[A] Google redirect, rootkit/0access & sirefef

Inactive
By jibberjive
Oct 26, 2012
Topic Status:
Not open for further replies.
  1. The machine is running Windows XP SP3.

    Symptoms are google search redirects to random other ad pages when links are clicked. When I checked the web history, I was shocked to see that it was also uploading my latest accessed .doc files. I checked the computer for an anti-virus program (it's my parent's, not mine), and there was none on there, and the firewall was disabled as well.

    Before I stumbled on this site and the "5-step viruses/spyware/malware preliminary removal instructions" I had already ran MBAM a couple of times and the ESET online scan.

    So I'll post the logs that I took in chronological order:

    -MBAM (shows rootkit/0access that I tried to have it quarantine unsuccessfully a couple of times. it would show right back up)
    -ESET (Quarantined trojans)
    Then I followed the "5-step preliminary" and did the following
    -Installed Avast AV
    -MBAM again (now showing clean after the ESET quarantine)
    -GMER
    -Tried unsuccessfully to run DDS (it froze system every time, tried disabling AV and internet, tried letting it run all night etc, no dice)

    Help would be greatly appreciated!


    LOGS:

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.10.23.10

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702

    10/9/2012 11:49:47 AM
    mbam-log-2012-10-09 (12-25-50).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 307183
    Time elapsed: 50 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 1
    C:\WINDOWS\system32\pdlndldl.dll (RootKit.0Access.H) -> No action taken.

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\WINDOWS\system32\pdlndldl.dll (RootKit.0Access.H) -> No action taken.

    (end)
    ---------------------------------------------------------------------
    ESET online scan log
    C:\WINDOWS\system32\cqmghost.dllWin32/Sirefef.ER trojancleaned by deleting - quarantined
    C:\WINDOWS\system32\USB3Nw32.dlla variant of Win32/Wimpixo.AV trojancleaned by deleting (after the next restart) - quarantined
    C:\WINDOWS\system32\drivers\meiudf.sysWin32/Sirefef.DA trojancleaned by deleting - quarantined
    Operating memorymultiple threats
    -----------------------------------------------------------------------
    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.10.25.02
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    10/25/2012 3:06:57 AM
    mbam-log-2012-10-25 (03-06-57).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 236933
    Time elapsed: 27 minute(s), 5 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-10-25 03:39:47
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1234GSX rev.AH001A
    Running: 3y0r6ze6.exe; Driver: C:\DOCUME~1\KITROM~1\LOCALS~1\Temp\uxtdrpog.sys


    ---- System - GMER 1.0.15 ----
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA9E80CD2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA9E80B3D]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA9F04E16]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    ---- EOF - GMER 1.0.15 ----
  2. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ==========================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==========================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  3. jibberjive

    jibberjive Newcomer, in training Topic Starter

    11:25:33.0125 2184 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    11:25:33.0500 2184 ============================================================
    11:25:33.0500 2184 Current date / time: 2012/10/26 11:25:33.0500
    11:25:33.0500 2184 SystemInfo:
    11:25:33.0500 2184
    11:25:33.0500 2184 OS Version: 5.1.2600 ServicePack: 3.0
    11:25:33.0500 2184 Product type: Workstation
    11:25:33.0500 2184 ComputerName: ROMCOM
    11:25:33.0500 2184 UserName: Kit Romney
    11:25:33.0500 2184 Windows directory: C:\WINDOWS
    11:25:33.0500 2184 System windows directory: C:\WINDOWS
    11:25:33.0500 2184 Processor architecture: Intel x86
    11:25:33.0500 2184 Number of processors: 2
    11:25:33.0500 2184 Page size: 0x1000
    11:25:33.0500 2184 Boot type: Normal boot
    11:25:33.0500 2184 ============================================================
    11:25:35.0281 2184 Drive \Device\Harddisk0\DR0 - Size: 0x1BE6AB5200 (111.60 Gb), SectorSize: 0x200, Cylinders: 0x38E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    11:25:35.0281 2184 ============================================================
    11:25:35.0281 2184 \Device\Harddisk0\DR0:
    11:25:35.0281 2184 MBR partitions:
    11:25:35.0281 2184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF3556A
    11:25:35.0281 2184 ============================================================
    11:25:35.0328 2184 C: <-> \Device\Harddisk0\DR0\Partition1
    11:25:35.0328 2184 ============================================================
    11:25:35.0328 2184 Initialize success
    11:25:35.0328 2184 ============================================================
    11:25:46.0171 3988 ============================================================
    11:25:46.0171 3988 Scan started
    11:25:46.0171 3988 Mode: Manual;
    11:25:46.0171 3988 ============================================================
    11:25:47.0703 3988 ================ Scan system memory ========================
    11:25:47.0703 3988 System memory - ok
    11:25:47.0703 3988 ================ Scan services =============================
    11:25:48.0187 3988 [ 68885EFEBC326F7FC9D0A35625D47BEA ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
    11:25:48.0203 3988 Aavmker4 - ok
    11:25:48.0203 3988 Abiosdsk - ok
    11:25:48.0203 3988 abp480n5 - ok
    11:25:48.0250 3988 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    11:25:48.0250 3988 ACPI - ok
    11:25:48.0265 3988 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    11:25:48.0265 3988 ACPIEC - ok
    11:25:48.0265 3988 adpu160m - ok
    11:25:48.0296 3988 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    11:25:48.0296 3988 aec - ok
    11:25:48.0343 3988 [ 12DAFD934641DCF61E446313BC261EC2 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
    11:25:48.0343 3988 AegisP - ok
    11:25:48.0390 3988 [ 355556D9E580915118CD7EF736653A89 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    11:25:48.0406 3988 AFD - ok
    11:25:48.0468 3988 [ B3192376C7A3814B5341EFC2202022F8 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    11:25:48.0484 3988 AgereSoftModem - ok
    11:25:48.0484 3988 Aha154x - ok
    11:25:48.0500 3988 aic78u2 - ok
    11:25:48.0500 3988 aic78xx - ok
    11:25:48.0531 3988 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    11:25:48.0531 3988 Alerter - ok
    11:25:48.0546 3988 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    11:25:48.0562 3988 ALG - ok
    11:25:48.0562 3988 AliIde - ok
    11:25:48.0562 3988 amsint - ok
    11:25:48.0609 3988 [ 87EC3FDCAF6C5052E2E72B861DEDD3D3 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    11:25:48.0609 3988 ApfiltrService - ok
    11:25:48.0656 3988 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    11:25:48.0656 3988 AppMgmt - ok
    11:25:48.0671 3988 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
    11:25:48.0671 3988 Arp1394 - ok
    11:25:48.0687 3988 asc - ok
    11:25:48.0687 3988 asc3350p - ok
    11:25:48.0687 3988 asc3550 - ok
    11:25:48.0718 3988 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
    11:25:48.0718 3988 ASCTRM - ok
    11:25:48.0812 3988 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
    11:25:48.0828 3988 aspnet_state - ok
    11:25:48.0875 3988 [ 598DAF89E7B2AD88FF6511CB9C4BA61A ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
    11:25:48.0875 3988 aswFsBlk - ok
    11:25:48.0921 3988 [ 8E69710F6A1016D47CCDDA6393F97D32 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
    11:25:48.0921 3988 aswMon2 - ok
    11:25:48.0968 3988 [ 816C6DCD6BF930C8FD8F68137E1BDDC4 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
    11:25:48.0968 3988 AswRdr - ok
    11:25:49.0046 3988 [ 6C8B09E245795E98B6BCC983D0AA4D26 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
    11:25:49.0062 3988 aswSnx - ok
    11:25:49.0125 3988 [ 437E3F4B4529AA616D4979A2B74CF8C5 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
    11:25:49.0125 3988 aswSP - ok
    11:25:49.0156 3988 [ BD07C8162C7FAD38FE4AAAE18E835216 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
    11:25:49.0171 3988 aswTdi - ok
    11:25:49.0187 3988 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    11:25:49.0203 3988 AsyncMac - ok
    11:25:49.0218 3988 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    11:25:49.0218 3988 atapi - ok
    11:25:49.0218 3988 Atdisk - ok
    11:25:49.0250 3988 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    11:25:49.0250 3988 Atmarpc - ok
    11:25:49.0296 3988 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    11:25:49.0296 3988 AudioSrv - ok
    11:25:49.0343 3988 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    11:25:49.0343 3988 audstub - ok
    11:25:49.0484 3988 [ FB05FF189FC5F57DE636315B1F5E56DB ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    11:25:49.0484 3988 avast! Antivirus - ok
    11:25:49.0500 3988 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    11:25:49.0500 3988 Beep - ok
    11:25:49.0531 3988 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    11:25:49.0578 3988 BITS - ok
    11:25:49.0609 3988 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
    11:25:49.0609 3988 Browser - ok
    11:25:49.0640 3988 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    11:25:49.0640 3988 cbidf2k - ok
    11:25:49.0640 3988 cd20xrnt - ok
    11:25:49.0656 3988 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    11:25:49.0656 3988 Cdaudio - ok
    11:25:49.0703 3988 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    11:25:49.0703 3988 Cdfs - ok
    11:25:49.0718 3988 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    11:25:49.0718 3988 Cdrom - ok
    11:25:49.0812 3988 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    11:25:49.0812 3988 CFSvcs - ok
    11:25:49.0828 3988 Changer - ok
    11:25:49.0859 3988 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    11:25:49.0859 3988 CiSvc - ok
    11:25:49.0875 3988 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    11:25:49.0875 3988 ClipSrv - ok
    11:25:49.0906 3988 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    11:25:49.0906 3988 CmBatt - ok
    11:25:49.0906 3988 CmdIde - ok
    11:25:49.0921 3988 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    11:25:49.0921 3988 Compbatt - ok
    11:25:49.0921 3988 COMSysApp - ok
    11:25:49.0953 3988 Cpqarray - ok
    11:25:49.0984 3988 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    11:25:49.0984 3988 CryptSvc - ok
    11:25:49.0984 3988 dac2w2k - ok
    11:25:49.0984 3988 dac960nt - ok
    11:25:50.0046 3988 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    11:25:50.0062 3988 DcomLaunch - ok
    11:25:50.0125 3988 [ 770471DE2550820FEEB7E5D24BF2E273 ] DgiVecp C:\WINDOWS\system32\Drivers\DgiVecp.sys
    11:25:50.0125 3988 DgiVecp - ok
    11:25:50.0171 3988 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    11:25:50.0171 3988 Dhcp - ok
    11:25:50.0187 3988 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    11:25:50.0187 3988 Disk - ok
    11:25:50.0250 3988 [ EE4325BECEF51B8C32B4329097E4F301 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    11:25:50.0250 3988 DLABOIOM - ok
    11:25:50.0265 3988 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    11:25:50.0265 3988 DLACDBHM - ok
    11:25:50.0296 3988 [ 1E6C6597833A04C2157BE7B39EA92CE1 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
    11:25:50.0296 3988 DLADResN - ok
    11:25:50.0328 3988 [ 752376E109A090970BFA9722F0F40B03 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    11:25:50.0328 3988 DLAIFS_M - ok
    11:25:50.0328 3988 [ 62EE7902E74B90BF1CCC4643FC6C07A7 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    11:25:50.0328 3988 DLAOPIOM - ok
    11:25:50.0328 3988 [ 5C220124C5AFEAEE84A9BB89D685C17B ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    11:25:50.0343 3988 DLAPoolM - ok
    11:25:50.0343 3988 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    11:25:50.0343 3988 DLARTL_N - ok
    11:25:50.0343 3988 [ 4EBB78D9BBF072119363B35B9B3E518F ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    11:25:50.0359 3988 DLAUDFAM - ok
    11:25:50.0359 3988 [ 333B770E52D2CEA7BD86391120466E43 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    11:25:50.0359 3988 DLAUDF_M - ok
    11:25:50.0375 3988 dmadmin - ok
    11:25:50.0437 3988 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    11:25:50.0453 3988 dmboot - ok
    11:25:50.0484 3988 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    11:25:50.0484 3988 dmio - ok
    11:25:50.0484 3988 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    11:25:50.0484 3988 dmload - ok
    11:25:50.0546 3988 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    11:25:50.0546 3988 dmserver - ok
    11:25:50.0562 3988 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    11:25:50.0562 3988 DMusic - ok
    11:25:50.0593 3988 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    11:25:50.0609 3988 Dnscache - ok
    11:25:50.0640 3988 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    11:25:50.0640 3988 Dot3svc - ok
    11:25:50.0656 3988 dpti2o - ok
    11:25:50.0671 3988 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    11:25:50.0671 3988 drmkaud - ok
    11:25:50.0687 3988 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    11:25:50.0703 3988 DRVMCDB - ok
    11:25:50.0703 3988 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    11:25:50.0703 3988 DRVNDDM - ok
    11:25:50.0734 3988 [ C9FFBD6B8EDC46CD3D13E3C6DB914FB7 ] DVD-RAM_Service C:\WINDOWS\system32\DVDRAMSV.exe
    11:25:50.0750 3988 DVD-RAM_Service - ok
    11:25:50.0796 3988 [ E1FA10ED8F9F700C1BE1EAE05A80EF57 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    11:25:50.0796 3988 e1express - ok
    11:25:50.0859 3988 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    11:25:50.0875 3988 EapHost - ok
    11:25:50.0968 3988 [ 8301243BDE5B6CD316D79C0191D50D9A ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
    11:25:50.0984 3988 ehRecvr - ok
    11:25:51.0046 3988 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
    11:25:51.0046 3988 ehSched - ok
    11:25:51.0078 3988 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    11:25:51.0078 3988 ERSvc - ok
    11:25:51.0109 3988 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    11:25:51.0109 3988 Eventlog - ok
    11:25:51.0156 3988 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\Es.dll
    11:25:51.0171 3988 EventSystem - ok
    11:25:51.0234 3988 [ 56DED3ADE453272E6A0AD582D945D1A4 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    11:25:51.0234 3988 EvtEng - ok
    11:25:51.0250 3988 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    11:25:51.0265 3988 Fastfat - ok
    11:25:51.0312 3988 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    11:25:51.0312 3988 FastUserSwitchingCompatibility - ok
    11:25:51.0343 3988 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
    11:25:51.0343 3988 Fax - ok
    11:25:51.0390 3988 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    11:25:51.0390 3988 Fdc - ok
    11:25:51.0484 3988 [ 5A8F83707C4CF1395312B23E6AF4DDD7 ] FdRedir C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
    11:25:51.0484 3988 FdRedir - ok
    11:25:51.0500 3988 [ D7BEFE501CC041C76E3FA976CFD04127 ] FileDisk2 C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
    11:25:51.0500 3988 FileDisk2 - ok
    11:25:51.0515 3988 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    11:25:51.0515 3988 Fips - ok
    11:25:51.0515 3988 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    11:25:51.0515 3988 Flpydisk - ok
    11:25:51.0562 3988 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    11:25:51.0578 3988 FltMgr - ok
    11:25:51.0593 3988 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    11:25:51.0593 3988 Fs_Rec - ok
    11:25:51.0625 3988 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    11:25:51.0625 3988 Ftdisk - ok
    11:25:51.0640 3988 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    11:25:51.0640 3988 Gpc - ok
    11:25:51.0718 3988 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    11:25:51.0718 3988 gupdate - ok
    11:25:51.0734 3988 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    11:25:51.0734 3988 gupdatem - ok
    11:25:51.0812 3988 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    11:25:51.0828 3988 gusvc - ok
    11:25:51.0890 3988 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    11:25:51.0890 3988 HDAudBus - ok
    11:25:51.0984 3988 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    11:25:51.0984 3988 helpsvc - ok
    11:25:52.0031 3988 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    11:25:52.0031 3988 HidServ - ok
    11:25:52.0078 3988 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    11:25:52.0078 3988 HidUsb - ok
    11:25:52.0109 3988 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    11:25:52.0125 3988 hkmsvc - ok
    11:25:52.0125 3988 hpn - ok
    11:25:52.0140 3988 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    11:25:52.0140 3988 HPZid412 - ok
    11:25:52.0156 3988 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    11:25:52.0187 3988 HPZipr12 - ok
    11:25:52.0203 3988 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    11:25:52.0203 3988 HPZius12 - ok
    11:25:52.0234 3988 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    11:25:52.0250 3988 HTTP - ok
    11:25:52.0296 3988 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    11:25:52.0328 3988 HTTPFilter - ok
    11:25:52.0328 3988 i2omgmt - ok
    11:25:52.0328 3988 i2omp - ok
    11:25:52.0359 3988 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    11:25:52.0359 3988 i8042prt - ok
    11:25:52.0468 3988 [ BC1F1FF8D5800398937966CDB0A97FDC ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    11:25:52.0500 3988 ialm - ok
    11:25:52.0500 3988 Ias - ok
    11:25:52.0515 3988 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    11:25:52.0515 3988 Imapi - ok
    11:25:52.0562 3988 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    11:25:52.0562 3988 ImapiService - ok
    11:25:52.0578 3988 ini910u - ok
    11:25:52.0765 3988 [ B12A9FC49CD2765A43829D834F518AED ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    11:25:52.0953 3988 IntcAzAudAddService - ok
    11:25:52.0953 3988 IntelIde - ok
    11:25:52.0984 3988 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    11:25:53.0000 3988 intelppm - ok
    11:25:53.0031 3988 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    11:25:53.0031 3988 Ip6Fw - ok
    11:25:53.0078 3988 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    11:25:53.0093 3988 IpFilterDriver - ok
    11:25:53.0140 3988 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    11:25:53.0140 3988 IpInIp - ok
    11:25:53.0171 3988 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    11:25:53.0187 3988 IpNat - ok
    11:25:53.0187 3988 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    11:25:53.0203 3988 IPSec - ok
    11:25:53.0218 3988 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    11:25:53.0234 3988 IRENUM - ok
    11:25:53.0250 3988 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    11:25:53.0265 3988 isapnp - ok
    11:25:53.0265 3988 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
    11:25:53.0265 3988 Iviaspi - ok
    11:25:53.0359 3988 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    11:25:53.0359 3988 JavaQuickStarterService - ok
    11:25:53.0390 3988 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    11:25:53.0390 3988 Kbdclass - ok
    11:25:53.0406 3988 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    11:25:53.0406 3988 kbdhid - ok
    11:25:53.0421 3988 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    11:25:53.0437 3988 kmixer - ok
    11:25:53.0453 3988 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    11:25:53.0453 3988 KSecDD - ok
    11:25:53.0500 3988 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    11:25:53.0515 3988 lanmanserver - ok
    11:25:53.0562 3988 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    11:25:53.0578 3988 lanmanworkstation - ok
    11:25:53.0578 3988 lbrtfdc - ok
    11:25:53.0640 3988 [ 5E3498F3D0146C0E275272B94369E3D2 ] LexBceS C:\WINDOWS\system32\LEXBCES.EXE
    11:25:53.0656 3988 LexBceS - ok
    11:25:53.0703 3988 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    11:25:53.0703 3988 LmHosts - ok
    11:25:53.0765 3988 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
    11:25:53.0765 3988 McrdSvc - ok
    11:25:53.0765 3988 mdmxsdk - ok
    11:25:53.0781 3988 meiudf - ok
    11:25:53.0796 3988 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    11:25:53.0812 3988 Messenger - ok
    11:25:53.0843 3988 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
    11:25:53.0859 3988 MHN - ok
    11:25:53.0890 3988 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    11:25:53.0906 3988 MHNDRV - ok
    11:25:53.0921 3988 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    11:25:53.0921 3988 mnmdd - ok
    11:25:53.0953 3988 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    11:25:53.0968 3988 mnmsrvc - ok
    11:25:54.0000 3988 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    11:25:54.0000 3988 Modem - ok
    11:25:54.0015 3988 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    11:25:54.0015 3988 Mouclass - ok
    11:25:54.0046 3988 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    11:25:54.0062 3988 mouhid - ok
    11:25:54.0078 3988 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    11:25:54.0078 3988 MountMgr - ok
    11:25:54.0078 3988 mraid35x - ok
    11:25:54.0093 3988 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    11:25:54.0093 3988 MRxDAV - ok
    11:25:54.0156 3988 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    11:25:54.0156 3988 MRxSmb - ok
    11:25:54.0187 3988 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    11:25:54.0187 3988 MSDTC - ok
    11:25:54.0203 3988 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    11:25:54.0203 3988 Msfs - ok
    11:25:54.0203 3988 MSIServer - ok
    11:25:54.0218 3988 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    11:25:54.0234 3988 MSPCLOCK - ok
    11:25:54.0250 3988 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    11:25:54.0250 3988 MSPQM - ok
    11:25:54.0281 3988 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    11:25:54.0281 3988 mssmbios - ok
    11:25:54.0328 3988 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    11:25:54.0328 3988 Mup - ok
    11:25:54.0375 3988 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    11:25:54.0375 3988 napagent - ok
    11:25:54.0437 3988 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    11:25:54.0437 3988 NDIS - ok
    11:25:54.0468 3988 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    11:25:54.0484 3988 NdisTapi - ok
    11:25:54.0484 3988 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    11:25:54.0484 3988 Ndisuio - ok
    11:25:54.0500 3988 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    11:25:54.0500 3988 NdisWan - ok
    11:25:54.0515 3988 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    11:25:54.0531 3988 NDProxy - ok
    11:25:54.0531 3988 NecUsb - ok
    11:25:54.0578 3988 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    11:25:54.0578 3988 Net Driver HPZ12 - ok
    11:25:54.0578 3988 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    11:25:54.0578 3988 NetBIOS - ok
    11:25:54.0609 3988 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    11:25:54.0609 3988 NetBT - ok
    11:25:54.0656 3988 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    11:25:54.0656 3988 NetDDE - ok
    11:25:54.0671 3988 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    11:25:54.0671 3988 NetDDEdsdm - ok
    11:25:54.0687 3988 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
    11:25:54.0703 3988 Netdevio - ok
    11:25:54.0734 3988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    11:25:54.0734 3988 Netlogon - ok
    11:25:54.0765 3988 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    11:25:54.0765 3988 Netman - ok
    11:25:54.0781 3988 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
    11:25:54.0781 3988 NIC1394 - ok
    11:25:54.0828 3988 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    11:25:54.0843 3988 Nla - ok
    11:25:54.0875 3988 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    11:25:54.0875 3988 Npfs - ok
    11:25:54.0937 3988 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    11:25:54.0953 3988 Ntfs - ok
    11:25:54.0953 3988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    11:25:54.0968 3988 NtLmSsp - ok
    11:25:55.0000 3988 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    11:25:55.0031 3988 NtmsSvc - ok
    11:25:55.0078 3988 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    11:25:55.0078 3988 Null - ok
    11:25:55.0109 3988 [ 2C2FD0E6B0180F94C260DD26706AA5F4 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
    11:25:55.0125 3988 NWCWorkstation - ok
    11:25:55.0140 3988 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    11:25:55.0140 3988 NwlnkFlt - ok
    11:25:55.0171 3988 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    11:25:55.0171 3988 NwlnkFwd - ok
    11:25:55.0171 3988 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
    11:25:55.0171 3988 NwlnkIpx - ok
    11:25:55.0203 3988 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
    11:25:55.0203 3988 NwlnkNb - ok
    11:25:55.0218 3988 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
    11:25:55.0218 3988 NwlnkSpx - ok
    11:25:55.0234 3988 [ 36B9B950E3D2E100970A48D8BAD86740 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
    11:25:55.0234 3988 NWRDR - ok
    11:25:55.0406 3988 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    11:25:55.0421 3988 odserv - ok
    11:25:55.0437 3988 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    11:25:55.0437 3988 ohci1394 - ok
    11:25:55.0500 3988 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    11:25:55.0500 3988 ose - ok
    11:25:55.0546 3988 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    11:25:55.0546 3988 Parport - ok
    11:25:55.0546 3988 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    11:25:55.0546 3988 PartMgr - ok
    11:25:55.0578 3988 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    11:25:55.0578 3988 ParVdm - ok
    11:25:55.0578 3988 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    11:25:55.0593 3988 PCI - ok
    11:25:55.0593 3988 PCIDump - ok
    11:25:55.0593 3988 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    11:25:55.0593 3988 PCIIde - ok
    11:25:55.0625 3988 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    11:25:55.0625 3988 Pcmcia - ok
    11:25:55.0625 3988 PDCOMP - ok
    11:25:55.0640 3988 PDFRAME - ok
    11:25:55.0640 3988 PDRELI - ok
    11:25:55.0640 3988 PDRFRAME - ok
    11:25:55.0656 3988 perc2 - ok
    11:25:55.0656 3988 perc2hib - ok
    11:25:55.0671 3988 [ 444F122E68DB44C0589227781F3C8B3F ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
    11:25:55.0671 3988 Pfc - ok
    11:25:55.0687 3988 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    11:25:55.0703 3988 PlugPlay - ok
    11:25:55.0718 3988 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    11:25:55.0734 3988 Pml Driver HPZ12 - ok
    11:25:55.0765 3988 [ CF7C1868B90C90A265FC3F60CE46265B ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
    11:25:55.0765 3988 Point32 - ok
    11:25:55.0765 3988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    11:25:55.0781 3988 PolicyAgent - ok
    11:25:55.0781 3988 pop3d32 - ok
    11:25:55.0796 3988 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    11:25:55.0812 3988 PptpMiniport - ok
    11:25:55.0812 3988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    11:25:55.0812 3988 ProtectedStorage - ok
    11:25:55.0828 3988 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    11:25:55.0828 3988 PSched - ok
    11:25:55.0828 3988 PTDCBus - ok
    11:25:55.0843 3988 PTDCMdm - ok
    11:25:55.0843 3988 PTDCVsp - ok
    11:25:55.0843 3988 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    11:25:55.0843 3988 Ptilink - ok
    11:25:55.0859 3988 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    11:25:55.0859 3988 PxHelp20 - ok
    11:25:55.0859 3988 ql1080 - ok
    11:25:55.0859 3988 Ql10wnt - ok
    11:25:55.0875 3988 ql12160 - ok
    11:25:55.0875 3988 ql1240 - ok
    11:25:55.0875 3988 ql1280 - ok
    11:25:55.0906 3988 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    11:25:55.0906 3988 RasAcd - ok
    11:25:55.0953 3988 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    11:25:55.0953 3988 RasAuto - ok
    11:25:55.0984 3988 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    11:25:55.0984 3988 Rasl2tp - ok
    11:25:56.0046 3988 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    11:25:56.0046 3988 RasMan - ok
    11:25:56.0062 3988 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    11:25:56.0062 3988 RasPppoe - ok
    11:25:56.0062 3988 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    11:25:56.0062 3988 Raspti - ok
    11:25:56.0093 3988 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    11:25:56.0109 3988 Rdbss - ok
    11:25:56.0156 3988 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    11:25:56.0156 3988 RDPCDD - ok
    11:25:56.0203 3988 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    11:25:56.0218 3988 rdpdr - ok
    11:25:56.0250 3988 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    11:25:56.0265 3988 RDPWD - ok
    11:25:56.0281 3988 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    11:25:56.0312 3988 RDSessMgr - ok
    11:25:56.0328 3988 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    11:25:56.0328 3988 redbook - ok
    11:25:56.0359 3988 [ 1B2857EF12D79A9F9ADBA14B0637CBF8 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    11:25:56.0359 3988 RegSrvc - ok
    11:25:56.0406 3988 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    11:25:56.0406 3988 RemoteAccess - ok
    11:25:56.0453 3988 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    11:25:56.0468 3988 RemoteRegistry - ok
    11:25:56.0468 3988 rootmodem - ok
    11:25:56.0468 3988 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    11:25:56.0484 3988 RpcLocator - ok
    11:25:56.0500 3988 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    11:25:56.0515 3988 RpcSs - ok
    11:25:56.0578 3988 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    11:25:56.0578 3988 RSVP - ok
    11:25:56.0656 3988 [ 6C5155CC0E805C7BE6028BFF7AC14524 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    11:25:56.0656 3988 S24EventMonitor - ok
    11:25:56.0671 3988 [ 1CC074E0D48383D4E9BFFC6A26C2A58A ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
    11:25:56.0671 3988 s24trans - ok
    11:25:56.0703 3988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    11:25:56.0703 3988 SamSs - ok
    11:25:56.0750 3988 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    11:25:56.0765 3988 SCardSvr - ok
    11:25:56.0781 3988 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    11:25:56.0796 3988 Schedule - ok
    11:25:56.0843 3988 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
    11:25:56.0843 3988 sdbus - ok
    11:25:56.0890 3988 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    11:25:56.0890 3988 Secdrv - ok
    11:25:56.0953 3988 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    11:25:56.0968 3988 seclogon - ok
    11:25:56.0968 3988 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    11:25:56.0984 3988 SENS - ok
    11:25:57.0015 3988 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
    11:25:57.0031 3988 Serial - ok
    11:25:57.0046 3988 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
    11:25:57.0062 3988 sffdisk - ok
    11:25:57.0078 3988 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
    11:25:57.0078 3988 sffp_sd - ok
    11:25:57.0109 3988 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    11:25:57.0109 3988 Sfloppy - ok
    11:25:57.0156 3988 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    11:25:57.0171 3988 SharedAccess - ok
    11:25:57.0203 3988 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    11:25:57.0203 3988 ShellHWDetection - ok
    11:25:57.0218 3988 Simbad - ok
    11:25:57.0265 3988 [ B9DE57348D93B28739C70B04EEE9D133 ] smihlp C:\Program Files\Protector Suite QL\smihlp.sys
    11:25:57.0265 3988 smihlp - ok
    11:25:57.0265 3988 Sparrow - ok
    11:25:57.0281 3988 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    11:25:57.0296 3988 splitter - ok
    11:25:57.0328 3988 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    11:25:57.0343 3988 Spooler - ok
    11:25:57.0359 3988 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    11:25:57.0359 3988 sr - ok
    11:25:57.0406 3988 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    11:25:57.0421 3988 srservice - ok
    11:25:57.0468 3988 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    11:25:57.0484 3988 Srv - ok
    11:25:57.0484 3988 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    11:25:57.0500 3988 SSDPSRV - ok
    11:25:57.0500 3988 SSPORT - ok
    11:25:57.0562 3988 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    11:25:57.0578 3988 stisvc - ok
    11:25:57.0625 3988 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    11:25:57.0625 3988 swenum - ok
    11:25:57.0656 3988 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    11:25:57.0671 3988 swmidi - ok
    11:25:57.0671 3988 SwPrv - ok
    11:25:57.0718 3988 [ 486A64AABD88E4E174681E89E9736BC9 ] Swupdtmr c:\Toshiba\IVP\swupdate\swupdtmr.exe
    11:25:57.0718 3988 Swupdtmr - ok
    11:25:57.0734 3988 symc810 - ok
    11:25:57.0734 3988 symc8xx - ok
    11:25:57.0750 3988 sym_hi - ok
    11:25:57.0750 3988 sym_u3 - ok
    11:25:57.0796 3988 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    11:25:57.0796 3988 sysaudio - ok
    11:25:57.0828 3988 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    11:25:57.0843 3988 SysmonLog - ok
    11:25:57.0875 3988 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    11:25:57.0890 3988 TapiSrv - ok
    11:25:57.0937 3988 [ 7147B0575BCC93A6AB7D5C90F47C0B9F ] tbiosdrv C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
    11:25:57.0937 3988 tbiosdrv - ok
    11:25:58.0000 3988 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    11:25:58.0015 3988 Tcpip - ok
    11:25:58.0031 3988 [ FC6FE02F400308606A911640E72326B5 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
    11:25:58.0031 3988 TcUsb - ok
    11:25:58.0062 3988 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    11:25:58.0062 3988 TDPIPE - ok
    11:25:58.0078 3988 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    11:25:58.0078 3988 TDTCP - ok
    11:25:58.0109 3988 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    11:25:58.0109 3988 TermDD - ok
    11:25:58.0156 3988 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    11:25:58.0171 3988 TermService - ok
    11:25:58.0203 3988 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    11:25:58.0203 3988 Themes - ok
    11:25:58.0234 3988 [ 244CFBFFDEFB77F3DF571A8CD108FC06 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
    11:25:58.0234 3988 tifm21 - ok
    11:25:58.0281 3988 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    11:25:58.0281 3988 TlntSvr - ok
    11:25:58.0296 3988 TosIde - ok
    11:25:58.0312 3988 [ 9FFFFB4C5B06C7B75E8159F1106006AC ] TPwSav C:\WINDOWS\system32\Drivers\TPwSav.sys
    11:25:58.0312 3988 TPwSav - ok
    11:25:58.0359 3988 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    11:25:58.0359 3988 TrkWks - ok
    11:25:58.0421 3988 [ CC6763889198EF975B143D49789BCFA9 ] Tvs C:\WINDOWS\system32\DRIVERS\Tvs.sys
    11:25:58.0421 3988 Tvs - ok
    11:25:58.0453 3988 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    11:25:58.0453 3988 Udfs - ok
    11:25:58.0468 3988 ultra - ok
    11:25:58.0500 3988 [ 9651E5D850B6F6BD7C77C70AA06F02BF ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
    11:25:58.0515 3988 UMWdf - ok
    11:25:58.0578 3988 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    11:25:58.0593 3988 Update - ok
    11:25:58.0625 3988 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    11:25:58.0640 3988 upnphost - ok
    11:25:58.0640 3988 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    11:25:58.0656 3988 UPS - ok
    11:25:58.0656 3988 upsmonservice - ok
    11:25:58.0687 3988 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    11:25:58.0687 3988 usbccgp - ok
    11:25:58.0703 3988 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    11:25:58.0703 3988 usbehci - ok
    11:25:58.0718 3988 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    11:25:58.0734 3988 usbhub - ok
    11:25:58.0765 3988 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
    11:25:58.0765 3988 usbohci - ok
    11:25:58.0765 3988 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    11:25:58.0765 3988 usbprint - ok
    11:25:58.0796 3988 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    11:25:58.0796 3988 usbscan - ok
    11:25:58.0843 3988 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    11:25:58.0843 3988 USBSTOR - ok
    11:25:58.0906 3988 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    11:25:58.0906 3988 usbuhci - ok
    11:25:58.0921 3988 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    11:25:58.0921 3988 VgaSave - ok
    11:25:58.0921 3988 ViaIde - ok
    11:25:58.0953 3988 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    11:25:58.0953 3988 VolSnap - ok
    11:25:59.0000 3988 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    11:25:59.0000 3988 VSS - ok
    11:25:59.0031 3988 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    11:25:59.0046 3988 W32Time - ok
    11:25:59.0156 3988 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
    11:25:59.0171 3988 w39n51 - ok
    11:25:59.0218 3988 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    11:25:59.0218 3988 Wanarp - ok
    11:25:59.0281 3988 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    11:25:59.0281 3988 wanatw - ok
    11:25:59.0281 3988 WDICA - ok
    11:25:59.0328 3988 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    11:25:59.0328 3988 wdmaud - ok
    11:25:59.0375 3988 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    11:25:59.0390 3988 WebClient - ok
    11:25:59.0453 3988 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    11:25:59.0468 3988 winmgmt - ok
    11:25:59.0515 3988 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    11:25:59.0515 3988 WmdmPmSN - ok
    11:25:59.0578 3988 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    11:25:59.0593 3988 Wmi - ok
    11:25:59.0625 3988 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    11:25:59.0625 3988 WmiApSrv - ok
    11:25:59.0671 3988 [ BBAEACA1FFA3C86361CF0998474F6C3A ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
    11:25:59.0671 3988 WpdUsb - ok
    11:25:59.0671 3988 WSearch - ok
    11:25:59.0718 3988 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    11:25:59.0750 3988 WZCSVC - ok
    11:25:59.0781 3988 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    11:25:59.0796 3988 xmlprov - ok
    11:25:59.0812 3988 zpnodecollector - ok
    11:25:59.0812 3988 ================ Scan global ===============================
    11:25:59.0859 3988 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    11:25:59.0906 3988 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
    11:25:59.0921 3988 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
    11:25:59.0968 3988 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    11:25:59.0968 3988 [Global] - ok
    11:25:59.0968 3988 ================ Scan MBR ==================================
    11:26:00.0000 3988 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0
    11:26:00.0156 3988 \Device\Harddisk0\DR0 - ok
    11:26:00.0156 3988 ================ Scan VBR ==================================
    11:26:00.0171 3988 [ E8C7F0E5E3F12D1FD71DA7AE008A2D8B ] \Device\Harddisk0\DR0\Partition1
    11:26:00.0171 3988 \Device\Harddisk0\DR0\Partition1 - ok
    11:26:00.0171 3988 ============================================================
    11:26:00.0171 3988 Scan finished
    11:26:00.0171 3988 ============================================================
    11:26:00.0187 3112 Detected object count: 0
    11:26:00.0187 3112 Actual detected object count: 0
    11:27:30.0109 4044 Deinitialize success
    RogueKiller V8.2.1 [10/29/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Kit Romney [Admin rights]
    Mode : Scan -- Date : 10/26/2012 11:29:32
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts
    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK1234GSX +++++
    --- User ---
    [MBR] 02bc6b37f47a09f182f144f9037007a3
    [BSP] 5e47b50246e58b794bca04f29dd90dd8 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114282 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
    RogueKiller V8.2.1 [10/29/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Kit Romney [Admin rights]
    Mode : Remove -- Date : 10/26/2012 11:29:45
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts
    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK1234GSX +++++
    --- User ---
    [MBR] 02bc6b37f47a09f182f144f9037007a3
    [BSP] 5e47b50246e58b794bca04f29dd90dd8 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114282 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-29 19:24:12
    -----------------------------
    19:24:12.359 OS Version: Windows 5.1.2600 Service Pack 3
    19:24:12.359 Number of processors: 2 586 0xE08
    19:24:12.359 ComputerName: ROMCOM UserName:
    19:24:12.937 Initialize success
    19:24:13.046 AVAST engine defs: 12102901
    19:24:38.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    19:24:38.140 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001A Size: 114282MB BusType: 3
    19:24:38.171 Disk 0 MBR read successfully
    19:24:38.171 Disk 0 MBR scan
    19:24:38.171 Disk 0 unknown MBR code
    19:24:38.171 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114282 MB offset 63
    19:24:38.187 Disk 0 scanning sectors +234050985
    19:24:38.250 Disk 0 scanning C:\WINDOWS\system32\drivers
    19:24:47.421 Service scanning
    19:25:03.890 Modules scanning
    19:25:09.187 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
    19:25:11.015 Disk 0 trace - called modules:
    19:25:11.046 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    19:25:11.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b25ab8]
    19:25:11.046 3 CLASSPNP.SYS[f76acfd7] -> nt!IofCallDriver -> \Device\00000082[0x86b7c9e8]
    19:25:11.046 5 ACPI.sys[f7603620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b28940]
    19:25:11.546 AVAST engine scan C:\WINDOWS
    19:25:17.984 AVAST engine scan C:\WINDOWS\system32
    19:27:02.312 AVAST engine scan C:\WINDOWS\system32\drivers
    19:27:18.562 AVAST engine scan C:\Documents and Settings\Kit Romney
    19:25:04.968 AVAST engine scan C:\Documents and Settings\All Users
    19:25:28.593 Scan finished successfully
    19:26:53.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kit Romney\My Documents\Compromised\MBR.dat"
    19:26:54.000 The log file has been saved successfully to "C:\Documents and Settings\Kit Romney\My Documents\Compromised\aswMBR.txt"
  4. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    PLease re-run MBAM one more time and post new log.

    Then...

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ====================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  5. jibberjive

    jibberjive Newcomer, in training Topic Starter

    MBAM log

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.10.25.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Kit Romney :: ROMCOM [administrator]

    10/29/2012 8:11:07 PM
    mbam-log-2012-10-29 (20-11-07).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 306403
    Time elapsed: 1 hour(s), 8 minute(s), 47 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  6. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Still with me?
    Waiting for Combofix log.
  7. jibberjive

    jibberjive Newcomer, in training Topic Starter

    Yes, I tried to run ComboFix, but it was unsuccessful. I disabled AV beforehand, ran ComboFix, installed Recovery Console, it said it found a rootkit, was scanning I believe, and I let it run overnight with no change in screen. I had to reset the comptuer. I'll go back to the recovery point I set beforehand and try it again, but it will be a couple of days because the computer is not with me here.

    Thank you for your help BTW!
  8. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Do NOT use restore point.

    Re-run Combofix from safe mode.
  9. jibberjive

    jibberjive Newcomer, in training Topic Starter

    Ok, will do!
  10. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.