NSA MoneyPack Virus: Kopersksy Will Not Work

Fiery

Level 1
Jan 11, 2011
2,007
Hi and welcome to MalwareTips! :)

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:
  • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
  • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
  • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
  • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
  • The absence of symptoms does not mean your PC is fully disinfected.
  • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
  • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Download OTL by Old Timer from here and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Click the Scan All Users checkbox.
  • Check the boxes beside LOP Check and Purity Check
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please attach the contents of these 2 Notepad files in your next reply.

If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072
 

scotty

New Member
Thread author
Sep 16, 2013
7
Sorry to seem dense, but I want to make sure I get this right: do you mean to download the OTL to my infected computer, or to a clean one to be saved to a usb drive? My infected computer begins booting to windows and then immediately locks up to the "LOCKED" screen, so I do not know how to download anything to it. Further, it will not boot in safe or safe with networking mode.

Fiery said:
Hi and welcome to MalwareTips! :)

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:
  • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
  • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
  • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
  • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
  • The absence of symptoms does not mean your PC is fully disinfected.
  • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
  • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Download OTL by Old Timer from here and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Click the Scan All Users checkbox.
  • Check the boxes beside LOP Check and Purity Check
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please attach the contents of these 2 Notepad files in your next reply.

If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072
 

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

Ok, please do this on another PC.

  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your infected system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Wait for the CD to detect your hardware and load the operating system
  • Your system should now display a Reatogo desktop
    Note : as you are running from CD it is not exactly speedy
  • Insert the USB with FRST
  • Locate the flash drive with FRST and double click
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 

scotty

New Member
Thread author
Sep 16, 2013
7
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 03
Ran by SYSTEM on REATOGO on 16-09-2013 19:39:43
Running from G:\
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-23] (Intel Corporation)
HKLM\...\Run: [CTSVolFE] - C:\Program Files\Creative\Mixer\CTSVolFE.exe [57344 2005-02-23] (Creative Technology Ltd)
HKLM\...\Run: [IDTSysTrayApp] - C:\Windows\sttray.exe [405504 2007-09-05] (IDT, Inc.)
HKLM\...\Run: [PCMService] - C:\Program Files\Dell\Media Experience\PCMService.exe [290816 2004-04-11] (CyberLink Corp.)
HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-05-14] (Sonic Solutions)
HKLM\...\Run: [VSOCheckTask] - "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
HKLM\...\Run: [LXCICATS] - rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
HKLM\...\Run: [lxcimon.exe] - C:\Program Files\Lexmark 7300 Series\lxcimon.exe [205744 2007-02-01] (Lexmark International, Inc.)
HKLM\...\Run: [EzPrint] - C:\Program Files\Lexmark 7300 Series\ezprint.exe [103344 2007-02-01] (Lexmark International Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM\...\Run: [Nike+ Connect] - C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe [299008 2010-10-01] (Nike)
HKLM\...\Run: [TuneClone] - C:\Program Files\TuneClone\TuneClone.exe [4550656 2012-02-24] (TuneClone.COM)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-10] (Apple Inc.)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\Administrator\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
HKU\Caroline\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
HKU\Caroline\...\Run: [ISUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [ 2007-08-30] (Macrovision Corporation)
HKU\Caroline\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [ 2010-11-29] (Apple Inc.)
HKU\Default User\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [ 2010-11-29] (Apple Inc.)
HKU\Scott & Shannon\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-03-05] (Safer-Networking Ltd.)
HKU\Scott & Shannon\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-13] (Microsoft Corporation)
HKU\Scott & Shannon\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\Scott & Shannon\...\Run: [Google Update] - [x]
HKU\Shannon & Scott\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-13] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
ShortcutTarget: NkbMonitor.exe.lnk -> C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation)
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
Startup: C:\Documents and Settings\Scott & Shannon\Start Menu\Programs\Startup\bbnh8zq4.lnk
ShortcutTarget: bbnh8zq4.lnk -> C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\4qz8hnbb.plz ()

========================== Services (Whitelisted) =================

S2 lxci_device; C:\WINDOWS\system32\lxcicoms.exe [537520 2007-02-02] ( )
S2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [88176 2011-02-16] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [271480 2010-03-10] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [271480 2010-03-10] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [271480 2010-03-10] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [271480 2010-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [364216 2010-10-07] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [271480 2010-03-10] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [171168 2010-10-14] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [188136 2010-10-14] (McAfee, Inc.)
S2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [141792 2010-10-14] (McAfee, Inc.)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] ()
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-05-14] (Sonic Solutions)
S2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [98304 2009-10-14] (WDC)
S2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo)
S2 winmgmt; C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\4qz8hnbb.plz [97792 2013-09-15] ()
S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S2 SessionLauncher;
S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{e3cec3e3-20bb-a330-872e-791214cf1545}\ \ \???\{e3cec3e3-20bb-a330-872e-791214cf1545}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [55840 2010-10-14] (McAfee, Inc.)
S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1166972 2006-03-23] (Intel Corporation)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [95600 2010-10-14] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [152960 2010-10-14] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [52104 2010-10-14] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [313288 2010-10-14] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [386840 2010-10-14] (McAfee, Inc.)
S3 mfendisk; C:\Windows\System32\DRIVERS\mfendisk.sys [88544 2010-10-14] (McAfee, Inc.)
S3 mfendiskmp; C:\Windows\System32\DRIVERS\mfendisk.sys [88544 2010-10-14] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [84264 2010-10-14] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2010-02-17] (McAfee, Inc.)
S1 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [84072 2010-10-14] (McAfee, Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1022040 2005-08-17] (SigmaTel, Inc.)
S0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [28776 2012-02-24] (TuneClone Software)
S3 bvrp_pci; No ImagePath
S4 IntelIde; No ImagePath
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S0 TfFsMon; system32\drivers\TfFsMon.sys [x]
S3 TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys [x]
S0 TfSysMon; system32\drivers\TfSysMon.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-16 19:39 - 2013-09-16 19:39 - 00000000 ____D C:\FRST
2013-09-15 16:27 - 2013-09-15 16:27 - 00016181 ____T C:\Documents and Settings\All Users.WINDOWS\Application Data\evr.exe
2013-09-15 15:50 - 2013-09-16 18:57 - 00000000 _____ C:\Documents and Settings\All Users.WINDOWS\Application Data\bbnh8zq4.ctrl
2013-09-15 15:49 - 2013-09-16 18:57 - 95025368 ____T C:\Documents and Settings\All Users.WINDOWS\Application Data\bbnh8zq4.pff
2013-09-15 15:49 - 2013-09-15 15:49 - 00097792 _____ C:\Documents and Settings\All Users.WINDOWS\Application Data\4qz8hnbb.plz
2013-09-15 13:43 - 2013-09-15 13:43 - 00005120 ___SH C:\Documents and Settings\Scott & Shannon\My Documents\Thumbs.db
2013-09-11 21:10 - 2013-09-11 21:34 - 00083456 _____ C:\Documents and Settings\Scott & Shannon\My Documents\Emma Poster.pub
2013-09-11 04:23 - 2013-09-11 04:25 - 00026489 _____ C:\Windows\KB2870699-IE8.log
2013-09-11 04:19 - 2013-09-11 04:19 - 00000000 __HDC C:\Windows\$NtUninstallKB2876315$
2013-09-11 04:19 - 2013-09-11 04:19 - 00000000 __HDC C:\Windows\$NtUninstallKB2876217$
2013-09-11 04:19 - 2013-09-11 04:19 - 00000000 __HDC C:\Windows\$NtUninstallKB2864063$
2013-09-11 03:40 - 2013-09-11 04:20 - 00036800 _____ C:\Windows\KB2876315.log
2013-09-11 03:40 - 2013-09-11 04:19 - 00035823 _____ C:\Windows\KB2876217.log
2013-09-11 03:39 - 2013-09-11 04:19 - 00035918 _____ C:\Windows\KB2864063.log
2013-08-28 21:43 - 2013-08-28 21:43 - 00000000 ____D C:\Documents and Settings\Scott & Shannon\My Documents\My Karaoke
2013-08-28 04:00 - 2013-08-28 04:00 - 00005480 _____ C:\Windows\KB2834904-v2.log
2013-08-28 04:00 - 2013-08-28 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2834904-v2_WM11$
2013-08-25 21:24 - 2013-08-25 21:24 - 00000000 _____ C:\Documents and Settings\Scott & Shannon\My Documents\Emma's Homework.txt

==================== One Month Modified Files and Folders =======

2013-09-16 19:39 - 2013-09-16 19:39 - 00000000 ____D C:\FRST
2013-09-16 18:57 - 2013-09-15 15:50 - 00000000 _____ C:\Documents and Settings\All Users.WINDOWS\Application Data\bbnh8zq4.ctrl
2013-09-16 18:57 - 2013-09-15 15:49 - 95025368 ____T C:\Documents and Settings\All Users.WINDOWS\Application Data\bbnh8zq4.pff
2013-09-16 18:57 - 2009-10-18 15:48 - 00000049 _____ C:\Windows\wiaservc.log
2013-09-16 08:32 - 2009-10-18 15:48 - 00000159 _____ C:\Windows\wiadebug.log
2013-09-16 03:27 - 2013-06-15 08:50 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-09-15 22:14 - 2009-10-18 23:53 - 02083479 _____ C:\Windows\WindowsUpdate.log
2013-09-15 22:14 - 2009-10-18 21:17 - 00000178 ___SH C:\Documents and Settings\Scott & Shannon\ntuser.ini
2013-09-15 20:32 - 2009-10-18 21:17 - 00031944 _____ C:\Windows\SchedLgU.Txt
2013-09-15 16:27 - 2013-09-15 16:27 - 00016181 ____T C:\Documents and Settings\All Users.WINDOWS\Application Data\evr.exe
2013-09-15 15:49 - 2013-09-15 15:49 - 00097792 _____ C:\Documents and Settings\All Users.WINDOWS\Application Data\4qz8hnbb.plz
2013-09-15 15:49 - 2011-12-09 23:37 - 00000000 ____D C:\Documents and Settings\Scott & Shannon\Local Settings\Application Data\Google
2013-09-15 15:49 - 2007-04-22 23:39 - 00000000 ____D C:\Program Files\Google
2013-09-15 15:09 - 2007-06-16 22:53 - 00000000 ____D C:\Program Files\Respondus LockDown Browser
2013-09-15 14:22 - 2007-11-11 16:20 - 00000000 ____D C:\Program Files\Lx_cats
2013-09-15 13:43 - 2013-09-15 13:43 - 00005120 ___SH C:\Documents and Settings\Scott & Shannon\My Documents\Thumbs.db
2013-09-14 04:04 - 2010-01-11 19:52 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2013-09-14 00:33 - 2013-02-17 15:47 - 00081211 _____ C:\Windows\System32\KT_CMS.dmp
2013-09-13 23:56 - 2012-10-21 21:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-09-13 23:56 - 2012-10-21 21:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-09-11 21:34 - 2013-09-11 21:10 - 00083456 _____ C:\Documents and Settings\Scott & Shannon\My Documents\Emma Poster.pub
2013-09-11 04:41 - 2009-10-18 15:44 - 00324320 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-11 04:25 - 2013-09-11 04:23 - 00026489 _____ C:\Windows\KB2870699-IE8.log
2013-09-11 04:25 - 2011-04-01 21:24 - 00479279 _____ C:\Windows\setupapi.log
2013-09-11 04:25 - 2009-10-18 15:45 - 03077739 _____ C:\Windows\FaxSetup.log
2013-09-11 04:25 - 2009-10-18 15:45 - 01495661 _____ C:\Windows\ocgen.log
2013-09-11 04:25 - 2009-10-18 15:45 - 01180777 _____ C:\Windows\tsoc.log
2013-09-11 04:25 - 2009-10-18 15:45 - 00855011 _____ C:\Windows\comsetup.log
2013-09-11 04:25 - 2009-10-18 15:45 - 00519452 _____ C:\Windows\ntdtcsetup.log
2013-09-11 04:25 - 2009-10-18 15:45 - 00487599 _____ C:\Windows\iis6.log
2013-09-11 04:25 - 2009-10-18 15:45 - 00154405 _____ C:\Windows\msgsocm.log
2013-09-11 04:25 - 2009-10-18 15:45 - 00133550 _____ C:\Windows\ocmsn.log
2013-09-11 04:25 - 2009-10-18 15:45 - 00001374 _____ C:\Windows\imsins.log
2013-09-11 04:24 - 2009-10-19 08:47 - 00331569 _____ C:\Windows\updspapi.log
2013-09-11 04:23 - 2009-06-16 08:24 - 00000000 ____D C:\Windows\ie8updates
2013-09-11 04:20 - 2013-09-11 03:40 - 00036800 _____ C:\Windows\KB2876315.log
2013-09-11 04:20 - 2009-10-18 15:45 - 00001374 _____ C:\Windows\imsins.BAK
2013-09-11 04:19 - 2013-09-11 04:19 - 00000000 __HDC C:\Windows\$NtUninstallKB2876315$
2013-09-11 04:19 - 2013-09-11 04:19 - 00000000 __HDC C:\Windows\$NtUninstallKB2876217$
2013-09-11 04:19 - 2013-09-11 04:19 - 00000000 __HDC C:\Windows\$NtUninstallKB2864063$
2013-09-11 04:19 - 2013-09-11 03:40 - 00035823 _____ C:\Windows\KB2876217.log
2013-09-11 04:19 - 2013-09-11 03:39 - 00035918 _____ C:\Windows\KB2864063.log
2013-09-11 04:02 - 2013-08-15 04:36 - 00000000 ____D C:\Windows\System32\MRT
2013-09-11 04:01 - 2009-10-19 08:54 - 76725432 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-09-03 23:14 - 2011-04-02 10:03 - 00001945 _____ C:\Windows\epplauncher.mif
2013-09-03 21:33 - 2011-04-02 09:45 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-28 21:43 - 2013-08-28 21:43 - 00000000 ____D C:\Documents and Settings\Scott & Shannon\My Documents\My Karaoke
2013-08-28 04:00 - 2013-08-28 04:00 - 00005480 _____ C:\Windows\KB2834904-v2.log
2013-08-28 04:00 - 2013-08-28 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2834904-v2_WM11$
2013-08-25 21:24 - 2013-08-25 21:24 - 00000000 _____ C:\Documents and Settings\Scott & Shannon\My Documents\Emma's Homework.txt

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Documents and Settings\Scott & Shannon\Local Settings\Application Data\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install


Some content of TEMP:
====================
C:\Documents and Settings\Scott & Shannon\Local Settings\Temp\21374812193529.exe
C:\Documents and Settings\Scott & Shannon\Local Settings\Temp\pgvcpssdcdyerejdxws.bfg
C:\Documents and Settings\Scott and Shannon\Local Settings\Temp\d.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-09-15 04:54 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1134

RP: -> 2013-09-14 04:53 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1133

RP: -> 2013-09-14 04:00 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1132

RP: -> 2013-09-13 04:54 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1131

RP: -> 2013-09-13 04:00 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1130

RP: -> 2013-09-12 04:54 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1129

RP: -> 2013-09-12 04:00 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1128

RP: -> 2013-09-11 04:01 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1127

RP: -> 2013-09-10 21:47 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1126

RP: -> 2013-09-10 02:10 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1125

RP: -> 2013-09-09 21:44 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1124

RP: -> 2013-09-08 21:44 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1123

RP: -> 2013-09-07 21:44 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1122

RP: -> 2013-09-06 21:44 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1121

RP: -> 2013-09-05 21:43 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1120

RP: -> 2013-09-04 21:45 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1119

RP: -> 2013-09-04 08:57 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1118

RP: -> 2013-09-03 08:32 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1117

RP: -> 2013-09-03 05:13 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1116

RP: -> 2013-09-03 02:06 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1115

RP: -> 2013-09-02 05:14 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1114

RP: -> 2013-09-01 05:14 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1113

RP: -> 2013-08-31 05:14 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1112

RP: -> 2013-08-30 05:14 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1111

RP: -> 2013-08-29 05:14 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1110

RP: -> 2013-08-28 05:14 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1109

RP: -> 2013-08-28 04:00 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1108

RP: -> 2013-08-27 05:14 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1107

RP: -> 2013-08-27 02:06 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1106

RP: -> 2013-08-26 05:14 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1105

RP: -> 2013-08-25 05:17 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1104

RP: -> 2013-08-24 05:14 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1103

RP: -> 2013-08-23 05:14 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1102

RP: -> 2013-08-22 05:14 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1101

RP: -> 2013-08-21 05:14 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1100

RP: -> 2013-08-20 05:14 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1099

RP: -> 2013-08-20 02:05 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1098

RP: -> 2013-08-19 05:13 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1097

RP: -> 2013-08-18 20:20 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1096

RP: -> 2013-08-18 05:15 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1095

RP: -> 2013-08-17 05:14 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1094

RP: -> 2013-08-16 05:15 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1093

RP: -> 2013-08-16 04:08 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1092

RP: -> 2013-08-15 04:00 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1091

RP: -> 2013-08-14 09:01 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1090

RP: -> 2013-08-13 08:59 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1089

RP: -> 2013-08-13 01:54 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1088

RP: -> 2013-08-12 09:00 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1087

RP: -> 2013-08-11 09:00 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1086

RP: -> 2013-08-10 09:00 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1085

RP: -> 2013-08-09 22:56 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1084

RP: -> 2013-08-08 22:25 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1083

RP: -> 2013-08-07 22:24 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1082

RP: -> 2013-08-06 22:27 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1081

RP: -> 2013-08-06 01:57 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1080

RP: -> 2013-08-05 22:24 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1079

RP: -> 2013-08-04 22:24 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1078

RP: -> 2013-08-03 22:24 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1077

RP: -> 2013-08-02 22:24 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1076

RP: -> 2013-08-01 22:23 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1075

RP: -> 2013-07-31 22:24 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1074

RP: -> 2013-07-30 22:25 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1073

RP: -> 2013-07-30 01:58 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1072

RP: -> 2013-07-29 22:25 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1071

RP: -> 2013-07-28 22:25 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1070

RP: -> 2013-07-27 22:24 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1069

RP: -> 2013-07-26 22:24 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1068

RP: -> 2013-07-25 22:25 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1067

RP: -> 2013-07-24 22:28 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1066

RP: -> 2013-07-23 22:24 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1065

RP: -> 2013-07-23 01:58 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1064

RP: -> 2013-07-22 22:24 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1063

RP: -> 2013-07-21 22:25 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1062

RP: -> 2013-07-20 22:25 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1061

RP: -> 2013-07-19 22:25 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1060

RP: -> 2013-07-19 21:17 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1059

RP: -> 2013-07-18 20:26 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1058

RP: -> 2013-07-17 20:25 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1057

RP: -> 2013-07-16 20:26 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1056

RP: -> 2013-07-16 01:40 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1055

RP: -> 2013-07-15 20:28 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1054

RP: -> 2013-07-15 09:05 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1053

RP: -> 2013-07-14 05:44 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1052

RP: -> 2013-07-13 05:44 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1051

RP: -> 2013-07-12 05:44 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1050

RP: -> 2013-07-12 04:37 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1049

RP: -> 2013-07-11 04:00 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1048

RP: -> 2013-07-10 14:50 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1047

RP: -> 2013-07-10 02:41 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1046

RP: -> 2013-07-09 02:21 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1045

RP: -> 2013-07-08 22:58 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1044

RP: -> 2013-07-07 22:58 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1043

RP: -> 2013-07-06 22:58 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1042

RP: -> 2013-07-05 22:58 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1041

RP: -> 2013-07-04 22:58 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1040

RP: -> 2013-07-03 22:58 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1039

RP: -> 2013-07-02 22:58 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1038

RP: -> 2013-07-02 02:21 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1037

RP: -> 2013-07-01 22:58 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1036

RP: -> 2013-06-30 22:58 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1035

RP: -> 2013-06-29 22:58 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1034

RP: -> 2013-06-28 22:59 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1033

RP: -> 2013-06-28 09:51 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1032

RP: -> 2013-06-27 09:18 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1031

RP: -> 2013-06-26 08:52 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1030

RP: -> 2013-06-25 10:03 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1029

RP: -> 2013-06-25 02:27 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1028

RP: -> 2013-06-24 10:06 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1027

RP: -> 2013-06-23 08:34 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1026

RP: -> 2013-06-22 08:34 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1025

RP: -> 2013-06-21 08:34 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1024

RP: -> 2013-06-20 08:33 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1023

RP: -> 2013-06-19 08:33 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1022

RP: -> 2013-06-18 08:34 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1021

RP: -> 2013-06-18 02:23 - 020480 _restore{6A3E3DB9-7EB7-4E62-8264-E618E273518D}\RP1020

RP: -> 2009-10-18 18:05 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1109

RP: -> 2009-10-17 17:17 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1108

RP: -> 2009-10-16 13:34 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1107

RP: -> 2009-10-15 13:20 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1106

RP: -> 2009-10-13 23:33 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1105

RP: -> 2009-10-13 17:58 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104

RP: -> 2009-10-12 08:55 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1103

RP: -> 2009-10-11 08:38 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1102

RP: -> 2009-10-09 19:50 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1101

RP: -> 2009-10-08 19:29 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1100

RP: -> 2009-10-06 21:49 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1099

RP: -> 2009-10-04 22:12 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1098

RP: -> 2009-10-03 21:56 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1097

RP: -> 2009-10-02 20:58 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1096

RP: -> 2009-09-30 10:34 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1095

RP: -> 2009-09-29 07:55 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1094

RP: -> 2009-09-27 23:23 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1093

RP: -> 2009-09-26 22:52 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1092

RP: -> 2009-09-25 22:45 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1091

RP: -> 2009-09-24 22:02 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1090

RP: -> 2009-09-23 21:58 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1089

RP: -> 2009-09-22 21:35 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1088

RP: -> 2009-09-21 20:09 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1087

RP: -> 2009-09-20 18:28 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1086

RP: -> 2009-09-19 18:26 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1085

RP: -> 2009-09-18 18:14 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1084

RP: -> 2009-09-17 17:40 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1083

RP: -> 2009-09-16 08:54 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1082

RP: -> 2009-09-14 22:53 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1081

RP: -> 2009-09-13 21:32 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1080

RP: -> 2009-09-12 20:36 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1079

RP: -> 2009-09-11 20:03 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1078

RP: -> 2009-09-10 19:44 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1077

RP: -> 2009-09-09 17:29 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1076

RP: -> 2009-09-08 13:52 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1075

RP: -> 2009-09-07 21:09 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1074

RP: -> 2009-09-06 20:15 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1073

RP: -> 2009-09-05 19:19 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1072

RP: -> 2009-09-04 18:27 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1071

RP: -> 2009-09-02 22:57 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1070

RP: -> 2009-09-01 22:02 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1069

RP: -> 2009-08-31 21:14 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1068

RP: -> 2009-08-30 20:21 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1067

RP: -> 2009-08-29 19:35 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1066

RP: -> 2009-08-28 19:33 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1065

RP: -> 2009-08-27 19:24 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1064

RP: -> 2009-08-25 23:15 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1063

RP: -> 2009-08-24 21:14 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1062

RP: -> 2009-08-22 23:30 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1061

RP: -> 2009-08-22 10:11 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1060

RP: -> 2009-08-20 21:47 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1059

RP: -> 2009-08-19 21:38 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1058

RP: -> 2009-08-18 21:06 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1057

RP: -> 2009-08-17 20:28 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1056

RP: -> 2009-08-16 19:48 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1055

RP: -> 2009-08-15 17:57 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1054

RP: -> 2009-08-14 17:50 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1053

RP: -> 2009-08-13 08:33 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1052

RP: -> 2009-08-11 23:18 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1051

RP: -> 2009-08-10 23:10 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1050

RP: -> 2009-08-09 22:59 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1049

RP: -> 2009-08-09 10:23 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1048

RP: -> 2009-08-09 00:08 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1047

RP: -> 2009-08-08 09:50 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1046

RP: -> 2009-08-06 23:00 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1045

RP: -> 2009-08-05 20:34 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1044

RP: -> 2009-08-04 20:28 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1043

RP: -> 2009-08-03 18:54 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1042

RP: -> 2009-08-02 12:37 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1041

RP: -> 2009-08-01 10:08 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1040

RP: -> 2009-07-31 08:23 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1039

RP: -> 2009-07-30 00:35 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1038

RP: -> 2009-07-29 19:41 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1037

RP: -> 2009-07-28 19:05 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1036

RP: -> 2009-07-27 10:20 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1035

RP: -> 2009-07-26 09:47 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1034

RP: -> 2009-07-25 09:46 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1033

RP: -> 2009-07-23 23:20 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1032

RP: -> 2009-07-22 22:28 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1031

RP: -> 2009-07-21 21:20 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1030

RP: -> 2009-07-20 20:27 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1029


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 2038.08 MB
Available physical RAM: 1763.36 MB
Total Pagefile: 1868.75 MB
Available Pagefile: 1799.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.54 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:108.59 GB) (Free:4.39 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (My Book) (Fixed) (Total:930.86 GB) (Free:654.06 GB) NTFS
Drive e: (Backup) (Fixed) (Total:37.24 GB) (Free:37.17 GB) NTFS
Drive f: (WD SmartWare) (CDROM) (Total:0.63 GB) (Free:0 GB) UDF
Drive g: (USB DISK) (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=109 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=37 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=DB)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 0002AE3F)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 64 MB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=63 MB) - (Type=06)

==================== End Of Log ============================


Ok, please do this on another PC.

  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your infected system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Wait for the CD to detect your hardware and load the operating system
  • Your system should now display a Reatogo desktop
    Note : as you are running from CD it is not exactly speedy
  • Insert the USB with FRST
  • Locate the flash drive with FRST and double click
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/quote]
 

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

On your clean PC, download the following file by right-clicking it and select save as

[attachment=5641]

and save it onto your flash drive.

Then, boot to OTLPE, plug in your flash drive, open FRST and click fix. Post the generated log.

Attempt to boot normally (pull out the OTLPE CD). If successful,

Download TDSSkiller from here
  • Double-Click on TDSSKiller.exe to run the application
  • When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
  • After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
    clip.jpg
  • click Start scan .
  • If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
  • If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.

Post the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

Download Malwarebytes Anti-Rootkit from here to your Desktop
  • Unzip the contents to a folder on your Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
  • After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
  • When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)
 

Attachments

  • fixlist.txt
    1.2 KB · Views: 82

scotty

New Member
Thread author
Sep 16, 2013
7
OK, did all the steps. First mbar scan found malware and removed it, but on the second scan of mbar, it said there was no malware found!
Everything seems normal. Thank you so much! Logs are attached.

On your clean PC, download the following file by right-clicking it and select save as



and save it onto your flash drive.

Then, boot to OTLPE, plug in your flash drive, open FRST and click fix. Post the generated log.

Attempt to boot normally (pull out the OTLPE CD). If successful,

Download TDSSkiller from here
  • Double-Click on TDSSKiller.exe to run the application
  • When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
  • After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
    clip.jpg
  • click Start scan .
  • If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
  • If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.

Post the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

Download Malwarebytes Anti-Rootkit from here to your Desktop
  • Unzip the contents to a folder on your Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
  • After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
  • When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)
[/quote]
 

Attachments

  • mbar-log-2013-09-17 (06-33-44).txt
    2.1 KB · Views: 80

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

did you run the TDSSKiller tool? We are not quite done yet, as there could be more malware on your PC.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
  • Click delete
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select Run as Administrator to start
  • Wait until Prescan has finished, then click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click delete and wait until it saids deleting finished
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
    Exit/Close RogueKiller+
 

scotty

New Member
Thread author
Sep 16, 2013
7
Yes, I did run TDSSkiller but could not find the log to post--it ran successfully. I also ran ADWCleaner and RogueKiller and logs are posted below.

# AdwCleaner v3.004 - Report created 17/09/2013 at 20:27:46
# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Scott & Shannon - DESKTOP
# Running from : C:\Documents and Settings\Scott & Shannon\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\RewardsArcade
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\WinZip Registry Optimizer
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Documents and Settings\Scott & Shannon\Local Settings\Application Data\RewardsArcade
Folder Deleted : C:\Documents and Settings\Scott & Shannon\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Scott & Shannon\Application Data\HELPER
Folder Deleted : C:\Documents and Settings\Scott & Shannon\Application Data\PriceGong

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKLM\Software\Uniblue\SpeedUpMyPC

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


*************************

AdwCleaner[R0].txt - [1511 octets] - [17/09/2013 20:16:48]
AdwCleaner[S0].txt - [1323 octets] - [17/09/2013 20:27:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1383 octets] ##########

AND HERE IS THE ROGUEKILLER REPORT:

RogueKiller V8.6.11 [Sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Scott & Shannon [Admin rights]
Mode : Remove -- Date : 09/17/2013 21:46:23
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD160JJ/P +++++
--- User ---
[MBR] 74fc93d00b624a82f421f6da88fc3d95
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 111192 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 227801700 | Size: 38130 Mo
3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 305893665 | Size: 3223 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD160JJ/P +++++
--- User ---
[MBR] 501e0d6900b18b534a9fcc91650fc670
[BSP] d17cd76fdfd3323b5fe85b518ea94d94 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953198 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_09172013_214623.txt >>
RKreport[0]_D_09172013_213357.txt;RKreport[0]_S_09172013_212744.txt;RKreport[0]_S_09172013_214600.txt






Hi,

did you run the TDSSKiller tool? We are not quite done yet, as there could be more malware on your PC.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
  • Click delete
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select Run as Administrator to start
  • Wait until Prescan has finished, then click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click delete and wait until it saids deleting finished
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
    Exit/Close RogueKiller+
[/quote]
 

Fiery

Level 1
Jan 11, 2011
2,007
Can you go into your C-drive and see if there's a TDSSkiller log? It should be in C:/TDSSKiller.[Version]_[Date]_[Time]_log.txt
 

scotty

New Member
Thread author
Sep 16, 2013
7
Yes, I actually have three. Here are all three, with the most recent posted first, followed by the next most recent, and then the oldest.

12:27:54.0187 1836 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:27:54.0906 1836 ============================================================
12:27:54.0906 1836 Current date / time: 2013/09/17 12:27:54.0906
12:27:54.0906 1836 SystemInfo:
12:27:54.0906 1836
12:27:54.0906 1836 OS Version: 5.1.2600 ServicePack: 3.0
12:27:54.0906 1836 Product type: Workstation
12:27:54.0906 1836 ComputerName: DESKTOP
12:27:54.0906 1836 UserName: Scott & Shannon
12:27:54.0906 1836 Windows directory: C:\WINDOWS
12:27:54.0906 1836 System windows directory: C:\WINDOWS
12:27:54.0906 1836 Processor architecture: Intel x86
12:27:54.0906 1836 Number of processors: 2
12:27:54.0906 1836 Page size: 0x1000
12:27:54.0906 1836 Boot type: Normal boot
12:27:54.0906 1836 ============================================================
12:27:57.0171 1836 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:27:57.0171 1836 Drive \Device\Harddisk1\DR5 - Size: 0xE8B6F00000 (930.86 Gb), SectorSize: 0x200, Cylinders: 0x1DAAB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:27:57.0203 1836 Drive \Device\Harddisk2\DR9 - Size: 0x3F80000 (0.06 Gb), SectorSize: 0x200, Cylinders: 0x8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:27:57.0203 1836 ============================================================
12:27:57.0203 1836 \Device\Harddisk0\DR0:
12:27:57.0203 1836 MBR partitions:
12:27:57.0203 1836 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0xD92C09F
12:27:57.0203 1836 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xD93FA64, BlocksNum 0x4A796BD
12:27:57.0203 1836 \Device\Harddisk1\DR5:
12:27:57.0203 1836 MBR partitions:
12:27:57.0203 1836 \Device\Harddisk1\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x745B7000
12:27:57.0203 1836 \Device\Harddisk2\DR9:
12:27:57.0203 1836 MBR partitions:
12:27:57.0203 1836 \Device\Harddisk2\DR9\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1FBE0
12:27:57.0203 1836 ============================================================
12:27:57.0250 1836 C: <-> \Device\Harddisk0\DR0\Partition1
12:27:57.0312 1836 D: <-> \Device\Harddisk0\DR0\Partition2
12:27:57.0343 1836 I: <-> \Device\Harddisk1\DR5\Partition1
12:27:57.0343 1836 ============================================================
12:27:57.0343 1836 Initialize success
12:27:57.0343 1836 ============================================================
12:28:02.0046 1480 Deinitialize success



22:43:03.0171 0468 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:43:04.0203 0468 ============================================================
22:43:04.0203 0468 Current date / time: 2013/09/16 22:43:04.0203
22:43:04.0203 0468 SystemInfo:
22:43:04.0218 0468
22:43:04.0218 0468 OS Version: 5.1.2600 ServicePack: 3.0
22:43:04.0218 0468 Product type: Workstation
22:43:04.0218 0468 ComputerName: DESKTOP
22:43:04.0218 0468 UserName: Scott & Shannon
22:43:04.0218 0468 Windows directory: C:\WINDOWS
22:43:04.0218 0468 System windows directory: C:\WINDOWS
22:43:04.0218 0468 Processor architecture: Intel x86
22:43:04.0218 0468 Number of processors: 2
22:43:04.0218 0468 Page size: 0x1000
22:43:04.0218 0468 Boot type: Normal boot
22:43:04.0218 0468 ============================================================
22:43:09.0921 0468 BG loaded
22:43:10.0859 0468 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:43:10.0890 0468 Drive \Device\Harddisk1\DR5 - Size: 0xE8B6F00000 (930.86 Gb), SectorSize: 0x200, Cylinders: 0x1DAAB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:43:10.0953 0468 ============================================================
22:43:10.0953 0468 \Device\Harddisk0\DR0:
22:43:11.0093 0468 MBR partitions:
22:43:11.0093 0468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0xD92C09F
22:43:11.0093 0468 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xD93FA64, BlocksNum 0x4A796BD
22:43:11.0093 0468 \Device\Harddisk1\DR5:
22:43:11.0093 0468 MBR partitions:
22:43:11.0093 0468 \Device\Harddisk1\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x745B7000
22:43:11.0093 0468 ============================================================
22:43:12.0281 0468 C: <-> \Device\Harddisk0\DR0\Partition1
22:43:12.0609 0468 D: <-> \Device\Harddisk0\DR0\Partition2
22:43:12.0703 0468 I: <-> \Device\Harddisk1\DR5\Partition1
22:43:12.0750 0468 ============================================================
22:43:12.0750 0468 Initialize success
22:43:12.0750 0468 ============================================================
22:44:55.0203 2868 ============================================================
22:44:55.0281 2868 Scan started
22:44:55.0281 2868 Mode: Manual; SigCheck; TDLFS;
22:44:55.0281 2868 ============================================================
22:45:15.0468 2868 ================ Scan system memory ========================
22:45:15.0468 2868 System memory - ok
22:45:15.0468 2868 ================ Scan services =============================
22:45:32.0218 2868 Abiosdsk - ok
22:45:32.0234 2868 abp480n5 - ok
22:45:32.0421 2868 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:45:43.0359 2868 ACPI - ok
22:45:43.0468 2868 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:45:51.0281 2868 ACPIEC - ok
22:45:51.0437 2868 [ 7BBAF543CABE8A8D275BC7F6C66C1959 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:45:51.0500 2868 AdobeFlashPlayerUpdateSvc - ok
22:45:51.0515 2868 adpu160m - ok
22:45:51.0562 2868 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:45:52.0546 2868 aec - ok
22:45:52.0718 2868 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:45:53.0281 2868 AFD - ok
22:45:53.0296 2868 Aha154x - ok
22:45:53.0312 2868 aic78u2 - ok
22:45:53.0328 2868 aic78xx - ok
22:45:53.0406 2868 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:45:55.0000 2868 Alerter - ok
22:45:55.0015 2868 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
22:45:56.0109 2868 ALG - ok
22:45:56.0125 2868 AliIde - ok
22:45:56.0125 2868 amsint - ok
22:45:56.0984 2868 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:45:57.0062 2868 Apple Mobile Device - ok
22:45:57.0062 2868 AppMgmt - ok
22:45:57.0078 2868 asc - ok
22:45:57.0093 2868 asc3350p - ok
22:45:57.0109 2868 asc3550 - ok
22:45:58.0968 2868 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:45:59.0078 2868 aspnet_state - ok
22:45:59.0109 2868 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:45:59.0296 2868 AsyncMac - ok
22:45:59.0328 2868 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:45:59.0734 2868 atapi - ok
22:45:59.0750 2868 Atdisk - ok
22:45:59.0796 2868 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:46:00.0031 2868 Atmarpc - ok
22:46:00.0640 2868 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:46:01.0140 2868 AudioSrv - ok
22:46:01.0187 2868 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:46:01.0968 2868 audstub - ok
22:46:02.0109 2868 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:46:02.0453 2868 Beep - ok
22:46:04.0281 2868 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:46:04.0421 2868 Bonjour Service - ok
22:46:05.0062 2868 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
22:46:05.0343 2868 Browser - ok
22:46:05.0343 2868 bvrp_pci - ok
22:46:05.0781 2868 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:46:21.0015 2868 cbidf2k - ok
22:46:21.0046 2868 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:46:21.0328 2868 CCDECODE - ok
22:46:21.0343 2868 cd20xrnt - ok
22:46:21.0375 2868 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:46:21.0687 2868 Cdaudio - ok
22:46:21.0734 2868 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:46:22.0031 2868 Cdfs - ok
22:46:22.0078 2868 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:46:22.0406 2868 Cdrom - ok
22:46:22.0531 2868 [ 7E6F7DA1C4DE5680820F964562548949 ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
22:46:22.0859 2868 cfwids - ok
22:46:22.0875 2868 Changer - ok
22:46:22.0921 2868 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:46:23.0203 2868 CiSvc - ok
22:46:23.0218 2868 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:46:24.0046 2868 ClipSrv - ok
22:46:24.0140 2868 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:46:24.0500 2868 clr_optimization_v2.0.50727_32 - ok
22:46:24.0921 2868 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:46:25.0203 2868 clr_optimization_v4.0.30319_32 - ok
22:46:25.0218 2868 CmdIde - ok
22:46:25.0234 2868 COMSysApp - ok
22:46:25.0265 2868 Cpqarray - ok
22:46:25.0312 2868 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:46:25.0765 2868 CryptSvc - ok
22:46:25.0796 2868 dac2w2k - ok
22:46:25.0812 2868 dac960nt - ok
22:46:25.0875 2868 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:46:27.0062 2868 DcomLaunch - ok
22:46:27.0109 2868 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:46:27.0421 2868 Dhcp - ok
22:46:27.0453 2868 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:46:27.0968 2868 Disk - ok
22:46:27.0968 2868 dmadmin - ok
22:46:28.0156 2868 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:46:28.0828 2868 dmboot - ok
22:46:28.0875 2868 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:46:29.0203 2868 dmio - ok
22:46:29.0234 2868 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:46:29.0906 2868 dmload - ok
22:46:29.0984 2868 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:46:30.0453 2868 dmserver - ok
22:46:30.0500 2868 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:46:30.0843 2868 DMusic - ok
22:46:30.0890 2868 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:46:31.0234 2868 Dnscache - ok
22:46:31.0421 2868 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:46:31.0640 2868 Dot3svc - ok
22:46:31.0656 2868 dpti2o - ok
22:46:31.0687 2868 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:46:32.0000 2868 drmkaud - ok
22:46:32.0031 2868 [ 95974E66D3DE4951D29E28E8BC0B644C ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:46:32.0187 2868 E100B - ok
22:46:32.0203 2868 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:46:32.0656 2868 EapHost - ok
22:46:32.0718 2868 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:46:33.0015 2868 ERSvc - ok
22:46:33.0046 2868 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
22:46:33.0171 2868 Eventlog - ok
22:46:33.0234 2868 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
22:46:33.0343 2868 EventSystem - ok
22:46:33.0390 2868 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:46:33.0734 2868 Fastfat - ok
22:46:33.0765 2868 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:46:33.0937 2868 FastUserSwitchingCompatibility - ok
22:46:33.0968 2868 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
22:46:34.0234 2868 Fdc - ok
22:46:34.0265 2868 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:46:34.0640 2868 Fips - ok
22:46:34.0687 2868 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
22:46:35.0031 2868 Flpydisk - ok
22:46:35.0234 2868 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:46:35.0625 2868 FltMgr - ok
22:46:36.0046 2868 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:46:36.0281 2868 FontCache3.0.0.0 - ok
22:46:36.0312 2868 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:46:37.0109 2868 Fs_Rec - ok
22:46:37.0140 2868 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:46:37.0406 2868 Ftdisk - ok
22:46:37.0421 2868 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
22:46:37.0750 2868 gameenum - ok
22:46:37.0781 2868 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:46:37.0812 2868 GEARAspiWDM - ok
22:46:37.0859 2868 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:46:38.0140 2868 Gpc - ok
22:46:38.0171 2868 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:46:38.0421 2868 HDAudBus - ok
22:46:38.0703 2868 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:46:38.0984 2868 helpsvc - ok
22:46:39.0015 2868 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
22:46:39.0281 2868 HidServ - ok
22:46:39.0312 2868 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:46:39.0812 2868 hidusb - ok
22:46:40.0062 2868 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:46:40.0343 2868 hkmsvc - ok
22:46:40.0343 2868 hpn - ok
22:46:40.0390 2868 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:46:40.0703 2868 HSFHWBS2 - ok
22:46:40.0875 2868 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:46:41.0109 2868 HSF_DP - ok
22:46:41.0218 2868 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:46:41.0296 2868 HTTP - ok
22:46:41.0328 2868 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:46:41.0640 2868 HTTPFilter - ok
22:46:41.0656 2868 i2omgmt - ok
22:46:41.0671 2868 i2omp - ok
22:46:41.0718 2868 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
22:46:41.0937 2868 i8042prt - ok
22:46:42.0031 2868 [ 0F0194C4B635C10C3F785E4FEE52D641 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:46:42.0390 2868 ialm - ok
22:46:42.0750 2868 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:46:43.0015 2868 idsvc - ok
22:46:43.0046 2868 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:46:43.0328 2868 Imapi - ok
22:46:43.0375 2868 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
22:46:43.0625 2868 ImapiService - ok
22:46:43.0640 2868 ini910u - ok
22:46:43.0656 2868 IntelIde - ok
22:46:43.0703 2868 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:46:44.0015 2868 intelppm - ok
22:46:44.0078 2868 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
22:46:44.0093 2868 IntuitUpdateServiceV4 - ok
22:46:44.0125 2868 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
22:46:44.0359 2868 ip6fw - ok
22:46:44.0406 2868 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:46:44.0750 2868 IpFilterDriver - ok
22:46:44.0781 2868 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:46:45.0046 2868 IpInIp - ok
22:46:45.0078 2868 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:46:45.0312 2868 IpNat - ok
22:46:45.0703 2868 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:46:46.0015 2868 iPod Service - ok
22:46:46.0046 2868 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:46:46.0281 2868 IPSec - ok
22:46:46.0312 2868 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:46:46.0500 2868 IRENUM - ok
22:46:46.0515 2868 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:46:46.0734 2868 isapnp - ok
22:46:46.0765 2868 [ DE96BBF842059A67D876B692076D8875 ] ivusb C:\WINDOWS\system32\DRIVERS\ivusb.sys
22:46:46.0796 2868 ivusb - ok
22:46:47.0062 2868 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
22:46:47.0156 2868 JavaQuickStarterService - ok
22:46:47.0218 2868 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:46:48.0000 2868 Kbdclass - ok
22:46:48.0015 2868 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:46:48.0281 2868 kbdhid - ok
22:46:48.0343 2868 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:46:48.0687 2868 kmixer - ok
22:46:48.0734 2868 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:46:48.0984 2868 KSecDD - ok
22:46:49.0015 2868 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:46:49.0140 2868 lanmanserver - ok
22:46:49.0203 2868 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:46:49.0390 2868 lanmanworkstation - ok
22:46:49.0406 2868 lbrtfdc - ok
22:46:49.0796 2868 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:46:50.0031 2868 LmHosts - ok
22:46:50.0046 2868 lxci_device - ok
22:46:50.0156 2868 [ 0455B5115F102E1AAE62F2C8485BCA2A ] McAfee SiteAdvisor Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
22:46:50.0203 2868 McAfee SiteAdvisor Service - ok
22:46:50.0328 2868 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:46:50.0375 2868 McMPFSvc - ok
22:46:50.0390 2868 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:46:50.0421 2868 mcmscsvc - ok
22:46:50.0531 2868 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:46:50.0562 2868 McNaiAnn - ok
22:46:50.0562 2868 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:46:50.0609 2868 McNASvc - ok
22:46:50.0687 2868 [ ADA83A989D5822DAA5E2F62FDF118AC6 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
22:46:50.0796 2868 McODS - ok
22:46:50.0812 2868 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:46:50.0906 2868 McProxy - ok
22:46:50.0984 2868 [ 7394FCADC0DD68DDC5921884906F4AE9 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
22:46:51.0031 2868 McShield - ok
22:46:51.0281 2868 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:46:51.0328 2868 mdmxsdk - ok
22:46:51.0375 2868 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:46:51.0593 2868 Messenger - ok
22:46:51.0640 2868 [ 84D59A3EDDFB9438FB94F7F80D37859D ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
22:46:51.0703 2868 mfeapfk - ok
22:46:51.0734 2868 [ 67E961988312B1A28D6F93357B0BF998 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
22:46:51.0781 2868 mfeavfk - ok
22:46:51.0812 2868 [ 19161B1796CF74A6A326ABDE309062BA ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
22:46:51.0921 2868 mfebopk - ok
22:46:51.0953 2868 [ 3D8E909DA47E22E2B32056FD2AE66EDE ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
22:46:52.0000 2868 mfefire - ok
22:46:52.0031 2868 [ D5F89B4934960C70882924D992C6ABFC ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
22:46:52.0093 2868 mfefirek - ok
22:46:52.0156 2868 [ 0EFAB2B91B27543FE589DE700DE07136 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
22:46:52.0250 2868 mfehidk - ok
22:46:52.0312 2868 [ 549DD4966BF0B1D1FC205CA0755A745B ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys
22:46:52.0359 2868 mfendisk - ok
22:46:52.0375 2868 [ 549DD4966BF0B1D1FC205CA0755A745B ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys
22:46:52.0406 2868 mfendiskmp - ok
22:46:52.0437 2868 [ C9EDA1EADA2AB6E34CD1A10C3A24AB25 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
22:46:52.0562 2868 mferkdet - ok
22:46:52.0734 2868 [ 41FE2F288E05A6C8AB85DD56770FFBAD ] mferkdk C:\WINDOWS\system32\drivers\mferkdk.sys
22:46:52.0765 2868 mferkdk - ok
22:46:52.0812 2868 [ 096B52EA918AA909BA5903D79E129005 ] mfesmfk C:\WINDOWS\system32\drivers\mfesmfk.sys
22:46:52.0859 2868 mfesmfk - ok
22:46:52.0906 2868 [ E6C5F7AADE5A31C057D73201ACFE8ADF ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
22:46:52.0953 2868 mfetdi2k - ok
22:46:52.0968 2868 [ 5C1B2814EF2A6313936A111D3FD095AF ] mfevtp C:\WINDOWS\system32\mfevtps.exe
22:46:53.0000 2868 mfevtp - ok
22:46:53.0062 2868 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:46:53.0265 2868 mnmdd - ok
22:46:53.0296 2868 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
22:46:53.0625 2868 mnmsrvc - ok
22:46:53.0656 2868 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:46:53.0906 2868 Modem - ok
22:46:53.0968 2868 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:46:54.0218 2868 MODEMCSA - ok
22:46:54.0234 2868 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:46:54.0593 2868 Mouclass - ok
22:46:54.0640 2868 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:46:54.0875 2868 mouhid - ok
22:46:54.0906 2868 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:46:55.0140 2868 MountMgr - ok
22:46:55.0218 2868 [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:46:55.0265 2868 MpFilter - ok
22:46:55.0281 2868 mraid35x - ok
22:46:55.0296 2868 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:46:55.0593 2868 MRxDAV - ok
22:46:55.0640 2868 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:46:55.0843 2868 MRxSmb - ok
22:46:55.0890 2868 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
22:46:56.0093 2868 MSDTC - ok
22:46:56.0156 2868 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:46:56.0421 2868 Msfs - ok
22:46:56.0437 2868 MSIServer - ok
22:46:56.0687 2868 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:46:56.0937 2868 MSKSSRV - ok
22:46:57.0015 2868 MsMpSvc - ok
22:46:57.0046 2868 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:46:57.0265 2868 MSPCLOCK - ok
22:46:57.0281 2868 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:46:57.0609 2868 MSPQM - ok
22:46:57.0625 2868 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:46:57.0875 2868 mssmbios - ok
22:46:57.0921 2868 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:46:58.0156 2868 MSTEE - ok
22:46:58.0218 2868 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:46:58.0328 2868 Mup - ok
22:46:58.0359 2868 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:46:58.0671 2868 NABTSFEC - ok
22:46:58.0781 2868 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:46:59.0062 2868 napagent - ok
22:46:59.0093 2868 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:46:59.0343 2868 NDIS - ok
22:46:59.0375 2868 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:46:59.0859 2868 NdisIP - ok
22:46:59.0921 2868 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:47:00.0078 2868 NdisTapi - ok
22:47:00.0109 2868 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:47:00.0296 2868 Ndisuio - ok
22:47:00.0328 2868 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:47:00.0640 2868 NdisWan - ok
22:47:00.0671 2868 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:47:00.0828 2868 NDProxy - ok
22:47:00.0859 2868 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:47:01.0156 2868 NetBIOS - ok
22:47:01.0890 2868 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:47:02.0140 2868 NetBT - ok
22:47:02.0187 2868 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
22:47:02.0375 2868 NetDDE - ok
22:47:02.0375 2868 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:47:02.0656 2868 NetDDEdsdm - ok
22:47:02.0703 2868 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
22:47:02.0906 2868 Netlogon - ok
22:47:02.0968 2868 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
22:47:03.0234 2868 Netman - ok
22:47:03.0312 2868 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:47:03.0359 2868 NetTcpPortSharing - ok
22:47:03.0390 2868 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
22:47:03.0500 2868 Nla - ok
22:47:05.0031 2868 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:47:05.0328 2868 Npfs - ok
22:47:05.0406 2868 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:47:05.0984 2868 Ntfs - ok
22:47:06.0000 2868 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
22:47:06.0156 2868 NtLmSsp - ok
22:47:06.0421 2868 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:47:06.0859 2868 NtmsSvc - ok
22:47:06.0890 2868 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:47:07.0140 2868 Null - ok
22:47:07.0203 2868 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:47:07.0390 2868 NwlnkFlt - ok
22:47:07.0421 2868 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:47:07.0703 2868 NwlnkFwd - ok
22:47:07.0937 2868 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:47:08.0031 2868 odserv - ok
22:47:08.0078 2868 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
22:47:08.0109 2868 OMCI ( UnsignedFile.Multi.Generic ) - warning
22:47:08.0109 2868 OMCI - detected UnsignedFile.Multi.Generic (1)
22:47:08.0250 2868 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:47:08.0359 2868 ose - ok
22:47:08.0406 2868 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
22:47:08.0750 2868 Parport - ok
22:47:08.0781 2868 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:47:09.0031 2868 PartMgr - ok
22:47:09.0078 2868 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:47:09.0375 2868 ParVdm - ok
22:47:09.0421 2868 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:47:09.0765 2868 PCI - ok
22:47:09.0781 2868 PCIDump - ok
22:47:09.0796 2868 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:47:10.0046 2868 PCIIde - ok
22:47:10.0078 2868 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:47:10.0375 2868 Pcmcia - ok
22:47:10.0390 2868 PDCOMP - ok
22:47:10.0406 2868 PDFRAME - ok
22:47:10.0406 2868 PDRELI - ok
22:47:10.0421 2868 PDRFRAME - ok
22:47:10.0437 2868 perc2 - ok
22:47:10.0453 2868 perc2hib - ok
22:47:11.0046 2868 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
22:47:11.0125 2868 PlugPlay - ok
22:47:11.0171 2868 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:47:11.0500 2868 PptpMiniport - ok
22:47:11.0562 2868 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
22:47:11.0859 2868 Processor - ok
22:47:11.0875 2868 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:47:12.0140 2868 ProtectedStorage - ok
22:47:12.0140 2868 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:47:12.0359 2868 PSched - ok
22:47:12.0390 2868 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:47:12.0812 2868 Ptilink - ok
22:47:12.0859 2868 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:47:12.0890 2868 PxHelp20 - ok
22:47:12.0890 2868 ql1080 - ok
22:47:12.0906 2868 Ql10wnt - ok
22:47:12.0921 2868 ql12160 - ok
22:47:12.0937 2868 ql1240 - ok
22:47:12.0937 2868 ql1280 - ok
22:47:12.0968 2868 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:47:13.0171 2868 RasAcd - ok
22:47:13.0203 2868 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:47:13.0562 2868 RasAuto - ok
22:47:13.0593 2868 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:47:13.0828 2868 Rasl2tp - ok
22:47:13.0875 2868 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:47:14.0156 2868 RasMan - ok
22:47:14.0187 2868 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:47:14.0406 2868 RasPppoe - ok
22:47:14.0453 2868 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:47:14.0687 2868 Raspti - ok
22:47:15.0031 2868 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:47:15.0234 2868 Rdbss - ok
22:47:15.0265 2868 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:47:15.0609 2868 RDPCDD - ok
22:47:15.0671 2868 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:47:15.0828 2868 RDPWD - ok
22:47:15.0859 2868 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:47:16.0125 2868 RDSessMgr - ok
22:47:16.0140 2868 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:47:16.0375 2868 redbook - ok
22:47:16.0921 2868 [ FDED778DAF09235E4580F1B9046946B6 ] RoxLiveShare10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
22:47:16.0968 2868 RoxLiveShare10 - ok
22:47:17.0156 2868 [ E054A2CAF0E2A55C9AAC0BF1CCC558A5 ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
22:47:17.0781 2868 RoxMediaDB10 - ok
22:47:17.0828 2868 [ C75FDA9AB3314E555123673E08F9D86D ] RoxWatch10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
22:47:17.0843 2868 RoxWatch10 - ok
22:47:17.0875 2868 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
22:47:18.0062 2868 RpcLocator - ok
22:47:18.0109 2868 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:47:18.0250 2868 RpcSs - ok
22:47:18.0312 2868 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
22:47:18.0593 2868 RSVP - ok
22:47:18.0625 2868 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
22:47:18.0812 2868 SamSs - ok
22:47:18.0843 2868 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:47:19.0093 2868 SCardSvr - ok
22:47:19.0140 2868 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:47:19.0390 2868 Schedule - ok
22:47:19.0421 2868 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:47:20.0031 2868 Secdrv - ok
22:47:20.0078 2868 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:47:20.0343 2868 seclogon - ok
22:47:20.0390 2868 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
22:47:20.0609 2868 SENS - ok
22:47:20.0656 2868 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
22:47:20.0953 2868 Serial - ok
22:47:21.0031 2868 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:47:21.0343 2868 Sfloppy - ok
22:47:21.0375 2868 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:47:21.0453 2868 ShellHWDetection - ok
22:47:21.0500 2868 Simbad - ok
22:47:21.0546 2868 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:47:21.0781 2868 SLIP - ok
22:47:21.0796 2868 Sparrow - ok
22:47:21.0859 2868 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:47:22.0156 2868 splitter - ok
22:47:22.0203 2868 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:47:22.0359 2868 Spooler - ok
22:47:22.0406 2868 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:47:22.0906 2868 sr - ok
22:47:22.0937 2868 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
22:47:23.0203 2868 srservice - ok
22:47:23.0250 2868 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:47:23.0421 2868 Srv - ok
22:47:23.0546 2868 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:47:23.0843 2868 SSDPSRV - ok
22:47:23.0890 2868 [ F70AB08582E06A8BDA3E470592D1A394 ] STacSV C:\WINDOWS\system32\STacSV.exe
22:47:24.0015 2868 STacSV - ok
22:47:24.0125 2868 [ 26EB7ACF476A3461B85F5BCE9A677A4A ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
22:47:24.0406 2868 STHDA - ok
22:47:24.0765 2868 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:47:25.0187 2868 stisvc - ok
22:47:25.0265 2868 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
22:47:25.0328 2868 stllssvr - ok
22:47:25.0359 2868 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:47:25.0671 2868 streamip - ok
22:47:25.0765 2868 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:47:25.0968 2868 swenum - ok
22:47:26.0000 2868 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:47:26.0187 2868 swmidi - ok
22:47:26.0203 2868 SwPrv - ok
22:47:26.0203 2868 symc810 - ok
22:47:26.0218 2868 symc8xx - ok
22:47:26.0234 2868 sym_hi - ok
22:47:26.0234 2868 sym_u3 - ok
22:47:26.0281 2868 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:47:26.0437 2868 sysaudio - ok
22:47:26.0656 2868 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:47:26.0875 2868 SysmonLog - ok
22:47:26.0937 2868 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:47:27.0125 2868 TapiSrv - ok
22:47:27.0156 2868 [ 8E20D6DFB90FBB033C0282F2FA9A7E6E ] tclondrv C:\WINDOWS\system32\DRIVERS\tclondrv.sys
22:47:27.0187 2868 tclondrv - ok
22:47:27.0234 2868 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:47:27.0781 2868 Tcpip - ok
22:47:27.0843 2868 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:47:28.0062 2868 TDPIPE - ok
22:47:28.0125 2868 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:47:28.0312 2868 TDTCP - ok
22:47:28.0328 2868 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:47:28.0781 2868 TermDD - ok
22:47:28.0890 2868 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
22:47:29.0078 2868 TermService - ok
22:47:29.0093 2868 TfFsMon - ok
22:47:29.0109 2868 TfNetMon - ok
22:47:29.0109 2868 TfSysMon - ok
22:47:29.0140 2868 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
22:47:29.0187 2868 Themes - ok
22:47:29.0187 2868 TosIde - ok
22:47:29.0218 2868 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:47:29.0531 2868 TrkWks - ok
22:47:29.0593 2868 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:47:29.0828 2868 Udfs - ok
22:47:29.0843 2868 ultra - ok
22:47:29.0968 2868 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:47:30.0312 2868 Update - ok
22:47:30.0390 2868 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:47:30.0625 2868 upnphost - ok
22:47:30.0765 2868 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
22:47:30.0968 2868 UPS - ok
22:47:31.0031 2868 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
22:47:31.0156 2868 USBAAPL - ok
22:47:31.0250 2868 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
22:47:31.0750 2868 usbaudio - ok
22:47:31.0812 2868 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:47:32.0015 2868 usbccgp - ok
22:47:32.0078 2868 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:47:32.0343 2868 usbehci - ok
22:47:32.0406 2868 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:47:32.0656 2868 usbhub - ok
22:47:32.0687 2868 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:47:32.0906 2868 usbprint - ok
22:47:32.0968 2868 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:47:33.0234 2868 usbscan - ok
22:47:33.0250 2868 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:47:33.0765 2868 USBSTOR - ok
22:47:33.0796 2868 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:47:34.0062 2868 usbuhci - ok
22:47:34.0093 2868 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
22:47:34.0328 2868 usbvideo - ok
22:47:34.0359 2868 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:47:34.0671 2868 VgaSave - ok
22:47:34.0671 2868 ViaIde - ok
22:47:34.0703 2868 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:47:34.0906 2868 VolSnap - ok
22:47:34.0984 2868 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
22:47:35.0218 2868 VSS - ok
22:47:35.0265 2868 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
22:47:35.0578 2868 W32Time - ok
22:47:35.0609 2868 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:47:35.0906 2868 Wanarp - ok
22:47:35.0953 2868 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
22:47:36.0093 2868 WDC_SAM - ok
22:47:36.0171 2868 [ 8530B35284AA20D9C614CCB3725CEF37 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
22:47:36.0218 2868 WDDMService ( UnsignedFile.Multi.Generic ) - warning
22:47:36.0218 2868 WDDMService - detected UnsignedFile.Multi.Generic (1)
22:47:36.0234 2868 WDICA - ok
22:47:36.0265 2868 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:47:36.0968 2868 wdmaud - ok
22:47:37.0062 2868 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
22:47:37.0093 2868 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning
22:47:37.0093 2868 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)
22:47:37.0156 2868 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:47:37.0375 2868 WebClient - ok
22:47:37.0625 2868 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:47:37.0953 2868 winachsf - ok
22:47:38.0031 2868 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:47:38.0312 2868 winmgmt - ok
22:47:38.0359 2868 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:47:38.0765 2868 WmdmPmSN - ok
22:47:38.0875 2868 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:47:39.0109 2868 WmiApSrv - ok
22:47:39.0203 2868 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
22:47:39.0671 2868 WMPNetworkSvc - ok
22:47:39.0718 2868 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:47:39.0781 2868 WpdUsb - ok
22:47:40.0031 2868 [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:47:40.0390 2868 WPFFontCache_v0400 - ok
22:47:40.0421 2868 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:47:40.0625 2868 WS2IFSL - ok
22:47:40.0843 2868 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:47:41.0203 2868 WSTCODEC - ok
22:47:41.0265 2868 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:47:41.0375 2868 WudfPf - ok
22:47:41.0406 2868 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:47:41.0609 2868 WudfRd - ok
22:47:42.0031 2868 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:47:42.0187 2868 WudfSvc - ok
22:47:42.0281 2868 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:47:42.0937 2868 WZCSVC - ok
22:47:42.0984 2868 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:47:43.0265 2868 xmlprov - ok
22:47:43.0421 2868 ‮etadpug - ok
22:47:43.0421 2868 ================ Scan global ===============================
22:47:43.0687 2868 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:47:43.0796 2868 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
22:47:43.0828 2868 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
22:47:43.0875 2868 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:47:43.0875 2868 [Global] - ok
22:47:43.0875 2868 ================ Scan MBR ==================================
22:47:43.0890 2868 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:47:45.0375 2868 \Device\Harddisk0\DR0 - ok
22:47:45.0390 2868 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR5
22:47:45.0578 2868 \Device\Harddisk1\DR5 - ok
22:47:45.0578 2868 ================ Scan VBR ==================================
22:47:45.0906 2868 [ 25B4BCC90550160D205F20948392E280 ] \Device\Harddisk0\DR0\Partition1
22:47:45.0921 2868 \Device\Harddisk0\DR0\Partition1 - ok
22:47:45.0953 2868 [ 983ECA61F5E24F521F4731F8EB0C9F20 ] \Device\Harddisk0\DR0\Partition2
22:47:45.0984 2868 \Device\Harddisk0\DR0\Partition2 - ok
22:47:45.0984 2868 [ EE3DC49BBC7BDFB67117D318E9B51AA1 ] \Device\Harddisk1\DR5\Partition1
22:47:45.0984 2868 \Device\Harddisk1\DR5\Partition1 - ok
22:47:45.0984 2868 ================ Scan active images ========================
22:47:46.0000 2868 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
22:47:46.0000 2868 C:\WINDOWS\system32\drivers\intelppm.sys - ok
22:47:46.0000 2868 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
22:47:46.0000 2868 C:\WINDOWS\system32\drivers\videoprt.sys - ok
22:47:46.0015 2868 [ 0F0194C4B635C10C3F785E4FEE52D641 ] C:\WINDOWS\system32\drivers\ialmnt5.sys
22:47:46.0015 2868 C:\WINDOWS\system32\drivers\ialmnt5.sys - ok
22:47:46.0015 2868 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
22:47:46.0015 2868 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
22:47:46.0015 2868 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
22:47:46.0015 2868 C:\WINDOWS\system32\drivers\usbport.sys - ok
22:47:46.0031 2868 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
22:47:46.0031 2868 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
22:47:46.0031 2868 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
22:47:46.0031 2868 C:\WINDOWS\system32\drivers\usbehci.sys - ok
22:47:46.0046 2868 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
22:47:46.0046 2868 C:\WINDOWS\system32\drivers\ks.sys - ok
22:47:46.0046 2868 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] C:\WINDOWS\system32\drivers\HSFHWBS2.sys
22:47:46.0046 2868 C:\WINDOWS\system32\drivers\HSFHWBS2.sys - ok
22:47:46.0046 2868 [ 60E1604729A15EF4A3B05F298427B3B1 ] C:\WINDOWS\system32\drivers\HSF_DP.sys
22:47:46.0046 2868 C:\WINDOWS\system32\drivers\HSF_DP.sys - ok
22:47:46.0062 2868 [ F59ED5A43B988A18EF582BB07B2327A7 ] C:\WINDOWS\system32\drivers\HSF_CNXT.sys
22:47:46.0062 2868 C:\WINDOWS\system32\drivers\HSF_CNXT.sys - ok
22:47:46.0062 2868 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
22:47:46.0062 2868 C:\WINDOWS\system32\drivers\modem.sys - ok
22:47:46.0062 2868 [ 95974E66D3DE4951D29E28E8BC0B644C ] C:\WINDOWS\system32\drivers\e100b325.sys
22:47:46.0062 2868 C:\WINDOWS\system32\drivers\e100b325.sys - ok
22:47:46.0078 2868 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
22:47:46.0078 2868 C:\WINDOWS\system32\drivers\cdrom.sys - ok
22:47:46.0078 2868 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
22:47:46.0078 2868 C:\WINDOWS\system32\drivers\imapi.sys - ok
22:47:46.0093 2868 [ 185ADA973B5020655CEE342059A86CBB ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
22:47:46.0093 2868 C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
22:47:46.0093 2868 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
22:47:46.0093 2868 C:\WINDOWS\system32\drivers\redbook.sys - ok
22:47:46.0093 2868 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
22:47:46.0093 2868 C:\WINDOWS\system32\drivers\audstub.sys - ok
22:47:46.0109 2868 [ 549DD4966BF0B1D1FC205CA0755A745B ] C:\WINDOWS\system32\drivers\mfendisk.sys
22:47:46.0109 2868 C:\WINDOWS\system32\drivers\mfendisk.sys - ok
22:47:46.0109 2868 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
22:47:46.0109 2868 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
22:47:46.0125 2868 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
22:47:46.0125 2868 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
22:47:46.0125 2868 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
22:47:46.0125 2868 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
22:47:46.0140 2868 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
22:47:46.0140 2868 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
22:47:46.0140 2868 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
22:47:46.0140 2868 C:\WINDOWS\system32\drivers\raspptp.sys - ok
22:47:46.0140 2868 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
22:47:46.0140 2868 C:\WINDOWS\system32\drivers\tdi.sys - ok
22:47:46.0156 2868 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
22:47:46.0156 2868 C:\WINDOWS\system32\drivers\msgpc.sys - ok
22:47:46.0156 2868 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
22:47:46.0156 2868 C:\WINDOWS\system32\drivers\psched.sys - ok
22:47:46.0171 2868 [ 67E961988312B1A28D6F93357B0BF998 ] C:\WINDOWS\system32\drivers\mfeavfk.sys
22:47:46.0171 2868 C:\WINDOWS\system32\drivers\mfeavfk.sys - ok
22:47:46.0171 2868 [ D5F89B4934960C70882924D992C6ABFC ] C:\WINDOWS\system32\drivers\mfefirek.sys
22:47:46.0171 2868 C:\WINDOWS\system32\drivers\mfefirek.sys - ok
22:47:46.0187 2868 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
22:47:46.0187 2868 C:\WINDOWS\system32\drivers\ptilink.sys - ok
22:47:46.0187 2868 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
22:47:46.0187 2868 C:\WINDOWS\system32\drivers\raspti.sys - ok
22:47:46.0203 2868 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
22:47:46.0203 2868 C:\WINDOWS\system32\drivers\termdd.sys - ok
22:47:46.0203 2868 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
22:47:46.0203 2868 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
22:47:46.0218 2868 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
22:47:46.0218 2868 C:\WINDOWS\system32\drivers\mouclass.sys - ok
22:47:46.0218 2868 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
22:47:46.0218 2868 C:\WINDOWS\system32\drivers\swenum.sys - ok
22:47:46.0234 2868 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
22:47:46.0234 2868 C:\WINDOWS\system32\drivers\update.sys - ok
22:47:46.0234 2868 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
22:47:46.0234 2868 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
22:47:46.0250 2868 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
22:47:46.0250 2868 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
22:47:46.0250 2868 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
22:47:46.0250 2868 C:\WINDOWS\system32\drivers\drmk.sys - ok
22:47:46.0265 2868 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
22:47:46.0265 2868 C:\WINDOWS\system32\drivers\portcls.sys - ok
22:47:46.0265 2868 [ 26EB7ACF476A3461B85F5BCE9A677A4A ] C:\WINDOWS\system32\drivers\sthda.sys
22:47:46.0265 2868 C:\WINDOWS\system32\drivers\sthda.sys - ok
22:47:46.0281 2868 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
22:47:46.0281 2868 C:\WINDOWS\system32\drivers\usbd.sys - ok
22:47:46.0281 2868 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
22:47:46.0281 2868 C:\WINDOWS\system32\drivers\usbhub.sys - ok
22:47:46.0296 2868 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
22:47:46.0296 2868 C:\WINDOWS\system32\drivers\fdc.sys - ok
22:47:46.0296 2868 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
22:47:46.0296 2868 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
22:47:46.0312 2868 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
22:47:46.0312 2868 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
22:47:46.0312 2868 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
22:47:46.0312 2868 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
22:47:46.0328 2868 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
22:47:46.0328 2868 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
22:47:46.0328 2868 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
22:47:46.0328 2868 C:\WINDOWS\system32\drivers\null.sys - ok
22:47:46.0343 2868 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
22:47:46.0343 2868 C:\WINDOWS\system32\drivers\beep.sys - ok
22:47:46.0343 2868 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
22:47:46.0343 2868 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
22:47:46.0359 2868 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
22:47:46.0359 2868 C:\WINDOWS\system32\drivers\hidparse.sys - ok
22:47:46.0359 2868 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
22:47:46.0375 2868 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
22:47:46.0375 2868 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
22:47:46.0375 2868 C:\WINDOWS\system32\drivers\vga.sys - ok
22:47:46.0390 2868 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
22:47:46.0390 2868 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
22:47:46.0390 2868 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
22:47:46.0390 2868 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
22:47:46.0406 2868 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
22:47:46.0406 2868 C:\WINDOWS\system32\drivers\msfs.sys - ok
22:47:46.0421 2868 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
22:47:46.0421 2868 C:\WINDOWS\system32\drivers\npfs.sys - ok
22:47:46.0421 2868 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
22:47:46.0421 2868 C:\WINDOWS\system32\drivers\rasacd.sys - ok
22:47:46.0421 2868 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
22:47:46.0421 2868 C:\WINDOWS\system32\drivers\ipsec.sys - ok
22:47:46.0437 2868 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
22:47:46.0453 2868 C:\WINDOWS\system32\drivers\tcpip.sys - ok
22:47:46.0453 2868 [ E6C5F7AADE5A31C057D73201ACFE8ADF ] C:\WINDOWS\system32\drivers\mfetdi2k.sys
22:47:46.0453 2868 C:\WINDOWS\system32\drivers\mfetdi2k.sys - ok
22:47:46.0468 2868 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
22:47:46.0468 2868 C:\WINDOWS\system32\drivers\wanarp.sys - ok
22:47:46.0484 2868 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
22:47:46.0484 2868 C:\WINDOWS\system32\drivers\netbt.sys - ok
22:47:46.0484 2868 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
22:47:46.0484 2868 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
22:47:46.0500 2868 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
22:47:46.0500 2868 C:\WINDOWS\system32\drivers\afd.sys - ok
22:47:46.0500 2868 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
22:47:46.0500 2868 C:\WINDOWS\system32\drivers\netbios.sys - ok
22:47:46.0500 2868 [ A32BEBAF723557681BFC6BD93E98BD26 ] C:\WINDOWS\system32\drivers\processr.sys
22:47:46.0500 2868 C:\WINDOWS\system32\drivers\processr.sys - ok
22:47:46.0515 2868 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
22:47:46.0515 2868 C:\WINDOWS\system32\drivers\rdbss.sys - ok
22:47:46.0515 2868 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] C:\WINDOWS\system32\drivers\omci.sys
22:47:46.0515 2868 C:\WINDOWS\system32\drivers\omci.sys - ok
22:47:46.0531 2868 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
22:47:46.0531 2868 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
22:47:46.0531 2868 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
22:47:46.0531 2868 C:\WINDOWS\system32\drivers\fips.sys - ok
22:47:46.0531 2868 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
22:47:46.0531 2868 C:\WINDOWS\system32\ntdll.dll - ok
22:47:46.0546 2868 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
22:47:46.0546 2868 C:\WINDOWS\system32\smss.exe - ok
22:47:46.0546 2868 [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\system32\drivers\usbstor.sys
22:47:46.0546 2868 C:\WINDOWS\system32\drivers\usbstor.sys - ok
22:47:46.0546 2868 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
22:47:46.0546 2868 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
22:47:46.0562 2868 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
22:47:46.0562 2868 C:\WINDOWS\system32\autochk.exe - ok
22:47:46.0562 2868 [ D6EFAF429FD30C5DF613D220E344CCE7 ] C:\WINDOWS\system32\drivers\wdcsam.sys
22:47:46.0562 2868 C:\WINDOWS\system32\drivers\wdcsam.sys - ok
22:47:46.0578 2868 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
22:47:46.0578 2868 C:\WINDOWS\system32\sfcfiles.dll - ok
22:47:46.0578 2868 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
22:47:46.0578 2868 C:\WINDOWS\system32\drivers\cdfs.sys - ok
22:47:46.0593 2868 [ A717C8721046828520C9EDF31288FC00 ] C:\WINDOWS\system32\drivers\usbprint.sys
22:47:46.0593 2868 C:\WINDOWS\system32\drivers\usbprint.sys - ok
22:47:46.0609 2868 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] C:\WINDOWS\system32\drivers\usbscan.sys
22:47:46.0609 2868 C:\WINDOWS\system32\drivers\usbscan.sys - ok
22:47:46.0609 2868 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
22:47:46.0609 2868 C:\WINDOWS\system32\drivers\hidclass.sys - ok
22:47:46.0625 2868 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
22:47:46.0625 2868 C:\WINDOWS\system32\drivers\hidusb.sys - ok
22:47:46.0625 2868 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
22:47:46.0625 2868 C:\WINDOWS\system32\drivers\mouhid.sys - ok
22:47:46.0640 2868 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
22:47:46.0640 2868 C:\WINDOWS\system32\drivers\atapi.sys - ok
22:47:46.0640 2868 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
22:47:46.0640 2868 C:\WINDOWS\system32\drivers\wmilib.sys - ok
22:47:46.0656 2868 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
22:47:46.0656 2868 C:\WINDOWS\system32\drivers\dxapi.sys - ok
22:47:46.0656 2868 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
22:47:46.0656 2868 C:\WINDOWS\system32\watchdog.sys - ok
22:47:46.0656 2868 [ 63FA0F8D9CC1F24DC5D93FA8806228CD ] C:\WINDOWS\system32\win32k.sys
22:47:46.0671 2868 C:\WINDOWS\system32\win32k.sys - ok
22:47:46.0671 2868 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
22:47:46.0671 2868 C:\WINDOWS\system32\csrsrv.dll - ok
22:47:46.0671 2868 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
22:47:46.0671 2868 C:\WINDOWS\system32\csrss.exe - ok
22:47:46.0687 2868 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:47:46.0687 2868 C:\WINDOWS\system32\basesrv.dll - ok
22:47:46.0687 2868 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
22:47:46.0687 2868 C:\WINDOWS\system32\winsrv.dll - ok
22:47:46.0687 2868 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
22:47:46.0687 2868 C:\WINDOWS\system32\gdi32.dll - ok
22:47:46.0703 2868 [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
22:47:46.0703 2868 C:\WINDOWS\system32\kernel32.dll - ok
22:47:46.0718 2868 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
22:47:46.0718 2868 C:\WINDOWS\system32\user32.dll - ok
22:47:46.0718 2868 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
22:47:46.0718 2868 C:\WINDOWS\system32\drivers\dxg.sys - ok
22:47:46.0718 2868 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
22:47:46.0718 2868 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
22:47:46.0734 2868 [ 586519871167D5D3D41EF32E61E492BF ] C:\WINDOWS\system32\ialmdnt5.dll
22:47:46.0734 2868 C:\WINDOWS\system32\ialmdnt5.dll - ok
22:47:46.0734 2868 [ 6826E1E4D27C3E88777C9AD273A2FFB9 ] C:\WINDOWS\system32\ialmrnt5.dll
22:47:46.0734 2868 C:\WINDOWS\system32\ialmrnt5.dll - ok
22:47:46.0734 2868 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
22:47:46.0734 2868 C:\WINDOWS\system32\vga.dll - ok
22:47:46.0750 2868 [ A9846CC8B3DFEBEEEF4D73ED6476D984 ] C:\WINDOWS\system32\ialmdev5.dll
22:47:46.0750 2868 C:\WINDOWS\system32\ialmdev5.dll - ok
22:47:46.0750 2868 [ EDB09E9C4D9D83A178059392CCE49FEA ] C:\WINDOWS\system32\ialmdd5.dll
22:47:46.0750 2868 C:\WINDOWS\system32\ialmdd5.dll - ok
22:47:46.0765 2868 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
22:47:46.0765 2868 C:\WINDOWS\system32\winlogon.exe - ok
22:47:46.0765 2868 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
22:47:46.0765 2868 C:\WINDOWS\system32\advapi32.dll - ok
22:47:46.0781 2868 [ B0E27554F0B16BAEF4D51D7260E62CFB ] C:\WINDOWS\system32\rpcrt4.dll
22:47:46.0781 2868 C:\WINDOWS\system32\rpcrt4.dll - ok
22:47:46.0781 2868 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
22:47:46.0781 2868 C:\WINDOWS\system32\secur32.dll - ok
22:47:46.0796 2868 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
22:47:46.0796 2868 C:\WINDOWS\system32\authz.dll - ok
22:47:46.0796 2868 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
22:47:46.0796 2868 C:\WINDOWS\system32\msvcrt.dll - ok
22:47:46.0812 2868 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
22:47:46.0812 2868 C:\WINDOWS\system32\crypt32.dll - ok
22:47:46.0
 

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

Can you attach the logs? They are too long to fit into 1 reply. Click "New Reply" and scroll down to the attachment section.
 

scotty

New Member
Thread author
Sep 16, 2013
7
Here are all three tdsskiller logs.
 

Attachments

  • TDSSKiller.2.8.16.0_17.09.2013_12.27.54_log.txt
    5.2 KB · Views: 69
  • TDSSKiller.2.8.16.0_16.09.2013_22.43.02_log.txt
    282.1 KB · Views: 67
  • TDSSKiller.2.8.16.0_16.09.2013_22.39.18_log.txt
    87.8 KB · Views: 81

Fiery

Level 1
Jan 11, 2011
2,007
Ok, TDSSKiller didn't detect anything. Please let me know how your PC is running after running a quick scan with malwarebytes

Please download Malwarebytes' Anti-Malware from here to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • When it prompts you to try their 30-day trail, click decline
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next, Download OTL by Old Timer from here and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Click the Scan All Users checkbox.
  • Check the boxes beside LOP Check and Purity Check
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please attach the contents of these 2 Notepad files in your next reply.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top