22:20 22/08/2012]

-= EOF =-

Link to post
Share on other sites

Found it, Here it is:

2012-08-22 22:29:35 . 2012-08-22 22:29:35 566 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-ares.reg.dat

2012-08-22 22:29:35 . 2012-08-22 22:29:35 668 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Adobe Reader Speed Launcher.reg.dat

2012-08-22 22:29:29 . 2012-08-22 22:29:29 130 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-ares.reg.dat

2012-08-22 22:24:23 . 2012-08-22 22:24:23 8,431 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2012-08-22 22:20:59 . 2012-08-22 22:20:59 51 ----a-w- C:\Qoobox\Quarantine\catchme.log

2011-04-28 12:27:31 . 2011-04-28 12:27:31 5,954 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Local Settings\Application Data\{43C7B45A-A2E1-49DC-B148-392BD76B7808}\chrome\content\overlay.xul.vir

2011-04-28 12:27:31 . 2011-04-28 12:27:31 764 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Local Settings\Application Data\{43C7B45A-A2E1-49DC-B148-392BD76B7808}\install.rdf.vir

2011-04-28 12:27:30 . 2011-04-28 12:27:30 122 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Local Settings\Application Data\{43C7B45A-A2E1-49DC-B148-392BD76B7808}\chrome.manifest.vir

2009-05-01 19:09:08 . 1998-09-01 20:28:18 297,984 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\myth.acm.vir

2009-05-01 19:09:05 . 2001-12-28 05:00:00 100,864 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\mythXuha.exe.vir

2009-05-01 19:09:05 . 2000-08-07 05:11:04 20,992 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\mythxpak.exe.vir

2009-05-01 19:09:05 . 2002-05-21 22:05:34 2,383,872 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\gta3.exe.vir

2008-10-06 17:30:13 . 2009-09-03 17:49:22 418 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Desktop\Download programs.url.vir

2008-10-06 17:30:13 . 2012-07-25 04:04:45 292 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Favorites\Download programs.url.vir

2008-10-06 17:30:13 . 2008-10-06 17:30:13 292 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Start Menu\Programs\Download programs.url.vir

2008-10-06 17:30:13 . 2010-04-19 18:28:27 510 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Desktop\Translator.url.vir

2008-10-06 17:30:13 . 2008-10-06 17:30:13 366 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Favorites\Games.url.vir

2008-10-06 17:30:13 . 2008-10-06 17:30:13 382 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Favorites\Translator.url.vir

2008-10-06 17:30:13 . 2012-08-22 19:55:04 366 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Start Menu\Programs\Games.url.vir

2008-10-06 17:30:13 . 2008-10-06 17:30:13 382 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Start Menu\Programs\Translator.url.vir

2008-10-06 17:30:13 . 2010-03-08 20:11:18 492 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Desktop\Games.url.vir

2008-10-06 17:30:13 . 2008-10-06 17:30:13 370 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Favorites\Videos.url.vir

2008-10-06 17:30:13 . 2008-10-06 17:30:13 370 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Start Menu\Programs\Videos.url.vir

2008-10-06 17:30:13 . 2009-09-15 18:12:49 496 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Desktop\Videos.url.vir

2007-11-28 21:10:08 . 2007-11-28 21:10:08 0 ----a-w- C:\Qoobox\Quarantine\C\WINNT\system32\URTTemp\mscoree.dll.local.vir

2007-11-28 21:10:08 . 2003-02-21 10:42:22 348,160 ----a-w- C:\Qoobox\Quarantine\C\WINNT\system32\URTTemp\msvcr71.dll.vir

2007-11-28 21:10:08 . 2003-02-21 01:09:18 77,824 ----a-w- C:\Qoobox\Quarantine\C\WINNT\system32\URTTemp\mscorsn.dll.vir

2007-11-28 21:10:08 . 2003-02-21 01:08:32 2,482,176 ----a-w- C:\Qoobox\Quarantine\C\WINNT\system32\URTTemp\mscorwks.dll.vir

2007-11-28 21:10:08 . 2003-02-21 01:06:24 155,648 ----a-w- C:\Qoobox\Quarantine\C\WINNT\system32\URTTemp\mscoree.dll.vir

2007-11-28 21:10:08 . 2003-02-21 01:06:20 282,624 ----a-w- C:\Qoobox\Quarantine\C\WINNT\system32\URTTemp\fusion.dll.vir

2007-11-28 19:07:39 . 2007-11-28 19:07:39 356,352 ----a-w- C:\Qoobox\Quarantine\C\WINNT\system32\AegisI5Installer.exe.vir

2003-02-21 11:16:08 . 2003-02-21 11:16:08 49,152 ----a-w- C:\Qoobox\Quarantine\C\WINNT\system32\URTTemp\regtlib.exe.vir

Link to post
Share on other sites

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

DEQUARANTINE::

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Desktop\Download programs.url.vir

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Favorites\Download programs.url.vir

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Start Menu\Programs\Download programs.url.vir

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Desktop\Translator.url.vir

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Favorites\Games.url.vir

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Favorites\Translator.url.vir

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Start Menu\Programs\Games.url.vir

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Start Menu\Programs\Translator.url.vir

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Desktop\Games.url.vir

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Favorites\Videos.url.vir

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Start Menu\Programs\Videos.url.vir

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Desktop\Videos.url.vir

Quit::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

Got the same info as above i think, weird it just brought it all back w/out a reboot or anything just poof they were back with this on a notepad:

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Desktop\Download programs.url.vir -> C:\Documents and Settings\WCC User\Desktop\Download programs.url ( 418 bytes )

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Desktop\Games.url.vir -> C:\Documents and Settings\WCC User\Desktop\Games.url ( 492 bytes )

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Desktop\Translator.url.vir -> C:\Documents and Settings\WCC User\Desktop\Translator.url ( 510 bytes )

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Desktop\Videos.url.vir -> C:\Documents and Settings\WCC User\Desktop\Videos.url ( 496 bytes )

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Favorites\Download programs.url.vir -> C:\Documents and Settings\WCC User\Favorites\Download programs.url ( 292 bytes )

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Favorites\Games.url.vir -> C:\Documents and Settings\WCC User\Favorites\Games.url ( 366 bytes )

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Favorites\Translator.url.vir -> C:\Documents and Settings\WCC User\Favorites\Translator.url ( 382 bytes )

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Favorites\Videos.url.vir -> C:\Documents and Settings\WCC User\Favorites\Videos.url ( 370 bytes )

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Start Menu\Programs\Download programs.url.vir -> C:\Documents and Settings\WCC User\Start Menu\Programs\Download programs.url ( 292 bytes )

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Start Menu\Programs\Games.url.vir -> C:\Documents and Settings\WCC User\Start Menu\Programs\Games.url ( 366 bytes )

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Start Menu\Programs\Translator.url.vir -> C:\Documents and Settings\WCC User\Start Menu\Programs\Translator.url ( 382 bytes )

C:\Qoobox\Quarantine\C\Documents and Settings\WCC User\Start Menu\Programs\Videos.url.vir -> C:\Documents and Settings\WCC User\Start Menu\Programs\Videos.url ( 370 bytes )

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.