Jump to content

Mbam fails due to MSVBVM60.dll missing/ZERO Access


dkarst

Recommended Posts

First a little background, have been using Malwarebytes for few years... great product. I normally update and scan weekly and did last week. weekly a quick scan and maybe monthly a full scan. This morning went through my usual update and scan routine and it came up with "failed to start due to msvbvm60.dll not found, reinstalling the application may fix this problem". So I did an un-install and reinstall and a few reboots and still stuck. I have been running clean for a long time so posted the requested files over in the general malware help sort of section and the person responded that I have a nasty rootkit and pointed me here. The only thing that I know of new is Firefox 18.0.1 is new in last couple days but that seems unrelated. I have checked and I have a the file msvbvm60.dll and it has an old date so don't think it has been altered. I can't get mbam to run so ran the dds and will attach here. I saw in another of your old forum posts you recommended using -->Service Pack 6 for Visual Basic 6.0: Run-Time Redistribution Pack (vbrun60sp6.exe) but I want to behave and only take the directions you provide for my specific problem. thanks

attach.txt

dds.txt

Link to post
Share on other sites

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

Hello dkarst.

Always Copy All contents of the logs and Paste directly into main body of reply.

Do not attach logs.

Make very sure you understand the significance of the backdoor trojan warning (suspected Zero Access infection) given to you earlier by Advancedsetup :excl:

Do not do any websurfing, online shopping, online banking, nor online games !

Only go to this forum and the websites I guide you to.

Consider this system as being "in Quarantine". Do not use it for any other normal usage.

IF this is not a home system, or a personal system, please let me know.

IF this system is used for business, stop and let me know.

Do as much as possible of the following :excl:

Start NOTEPAD. Check and make sure "word wrap" is off.

From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.

IF it -is- checkmarked, click that one time so that it is un-checked.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


  • Link 2
    Link 3
    Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a new reply.

More Information about Rkill can be found at this link: http://www.bleepingc...opic308364.html

Step 4

Download Security Check by screen317 and save it to your Desktop: here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here into a new reply.

Step 6

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.

Step 7

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from RKILL & TDSSKILLER & RogueKiller log.

Use separate replies as needed if logs do not fit into one reply box.

Always Copy All contents of the logs and Paste directly into main body of reply.

Do not attach logs.

Link to post
Share on other sites

Thanks for help, sorry I attached files earlier. I followed instructions but don't see a log.txt or info.txt

here is rkill

Rkill 2.4.6 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/21/2013 06:38:06 AM in x86 mode.

Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\IFXTCS.exe (PID: 2036) [WD-HEUR]

* C:\WINDOWS\system32\IFXSPMGT.exe (PID: 1156) [WD-HEUR]

* C:\WINDOWS\system32\AccelerometerSt.exe (PID: 2592) [WD-HEUR]

* C:\WINDOWS\System32\DLA\DLACTRLW.EXE (PID: 3096) [WD-HEUR]

* C:\WINDOWS\SMINST\Scheduler.exe (PID: 3336) [WD-HEUR]

* C:\WINDOWS\keyacc32.exe (PID: 5620) [WD-HEUR]

6 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* wscsvc [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.

* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 www.10sek.com

127.0.0.1 10sek.com

127.0.0.1 www.123topsearch.com

127.0.0.1 123topsearch.com

127.0.0.1 www.132.com

20 out of 10550 HOSTS entries shown.

Please review HOSTS file for further entries.

Program finished at: 01/21/2013 06:38:48 AM

Execution time: 0 hours(s), 0 minute(s), and 41 seconds(s)

TDSSKiller report here: it said no threats found

06:46:06.0195 5732 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

06:46:06.0523 5732 ============================================================

06:46:06.0523 5732 Current date / time: 2013/01/21 06:46:06.0523

06:46:06.0523 5732 SystemInfo:

06:46:06.0523 5732

06:46:06.0523 5732 OS Version: 5.1.2600 ServicePack: 3.0

06:46:06.0523 5732 Product type: Workstation

06:46:06.0523 5732 ComputerName: HYLAS-LT-005

06:46:06.0523 5732 UserName: DKarst

06:46:06.0523 5732 Windows directory: C:\WINDOWS

06:46:06.0523 5732 System windows directory: C:\WINDOWS

06:46:06.0523 5732 Processor architecture: Intel x86

06:46:06.0523 5732 Number of processors: 2

06:46:06.0523 5732 Page size: 0x1000

06:46:06.0523 5732 Boot type: Normal boot

06:46:06.0523 5732 ============================================================

06:46:06.0851 5732 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050

06:46:06.0851 5732 Drive \Device\Harddisk1\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

06:46:17.0351 5732 ============================================================

06:46:17.0351 5732 \Device\Harddisk0\DR0:

06:46:17.0351 5732 MBR partitions:

06:46:17.0351 5732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8720271

06:46:17.0351 5732 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x87202B0, BlocksNum 0xDEDE60

06:46:17.0351 5732 \Device\Harddisk1\DR3:

06:46:17.0351 5732 MBR partitions:

06:46:17.0351 5732 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02

06:46:17.0351 5732 ============================================================

06:46:17.0367 5732 C: <-> \Device\Harddisk0\DR0\Partition1

06:46:17.0382 5732 E: <-> \Device\Harddisk0\DR0\Partition2

06:46:17.0429 5732 F: <-> \Device\Harddisk1\DR3\Partition1

06:46:17.0429 5732 ============================================================

06:46:17.0429 5732 Initialize success

06:46:17.0429 5732 ============================================================

06:46:25.0429 5296 ============================================================

06:46:25.0429 5296 Scan started

06:46:25.0429 5296 Mode: Manual;

06:46:25.0429 5296 ============================================================

06:46:25.0711 5296 ================ Scan system memory ========================

06:46:28.0617 5296 System memory - ok

06:46:28.0617 5296 ================ Scan services =============================

06:46:28.0883 5296 Abiosdsk - ok

06:46:28.0898 5296 abp480n5 - ok

06:46:28.0945 5296 [ 2AD11B75224BC6C54735FB6853105B8B ] Accelerometer C:\WINDOWS\system32\DRIVERS\Accelerometer.sys

06:46:28.0945 5296 Accelerometer - ok

06:46:28.0992 5296 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

06:46:28.0992 5296 ACPI - ok

06:46:29.0070 5296 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

06:46:29.0070 5296 ACPIEC - ok

06:46:29.0133 5296 [ 761D5BBDB6A5867C9F8EBBB545AF7B34 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys

06:46:29.0133 5296 ADIHdAudAddService - ok

06:46:29.0242 5296 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

06:46:29.0242 5296 AdobeFlashPlayerUpdateSvc - ok

06:46:29.0258 5296 adpu160m - ok

06:46:29.0320 5296 [ C984DE22ED71414ABC42C1E03D412E33 ] AEAudioService C:\WINDOWS\system32\drivers\AEAudio.sys

06:46:29.0320 5296 AEAudioService - ok

06:46:29.0351 5296 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

06:46:29.0351 5296 aec - ok

06:46:29.0398 5296 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

06:46:29.0398 5296 AFD - ok

06:46:29.0445 5296 [ 9C7B1314D5E1212BD3D654177C06E24D ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys

06:46:29.0508 5296 AgereSoftModem - ok

06:46:29.0508 5296 Aha154x - ok

06:46:29.0523 5296 aic78u2 - ok

06:46:29.0523 5296 aic78xx - ok

06:46:29.0586 5296 [ 4ED4CE78A42070CB041C208CA53ED70A ] akshasp C:\WINDOWS\system32\DRIVERS\akshasp.sys

06:46:29.0586 5296 akshasp - ok

06:46:29.0633 5296 [ 2FA8CBCBD795014267BE5F60BB8474C0 ] aksusb C:\WINDOWS\system32\DRIVERS\aksusb.sys

06:46:29.0633 5296 aksusb - ok

06:46:29.0680 5296 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

06:46:29.0680 5296 Alerter - ok

06:46:29.0711 5296 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

06:46:29.0711 5296 ALG - ok

06:46:29.0726 5296 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys

06:46:29.0742 5296 AliIde - ok

06:46:29.0742 5296 amsint - ok

06:46:29.0851 5296 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

06:46:29.0851 5296 Apple Mobile Device - ok

06:46:29.0883 5296 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

06:46:29.0898 5296 AppMgmt - ok

06:46:29.0930 5296 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

06:46:29.0930 5296 Arp1394 - ok

06:46:29.0930 5296 asc - ok

06:46:29.0945 5296 asc3350p - ok

06:46:29.0961 5296 asc3550 - ok

06:46:30.0101 5296 [ 47589CC135E28532AFC39394BBF87F0D ] ASChannel C:\Program Files\HPQ\IAM\Bin\ASChnl.dll

06:46:30.0117 5296 ASChannel - ok

06:46:30.0258 5296 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

06:46:30.0320 5296 aspnet_state - ok

06:46:30.0336 5296 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

06:46:30.0336 5296 AsyncMac - ok

06:46:30.0351 5296 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

06:46:30.0351 5296 atapi - ok

06:46:30.0367 5296 Atdisk - ok

06:46:30.0414 5296 [ 39BE36B74B2D17B336146E82373E0396 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

06:46:30.0414 5296 Ati HotKey Poller - ok

06:46:30.0539 5296 [ 6B618C7764E03A78599D74E31B8AB17B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

06:46:30.0664 5296 ati2mtag - ok

06:46:30.0695 5296 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

06:46:30.0695 5296 Atmarpc - ok

06:46:30.0758 5296 [ 56E6740FCBD672CF61FA8CDAA607FFD5 ] ATSWPDRV C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys

06:46:30.0758 5296 ATSWPDRV - ok

06:46:30.0805 5296 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

06:46:30.0805 5296 AudioSrv - ok

06:46:30.0851 5296 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

06:46:30.0851 5296 audstub - ok

06:46:30.0914 5296 [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys

06:46:30.0914 5296 b57w2k - ok

06:46:30.0976 5296 [ 55FED228FE147ECB9C47A1C55388896E ] Basics Service C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe

06:46:30.0976 5296 Basics Service - ok

06:46:30.0992 5296 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

06:46:30.0992 5296 Beep - ok

06:46:31.0055 5296 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

06:46:31.0195 5296 BITS - ok

06:46:31.0289 5296 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

06:46:31.0305 5296 Bonjour Service - ok

06:46:31.0336 5296 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

06:46:31.0351 5296 Browser - ok

06:46:31.0383 5296 [ 00C8988DA469E4AC087539BD77420123 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys

06:46:31.0383 5296 BTWUSB - ok

06:46:31.0430 5296 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

06:46:31.0430 5296 cbidf2k - ok

06:46:31.0492 5296 [ 20F89E232173985A455BC9A5F70D1166 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe

06:46:31.0492 5296 CCALib8 - ok

06:46:31.0586 5296 [ 0A6786C95A6F8715AA4285E3C27F201F ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

06:46:31.0601 5296 ccEvtMgr - ok

06:46:31.0664 5296 [ 3B4898CF051BB04FB76E94361E336A83 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

06:46:31.0664 5296 ccSetMgr - ok

06:46:31.0664 5296 cd20xrnt - ok

06:46:31.0695 5296 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

06:46:31.0695 5296 Cdaudio - ok

06:46:31.0742 5296 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

06:46:31.0742 5296 Cdfs - ok

06:46:31.0758 5296 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

06:46:31.0758 5296 Cdrom - ok

06:46:31.0758 5296 Changer - ok

06:46:31.0789 5296 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

06:46:31.0789 5296 CiSvc - ok

06:46:31.0820 5296 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

06:46:31.0820 5296 ClipSrv - ok

06:46:31.0867 5296 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

06:46:32.0055 5296 clr_optimization_v2.0.50727_32 - ok

06:46:32.0101 5296 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

06:46:32.0117 5296 clr_optimization_v4.0.30319_32 - ok

06:46:32.0148 5296 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys

06:46:32.0148 5296 CmBatt - ok

06:46:32.0148 5296 CmdIde - ok

06:46:32.0164 5296 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys

06:46:32.0180 5296 Compbatt - ok

06:46:32.0180 5296 COMSysApp - ok

06:46:32.0211 5296 Cpqarray - ok

06:46:32.0242 5296 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

06:46:32.0242 5296 CryptSvc - ok

06:46:32.0305 5296 [ 5C706C06C1279952D2CC1A609CA948BF ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys

06:46:32.0305 5296 CVirtA - ok

06:46:32.0445 5296 [ C64D9A84723E874BF5168D7BF420F85D ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

06:46:32.0523 5296 CVPND - ok

06:46:32.0570 5296 [ 03516F6D3B8C91C919DE622196A84BCE ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

06:46:32.0570 5296 CVPNDRVA - ok

06:46:32.0586 5296 dac2w2k - ok

06:46:32.0586 5296 dac960nt - ok

06:46:32.0664 5296 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

06:46:32.0664 5296 DcomLaunch - ok

06:46:32.0773 5296 [ 1F709C66D8AADFF35530C56EE261C462 ] DefWatch C:\Program Files\Symantec AntiVirus\DefWatch.exe

06:46:32.0773 5296 DefWatch - ok

06:46:32.0820 5296 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

06:46:32.0820 5296 Dhcp - ok

06:46:32.0851 5296 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

06:46:32.0851 5296 Disk - ok

06:46:32.0945 5296 [ 244B6285B14E06A9BA81B3ED9B9A3B38 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS

06:46:32.0945 5296 DLABOIOM - ok

06:46:32.0976 5296 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

06:46:32.0976 5296 DLACDBHM - ok

06:46:32.0992 5296 [ 33B2C320B886D4E6E7780796731E405B ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS

06:46:32.0992 5296 DLADResN - ok

06:46:33.0023 5296 [ 46CDF41AB0F616168F2C03EDB590643A ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

06:46:33.0023 5296 DLAIFS_M - ok

06:46:33.0039 5296 [ 94F39387819A9AE05C788CFD7EA4E16B ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

06:46:33.0039 5296 DLAOPIOM - ok

06:46:33.0039 5296 [ F4DCC4DF6B27EE4E3D08258ECDDECB1F ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS

06:46:33.0055 5296 DLAPoolM - ok

06:46:33.0055 5296 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

06:46:33.0055 5296 DLARTL_N - ok

06:46:33.0070 5296 [ BDE11A8C697C5E22AEDF34CA3FDB5940 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

06:46:33.0070 5296 DLAUDFAM - ok

06:46:33.0086 5296 [ 069D67EED1CEC572DC28CB5582B5AA96 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

06:46:33.0086 5296 DLAUDF_M - ok

06:46:33.0101 5296 dmadmin - ok

06:46:33.0164 5296 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

06:46:33.0164 5296 dmboot - ok

06:46:33.0211 5296 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

06:46:33.0211 5296 dmio - ok

06:46:33.0242 5296 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

06:46:33.0242 5296 dmload - ok

06:46:33.0289 5296 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

06:46:33.0289 5296 dmserver - ok

06:46:33.0305 5296 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

06:46:33.0305 5296 DMusic - ok

06:46:33.0351 5296 [ 8101650993B2F79118D2BF24402C390D ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys

06:46:33.0351 5296 DNE - ok

06:46:33.0398 5296 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

06:46:33.0398 5296 Dnscache - ok

06:46:33.0430 5296 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

06:46:33.0430 5296 Dot3svc - ok

06:46:33.0445 5296 dpti2o - ok

06:46:33.0461 5296 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

06:46:33.0461 5296 drmkaud - ok

06:46:33.0476 5296 [ FE923D5529144D47B907663D2838C032 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

06:46:33.0476 5296 DRVMCDB - ok

06:46:33.0539 5296 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

06:46:33.0539 5296 DRVNDDM - ok

06:46:33.0586 5296 [ B5CB3084046146FD2587D8C9B219FEB4 ] eabfiltr C:\WINDOWS\system32\DRIVERS\eabfiltr.sys

06:46:33.0601 5296 eabfiltr - ok

06:46:33.0601 5296 [ 231F4547AE1E4B3E60ECA66C3A96D218 ] eabusb C:\WINDOWS\system32\DRIVERS\eabusb.sys

06:46:33.0601 5296 eabusb - ok

06:46:33.0617 5296 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

06:46:33.0617 5296 EapHost - ok

06:46:33.0695 5296 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

06:46:33.0695 5296 eeCtrl - ok

06:46:33.0742 5296 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

06:46:33.0742 5296 EraserUtilRebootDrv - ok

06:46:33.0773 5296 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

06:46:33.0773 5296 ERSvc - ok

06:46:33.0805 5296 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

06:46:33.0820 5296 Eventlog - ok

06:46:33.0836 5296 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

06:46:33.0836 5296 EventSystem - ok

06:46:33.0867 5296 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

06:46:33.0867 5296 Fastfat - ok

06:46:33.0898 5296 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

06:46:33.0914 5296 FastUserSwitchingCompatibility - ok

06:46:33.0945 5296 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

06:46:33.0945 5296 Fdc - ok

06:46:33.0961 5296 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

06:46:33.0961 5296 Fips - ok

06:46:33.0976 5296 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

06:46:33.0976 5296 Flpydisk - ok

06:46:34.0008 5296 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

06:46:34.0008 5296 FltMgr - ok

06:46:34.0117 5296 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

06:46:34.0117 5296 FontCache3.0.0.0 - ok

06:46:34.0164 5296 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

06:46:34.0164 5296 Fs_Rec - ok

06:46:34.0180 5296 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

06:46:34.0180 5296 Ftdisk - ok

06:46:34.0211 5296 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

06:46:34.0211 5296 GEARAspiWDM - ok

06:46:34.0242 5296 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

06:46:34.0258 5296 Gpc - ok

06:46:34.0305 5296 [ B6B1F53F585B41091EB3586F8297A379 ] GTIPCI21 C:\WINDOWS\system32\DRIVERS\gtipci21.sys

06:46:34.0305 5296 GTIPCI21 - ok

06:46:34.0414 5296 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

06:46:34.0414 5296 gupdate - ok

06:46:34.0430 5296 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

06:46:34.0430 5296 gupdatem - ok

06:46:34.0492 5296 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

06:46:34.0492 5296 gusvc - ok

06:46:34.0570 5296 [ ED32D389F8B0E74E400932E020BCFBDF ] Hardlock C:\WINDOWS\system32\drivers\hardlock.sys

06:46:34.0617 5296 Hardlock - ok

06:46:34.0664 5296 [ 2DD25F060DC9F79B5CDF33D90ED93669 ] Haspnt C:\WINDOWS\system32\drivers\Haspnt.sys

06:46:34.0664 5296 Haspnt - ok

06:46:34.0711 5296 [ 4D4D97671C63C3AF869B3518E6054204 ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

06:46:34.0711 5296 HBtnKey - ok

06:46:34.0742 5296 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

06:46:34.0742 5296 HDAudBus - ok

06:46:34.0883 5296 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

06:46:34.0883 5296 helpsvc - ok

06:46:34.0930 5296 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

06:46:34.0930 5296 HidServ - ok

06:46:34.0976 5296 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

06:46:34.0976 5296 HidUsb - ok

06:46:35.0008 5296 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

06:46:35.0023 5296 hkmsvc - ok

06:46:35.0039 5296 [ B5E68A5D9E0AAC82E4DDD340E1F0274A ] hpdskflt C:\WINDOWS\system32\DRIVERS\hpdskflt.sys

06:46:35.0039 5296 hpdskflt - ok

06:46:35.0039 5296 hpn - ok

06:46:35.0148 5296 [ A56D9D6B31A648CD5D3ACE7E09757600 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

06:46:35.0148 5296 hpqwmiex - ok

06:46:35.0195 5296 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

06:46:35.0195 5296 HTTP - ok

06:46:35.0226 5296 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

06:46:35.0226 5296 HTTPFilter - ok

06:46:35.0226 5296 i2omgmt - ok

06:46:35.0242 5296 i2omp - ok

06:46:35.0258 5296 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

06:46:35.0258 5296 i8042prt - ok

06:46:35.0351 5296 [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys

06:46:35.0351 5296 iaStor - ok

06:46:35.0430 5296 [ 6F95324909B502E2651442C1548AB12F ] IDriverT c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

06:46:35.0445 5296 IDriverT - ok

06:46:35.0539 5296 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

06:46:35.0586 5296 idsvc - ok

06:46:35.0664 5296 [ FF9F7B9FD77A6F26BDE91A33A348404C ] IFXSpMgtSrv C:\WINDOWS\system32\IFXSPMGT.exe

06:46:35.0664 5296 IFXSpMgtSrv - ok

06:46:35.0742 5296 [ E80B373A6B42C2274AE85379173F0204 ] IFXTCS C:\WINDOWS\system32\IFXTCS.exe

06:46:35.0742 5296 IFXTCS - ok

06:46:35.0789 5296 [ 0B556E950404D90D097C687E65238730 ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS

06:46:35.0789 5296 IFXTPM - ok

06:46:35.0820 5296 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

06:46:35.0820 5296 Imapi - ok

06:46:35.0851 5296 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

06:46:35.0867 5296 ImapiService - ok

06:46:35.0867 5296 ini910u - ok

06:46:35.0914 5296 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

06:46:35.0914 5296 IntelIde - ok

06:46:35.0961 5296 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

06:46:35.0961 5296 intelppm - ok

06:46:36.0039 5296 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

06:46:36.0039 5296 IntuitUpdateService - ok

06:46:36.0101 5296 [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

06:46:36.0101 5296 IntuitUpdateServiceV4 - ok

06:46:36.0117 5296 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

06:46:36.0117 5296 Ip6Fw - ok

06:46:36.0180 5296 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

06:46:36.0180 5296 IpFilterDriver - ok

06:46:36.0195 5296 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

06:46:36.0195 5296 IpInIp - ok

06:46:36.0226 5296 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

06:46:36.0226 5296 IpNat - ok

06:46:36.0273 5296 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

06:46:36.0305 5296 iPod Service - ok

06:46:36.0320 5296 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

06:46:36.0320 5296 IPSec - ok

06:46:36.0320 5296 IPSECSHM - ok

06:46:36.0351 5296 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

06:46:36.0351 5296 IRENUM - ok

06:46:36.0367 5296 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

06:46:36.0367 5296 isapnp - ok

06:46:36.0492 5296 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe

06:46:36.0508 5296 JavaQuickStarterService - ok

06:46:36.0523 5296 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

06:46:36.0523 5296 Kbdclass - ok

06:46:36.0539 5296 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

06:46:36.0539 5296 kbdhid - ok

06:46:36.0570 5296 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

06:46:36.0570 5296 kmixer - ok

06:46:36.0601 5296 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

06:46:36.0601 5296 KSecDD - ok

06:46:36.0648 5296 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

06:46:36.0664 5296 lanmanserver - ok

06:46:36.0711 5296 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

06:46:36.0711 5296 lanmanworkstation - ok

06:46:36.0726 5296 lbrtfdc - ok

06:46:36.0820 5296 [ D30D9547C02ECEE13E259970F71503D7 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

06:46:36.0820 5296 LightScribeService - ok

06:46:37.0055 5296 [ FB3A35318CA7F6A10FA3C3826A69AFFE ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

06:46:37.0180 5296 LiveUpdate - ok

06:46:37.0211 5296 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

06:46:37.0211 5296 LmHosts - ok

06:46:37.0336 5296 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

06:46:37.0336 5296 MDM - ok

06:46:37.0367 5296 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

06:46:37.0367 5296 Messenger - ok

06:46:37.0414 5296 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

06:46:37.0414 5296 mnmdd - ok

06:46:37.0445 5296 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

06:46:37.0445 5296 mnmsrvc - ok

06:46:37.0476 5296 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

06:46:37.0476 5296 Modem - ok

06:46:37.0492 5296 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

06:46:37.0492 5296 Mouclass - ok

06:46:37.0523 5296 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

06:46:37.0523 5296 mouhid - ok

06:46:37.0570 5296 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

06:46:37.0570 5296 MountMgr - ok

06:46:37.0602 5296 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

06:46:37.0602 5296 MozillaMaintenance - ok

06:46:37.0633 5296 [ 70C14F5CCA5CF73F8A645C73A01D8726 ] MQAC C:\WINDOWS\system32\drivers\mqac.sys

06:46:37.0633 5296 MQAC - ok

06:46:37.0648 5296 mraid35x - ok

06:46:37.0664 5296 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

06:46:37.0664 5296 MRxDAV - ok

06:46:37.0727 5296 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

06:46:37.0742 5296 MRxSmb - ok

06:46:37.0789 5296 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

06:46:37.0789 5296 MSDTC - ok

06:46:37.0805 5296 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

06:46:37.0805 5296 Msfs - ok

06:46:37.0820 5296 MSIServer - ok

06:46:37.0836 5296 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

06:46:37.0836 5296 MSKSSRV - ok

06:46:37.0852 5296 [ AFB909B537AAE1BEAE7BBDB6A36D40B0 ] MSMQ C:\WINDOWS\system32\mqsvc.exe

06:46:37.0852 5296 MSMQ - ok

06:46:37.0867 5296 [ 7F955FF3B1BB93376EBE75D5ACCDC6DB ] MSMQTriggers C:\WINDOWS\system32\mqtgsvc.exe

06:46:37.0883 5296 MSMQTriggers - ok

06:46:37.0898 5296 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

06:46:37.0898 5296 MSPCLOCK - ok

06:46:37.0914 5296 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

06:46:37.0930 5296 MSPQM - ok

06:46:37.0945 5296 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

06:46:37.0945 5296 mssmbios - ok

06:46:37.0992 5296 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

06:46:37.0992 5296 Mup - ok

06:46:38.0039 5296 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

06:46:38.0039 5296 napagent - ok

06:46:38.0148 5296 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130118.007\naveng.sys

06:46:38.0148 5296 NAVENG - ok

06:46:38.0258 5296 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130118.007\navex15.sys

06:46:38.0336 5296 NAVEX15 - ok

06:46:38.0367 5296 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

06:46:38.0367 5296 NDIS - ok

06:46:38.0398 5296 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

06:46:38.0398 5296 NdisTapi - ok

06:46:38.0445 5296 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

06:46:38.0445 5296 Ndisuio - ok

06:46:38.0477 5296 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

06:46:38.0477 5296 NdisWan - ok

06:46:38.0523 5296 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

06:46:38.0523 5296 NDProxy - ok

06:46:38.0539 5296 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

06:46:38.0539 5296 NetBIOS - ok

06:46:38.0555 5296 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

06:46:38.0555 5296 NetBT - ok

06:46:38.0602 5296 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

06:46:38.0602 5296 NetDDE - ok

06:46:38.0602 5296 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

06:46:38.0617 5296 NetDDEdsdm - ok

06:46:38.0664 5296 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

06:46:38.0664 5296 Netlogon - ok

06:46:38.0695 5296 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

06:46:38.0711 5296 Netman - ok

06:46:38.0742 5296 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

06:46:38.0742 5296 NetTcpPortSharing - ok

06:46:38.0867 5296 [ E2F396F71A793A04839DBB6AF304A026 ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys

06:46:38.0945 5296 NETw3x32 - ok

06:46:38.0977 5296 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

06:46:38.0977 5296 NIC1394 - ok

06:46:39.0023 5296 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

06:46:39.0023 5296 Nla - ok

06:46:39.0039 5296 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

06:46:39.0039 5296 Npfs - ok

06:46:39.0070 5296 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

06:46:39.0070 5296 Ntfs - ok

06:46:39.0086 5296 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

06:46:39.0102 5296 NtLmSsp - ok

06:46:39.0148 5296 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

06:46:39.0148 5296 NtmsSvc - ok

06:46:39.0211 5296 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

06:46:39.0211 5296 Null - ok

06:46:39.0227 5296 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

06:46:39.0227 5296 NwlnkFlt - ok

06:46:39.0242 5296 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

06:46:39.0242 5296 NwlnkFwd - ok

06:46:39.0258 5296 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

06:46:39.0258 5296 ohci1394 - ok

06:46:39.0305 5296 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

06:46:39.0305 5296 ose - ok

06:46:39.0336 5296 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

06:46:39.0336 5296 Parport - ok

06:46:39.0352 5296 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

06:46:39.0352 5296 PartMgr - ok

06:46:39.0414 5296 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

06:46:39.0414 5296 ParVdm - ok

06:46:39.0445 5296 [ 210A628A0D7B3F45257850EFBFF27538 ] pavboot C:\WINDOWS\system32\drivers\pavboot.sys

06:46:39.0445 5296 pavboot - ok

06:46:39.0570 5296 [ 5EEB45F500E3E97153CB75723F8CA185 ] PCA C:\WINDOWS\SMINST\PCAngel.exe

06:46:39.0570 5296 PCA - ok

06:46:39.0586 5296 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

06:46:39.0586 5296 PCI - ok

06:46:39.0602 5296 PCIDump - ok

06:46:39.0617 5296 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

06:46:39.0617 5296 PCIIde - ok

06:46:39.0633 5296 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys

06:46:39.0633 5296 Pcmcia - ok

06:46:39.0648 5296 PDCOMP - ok

06:46:39.0648 5296 PDFRAME - ok

06:46:39.0664 5296 PDRELI - ok

06:46:39.0680 5296 PDRFRAME - ok

06:46:39.0680 5296 perc2 - ok

06:46:39.0695 5296 perc2hib - ok

06:46:39.0758 5296 [ 9F09361EEAE6180CCDC8E99BAC641943 ] PersonalSecureDrive C:\WINDOWS\System32\drivers\psd.sys

06:46:39.0758 5296 PersonalSecureDrive - ok

06:46:39.0867 5296 [ 2A8335EE3997E72690394D86258814A2 ] PersonalSecureDriveService C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE

06:46:39.0867 5296 PersonalSecureDriveService - ok

06:46:39.0898 5296 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

06:46:39.0898 5296 PlugPlay - ok

06:46:39.0914 5296 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

06:46:39.0914 5296 PolicyAgent - ok

06:46:39.0961 5296 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

06:46:39.0961 5296 PptpMiniport - ok

06:46:39.0961 5296 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

06:46:39.0961 5296 ProtectedStorage - ok

06:46:39.0977 5296 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

06:46:39.0977 5296 PSched - ok

06:46:40.0023 5296 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

06:46:40.0023 5296 Ptilink - ok

06:46:40.0086 5296 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

06:46:40.0086 5296 PxHelp20 - ok

06:46:40.0086 5296 ql1080 - ok

06:46:40.0102 5296 Ql10wnt - ok

06:46:40.0117 5296 ql12160 - ok

06:46:40.0117 5296 ql1240 - ok

06:46:40.0133 5296 ql1280 - ok

06:46:40.0133 5296 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

06:46:40.0133 5296 RasAcd - ok

06:46:40.0180 5296 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

06:46:40.0180 5296 RasAuto - ok

06:46:40.0211 5296 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys

06:46:40.0211 5296 Rasirda - ok

06:46:40.0227 5296 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

06:46:40.0227 5296 Rasl2tp - ok

06:46:40.0273 5296 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

06:46:40.0273 5296 RasMan - ok

06:46:40.0289 5296 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

06:46:40.0289 5296 RasPppoe - ok

06:46:40.0289 5296 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

06:46:40.0289 5296 Raspti - ok

06:46:40.0336 5296 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

06:46:40.0336 5296 Rdbss - ok

06:46:40.0352 5296 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

06:46:40.0352 5296 RDPCDD - ok

06:46:40.0367 5296 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

06:46:40.0383 5296 rdpdr - ok

06:46:40.0414 5296 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

06:46:40.0414 5296 RDPWD - ok

06:46:40.0461 5296 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

06:46:40.0461 5296 RDSessMgr - ok

06:46:40.0477 5296 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

06:46:40.0477 5296 redbook - ok

06:46:40.0508 5296 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

06:46:40.0523 5296 RemoteAccess - ok

06:46:40.0570 5296 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

06:46:40.0570 5296 RemoteRegistry - ok

06:46:40.0617 5296 [ 96F7A9A7BF0C9C0440A967440065D33C ] RMCAST C:\WINDOWS\system32\drivers\RMCast.sys

06:46:40.0617 5296 RMCAST - ok

06:46:40.0664 5296 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

06:46:40.0664 5296 RpcLocator - ok

06:46:40.0742 5296 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

06:46:40.0742 5296 RpcSs - ok

06:46:40.0820 5296 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

06:46:40.0820 5296 RSVP - ok

06:46:40.0852 5296 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

06:46:40.0852 5296 SamSs - ok

06:46:40.0914 5296 [ 3525FDCFC567E807A337C61AFF366BE8 ] SavRoam C:\Program Files\Symantec AntiVirus\SavRoam.exe

06:46:40.0914 5296 SavRoam - ok

06:46:40.0945 5296 [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] SAVRT C:\Program Files\Symantec AntiVirus\savrt.sys

06:46:40.0945 5296 SAVRT - ok

06:46:40.0977 5296 [ 97E5B6F3F95465E1F59360B59D8EC64E ] SAVRTPEL C:\Program Files\Symantec AntiVirus\Savrtpel.sys

06:46:40.0977 5296 SAVRTPEL - ok

06:46:41.0133 5296 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

06:46:41.0133 5296 SCardSvr - ok

06:46:41.0180 5296 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

06:46:41.0180 5296 Schedule - ok

06:46:41.0227 5296 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys

06:46:41.0227 5296 sdbus - ok

06:46:41.0258 5296 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

06:46:41.0273 5296 Secdrv - ok

06:46:41.0305 5296 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

06:46:41.0305 5296 seclogon - ok

06:46:41.0352 5296 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

06:46:41.0352 5296 SENS - ok

06:46:41.0398 5296 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

06:46:41.0398 5296 serenum - ok

06:46:41.0414 5296 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

06:46:41.0414 5296 Serial - ok

06:46:41.0445 5296 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

06:46:41.0445 5296 Sfloppy - ok

06:46:41.0477 5296 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

06:46:41.0492 5296 ShellHWDetection - ok

06:46:41.0492 5296 Simbad - ok

06:46:41.0555 5296 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys

06:46:41.0555 5296 SMCIRDA - ok

06:46:41.0617 5296 [ 0D411EEA92751C1ECD8453892F41E726 ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

06:46:41.0617 5296 SNDSrvc - ok

06:46:41.0633 5296 Sparrow - ok

06:46:41.0711 5296 [ 677B10906838D3BFB1C07AC9087E4BF7 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

06:46:41.0711 5296 SPBBCDrv - ok

06:46:41.0789 5296 [ C830007369E18A54AED23B5BB3AFA2BA ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

06:46:41.0867 5296 SPBBCSvc - ok

06:46:41.0883 5296 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

06:46:41.0883 5296 splitter - ok

06:46:41.0930 5296 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

06:46:41.0930 5296 Spooler - ok

06:46:41.0945 5296 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

06:46:41.0945 5296 sr - ok

06:46:41.0992 5296 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

06:46:42.0008 5296 srservice - ok

06:46:42.0055 5296 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

06:46:42.0055 5296 Srv - ok

06:46:42.0086 5296 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

06:46:42.0086 5296 SSDPSRV - ok

06:46:42.0133 5296 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

06:46:42.0148 5296 stisvc - ok

06:46:42.0164 5296 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

06:46:42.0164 5296 swenum - ok

06:46:42.0195 5296 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

06:46:42.0195 5296 swmidi - ok

06:46:42.0195 5296 SwPrv - ok

06:46:42.0242 5296 [ 9B2BDD7A8629A9C5A55CD5635DDF136F ] SydexFDD C:\WINDOWS\system32\Drivers\sydexfdd.sys

06:46:42.0242 5296 SydexFDD - ok

06:46:42.0383 5296 [ 8FDAADF204A4F29214DA1B03342E2735 ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe

06:46:42.0477 5296 Symantec AntiVirus - ok

06:46:42.0492 5296 symc810 - ok

06:46:42.0508 5296 symc8xx - ok

06:46:42.0555 5296 [ DE6D1102D55926354171AE4E73936725 ] SymEvent C:\Program Files\Symantec\SYMEVENT.SYS

06:46:42.0555 5296 SymEvent - ok

06:46:42.0617 5296 [ 6C0A85982F4E0D672B85A2BFB50A24B5 ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

06:46:42.0617 5296 SYMREDRV - ok

06:46:42.0680 5296 [ CDDA3BA3F7D5B63FF9F85CB478C11473 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS

06:46:42.0680 5296 SYMTDI - ok

06:46:42.0680 5296 sym_hi - ok

06:46:42.0695 5296 sym_u3 - ok

06:46:42.0758 5296 [ FD5010A627D2A7BBD1C44A488E3A8FE5 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys

06:46:42.0758 5296 SynTP - ok

06:46:42.0789 5296 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

06:46:42.0789 5296 sysaudio - ok

06:46:42.0820 5296 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

06:46:42.0820 5296 SysmonLog - ok

06:46:42.0867 5296 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

06:46:42.0867 5296 TapiSrv - ok

06:46:42.0930 5296 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

06:46:42.0930 5296 Tcpip - ok

06:46:42.0977 5296 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

06:46:42.0992 5296 TDPIPE - ok

06:46:42.0992 5296 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

06:46:43.0008 5296 TDTCP - ok

06:46:43.0023 5296 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

06:46:43.0023 5296 TermDD - ok

06:46:43.0070 5296 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

06:46:43.0070 5296 TermService - ok

06:46:43.0117 5296 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

06:46:43.0117 5296 Themes - ok

06:46:43.0180 5296 [ 9179E07503630D6FB2E4162FF0196191 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys

06:46:43.0180 5296 tifm21 - ok

06:46:43.0211 5296 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

06:46:43.0227 5296 TlntSvr - ok

06:46:43.0227 5296 TosIde - ok

06:46:43.0273 5296 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

06:46:43.0273 5296 TrkWks - ok

06:46:43.0305 5296 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

06:46:43.0305 5296 Udfs - ok

06:46:43.0320 5296 ultra - ok

06:46:43.0383 5296 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

06:46:43.0383 5296 Update - ok

06:46:43.0430 5296 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

06:46:43.0445 5296 upnphost - ok

06:46:43.0461 5296 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

06:46:43.0461 5296 UPS - ok

06:46:43.0508 5296 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys

06:46:43.0508 5296 USBAAPL - ok

06:46:43.0539 5296 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

06:46:43.0539 5296 usbccgp - ok

06:46:43.0555 5296 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

06:46:43.0555 5296 usbehci - ok

06:46:43.0570 5296 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

06:46:43.0570 5296 usbhub - ok

06:46:43.0602 5296 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

06:46:43.0602 5296 usbprint - ok

06:46:43.0633 5296 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

06:46:43.0633 5296 usbscan - ok

06:46:43.0664 5296 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

06:46:43.0664 5296 USBSTOR - ok

06:46:43.0680 5296 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

06:46:43.0680 5296 usbuhci - ok

06:46:43.0695 5296 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

06:46:43.0695 5296 VgaSave - ok

06:46:43.0711 5296 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys

06:46:43.0711 5296 ViaIde - ok

06:46:43.0727 5296 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

06:46:43.0727 5296 VolSnap - ok

06:46:43.0789 5296 [ 27B3DD12A19EEC50220DF15B64913DDA ] vsdatant C:\WINDOWS\system32\vsdatant.sys

06:46:43.0789 5296 vsdatant - ok

06:46:43.0852 5296 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

06:46:43.0867 5296 VSS - ok

06:46:43.0914 5296 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

06:46:43.0914 5296 W32Time - ok

06:46:44.0039 5296 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys

06:46:44.0148 5296 w39n51 - ok

06:46:44.0164 5296 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

06:46:44.0164 5296 Wanarp - ok

06:46:44.0180 5296 WDICA - ok

06:46:44.0211 5296 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

06:46:44.0211 5296 wdmaud - ok

06:46:44.0242 5296 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

06:46:44.0242 5296 WebClient - ok

06:46:44.0352 5296 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

06:46:44.0352 5296 winmgmt - ok

06:46:44.0414 5296 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

06:46:44.0414 5296 WmdmPmSN - ok

06:46:44.0461 5296 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

06:46:44.0477 5296 Wmi - ok

06:46:44.0492 5296 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

06:46:44.0492 5296 WmiAcpi - ok

06:46:44.0523 5296 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

06:46:44.0523 5296 WmiApSrv - ok

06:46:44.0648 5296 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

06:46:44.0664 5296 WMPNetworkSvc - ok

06:46:44.0789 5296 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

06:46:44.0805 5296 WPFFontCache_v0400 - ok

06:46:44.0852 5296 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

06:46:44.0867 5296 wuauserv - ok

06:46:44.0898 5296 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

06:46:44.0914 5296 WudfPf - ok

06:46:44.0930 5296 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

06:46:44.0930 5296 WudfRd - ok

06:46:44.0945 5296 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

06:46:44.0945 5296 WudfSvc - ok

06:46:45.0008 5296 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

06:46:45.0023 5296 WZCSVC - ok

06:46:45.0070 5296 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

06:46:45.0070 5296 xmlprov - ok

06:46:45.0102 5296 [ 49106EE29074E6A3D3AC9E24C6D791D8 ] ZSTAR C:\WINDOWS\system32\Drivers\usbser-zstar.sys

06:46:45.0102 5296 ZSTAR - ok

06:46:45.0117 5296 ================ Scan global ===============================

06:46:45.0148 5296 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

06:46:45.0195 5296 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

06:46:45.0211 5296 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

06:46:45.0242 5296 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

06:46:45.0242 5296 [Global] - ok

06:46:45.0242 5296 ================ Scan MBR ==================================

06:46:45.0273 5296 [ 0C808E7238C810543120B2DC771ED1BA ] \Device\Harddisk0\DR0

06:46:45.0445 5296 \Device\Harddisk0\DR0 - ok

06:46:45.0445 5296 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR3

06:46:45.0461 5296 \Device\Harddisk1\DR3 - ok

06:46:45.0461 5296 ================ Scan VBR ==================================

06:46:45.0461 5296 [ D242076BB909AD04D99568C588333B81 ] \Device\Harddisk0\DR0\Partition1

06:46:45.0461 5296 \Device\Harddisk0\DR0\Partition1 - ok

06:46:45.0477 5296 [ D40A8C1226AB1296A371F6532A934037 ] \Device\Harddisk0\DR0\Partition2

06:46:45.0477 5296 \Device\Harddisk0\DR0\Partition2 - ok

06:46:45.0477 5296 [ 556C231B26A4569F7A08CA71A157DE84 ] \Device\Harddisk1\DR3\Partition1

06:46:45.0492 5296 \Device\Harddisk1\DR3\Partition1 - ok

06:46:45.0492 5296 ============================================================

06:46:45.0492 5296 Scan finished

06:46:45.0492 5296 ============================================================

06:46:45.0508 5196 Detected object count: 0

06:46:45.0508 5196 Actual detected object count: 0

Link to post
Share on other sites

Roguekiller report

06:46:06.0195 5732 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

06:46:06.0523 5732 ============================================================

06:46:06.0523 5732 Current date / time: 2013/01/21 06:46:06.0523

06:46:06.0523 5732 SystemInfo:

06:46:06.0523 5732

06:46:06.0523 5732 OS Version: 5.1.2600 ServicePack: 3.0

06:46:06.0523 5732 Product type: Workstation

06:46:06.0523 5732 ComputerName: HYLAS-LT-005

06:46:06.0523 5732 UserName: DKarst

06:46:06.0523 5732 Windows directory: C:\WINDOWS

06:46:06.0523 5732 System windows directory: C:\WINDOWS

06:46:06.0523 5732 Processor architecture: Intel x86

06:46:06.0523 5732 Number of processors: 2

06:46:06.0523 5732 Page size: 0x1000

06:46:06.0523 5732 Boot type: Normal boot

06:46:06.0523 5732 ============================================================

06:46:06.0851 5732 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050

06:46:06.0851 5732 Drive \Device\Harddisk1\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

06:46:17.0351 5732 ============================================================

06:46:17.0351 5732 \Device\Harddisk0\DR0:

06:46:17.0351 5732 MBR partitions:

06:46:17.0351 5732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8720271

06:46:17.0351 5732 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x87202B0, BlocksNum 0xDEDE60

06:46:17.0351 5732 \Device\Harddisk1\DR3:

06:46:17.0351 5732 MBR partitions:

06:46:17.0351 5732 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02

06:46:17.0351 5732 ============================================================

06:46:17.0367 5732 C: <-> \Device\Harddisk0\DR0\Partition1

06:46:17.0382 5732 E: <-> \Device\Harddisk0\DR0\Partition2

06:46:17.0429 5732 F: <-> \Device\Harddisk1\DR3\Partition1

06:46:17.0429 5732 ============================================================

06:46:17.0429 5732 Initialize success

06:46:17.0429 5732 ============================================================

06:46:25.0429 5296 ============================================================

06:46:25.0429 5296 Scan started

06:46:25.0429 5296 Mode: Manual;

06:46:25.0429 5296 ============================================================

06:46:25.0711 5296 ================ Scan system memory ========================

06:46:28.0617 5296 System memory - ok

06:46:28.0617 5296 ================ Scan services =============================

06:46:28.0883 5296 Abiosdsk - ok

06:46:28.0898 5296 abp480n5 - ok

06:46:28.0945 5296 [ 2AD11B75224BC6C54735FB6853105B8B ] Accelerometer C:\WINDOWS\system32\DRIVERS\Accelerometer.sys

06:46:28.0945 5296 Accelerometer - ok

06:46:28.0992 5296 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

06:46:28.0992 5296 ACPI - ok

06:46:29.0070 5296 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

06:46:29.0070 5296 ACPIEC - ok

06:46:29.0133 5296 [ 761D5BBDB6A5867C9F8EBBB545AF7B34 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys

06:46:29.0133 5296 ADIHdAudAddService - ok

06:46:29.0242 5296 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

06:46:29.0242 5296 AdobeFlashPlayerUpdateSvc - ok

06:46:29.0258 5296 adpu160m - ok

06:46:29.0320 5296 [ C984DE22ED71414ABC42C1E03D412E33 ] AEAudioService C:\WINDOWS\system32\drivers\AEAudio.sys

06:46:29.0320 5296 AEAudioService - ok

06:46:29.0351 5296 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

06:46:29.0351 5296 aec - ok

06:46:29.0398 5296 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

06:46:29.0398 5296 AFD - ok

06:46:29.0445 5296 [ 9C7B1314D5E1212BD3D654177C06E24D ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys

06:46:29.0508 5296 AgereSoftModem - ok

06:46:29.0508 5296 Aha154x - ok

06:46:29.0523 5296 aic78u2 - ok

06:46:29.0523 5296 aic78xx - ok

06:46:29.0586 5296 [ 4ED4CE78A42070CB041C208CA53ED70A ] akshasp C:\WINDOWS\system32\DRIVERS\akshasp.sys

06:46:29.0586 5296 akshasp - ok

06:46:29.0633 5296 [ 2FA8CBCBD795014267BE5F60BB8474C0 ] aksusb C:\WINDOWS\system32\DRIVERS\aksusb.sys

06:46:29.0633 5296 aksusb - ok

06:46:29.0680 5296 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

06:46:29.0680 5296 Alerter - ok

06:46:29.0711 5296 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

06:46:29.0711 5296 ALG - ok

06:46:29.0726 5296 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys

06:46:29.0742 5296 AliIde - ok

06:46:29.0742 5296 amsint - ok

06:46:29.0851 5296 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

06:46:29.0851 5296 Apple Mobile Device - ok

06:46:29.0883 5296 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

06:46:29.0898 5296 AppMgmt - ok

06:46:29.0930 5296 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

06:46:29.0930 5296 Arp1394 - ok

06:46:29.0930 5296 asc - ok

06:46:29.0945 5296 asc3350p - ok

06:46:29.0961 5296 asc3550 - ok

06:46:30.0101 5296 [ 47589CC135E28532AFC39394BBF87F0D ] ASChannel C:\Program Files\HPQ\IAM\Bin\ASChnl.dll

06:46:30.0117 5296 ASChannel - ok

06:46:30.0258 5296 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

06:46:30.0320 5296 aspnet_state - ok

06:46:30.0336 5296 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

06:46:30.0336 5296 AsyncMac - ok

06:46:30.0351 5296 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

06:46:30.0351 5296 atapi - ok

06:46:30.0367 5296 Atdisk - ok

06:46:30.0414 5296 [ 39BE36B74B2D17B336146E82373E0396 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

06:46:30.0414 5296 Ati HotKey Poller - ok

06:46:30.0539 5296 [ 6B618C7764E03A78599D74E31B8AB17B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

06:46:30.0664 5296 ati2mtag - ok

06:46:30.0695 5296 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

06:46:30.0695 5296 Atmarpc - ok

06:46:30.0758 5296 [ 56E6740FCBD672CF61FA8CDAA607FFD5 ] ATSWPDRV C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys

06:46:30.0758 5296 ATSWPDRV - ok

06:46:30.0805 5296 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

06:46:30.0805 5296 AudioSrv - ok

06:46:30.0851 5296 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

06:46:30.0851 5296 audstub - ok

06:46:30.0914 5296 [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys

06:46:30.0914 5296 b57w2k - ok

06:46:30.0976 5296 [ 55FED228FE147ECB9C47A1C55388896E ] Basics Service C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe

06:46:30.0976 5296 Basics Service - ok

06:46:30.0992 5296 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

06:46:30.0992 5296 Beep - ok

06:46:31.0055 5296 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

06:46:31.0195 5296 BITS - ok

06:46:31.0289 5296 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

06:46:31.0305 5296 Bonjour Service - ok

06:46:31.0336 5296 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

06:46:31.0351 5296 Browser - ok

06:46:31.0383 5296 [ 00C8988DA469E4AC087539BD77420123 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys

06:46:31.0383 5296 BTWUSB - ok

06:46:31.0430 5296 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

06:46:31.0430 5296 cbidf2k - ok

06:46:31.0492 5296 [ 20F89E232173985A455BC9A5F70D1166 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe

06:46:31.0492 5296 CCALib8 - ok

06:46:31.0586 5296 [ 0A6786C95A6F8715AA4285E3C27F201F ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

06:46:31.0601 5296 ccEvtMgr - ok

06:46:31.0664 5296 [ 3B4898CF051BB04FB76E94361E336A83 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

06:46:31.0664 5296 ccSetMgr - ok

06:46:31.0664 5296 cd20xrnt - ok

06:46:31.0695 5296 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

06:46:31.0695 5296 Cdaudio - ok

06:46:31.0742 5296 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

06:46:31.0742 5296 Cdfs - ok

06:46:31.0758 5296 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

06:46:31.0758 5296 Cdrom - ok

06:46:31.0758 5296 Changer - ok

06:46:31.0789 5296 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

06:46:31.0789 5296 CiSvc - ok

06:46:31.0820 5296 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

06:46:31.0820 5296 ClipSrv - ok

06:46:31.0867 5296 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

06:46:32.0055 5296 clr_optimization_v2.0.50727_32 - ok

06:46:32.0101 5296 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

06:46:32.0117 5296 clr_optimization_v4.0.30319_32 - ok

06:46:32.0148 5296 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys

06:46:32.0148 5296 CmBatt - ok

06:46:32.0148 5296 CmdIde - ok

06:46:32.0164 5296 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys

06:46:32.0180 5296 Compbatt - ok

06:46:32.0180 5296 COMSysApp - ok

06:46:32.0211 5296 Cpqarray - ok

06:46:32.0242 5296 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

06:46:32.0242 5296 CryptSvc - ok

06:46:32.0305 5296 [ 5C706C06C1279952D2CC1A609CA948BF ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys

06:46:32.0305 5296 CVirtA - ok

06:46:32.0445 5296 [ C64D9A84723E874BF5168D7BF420F85D ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

06:46:32.0523 5296 CVPND - ok

06:46:32.0570 5296 [ 03516F6D3B8C91C919DE622196A84BCE ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

06:46:32.0570 5296 CVPNDRVA - ok

06:46:32.0586 5296 dac2w2k - ok

06:46:32.0586 5296 dac960nt - ok

06:46:32.0664 5296 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

06:46:32.0664 5296 DcomLaunch - ok

06:46:32.0773 5296 [ 1F709C66D8AADFF35530C56EE261C462 ] DefWatch C:\Program Files\Symantec AntiVirus\DefWatch.exe

06:46:32.0773 5296 DefWatch - ok

06:46:32.0820 5296 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

06:46:32.0820 5296 Dhcp - ok

06:46:32.0851 5296 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

06:46:32.0851 5296 Disk - ok

06:46:32.0945 5296 [ 244B6285B14E06A9BA81B3ED9B9A3B38 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS

06:46:32.0945 5296 DLABOIOM - ok

06:46:32.0976 5296 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

06:46:32.0976 5296 DLACDBHM - ok

06:46:32.0992 5296 [ 33B2C320B886D4E6E7780796731E405B ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS

06:46:32.0992 5296 DLADResN - ok

06:46:33.0023 5296 [ 46CDF41AB0F616168F2C03EDB590643A ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

06:46:33.0023 5296 DLAIFS_M - ok

06:46:33.0039 5296 [ 94F39387819A9AE05C788CFD7EA4E16B ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

06:46:33.0039 5296 DLAOPIOM - ok

06:46:33.0039 5296 [ F4DCC4DF6B27EE4E3D08258ECDDECB1F ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS

06:46:33.0055 5296 DLAPoolM - ok

06:46:33.0055 5296 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

06:46:33.0055 5296 DLARTL_N - ok

06:46:33.0070 5296 [ BDE11A8C697C5E22AEDF34CA3FDB5940 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

06:46:33.0070 5296 DLAUDFAM - ok

06:46:33.0086 5296 [ 069D67EED1CEC572DC28CB5582B5AA96 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

06:46:33.0086 5296 DLAUDF_M - ok

06:46:33.0101 5296 dmadmin - ok

06:46:33.0164 5296 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

06:46:33.0164 5296 dmboot - ok

06:46:33.0211 5296 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

06:46:33.0211 5296 dmio - ok

06:46:33.0242 5296 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

06:46:33.0242 5296 dmload - ok

06:46:33.0289 5296 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

06:46:33.0289 5296 dmserver - ok

06:46:33.0305 5296 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

06:46:33.0305 5296 DMusic - ok

06:46:33.0351 5296 [ 8101650993B2F79118D2BF24402C390D ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys

06:46:33.0351 5296 DNE - ok

06:46:33.0398 5296 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

06:46:33.0398 5296 Dnscache - ok

06:46:33.0430 5296 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

06:46:33.0430 5296 Dot3svc - ok

06:46:33.0445 5296 dpti2o - ok

06:46:33.0461 5296 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

06:46:33.0461 5296 drmkaud - ok

06:46:33.0476 5296 [ FE923D5529144D47B907663D2838C032 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

06:46:33.0476 5296 DRVMCDB - ok

06:46:33.0539 5296 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

06:46:33.0539 5296 DRVNDDM - ok

06:46:33.0586 5296 [ B5CB3084046146FD2587D8C9B219FEB4 ] eabfiltr C:\WINDOWS\system32\DRIVERS\eabfiltr.sys

06:46:33.0601 5296 eabfiltr - ok

06:46:33.0601 5296 [ 231F4547AE1E4B3E60ECA66C3A96D218 ] eabusb C:\WINDOWS\system32\DRIVERS\eabusb.sys

06:46:33.0601 5296 eabusb - ok

06:46:33.0617 5296 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

06:46:33.0617 5296 EapHost - ok

06:46:33.0695 5296 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

06:46:33.0695 5296 eeCtrl - ok

06:46:33.0742 5296 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

06:46:33.0742 5296 EraserUtilRebootDrv - ok

06:46:33.0773 5296 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

06:46:33.0773 5296 ERSvc - ok

06:46:33.0805 5296 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

06:46:33.0820 5296 Eventlog - ok

06:46:33.0836 5296 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

06:46:33.0836 5296 EventSystem - ok

06:46:33.0867 5296 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

06:46:33.0867 5296 Fastfat - ok

06:46:33.0898 5296 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

06:46:33.0914 5296 FastUserSwitchingCompatibility - ok

06:46:33.0945 5296 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

06:46:33.0945 5296 Fdc - ok

06:46:33.0961 5296 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

06:46:33.0961 5296 Fips - ok

06:46:33.0976 5296 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

06:46:33.0976 5296 Flpydisk - ok

06:46:34.0008 5296 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

06:46:34.0008 5296 FltMgr - ok

06:46:34.0117 5296 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

06:46:34.0117 5296 FontCache3.0.0.0 - ok

06:46:34.0164 5296 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

06:46:34.0164 5296 Fs_Rec - ok

06:46:34.0180 5296 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

06:46:34.0180 5296 Ftdisk - ok

06:46:34.0211 5296 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

06:46:34.0211 5296 GEARAspiWDM - ok

06:46:34.0242 5296 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

06:46:34.0258 5296 Gpc - ok

06:46:34.0305 5296 [ B6B1F53F585B41091EB3586F8297A379 ] GTIPCI21 C:\WINDOWS\system32\DRIVERS\gtipci21.sys

06:46:34.0305 5296 GTIPCI21 - ok

06:46:34.0414 5296 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

06:46:34.0414 5296 gupdate - ok

06:46:34.0430 5296 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

06:46:34.0430 5296 gupdatem - ok

06:46:34.0492 5296 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

06:46:34.0492 5296 gusvc - ok

06:46:34.0570 5296 [ ED32D389F8B0E74E400932E020BCFBDF ] Hardlock C:\WINDOWS\system32\drivers\hardlock.sys

06:46:34.0617 5296 Hardlock - ok

06:46:34.0664 5296 [ 2DD25F060DC9F79B5CDF33D90ED93669 ] Haspnt C:\WINDOWS\system32\drivers\Haspnt.sys

06:46:34.0664 5296 Haspnt - ok

06:46:34.0711 5296 [ 4D4D97671C63C3AF869B3518E6054204 ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

06:46:34.0711 5296 HBtnKey - ok

06:46:34.0742 5296 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

06:46:34.0742 5296 HDAudBus - ok

06:46:34.0883 5296 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

06:46:34.0883 5296 helpsvc - ok

06:46:34.0930 5296 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

06:46:34.0930 5296 HidServ - ok

06:46:34.0976 5296 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

06:46:34.0976 5296 HidUsb - ok

06:46:35.0008 5296 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

06:46:35.0023 5296 hkmsvc - ok

06:46:35.0039 5296 [ B5E68A5D9E0AAC82E4DDD340E1F0274A ] hpdskflt C:\WINDOWS\system32\DRIVERS\hpdskflt.sys

06:46:35.0039 5296 hpdskflt - ok

06:46:35.0039 5296 hpn - ok

06:46:35.0148 5296 [ A56D9D6B31A648CD5D3ACE7E09757600 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

06:46:35.0148 5296 hpqwmiex - ok

06:46:35.0195 5296 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

06:46:35.0195 5296 HTTP - ok

06:46:35.0226 5296 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

06:46:35.0226 5296 HTTPFilter - ok

06:46:35.0226 5296 i2omgmt - ok

06:46:35.0242 5296 i2omp - ok

06:46:35.0258 5296 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

06:46:35.0258 5296 i8042prt - ok

06:46:35.0351 5296 [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys

06:46:35.0351 5296 iaStor - ok

06:46:35.0430 5296 [ 6F95324909B502E2651442C1548AB12F ] IDriverT c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

06:46:35.0445 5296 IDriverT - ok

06:46:35.0539 5296 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

06:46:35.0586 5296 idsvc - ok

06:46:35.0664 5296 [ FF9F7B9FD77A6F26BDE91A33A348404C ] IFXSpMgtSrv C:\WINDOWS\system32\IFXSPMGT.exe

06:46:35.0664 5296 IFXSpMgtSrv - ok

06:46:35.0742 5296 [ E80B373A6B42C2274AE85379173F0204 ] IFXTCS C:\WINDOWS\system32\IFXTCS.exe

06:46:35.0742 5296 IFXTCS - ok

06:46:35.0789 5296 [ 0B556E950404D90D097C687E65238730 ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS

06:46:35.0789 5296 IFXTPM - ok

06:46:35.0820 5296 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

06:46:35.0820 5296 Imapi - ok

06:46:35.0851 5296 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

06:46:35.0867 5296 ImapiService - ok

06:46:35.0867 5296 ini910u - ok

06:46:35.0914 5296 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

06:46:35.0914 5296 IntelIde - ok

06:46:35.0961 5296 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

06:46:35.0961 5296 intelppm - ok

06:46:36.0039 5296 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

06:46:36.0039 5296 IntuitUpdateService - ok

06:46:36.0101 5296 [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

06:46:36.0101 5296 IntuitUpdateServiceV4 - ok

06:46:36.0117 5296 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

06:46:36.0117 5296 Ip6Fw - ok

06:46:36.0180 5296 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

06:46:36.0180 5296 IpFilterDriver - ok

06:46:36.0195 5296 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

06:46:36.0195 5296 IpInIp - ok

06:46:36.0226 5296 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

06:46:36.0226 5296 IpNat - ok

06:46:36.0273 5296 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

06:46:36.0305 5296 iPod Service - ok

06:46:36.0320 5296 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

06:46:36.0320 5296 IPSec - ok

06:46:36.0320 5296 IPSECSHM - ok

06:46:36.0351 5296 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

06:46:36.0351 5296 IRENUM - ok

06:46:36.0367 5296 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

06:46:36.0367 5296 isapnp - ok

06:46:36.0492 5296 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe

06:46:36.0508 5296 JavaQuickStarterService - ok

06:46:36.0523 5296 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

06:46:36.0523 5296 Kbdclass - ok

06:46:36.0539 5296 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

06:46:36.0539 5296 kbdhid - ok

06:46:36.0570 5296 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

06:46:36.0570 5296 kmixer - ok

06:46:36.0601 5296 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

06:46:36.0601 5296 KSecDD - ok

06:46:36.0648 5296 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

06:46:36.0664 5296 lanmanserver - ok

06:46:36.0711 5296 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

06:46:36.0711 5296 lanmanworkstation - ok

06:46:36.0726 5296 lbrtfdc - ok

06:46:36.0820 5296 [ D30D9547C02ECEE13E259970F71503D7 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

06:46:36.0820 5296 LightScribeService - ok

06:46:37.0055 5296 [ FB3A35318CA7F6A10FA3C3826A69AFFE ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

06:46:37.0180 5296 LiveUpdate - ok

06:46:37.0211 5296 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

06:46:37.0211 5296 LmHosts - ok

06:46:37.0336 5296 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

06:46:37.0336 5296 MDM - ok

06:46:37.0367 5296 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

06:46:37.0367 5296 Messenger - ok

06:46:37.0414 5296 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

06:46:37.0414 5296 mnmdd - ok

06:46:37.0445 5296 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

06:46:37.0445 5296 mnmsrvc - ok

06:46:37.0476 5296 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

06:46:37.0476 5296 Modem - ok

06:46:37.0492 5296 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

06:46:37.0492 5296 Mouclass - ok

06:46:37.0523 5296 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

06:46:37.0523 5296 mouhid - ok

06:46:37.0570 5296 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

06:46:37.0570 5296 MountMgr - ok

06:46:37.0602 5296 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

06:46:37.0602 5296 MozillaMaintenance - ok

06:46:37.0633 5296 [ 70C14F5CCA5CF73F8A645C73A01D8726 ] MQAC C:\WINDOWS\system32\drivers\mqac.sys

06:46:37.0633 5296 MQAC - ok

06:46:37.0648 5296 mraid35x - ok

06:46:37.0664 5296 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

06:46:37.0664 5296 MRxDAV - ok

06:46:37.0727 5296 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

06:46:37.0742 5296 MRxSmb - ok

06:46:37.0789 5296 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

06:46:37.0789 5296 MSDTC - ok

06:46:37.0805 5296 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

06:46:37.0805 5296 Msfs - ok

06:46:37.0820 5296 MSIServer - ok

06:46:37.0836 5296 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

06:46:37.0836 5296 MSKSSRV - ok

06:46:37.0852 5296 [ AFB909B537AAE1BEAE7BBDB6A36D40B0 ] MSMQ C:\WINDOWS\system32\mqsvc.exe

06:46:37.0852 5296 MSMQ - ok

06:46:37.0867 5296 [ 7F955FF3B1BB93376EBE75D5ACCDC6DB ] MSMQTriggers C:\WINDOWS\system32\mqtgsvc.exe

06:46:37.0883 5296 MSMQTriggers - ok

06:46:37.0898 5296 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

06:46:37.0898 5296 MSPCLOCK - ok

06:46:37.0914 5296 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

06:46:37.0930 5296 MSPQM - ok

06:46:37.0945 5296 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

06:46:37.0945 5296 mssmbios - ok

06:46:37.0992 5296 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

06:46:37.0992 5296 Mup - ok

06:46:38.0039 5296 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

06:46:38.0039 5296 napagent - ok

06:46:38.0148 5296 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130118.007\naveng.sys

06:46:38.0148 5296 NAVENG - ok

06:46:38.0258 5296 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130118.007\navex15.sys

06:46:38.0336 5296 NAVEX15 - ok

06:46:38.0367 5296 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

06:46:38.0367 5296 NDIS - ok

06:46:38.0398 5296 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

06:46:38.0398 5296 NdisTapi - ok

06:46:38.0445 5296 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

06:46:38.0445 5296 Ndisuio - ok

06:46:38.0477 5296 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

06:46:38.0477 5296 NdisWan - ok

06:46:38.0523 5296 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

06:46:38.0523 5296 NDProxy - ok

06:46:38.0539 5296 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

06:46:38.0539 5296 NetBIOS - ok

06:46:38.0555 5296 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

06:46:38.0555 5296 NetBT - ok

06:46:38.0602 5296 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

06:46:38.0602 5296 NetDDE - ok

06:46:38.0602 5296 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

06:46:38.0617 5296 NetDDEdsdm - ok

06:46:38.0664 5296 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

06:46:38.0664 5296 Netlogon - ok

06:46:38.0695 5296 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

06:46:38.0711 5296 Netman - ok

06:46:38.0742 5296 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

06:46:38.0742 5296 NetTcpPortSharing - ok

06:46:38.0867 5296 [ E2F396F71A793A04839DBB6AF304A026 ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys

06:46:38.0945 5296 NETw3x32 - ok

06:46:38.0977 5296 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

06:46:38.0977 5296 NIC1394 - ok

06:46:39.0023 5296 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

06:46:39.0023 5296 Nla - ok

06:46:39.0039 5296 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

06:46:39.0039 5296 Npfs - ok

06:46:39.0070 5296 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

06:46:39.0070 5296 Ntfs - ok

06:46:39.0086 5296 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

06:46:39.0102 5296 NtLmSsp - ok

06:46:39.0148 5296 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

06:46:39.0148 5296 NtmsSvc - ok

06:46:39.0211 5296 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

06:46:39.0211 5296 Null - ok

06:46:39.0227 5296 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

06:46:39.0227 5296 NwlnkFlt - ok

06:46:39.0242 5296 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

06:46:39.0242 5296 NwlnkFwd - ok

06:46:39.0258 5296 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

06:46:39.0258 5296 ohci1394 - ok

06:46:39.0305 5296 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

06:46:39.0305 5296 ose - ok

06:46:39.0336 5296 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

06:46:39.0336 5296 Parport - ok

06:46:39.0352 5296 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

06:46:39.0352 5296 PartMgr - ok

06:46:39.0414 5296 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

06:46:39.0414 5296 ParVdm - ok

06:46:39.0445 5296 [ 210A628A0D7B3F45257850EFBFF27538 ] pavboot C:\WINDOWS\system32\drivers\pavboot.sys

06:46:39.0445 5296 pavboot - ok

06:46:39.0570 5296 [ 5EEB45F500E3E97153CB75723F8CA185 ] PCA C:\WINDOWS\SMINST\PCAngel.exe

06:46:39.0570 5296 PCA - ok

06:46:39.0586 5296 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

06:46:39.0586 5296 PCI - ok

06:46:39.0602 5296 PCIDump - ok

06:46:39.0617 5296 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

06:46:39.0617 5296 PCIIde - ok

06:46:39.0633 5296 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys

06:46:39.0633 5296 Pcmcia - ok

06:46:39.0648 5296 PDCOMP - ok

06:46:39.0648 5296 PDFRAME - ok

06:46:39.0664 5296 PDRELI - ok

06:46:39.0680 5296 PDRFRAME - ok

06:46:39.0680 5296 perc2 - ok

06:46:39.0695 5296 perc2hib - ok

06:46:39.0758 5296 [ 9F09361EEAE6180CCDC8E99BAC641943 ] PersonalSecureDrive C:\WINDOWS\System32\drivers\psd.sys

06:46:39.0758 5296 PersonalSecureDrive - ok

06:46:39.0867 5296 [ 2A8335EE3997E72690394D86258814A2 ] PersonalSecureDriveService C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE

06:46:39.0867 5296 PersonalSecureDriveService - ok

06:46:39.0898 5296 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

06:46:39.0898 5296 PlugPlay - ok

06:46:39.0914 5296 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

06:46:39.0914 5296 PolicyAgent - ok

06:46:39.0961 5296 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

06:46:39.0961 5296 PptpMiniport - ok

06:46:39.0961 5296 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

06:46:39.0961 5296 ProtectedStorage - ok

06:46:39.0977 5296 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

06:46:39.0977 5296 PSched - ok

06:46:40.0023 5296 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

06:46:40.0023 5296 Ptilink - ok

06:46:40.0086 5296 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

06:46:40.0086 5296 PxHelp20 - ok

06:46:40.0086 5296 ql1080 - ok

06:46:40.0102 5296 Ql10wnt - ok

06:46:40.0117 5296 ql12160 - ok

06:46:40.0117 5296 ql1240 - ok

06:46:40.0133 5296 ql1280 - ok

06:46:40.0133 5296 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

06:46:40.0133 5296 RasAcd - ok

06:46:40.0180 5296 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

06:46:40.0180 5296 RasAuto - ok

06:46:40.0211 5296 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys

06:46:40.0211 5296 Rasirda - ok

06:46:40.0227 5296 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

06:46:40.0227 5296 Rasl2tp - ok

06:46:40.0273 5296 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

06:46:40.0273 5296 RasMan - ok

06:46:40.0289 5296 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

06:46:40.0289 5296 RasPppoe - ok

06:46:40.0289 5296 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

06:46:40.0289 5296 Raspti - ok

06:46:40.0336 5296 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

06:46:40.0336 5296 Rdbss - ok

06:46:40.0352 5296 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

06:46:40.0352 5296 RDPCDD - ok

06:46:40.0367 5296 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

06:46:40.0383 5296 rdpdr - ok

06:46:40.0414 5296 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

06:46:40.0414 5296 RDPWD - ok

06:46:40.0461 5296 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

06:46:40.0461 5296 RDSessMgr - ok

06:46:40.0477 5296 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

06:46:40.0477 5296 redbook - ok

06:46:40.0508 5296 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

06:46:40.0523 5296 RemoteAccess - ok

06:46:40.0570 5296 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

06:46:40.0570 5296 RemoteRegistry - ok

06:46:40.0617 5296 [ 96F7A9A7BF0C9C0440A967440065D33C ] RMCAST C:\WINDOWS\system32\drivers\RMCast.sys

06:46:40.0617 5296 RMCAST - ok

06:46:40.0664 5296 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

06:46:40.0664 5296 RpcLocator - ok

06:46:40.0742 5296 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

06:46:40.0742 5296 RpcSs - ok

06:46:40.0820 5296 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

06:46:40.0820 5296 RSVP - ok

06:46:40.0852 5296 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

06:46:40.0852 5296 SamSs - ok

06:46:40.0914 5296 [ 3525FDCFC567E807A337C61AFF366BE8 ] SavRoam C:\Program Files\Symantec AntiVirus\SavRoam.exe

06:46:40.0914 5296 SavRoam - ok

06:46:40.0945 5296 [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] SAVRT C:\Program Files\Symantec AntiVirus\savrt.sys

06:46:40.0945 5296 SAVRT - ok

06:46:40.0977 5296 [ 97E5B6F3F95465E1F59360B59D8EC64E ] SAVRTPEL C:\Program Files\Symantec AntiVirus\Savrtpel.sys

06:46:40.0977 5296 SAVRTPEL - ok

06:46:41.0133 5296 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

06:46:41.0133 5296 SCardSvr - ok

06:46:41.0180 5296 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

06:46:41.0180 5296 Schedule - ok

06:46:41.0227 5296 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys

06:46:41.0227 5296 sdbus - ok

06:46:41.0258 5296 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

06:46:41.0273 5296 Secdrv - ok

06:46:41.0305 5296 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

06:46:41.0305 5296 seclogon - ok

06:46:41.0352 5296 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

06:46:41.0352 5296 SENS - ok

06:46:41.0398 5296 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

06:46:41.0398 5296 serenum - ok

06:46:41.0414 5296 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

06:46:41.0414 5296 Serial - ok

06:46:41.0445 5296 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

06:46:41.0445 5296 Sfloppy - ok

06:46:41.0477 5296 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

06:46:41.0492 5296 ShellHWDetection - ok

06:46:41.0492 5296 Simbad - ok

06:46:41.0555 5296 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys

06:46:41.0555 5296 SMCIRDA - ok

06:46:41.0617 5296 [ 0D411EEA92751C1ECD8453892F41E726 ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

06:46:41.0617 5296 SNDSrvc - ok

06:46:41.0633 5296 Sparrow - ok

06:46:41.0711 5296 [ 677B10906838D3BFB1C07AC9087E4BF7 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

06:46:41.0711 5296 SPBBCDrv - ok

06:46:41.0789 5296 [ C830007369E18A54AED23B5BB3AFA2BA ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

06:46:41.0867 5296 SPBBCSvc - ok

06:46:41.0883 5296 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

06:46:41.0883 5296 splitter - ok

06:46:41.0930 5296 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

06:46:41.0930 5296 Spooler - ok

06:46:41.0945 5296 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

06:46:41.0945 5296 sr - ok

06:46:41.0992 5296 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

06:46:42.0008 5296 srservice - ok

06:46:42.0055 5296 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

06:46:42.0055 5296 Srv - ok

06:46:42.0086 5296 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

06:46:42.0086 5296 SSDPSRV - ok

06:46:42.0133 5296 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

06:46:42.0148 5296 stisvc - ok

06:46:42.0164 5296 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

06:46:42.0164 5296 swenum - ok

06:46:42.0195 5296 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

06:46:42.0195 5296 swmidi - ok

06:46:42.0195 5296 SwPrv - ok

06:46:42.0242 5296 [ 9B2BDD7A8629A9C5A55CD5635DDF136F ] SydexFDD C:\WINDOWS\system32\Drivers\sydexfdd.sys

06:46:42.0242 5296 SydexFDD - ok

06:46:42.0383 5296 [ 8FDAADF204A4F29214DA1B03342E2735 ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe

06:46:42.0477 5296 Symantec AntiVirus - ok

06:46:42.0492 5296 symc810 - ok

06:46:42.0508 5296 symc8xx - ok

06:46:42.0555 5296 [ DE6D1102D55926354171AE4E73936725 ] SymEvent C:\Program Files\Symantec\SYMEVENT.SYS

06:46:42.0555 5296 SymEvent - ok

06:46:42.0617 5296 [ 6C0A85982F4E0D672B85A2BFB50A24B5 ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

06:46:42.0617 5296 SYMREDRV - ok

06:46:42.0680 5296 [ CDDA3BA3F7D5B63FF9F85CB478C11473 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS

06:46:42.0680 5296 SYMTDI - ok

06:46:42.0680 5296 sym_hi - ok

06:46:42.0695 5296 sym_u3 - ok

06:46:42.0758 5296 [ FD5010A627D2A7BBD1C44A488E3A8FE5 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys

06:46:42.0758 5296 SynTP - ok

06:46:42.0789 5296 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

06:46:42.0789 5296 sysaudio - ok

06:46:42.0820 5296 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

06:46:42.0820 5296 SysmonLog - ok

06:46:42.0867 5296 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

06:46:42.0867 5296 TapiSrv - ok

06:46:42.0930 5296 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

06:46:42.0930 5296 Tcpip - ok

06:46:42.0977 5296 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

06:46:42.0992 5296 TDPIPE - ok

06:46:42.0992 5296 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

06:46:43.0008 5296 TDTCP - ok

06:46:43.0023 5296 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

06:46:43.0023 5296 TermDD - ok

06:46:43.0070 5296 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

06:46:43.0070 5296 TermService - ok

06:46:43.0117 5296 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

06:46:43.0117 5296 Themes - ok

06:46:43.0180 5296 [ 9179E07503630D6FB2E4162FF0196191 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys

06:46:43.0180 5296 tifm21 - ok

06:46:43.0211 5296 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

06:46:43.0227 5296 TlntSvr - ok

06:46:43.0227 5296 TosIde - ok

06:46:43.0273 5296 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

06:46:43.0273 5296 TrkWks - ok

06:46:43.0305 5296 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

06:46:43.0305 5296 Udfs - ok

06:46:43.0320 5296 ultra - ok

06:46:43.0383 5296 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

06:46:43.0383 5296 Update - ok

06:46:43.0430 5296 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

06:46:43.0445 5296 upnphost - ok

06:46:43.0461 5296 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

06:46:43.0461 5296 UPS - ok

06:46:43.0508 5296 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys

06:46:43.0508 5296 USBAAPL - ok

06:46:43.0539 5296 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

06:46:43.0539 5296 usbccgp - ok

06:46:43.0555 5296 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

06:46:43.0555 5296 usbehci - ok

06:46:43.0570 5296 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

06:46:43.0570 5296 usbhub - ok

06:46:43.0602 5296 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

06:46:43.0602 5296 usbprint - ok

06:46:43.0633 5296 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

06:46:43.0633 5296 usbscan - ok

06:46:43.0664 5296 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

06:46:43.0664 5296 USBSTOR - ok

06:46:43.0680 5296 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

06:46:43.0680 5296 usbuhci - ok

06:46:43.0695 5296 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

06:46:43.0695 5296 VgaSave - ok

06:46:43.0711 5296 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys

06:46:43.0711 5296 ViaIde - ok

06:46:43.0727 5296 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

06:46:43.0727 5296 VolSnap - ok

06:46:43.0789 5296 [ 27B3DD12A19EEC50220DF15B64913DDA ] vsdatant C:\WINDOWS\system32\vsdatant.sys

06:46:43.0789 5296 vsdatant - ok

06:46:43.0852 5296 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

06:46:43.0867 5296 VSS - ok

06:46:43.0914 5296 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

06:46:43.0914 5296 W32Time - ok

06:46:44.0039 5296 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys

06:46:44.0148 5296 w39n51 - ok

06:46:44.0164 5296 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

06:46:44.0164 5296 Wanarp - ok

06:46:44.0180 5296 WDICA - ok

06:46:44.0211 5296 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

06:46:44.0211 5296 wdmaud - ok

06:46:44.0242 5296 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

06:46:44.0242 5296 WebClient - ok

06:46:44.0352 5296 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

06:46:44.0352 5296 winmgmt - ok

06:46:44.0414 5296 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

06:46:44.0414 5296 WmdmPmSN - ok

06:46:44.0461 5296 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

06:46:44.0477 5296 Wmi - ok

06:46:44.0492 5296 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

06:46:44.0492 5296 WmiAcpi - ok

06:46:44.0523 5296 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

06:46:44.0523 5296 WmiApSrv - ok

06:46:44.0648 5296 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

06:46:44.0664 5296 WMPNetworkSvc - ok

06:46:44.0789 5296 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

06:46:44.0805 5296 WPFFontCache_v0400 - ok

06:46:44.0852 5296 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

06:46:44.0867 5296 wuauserv - ok

06:46:44.0898 5296 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

06:46:44.0914 5296 WudfPf - ok

06:46:44.0930 5296 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

06:46:44.0930 5296 WudfRd - ok

06:46:44.0945 5296 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

06:46:44.0945 5296 WudfSvc - ok

06:46:45.0008 5296 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

06:46:45.0023 5296 WZCSVC - ok

06:46:45.0070 5296 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

06:46:45.0070 5296 xmlprov - ok

06:46:45.0102 5296 [ 49106EE29074E6A3D3AC9E24C6D791D8 ] ZSTAR C:\WINDOWS\system32\Drivers\usbser-zstar.sys

06:46:45.0102 5296 ZSTAR - ok

06:46:45.0117 5296 ================ Scan global ===============================

06:46:45.0148 5296 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

06:46:45.0195 5296 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

06:46:45.0211 5296 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

06:46:45.0242 5296 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

06:46:45.0242 5296 [Global] - ok

06:46:45.0242 5296 ================ Scan MBR ==================================

06:46:45.0273 5296 [ 0C808E7238C810543120B2DC771ED1BA ] \Device\Harddisk0\DR0

06:46:45.0445 5296 \Device\Harddisk0\DR0 - ok

06:46:45.0445 5296 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR3

06:46:45.0461 5296 \Device\Harddisk1\DR3 - ok

06:46:45.0461 5296 ================ Scan VBR ==================================

06:46:45.0461 5296 [ D242076BB909AD04D99568C588333B81 ] \Device\Harddisk0\DR0\Partition1

06:46:45.0461 5296 \Device\Harddisk0\DR0\Partition1 - ok

06:46:45.0477 5296 [ D40A8C1226AB1296A371F6532A934037 ] \Device\Harddisk0\DR0\Partition2

06:46:45.0477 5296 \Device\Harddisk0\DR0\Partition2 - ok

06:46:45.0477 5296 [ 556C231B26A4569F7A08CA71A157DE84 ] \Device\Harddisk1\DR3\Partition1

06:46:45.0492 5296 \Device\Harddisk1\DR3\Partition1 - ok

06:46:45.0492 5296 ============================================================

06:46:45.0492 5296 Scan finished

06:46:45.0492 5296 ============================================================

06:46:45.0508 5196 Detected object count: 0

06:46:45.0508 5196 Actual detected object count: 0

Checkup txt file here

Results of screen317's Security Check version 0.99.57

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Symantec AntiVirus Corporate Edition

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Out of date HijackThis installed!

Spybot - Search & Destroy

Windows Defender

Malwarebytes Anti-Malware version 1.70.0.1100

HijackThis 2.0.2

Java 6 Update 35

Java 7 Update 11

Adobe Flash Player 11.5.502.146

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (18.0.1)

````````Process Check: objlist.exe by Laurent````````

Symantec AntiVirus DefWatch.exe

Symantec AntiVirus SavRoam.exe

Symantec AntiVirus Rtvscan.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Found RKreport[1].txt on desktop

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : DKarst [Admin rights]

Mode : Scan -- Date : 01/21/2013 06:56:56

¤¤¤ Bad processes : 1 ¤¤¤

[DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\WINDOWS\KATRACK.DLL -> UNLOADED

¤¤¤ Registry Entries : 6 ¤¤¤

[RUN][bLACKLISTDLL] HKLM\[...]\Run : CognizanceTS (rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule) -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Run : KeyAccess (C:\WINDOWS\keyacc32.exe) -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ --> FOUND

[ZeroAccess][FILE] @ : C:\Documents and Settings\DKarst.HYLAS-LT-005\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U --> FOUND

[ZeroAccess][FOLDER] U : C:\Documents and Settings\DKarst.HYLAS-LT-005\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L --> FOUND

[ZeroAccess][FOLDER] L : C:\Documents and Settings\DKarst.HYLAS-LT-005\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8993BED0)

SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8993BF90)

SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x89915B30)

SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A5A5328)

SSDT[43] : NtCreateMutant @ 0x806176AE -> HOOKED (Unknown @ 0x89932E68)

SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x89919AC0)

SSDT[65] : NtDeleteValueKey @ 0x80624762 -> HOOKED (\??\C:\Program Files\Symantec\SYMEVENT.SYS @ 0xAE60D350)

SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8990AA78)

SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x89932F48)

SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8993BE10)

SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8992CA78)

SSDT[114] : NtOpenEvent @ 0x8060F06C -> HOOKED (Unknown @ 0x89947D10)

SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8990AAF8)

SSDT[129] : NtOpenThreadToken @ 0x805EDF44 -> HOOKED (Unknown @ 0x89920CA0)

SSDT[177] : NtQueryValueKey @ 0x8062231A -> HOOKED (Unknown @ 0x89947C20)

SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x89951A78)

SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x89920BE0)

SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x89955B00)

SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x89920B20)

SSDT[247] : NtSetValueKey @ 0x80622668 -> HOOKED (\??\C:\Program Files\Symantec\SYMEVENT.SYS @ 0xAE60D580)

SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x899B7EB0)

SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x89962E88)

SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x89932BF8)

SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x89962F48)

SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x89955BC0)

SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x89940B78)

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 www.10sek.com

127.0.0.1 10sek.com

127.0.0.1 www.123topsearch.com

127.0.0.1 123topsearch.com

127.0.0.1 www.132.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST980825AS +++++

--- User ---

[MBR] d9a25a7564b409ef7096c9a436f718c7

[bSP] c23de17a2374970d61b8b2e3b119ba08 : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 69184 Mo

1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 141689520 | Size: 7131 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_01212013_02d0656.txt >>

RKreport[1]_S_01212013_02d0656.txt

Link to post
Share on other sites

The system -does- have a Zero Access infection.

Backdoor trojan warning:ZeroAccess / Sirefef

This system has some serious backdoor trojans. ZeroAccess / Sirefef

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

See this article on creating strong passwords http://www.microsoft.com/security/online-privacy/passwords-create.aspx

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.

While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspx

Help: I Got Hacked. Now What Do I Do? http://www.microsoft...gmt/sm0504.mspx

Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft...gmt/sm0704.mspx

Microsoft Says Recovery from Malware Becoming Impossible http://www.eweek.com...,1945808,00.asp

Let me know what you decide.

Link to post
Share on other sites

Do NOT do any websurfing on this system.

Please only follow my guidance. There will be -lots-more to do later.

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan :excl:
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
    Put a check next to all of these and uncheck the rest: (if found)
    [RUN][bLACKLISTDLL] HKLM\[...]\Run : CognizanceTS (rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule) -> FOUND
    [RUN][sUSP PATH] HKLM\[...]\Run : KeyAccess (C:\WINDOWS\keyacc32.exe) -> FOUND
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
  • Then click on Delete on the right hand column under Options.
    Next click on the Files tab and put a check next to these and uncheck the rest. (if found)
    [ZeroAccess][FILE] @ : C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ --> FOUND
    [ZeroAccess][FILE] @ : C:\Documents and Settings\DKarst.HYLAS-LT-005\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ --> FOUND
    [ZeroAccess][FOLDER] U : C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U --> FOUND
    [ZeroAccess][FOLDER] U : C:\Documents and Settings\DKarst.HYLAS-LT-005\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U --> FOUND
    [ZeroAccess][FOLDER] L : C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L --> FOUND
    [ZeroAccess][FOLDER] L : C:\Documents and Settings\DKarst.HYLAS-LT-005\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L --> FOUND

    Now click Delete on the right hand column under Options
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

Link to post
Share on other sites

Nothing showed after running Prescan so ran Scan, followed your remaining instructions; two reports appeared

RKreport[2]

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : DKarst [Admin rights]

Mode : Scan -- Date : 01/21/2013 09:10:51

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[RUN][PREVRUN] HKLM\[...]\Run : CognizanceTS (rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule) -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Run : KeyAccess (C:\WINDOWS\keyacc32.exe) -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ --> FOUND

[ZeroAccess][FILE] @ : C:\Documents and Settings\DKarst.HYLAS-LT-005\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U --> FOUND

[ZeroAccess][FOLDER] U : C:\Documents and Settings\DKarst.HYLAS-LT-005\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L --> FOUND

[ZeroAccess][FOLDER] L : C:\Documents and Settings\DKarst.HYLAS-LT-005\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8993BED0)

SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8993BF90)

SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x89915B30)

SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A5A5328)

SSDT[43] : NtCreateMutant @ 0x806176AE -> HOOKED (Unknown @ 0x89932E68)

SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x89919AC0)

SSDT[65] : NtDeleteValueKey @ 0x80624762 -> HOOKED (\??\C:\Program Files\Symantec\SYMEVENT.SYS @ 0xAE60D350)

SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8990AA78)

SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x89932F48)

SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8993BE10)

SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8992CA78)

SSDT[114] : NtOpenEvent @ 0x8060F06C -> HOOKED (Unknown @ 0x89947D10)

SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8990AAF8)

SSDT[129] : NtOpenThreadToken @ 0x805EDF44 -> HOOKED (Unknown @ 0x89920CA0)

SSDT[177] : NtQueryValueKey @ 0x8062231A -> HOOKED (Unknown @ 0x89947C20)

SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x89951A78)

SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x89920BE0)

SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x89955B00)

SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x89920B20)

SSDT[247] : NtSetValueKey @ 0x80622668 -> HOOKED (\??\C:\Program Files\Symantec\SYMEVENT.SYS @ 0xAE60D580)

SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x899B7EB0)

SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x89962E88)

SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x89932BF8)

SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x89962F48)

SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x89955BC0)

SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x89940B78)

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 www.10sek.com

127.0.0.1 10sek.com

127.0.0.1 www.123topsearch.com

127.0.0.1 123topsearch.com

127.0.0.1 www.132.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST980825AS +++++

--- User ---

[MBR] d9a25a7564b409ef7096c9a436f718c7

[bSP] c23de17a2374970d61b8b2e3b119ba08 : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 69184 Mo

1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 141689520 | Size: 7131 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_S_01212013_02d0910.txt >>

RKreport[1]_S_01212013_02d0656.txt ; RKreport[2]_S_01212013_02d0910.txt

RKreport[3]

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : DKarst [Admin rights]

Mode : Remove -- Date : 01/21/2013 09:16:35

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[RUN][PREVRUN] HKLM\[...]\Run : CognizanceTS (rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule) -> DELETED

[RUN][sUSP PATH] HKLM\[...]\Run : KeyAccess (C:\WINDOWS\keyacc32.exe) -> DELETED

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ --> REMOVED

[ZeroAccess][FILE] @ : C:\Documents and Settings\DKarst.HYLAS-LT-005\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\Documents and Settings\DKarst.HYLAS-LT-005\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U --> REMOVED

[Del.Parent][FILE] 00000004.@ : C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\00000004.@ --> REMOVED

[Del.Parent][FILE] 201d3dde : C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\201d3dde --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\Documents and Settings\DKarst.HYLAS-LT-005\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8993BED0)

SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8993BF90)

SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x89915B30)

SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A5A5328)

SSDT[43] : NtCreateMutant @ 0x806176AE -> HOOKED (Unknown @ 0x89932E68)

SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x89919AC0)

SSDT[65] : NtDeleteValueKey @ 0x80624762 -> HOOKED (\??\C:\Program Files\Symantec\SYMEVENT.SYS @ 0xAE60D350)

SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8990AA78)

SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x89932F48)

SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8993BE10)

SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8992CA78)

SSDT[114] : NtOpenEvent @ 0x8060F06C -> HOOKED (Unknown @ 0x89947D10)

SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8990AAF8)

SSDT[129] : NtOpenThreadToken @ 0x805EDF44 -> HOOKED (Unknown @ 0x89920CA0)

SSDT[177] : NtQueryValueKey @ 0x8062231A -> HOOKED (Unknown @ 0x89947C20)

SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x89951A78)

SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x89920BE0)

SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x89955B00)

SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x89920B20)

SSDT[247] : NtSetValueKey @ 0x80622668 -> HOOKED (\??\C:\Program Files\Symantec\SYMEVENT.SYS @ 0xAE60D580)

SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x899B7EB0)

SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x89962E88)

SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x89932BF8)

SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x89962F48)

SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x89955BC0)

SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x89940B78)

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 www.10sek.com

127.0.0.1 10sek.com

127.0.0.1 www.123topsearch.com

127.0.0.1 123topsearch.com

127.0.0.1 www.132.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST980825AS +++++

--- User ---

[MBR] d9a25a7564b409ef7096c9a436f718c7

[bSP] c23de17a2374970d61b8b2e3b119ba08 : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 69184 Mo

1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 141689520 | Size: 7131 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3]_D_01212013_02d0916.txt >>

RKreport[1]_S_01212013_02d0656.txt ; RKreport[2]_S_01212013_02d0910.txt ; RKreport[3]_D_01212013_02d0916.txt

Link to post
Share on other sites

Allright. That was a good beginning.

Run the following and post the requested log. Credit Kevinf80 for the following

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

Image1.png

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

mbarwm.png

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

Image2.png

7. The following image opens, select Update

Image3.png

8. When the Update completes, select Next

Image4.png

9. In the following window ensure "Targets" are ticked. Then select "Scan"

Image5.png

10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

MBAntiRKclean.png

11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

MBAntiRKclean1.png

12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

Image6.png

13. Select "Exit" to close down.

14. Copy and paste the two following logs from the mbar folder:

System - log

Mbar - log Date and time of scan will also be shown

Image10.png

Post those two logs in your reply.

Link to post
Share on other sites

When trying to run mbar.exe, a message appears that says

"This application has failed to start because QtGui4.dll was not found. Re-installing the application may fix this problem."

That file is actually present and I have tried to reinstall the anit-root kit twice.

Should I reboot?

Link to post
Share on other sites

Followed instructions above and started mbar.exe and got this message:

Probable rootkit activity detected

Registry value "AppInit_Dlls" has been found, which may be caused by rootkit activity.

Note: Press "No" button if you're not sure. If the too crashes or terminates unexpectedly during a system scan, restart the tool and press "Yes" should this message appear again.

Do you want to remove this value and restart the tool?

What would you recommend doing?

Link to post
Share on other sites

mbar-log-2013-01-21 (11-28-36).txt

Malwarebytes Anti-Rootkit BETA 1.01.0.1016

www.malwarebytes.org

Database version: v2013.01.21.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

DKarst :: HYLAS-LT-005 [administrator]

1/21/2013 11:28:36 AM

mbar-log-2013-01-21 (11-28-36).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 28660

Time elapsed: 37 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 2

HKLM\SOFTWARE\CLASSES\INTERFACE\{1D4DB7D3-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Delete on reboot.

HKLM\SOFTWARE\CLASSES\TypeLib\{1D4DB7D0-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Delete on reboot.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

system-log.txt

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1016

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_35

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 2146807808, free: 1053712384

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1016

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_35

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 2146807808, free: 1048051712

------------ Kernel report ------------

01/21/2013 10:49:38

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

ohci1394.sys

\WINDOWS\system32\DRIVERS\1394BUS.SYS

compbatt.sys

\WINDOWS\system32\DRIVERS\BATTC.SYS

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

intelide.sys

viaide.sys

aliide.sys

pcmcia.sys

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

ACPIEC.sys

\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

PartMgr.sys

pavboot.sys

VolSnap.sys

atapi.sys

iaStor.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

sr.sys

DRVMCDB.SYS

PxHelp20.sys

KSecDD.sys

Ntfs.sys

NDIS.sys

Mup.sys

hpdskflt.sys

\SystemRoot\system32\DRIVERS\nic1394.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\ati2mtag.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\b57xp32.sys

\SystemRoot\system32\DRIVERS\NETw3x32.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\drivers\tifm21.sys

\SystemRoot\system32\DRIVERS\sdbus.sys

\SystemRoot\system32\DRIVERS\gtipci21.sys

\SystemRoot\system32\DRIVERS\SMCLIB.SYS

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\DRIVERS\IFXTPM.SYS

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\System32\Drivers\DLACDBHM.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\System32\Drivers\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\Accelerometer.sys

\SystemRoot\system32\DRIVERS\cpqbttn.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\dne2000.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\ADIHdAud.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\AEAudio.sys

\SystemRoot\system32\DRIVERS\AGRSM.sys

\SystemRoot\System32\Drivers\Modem.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\drivers\psd.sys

\??\C:\Program Files\Symantec AntiVirus\savrt.sys

\??\C:\Program Files\Symantec\SYMEVENT.SYS

\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys

\SystemRoot\system32\DRIVERS\ATSwpDrv.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\Drivers\DLARTL_N.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\System32\Drivers\SYMTDI.SYS

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\arp1394.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\eabfiltr.sys

\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

\SystemRoot\System32\Drivers\Fastfat.SYS

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\ati2dvag.dll

\SystemRoot\System32\ati2cqag.dll

\SystemRoot\System32\atikvmag.dll

\SystemRoot\System32\ati3duag.dll

\SystemRoot\System32\ativvaxx.dll

\SystemRoot\System32\Drivers\DRVNDDM.SYS

\SystemRoot\System32\DLA\DLADResN.SYS

\SystemRoot\System32\DLA\DLAIFS_M.SYS

\SystemRoot\System32\DLA\DLAOPIOM.SYS

\SystemRoot\System32\DLA\DLAPoolM.SYS

\SystemRoot\System32\DLA\DLABOIOM.SYS

\SystemRoot\System32\DLA\DLAUDFAM.SYS

\SystemRoot\System32\DLA\DLAUDF_M.SYS

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\mrxdav.sys

\??\C:\WINDOWS\system32\drivers\Haspnt.sys

\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

\??\C:\WINDOWS\system32\drivers\hardlock.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\DRIVERS\srv.sys

\??\C:\WINDOWS\system32\drivers\mqac.sys

\??\C:\WINDOWS\system32\drivers\RMCast.sys

\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130118.007\navex15.sys

\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130118.007\naveng.sys

\SystemRoot\System32\Drivers\SYMREDRV.SYS

\SystemRoot\system32\drivers\kmixer.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8a5bdab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-0\

Lower Device Object: 0xffffffff8a563030

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

Initialization returned 0x0

Load Function returned 0x0

Downloaded database version: v2013.01.21.06

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8a5bdab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a4bf9f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a5bdab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a4bfc08, DeviceName: Unknown, DriverName: \Driver\hpdskflt\

DevicePointer: 0xffffffff8a52cf18, DeviceName: \Device\000000a4\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8a563030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\

------------ End ----------

Upper DeviceData: 0xffffffffe5b0bd00, 0xffffffff8a5bdab8, 0xffffffff882aeab8

Lower DeviceData: 0xffffffffe12a7128, 0xffffffff8a563030, 0xffffffff883acf18

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\WINDOWS\system32\drivers...

Read File: File "C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq nw8440 (RB556UT#ABA)_YN_0U_QCNU6511VBT_E406769001_46_I30A3_SHP_VKBC Version 40.17_B68YVD Ver. F.0E_T060928_WXP2_L409_M1024_J80_7Intel_8Core2 T7200_92_#060421_N14E416FD_(RB556UT#ABA)_XMOBILE.MRK" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\Hdaudio.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\SYMEVENT.SYS" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\symdns.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati2erec.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\symfw.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\symids.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\symndis.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\SymRedir.cat" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\SymRedir.inf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 95AA95AA

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 141689457

Partition file system is NTFS

Partition is bootable

Partition 1 type is Other (0xc)

Partition is NOT ACTIVE.

Partition starts at LBA: 141689520 Numsec = 14605920

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 80026361856 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...

Done!

Performing system, memory and registry scan...

Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{1D4DB7D3-6EC9-47A3-BD87-1E41684E07BB} --> [PUP.MyWebSearch]

Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{1D4DB7D0-6EC9-47A3-BD87-1E41684E07BB} --> [PUP.MyWebSearch]

Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Adobe\ALM\alm.log" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\bookmrk.dbf" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Grpsyll.dbf" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Progress.dbf" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Settings.dbf" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Syllabus.dbf" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft\Machine Debug Manager\mdm.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\dkarst\Application Data\Download Manager\AcroPro80_efg.exe_e0be61ca.tmp" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\dkarst\Application Data\Download Manager\adobe.GIF_e162c9d8.tmp" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\dkarst\Application Data\Google\Local Search History\google%2Egroups.w" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\dkarst\Application Data\Google\Local Search History\google%2Enews.w" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\dkarst\Application Data\Microsoft\Media Player\00212B16.wpl" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\dkarst\Application Data\Microsoft\Office\Graph11.pip" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\dkarst\Application Data\Microsoft\Office\MSO1031.acl" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\dkarst\Application Data\Microsoft\Office\Word12.pip" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\dkarst\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\dkarst\Application Data\Microsoft\Signatures\Dennis Karst.txt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Symantec\PendingAlertsQueue.log" is compressed (flags = 1)

Read File: File "c:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)

Read File: File "c:\RECYCLER\S-1-5-21-1708537768-602609370-725345543-500\desktop.ini" is compressed (flags = 1)

Read File: File "c:\RECYCLER\S-1-5-21-1708537768-602609370-725345543-500\INFO2" is compressed (flags = 1)

Read File: File "c:\RECYCLER\S-1-5-21-291779820-1727755652-3596386878-500\desktop.ini" is compressed (flags = 1)

Read File: File "c:\RECYCLER\S-1-5-21-291779820-1727755652-3596386878-500\INFO2" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\$ncsp$.inf" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\d.scf" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\logonui.exe.manifest" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\LuResult.txt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\login.cmd" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\MsiExec.log" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\perfci.h" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\drivers\SymRedir.cat" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\oobe\HPSysInf.INI" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\Administrator\Local Settings\Temp\delmodem.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\dkarst\Local Settings\Temp\MSI7efdd.LOG" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\dkarst\Local Settings\Temp\MSIb3f89.LOG" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\Default User\ntuser.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)

Read File: File "c:\WINDOWS\explorer.scf" is compressed (flags = 1)

Read File: File "c:\WINDOWS\SEC2.LOG" is compressed (flags = 1)

Read File: File "c:\WINDOWS\setuperr.log" is compressed (flags = 1)

Read File: File "c:\WINDOWS\smscfg.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\vb.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\vbaddin.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\wininit.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Debug\UserMode\gptext.log" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Downloaded Program Files\DownloadManagerV2.inf" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Help\update.cnt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.rtm.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\caspol.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\l_except.nlp" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regasm.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\XPThemes.manifest" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU1.txt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\Administrator\Local Settings\Temp\delmodem.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\dkarst\Local Settings\Temp\MSI7efdd.LOG" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\dkarst\Local Settings\Temp\MSIb3f89.LOG" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\dkarst\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\dkarst\Local Settings\Application Data\Microsoft\Outlook\updndex.oab" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)

Read File: File "c:\RECYCLER\S-1-5-21-1708537768-602609370-725345543-500\desktop.ini" is compressed (flags = 1)

Read File: File "c:\RECYCLER\S-1-5-21-1708537768-602609370-725345543-500\INFO2" is compressed (flags = 1)

Read File: File "c:\RECYCLER\S-1-5-21-291779820-1727755652-3596386878-500\desktop.ini" is compressed (flags = 1)

Read File: File "c:\RECYCLER\S-1-5-21-291779820-1727755652-3596386878-500\INFO2" is compressed (flags = 1)

Done!

Scan finished

=======================================

Link to post
Share on other sites

Do this next:

Logoff and Restart the system fresh.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe cf-icon.jpg accept the EULA & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Reply & Copy / Paste the contents of C:\Combofix.txt log and tell me, How is the system now ?

RE-Enable your AntiVirus and AntiSpyware applications.

Link to post
Share on other sites

System seems OK but it wasn't having problems before except that it wouldn't run Malwarebytes.

ComboFix 13-01-21.04 - DKarst 01/21/2013 12:30:05.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.917 [GMT -6:00]

Running from: c:\documents and settings\DKarst.HYLAS-LT-005\Desktop\Combo-Fix.exe

AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\DKarst.HYLAS-LT-005\System

c:\documents and settings\DKarst.HYLAS-LT-005\System\win_qs8.jqx

c:\documents and settings\DKarst.HYLAS-LT-005\WINDOWS

c:\documents and settings\DKarst.HYLAS-LT-005\zlib.dll

c:\windows\IsUn0407.exe

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

C:\xcrashdump.dat

E:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-12-21 to 2013-01-21 )))))))))))))))))))))))))))))))

.

.

2013-01-21 15:07 . 2013-01-21 15:07 -------- d-----w- C:\RK_Quarantine

2013-01-21 12:23 . 2013-01-21 12:24 -------- d-----w- c:\program files\ERUNT

2013-01-19 14:19 . 2013-01-20 00:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-19 14:19 . 2012-12-14 22:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-19 13:04 . 2013-01-12 09:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-01-14 20:55 . 2013-01-14 21:23 -------- d-----w- c:\program files\Notation

2013-01-14 20:36 . 2013-01-14 20:41 -------- d-----w- c:\program files\Akoff Music Composer Demo

2013-01-14 20:27 . 2013-01-14 20:27 -------- d-----w- c:\documents and settings\DKarst.HYLAS-LT-005\Application Data\Music Recognition

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-08 23:16 . 2012-03-29 11:48 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-08 23:16 . 2011-07-07 11:24 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-08 23:16 . 2012-03-30 13:16 16369160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-12-26 16:07 . 2012-12-26 16:07 10 ----a-w- c:\windows\Fonts\wfonts.key

2012-12-16 12:23 . 2004-08-04 08:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-13 01:25 . 2004-08-04 08:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 02:01 . 2008-04-14 00:12 1371648 ------w- c:\windows\system32\msxml6.dll

2012-11-02 02:02 . 2004-08-04 08:00 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec

2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-01-10 13:46 . 2011-01-10 13:46 436 ----a-w- c:\program files\011020117465817.bat

2013-01-19 03:40 . 2013-01-19 03:40 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]

"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]

"AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 88203]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-17 53248]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]

"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-01-23 802816]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]

"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]

"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]

"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]

.

c:\documents and settings\DKarst.HYLAS-LT-005\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

Smile Desktop.lnk - c:\program files\Webshots\Smile Desktop\Smile.exe [2012-10-16 2229760]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-4-13 184320]

Event Planner Reminders Tray Icon.lnk - c:\sierra\Planner\PLNRnote.exe [2008-7-2 184320]

Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2008-7-2 323584]

VPN Client.lnk - c:\windows\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [2007-4-13 6144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]

2005-08-19 13:52 389120 ----a-w- c:\windows\system32\IfxWlxEN.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]

2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/30/2008 8:27 AM 28544]

R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [10/25/2005 12:10 PM 35488]

R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 2:00 AM 14336]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 12:37 PM 13672]

R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 7:33 PM 116464]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/22/2012 7:15 AM 106656]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [4/21/2006 6:36 AM 87936]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/10/2005 7:26 AM 35968]

S3 SydexFDD;Sydex Diskette Driver;c:\windows\system32\drivers\SYDEXFDD.SYS [7/4/2008 7:55 AM 13359]

S3 ZSTAR;Virtual Serial USB driver for Freescale USB Adapter;c:\windows\system32\drivers\usbser-zstar.sys [10/17/2007 9:20 AM 25600]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Cognizance REG_MULTI_SZ ASChannel

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 23:16]

.

2013-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]

.

2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 00:52]

.

2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 00:52]

.

2013-01-20 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

.

2013-01-21 c:\windows\Tasks\SDMsgUpdate (SD).job

- c:\program files\SmartDraw VP\Messages\SDNotify.exe [2011-05-09 17:29]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: thinkbank.com\www

TCP: DhcpNameServer = 206.9.88.12 206.9.88.13

FF - ProfilePath - c:\documents and settings\DKarst.HYLAS-LT-005\Application Data\Mozilla\Firefox\Profiles\tlpafk4k.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: !HIDDEN! 2009-07-11 17:21; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-WinDefend

AddRemove-Coupon Printer for Windows4.0 - c:\program files\Coupons\uninstall.exe

AddRemove-Moorhuhn 2 V1.1 - c:\windows\IsUn0407.exe

AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-21 12:49

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???(g??????(?@???????@

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1404)

c:\windows\system32\Ati2evxx.dll

c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

c:\windows\system32\IfxWlxEN.dll

.

- - - - - - - > 'explorer.exe'(4384)

c:\windows\system32\WININET.dll

c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll

c:\program files\HPQ\IAM\Bin\SFSShell.dll

c:\program files\HPQ\IAM\bin\ItMsg.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\IFXTCS.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\windows\System32\SCardSvr.exe

c:\windows\system32\msdtc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\windows\system32\IFXSPMGT.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\HPQ\IAM\bin\asghost.exe

c:\program files\ProtectTools\Embedded Security Software\SpTna.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\program files\HPQ\HP ProtectTools Security Manager\PTServs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\system32\mqsvc.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\system32\mqtgsvc.exe

c:\windows\AGRSMMSG.exe

c:\program files\iPod\bin\iPodService.exe

c:\progra~1\HPQ\Shared\HPQTOA~1.EXE

.

**************************************************************************

.

Completion time: 2013-01-21 12:56:15 - machine was rebooted

ComboFix-quarantined-files.txt 2013-01-21 18:56

.

Pre-Run: 10,419,482,624 bytes free

Post-Run: 13,133,410,304 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 1E720FB82A249EA9138127AD54ECD244

Link to post
Share on other sites

System seems OK but it wasn't having problems before except that it wouldn't run Malwarebytes.

While it "looked" ok to you, believe me this had a very nasty infection.

Combofix found & got some more of it, with that last run.

btw, your prior inability to run MBAM was 1 indication {a warning bell} that something was likely not right.

There is much more to do in order to hope to get all there is. Do as much as possible of the following:

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from

>>> here <<<

  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
  • This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.

Step 2

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Step 3

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click JRT.exe and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply. And tell me, How is the system now?
  • Re-enable your security software.

Link to post
Share on other sites

Disabled Antivirus and tried to start Malwarebytes. Got this message:

"This application has failed to start because MSVBVM60.DLL was not found. Re-installing the application may fix this problem."

That file is actually present. Do you want me to skip step 2 and go on to step 3???

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.