Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan Problems Cleanman.B allowed by MSE

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan Problems Cleanman.B allowed by MSE

Unread postby t-risk7 » April 14th, 2012, 7:50 am

I received an alert from MSE about found threats on my computer. I clicked remove and here is what came up.

Trojan:Win32/Medfos.A threat removed
Trojan:Win32/Medfos.B threat removed
Exploit:JAVA/CVE-2012-0507-D!ldr quarantined
Exploit:JAVA/CVE-2012-5007.Q removed
Trojan:Win32/Cleanman.B !!ALLOWED!!
Trojan:Win32.Alueron.FO removed
Trojan:JS.Medfos.A removed
TrojanDownloader:Win32KaranganyI removed


All of these threats have come up within the last 8 days.

I use the Scotty watchdog program and it keeps detecting a change to my hosts file 127 which I reject, but it pops up about every ten minutes or so.

I use Malwarebytes weekly, and run MSE weekly. I don't know what caused the problems.

Here is DDS notepad:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.0
Run by Tad Palmer at 7:44:10 on 2012-04-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1238 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\drivers\ABlocker\AoboBlocker.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AoboBlocker] c:\windows\system32\drivers\ablocker\AoboBlocker.exe
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{30F4F4BD-9581-485C-8D47-7889B282CA43} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{30F4F4BD-9581-485C-8D47-7889B282CA43} : DhcpNameServer = 192.168.10.1
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tad palmer\application data\mozilla\firefox\profiles\d4m1k4fi.default\
FF - plugin: c:\documents and settings\tad palmer\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsle50d4249;MpKsle50d4249;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f05bb05e-5752-426c-9b15-007bdeadb23f}\mpksle50d4249.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f05bb05e-5752-426c-9b15-007bdeadb23f}\MpKsle50d4249.sys [?]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-10-11 245760]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-14 40776]
.
=============== Created Last 30 ================
.
2012-04-14 11:15:58 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24251fc3-c4eb-4235-863a-3101e5b21fd9}\mpengine.dll
2012-04-14 11:05:09 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-09 13:01:52 -------- d-----w- c:\documents and settings\tad palmer\local settings\application data\{5DA2580A-8245-11E1-826D-B8AC6F996F26}
2012-03-31 15:18:00 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-03-31 15:17:51 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-31 15:17:51 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-31 03:36:35 -------- d--h--w- c:\windows\system32\Settings
.
==================== Find3M ====================
.
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS548040M9AT00 rev.MG2OA5EA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89A5649F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89a5d740]; MOV EAX, [0x89a5d8b4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x89D97AB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x89BE78B8]
\Driver\atapi[0x89A7C4D8] -> IRP_MJ_CREATE -> 0x89A5649F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89A562C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 7:47:33.83 ===============
Here is attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/10/2011 7:36:54 PM
System Uptime: 4/14/2012 6:24:39 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0X9238
Processor: Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 24.263 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP113: 2/26/2012 1:50:10 AM - Software Distribution Service 3.0
RP114: 2/27/2012 1:51:18 AM - System Checkpoint
RP115: 2/27/2012 1:12:04 PM - Software Distribution Service 3.0
RP116: 2/28/2012 1:11:09 PM - Software Distribution Service 3.0
RP117: 2/29/2012 1:11:35 PM - System Checkpoint
RP118: 2/29/2012 8:46:13 PM - Software Distribution Service 3.0
RP119: 3/1/2012 1:09:36 PM - Software Distribution Service 3.0
RP120: 3/2/2012 1:07:23 PM - Software Distribution Service 3.0
RP121: 3/3/2012 1:06:15 PM - Software Distribution Service 3.0
RP122: 3/4/2012 1:49:33 AM - Software Distribution Service 3.0
RP123: 3/4/2012 1:04:12 PM - Software Distribution Service 3.0
RP124: 3/5/2012 1:02:15 PM - Software Distribution Service 3.0
RP125: 3/6/2012 1:16:05 PM - System Checkpoint
RP126: 3/7/2012 2:10:41 PM - System Checkpoint
RP127: 3/8/2012 8:13:36 AM - Software Distribution Service 3.0
RP128: 3/9/2012 8:09:46 AM - Software Distribution Service 3.0
RP129: 3/10/2012 8:08:17 AM - Software Distribution Service 3.0
RP130: 3/11/2012 10:21:48 AM - System Checkpoint
RP131: 3/11/2012 12:55:16 PM - Software Distribution Service 3.0
RP132: 3/12/2012 3:24:42 PM - Software Distribution Service 3.0
RP133: 3/14/2012 12:21:01 PM - Software Distribution Service 3.0
RP134: 3/16/2012 9:23:14 AM - Software Distribution Service 3.0
RP135: 3/16/2012 9:33:19 AM - Software Distribution Service 3.0
RP136: 3/18/2012 1:45:55 AM - Software Distribution Service 3.0
RP137: 3/19/2012 10:32:26 AM - Software Distribution Service 3.0
RP138: 3/20/2012 10:09:02 PM - Software Distribution Service 3.0
RP139: 3/21/2012 9:49:54 AM - Software Distribution Service 3.0
RP140: 3/22/2012 10:02:42 AM - System Checkpoint
RP141: 3/23/2012 5:45:53 AM - Software Distribution Service 3.0
RP142: 3/23/2012 9:49:48 AM - Software Distribution Service 3.0
RP143: 3/24/2012 10:37:13 AM - System Checkpoint
RP144: 3/24/2012 11:06:20 PM - Software Distribution Service 3.0
RP145: 3/25/2012 1:49:01 AM - Software Distribution Service 3.0
RP146: 3/25/2012 9:47:45 AM - Software Distribution Service 3.0
RP147: 3/26/2012 9:47:49 AM - Software Distribution Service 3.0
RP148: 3/27/2012 9:44:14 AM - Software Distribution Service 3.0
RP149: 3/28/2012 9:45:17 AM - Software Distribution Service 3.0
RP150: 3/29/2012 9:46:18 AM - Software Distribution Service 3.0
RP151: 3/30/2012 9:46:20 AM - Software Distribution Service 3.0
RP152: 3/31/2012 11:12:16 AM - Software Distribution Service 3.0
RP153: 4/1/2012 2:16:33 AM - Software Distribution Service 3.0
RP154: 4/2/2012 2:17:02 AM - System Checkpoint
RP155: 4/2/2012 11:16:57 AM - Software Distribution Service 3.0
RP156: 4/3/2012 11:57:18 AM - System Checkpoint
RP157: 4/3/2012 8:59:17 PM - Software Distribution Service 3.0
RP158: 4/4/2012 9:55:36 PM - Software Distribution Service 3.0
RP159: 4/5/2012 11:06:14 PM - Software Distribution Service 3.0
RP160: 4/7/2012 7:22:45 AM - Software Distribution Service 3.0
RP161: 4/8/2012 9:05:34 AM - Software Distribution Service 3.0
RP162: 4/9/2012 12:12:39 PM - System Checkpoint
RP163: 4/9/2012 2:09:23 PM - Software Distribution Service 3.0
RP164: 4/12/2012 11:26:23 AM - Software Distribution Service 3.0
RP165: 4/13/2012 10:47:33 PM - Software Distribution Service 3.0
RP166: 4/14/2012 7:15:25 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
AnalogX Script Defender
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Broadcom 440x 10/100 Integrated Controller
Brother MFL-Pro Suite MFC-J265W
Conexant D110 MDC V.92 Modem
ERUNT 1.1j
Foxit Reader 5.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel(R) PROSet/Wireless Software
Java Auto Updater
Java(TM) 7 Update 2
Malwarebytes Anti-Malware version 1.61.0.1400
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mIWA
mLogView
mMHouse
Mozilla Firefox 11.0 (x86 en-US)
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
mWlsSafe
mWMI
mZConfig
OLYMPUS Digital Camera Updater
OLYMPUS Viewer 2
OpenOffice.org 3.3
PaperPort Image Printer
QuickBooks
QuickBooks Pro 2011
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinPatrol
.
==== Event Viewer Messages From Past Week ========
.
4/9/2012 12:07:33 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1315.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/13/2012 11:23:57 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1622.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/13/2012 11:13:42 PM, error: w29n51 [5031] - \DEVICE\{30F4F4BD-9581-485C-8D47-7889B282CA43} : The adapter has detected an Adapter Check as a result of some unrecoverable hardware of software error. Please contact your service provider.
4/13/2012 11:13:42 PM, error: w29n51 [5010] - \DEVICE\{30F4F4BD-9581-485C-8D47-7889B282CA43} : The adapter has returned an invalid value to the driver.
4/13/2012 11:03:56 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1622.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/13/2012 11:03:56 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1622.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/13/2012 11:03:56 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1622.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================

Thank You for your help.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm
Advertisement
Register to Remove

Re: Trojan Problems Cleanman.B allowed by MSE

Unread postby deltalima » April 15th, 2012, 4:09 pm

checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Trojan Problems Cleanman.B allowed by MSE

Unread postby deltalima » April 15th, 2012, 4:12 pm

Hi t-risk7,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

QuickBooks Pro 2011


Is this computer ever used for business?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Trojan Problems Cleanman.B allowed by MSE

Unread postby t-risk7 » April 15th, 2012, 8:22 pm

No. Not used for business.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Trojan Problems Cleanman.B allowed by MSE

Unread postby deltalima » April 16th, 2012, 2:19 am

Hi t-risk7,

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Trojan Problems Cleanman.B allowed by MSE

Unread postby t-risk7 » April 16th, 2012, 7:13 am

Here is TDSSKiller log.

The computer wouldn't power down after I hit reboot so I had to use power button to turn it off.
I then rebooted it without logging in. Would that affect TDSSkiller from curing anything?

Here is log.

06:58:20.0703 5568 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
06:58:21.0218 5568 ============================================================
06:58:21.0218 5568 Current date / time: 2012/04/16 06:58:21.0218
06:58:21.0218 5568 SystemInfo:
06:58:21.0218 5568
06:58:21.0218 5568 OS Version: 5.1.2600 ServicePack: 3.0
06:58:21.0218 5568 Product type: Workstation
06:58:21.0218 5568 ComputerName: SILVER_BULLET
06:58:21.0218 5568 UserName: Tad Palmer
06:58:21.0218 5568 Windows directory: C:\WINDOWS
06:58:21.0218 5568 System windows directory: C:\WINDOWS
06:58:21.0218 5568 Processor architecture: Intel x86
06:58:21.0218 5568 Number of processors: 1
06:58:21.0218 5568 Page size: 0x1000
06:58:21.0218 5568 Boot type: Normal boot
06:58:21.0218 5568 ============================================================
06:58:28.0312 5568 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:58:28.0328 5568 \Device\Harddisk0\DR0:
06:58:28.0328 5568 MBR used
06:58:28.0328 5568 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
06:58:28.0343 5568 Initialize success
06:58:28.0343 5568 ============================================================
06:58:58.0015 2552 ============================================================
06:58:58.0015 2552 Scan started
06:58:58.0015 2552 Mode: Manual;
06:58:58.0015 2552 ============================================================
06:59:04.0765 2552 Abiosdsk - ok
06:59:04.0765 2552 abp480n5 - ok
06:59:04.0812 2552 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:59:04.0812 2552 ACPI - ok
06:59:04.0859 2552 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:59:04.0859 2552 ACPIEC - ok
06:59:04.0875 2552 adpu160m - ok
06:59:04.0921 2552 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:59:04.0921 2552 aec - ok
06:59:05.0062 2552 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
06:59:05.0078 2552 AegisP - ok
06:59:05.0140 2552 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:59:05.0140 2552 AFD - ok
06:59:05.0156 2552 Aha154x - ok
06:59:05.0171 2552 aic78u2 - ok
06:59:05.0187 2552 aic78xx - ok
06:59:05.0250 2552 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
06:59:05.0250 2552 Alerter - ok
06:59:05.0281 2552 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
06:59:05.0296 2552 ALG - ok
06:59:05.0328 2552 AliIde - ok
06:59:05.0343 2552 amsint - ok
06:59:05.0390 2552 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
06:59:05.0390 2552 AppMgmt - ok
06:59:05.0531 2552 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:59:05.0531 2552 Arp1394 - ok
06:59:05.0546 2552 asc - ok
06:59:05.0562 2552 asc3350p - ok
06:59:05.0578 2552 asc3550 - ok
06:59:05.0703 2552 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
06:59:05.0718 2552 aspnet_state - ok
06:59:05.0765 2552 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:59:05.0812 2552 AsyncMac - ok
06:59:05.0859 2552 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:59:05.0859 2552 atapi - ok
06:59:05.0906 2552 Atdisk - ok
06:59:05.0984 2552 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe
06:59:05.0984 2552 Ati HotKey Poller - ok
06:59:06.0046 2552 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
06:59:06.0062 2552 ati2mtag - ok
06:59:06.0265 2552 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:59:06.0296 2552 Atmarpc - ok
06:59:06.0328 2552 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
06:59:06.0328 2552 AudioSrv - ok
06:59:06.0359 2552 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:59:06.0359 2552 audstub - ok
06:59:06.0390 2552 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
06:59:06.0390 2552 bcm4sbxp - ok
06:59:06.0421 2552 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:59:06.0453 2552 Beep - ok
06:59:06.0531 2552 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
06:59:06.0562 2552 BITS - ok
06:59:06.0609 2552 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
06:59:06.0609 2552 Browser - ok
06:59:06.0718 2552 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
06:59:06.0734 2552 BrScnUsb - ok
06:59:06.0906 2552 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
06:59:06.0906 2552 BrYNSvc - ok
06:59:06.0953 2552 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:59:06.0953 2552 cbidf2k - ok
06:59:06.0968 2552 cd20xrnt - ok
06:59:07.0000 2552 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:59:07.0000 2552 Cdaudio - ok
06:59:07.0031 2552 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:59:07.0031 2552 Cdfs - ok
06:59:07.0062 2552 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:59:07.0062 2552 Cdrom - ok
06:59:07.0093 2552 Changer - ok
06:59:07.0093 2552 CiSvc - ok
06:59:07.0125 2552 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
06:59:07.0140 2552 ClipSrv - ok
06:59:07.0250 2552 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:59:07.0250 2552 clr_optimization_v2.0.50727_32 - ok
06:59:07.0375 2552 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
06:59:07.0375 2552 CmBatt - ok
06:59:07.0390 2552 CmdIde - ok
06:59:07.0406 2552 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
06:59:07.0406 2552 Compbatt - ok
06:59:07.0421 2552 COMSysApp - ok
06:59:07.0437 2552 Cpqarray - ok
06:59:07.0515 2552 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
06:59:07.0515 2552 CryptSvc - ok
06:59:07.0546 2552 dac2w2k - ok
06:59:07.0546 2552 dac960nt - ok
06:59:07.0609 2552 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
06:59:07.0625 2552 DcomLaunch - ok
06:59:07.0656 2552 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
06:59:07.0671 2552 Dhcp - ok
06:59:07.0687 2552 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:59:07.0703 2552 Disk - ok
06:59:07.0718 2552 dmadmin - ok
06:59:07.0921 2552 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
06:59:07.0937 2552 dmboot - ok
06:59:08.0062 2552 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
06:59:08.0062 2552 dmio - ok
06:59:08.0093 2552 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:59:08.0093 2552 dmload - ok
06:59:08.0109 2552 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
06:59:08.0109 2552 dmserver - ok
06:59:08.0156 2552 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:59:08.0171 2552 DMusic - ok
06:59:08.0203 2552 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
06:59:08.0203 2552 Dnscache - ok
06:59:08.0265 2552 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
06:59:08.0265 2552 Dot3svc - ok
06:59:08.0281 2552 dpti2o - ok
06:59:08.0296 2552 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:59:08.0296 2552 drmkaud - ok
06:59:08.0312 2552 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
06:59:08.0312 2552 EapHost - ok
06:59:08.0328 2552 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
06:59:08.0328 2552 ERSvc - ok
06:59:08.0375 2552 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
06:59:08.0375 2552 Eventlog - ok
06:59:08.0421 2552 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
06:59:08.0437 2552 EventSystem - ok
06:59:08.0562 2552 EvtEng (4c6fa3fd55087b7c35707068723a1710) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
06:59:08.0562 2552 EvtEng - ok
06:59:08.0687 2552 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:59:08.0687 2552 Fastfat - ok
06:59:08.0781 2552 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:59:08.0781 2552 FastUserSwitchingCompatibility - ok
06:59:08.0968 2552 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
06:59:08.0968 2552 Fdc - ok
06:59:09.0015 2552 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
06:59:09.0015 2552 Fips - ok
06:59:09.0359 2552 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
06:59:09.0359 2552 Flpydisk - ok
06:59:09.0406 2552 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
06:59:09.0406 2552 FltMgr - ok
06:59:09.0562 2552 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
06:59:09.0562 2552 FontCache3.0.0.0 - ok
06:59:09.0671 2552 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:59:09.0671 2552 Fs_Rec - ok
06:59:09.0687 2552 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:59:09.0687 2552 Ftdisk - ok
06:59:09.0734 2552 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:59:09.0750 2552 Gpc - ok
06:59:09.0890 2552 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
06:59:09.0921 2552 helpsvc - ok
06:59:09.0984 2552 HidServ - ok
06:59:10.0062 2552 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
06:59:10.0078 2552 hkmsvc - ok
06:59:10.0140 2552 hpn - ok
06:59:10.0265 2552 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
06:59:10.0265 2552 HSFHWICH - ok
06:59:10.0593 2552 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
06:59:10.0609 2552 HSF_DPV - ok
06:59:10.0750 2552 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:59:10.0796 2552 HTTP - ok
06:59:11.0187 2552 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
06:59:11.0203 2552 HTTPFilter - ok
06:59:11.0218 2552 i2omgmt - ok
06:59:11.0234 2552 i2omp - ok
06:59:11.0296 2552 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:59:11.0296 2552 i8042prt - ok
06:59:11.0500 2552 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:59:11.0546 2552 idsvc - ok
06:59:11.0671 2552 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:59:11.0687 2552 Imapi - ok
06:59:11.0828 2552 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
06:59:11.0828 2552 ImapiService - ok
06:59:11.0859 2552 ini910u - ok
06:59:11.0937 2552 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
06:59:11.0937 2552 IntelIde - ok
06:59:12.0015 2552 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:59:12.0015 2552 intelppm - ok
06:59:12.0406 2552 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
06:59:12.0406 2552 Ip6Fw - ok
06:59:12.0453 2552 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:59:12.0468 2552 IpFilterDriver - ok
06:59:12.0484 2552 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:59:12.0484 2552 IpInIp - ok
06:59:12.0515 2552 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:59:12.0515 2552 IpNat - ok
06:59:12.0640 2552 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:59:12.0687 2552 IPSec - ok
06:59:12.0921 2552 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:59:12.0921 2552 IRENUM - ok
06:59:12.0968 2552 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:59:12.0968 2552 isapnp - ok
06:59:13.0015 2552 JavaQuickStarterService (973db7ac74c554c546f8b0b7b98fb855) C:\Program Files\Java\jre7\bin\jqs.exe
06:59:13.0015 2552 JavaQuickStarterService - ok
06:59:13.0046 2552 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:59:13.0046 2552 Kbdclass - ok
06:59:13.0093 2552 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:59:13.0093 2552 kmixer - ok
06:59:13.0187 2552 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:59:13.0187 2552 KSecDD - ok
06:59:13.0234 2552 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
06:59:13.0234 2552 LanmanServer - ok
06:59:13.0296 2552 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
06:59:13.0296 2552 lanmanworkstation - ok
06:59:13.0312 2552 lbrtfdc - ok
06:59:13.0359 2552 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
06:59:13.0359 2552 LmHosts - ok
06:59:13.0406 2552 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
06:59:13.0406 2552 mdmxsdk - ok
06:59:13.0437 2552 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
06:59:13.0437 2552 Messenger - ok
06:59:13.0484 2552 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:59:13.0484 2552 mnmdd - ok
06:59:13.0515 2552 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
06:59:13.0531 2552 mnmsrvc - ok
06:59:13.0546 2552 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
06:59:13.0562 2552 Modem - ok
06:59:13.0609 2552 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:59:13.0609 2552 Mouclass - ok
06:59:13.0671 2552 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:59:13.0671 2552 MountMgr - ok
06:59:13.0703 2552 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
06:59:13.0703 2552 MpFilter - ok
06:59:14.0046 2552 MpKsl527326fc (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5324EF88-A72E-4101-A25F-602AD818459D}\MpKsl527326fc.sys
06:59:14.0046 2552 MpKsl527326fc - ok
06:59:14.0140 2552 mraid35x - ok
06:59:14.0218 2552 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:59:14.0218 2552 MRxDAV - ok
06:59:14.0281 2552 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:59:14.0296 2552 MRxSmb - ok
06:59:14.0343 2552 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
06:59:14.0343 2552 MSDTC - ok
06:59:14.0359 2552 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:59:14.0359 2552 Msfs - ok
06:59:14.0375 2552 MSIServer - ok
06:59:14.0500 2552 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:59:14.0500 2552 MSKSSRV - ok
06:59:14.0546 2552 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
06:59:14.0546 2552 MsMpSvc - ok
06:59:14.0640 2552 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:59:14.0671 2552 MSPCLOCK - ok
06:59:14.0953 2552 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:59:14.0984 2552 MSPQM - ok
06:59:15.0031 2552 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:59:15.0031 2552 mssmbios - ok
06:59:15.0109 2552 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:59:15.0109 2552 Mup - ok
06:59:15.0265 2552 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
06:59:15.0265 2552 napagent - ok
06:59:15.0906 2552 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:59:15.0937 2552 NDIS - ok
06:59:16.0062 2552 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:59:16.0062 2552 NdisTapi - ok
06:59:16.0218 2552 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:59:16.0218 2552 Ndisuio - ok
06:59:16.0390 2552 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:59:16.0390 2552 NdisWan - ok
06:59:16.0437 2552 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:59:16.0437 2552 NDProxy - ok
06:59:16.0468 2552 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:59:16.0468 2552 NetBIOS - ok
06:59:16.0546 2552 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:59:16.0546 2552 NetBT - ok
06:59:16.0593 2552 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
06:59:16.0609 2552 NetDDE - ok
06:59:16.0609 2552 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
06:59:16.0609 2552 NetDDEdsdm - ok
06:59:16.0671 2552 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:59:16.0671 2552 Netlogon - ok
06:59:16.0828 2552 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
06:59:16.0875 2552 Netman - ok
06:59:17.0125 2552 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:59:17.0125 2552 NetTcpPortSharing - ok
06:59:17.0171 2552 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:59:17.0171 2552 NIC1394 - ok
06:59:17.0250 2552 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
06:59:17.0250 2552 Nla - ok
06:59:17.0281 2552 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:59:17.0312 2552 Npfs - ok
06:59:17.0359 2552 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:59:17.0375 2552 Ntfs - ok
06:59:17.0437 2552 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:59:17.0437 2552 NtLmSsp - ok
06:59:17.0531 2552 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
06:59:17.0562 2552 NtmsSvc - ok
06:59:17.0609 2552 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:59:17.0609 2552 Null - ok
06:59:17.0703 2552 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:59:17.0703 2552 NwlnkFlt - ok
06:59:17.0765 2552 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:59:17.0765 2552 NwlnkFwd - ok
06:59:17.0875 2552 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:59:17.0937 2552 ohci1394 - ok
06:59:18.0453 2552 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
06:59:18.0468 2552 Parport - ok
06:59:18.0562 2552 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:59:18.0562 2552 PartMgr - ok
06:59:18.0625 2552 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:59:18.0625 2552 ParVdm - ok
06:59:18.0687 2552 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
06:59:18.0687 2552 PCI - ok
06:59:19.0078 2552 PCIDump - ok
06:59:19.0140 2552 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
06:59:19.0140 2552 PCIIde - ok
06:59:19.0171 2552 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
06:59:19.0171 2552 Pcmcia - ok
06:59:19.0187 2552 PDCOMP - ok
06:59:19.0203 2552 PDFRAME - ok
06:59:19.0203 2552 PDRELI - ok
06:59:19.0218 2552 PDRFRAME - ok
06:59:19.0234 2552 perc2 - ok
06:59:19.0250 2552 perc2hib - ok
06:59:19.0312 2552 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
06:59:19.0312 2552 PlugPlay - ok
06:59:19.0328 2552 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:59:19.0343 2552 PolicyAgent - ok
06:59:19.0406 2552 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:59:19.0406 2552 PptpMiniport - ok
06:59:19.0437 2552 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:59:19.0437 2552 ProtectedStorage - ok
06:59:19.0500 2552 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:59:19.0500 2552 Ptilink - ok
06:59:19.0656 2552 QBCFMonitorService (c6df3ff18d6acb913c78c865dded17d3) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
06:59:19.0656 2552 QBCFMonitorService - ok
06:59:19.0734 2552 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
06:59:19.0734 2552 QBFCService - ok
06:59:19.0890 2552 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
06:59:19.0906 2552 QBVSS - ok
06:59:20.0265 2552 ql1080 - ok
06:59:20.0281 2552 Ql10wnt - ok
06:59:20.0296 2552 ql12160 - ok
06:59:20.0312 2552 ql1240 - ok
06:59:20.0328 2552 ql1280 - ok
06:59:20.0359 2552 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:59:20.0359 2552 RasAcd - ok
06:59:20.0421 2552 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
06:59:20.0437 2552 RasAuto - ok
06:59:20.0468 2552 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:59:20.0500 2552 Rasl2tp - ok
06:59:20.0531 2552 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
06:59:20.0531 2552 RasMan - ok
06:59:20.0562 2552 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:59:20.0562 2552 RasPppoe - ok
06:59:20.0578 2552 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:59:20.0578 2552 Raspti - ok
06:59:20.0609 2552 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:59:20.0609 2552 Rdbss - ok
06:59:20.0625 2552 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:59:20.0625 2552 RDPCDD - ok
06:59:20.0656 2552 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:59:20.0656 2552 rdpdr - ok
06:59:20.0781 2552 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
06:59:20.0781 2552 RDPWD - ok
06:59:20.0828 2552 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
06:59:20.0843 2552 RDSessMgr - ok
06:59:21.0468 2552 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:59:21.0468 2552 redbook - ok
06:59:21.0640 2552 RegSrvc (8ac155995f5d10fc0d3ad949a1a68075) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
06:59:21.0656 2552 RegSrvc - ok
06:59:21.0687 2552 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
06:59:21.0687 2552 RemoteAccess - ok
06:59:21.0796 2552 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
06:59:22.0203 2552 RemoteRegistry - ok
06:59:22.0296 2552 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
06:59:22.0296 2552 RpcLocator - ok
06:59:22.0343 2552 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
06:59:22.0359 2552 RpcSs - ok
06:59:22.0390 2552 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
06:59:22.0390 2552 RSVP - ok
06:59:22.0500 2552 S24EventMonitor (131d50f081d2e29ebd1365b21f6b9736) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
06:59:22.0515 2552 S24EventMonitor - ok
06:59:22.0562 2552 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
06:59:22.0578 2552 s24trans - ok
06:59:22.0687 2552 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:59:22.0687 2552 SamSs - ok
06:59:22.0750 2552 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
06:59:22.0750 2552 SCardSvr - ok
06:59:22.0937 2552 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
06:59:22.0968 2552 Schedule - ok
06:59:23.0109 2552 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
06:59:23.0109 2552 sdbus - ok
06:59:23.0546 2552 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:59:23.0546 2552 Secdrv - ok
06:59:23.0593 2552 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
06:59:23.0593 2552 seclogon - ok
06:59:23.0656 2552 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
06:59:23.0656 2552 SENS - ok
06:59:23.0703 2552 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
06:59:23.0718 2552 Serial - ok
06:59:23.0812 2552 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:59:23.0843 2552 Sfloppy - ok
06:59:23.0937 2552 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
06:59:23.0953 2552 SharedAccess - ok
06:59:24.0109 2552 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:59:24.0109 2552 ShellHWDetection - ok
06:59:24.0125 2552 Simbad - ok
06:59:24.0156 2552 Sparrow - ok
06:59:24.0234 2552 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:59:24.0234 2552 splitter - ok
06:59:24.0359 2552 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
06:59:24.0359 2552 Spooler - ok
06:59:24.0609 2552 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:59:24.0609 2552 Sr - ok
06:59:24.0640 2552 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
06:59:24.0640 2552 srservice - ok
06:59:24.0703 2552 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:59:24.0718 2552 Srv - ok
06:59:24.0875 2552 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
06:59:24.0890 2552 SSDPSRV - ok
06:59:25.0078 2552 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
06:59:25.0093 2552 STAC97 - ok
06:59:25.0203 2552 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
06:59:25.0218 2552 stisvc - ok
06:59:25.0281 2552 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:59:25.0281 2552 swenum - ok
06:59:25.0343 2552 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:59:25.0343 2552 swmidi - ok
06:59:25.0359 2552 SwPrv - ok
06:59:25.0375 2552 symc810 - ok
06:59:25.0406 2552 symc8xx - ok
06:59:25.0421 2552 sym_hi - ok
06:59:25.0437 2552 sym_u3 - ok
06:59:25.0500 2552 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:59:25.0500 2552 sysaudio - ok
06:59:25.0546 2552 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
06:59:25.0546 2552 SysmonLog - ok
06:59:25.0593 2552 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
06:59:25.0609 2552 TapiSrv - ok
06:59:25.0671 2552 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:59:25.0671 2552 Tcpip - ok
06:59:25.0718 2552 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:59:25.0718 2552 TDPIPE - ok
06:59:25.0906 2552 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:59:25.0937 2552 TDTCP - ok
06:59:26.0031 2552 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:59:26.0031 2552 TermDD - ok
06:59:26.0156 2552 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
06:59:26.0156 2552 TermService - ok
06:59:26.0281 2552 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:59:26.0281 2552 Themes - ok
06:59:26.0859 2552 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
06:59:26.0875 2552 TlntSvr - ok
06:59:27.0031 2552 TosIde - ok
06:59:27.0125 2552 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
06:59:27.0125 2552 TrkWks - ok
06:59:27.0203 2552 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:59:27.0328 2552 Udfs - ok
06:59:27.0359 2552 ultra - ok
06:59:27.0406 2552 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:59:27.0421 2552 Update - ok
06:59:27.0500 2552 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
06:59:27.0562 2552 upnphost - ok
06:59:27.0609 2552 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
06:59:27.0609 2552 UPS - ok
06:59:27.0671 2552 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:59:27.0687 2552 usbccgp - ok
06:59:27.0765 2552 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:59:27.0812 2552 usbehci - ok
06:59:27.0859 2552 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:59:27.0859 2552 usbhub - ok
06:59:27.0890 2552 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:59:27.0890 2552 usbprint - ok
06:59:27.0921 2552 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:59:27.0921 2552 USBSTOR - ok
06:59:27.0953 2552 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:59:27.0953 2552 usbuhci - ok
06:59:28.0062 2552 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:59:28.0078 2552 VgaSave - ok
06:59:28.0109 2552 ViaIde - ok
06:59:28.0140 2552 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
06:59:28.0156 2552 VolSnap - ok
06:59:28.0187 2552 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
06:59:28.0203 2552 VSS - ok
06:59:28.0453 2552 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
06:59:28.0515 2552 w29n51 - ok
06:59:29.0171 2552 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
06:59:29.0187 2552 W32Time - ok
06:59:29.0296 2552 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:59:29.0328 2552 Wanarp - ok
06:59:29.0328 2552 WDICA - ok
06:59:29.0390 2552 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:59:29.0406 2552 wdmaud - ok
06:59:29.0437 2552 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
06:59:29.0453 2552 WebClient - ok
06:59:29.0515 2552 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
06:59:29.0531 2552 winachsf - ok
06:59:29.0875 2552 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
06:59:29.0921 2552 winmgmt - ok
06:59:30.0203 2552 WLANKEEPER (8880769b9f88918e27f8e7332aa1aa01) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
06:59:30.0203 2552 WLANKEEPER - ok
06:59:30.0281 2552 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
06:59:30.0281 2552 WmdmPmSN - ok
06:59:30.0671 2552 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
06:59:30.0687 2552 Wmi - ok
06:59:31.0031 2552 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:59:31.0031 2552 WmiApSrv - ok
06:59:31.0218 2552 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
06:59:31.0234 2552 WMPNetworkSvc - ok
06:59:31.0312 2552 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
06:59:31.0328 2552 wscsvc - ok
06:59:31.0390 2552 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
06:59:31.0390 2552 wuauserv - ok
06:59:31.0437 2552 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:59:31.0453 2552 WudfPf - ok
06:59:31.0468 2552 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:59:31.0484 2552 WudfRd - ok
06:59:31.0515 2552 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
06:59:31.0515 2552 WudfSvc - ok
06:59:31.0609 2552 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
06:59:31.0625 2552 WZCSVC - ok
06:59:31.0687 2552 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
06:59:31.0687 2552 xmlprov - ok
06:59:31.0718 2552 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
06:59:31.0765 2552 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
06:59:31.0765 2552 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
06:59:31.0765 2552 Boot (0x1200) (3d9a320c64f8310ca9c08b22b5b90661) \Device\Harddisk0\DR0\Partition0
06:59:31.0781 2552 \Device\Harddisk0\DR0\Partition0 - ok
06:59:31.0781 2552 ============================================================
06:59:31.0781 2552 Scan finished
06:59:31.0781 2552 ============================================================
06:59:31.0781 2388 Detected object count: 1
06:59:31.0781 2388 Actual detected object count: 1
07:00:08.0125 2388 \Device\Harddisk0\DR0\# - copied to quarantine
07:00:08.0187 2388 \Device\Harddisk0\DR0 - copied to quarantine
07:00:08.0328 2388 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
07:00:08.0421 2388 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
07:00:08.0484 2388 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
07:00:08.0593 2388 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
07:00:10.0515 2388 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
07:00:10.0671 2388 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
07:00:10.0687 2388 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
07:00:10.0703 2388 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
07:00:10.0781 2388 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
07:00:10.0812 2388 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
07:00:10.0828 2388 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
07:00:10.0843 2388 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
07:00:10.0921 2388 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:00:10.0921 2388 \Device\Harddisk0\DR0 - ok
07:00:10.0937 2388 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
07:00:35.0421 2188 Deinitialize success


Thanks for your help.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Trojan Problems Cleanman.B allowed by MSE

Unread postby t-risk7 » April 16th, 2012, 7:13 am

Here is TDSSKiller log.

The computer wouldn't power down after I hit reboot so I had to use power button to turn it off.
I then rebooted it without logging in. Would that affect TDSSkiller from curing anything?

Here is log.

06:58:20.0703 5568 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
06:58:21.0218 5568 ============================================================
06:58:21.0218 5568 Current date / time: 2012/04/16 06:58:21.0218
06:58:21.0218 5568 SystemInfo:
06:58:21.0218 5568
06:58:21.0218 5568 OS Version: 5.1.2600 ServicePack: 3.0
06:58:21.0218 5568 Product type: Workstation
06:58:21.0218 5568 ComputerName: SILVER_BULLET
06:58:21.0218 5568 UserName: Tad Palmer
06:58:21.0218 5568 Windows directory: C:\WINDOWS
06:58:21.0218 5568 System windows directory: C:\WINDOWS
06:58:21.0218 5568 Processor architecture: Intel x86
06:58:21.0218 5568 Number of processors: 1
06:58:21.0218 5568 Page size: 0x1000
06:58:21.0218 5568 Boot type: Normal boot
06:58:21.0218 5568 ============================================================
06:58:28.0312 5568 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:58:28.0328 5568 \Device\Harddisk0\DR0:
06:58:28.0328 5568 MBR used
06:58:28.0328 5568 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
06:58:28.0343 5568 Initialize success
06:58:28.0343 5568 ============================================================
06:58:58.0015 2552 ============================================================
06:58:58.0015 2552 Scan started
06:58:58.0015 2552 Mode: Manual;
06:58:58.0015 2552 ============================================================
06:59:04.0765 2552 Abiosdsk - ok
06:59:04.0765 2552 abp480n5 - ok
06:59:04.0812 2552 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:59:04.0812 2552 ACPI - ok
06:59:04.0859 2552 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:59:04.0859 2552 ACPIEC - ok
06:59:04.0875 2552 adpu160m - ok
06:59:04.0921 2552 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:59:04.0921 2552 aec - ok
06:59:05.0062 2552 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
06:59:05.0078 2552 AegisP - ok
06:59:05.0140 2552 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:59:05.0140 2552 AFD - ok
06:59:05.0156 2552 Aha154x - ok
06:59:05.0171 2552 aic78u2 - ok
06:59:05.0187 2552 aic78xx - ok
06:59:05.0250 2552 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
06:59:05.0250 2552 Alerter - ok
06:59:05.0281 2552 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
06:59:05.0296 2552 ALG - ok
06:59:05.0328 2552 AliIde - ok
06:59:05.0343 2552 amsint - ok
06:59:05.0390 2552 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
06:59:05.0390 2552 AppMgmt - ok
06:59:05.0531 2552 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:59:05.0531 2552 Arp1394 - ok
06:59:05.0546 2552 asc - ok
06:59:05.0562 2552 asc3350p - ok
06:59:05.0578 2552 asc3550 - ok
06:59:05.0703 2552 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
06:59:05.0718 2552 aspnet_state - ok
06:59:05.0765 2552 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:59:05.0812 2552 AsyncMac - ok
06:59:05.0859 2552 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:59:05.0859 2552 atapi - ok
06:59:05.0906 2552 Atdisk - ok
06:59:05.0984 2552 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe
06:59:05.0984 2552 Ati HotKey Poller - ok
06:59:06.0046 2552 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
06:59:06.0062 2552 ati2mtag - ok
06:59:06.0265 2552 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:59:06.0296 2552 Atmarpc - ok
06:59:06.0328 2552 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
06:59:06.0328 2552 AudioSrv - ok
06:59:06.0359 2552 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:59:06.0359 2552 audstub - ok
06:59:06.0390 2552 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
06:59:06.0390 2552 bcm4sbxp - ok
06:59:06.0421 2552 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:59:06.0453 2552 Beep - ok
06:59:06.0531 2552 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
06:59:06.0562 2552 BITS - ok
06:59:06.0609 2552 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
06:59:06.0609 2552 Browser - ok
06:59:06.0718 2552 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
06:59:06.0734 2552 BrScnUsb - ok
06:59:06.0906 2552 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
06:59:06.0906 2552 BrYNSvc - ok
06:59:06.0953 2552 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:59:06.0953 2552 cbidf2k - ok
06:59:06.0968 2552 cd20xrnt - ok
06:59:07.0000 2552 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:59:07.0000 2552 Cdaudio - ok
06:59:07.0031 2552 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:59:07.0031 2552 Cdfs - ok
06:59:07.0062 2552 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:59:07.0062 2552 Cdrom - ok
06:59:07.0093 2552 Changer - ok
06:59:07.0093 2552 CiSvc - ok
06:59:07.0125 2552 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
06:59:07.0140 2552 ClipSrv - ok
06:59:07.0250 2552 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:59:07.0250 2552 clr_optimization_v2.0.50727_32 - ok
06:59:07.0375 2552 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
06:59:07.0375 2552 CmBatt - ok
06:59:07.0390 2552 CmdIde - ok
06:59:07.0406 2552 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
06:59:07.0406 2552 Compbatt - ok
06:59:07.0421 2552 COMSysApp - ok
06:59:07.0437 2552 Cpqarray - ok
06:59:07.0515 2552 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
06:59:07.0515 2552 CryptSvc - ok
06:59:07.0546 2552 dac2w2k - ok
06:59:07.0546 2552 dac960nt - ok
06:59:07.0609 2552 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
06:59:07.0625 2552 DcomLaunch - ok
06:59:07.0656 2552 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
06:59:07.0671 2552 Dhcp - ok
06:59:07.0687 2552 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:59:07.0703 2552 Disk - ok
06:59:07.0718 2552 dmadmin - ok
06:59:07.0921 2552 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
06:59:07.0937 2552 dmboot - ok
06:59:08.0062 2552 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
06:59:08.0062 2552 dmio - ok
06:59:08.0093 2552 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:59:08.0093 2552 dmload - ok
06:59:08.0109 2552 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
06:59:08.0109 2552 dmserver - ok
06:59:08.0156 2552 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:59:08.0171 2552 DMusic - ok
06:59:08.0203 2552 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
06:59:08.0203 2552 Dnscache - ok
06:59:08.0265 2552 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
06:59:08.0265 2552 Dot3svc - ok
06:59:08.0281 2552 dpti2o - ok
06:59:08.0296 2552 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:59:08.0296 2552 drmkaud - ok
06:59:08.0312 2552 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
06:59:08.0312 2552 EapHost - ok
06:59:08.0328 2552 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
06:59:08.0328 2552 ERSvc - ok
06:59:08.0375 2552 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
06:59:08.0375 2552 Eventlog - ok
06:59:08.0421 2552 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
06:59:08.0437 2552 EventSystem - ok
06:59:08.0562 2552 EvtEng (4c6fa3fd55087b7c35707068723a1710) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
06:59:08.0562 2552 EvtEng - ok
06:59:08.0687 2552 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:59:08.0687 2552 Fastfat - ok
06:59:08.0781 2552 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:59:08.0781 2552 FastUserSwitchingCompatibility - ok
06:59:08.0968 2552 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
06:59:08.0968 2552 Fdc - ok
06:59:09.0015 2552 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
06:59:09.0015 2552 Fips - ok
06:59:09.0359 2552 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
06:59:09.0359 2552 Flpydisk - ok
06:59:09.0406 2552 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
06:59:09.0406 2552 FltMgr - ok
06:59:09.0562 2552 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
06:59:09.0562 2552 FontCache3.0.0.0 - ok
06:59:09.0671 2552 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:59:09.0671 2552 Fs_Rec - ok
06:59:09.0687 2552 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:59:09.0687 2552 Ftdisk - ok
06:59:09.0734 2552 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:59:09.0750 2552 Gpc - ok
06:59:09.0890 2552 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
06:59:09.0921 2552 helpsvc - ok
06:59:09.0984 2552 HidServ - ok
06:59:10.0062 2552 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
06:59:10.0078 2552 hkmsvc - ok
06:59:10.0140 2552 hpn - ok
06:59:10.0265 2552 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
06:59:10.0265 2552 HSFHWICH - ok
06:59:10.0593 2552 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
06:59:10.0609 2552 HSF_DPV - ok
06:59:10.0750 2552 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:59:10.0796 2552 HTTP - ok
06:59:11.0187 2552 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
06:59:11.0203 2552 HTTPFilter - ok
06:59:11.0218 2552 i2omgmt - ok
06:59:11.0234 2552 i2omp - ok
06:59:11.0296 2552 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:59:11.0296 2552 i8042prt - ok
06:59:11.0500 2552 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:59:11.0546 2552 idsvc - ok
06:59:11.0671 2552 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:59:11.0687 2552 Imapi - ok
06:59:11.0828 2552 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
06:59:11.0828 2552 ImapiService - ok
06:59:11.0859 2552 ini910u - ok
06:59:11.0937 2552 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
06:59:11.0937 2552 IntelIde - ok
06:59:12.0015 2552 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:59:12.0015 2552 intelppm - ok
06:59:12.0406 2552 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
06:59:12.0406 2552 Ip6Fw - ok
06:59:12.0453 2552 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:59:12.0468 2552 IpFilterDriver - ok
06:59:12.0484 2552 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:59:12.0484 2552 IpInIp - ok
06:59:12.0515 2552 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:59:12.0515 2552 IpNat - ok
06:59:12.0640 2552 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:59:12.0687 2552 IPSec - ok
06:59:12.0921 2552 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:59:12.0921 2552 IRENUM - ok
06:59:12.0968 2552 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:59:12.0968 2552 isapnp - ok
06:59:13.0015 2552 JavaQuickStarterService (973db7ac74c554c546f8b0b7b98fb855) C:\Program Files\Java\jre7\bin\jqs.exe
06:59:13.0015 2552 JavaQuickStarterService - ok
06:59:13.0046 2552 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:59:13.0046 2552 Kbdclass - ok
06:59:13.0093 2552 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:59:13.0093 2552 kmixer - ok
06:59:13.0187 2552 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:59:13.0187 2552 KSecDD - ok
06:59:13.0234 2552 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
06:59:13.0234 2552 LanmanServer - ok
06:59:13.0296 2552 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
06:59:13.0296 2552 lanmanworkstation - ok
06:59:13.0312 2552 lbrtfdc - ok
06:59:13.0359 2552 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
06:59:13.0359 2552 LmHosts - ok
06:59:13.0406 2552 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
06:59:13.0406 2552 mdmxsdk - ok
06:59:13.0437 2552 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
06:59:13.0437 2552 Messenger - ok
06:59:13.0484 2552 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:59:13.0484 2552 mnmdd - ok
06:59:13.0515 2552 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
06:59:13.0531 2552 mnmsrvc - ok
06:59:13.0546 2552 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
06:59:13.0562 2552 Modem - ok
06:59:13.0609 2552 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:59:13.0609 2552 Mouclass - ok
06:59:13.0671 2552 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:59:13.0671 2552 MountMgr - ok
06:59:13.0703 2552 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
06:59:13.0703 2552 MpFilter - ok
06:59:14.0046 2552 MpKsl527326fc (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5324EF88-A72E-4101-A25F-602AD818459D}\MpKsl527326fc.sys
06:59:14.0046 2552 MpKsl527326fc - ok
06:59:14.0140 2552 mraid35x - ok
06:59:14.0218 2552 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:59:14.0218 2552 MRxDAV - ok
06:59:14.0281 2552 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:59:14.0296 2552 MRxSmb - ok
06:59:14.0343 2552 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
06:59:14.0343 2552 MSDTC - ok
06:59:14.0359 2552 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:59:14.0359 2552 Msfs - ok
06:59:14.0375 2552 MSIServer - ok
06:59:14.0500 2552 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:59:14.0500 2552 MSKSSRV - ok
06:59:14.0546 2552 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
06:59:14.0546 2552 MsMpSvc - ok
06:59:14.0640 2552 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:59:14.0671 2552 MSPCLOCK - ok
06:59:14.0953 2552 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:59:14.0984 2552 MSPQM - ok
06:59:15.0031 2552 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:59:15.0031 2552 mssmbios - ok
06:59:15.0109 2552 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:59:15.0109 2552 Mup - ok
06:59:15.0265 2552 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
06:59:15.0265 2552 napagent - ok
06:59:15.0906 2552 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:59:15.0937 2552 NDIS - ok
06:59:16.0062 2552 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:59:16.0062 2552 NdisTapi - ok
06:59:16.0218 2552 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:59:16.0218 2552 Ndisuio - ok
06:59:16.0390 2552 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:59:16.0390 2552 NdisWan - ok
06:59:16.0437 2552 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:59:16.0437 2552 NDProxy - ok
06:59:16.0468 2552 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:59:16.0468 2552 NetBIOS - ok
06:59:16.0546 2552 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:59:16.0546 2552 NetBT - ok
06:59:16.0593 2552 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
06:59:16.0609 2552 NetDDE - ok
06:59:16.0609 2552 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
06:59:16.0609 2552 NetDDEdsdm - ok
06:59:16.0671 2552 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:59:16.0671 2552 Netlogon - ok
06:59:16.0828 2552 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
06:59:16.0875 2552 Netman - ok
06:59:17.0125 2552 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:59:17.0125 2552 NetTcpPortSharing - ok
06:59:17.0171 2552 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:59:17.0171 2552 NIC1394 - ok
06:59:17.0250 2552 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
06:59:17.0250 2552 Nla - ok
06:59:17.0281 2552 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:59:17.0312 2552 Npfs - ok
06:59:17.0359 2552 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:59:17.0375 2552 Ntfs - ok
06:59:17.0437 2552 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:59:17.0437 2552 NtLmSsp - ok
06:59:17.0531 2552 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
06:59:17.0562 2552 NtmsSvc - ok
06:59:17.0609 2552 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:59:17.0609 2552 Null - ok
06:59:17.0703 2552 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:59:17.0703 2552 NwlnkFlt - ok
06:59:17.0765 2552 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:59:17.0765 2552 NwlnkFwd - ok
06:59:17.0875 2552 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:59:17.0937 2552 ohci1394 - ok
06:59:18.0453 2552 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
06:59:18.0468 2552 Parport - ok
06:59:18.0562 2552 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:59:18.0562 2552 PartMgr - ok
06:59:18.0625 2552 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:59:18.0625 2552 ParVdm - ok
06:59:18.0687 2552 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
06:59:18.0687 2552 PCI - ok
06:59:19.0078 2552 PCIDump - ok
06:59:19.0140 2552 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
06:59:19.0140 2552 PCIIde - ok
06:59:19.0171 2552 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
06:59:19.0171 2552 Pcmcia - ok
06:59:19.0187 2552 PDCOMP - ok
06:59:19.0203 2552 PDFRAME - ok
06:59:19.0203 2552 PDRELI - ok
06:59:19.0218 2552 PDRFRAME - ok
06:59:19.0234 2552 perc2 - ok
06:59:19.0250 2552 perc2hib - ok
06:59:19.0312 2552 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
06:59:19.0312 2552 PlugPlay - ok
06:59:19.0328 2552 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:59:19.0343 2552 PolicyAgent - ok
06:59:19.0406 2552 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:59:19.0406 2552 PptpMiniport - ok
06:59:19.0437 2552 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:59:19.0437 2552 ProtectedStorage - ok
06:59:19.0500 2552 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:59:19.0500 2552 Ptilink - ok
06:59:19.0656 2552 QBCFMonitorService (c6df3ff18d6acb913c78c865dded17d3) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
06:59:19.0656 2552 QBCFMonitorService - ok
06:59:19.0734 2552 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
06:59:19.0734 2552 QBFCService - ok
06:59:19.0890 2552 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
06:59:19.0906 2552 QBVSS - ok
06:59:20.0265 2552 ql1080 - ok
06:59:20.0281 2552 Ql10wnt - ok
06:59:20.0296 2552 ql12160 - ok
06:59:20.0312 2552 ql1240 - ok
06:59:20.0328 2552 ql1280 - ok
06:59:20.0359 2552 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:59:20.0359 2552 RasAcd - ok
06:59:20.0421 2552 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
06:59:20.0437 2552 RasAuto - ok
06:59:20.0468 2552 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:59:20.0500 2552 Rasl2tp - ok
06:59:20.0531 2552 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
06:59:20.0531 2552 RasMan - ok
06:59:20.0562 2552 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:59:20.0562 2552 RasPppoe - ok
06:59:20.0578 2552 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:59:20.0578 2552 Raspti - ok
06:59:20.0609 2552 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:59:20.0609 2552 Rdbss - ok
06:59:20.0625 2552 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:59:20.0625 2552 RDPCDD - ok
06:59:20.0656 2552 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:59:20.0656 2552 rdpdr - ok
06:59:20.0781 2552 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
06:59:20.0781 2552 RDPWD - ok
06:59:20.0828 2552 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
06:59:20.0843 2552 RDSessMgr - ok
06:59:21.0468 2552 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:59:21.0468 2552 redbook - ok
06:59:21.0640 2552 RegSrvc (8ac155995f5d10fc0d3ad949a1a68075) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
06:59:21.0656 2552 RegSrvc - ok
06:59:21.0687 2552 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
06:59:21.0687 2552 RemoteAccess - ok
06:59:21.0796 2552 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
06:59:22.0203 2552 RemoteRegistry - ok
06:59:22.0296 2552 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
06:59:22.0296 2552 RpcLocator - ok
06:59:22.0343 2552 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
06:59:22.0359 2552 RpcSs - ok
06:59:22.0390 2552 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
06:59:22.0390 2552 RSVP - ok
06:59:22.0500 2552 S24EventMonitor (131d50f081d2e29ebd1365b21f6b9736) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
06:59:22.0515 2552 S24EventMonitor - ok
06:59:22.0562 2552 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
06:59:22.0578 2552 s24trans - ok
06:59:22.0687 2552 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:59:22.0687 2552 SamSs - ok
06:59:22.0750 2552 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
06:59:22.0750 2552 SCardSvr - ok
06:59:22.0937 2552 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
06:59:22.0968 2552 Schedule - ok
06:59:23.0109 2552 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
06:59:23.0109 2552 sdbus - ok
06:59:23.0546 2552 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:59:23.0546 2552 Secdrv - ok
06:59:23.0593 2552 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
06:59:23.0593 2552 seclogon - ok
06:59:23.0656 2552 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
06:59:23.0656 2552 SENS - ok
06:59:23.0703 2552 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
06:59:23.0718 2552 Serial - ok
06:59:23.0812 2552 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:59:23.0843 2552 Sfloppy - ok
06:59:23.0937 2552 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
06:59:23.0953 2552 SharedAccess - ok
06:59:24.0109 2552 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:59:24.0109 2552 ShellHWDetection - ok
06:59:24.0125 2552 Simbad - ok
06:59:24.0156 2552 Sparrow - ok
06:59:24.0234 2552 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:59:24.0234 2552 splitter - ok
06:59:24.0359 2552 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
06:59:24.0359 2552 Spooler - ok
06:59:24.0609 2552 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:59:24.0609 2552 Sr - ok
06:59:24.0640 2552 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
06:59:24.0640 2552 srservice - ok
06:59:24.0703 2552 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:59:24.0718 2552 Srv - ok
06:59:24.0875 2552 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
06:59:24.0890 2552 SSDPSRV - ok
06:59:25.0078 2552 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
06:59:25.0093 2552 STAC97 - ok
06:59:25.0203 2552 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
06:59:25.0218 2552 stisvc - ok
06:59:25.0281 2552 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:59:25.0281 2552 swenum - ok
06:59:25.0343 2552 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:59:25.0343 2552 swmidi - ok
06:59:25.0359 2552 SwPrv - ok
06:59:25.0375 2552 symc810 - ok
06:59:25.0406 2552 symc8xx - ok
06:59:25.0421 2552 sym_hi - ok
06:59:25.0437 2552 sym_u3 - ok
06:59:25.0500 2552 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:59:25.0500 2552 sysaudio - ok
06:59:25.0546 2552 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
06:59:25.0546 2552 SysmonLog - ok
06:59:25.0593 2552 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
06:59:25.0609 2552 TapiSrv - ok
06:59:25.0671 2552 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:59:25.0671 2552 Tcpip - ok
06:59:25.0718 2552 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:59:25.0718 2552 TDPIPE - ok
06:59:25.0906 2552 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:59:25.0937 2552 TDTCP - ok
06:59:26.0031 2552 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:59:26.0031 2552 TermDD - ok
06:59:26.0156 2552 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
06:59:26.0156 2552 TermService - ok
06:59:26.0281 2552 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:59:26.0281 2552 Themes - ok
06:59:26.0859 2552 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
06:59:26.0875 2552 TlntSvr - ok
06:59:27.0031 2552 TosIde - ok
06:59:27.0125 2552 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
06:59:27.0125 2552 TrkWks - ok
06:59:27.0203 2552 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:59:27.0328 2552 Udfs - ok
06:59:27.0359 2552 ultra - ok
06:59:27.0406 2552 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:59:27.0421 2552 Update - ok
06:59:27.0500 2552 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
06:59:27.0562 2552 upnphost - ok
06:59:27.0609 2552 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
06:59:27.0609 2552 UPS - ok
06:59:27.0671 2552 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:59:27.0687 2552 usbccgp - ok
06:59:27.0765 2552 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:59:27.0812 2552 usbehci - ok
06:59:27.0859 2552 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:59:27.0859 2552 usbhub - ok
06:59:27.0890 2552 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:59:27.0890 2552 usbprint - ok
06:59:27.0921 2552 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:59:27.0921 2552 USBSTOR - ok
06:59:27.0953 2552 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:59:27.0953 2552 usbuhci - ok
06:59:28.0062 2552 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:59:28.0078 2552 VgaSave - ok
06:59:28.0109 2552 ViaIde - ok
06:59:28.0140 2552 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
06:59:28.0156 2552 VolSnap - ok
06:59:28.0187 2552 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
06:59:28.0203 2552 VSS - ok
06:59:28.0453 2552 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
06:59:28.0515 2552 w29n51 - ok
06:59:29.0171 2552 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
06:59:29.0187 2552 W32Time - ok
06:59:29.0296 2552 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:59:29.0328 2552 Wanarp - ok
06:59:29.0328 2552 WDICA - ok
06:59:29.0390 2552 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:59:29.0406 2552 wdmaud - ok
06:59:29.0437 2552 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
06:59:29.0453 2552 WebClient - ok
06:59:29.0515 2552 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
06:59:29.0531 2552 winachsf - ok
06:59:29.0875 2552 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
06:59:29.0921 2552 winmgmt - ok
06:59:30.0203 2552 WLANKEEPER (8880769b9f88918e27f8e7332aa1aa01) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
06:59:30.0203 2552 WLANKEEPER - ok
06:59:30.0281 2552 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
06:59:30.0281 2552 WmdmPmSN - ok
06:59:30.0671 2552 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
06:59:30.0687 2552 Wmi - ok
06:59:31.0031 2552 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:59:31.0031 2552 WmiApSrv - ok
06:59:31.0218 2552 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
06:59:31.0234 2552 WMPNetworkSvc - ok
06:59:31.0312 2552 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
06:59:31.0328 2552 wscsvc - ok
06:59:31.0390 2552 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
06:59:31.0390 2552 wuauserv - ok
06:59:31.0437 2552 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:59:31.0453 2552 WudfPf - ok
06:59:31.0468 2552 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:59:31.0484 2552 WudfRd - ok
06:59:31.0515 2552 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
06:59:31.0515 2552 WudfSvc - ok
06:59:31.0609 2552 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
06:59:31.0625 2552 WZCSVC - ok
06:59:31.0687 2552 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
06:59:31.0687 2552 xmlprov - ok
06:59:31.0718 2552 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
06:59:31.0765 2552 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
06:59:31.0765 2552 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
06:59:31.0765 2552 Boot (0x1200) (3d9a320c64f8310ca9c08b22b5b90661) \Device\Harddisk0\DR0\Partition0
06:59:31.0781 2552 \Device\Harddisk0\DR0\Partition0 - ok
06:59:31.0781 2552 ============================================================
06:59:31.0781 2552 Scan finished
06:59:31.0781 2552 ============================================================
06:59:31.0781 2388 Detected object count: 1
06:59:31.0781 2388 Actual detected object count: 1
07:00:08.0125 2388 \Device\Harddisk0\DR0\# - copied to quarantine
07:00:08.0187 2388 \Device\Harddisk0\DR0 - copied to quarantine
07:00:08.0328 2388 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
07:00:08.0421 2388 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
07:00:08.0484 2388 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
07:00:08.0593 2388 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
07:00:10.0515 2388 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
07:00:10.0671 2388 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
07:00:10.0687 2388 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
07:00:10.0703 2388 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
07:00:10.0781 2388 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
07:00:10.0812 2388 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
07:00:10.0828 2388 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
07:00:10.0843 2388 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
07:00:10.0921 2388 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
07:00:10.0921 2388 \Device\Harddisk0\DR0 - ok
07:00:10.0937 2388 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
07:00:35.0421 2188 Deinitialize success


Thanks for your help.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Trojan Problems Cleanman.B allowed by MSE

Unread postby deltalima » April 16th, 2012, 7:28 am

Hi t-risk7,

I then rebooted it without logging in. Would that affect TDSSkiller from curing anything?


It should be OK, but we will check.

Please run TDSSKiller for a second time. Please post the log (it can be found in C:\ and identified by the time and date).

Next

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Trojan Problems Cleanman.B allowed by MSE

Unread postby t-risk7 » April 16th, 2012, 5:34 pm

Here is tdsskiller log:

17:29:35.0093 3988 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
17:29:35.0484 3988 ============================================================
17:29:35.0484 3988 Current date / time: 2012/04/16 17:29:35.0484
17:29:35.0484 3988 SystemInfo:
17:29:35.0484 3988
17:29:35.0484 3988 OS Version: 5.1.2600 ServicePack: 3.0
17:29:35.0484 3988 Product type: Workstation
17:29:35.0484 3988 ComputerName: SILVER_BULLET
17:29:35.0484 3988 UserName: Tad Palmer
17:29:35.0484 3988 Windows directory: C:\WINDOWS
17:29:35.0484 3988 System windows directory: C:\WINDOWS
17:29:35.0484 3988 Processor architecture: Intel x86
17:29:35.0484 3988 Number of processors: 1
17:29:35.0484 3988 Page size: 0x1000
17:29:35.0484 3988 Boot type: Normal boot
17:29:35.0484 3988 ============================================================
17:29:38.0468 3988 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:29:38.0468 3988 \Device\Harddisk0\DR0:
17:29:38.0468 3988 MBR used
17:29:38.0468 3988 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
17:29:38.0750 3988 Initialize success
17:29:38.0750 3988 ============================================================
17:29:42.0750 2840 ============================================================
17:29:42.0750 2840 Scan started
17:29:42.0750 2840 Mode: Manual;
17:29:42.0750 2840 ============================================================
17:29:44.0031 2840 Abiosdsk - ok
17:29:44.0046 2840 abp480n5 - ok
17:29:44.0093 2840 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:29:44.0093 2840 ACPI - ok
17:29:44.0156 2840 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:29:44.0156 2840 ACPIEC - ok
17:29:44.0171 2840 adpu160m - ok
17:29:44.0218 2840 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:29:44.0218 2840 aec - ok
17:29:44.0281 2840 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:29:44.0328 2840 AegisP - ok
17:29:44.0390 2840 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:29:44.0421 2840 AFD - ok
17:29:44.0468 2840 Aha154x - ok
17:29:44.0500 2840 aic78u2 - ok
17:29:44.0531 2840 aic78xx - ok
17:29:44.0640 2840 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:29:44.0671 2840 Alerter - ok
17:29:44.0687 2840 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:29:44.0687 2840 ALG - ok
17:29:44.0734 2840 AliIde - ok
17:29:44.0765 2840 amsint - ok
17:29:44.0812 2840 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:29:44.0828 2840 AppMgmt - ok
17:29:44.0859 2840 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:29:44.0875 2840 Arp1394 - ok
17:29:44.0875 2840 asc - ok
17:29:44.0921 2840 asc3350p - ok
17:29:44.0937 2840 asc3550 - ok
17:29:45.0109 2840 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:29:45.0171 2840 aspnet_state - ok
17:29:45.0359 2840 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:29:45.0375 2840 AsyncMac - ok
17:29:45.0421 2840 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:29:45.0421 2840 atapi - ok
17:29:45.0453 2840 Atdisk - ok
17:29:45.0515 2840 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe
17:29:45.0515 2840 Ati HotKey Poller - ok
17:29:45.0750 2840 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:29:45.0765 2840 ati2mtag - ok
17:29:45.0921 2840 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:29:45.0953 2840 Atmarpc - ok
17:29:46.0000 2840 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:29:46.0000 2840 AudioSrv - ok
17:29:46.0062 2840 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:29:46.0078 2840 audstub - ok
17:29:46.0234 2840 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
17:29:46.0250 2840 bcm4sbxp - ok
17:29:46.0390 2840 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:29:46.0421 2840 Beep - ok
17:29:46.0578 2840 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:29:46.0625 2840 BITS - ok
17:29:46.0703 2840 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:29:46.0718 2840 Browser - ok
17:29:47.0031 2840 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
17:29:47.0031 2840 BrScnUsb - ok
17:29:47.0156 2840 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
17:29:47.0156 2840 BrYNSvc - ok
17:29:47.0390 2840 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:29:47.0390 2840 cbidf2k - ok
17:29:47.0453 2840 cd20xrnt - ok
17:29:47.0484 2840 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:29:47.0484 2840 Cdaudio - ok
17:29:47.0531 2840 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:29:47.0531 2840 Cdfs - ok
17:29:47.0562 2840 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:29:47.0562 2840 Cdrom - ok
17:29:47.0578 2840 Changer - ok
17:29:47.0593 2840 CiSvc - ok
17:29:47.0625 2840 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:29:47.0625 2840 ClipSrv - ok
17:29:47.0687 2840 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:29:47.0687 2840 clr_optimization_v2.0.50727_32 - ok
17:29:47.0765 2840 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:29:47.0765 2840 CmBatt - ok
17:29:47.0781 2840 CmdIde - ok
17:29:47.0796 2840 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:29:47.0796 2840 Compbatt - ok
17:29:47.0812 2840 COMSysApp - ok
17:29:47.0828 2840 Cpqarray - ok
17:29:47.0843 2840 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:29:47.0843 2840 CryptSvc - ok
17:29:47.0859 2840 dac2w2k - ok
17:29:47.0875 2840 dac960nt - ok
17:29:47.0921 2840 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:29:47.0937 2840 DcomLaunch - ok
17:29:48.0000 2840 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:29:48.0000 2840 Dhcp - ok
17:29:48.0046 2840 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:29:48.0046 2840 Disk - ok
17:29:48.0062 2840 dmadmin - ok
17:29:48.0156 2840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:29:48.0203 2840 dmboot - ok
17:29:48.0406 2840 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:29:48.0406 2840 dmio - ok
17:29:48.0437 2840 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:29:48.0437 2840 dmload - ok
17:29:48.0468 2840 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:29:48.0468 2840 dmserver - ok
17:29:48.0515 2840 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:29:48.0515 2840 DMusic - ok
17:29:48.0562 2840 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:29:48.0562 2840 Dnscache - ok
17:29:48.0625 2840 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:29:48.0625 2840 Dot3svc - ok
17:29:48.0640 2840 dpti2o - ok
17:29:48.0671 2840 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:29:48.0671 2840 drmkaud - ok
17:29:48.0718 2840 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:29:48.0718 2840 EapHost - ok
17:29:48.0781 2840 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:29:48.0781 2840 ERSvc - ok
17:29:48.0875 2840 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:29:48.0875 2840 Eventlog - ok
17:29:48.0937 2840 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:29:48.0937 2840 EventSystem - ok
17:29:49.0031 2840 EvtEng (4c6fa3fd55087b7c35707068723a1710) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
17:29:49.0171 2840 EvtEng - ok
17:29:49.0296 2840 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:29:49.0296 2840 Fastfat - ok
17:29:49.0515 2840 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:29:49.0515 2840 FastUserSwitchingCompatibility - ok
17:29:49.0546 2840 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:29:49.0546 2840 Fdc - ok
17:29:49.0562 2840 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:29:49.0562 2840 Fips - ok
17:29:49.0593 2840 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:29:49.0593 2840 Flpydisk - ok
17:29:49.0656 2840 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:29:49.0671 2840 FltMgr - ok
17:29:49.0781 2840 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:29:49.0796 2840 FontCache3.0.0.0 - ok
17:29:49.0859 2840 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:29:49.0859 2840 Fs_Rec - ok
17:29:49.0890 2840 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:29:49.0890 2840 Ftdisk - ok
17:29:49.0953 2840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:29:49.0953 2840 Gpc - ok
17:29:50.0015 2840 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:29:50.0015 2840 helpsvc - ok
17:29:50.0031 2840 HidServ - ok
17:29:50.0078 2840 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:29:50.0078 2840 hkmsvc - ok
17:29:50.0125 2840 hpn - ok
17:29:50.0187 2840 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
17:29:50.0218 2840 HSFHWICH - ok
17:29:50.0328 2840 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
17:29:50.0343 2840 HSF_DPV - ok
17:29:50.0500 2840 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:29:50.0515 2840 HTTP - ok
17:29:50.0640 2840 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:29:50.0671 2840 HTTPFilter - ok
17:29:50.0703 2840 i2omgmt - ok
17:29:50.0703 2840 i2omp - ok
17:29:50.0734 2840 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:29:50.0750 2840 i8042prt - ok
17:29:50.0984 2840 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:29:51.0015 2840 idsvc - ok
17:29:51.0171 2840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:29:51.0187 2840 Imapi - ok
17:29:51.0218 2840 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:29:51.0234 2840 ImapiService - ok
17:29:51.0265 2840 ini910u - ok
17:29:51.0359 2840 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:29:51.0359 2840 IntelIde - ok
17:29:51.0406 2840 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:29:51.0406 2840 intelppm - ok
17:29:51.0437 2840 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:29:51.0437 2840 Ip6Fw - ok
17:29:51.0531 2840 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:29:51.0531 2840 IpFilterDriver - ok
17:29:51.0546 2840 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:29:51.0546 2840 IpInIp - ok
17:29:51.0671 2840 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:29:51.0750 2840 IpNat - ok
17:29:51.0906 2840 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:29:51.0906 2840 IPSec - ok
17:29:51.0953 2840 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:29:51.0968 2840 IRENUM - ok
17:29:52.0031 2840 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:29:52.0031 2840 isapnp - ok
17:29:52.0078 2840 JavaQuickStarterService (973db7ac74c554c546f8b0b7b98fb855) C:\Program Files\Java\jre7\bin\jqs.exe
17:29:52.0093 2840 JavaQuickStarterService - ok
17:29:52.0250 2840 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:29:52.0296 2840 Kbdclass - ok
17:29:52.0609 2840 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:29:52.0640 2840 kmixer - ok
17:29:52.0687 2840 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:29:52.0687 2840 KSecDD - ok
17:29:52.0750 2840 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:29:52.0765 2840 LanmanServer - ok
17:29:52.0796 2840 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:29:52.0812 2840 lanmanworkstation - ok
17:29:52.0828 2840 lbrtfdc - ok
17:29:52.0875 2840 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:29:52.0890 2840 LmHosts - ok
17:29:52.0921 2840 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:29:52.0921 2840 mdmxsdk - ok
17:29:52.0953 2840 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:29:52.0953 2840 Messenger - ok
17:29:52.0984 2840 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:29:53.0000 2840 mnmdd - ok
17:29:53.0031 2840 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:29:53.0031 2840 mnmsrvc - ok
17:29:53.0125 2840 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:29:53.0140 2840 Modem - ok
17:29:53.0171 2840 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:29:53.0203 2840 Mouclass - ok
17:29:53.0234 2840 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:29:53.0265 2840 MountMgr - ok
17:29:53.0312 2840 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:29:53.0328 2840 MpFilter - ok
17:29:53.0593 2840 MpKsl44712918 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5324EF88-A72E-4101-A25F-602AD818459D}\MpKsl44712918.sys
17:29:53.0593 2840 MpKsl44712918 - ok
17:29:53.0625 2840 mraid35x - ok
17:29:53.0703 2840 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:29:53.0734 2840 MRxDAV - ok
17:29:53.0890 2840 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:29:53.0906 2840 MRxSmb - ok
17:29:53.0953 2840 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:29:53.0953 2840 MSDTC - ok
17:29:53.0968 2840 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:29:53.0968 2840 Msfs - ok
17:29:53.0984 2840 MSIServer - ok
17:29:54.0046 2840 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:29:54.0046 2840 MSKSSRV - ok
17:29:54.0125 2840 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
17:29:54.0125 2840 MsMpSvc - ok
17:29:54.0156 2840 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:29:54.0171 2840 MSPCLOCK - ok
17:29:54.0218 2840 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:29:54.0250 2840 MSPQM - ok
17:29:54.0546 2840 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:29:54.0546 2840 mssmbios - ok
17:29:54.0625 2840 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:29:54.0625 2840 Mup - ok
17:29:54.0750 2840 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:29:54.0765 2840 napagent - ok
17:29:54.0828 2840 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:29:54.0828 2840 NDIS - ok
17:29:54.0859 2840 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:29:54.0859 2840 NdisTapi - ok
17:29:54.0921 2840 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:29:54.0921 2840 Ndisuio - ok
17:29:54.0953 2840 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:29:54.0968 2840 NdisWan - ok
17:29:54.0984 2840 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:29:54.0984 2840 NDProxy - ok
17:29:55.0000 2840 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:29:55.0000 2840 NetBIOS - ok
17:29:55.0031 2840 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:29:55.0031 2840 NetBT - ok
17:29:55.0062 2840 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:29:55.0093 2840 NetDDE - ok
17:29:55.0093 2840 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:29:55.0109 2840 NetDDEdsdm - ok
17:29:55.0156 2840 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:29:55.0156 2840 Netlogon - ok
17:29:55.0265 2840 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:29:55.0296 2840 Netman - ok
17:29:55.0515 2840 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:29:55.0625 2840 NetTcpPortSharing - ok
17:29:55.0828 2840 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:29:55.0828 2840 NIC1394 - ok
17:29:55.0875 2840 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:29:55.0890 2840 Nla - ok
17:29:55.0968 2840 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:29:55.0968 2840 Npfs - ok
17:29:56.0031 2840 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:29:56.0046 2840 Ntfs - ok
17:29:56.0140 2840 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:29:56.0140 2840 NtLmSsp - ok
17:29:56.0218 2840 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:29:56.0218 2840 NtmsSvc - ok
17:29:56.0328 2840 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:29:56.0328 2840 Null - ok
17:29:56.0484 2840 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:29:56.0500 2840 NwlnkFlt - ok
17:29:56.0640 2840 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:29:56.0656 2840 NwlnkFwd - ok
17:29:56.0765 2840 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:29:56.0765 2840 ohci1394 - ok
17:29:56.0828 2840 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:29:56.0843 2840 Parport - ok
17:29:56.0875 2840 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:29:56.0890 2840 PartMgr - ok
17:29:56.0921 2840 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:29:56.0921 2840 ParVdm - ok
17:29:56.0968 2840 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:29:56.0968 2840 PCI - ok
17:29:56.0984 2840 PCIDump - ok
17:29:57.0015 2840 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
17:29:57.0015 2840 PCIIde - ok
17:29:57.0031 2840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:29:57.0031 2840 Pcmcia - ok
17:29:57.0046 2840 PDCOMP - ok
17:29:57.0062 2840 PDFRAME - ok
17:29:57.0078 2840 PDRELI - ok
17:29:57.0093 2840 PDRFRAME - ok
17:29:57.0109 2840 perc2 - ok
17:29:57.0125 2840 perc2hib - ok
17:29:57.0203 2840 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:29:57.0203 2840 PlugPlay - ok
17:29:57.0250 2840 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:29:57.0250 2840 PolicyAgent - ok
17:29:57.0328 2840 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:29:57.0328 2840 PptpMiniport - ok
17:29:57.0437 2840 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:29:57.0437 2840 ProtectedStorage - ok
17:29:57.0484 2840 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:29:57.0500 2840 Ptilink - ok
17:29:57.0734 2840 QBCFMonitorService (c6df3ff18d6acb913c78c865dded17d3) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
17:29:57.0734 2840 QBCFMonitorService - ok
17:29:57.0796 2840 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
17:29:57.0796 2840 QBFCService - ok
17:29:57.0906 2840 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
17:29:57.0921 2840 QBVSS - ok
17:29:58.0031 2840 ql1080 - ok
17:29:58.0046 2840 Ql10wnt - ok
17:29:58.0093 2840 ql12160 - ok
17:29:58.0109 2840 ql1240 - ok
17:29:58.0140 2840 ql1280 - ok
17:29:58.0218 2840 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:29:58.0234 2840 RasAcd - ok
17:29:58.0296 2840 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:29:58.0312 2840 RasAuto - ok
17:29:58.0359 2840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:29:58.0375 2840 Rasl2tp - ok
17:29:58.0421 2840 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:29:58.0437 2840 RasMan - ok
17:29:58.0578 2840 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:29:58.0578 2840 RasPppoe - ok
17:29:58.0609 2840 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:29:58.0609 2840 Raspti - ok
17:29:58.0687 2840 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:29:58.0687 2840 Rdbss - ok
17:29:58.0718 2840 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:29:58.0718 2840 RDPCDD - ok
17:29:58.0765 2840 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:29:58.0765 2840 rdpdr - ok
17:29:58.0812 2840 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:29:58.0828 2840 RDPWD - ok
17:29:58.0890 2840 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:29:58.0890 2840 RDSessMgr - ok
17:29:58.0921 2840 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:29:58.0937 2840 redbook - ok
17:29:59.0000 2840 RegSrvc (8ac155995f5d10fc0d3ad949a1a68075) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
17:29:59.0000 2840 RegSrvc - ok
17:29:59.0156 2840 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:29:59.0156 2840 RemoteAccess - ok
17:29:59.0218 2840 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:29:59.0218 2840 RemoteRegistry - ok
17:29:59.0250 2840 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:29:59.0281 2840 RpcLocator - ok
17:29:59.0421 2840 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
17:29:59.0453 2840 RpcSs - ok
17:29:59.0484 2840 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:29:59.0484 2840 RSVP - ok
17:29:59.0796 2840 S24EventMonitor (131d50f081d2e29ebd1365b21f6b9736) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
17:30:00.0109 2840 S24EventMonitor - ok
17:30:00.0421 2840 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
17:30:00.0437 2840 s24trans - ok
17:30:00.0500 2840 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:30:00.0500 2840 SamSs - ok
17:30:00.0578 2840 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:30:00.0578 2840 SCardSvr - ok
17:30:00.0750 2840 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:30:00.0937 2840 Schedule - ok
17:30:01.0156 2840 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:30:01.0187 2840 sdbus - ok
17:30:01.0218 2840 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:30:01.0234 2840 Secdrv - ok
17:30:01.0265 2840 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:30:01.0265 2840 seclogon - ok
17:30:01.0328 2840 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:30:01.0359 2840 SENS - ok
17:30:01.0437 2840 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
17:30:01.0468 2840 Serial - ok
17:30:01.0515 2840 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:30:01.0578 2840 Sfloppy - ok
17:30:01.0750 2840 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:30:01.0750 2840 SharedAccess - ok
17:30:01.0953 2840 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:30:01.0953 2840 ShellHWDetection - ok
17:30:01.0984 2840 Simbad - ok
17:30:02.0000 2840 Sparrow - ok
17:30:02.0031 2840 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:30:02.0031 2840 splitter - ok
17:30:02.0062 2840 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:30:02.0062 2840 Spooler - ok
17:30:02.0109 2840 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:30:02.0125 2840 Sr - ok
17:30:02.0140 2840 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:30:02.0156 2840 srservice - ok
17:30:02.0281 2840 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:30:02.0296 2840 Srv - ok
17:30:02.0578 2840 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:30:02.0578 2840 SSDPSRV - ok
17:30:02.0656 2840 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
17:30:02.0656 2840 STAC97 - ok
17:30:02.0703 2840 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:30:02.0703 2840 stisvc - ok
17:30:02.0750 2840 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:30:02.0750 2840 swenum - ok
17:30:02.0796 2840 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:30:02.0796 2840 swmidi - ok
17:30:02.0812 2840 SwPrv - ok
17:30:02.0828 2840 symc810 - ok
17:30:02.0843 2840 symc8xx - ok
17:30:02.0859 2840 sym_hi - ok
17:30:02.0859 2840 sym_u3 - ok
17:30:02.0890 2840 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:30:02.0890 2840 sysaudio - ok
17:30:02.0937 2840 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:30:02.0953 2840 SysmonLog - ok
17:30:03.0062 2840 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:30:03.0078 2840 TapiSrv - ok
17:30:03.0140 2840 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:30:03.0203 2840 Tcpip - ok
17:30:03.0265 2840 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:30:03.0281 2840 TDPIPE - ok
17:30:03.0343 2840 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:30:03.0375 2840 TDTCP - ok
17:30:03.0453 2840 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:30:03.0453 2840 TermDD - ok
17:30:03.0500 2840 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:30:03.0500 2840 TermService - ok
17:30:03.0750 2840 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:30:03.0750 2840 Themes - ok
17:30:03.0875 2840 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
17:30:03.0937 2840 TlntSvr - ok
17:30:03.0984 2840 TosIde - ok
17:30:04.0015 2840 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:30:04.0015 2840 TrkWks - ok
17:30:04.0062 2840 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:30:04.0062 2840 Udfs - ok
17:30:04.0078 2840 ultra - ok
17:30:04.0125 2840 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:30:04.0171 2840 Update - ok
17:30:04.0250 2840 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:30:04.0265 2840 upnphost - ok
17:30:04.0343 2840 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:30:04.0390 2840 UPS - ok
17:30:04.0625 2840 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:30:04.0625 2840 usbccgp - ok
17:30:04.0750 2840 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:30:04.0765 2840 usbehci - ok
17:30:04.0968 2840 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:30:05.0015 2840 usbhub - ok
17:30:05.0031 2840 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:30:05.0031 2840 usbprint - ok
17:30:05.0078 2840 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:30:05.0078 2840 USBSTOR - ok
17:30:05.0125 2840 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:30:05.0140 2840 usbuhci - ok
17:30:05.0234 2840 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:30:05.0234 2840 VgaSave - ok
17:30:05.0281 2840 ViaIde - ok
17:30:05.0312 2840 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:30:05.0328 2840 VolSnap - ok
17:30:05.0375 2840 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:30:05.0375 2840 VSS - ok
17:30:05.0828 2840 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
17:30:05.0875 2840 w29n51 - ok
17:30:06.0046 2840 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:30:06.0062 2840 W32Time - ok
17:30:06.0093 2840 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:30:06.0093 2840 Wanarp - ok
17:30:06.0109 2840 WDICA - ok
17:30:06.0171 2840 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:30:06.0203 2840 wdmaud - ok
17:30:06.0234 2840 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:30:06.0250 2840 WebClient - ok
17:30:06.0421 2840 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:30:06.0656 2840 winachsf - ok
17:30:06.0843 2840 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:30:06.0843 2840 winmgmt - ok
17:30:06.0968 2840 WLANKEEPER (8880769b9f88918e27f8e7332aa1aa01) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
17:30:06.0968 2840 WLANKEEPER - ok
17:30:07.0015 2840 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:30:07.0015 2840 WmdmPmSN - ok
17:30:07.0125 2840 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:30:07.0125 2840 Wmi - ok
17:30:07.0265 2840 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:30:07.0312 2840 WmiApSrv - ok
17:30:07.0500 2840 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:30:07.0718 2840 WMPNetworkSvc - ok
17:30:07.0812 2840 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:30:07.0812 2840 wscsvc - ok
17:30:07.0859 2840 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:30:07.0875 2840 wuauserv - ok
17:30:07.0953 2840 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:30:07.0968 2840 WudfPf - ok
17:30:08.0000 2840 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:30:08.0000 2840 WudfRd - ok
17:30:08.0031 2840 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:30:08.0031 2840 WudfSvc - ok
17:30:08.0078 2840 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:30:08.0093 2840 WZCSVC - ok
17:30:08.0171 2840 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:30:08.0187 2840 xmlprov - ok
17:30:08.0218 2840 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
17:30:08.0250 2840 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
17:30:08.0250 2840 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
17:30:08.0265 2840 Boot (0x1200) (3d9a320c64f8310ca9c08b22b5b90661) \Device\Harddisk0\DR0\Partition0
17:30:08.0265 2840 \Device\Harddisk0\DR0\Partition0 - ok
17:30:08.0265 2840 ============================================================
17:30:08.0265 2840 Scan finished
17:30:08.0265 2840 ============================================================
17:30:08.0281 2832 Detected object count: 1
17:30:08.0281 2832 Actual detected object count: 1
17:30:23.0968 2832 \Device\Harddisk0\DR0\# - copied to quarantine
17:30:24.0000 2832 \Device\Harddisk0\DR0 - copied to quarantine
17:30:24.0062 2832 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
17:30:24.0093 2832 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:30:24.0312 2832 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
17:30:24.0703 2832 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
17:30:26.0656 2832 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
17:30:26.0687 2832 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
17:30:26.0687 2832 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
17:30:26.0703 2832 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
17:30:26.0718 2832 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
17:30:26.0734 2832 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
17:30:26.0750 2832 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:30:26.0765 2832 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:30:26.0796 2832 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
17:30:26.0796 2832 \Device\Harddisk0\DR0 - ok
17:30:26.0906 2832 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
17:30:30.0953 1340 Deinitialize success
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Trojan Problems Cleanman.B allowed by MSE

Unread postby t-risk7 » April 16th, 2012, 5:35 pm

OTL logs


OTL log

OTL logfile created on: 4/16/2012 5:39:44 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Tad Palmer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.26% Memory free
3.85 Gb Paging File | 3.47 Gb Available in Paging File | 90.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 24.22 Gb Free Space | 65.01% Space Free | Partition Type: NTFS

Computer Name: SILVER_BULLET | User Name: Tad Palmer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tad Palmer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\WINDOWS\system32\drivers\ABlocker\nw.dll ()
MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\acAuth.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (CiSvc) -- C:\WINDOWS\system32\cisvc.exe File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBVSS) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1547161642-287218729-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1547161642-287218729-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1547161642-287218729-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 0E E0 52 D6 0C CD 01 [binary data]
IE - HKU\S-1-5-21-1547161642-287218729-1417001333-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1547161642-287218729-1417001333-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1547161642-287218729-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Tad Palmer\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Tad Palmer\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/31 11:18:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5DA2580A-8245-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\Tad Palmer\Local Settings\Application Data\{5DA2580A-8245-11E1-826D-B8AC6F996F26}\ [2012/04/09 09:01:52 | 000,000,000 | ---D | M]

[2011/10/11 07:57:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tad Palmer\Application Data\Mozilla\Extensions
[2012/03/31 11:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/16 14:44:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/03/13 00:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Tad Palmer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Tad Palmer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Tad Palmer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/13 22:06:08 | 000,000,882 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AoboBlocker] C:\WINDOWS\system32\drivers\ABlocker\AoboBlocker.exe (Aobo)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-287218729-1417001333-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-287218729-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1547161642-287218729-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1547161642-287218729-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30F4F4BD-9581-485C-8D47-7889B282CA43}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30F4F4BD-9581-485C-8D47-7889B282CA43}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/10 19:34:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/16 17:37:19 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tad Palmer\Desktop\OTL.exe
[2012/04/16 07:00:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/16 06:58:04 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tad Palmer\Desktop\TDSSKiller.exe
[2012/04/16 06:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tad Palmer\Desktop\tdsskiller
[2012/04/14 12:33:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tad Palmer\Local Settings\Application Data\PCHealth
[2012/04/13 23:13:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/04/13 23:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
[2012/04/13 23:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/04/09 09:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tad Palmer\Local Settings\Application Data\{5DA2580A-8245-11E1-826D-B8AC6F996F26}
[2012/03/30 23:36:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\Settings
[2012/03/19 11:37:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tad Palmer\Desktop\fireinvest

========== Files - Modified Within 30 Days ==========

[2012/04/16 17:37:26 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tad Palmer\Desktop\OTL.exe
[2012/04/16 17:36:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/16 17:31:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/16 17:31:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/16 06:57:33 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tad Palmer\Desktop\TDSSKiller.exe
[2012/04/16 06:53:34 | 002,052,353 | ---- | M] () -- C:\Documents and Settings\Tad Palmer\Desktop\tdsskiller.zip
[2012/04/16 06:48:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/14 07:05:05 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Tad Palmer\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/04/13 23:04:05 | 000,433,344 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/13 23:04:05 | 000,068,408 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/31 11:18:02 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Tad Palmer\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012/04/16 06:52:43 | 002,052,353 | ---- | C] () -- C:\Documents and Settings\Tad Palmer\Desktop\tdsskiller.zip
[2012/03/31 11:18:02 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Tad Palmer\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/31 09:41:26 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/15 03:08:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/08 19:00:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/16 20:20:49 | 000,203,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/11 09:10:03 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/10/11 07:50:18 | 000,000,817 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/10/11 07:50:18 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/10/11 07:50:03 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/10/11 07:46:17 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2011/10/11 07:46:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/10/11 07:37:20 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2011/10/10 20:24:29 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/10/10 19:37:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/10 19:30:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/10 15:24:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/10 15:23:16 | 000,135,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

< End of report >

Extras log:

OTL Extras logfile created on: 4/16/2012 5:39:44 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Tad Palmer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.26% Memory free
3.85 Gb Paging File | 3.47 Gb Available in Paging File | 90.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 24.22 Gb Free Space | 65.01% Space Free | Partition Type: NTFS

Computer Name: SILVER_BULLET | User Name: Tad Palmer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1547161642-287218729-1417001333-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe:*:Enabled:QuickBooks 2011 Data Manager -- (Intuit, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{249AF4F3-0353-4C75-988D-019FCD52B4D4}" = OLYMPUS Digital Camera Updater
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{894A754D-8B40-4543-89B3-F30A49A8565A}" = OLYMPUS Viewer 2
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite MFC-J265W
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"AnalogX Script Defender" = AnalogX Script Defender
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader_is1" = Foxit Reader 5.1
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"ProInst" = Intel(R) PROSet/Wireless Software
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/9/2012 12:07:34 PM | Computer Name = SILVER_BULLET | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 4/12/2012 9:10:29 PM | Computer Name = SILVER_BULLET | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/12 21:10:29.484]: [00001884]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5

Error - 4/13/2012 10:47:19 PM | Computer Name = SILVER_BULLET | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/13 22:47:19.843]: [00001884]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5

Error - 4/13/2012 11:04:01 PM | Computer Name = SILVER_BULLET | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 4/13/2012 11:23:59 PM | Computer Name = SILVER_BULLET | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 4/14/2012 7:02:17 AM | Computer Name = SILVER_BULLET | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/14 07:02:16.812]: [00000812]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5

Error - 4/14/2012 7:05:28 AM | Computer Name = SILVER_BULLET | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/14 07:05:28.428]: [00000812]: CUsbScnDev: DeviceIoControl
Illegal response

Error - 4/14/2012 7:16:35 AM | Computer Name = SILVER_BULLET | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.8202.0, P3 1.123.1622.0, P4 1.123.1622.0, P5 exploit_java_cve-2012-0507.d!ldr,
P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 4/14/2012 12:33:20 PM | Computer Name = SILVER_BULLET | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.8202.0, P3 1.123.1769.0, P4 1.123.1769.0, P5 virtool_win32_obfuscator.pn,
P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 4/15/2012 10:21:18 PM | Computer Name = SILVER_BULLET | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 4/13/2012 10:47:20 PM | Computer Name = SILVER_BULLET | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 4/13/2012 11:03:56 PM | Computer Name = SILVER_BULLET | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.123.1622.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 4/13/2012 11:03:56 PM | Computer Name = SILVER_BULLET | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.123.1622.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 4/13/2012 11:03:56 PM | Computer Name = SILVER_BULLET | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.123.1622.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 4/13/2012 11:13:42 PM | Computer Name = SILVER_BULLET | Source = w29n51 | ID = 5031
Description = \DEVICE\{30F4F4BD-9581-485C-8D47-7889B282CA43} : The adapter has detected
an Adapter Check as a result of some unrecoverable hardware of software error.
Please contact your service provider.

Error - 4/13/2012 11:13:42 PM | Computer Name = SILVER_BULLET | Source = w29n51 | ID = 5010
Description = \DEVICE\{30F4F4BD-9581-485C-8D47-7889B282CA43} : The adapter has returned
an invalid value to the driver.

Error - 4/13/2012 11:23:57 PM | Computer Name = SILVER_BULLET | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.123.1622.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 4/14/2012 12:19:25 PM | Computer Name = SILVER_BULLET | Source = Sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 4/14/2012 12:20:53 PM | Computer Name = SILVER_BULLET | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 4/15/2012 10:21:15 PM | Computer Name = SILVER_BULLET | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.123.1769.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.


< End of report >
Last edited by t-risk7 on April 16th, 2012, 5:47 pm, edited 1 time in total.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Trojan Problems Cleanman.B allowed by MSE

Unread postby deltalima » April 16th, 2012, 5:40 pm

The TDSSKiller log you posted was from the first run at 16:54:05, please check c:\ for the log from the second run.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Trojan Problems Cleanman.B allowed by MSE

Unread postby t-risk7 » April 16th, 2012, 5:53 pm

tdss log
this is the right one
17:29:35.0093 3988 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
17:29:35.0484 3988 ============================================================
17:29:35.0484 3988 Current date / time: 2012/04/16 17:29:35.0484
17:29:35.0484 3988 SystemInfo:
17:29:35.0484 3988
17:29:35.0484 3988 OS Version: 5.1.2600 ServicePack: 3.0
17:29:35.0484 3988 Product type: Workstation
17:29:35.0484 3988 ComputerName: SILVER_BULLET
17:29:35.0484 3988 UserName: Tad Palmer
17:29:35.0484 3988 Windows directory: C:\WINDOWS
17:29:35.0484 3988 System windows directory: C:\WINDOWS
17:29:35.0484 3988 Processor architecture: Intel x86
17:29:35.0484 3988 Number of processors: 1
17:29:35.0484 3988 Page size: 0x1000
17:29:35.0484 3988 Boot type: Normal boot
17:29:35.0484 3988 ============================================================
17:29:38.0468 3988 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:29:38.0468 3988 \Device\Harddisk0\DR0:
17:29:38.0468 3988 MBR used
17:29:38.0468 3988 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
17:29:38.0750 3988 Initialize success
17:29:38.0750 3988 ============================================================
17:29:42.0750 2840 ============================================================
17:29:42.0750 2840 Scan started
17:29:42.0750 2840 Mode: Manual;
17:29:42.0750 2840 ============================================================
17:29:44.0031 2840 Abiosdsk - ok
17:29:44.0046 2840 abp480n5 - ok
17:29:44.0093 2840 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:29:44.0093 2840 ACPI - ok
17:29:44.0156 2840 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:29:44.0156 2840 ACPIEC - ok
17:29:44.0171 2840 adpu160m - ok
17:29:44.0218 2840 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:29:44.0218 2840 aec - ok
17:29:44.0281 2840 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:29:44.0328 2840 AegisP - ok
17:29:44.0390 2840 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:29:44.0421 2840 AFD - ok
17:29:44.0468 2840 Aha154x - ok
17:29:44.0500 2840 aic78u2 - ok
17:29:44.0531 2840 aic78xx - ok
17:29:44.0640 2840 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:29:44.0671 2840 Alerter - ok
17:29:44.0687 2840 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:29:44.0687 2840 ALG - ok
17:29:44.0734 2840 AliIde - ok
17:29:44.0765 2840 amsint - ok
17:29:44.0812 2840 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:29:44.0828 2840 AppMgmt - ok
17:29:44.0859 2840 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:29:44.0875 2840 Arp1394 - ok
17:29:44.0875 2840 asc - ok
17:29:44.0921 2840 asc3350p - ok
17:29:44.0937 2840 asc3550 - ok
17:29:45.0109 2840 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:29:45.0171 2840 aspnet_state - ok
17:29:45.0359 2840 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:29:45.0375 2840 AsyncMac - ok
17:29:45.0421 2840 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:29:45.0421 2840 atapi - ok
17:29:45.0453 2840 Atdisk - ok
17:29:45.0515 2840 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe
17:29:45.0515 2840 Ati HotKey Poller - ok
17:29:45.0750 2840 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:29:45.0765 2840 ati2mtag - ok
17:29:45.0921 2840 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:29:45.0953 2840 Atmarpc - ok
17:29:46.0000 2840 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:29:46.0000 2840 AudioSrv - ok
17:29:46.0062 2840 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:29:46.0078 2840 audstub - ok
17:29:46.0234 2840 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
17:29:46.0250 2840 bcm4sbxp - ok
17:29:46.0390 2840 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:29:46.0421 2840 Beep - ok
17:29:46.0578 2840 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:29:46.0625 2840 BITS - ok
17:29:46.0703 2840 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:29:46.0718 2840 Browser - ok
17:29:47.0031 2840 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
17:29:47.0031 2840 BrScnUsb - ok
17:29:47.0156 2840 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
17:29:47.0156 2840 BrYNSvc - ok
17:29:47.0390 2840 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:29:47.0390 2840 cbidf2k - ok
17:29:47.0453 2840 cd20xrnt - ok
17:29:47.0484 2840 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:29:47.0484 2840 Cdaudio - ok
17:29:47.0531 2840 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:29:47.0531 2840 Cdfs - ok
17:29:47.0562 2840 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:29:47.0562 2840 Cdrom - ok
17:29:47.0578 2840 Changer - ok
17:29:47.0593 2840 CiSvc - ok
17:29:47.0625 2840 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:29:47.0625 2840 ClipSrv - ok
17:29:47.0687 2840 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:29:47.0687 2840 clr_optimization_v2.0.50727_32 - ok
17:29:47.0765 2840 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:29:47.0765 2840 CmBatt - ok
17:29:47.0781 2840 CmdIde - ok
17:29:47.0796 2840 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:29:47.0796 2840 Compbatt - ok
17:29:47.0812 2840 COMSysApp - ok
17:29:47.0828 2840 Cpqarray - ok
17:29:47.0843 2840 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:29:47.0843 2840 CryptSvc - ok
17:29:47.0859 2840 dac2w2k - ok
17:29:47.0875 2840 dac960nt - ok
17:29:47.0921 2840 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:29:47.0937 2840 DcomLaunch - ok
17:29:48.0000 2840 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:29:48.0000 2840 Dhcp - ok
17:29:48.0046 2840 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:29:48.0046 2840 Disk - ok
17:29:48.0062 2840 dmadmin - ok
17:29:48.0156 2840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:29:48.0203 2840 dmboot - ok
17:29:48.0406 2840 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:29:48.0406 2840 dmio - ok
17:29:48.0437 2840 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:29:48.0437 2840 dmload - ok
17:29:48.0468 2840 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:29:48.0468 2840 dmserver - ok
17:29:48.0515 2840 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:29:48.0515 2840 DMusic - ok
17:29:48.0562 2840 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:29:48.0562 2840 Dnscache - ok
17:29:48.0625 2840 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:29:48.0625 2840 Dot3svc - ok
17:29:48.0640 2840 dpti2o - ok
17:29:48.0671 2840 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:29:48.0671 2840 drmkaud - ok
17:29:48.0718 2840 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:29:48.0718 2840 EapHost - ok
17:29:48.0781 2840 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:29:48.0781 2840 ERSvc - ok
17:29:48.0875 2840 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:29:48.0875 2840 Eventlog - ok
17:29:48.0937 2840 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:29:48.0937 2840 EventSystem - ok
17:29:49.0031 2840 EvtEng (4c6fa3fd55087b7c35707068723a1710) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
17:29:49.0171 2840 EvtEng - ok
17:29:49.0296 2840 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:29:49.0296 2840 Fastfat - ok
17:29:49.0515 2840 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:29:49.0515 2840 FastUserSwitchingCompatibility - ok
17:29:49.0546 2840 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:29:49.0546 2840 Fdc - ok
17:29:49.0562 2840 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:29:49.0562 2840 Fips - ok
17:29:49.0593 2840 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:29:49.0593 2840 Flpydisk - ok
17:29:49.0656 2840 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:29:49.0671 2840 FltMgr - ok
17:29:49.0781 2840 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:29:49.0796 2840 FontCache3.0.0.0 - ok
17:29:49.0859 2840 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:29:49.0859 2840 Fs_Rec - ok
17:29:49.0890 2840 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:29:49.0890 2840 Ftdisk - ok
17:29:49.0953 2840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:29:49.0953 2840 Gpc - ok
17:29:50.0015 2840 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:29:50.0015 2840 helpsvc - ok
17:29:50.0031 2840 HidServ - ok
17:29:50.0078 2840 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:29:50.0078 2840 hkmsvc - ok
17:29:50.0125 2840 hpn - ok
17:29:50.0187 2840 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
17:29:50.0218 2840 HSFHWICH - ok
17:29:50.0328 2840 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
17:29:50.0343 2840 HSF_DPV - ok
17:29:50.0500 2840 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:29:50.0515 2840 HTTP - ok
17:29:50.0640 2840 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:29:50.0671 2840 HTTPFilter - ok
17:29:50.0703 2840 i2omgmt - ok
17:29:50.0703 2840 i2omp - ok
17:29:50.0734 2840 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:29:50.0750 2840 i8042prt - ok
17:29:50.0984 2840 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:29:51.0015 2840 idsvc - ok
17:29:51.0171 2840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:29:51.0187 2840 Imapi - ok
17:29:51.0218 2840 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:29:51.0234 2840 ImapiService - ok
17:29:51.0265 2840 ini910u - ok
17:29:51.0359 2840 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:29:51.0359 2840 IntelIde - ok
17:29:51.0406 2840 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:29:51.0406 2840 intelppm - ok
17:29:51.0437 2840 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:29:51.0437 2840 Ip6Fw - ok
17:29:51.0531 2840 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:29:51.0531 2840 IpFilterDriver - ok
17:29:51.0546 2840 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:29:51.0546 2840 IpInIp - ok
17:29:51.0671 2840 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:29:51.0750 2840 IpNat - ok
17:29:51.0906 2840 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:29:51.0906 2840 IPSec - ok
17:29:51.0953 2840 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:29:51.0968 2840 IRENUM - ok
17:29:52.0031 2840 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:29:52.0031 2840 isapnp - ok
17:29:52.0078 2840 JavaQuickStarterService (973db7ac74c554c546f8b0b7b98fb855) C:\Program Files\Java\jre7\bin\jqs.exe
17:29:52.0093 2840 JavaQuickStarterService - ok
17:29:52.0250 2840 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:29:52.0296 2840 Kbdclass - ok
17:29:52.0609 2840 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:29:52.0640 2840 kmixer - ok
17:29:52.0687 2840 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:29:52.0687 2840 KSecDD - ok
17:29:52.0750 2840 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:29:52.0765 2840 LanmanServer - ok
17:29:52.0796 2840 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:29:52.0812 2840 lanmanworkstation - ok
17:29:52.0828 2840 lbrtfdc - ok
17:29:52.0875 2840 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:29:52.0890 2840 LmHosts - ok
17:29:52.0921 2840 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:29:52.0921 2840 mdmxsdk - ok
17:29:52.0953 2840 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:29:52.0953 2840 Messenger - ok
17:29:52.0984 2840 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:29:53.0000 2840 mnmdd - ok
17:29:53.0031 2840 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:29:53.0031 2840 mnmsrvc - ok
17:29:53.0125 2840 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:29:53.0140 2840 Modem - ok
17:29:53.0171 2840 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:29:53.0203 2840 Mouclass - ok
17:29:53.0234 2840 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:29:53.0265 2840 MountMgr - ok
17:29:53.0312 2840 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:29:53.0328 2840 MpFilter - ok
17:29:53.0593 2840 MpKsl44712918 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5324EF88-A72E-4101-A25F-602AD818459D}\MpKsl44712918.sys
17:29:53.0593 2840 MpKsl44712918 - ok
17:29:53.0625 2840 mraid35x - ok
17:29:53.0703 2840 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:29:53.0734 2840 MRxDAV - ok
17:29:53.0890 2840 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:29:53.0906 2840 MRxSmb - ok
17:29:53.0953 2840 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:29:53.0953 2840 MSDTC - ok
17:29:53.0968 2840 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:29:53.0968 2840 Msfs - ok
17:29:53.0984 2840 MSIServer - ok
17:29:54.0046 2840 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:29:54.0046 2840 MSKSSRV - ok
17:29:54.0125 2840 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
17:29:54.0125 2840 MsMpSvc - ok
17:29:54.0156 2840 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:29:54.0171 2840 MSPCLOCK - ok
17:29:54.0218 2840 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:29:54.0250 2840 MSPQM - ok
17:29:54.0546 2840 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:29:54.0546 2840 mssmbios - ok
17:29:54.0625 2840 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:29:54.0625 2840 Mup - ok
17:29:54.0750 2840 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:29:54.0765 2840 napagent - ok
17:29:54.0828 2840 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:29:54.0828 2840 NDIS - ok
17:29:54.0859 2840 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:29:54.0859 2840 NdisTapi - ok
17:29:54.0921 2840 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:29:54.0921 2840 Ndisuio - ok
17:29:54.0953 2840 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:29:54.0968 2840 NdisWan - ok
17:29:54.0984 2840 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:29:54.0984 2840 NDProxy - ok
17:29:55.0000 2840 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:29:55.0000 2840 NetBIOS - ok
17:29:55.0031 2840 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:29:55.0031 2840 NetBT - ok
17:29:55.0062 2840 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:29:55.0093 2840 NetDDE - ok
17:29:55.0093 2840 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:29:55.0109 2840 NetDDEdsdm - ok
17:29:55.0156 2840 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:29:55.0156 2840 Netlogon - ok
17:29:55.0265 2840 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:29:55.0296 2840 Netman - ok
17:29:55.0515 2840 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:29:55.0625 2840 NetTcpPortSharing - ok
17:29:55.0828 2840 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:29:55.0828 2840 NIC1394 - ok
17:29:55.0875 2840 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:29:55.0890 2840 Nla - ok
17:29:55.0968 2840 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:29:55.0968 2840 Npfs - ok
17:29:56.0031 2840 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:29:56.0046 2840 Ntfs - ok
17:29:56.0140 2840 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:29:56.0140 2840 NtLmSsp - ok
17:29:56.0218 2840 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:29:56.0218 2840 NtmsSvc - ok
17:29:56.0328 2840 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:29:56.0328 2840 Null - ok
17:29:56.0484 2840 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:29:56.0500 2840 NwlnkFlt - ok
17:29:56.0640 2840 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:29:56.0656 2840 NwlnkFwd - ok
17:29:56.0765 2840 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:29:56.0765 2840 ohci1394 - ok
17:29:56.0828 2840 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:29:56.0843 2840 Parport - ok
17:29:56.0875 2840 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:29:56.0890 2840 PartMgr - ok
17:29:56.0921 2840 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:29:56.0921 2840 ParVdm - ok
17:29:56.0968 2840 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:29:56.0968 2840 PCI - ok
17:29:56.0984 2840 PCIDump - ok
17:29:57.0015 2840 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
17:29:57.0015 2840 PCIIde - ok
17:29:57.0031 2840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:29:57.0031 2840 Pcmcia - ok
17:29:57.0046 2840 PDCOMP - ok
17:29:57.0062 2840 PDFRAME - ok
17:29:57.0078 2840 PDRELI - ok
17:29:57.0093 2840 PDRFRAME - ok
17:29:57.0109 2840 perc2 - ok
17:29:57.0125 2840 perc2hib - ok
17:29:57.0203 2840 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:29:57.0203 2840 PlugPlay - ok
17:29:57.0250 2840 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:29:57.0250 2840 PolicyAgent - ok
17:29:57.0328 2840 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:29:57.0328 2840 PptpMiniport - ok
17:29:57.0437 2840 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:29:57.0437 2840 ProtectedStorage - ok
17:29:57.0484 2840 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:29:57.0500 2840 Ptilink - ok
17:29:57.0734 2840 QBCFMonitorService (c6df3ff18d6acb913c78c865dded17d3) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
17:29:57.0734 2840 QBCFMonitorService - ok
17:29:57.0796 2840 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
17:29:57.0796 2840 QBFCService - ok
17:29:57.0906 2840 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
17:29:57.0921 2840 QBVSS - ok
17:29:58.0031 2840 ql1080 - ok
17:29:58.0046 2840 Ql10wnt - ok
17:29:58.0093 2840 ql12160 - ok
17:29:58.0109 2840 ql1240 - ok
17:29:58.0140 2840 ql1280 - ok
17:29:58.0218 2840 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:29:58.0234 2840 RasAcd - ok
17:29:58.0296 2840 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:29:58.0312 2840 RasAuto - ok
17:29:58.0359 2840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:29:58.0375 2840 Rasl2tp - ok
17:29:58.0421 2840 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:29:58.0437 2840 RasMan - ok
17:29:58.0578 2840 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:29:58.0578 2840 RasPppoe - ok
17:29:58.0609 2840 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:29:58.0609 2840 Raspti - ok
17:29:58.0687 2840 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:29:58.0687 2840 Rdbss - ok
17:29:58.0718 2840 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:29:58.0718 2840 RDPCDD - ok
17:29:58.0765 2840 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:29:58.0765 2840 rdpdr - ok
17:29:58.0812 2840 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:29:58.0828 2840 RDPWD - ok
17:29:58.0890 2840 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:29:58.0890 2840 RDSessMgr - ok
17:29:58.0921 2840 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:29:58.0937 2840 redbook - ok
17:29:59.0000 2840 RegSrvc (8ac155995f5d10fc0d3ad949a1a68075) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
17:29:59.0000 2840 RegSrvc - ok
17:29:59.0156 2840 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:29:59.0156 2840 RemoteAccess - ok
17:29:59.0218 2840 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:29:59.0218 2840 RemoteRegistry - ok
17:29:59.0250 2840 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:29:59.0281 2840 RpcLocator - ok
17:29:59.0421 2840 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
17:29:59.0453 2840 RpcSs - ok
17:29:59.0484 2840 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:29:59.0484 2840 RSVP - ok
17:29:59.0796 2840 S24EventMonitor (131d50f081d2e29ebd1365b21f6b9736) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
17:30:00.0109 2840 S24EventMonitor - ok
17:30:00.0421 2840 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
17:30:00.0437 2840 s24trans - ok
17:30:00.0500 2840 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:30:00.0500 2840 SamSs - ok
17:30:00.0578 2840 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:30:00.0578 2840 SCardSvr - ok
17:30:00.0750 2840 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:30:00.0937 2840 Schedule - ok
17:30:01.0156 2840 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:30:01.0187 2840 sdbus - ok
17:30:01.0218 2840 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:30:01.0234 2840 Secdrv - ok
17:30:01.0265 2840 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:30:01.0265 2840 seclogon - ok
17:30:01.0328 2840 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:30:01.0359 2840 SENS - ok
17:30:01.0437 2840 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
17:30:01.0468 2840 Serial - ok
17:30:01.0515 2840 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:30:01.0578 2840 Sfloppy - ok
17:30:01.0750 2840 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:30:01.0750 2840 SharedAccess - ok
17:30:01.0953 2840 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:30:01.0953 2840 ShellHWDetection - ok
17:30:01.0984 2840 Simbad - ok
17:30:02.0000 2840 Sparrow - ok
17:30:02.0031 2840 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:30:02.0031 2840 splitter - ok
17:30:02.0062 2840 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:30:02.0062 2840 Spooler - ok
17:30:02.0109 2840 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:30:02.0125 2840 Sr - ok
17:30:02.0140 2840 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:30:02.0156 2840 srservice - ok
17:30:02.0281 2840 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:30:02.0296 2840 Srv - ok
17:30:02.0578 2840 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:30:02.0578 2840 SSDPSRV - ok
17:30:02.0656 2840 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
17:30:02.0656 2840 STAC97 - ok
17:30:02.0703 2840 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:30:02.0703 2840 stisvc - ok
17:30:02.0750 2840 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:30:02.0750 2840 swenum - ok
17:30:02.0796 2840 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:30:02.0796 2840 swmidi - ok
17:30:02.0812 2840 SwPrv - ok
17:30:02.0828 2840 symc810 - ok
17:30:02.0843 2840 symc8xx - ok
17:30:02.0859 2840 sym_hi - ok
17:30:02.0859 2840 sym_u3 - ok
17:30:02.0890 2840 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:30:02.0890 2840 sysaudio - ok
17:30:02.0937 2840 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:30:02.0953 2840 SysmonLog - ok
17:30:03.0062 2840 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:30:03.0078 2840 TapiSrv - ok
17:30:03.0140 2840 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:30:03.0203 2840 Tcpip - ok
17:30:03.0265 2840 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:30:03.0281 2840 TDPIPE - ok
17:30:03.0343 2840 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:30:03.0375 2840 TDTCP - ok
17:30:03.0453 2840 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:30:03.0453 2840 TermDD - ok
17:30:03.0500 2840 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:30:03.0500 2840 TermService - ok
17:30:03.0750 2840 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:30:03.0750 2840 Themes - ok
17:30:03.0875 2840 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
17:30:03.0937 2840 TlntSvr - ok
17:30:03.0984 2840 TosIde - ok
17:30:04.0015 2840 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:30:04.0015 2840 TrkWks - ok
17:30:04.0062 2840 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:30:04.0062 2840 Udfs - ok
17:30:04.0078 2840 ultra - ok
17:30:04.0125 2840 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:30:04.0171 2840 Update - ok
17:30:04.0250 2840 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:30:04.0265 2840 upnphost - ok
17:30:04.0343 2840 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:30:04.0390 2840 UPS - ok
17:30:04.0625 2840 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:30:04.0625 2840 usbccgp - ok
17:30:04.0750 2840 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:30:04.0765 2840 usbehci - ok
17:30:04.0968 2840 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:30:05.0015 2840 usbhub - ok
17:30:05.0031 2840 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:30:05.0031 2840 usbprint - ok
17:30:05.0078 2840 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:30:05.0078 2840 USBSTOR - ok
17:30:05.0125 2840 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:30:05.0140 2840 usbuhci - ok
17:30:05.0234 2840 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:30:05.0234 2840 VgaSave - ok
17:30:05.0281 2840 ViaIde - ok
17:30:05.0312 2840 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:30:05.0328 2840 VolSnap - ok
17:30:05.0375 2840 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:30:05.0375 2840 VSS - ok
17:30:05.0828 2840 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
17:30:05.0875 2840 w29n51 - ok
17:30:06.0046 2840 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:30:06.0062 2840 W32Time - ok
17:30:06.0093 2840 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:30:06.0093 2840 Wanarp - ok
17:30:06.0109 2840 WDICA - ok
17:30:06.0171 2840 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:30:06.0203 2840 wdmaud - ok
17:30:06.0234 2840 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:30:06.0250 2840 WebClient - ok
17:30:06.0421 2840 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:30:06.0656 2840 winachsf - ok
17:30:06.0843 2840 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:30:06.0843 2840 winmgmt - ok
17:30:06.0968 2840 WLANKEEPER (8880769b9f88918e27f8e7332aa1aa01) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
17:30:06.0968 2840 WLANKEEPER - ok
17:30:07.0015 2840 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:30:07.0015 2840 WmdmPmSN - ok
17:30:07.0125 2840 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:30:07.0125 2840 Wmi - ok
17:30:07.0265 2840 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:30:07.0312 2840 WmiApSrv - ok
17:30:07.0500 2840 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:30:07.0718 2840 WMPNetworkSvc - ok
17:30:07.0812 2840 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:30:07.0812 2840 wscsvc - ok
17:30:07.0859 2840 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:30:07.0875 2840 wuauserv - ok
17:30:07.0953 2840 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:30:07.0968 2840 WudfPf - ok
17:30:08.0000 2840 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:30:08.0000 2840 WudfRd - ok
17:30:08.0031 2840 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:30:08.0031 2840 WudfSvc - ok
17:30:08.0078 2840 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:30:08.0093 2840 WZCSVC - ok
17:30:08.0171 2840 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:30:08.0187 2840 xmlprov - ok
17:30:08.0218 2840 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
17:30:08.0250 2840 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
17:30:08.0250 2840 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
17:30:08.0265 2840 Boot (0x1200) (3d9a320c64f8310ca9c08b22b5b90661) \Device\Harddisk0\DR0\Partition0
17:30:08.0265 2840 \Device\Harddisk0\DR0\Partition0 - ok
17:30:08.0265 2840 ============================================================
17:30:08.0265 2840 Scan finished
17:30:08.0265 2840 ============================================================
17:30:08.0281 2832 Detected object count: 1
17:30:08.0281 2832 Actual detected object count: 1
17:30:23.0968 2832 \Device\Harddisk0\DR0\# - copied to quarantine
17:30:24.0000 2832 \Device\Harddisk0\DR0 - copied to quarantine
17:30:24.0062 2832 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
17:30:24.0093 2832 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:30:24.0312 2832 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
17:30:24.0703 2832 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
17:30:26.0656 2832 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
17:30:26.0687 2832 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
17:30:26.0687 2832 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
17:30:26.0703 2832 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
17:30:26.0718 2832 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
17:30:26.0734 2832 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
17:30:26.0750 2832 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:30:26.0765 2832 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:30:26.0796 2832 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
17:30:26.0796 2832 \Device\Harddisk0\DR0 - ok
17:30:26.0906 2832 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
17:30:30.0953 1340 Deinitialize success
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Trojan Problems Cleanman.B allowed by MSE

Unread postby t-risk7 » April 16th, 2012, 5:55 pm

the time is 17:29

other one was 6:48

both say 16:54:05
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Trojan Problems Cleanman.B allowed by MSE

Unread postby deltalima » April 16th, 2012, 6:05 pm

Hi t-risk7,

the time is 17:29

other one was 6:48

both say 16:54:05


Sorry, I missread the log.

Please reboot the computer.

Please run TDSSKiller one more time and select cure if anything is found then post the latest log.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Trojan Problems Cleanman.B allowed by MSE

Unread postby t-risk7 » April 16th, 2012, 8:29 pm

here is new tdss log:
20:27:17.0171 2640 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
20:27:17.0937 2640 ============================================================
20:27:17.0937 2640 Current date / time: 2012/04/16 20:27:17.0937
20:27:17.0937 2640 SystemInfo:
20:27:17.0937 2640
20:27:17.0937 2640 OS Version: 5.1.2600 ServicePack: 3.0
20:27:17.0937 2640 Product type: Workstation
20:27:17.0937 2640 ComputerName: SILVER_BULLET
20:27:17.0937 2640 UserName: Tad Palmer
20:27:17.0937 2640 Windows directory: C:\WINDOWS
20:27:17.0937 2640 System windows directory: C:\WINDOWS
20:27:17.0937 2640 Processor architecture: Intel x86
20:27:17.0937 2640 Number of processors: 1
20:27:17.0937 2640 Page size: 0x1000
20:27:17.0937 2640 Boot type: Normal boot
20:27:17.0937 2640 ============================================================
20:27:20.0265 2640 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:27:20.0265 2640 \Device\Harddisk0\DR0:
20:27:20.0265 2640 MBR used
20:27:20.0265 2640 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
20:27:20.0546 2640 Initialize success
20:27:20.0546 2640 ============================================================
20:27:24.0328 2456 ============================================================
20:27:24.0328 2456 Scan started
20:27:24.0328 2456 Mode: Manual;
20:27:24.0328 2456 ============================================================
20:27:25.0187 2456 Abiosdsk - ok
20:27:25.0203 2456 abp480n5 - ok
20:27:25.0265 2456 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:27:25.0265 2456 ACPI - ok
20:27:25.0328 2456 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:27:25.0328 2456 ACPIEC - ok
20:27:25.0359 2456 adpu160m - ok
20:27:25.0390 2456 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:27:25.0390 2456 aec - ok
20:27:25.0437 2456 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:27:25.0500 2456 AegisP - ok
20:27:25.0562 2456 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:27:25.0562 2456 AFD - ok
20:27:25.0578 2456 Aha154x - ok
20:27:25.0593 2456 aic78u2 - ok
20:27:25.0609 2456 aic78xx - ok
20:27:25.0640 2456 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:27:25.0640 2456 Alerter - ok
20:27:25.0671 2456 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:27:25.0671 2456 ALG - ok
20:27:25.0687 2456 AliIde - ok
20:27:25.0703 2456 amsint - ok
20:27:25.0750 2456 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:27:25.0750 2456 AppMgmt - ok
20:27:25.0843 2456 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:27:25.0859 2456 Arp1394 - ok
20:27:25.0859 2456 asc - ok
20:27:25.0875 2456 asc3350p - ok
20:27:25.0890 2456 asc3550 - ok
20:27:26.0015 2456 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:27:26.0015 2456 aspnet_state - ok
20:27:26.0062 2456 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:27:26.0062 2456 AsyncMac - ok
20:27:26.0109 2456 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:27:26.0109 2456 atapi - ok
20:27:26.0125 2456 Atdisk - ok
20:27:26.0187 2456 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe
20:27:26.0187 2456 Ati HotKey Poller - ok
20:27:26.0265 2456 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:27:26.0296 2456 ati2mtag - ok
20:27:26.0390 2456 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:27:26.0390 2456 Atmarpc - ok
20:27:26.0421 2456 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:27:26.0421 2456 AudioSrv - ok
20:27:26.0468 2456 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:27:26.0468 2456 audstub - ok
20:27:26.0500 2456 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
20:27:26.0515 2456 bcm4sbxp - ok
20:27:26.0546 2456 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:27:26.0546 2456 Beep - ok
20:27:26.0609 2456 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:27:26.0640 2456 BITS - ok
20:27:26.0671 2456 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:27:26.0671 2456 Browser - ok
20:27:26.0750 2456 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
20:27:26.0750 2456 BrScnUsb - ok
20:27:26.0812 2456 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
20:27:26.0828 2456 BrYNSvc - ok
20:27:26.0921 2456 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:27:26.0921 2456 cbidf2k - ok
20:27:26.0937 2456 cd20xrnt - ok
20:27:26.0953 2456 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:27:26.0953 2456 Cdaudio - ok
20:27:27.0000 2456 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:27:27.0000 2456 Cdfs - ok
20:27:27.0031 2456 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:27:27.0031 2456 Cdrom - ok
20:27:27.0046 2456 Changer - ok
20:27:27.0062 2456 CiSvc - ok
20:27:27.0109 2456 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:27:27.0109 2456 ClipSrv - ok
20:27:27.0234 2456 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:27:27.0234 2456 clr_optimization_v2.0.50727_32 - ok
20:27:27.0312 2456 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:27:27.0312 2456 CmBatt - ok
20:27:27.0343 2456 CmdIde - ok
20:27:27.0359 2456 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:27:27.0359 2456 Compbatt - ok
20:27:27.0375 2456 COMSysApp - ok
20:27:27.0390 2456 Cpqarray - ok
20:27:27.0437 2456 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:27:27.0437 2456 CryptSvc - ok
20:27:27.0453 2456 dac2w2k - ok
20:27:27.0468 2456 dac960nt - ok
20:27:27.0531 2456 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:27:27.0546 2456 DcomLaunch - ok
20:27:27.0625 2456 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:27:27.0625 2456 Dhcp - ok
20:27:27.0656 2456 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:27:27.0656 2456 Disk - ok
20:27:27.0671 2456 dmadmin - ok
20:27:27.0734 2456 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:27:27.0765 2456 dmboot - ok
20:27:27.0796 2456 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:27:27.0812 2456 dmio - ok
20:27:27.0843 2456 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:27:27.0843 2456 dmload - ok
20:27:27.0875 2456 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:27:27.0875 2456 dmserver - ok
20:27:27.0921 2456 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:27:27.0921 2456 DMusic - ok
20:27:27.0968 2456 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:27:27.0968 2456 Dnscache - ok
20:27:28.0031 2456 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:27:28.0031 2456 Dot3svc - ok
20:27:28.0093 2456 dpti2o - ok
20:27:28.0125 2456 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:27:28.0125 2456 drmkaud - ok
20:27:28.0156 2456 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:27:28.0156 2456 EapHost - ok
20:27:28.0171 2456 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:27:28.0171 2456 ERSvc - ok
20:27:28.0265 2456 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:27:28.0265 2456 Eventlog - ok
20:27:28.0328 2456 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:27:28.0328 2456 EventSystem - ok
20:27:28.0406 2456 EvtEng (4c6fa3fd55087b7c35707068723a1710) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
20:27:28.0437 2456 EvtEng - ok
20:27:28.0484 2456 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:27:28.0484 2456 Fastfat - ok
20:27:28.0609 2456 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:27:28.0625 2456 FastUserSwitchingCompatibility - ok
20:27:28.0656 2456 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:27:28.0656 2456 Fdc - ok
20:27:28.0671 2456 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:27:28.0671 2456 Fips - ok
20:27:28.0687 2456 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:27:28.0703 2456 Flpydisk - ok
20:27:28.0750 2456 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:27:28.0750 2456 FltMgr - ok
20:27:28.0875 2456 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:27:28.0875 2456 FontCache3.0.0.0 - ok
20:27:28.0906 2456 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:27:28.0921 2456 Fs_Rec - ok
20:27:28.0937 2456 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:27:28.0937 2456 Ftdisk - ok
20:27:28.0968 2456 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:27:28.0968 2456 Gpc - ok
20:27:29.0000 2456 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:27:29.0000 2456 helpsvc - ok
20:27:29.0015 2456 HidServ - ok
20:27:29.0062 2456 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:27:29.0062 2456 hkmsvc - ok
20:27:29.0140 2456 hpn - ok
20:27:29.0187 2456 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
20:27:29.0203 2456 HSFHWICH - ok
20:27:29.0296 2456 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
20:27:29.0328 2456 HSF_DPV - ok
20:27:29.0375 2456 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:27:29.0390 2456 HTTP - ok
20:27:29.0421 2456 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:27:29.0421 2456 HTTPFilter - ok
20:27:29.0437 2456 i2omgmt - ok
20:27:29.0468 2456 i2omp - ok
20:27:29.0500 2456 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:27:29.0500 2456 i8042prt - ok
20:27:29.0687 2456 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:27:29.0718 2456 idsvc - ok
20:27:29.0781 2456 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:27:29.0796 2456 Imapi - ok
20:27:29.0828 2456 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:27:29.0828 2456 ImapiService - ok
20:27:29.0859 2456 ini910u - ok
20:27:29.0906 2456 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:27:29.0906 2456 IntelIde - ok
20:27:29.0937 2456 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:27:29.0937 2456 intelppm - ok
20:27:30.0000 2456 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:27:30.0015 2456 Ip6Fw - ok
20:27:30.0062 2456 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:27:30.0062 2456 IpFilterDriver - ok
20:27:30.0078 2456 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:27:30.0078 2456 IpInIp - ok
20:27:30.0109 2456 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:27:30.0125 2456 IpNat - ok
20:27:30.0140 2456 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:27:30.0156 2456 IPSec - ok
20:27:30.0187 2456 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:27:30.0187 2456 IRENUM - ok
20:27:30.0265 2456 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:27:30.0265 2456 isapnp - ok
20:27:30.0296 2456 JavaQuickStarterService (973db7ac74c554c546f8b0b7b98fb855) C:\Program Files\Java\jre7\bin\jqs.exe
20:27:30.0296 2456 JavaQuickStarterService - ok
20:27:30.0343 2456 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:27:30.0343 2456 Kbdclass - ok
20:27:30.0390 2456 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:27:30.0406 2456 kmixer - ok
20:27:30.0468 2456 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:27:30.0484 2456 KSecDD - ok
20:27:30.0515 2456 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:27:30.0531 2456 LanmanServer - ok
20:27:30.0578 2456 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:27:30.0593 2456 lanmanworkstation - ok
20:27:30.0609 2456 lbrtfdc - ok
20:27:30.0656 2456 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:27:30.0656 2456 LmHosts - ok
20:27:30.0718 2456 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:27:30.0718 2456 mdmxsdk - ok
20:27:30.0750 2456 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:27:30.0765 2456 Messenger - ok
20:27:30.0812 2456 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:27:30.0812 2456 mnmdd - ok
20:27:30.0843 2456 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:27:30.0843 2456 mnmsrvc - ok
20:27:30.0875 2456 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:27:30.0875 2456 Modem - ok
20:27:30.0906 2456 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:27:30.0906 2456 Mouclass - ok
20:27:30.0968 2456 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:27:30.0968 2456 MountMgr - ok
20:27:31.0015 2456 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:27:31.0031 2456 MpFilter - ok
20:27:31.0046 2456 mraid35x - ok
20:27:31.0062 2456 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:27:31.0078 2456 MRxDAV - ok
20:27:31.0140 2456 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:27:31.0156 2456 MRxSmb - ok
20:27:31.0234 2456 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:27:31.0234 2456 MSDTC - ok
20:27:31.0296 2456 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:27:31.0296 2456 Msfs - ok
20:27:31.0312 2456 MSIServer - ok
20:27:31.0359 2456 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:27:31.0359 2456 MSKSSRV - ok
20:27:31.0437 2456 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
20:27:31.0437 2456 MsMpSvc - ok
20:27:31.0500 2456 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:27:31.0500 2456 MSPCLOCK - ok
20:27:31.0531 2456 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:27:31.0531 2456 MSPQM - ok
20:27:31.0562 2456 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:27:31.0562 2456 mssmbios - ok
20:27:31.0609 2456 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:27:31.0625 2456 Mup - ok
20:27:31.0687 2456 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:27:31.0703 2456 napagent - ok
20:27:31.0734 2456 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:27:31.0750 2456 NDIS - ok
20:27:31.0796 2456 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:27:31.0796 2456 NdisTapi - ok
20:27:31.0843 2456 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:27:31.0843 2456 Ndisuio - ok
20:27:31.0875 2456 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:27:31.0875 2456 NdisWan - ok
20:27:31.0890 2456 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:27:31.0890 2456 NDProxy - ok
20:27:31.0921 2456 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:27:31.0921 2456 NetBIOS - ok
20:27:31.0953 2456 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:27:31.0953 2456 NetBT - ok
20:27:31.0984 2456 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:27:32.0000 2456 NetDDE - ok
20:27:32.0000 2456 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:27:32.0015 2456 NetDDEdsdm - ok
20:27:32.0062 2456 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:27:32.0078 2456 Netlogon - ok
20:27:32.0125 2456 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:27:32.0125 2456 Netman - ok
20:27:32.0234 2456 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:27:32.0234 2456 NetTcpPortSharing - ok
20:27:32.0281 2456 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:27:32.0296 2456 NIC1394 - ok
20:27:32.0343 2456 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:27:32.0343 2456 Nla - ok
20:27:32.0390 2456 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:27:32.0390 2456 Npfs - ok
20:27:32.0437 2456 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:27:32.0453 2456 Ntfs - ok
20:27:32.0531 2456 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:27:32.0531 2456 NtLmSsp - ok
20:27:32.0609 2456 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:27:32.0625 2456 NtmsSvc - ok
20:27:32.0687 2456 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:27:32.0687 2456 Null - ok
20:27:32.0718 2456 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:27:32.0718 2456 NwlnkFlt - ok
20:27:32.0750 2456 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:27:32.0750 2456 NwlnkFwd - ok
20:27:32.0781 2456 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:27:32.0781 2456 ohci1394 - ok
20:27:32.0812 2456 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:27:32.0812 2456 Parport - ok
20:27:32.0843 2456 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:27:32.0843 2456 PartMgr - ok
20:27:32.0875 2456 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:27:32.0875 2456 ParVdm - ok
20:27:32.0890 2456 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:27:32.0890 2456 PCI - ok
20:27:32.0921 2456 PCIDump - ok
20:27:32.0937 2456 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
20:27:32.0937 2456 PCIIde - ok
20:27:33.0000 2456 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:27:33.0000 2456 Pcmcia - ok
20:27:33.0015 2456 PDCOMP - ok
20:27:33.0031 2456 PDFRAME - ok
20:27:33.0046 2456 PDRELI - ok
20:27:33.0062 2456 PDRFRAME - ok
20:27:33.0093 2456 perc2 - ok
20:27:33.0125 2456 perc2hib - ok
20:27:33.0187 2456 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:27:33.0187 2456 PlugPlay - ok
20:27:33.0218 2456 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:27:33.0218 2456 PolicyAgent - ok
20:27:33.0265 2456 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:27:33.0265 2456 PptpMiniport - ok
20:27:33.0281 2456 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:27:33.0296 2456 ProtectedStorage - ok
20:27:33.0312 2456 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:27:33.0312 2456 Ptilink - ok
20:27:33.0375 2456 QBCFMonitorService (c6df3ff18d6acb913c78c865dded17d3) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
20:27:33.0375 2456 QBCFMonitorService - ok
20:27:33.0421 2456 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
20:27:33.0437 2456 QBFCService - ok
20:27:33.0546 2456 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
20:27:33.0562 2456 QBVSS - ok
20:27:33.0640 2456 ql1080 - ok
20:27:33.0671 2456 Ql10wnt - ok
20:27:33.0687 2456 ql12160 - ok
20:27:33.0703 2456 ql1240 - ok
20:27:33.0718 2456 ql1280 - ok
20:27:33.0750 2456 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:27:33.0750 2456 RasAcd - ok
20:27:33.0812 2456 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:27:33.0812 2456 RasAuto - ok
20:27:33.0843 2456 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:27:33.0843 2456 Rasl2tp - ok
20:27:33.0875 2456 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:27:33.0890 2456 RasMan - ok
20:27:33.0906 2456 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:27:33.0906 2456 RasPppoe - ok
20:27:33.0937 2456 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:27:33.0937 2456 Raspti - ok
20:27:33.0968 2456 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:27:33.0968 2456 Rdbss - ok
20:27:33.0984 2456 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:27:33.0984 2456 RDPCDD - ok
20:27:34.0046 2456 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:27:34.0046 2456 rdpdr - ok
20:27:34.0109 2456 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:27:34.0109 2456 RDPWD - ok
20:27:34.0156 2456 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:27:34.0171 2456 RDSessMgr - ok
20:27:34.0203 2456 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:27:34.0218 2456 redbook - ok
20:27:34.0343 2456 RegSrvc (8ac155995f5d10fc0d3ad949a1a68075) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
20:27:34.0343 2456 RegSrvc - ok
20:27:34.0453 2456 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:27:34.0453 2456 RemoteAccess - ok
20:27:34.0484 2456 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:27:34.0484 2456 RemoteRegistry - ok
20:27:34.0531 2456 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:27:34.0531 2456 RpcLocator - ok
20:27:34.0593 2456 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
20:27:34.0593 2456 RpcSs - ok
20:27:34.0640 2456 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:27:34.0656 2456 RSVP - ok
20:27:34.0718 2456 S24EventMonitor (131d50f081d2e29ebd1365b21f6b9736) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
20:27:34.0750 2456 S24EventMonitor - ok
20:27:34.0796 2456 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:27:34.0828 2456 s24trans - ok
20:27:34.0921 2456 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:27:34.0937 2456 SamSs - ok
20:27:34.0968 2456 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:27:34.0984 2456 SCardSvr - ok
20:27:35.0031 2456 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:27:35.0031 2456 Schedule - ok
20:27:35.0062 2456 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:27:35.0062 2456 sdbus - ok
20:27:35.0093 2456 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:27:35.0109 2456 Secdrv - ok
20:27:35.0140 2456 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:27:35.0156 2456 seclogon - ok
20:27:35.0187 2456 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:27:35.0187 2456 SENS - ok
20:27:35.0234 2456 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:27:35.0234 2456 Serial - ok
20:27:35.0281 2456 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:27:35.0296 2456 Sfloppy - ok
20:27:35.0359 2456 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:27:35.0375 2456 SharedAccess - ok
20:27:35.0421 2456 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:27:35.0421 2456 ShellHWDetection - ok
20:27:35.0484 2456 Simbad - ok
20:27:35.0515 2456 Sparrow - ok
20:27:35.0562 2456 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:27:35.0562 2456 splitter - ok
20:27:35.0609 2456 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:27:35.0625 2456 Spooler - ok
20:27:35.0656 2456 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:27:35.0671 2456 Sr - ok
20:27:35.0703 2456 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:27:35.0703 2456 srservice - ok
20:27:35.0765 2456 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:27:35.0781 2456 Srv - ok
20:27:35.0812 2456 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:27:35.0812 2456 SSDPSRV - ok
20:27:35.0859 2456 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
20:27:35.0875 2456 STAC97 - ok
20:27:35.0921 2456 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:27:35.0921 2456 stisvc - ok
20:27:36.0031 2456 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:27:36.0031 2456 swenum - ok
20:27:36.0093 2456 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:27:36.0093 2456 swmidi - ok
20:27:36.0109 2456 SwPrv - ok
20:27:36.0125 2456 symc810 - ok
20:27:36.0140 2456 symc8xx - ok
20:27:36.0171 2456 sym_hi - ok
20:27:36.0187 2456 sym_u3 - ok
20:27:36.0250 2456 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:27:36.0250 2456 sysaudio - ok
20:27:36.0406 2456 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:27:36.0421 2456 SysmonLog - ok
20:27:36.0453 2456 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:27:36.0468 2456 TapiSrv - ok
20:27:36.0531 2456 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:27:36.0625 2456 Tcpip - ok
20:27:36.0671 2456 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:27:36.0671 2456 TDPIPE - ok
20:27:36.0765 2456 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:27:36.0765 2456 TDTCP - ok
20:27:36.0812 2456 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:27:36.0812 2456 TermDD - ok
20:27:36.0843 2456 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:27:36.0859 2456 TermService - ok
20:27:36.0906 2456 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:27:36.0906 2456 Themes - ok
20:27:36.0968 2456 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:27:36.0968 2456 TlntSvr - ok
20:27:36.0984 2456 TosIde - ok
20:27:37.0031 2456 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:27:37.0031 2456 TrkWks - ok
20:27:37.0078 2456 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:27:37.0078 2456 Udfs - ok
20:27:37.0093 2456 ultra - ok
20:27:37.0156 2456 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:27:37.0171 2456 Update - ok
20:27:37.0234 2456 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:27:37.0234 2456 upnphost - ok
20:27:37.0281 2456 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:27:37.0281 2456 UPS - ok
20:27:37.0390 2456 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:27:37.0390 2456 usbccgp - ok
20:27:37.0437 2456 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:27:37.0437 2456 usbehci - ok
20:27:37.0453 2456 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:27:37.0453 2456 usbhub - ok
20:27:37.0468 2456 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:27:37.0484 2456 usbprint - ok
20:27:37.0515 2456 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:27:37.0515 2456 USBSTOR - ok
20:27:37.0531 2456 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:27:37.0546 2456 usbuhci - ok
20:27:37.0562 2456 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:27:37.0562 2456 VgaSave - ok
20:27:37.0578 2456 ViaIde - ok
20:27:37.0625 2456 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:27:37.0625 2456 VolSnap - ok
20:27:37.0671 2456 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:27:37.0687 2456 VSS - ok
20:27:37.0812 2456 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
20:27:37.0875 2456 w29n51 - ok
20:27:37.0984 2456 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:27:38.0000 2456 W32Time - ok
20:27:38.0046 2456 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:27:38.0046 2456 Wanarp - ok
20:27:38.0062 2456 WDICA - ok
20:27:38.0109 2456 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:27:38.0109 2456 wdmaud - ok
20:27:38.0156 2456 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:27:38.0156 2456 WebClient - ok
20:27:38.0234 2456 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:27:38.0265 2456 winachsf - ok
20:27:38.0390 2456 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:27:38.0390 2456 winmgmt - ok
20:27:38.0515 2456 WLANKEEPER (8880769b9f88918e27f8e7332aa1aa01) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
20:27:38.0531 2456 WLANKEEPER - ok
20:27:38.0593 2456 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:27:38.0593 2456 WmdmPmSN - ok
20:27:38.0671 2456 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:27:38.0687 2456 Wmi - ok
20:27:38.0781 2456 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:27:38.0781 2456 WmiApSrv - ok
20:27:38.0890 2456 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:27:38.0937 2456 WMPNetworkSvc - ok
20:27:39.0000 2456 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:27:39.0015 2456 wscsvc - ok
20:27:39.0062 2456 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:27:39.0062 2456 wuauserv - ok
20:27:39.0125 2456 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:27:39.0125 2456 WudfPf - ok
20:27:39.0203 2456 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:27:39.0218 2456 WudfRd - ok
20:27:39.0234 2456 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:27:39.0250 2456 WudfSvc - ok
20:27:39.0328 2456 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:27:39.0343 2456 WZCSVC - ok
20:27:39.0390 2456 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:27:39.0406 2456 xmlprov - ok
20:27:39.0437 2456 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:27:39.0593 2456 \Device\Harddisk0\DR0 - ok
20:27:39.0609 2456 Boot (0x1200) (3d9a320c64f8310ca9c08b22b5b90661) \Device\Harddisk0\DR0\Partition0
20:27:39.0609 2456 \Device\Harddisk0\DR0\Partition0 - ok
20:27:39.0609 2456 ============================================================
20:27:39.0609 2456 Scan finished
20:27:39.0609 2456 ============================================================
20:27:39.0625 0940 Detected object count: 0
20:27:39.0625 0940 Actual detected object count: 0
20:27:48.0656 2564 Deinitialize success
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware