Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Well hidden malware [Solved]


  • This topic is locked This topic is locked

#16
Cotutor

Cotutor

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 494 posts

How is it running, are there any issues?


Well there weren't any issues until I tried to run OTL the first time. But it's acting kind of laggy and slow to respond. That coupled with the fact that I still can't run OTL without dropping out services and drivers, and cannot run ASWmbr, makes me think something else is going on?
  • 0

Advertisements


#17
Cotutor

Cotutor

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 494 posts
I started another aswmbr scan to see if it would run, it gets to the point of scanning: c:\windows\asssembly\NativeImages1_v.1.4322\system.drawing\1.0.5000.0_ ...(I can't read the rest of this line because it locks up the system and it's off screen).
  • 0

#18
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • Get the report by selecting Reports

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#19
Cotutor

Cotutor

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 494 posts
Howdy CompCav, Hope you had a good weekend.
Here is the TDSKiller scan log. There was no 'cure' option on any of the threats, 'delete, quarantine, or skip' so I skipped all of them.
Also, you asked how it was asking, I noticed again when trying to open this file, Notepad association is not working, I can open it with command, and then open the file, but if I dbl click on a txt file it asks what file to open with. I went in and tried to associate them with notepad, but no go.


13:21:10.0180 1340 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:21:12.0180 1340 ============================================================
13:21:12.0180 1340 Current date / time: 2012/07/30 13:21:12.0180
13:21:12.0180 1340 SystemInfo:
13:21:12.0180 1340
13:21:12.0180 1340 OS Version: 5.1.2600 ServicePack: 3.0
13:21:12.0180 1340 Product type: Workstation
13:21:12.0180 1340 ComputerName: STANLEY-B78766E
13:21:12.0180 1340 UserName: John
13:21:12.0180 1340 Windows directory: C:\WINDOWS
13:21:12.0180 1340 System windows directory: C:\WINDOWS
13:21:12.0180 1340 Processor architecture: Intel x86
13:21:12.0180 1340 Number of processors: 1
13:21:12.0180 1340 Page size: 0x1000
13:21:12.0180 1340 Boot type: Normal boot
13:21:12.0180 1340 ============================================================
13:21:28.0741 1340 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x64F1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
13:21:28.0803 1340 ============================================================
13:21:28.0803 1340 \Device\Harddisk0\DR0:
13:21:28.0803 1340 MBR partitions:
13:21:28.0803 1340 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
13:21:28.0803 1340 ============================================================
13:21:29.0022 1340 C: <-> \Device\Harddisk0\DR0\Partition0
13:21:29.0022 1340 ============================================================
13:21:29.0022 1340 Initialize success
13:21:29.0022 1340 ============================================================
13:22:50.0343 0164 ============================================================
13:22:50.0343 0164 Scan started
13:22:50.0343 0164 Mode: Manual; SigCheck; TDLFS;
13:22:50.0343 0164 ============================================================
13:22:50.0952 0164 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:22:54.0311 0164 !SASCORE - ok
13:22:55.0561 0164 Abiosdsk - ok
13:22:55.0577 0164 abp480n5 - ok
13:22:56.0014 0164 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:22:59.0795 0164 ACPI - ok
13:22:59.0842 0164 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:23:00.0108 0164 ACPIEC - ok
13:23:00.0139 0164 adpu160m - ok
13:23:00.0295 0164 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:23:00.0967 0164 aec - ok
13:23:01.0186 0164 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:23:01.0904 0164 AFD - ok
13:23:01.0967 0164 AgereModemAudio (9c9d3b7a05445b1ab2df4d0c4d6b77e8) C:\Program Files\LSI SoftModem\agrsmsvc.exe
13:23:02.0404 0164 AgereModemAudio - ok
13:23:03.0482 0164 AgereSoftModem (35c391e40471a0b479328fc7b1b5f40f) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
13:23:06.0966 0164 AgereSoftModem - ok
13:23:08.0169 0164 Aha154x - ok
13:23:08.0185 0164 aic78u2 - ok
13:23:08.0201 0164 aic78xx - ok
13:23:10.0403 0164 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
13:23:15.0278 0164 ALCXWDM - ok
13:23:16.0747 0164 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:23:17.0090 0164 Alerter - ok
13:23:17.0528 0164 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:23:17.0856 0164 ALG - ok
13:23:17.0934 0164 AliIde - ok
13:23:18.0012 0164 amdide (6e58654cb25730b2579e45e1fd116a47) C:\WINDOWS\system32\DRIVERS\amdide.sys
13:23:18.0075 0164 amdide - ok
13:23:18.0137 0164 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
13:23:18.0325 0164 AmdPPM - ok
13:23:18.0340 0164 amsint - ok
13:23:18.0512 0164 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
13:23:18.0731 0164 AOL ACS - ok
13:23:18.0918 0164 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
13:23:19.0590 0164 AppMgmt - ok
13:23:19.0684 0164 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:23:20.0121 0164 Arp1394 - ok
13:23:20.0137 0164 asc - ok
13:23:20.0137 0164 asc3350p - ok
13:23:20.0153 0164 asc3550 - ok
13:23:20.0371 0164 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:23:20.0778 0164 aspnet_state - ok
13:23:20.0840 0164 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:23:21.0074 0164 AsyncMac - ok
13:23:21.0199 0164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:23:21.0856 0164 atapi - ok
13:23:21.0887 0164 Atdisk - ok
13:23:22.0449 0164 Ati HotKey Poller (2dab3b19f697ff981eee587c580d7e38) C:\WINDOWS\system32\Ati2evxx.exe
13:23:24.0121 0164 Ati HotKey Poller - ok
13:23:24.0668 0164 ATI Smart (72810c6a63076a480abce0e0ba0bc981) C:\WINDOWS\system32\ati2sgag.exe
13:23:26.0230 0164 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
13:23:26.0230 0164 ATI Smart - detected UnsignedFile.Multi.Generic (1)
13:23:29.0402 0164 ati2mtag (ef1fa1877c6f411937623844423024a5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:23:33.0308 0164 ati2mtag - ok
13:23:34.0683 0164 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:23:35.0120 0164 Atmarpc - ok
13:23:35.0214 0164 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:23:35.0792 0164 AudioSrv - ok
13:23:35.0839 0164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:23:36.0073 0164 audstub - ok
13:23:36.0151 0164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:23:36.0870 0164 Beep - ok
13:23:37.0354 0164 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:23:39.0354 0164 BITS - ok
13:23:39.0479 0164 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:23:39.0948 0164 Browser - ok
13:23:40.0041 0164 catchme - ok
13:23:40.0088 0164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:23:40.0307 0164 cbidf2k - ok
13:23:40.0323 0164 cd20xrnt - ok
13:23:40.0385 0164 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:23:41.0213 0164 Cdaudio - ok
13:23:41.0323 0164 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:23:41.0791 0164 Cdfs - ok
13:23:41.0901 0164 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:23:42.0322 0164 Cdrom - ok
13:23:42.0338 0164 Changer - ok
13:23:42.0385 0164 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:23:42.0651 0164 CiSvc - ok
13:23:42.0744 0164 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:23:43.0135 0164 ClipSrv - ok
13:23:43.0369 0164 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:23:43.0713 0164 clr_optimization_v2.0.50727_32 - ok
13:23:43.0713 0164 CmdIde - ok
13:23:43.0729 0164 COMSysApp - ok
13:23:43.0760 0164 Cpqarray - ok
13:23:43.0869 0164 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:23:44.0229 0164 CryptSvc - ok
13:23:44.0244 0164 dac2w2k - ok
13:23:44.0260 0164 dac960nt - ok
13:23:44.0635 0164 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:23:45.0557 0164 DcomLaunch - ok
13:23:45.0713 0164 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:23:46.0447 0164 Dhcp - ok
13:23:46.0541 0164 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:23:46.0869 0164 Disk - ok
13:23:46.0885 0164 dmadmin - ok
13:23:47.0635 0164 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:23:49.0603 0164 dmboot - ok
13:23:50.0962 0164 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:23:51.0665 0164 dmio - ok
13:23:51.0697 0164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:23:51.0915 0164 dmload - ok
13:23:51.0994 0164 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:23:52.0697 0164 dmserver - ok
13:23:52.0806 0164 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:23:53.0197 0164 DMusic - ok
13:23:53.0290 0164 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:23:53.0634 0164 Dnscache - ok
13:23:53.0821 0164 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:23:54.0446 0164 Dot3svc - ok
13:23:54.0462 0164 dpti2o - ok
13:23:54.0493 0164 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:23:54.0650 0164 drmkaud - ok
13:23:54.0790 0164 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:23:55.0071 0164 EapHost - ok
13:23:55.0337 0164 ehRecvr (27434c42a13c11f92ca45840b720d671) C:\WINDOWS\eHome\ehRecvr.exe
13:23:55.0946 0164 ehRecvr ( UnsignedFile.Multi.Generic ) - warning
13:23:55.0946 0164 ehRecvr - detected UnsignedFile.Multi.Generic (1)
13:23:56.0071 0164 ehSched (16910f8b482919bb6035ed053b691692) C:\WINDOWS\eHome\ehSched.exe
13:23:56.0431 0164 ehSched - ok
13:23:56.0587 0164 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:23:56.0884 0164 ERSvc - ok
13:23:57.0009 0164 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:23:57.0446 0164 Eventlog - ok
13:23:57.0712 0164 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:23:58.0602 0164 EventSystem - ok
13:23:58.0821 0164 F-Secure Filter (d4980588ed87f8bb16be43ddd0fbd5fe) C:\Program Files\Charter Security Suite\Anti-Virus\Win2K\FSfilter.sys
13:23:59.0071 0164 F-Secure Filter - ok
13:23:59.0274 0164 F-Secure Gatekeeper (66422dc3faa1de433371816056d28270) C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys
13:23:59.0696 0164 F-Secure Gatekeeper - ok
13:23:59.0993 0164 F-Secure Gatekeeper Handler Starter (a9be66e05254b20df82e0f7cddeca7dd) C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
13:24:00.0774 0164 F-Secure Gatekeeper Handler Starter - ok
13:24:00.0946 0164 F-Secure HIPS (f5aca65237c7511d5803cdc5e7003d75) C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys
13:24:01.0149 0164 F-Secure HIPS - ok
13:24:01.0180 0164 F-Secure Recognizer (6ce1195511533c9359f91a9e63792f5e) C:\Program Files\Charter Security Suite\Anti-Virus\Win2K\FSrec.sys
13:24:01.0321 0164 F-Secure Recognizer - ok
13:24:02.0852 0164 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:24:03.0555 0164 Fastfat - ok
13:24:03.0727 0164 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:24:04.0305 0164 FastUserSwitchingCompatibility - ok
13:24:04.0383 0164 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:24:04.0649 0164 Fdc - ok
13:24:04.0727 0164 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:24:05.0055 0164 Fips - ok
13:24:05.0086 0164 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:24:05.0352 0164 Flpydisk - ok
13:24:05.0508 0164 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:24:06.0133 0164 FltMgr - ok
13:24:06.0289 0164 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:24:06.0523 0164 FontCache3.0.0.0 - ok
13:24:06.0602 0164 fsbts (1d2de58a837e6909f98ca35103d10739) C:\WINDOWS\system32\Drivers\fsbts.sys
13:24:06.0742 0164 fsbts - ok
13:24:07.0492 0164 FSDFWD (6bc997049c3cb6e39a7660d4c8cefbe0) C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe
13:24:08.0601 0164 FSDFWD - ok
13:24:08.0695 0164 FSFW (d93e91a800af12ccb14f3ee7cd3a22a2) C:\WINDOWS\system32\drivers\fsdfw.sys
13:24:09.0008 0164 FSFW - ok
13:24:09.0273 0164 FSMA (392e85687a902239c01baddf212b1a36) C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
13:24:09.0789 0164 FSMA - ok
13:24:09.0883 0164 FSORSPClient (10c6d96cc21a9b73fe1f0119cc38d9c0) C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe
13:24:10.0054 0164 FSORSPClient - ok
13:24:10.0117 0164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:24:10.0336 0164 Fs_Rec - ok
13:24:10.0492 0164 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:24:11.0101 0164 Ftdisk - ok
13:24:11.0164 0164 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:24:11.0476 0164 Gpc - ok
13:24:11.0601 0164 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:24:11.0929 0164 helpsvc - ok
13:24:11.0960 0164 HidCom (d641bde4540c244179c12c51cf31eb34) C:\WINDOWS\system32\DRIVERS\BdHidCom.sys
13:24:12.0148 0164 HidCom - ok
13:24:12.0164 0164 HidServ - ok
13:24:12.0210 0164 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:24:12.0414 0164 HidUsb - ok
13:24:12.0523 0164 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:24:12.0929 0164 hkmsvc - ok
13:24:12.0929 0164 hpn - ok
13:24:13.0038 0164 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:24:13.0460 0164 HPZid412 - ok
13:24:13.0507 0164 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:24:13.0601 0164 HPZipr12 - ok
13:24:13.0648 0164 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:24:14.0007 0164 HPZius12 - ok
13:24:14.0288 0164 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:24:15.0288 0164 HTTP - ok
13:24:15.0351 0164 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:24:15.0585 0164 HTTPFilter - ok
13:24:15.0601 0164 i2omgmt - ok
13:24:15.0616 0164 i2omp - ok
13:24:15.0710 0164 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:24:16.0163 0164 i8042prt - ok
13:24:17.0179 0164 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:24:19.0882 0164 idsvc - ok
13:24:20.0397 0164 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:24:20.0710 0164 Imapi - ok
13:24:20.0882 0164 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:24:21.0710 0164 ImapiService - ok
13:24:21.0725 0164 ini910u - ok
13:24:21.0741 0164 IntelIde - ok
13:24:21.0850 0164 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:24:22.0194 0164 Ip6Fw - ok
13:24:22.0272 0164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:24:22.0553 0164 IpFilterDriver - ok
13:24:22.0585 0164 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:24:22.0819 0164 IpInIp - ok
13:24:22.0991 0164 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:24:23.0616 0164 IpNat - ok
13:24:23.0725 0164 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:24:24.0397 0164 IPSec - ok
13:24:24.0444 0164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:24:24.0600 0164 IRENUM - ok
13:24:24.0678 0164 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:24:24.0975 0164 isapnp - ok
13:24:25.0037 0164 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:24:25.0350 0164 Kbdclass - ok
13:24:25.0537 0164 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:24:26.0350 0164 kmixer - ok
13:24:26.0490 0164 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:24:27.0022 0164 KSecDD - ok
13:24:27.0162 0164 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:24:27.0522 0164 lanmanserver - ok
13:24:27.0693 0164 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:24:28.0178 0164 lanmanworkstation - ok
13:24:28.0193 0164 lbrtfdc - ok
13:24:28.0475 0164 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:24:28.0693 0164 LmHosts - ok
13:24:28.0850 0164 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:24:29.0146 0164 Messenger - ok
13:24:29.0271 0164 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
13:24:29.0646 0164 MHN ( UnsignedFile.Multi.Generic ) - warning
13:24:29.0646 0164 MHN - detected UnsignedFile.Multi.Generic (1)
13:24:29.0693 0164 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
13:24:29.0928 0164 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
13:24:29.0928 0164 MHNDRV - detected UnsignedFile.Multi.Generic (1)
13:24:30.0099 0164 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:24:30.0287 0164 mnmdd - ok
13:24:30.0396 0164 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:24:30.0803 0164 mnmsrvc - ok
13:24:30.0881 0164 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:24:31.0146 0164 Modem - ok
13:24:31.0193 0164 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:24:31.0427 0164 Mouclass - ok
13:24:31.0490 0164 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:24:31.0709 0164 mouhid - ok
13:24:31.0787 0164 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:24:32.0131 0164 MountMgr - ok
13:24:32.0146 0164 mraid35x - ok
13:24:32.0349 0164 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:24:33.0130 0164 MRxDAV - ok
13:24:33.0584 0164 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:24:35.0599 0164 MRxSmb - ok
13:24:35.0677 0164 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:24:35.0911 0164 MSDTC - ok
13:24:35.0974 0164 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:24:36.0193 0164 Msfs - ok
13:24:36.0208 0164 MSIServer - ok
13:24:36.0302 0164 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:24:36.0474 0164 MSKSSRV - ok
13:24:36.0490 0164 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:24:36.0646 0164 MSPCLOCK - ok
13:24:36.0661 0164 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:24:36.0849 0164 MSPQM - ok
13:24:37.0005 0164 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:24:37.0239 0164 mssmbios - ok
13:24:37.0396 0164 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:24:37.0849 0164 Mup - ok
13:24:38.0192 0164 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:24:39.0302 0164 napagent - ok
13:24:39.0505 0164 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:24:40.0380 0164 NDIS - ok
13:24:40.0427 0164 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:24:40.0536 0164 NdisTapi - ok
13:24:40.0599 0164 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:24:40.0786 0164 Ndisuio - ok
13:24:40.0895 0164 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:24:41.0380 0164 NdisWan - ok
13:24:41.0427 0164 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:24:41.0692 0164 NDProxy - ok
13:24:41.0770 0164 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:24:42.0098 0164 NetBIOS - ok
13:24:42.0286 0164 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:24:43.0067 0164 NetBT - ok
13:24:43.0208 0164 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:24:44.0098 0164 NetDDE - ok
13:24:44.0098 0164 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:24:44.0536 0164 NetDDEdsdm - ok
13:24:44.0598 0164 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:24:44.0848 0164 Netlogon - ok
13:24:45.0067 0164 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:24:45.0864 0164 Netman - ok
13:24:46.0114 0164 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:24:46.0614 0164 NetTcpPortSharing - ok
13:24:46.0707 0164 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:24:47.0160 0164 NIC1394 - ok
13:24:47.0489 0164 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:24:48.0160 0164 Nla - ok
13:24:48.0301 0164 Norton PC Checkup Application Launcher - ok
13:24:48.0379 0164 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:24:48.0645 0164 Npfs - ok
13:24:49.0192 0164 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:24:50.0754 0164 Ntfs - ok
13:24:50.0801 0164 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:24:50.0988 0164 NtLmSsp - ok
13:24:51.0629 0164 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:24:53.0207 0164 NtmsSvc - ok
13:24:53.0332 0164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:24:53.0550 0164 Null - ok
13:24:53.0613 0164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:24:53.0894 0164 NwlnkFlt - ok
13:24:53.0941 0164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:24:54.0254 0164 NwlnkFwd - ok
13:24:54.0878 0164 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:24:56.0472 0164 odserv - ok
13:24:56.0566 0164 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:24:56.0941 0164 ohci1394 - ok
13:24:57.0128 0164 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:24:57.0753 0164 ose - ok
13:24:57.0909 0164 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:24:58.0378 0164 Parport - ok
13:24:58.0456 0164 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:24:58.0675 0164 PartMgr - ok
13:24:58.0722 0164 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:24:58.0894 0164 ParVdm - ok
13:24:59.0097 0164 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
13:24:59.0472 0164 PCCUJobMgr - ok
13:24:59.0534 0164 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:24:59.0941 0164 PCI - ok
13:24:59.0956 0164 PCIDump - ok
13:24:59.0987 0164 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:25:00.0144 0164 PCIIde - ok
13:25:00.0284 0164 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:25:00.0878 0164 Pcmcia - ok
13:25:00.0894 0164 PDCOMP - ok
13:25:00.0894 0164 PDFRAME - ok
13:25:00.0909 0164 PDRELI - ok
13:25:00.0925 0164 PDRFRAME - ok
13:25:00.0940 0164 perc2 - ok
13:25:00.0956 0164 perc2hib - ok
13:25:01.0112 0164 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:25:01.0456 0164 PlugPlay - ok
13:25:01.0597 0164 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
13:25:01.0956 0164 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:25:01.0956 0164 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:25:01.0987 0164 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:25:02.0190 0164 PolicyAgent - ok
13:25:02.0315 0164 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:25:02.0628 0164 PptpMiniport - ok
13:25:02.0690 0164 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
13:25:02.0956 0164 Processor - ok
13:25:02.0972 0164 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:25:03.0159 0164 ProtectedStorage - ok
13:25:03.0237 0164 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:25:03.0596 0164 PSched - ok
13:25:03.0675 0164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:25:03.0893 0164 Ptilink - ok
13:25:03.0971 0164 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:25:04.0190 0164 PxHelp20 - ok
13:25:04.0206 0164 ql1080 - ok
13:25:04.0221 0164 Ql10wnt - ok
13:25:04.0237 0164 ql12160 - ok
13:25:04.0253 0164 ql1240 - ok
13:25:04.0268 0164 ql1280 - ok
13:25:04.0378 0164 QuickTimeUpdater (adb01aff425667720b43e60753911733) C:\Documents and Settings\John\Application Data\QuickTime\IE\QuickTimeUpdater.exe
13:25:04.0487 0164 QuickTimeUpdater ( UnsignedFile.Multi.Generic ) - warning
13:25:04.0487 0164 QuickTimeUpdater - detected UnsignedFile.Multi.Generic (1)
13:25:04.0534 0164 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:25:04.0690 0164 RasAcd - ok
13:25:04.0815 0164 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:25:05.0299 0164 RasAuto - ok
13:25:05.0393 0164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:25:05.0768 0164 Rasl2tp - ok
13:25:06.0299 0164 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:25:07.0440 0164 RasMan - ok
13:25:07.0487 0164 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:25:07.0815 0164 RasPppoe - ok
13:25:07.0846 0164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:25:08.0034 0164 Raspti - ok
13:25:08.0596 0164 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:25:09.0362 0164 Rdbss - ok
13:25:09.0721 0164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:25:09.0908 0164 RDPCDD - ok
13:25:10.0127 0164 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:25:10.0955 0164 rdpdr - ok
13:25:11.0111 0164 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
13:25:11.0721 0164 RDPWD - ok
13:25:11.0986 0164 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:25:13.0017 0164 RDSessMgr - ok
13:25:13.0111 0164 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:25:13.0752 0164 redbook - ok
13:25:13.0908 0164 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:25:14.0267 0164 RemoteAccess - ok
13:25:14.0361 0164 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
13:25:14.0783 0164 RemoteRegistry - ok
13:25:15.0095 0164 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:25:15.0486 0164 RpcLocator - ok
13:25:15.0877 0164 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
13:25:16.0798 0164 RpcSs - ok
13:25:16.0939 0164 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:25:17.0642 0164 RSVP - ok
13:25:17.0876 0164 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
13:25:18.0814 0164 RTL8023xp - ok
13:25:18.0892 0164 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:25:19.0142 0164 rtl8139 - ok
13:25:19.0189 0164 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:25:19.0345 0164 SamSs - ok
13:25:19.0486 0164 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:25:19.0595 0164 SASDIFSV - ok
13:25:19.0658 0164 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:25:19.0892 0164 SASKUTIL - ok
13:25:20.0032 0164 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:25:20.0861 0164 SCardSvr - ok
13:25:21.0079 0164 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:25:21.0860 0164 Schedule - ok
13:25:21.0939 0164 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:25:22.0095 0164 Secdrv - ok
13:25:22.0157 0164 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:25:22.0360 0164 seclogon - ok
13:25:22.0439 0164 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:25:23.0173 0164 SENS - ok
13:25:23.0220 0164 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:25:23.0438 0164 Serenum - ok
13:25:23.0532 0164 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
13:25:24.0063 0164 Serial - ok
13:25:24.0173 0164 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:25:24.0376 0164 Sfloppy - ok
13:25:24.0688 0164 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:25:25.0719 0164 SharedAccess - ok
13:25:25.0876 0164 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:25:26.0235 0164 ShellHWDetection - ok
13:25:26.0235 0164 Simbad - ok
13:25:26.0266 0164 Sparrow - ok
13:25:26.0298 0164 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:25:26.0501 0164 splitter - ok
13:25:26.0610 0164 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:25:26.0923 0164 Spooler - ok
13:25:27.0016 0164 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:25:27.0376 0164 sr - ok
13:25:27.0579 0164 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:25:28.0516 0164 srservice - ok
13:25:28.0875 0164 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:25:30.0000 0164 Srv - ok
13:25:30.0125 0164 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:25:30.0422 0164 SSDPSRV - ok
13:25:30.0469 0164 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
13:25:30.0625 0164 StillCam - ok
13:25:30.0985 0164 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:25:32.0047 0164 stisvc - ok
13:25:32.0094 0164 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:25:32.0250 0164 swenum - ok
13:25:32.0328 0164 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:25:32.0750 0164 swmidi - ok
13:25:32.0797 0164 SwPrv - ok
13:25:32.0813 0164 symc810 - ok
13:25:32.0828 0164 symc8xx - ok
13:25:32.0844 0164 sym_hi - ok
13:25:32.0844 0164 sym_u3 - ok
13:25:32.0938 0164 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:25:33.0313 0164 sysaudio - ok
13:25:33.0453 0164 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:25:34.0234 0164 SysmonLog - ok
13:25:34.0516 0164 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:25:35.0500 0164 TapiSrv - ok
13:25:35.0859 0164 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:25:37.0047 0164 Tcpip - ok
13:25:37.0078 0164 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:25:37.0297 0164 TDPIPE - ok
13:25:37.0343 0164 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:25:37.0578 0164 TDTCP - ok
13:25:37.0640 0164 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:25:37.0968 0164 TermDD - ok
13:25:38.0437 0164 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:25:39.0640 0164 TermService - ok
13:25:39.0812 0164 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:25:40.0203 0164 Themes - ok
13:25:40.0312 0164 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
13:25:40.0671 0164 TlntSvr - ok
13:25:40.0687 0164 TosIde - ok
13:25:40.0828 0164 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:25:41.0249 0164 TrkWks - ok
13:25:41.0359 0164 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:25:41.0765 0164 Udfs - ok
13:25:41.0781 0164 ultra - ok
13:25:41.0859 0164 UMWdf (1977313e362c8732c1af4d1bcb9c06b7) C:\WINDOWS\system32\wdfmgr.exe
13:25:42.0077 0164 UMWdf ( UnsignedFile.Multi.Generic ) - warning
13:25:42.0077 0164 UMWdf - detected UnsignedFile.Multi.Generic (1)
13:25:42.0452 0164 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:25:43.0749 0164 Update - ok
13:25:43.0968 0164 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:25:44.0733 0164 upnphost - ok
13:25:44.0780 0164 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:25:45.0015 0164 UPS - ok
13:25:45.0108 0164 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:25:45.0358 0164 usbccgp - ok
13:25:45.0436 0164 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:25:45.0686 0164 usbehci - ok
13:25:45.0780 0164 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:25:46.0155 0164 usbhub - ok
13:25:46.0218 0164 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:25:46.0421 0164 usbohci - ok
13:25:46.0514 0164 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:25:46.0749 0164 usbprint - ok
13:25:46.0780 0164 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:25:46.0983 0164 usbscan - ok
13:25:47.0046 0164 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:25:47.0296 0164 usbstor - ok
13:25:47.0374 0164 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:25:47.0593 0164 VgaSave - ok
13:25:47.0608 0164 ViaIde - ok
13:25:47.0686 0164 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:25:48.0233 0164 VolSnap - ok
13:25:48.0608 0164 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:25:49.0764 0164 VSS - ok
13:25:49.0967 0164 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:25:50.0717 0164 W32Time - ok
13:25:50.0795 0164 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:25:51.0077 0164 Wanarp - ok
13:25:51.0155 0164 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
13:25:51.0311 0164 wanatw - ok
13:25:51.0327 0164 WDICA - ok
13:25:51.0436 0164 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:25:51.0889 0164 wdmaud - ok
13:25:51.0983 0164 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:25:52.0389 0164 WebClient - ok
13:25:52.0670 0164 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:25:53.0326 0164 winmgmt - ok
13:25:53.0436 0164 WmdmPmSN (6eaa72fd9ef993ec1fa9a06de65105da) C:\WINDOWS\system32\mspmsnsv.dll
13:25:53.0545 0164 WmdmPmSN - ok
13:25:54.0342 0164 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
13:25:56.0107 0164 Wmi - ok
13:25:56.0389 0164 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:25:56.0967 0164 WmiApSrv - ok
13:25:57.0107 0164 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:25:57.0326 0164 WS2IFSL - ok
13:25:57.0435 0164 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:25:57.0842 0164 wscsvc - ok
13:25:57.0873 0164 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:25:58.0092 0164 wuauserv - ok
13:25:58.0670 0164 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:26:00.0279 0164 WZCSVC - ok
13:26:00.0295 0164 xmlprov - ok
13:26:00.0373 0164 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:26:01.0169 0164 \Device\Harddisk0\DR0 - ok
13:26:01.0185 0164 Boot (0x1200) (4de0a7dfab75c1cba61a0292c4340ffc) \Device\Harddisk0\DR0\Partition0
13:26:01.0201 0164 \Device\Harddisk0\DR0\Partition0 - ok
13:26:01.0201 0164 ============================================================
13:26:01.0201 0164 Scan finished
13:26:01.0201 0164 ============================================================
13:26:01.0326 3820 Detected object count: 7
13:26:01.0326 3820 Actual detected object count: 7
13:38:37.0126 3820 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
13:38:37.0126 3820 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:38:37.0126 3820 ehRecvr ( UnsignedFile.Multi.Generic ) - skipped by user
13:38:37.0126 3820 ehRecvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:38:37.0126 3820 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
13:38:37.0126 3820 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:38:37.0126 3820 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
13:38:37.0126 3820 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:38:37.0126 3820 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:38:37.0126 3820 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:38:37.0126 3820 QuickTimeUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
13:38:37.0126 3820 QuickTimeUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:38:37.0126 3820 UMWdf ( UnsignedFile.Multi.Generic ) - skipped by user
13:38:37.0126 3820 UMWdf ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:40:26.0696 3292 ============================================================
13:40:26.0696 3292 Scan started
13:40:26.0696 3292 Mode: Manual; SigCheck; TDLFS;
13:40:26.0696 3292 ============================================================
13:40:27.0618 3292 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:40:28.0306 3292 !SASCORE - ok
13:40:28.0399 3292 Abiosdsk - ok
13:40:28.0415 3292 abp480n5 - ok
13:40:28.0774 3292 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:40:33.0821 3292 ACPI - ok
13:40:33.0883 3292 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:40:34.0102 3292 ACPIEC - ok
13:40:34.0118 3292 adpu160m - ok
13:40:34.0290 3292 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:40:35.0196 3292 aec - ok
13:40:35.0383 3292 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:40:36.0118 3292 AFD - ok
13:40:36.0196 3292 AgereModemAudio (9c9d3b7a05445b1ab2df4d0c4d6b77e8) C:\Program Files\LSI SoftModem\agrsmsvc.exe
13:40:36.0274 3292 AgereModemAudio - ok
13:40:37.0446 3292 AgereSoftModem (35c391e40471a0b479328fc7b1b5f40f) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
13:40:39.0742 3292 AgereSoftModem - ok
13:40:41.0414 3292 Aha154x - ok
13:40:41.0414 3292 aic78u2 - ok
13:40:41.0430 3292 aic78xx - ok
13:40:43.0476 3292 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
13:40:46.0304 3292 ALCXWDM - ok
13:40:47.0554 3292 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:40:47.0757 3292 Alerter - ok
13:40:47.0929 3292 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:40:48.0101 3292 ALG - ok
13:40:48.0148 3292 AliIde - ok
13:40:48.0210 3292 amdide (6e58654cb25730b2579e45e1fd116a47) C:\WINDOWS\system32\DRIVERS\amdide.sys
13:40:48.0257 3292 amdide - ok
13:40:48.0304 3292 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
13:40:48.0445 3292 AmdPPM - ok
13:40:48.0445 3292 amsint - ok
13:40:48.0648 3292 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
13:40:48.0804 3292 AOL ACS - ok
13:40:48.0976 3292 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
13:40:49.0445 3292 AppMgmt - ok
13:40:49.0538 3292 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:40:49.0867 3292 Arp1394 - ok
13:40:49.0882 3292 asc - ok
13:40:49.0898 3292 asc3350p - ok
13:40:49.0898 3292 asc3550 - ok
13:40:50.0117 3292 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:40:50.0242 3292 aspnet_state - ok
13:40:50.0320 3292 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:40:50.0554 3292 AsyncMac - ok
13:40:50.0679 3292 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:40:51.0085 3292 atapi - ok
13:40:51.0101 3292 Atdisk - ok
13:40:51.0632 3292 Ati HotKey Poller (2dab3b19f697ff981eee587c580d7e38) C:\WINDOWS\system32\Ati2evxx.exe
13:40:52.0944 3292 Ati HotKey Poller - ok
13:40:53.0523 3292 ATI Smart (72810c6a63076a480abce0e0ba0bc981) C:\WINDOWS\system32\ati2sgag.exe
13:40:54.0413 3292 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
13:40:54.0413 3292 ATI Smart - detected UnsignedFile.Multi.Generic (1)
13:40:57.0429 3292 ati2mtag (ef1fa1877c6f411937623844423024a5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:41:01.0460 3292 ati2mtag - ok
13:41:02.0772 3292 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:41:03.0100 3292 Atmarpc - ok
13:41:03.0178 3292 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:41:03.0444 3292 AudioSrv - ok
13:41:03.0475 3292 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:41:03.0616 3292 audstub - ok
13:41:03.0662 3292 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:41:03.0834 3292 Beep - ok
13:41:04.0241 3292 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:41:05.0225 3292 BITS - ok
13:41:05.0365 3292 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:41:05.0740 3292 Browser - ok
13:41:05.0850 3292 catchme - ok
13:41:05.0944 3292 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:41:06.0178 3292 cbidf2k - ok
13:41:06.0178 3292 cd20xrnt - ok
13:41:06.0240 3292 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:41:06.0459 3292 Cdaudio - ok
13:41:06.0569 3292 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:41:06.0850 3292 Cdfs - ok
13:41:06.0944 3292 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:41:07.0272 3292 Cdrom - ok
13:41:07.0272 3292 Changer - ok
13:41:07.0334 3292 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:41:07.0506 3292 CiSvc - ok
13:41:07.0584 3292 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:41:07.0850 3292 ClipSrv - ok
13:41:08.0084 3292 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:41:08.0303 3292 clr_optimization_v2.0.50727_32 - ok
13:41:08.0318 3292 CmdIde - ok
13:41:08.0334 3292 COMSysApp - ok
13:41:08.0350 3292 Cpqarray - ok
13:41:08.0459 3292 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:41:08.0756 3292 CryptSvc - ok
13:41:08.0756 3292 dac2w2k - ok
13:41:08.0772 3292 dac960nt - ok
13:41:09.0162 3292 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:41:10.0053 3292 DcomLaunch - ok
13:41:10.0209 3292 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:41:10.0646 3292 Dhcp - ok
13:41:10.0740 3292 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:41:11.0053 3292 Disk - ok
13:41:11.0053 3292 dmadmin - ok
13:41:11.0803 3292 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:41:13.0099 3292 dmboot - ok
13:41:14.0521 3292 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:41:15.0052 3292 dmio - ok
13:41:15.0084 3292 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:41:15.0271 3292 dmload - ok
13:41:15.0349 3292 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:41:15.0552 3292 dmserver - ok
13:41:15.0646 3292 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:41:15.0959 3292 DMusic - ok
13:41:16.0052 3292 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:41:16.0255 3292 Dnscache - ok
13:41:16.0427 3292 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:41:16.0927 3292 Dot3svc - ok
13:41:16.0927 3292 dpti2o - ok
13:41:16.0974 3292 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:41:17.0130 3292 drmkaud - ok
13:41:17.0193 3292 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:41:17.0396 3292 EapHost - ok
13:41:17.0677 3292 ehRecvr (27434c42a13c11f92ca45840b720d671) C:\WINDOWS\eHome\ehRecvr.exe
13:41:18.0193 3292 ehRecvr ( UnsignedFile.Multi.Generic ) - warning
13:41:18.0193 3292 ehRecvr - detected UnsignedFile.Multi.Generic (1)
13:41:18.0318 3292 ehSched (16910f8b482919bb6035ed053b691692) C:\WINDOWS\eHome\ehSched.exe
13:41:18.0615 3292 ehSched - ok
13:41:18.0677 3292 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:41:18.0880 3292 ERSvc - ok
13:41:19.0021 3292 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:41:19.0349 3292 Eventlog - ok
13:41:19.0724 3292 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:41:20.0396 3292 EventSystem - ok
13:41:20.0599 3292 F-Secure Filter (d4980588ed87f8bb16be43ddd0fbd5fe) C:\Program Files\Charter Security Suite\Anti-Virus\Win2K\FSfilter.sys
13:41:20.0739 3292 F-Secure Filter - ok
13:41:20.0911 3292 F-Secure Gatekeeper (66422dc3faa1de433371816056d28270) C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys
13:41:21.0349 3292 F-Secure Gatekeeper - ok
13:41:21.0567 3292 F-Secure Gatekeeper Handler Starter (a9be66e05254b20df82e0f7cddeca7dd) C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
13:41:22.0161 3292 F-Secure Gatekeeper Handler Starter - ok
13:41:22.0271 3292 F-Secure HIPS (f5aca65237c7511d5803cdc5e7003d75) C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys
13:41:22.0489 3292 F-Secure HIPS - ok
13:41:22.0521 3292 F-Secure Recognizer (6ce1195511533c9359f91a9e63792f5e) C:\Program Files\Charter Security Suite\Anti-Virus\Win2K\FSrec.sys
13:41:22.0630 3292 F-Secure Recognizer - ok
13:41:24.0036 3292 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:41:24.0583 3292 Fastfat - ok
13:41:24.0770 3292 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:41:25.0161 3292 FastUserSwitchingCompatibility - ok
13:41:25.0239 3292 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:41:25.0489 3292 Fdc - ok
13:41:25.0552 3292 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:41:25.0817 3292 Fips - ok
13:41:25.0864 3292 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:41:26.0098 3292 Flpydisk - ok
13:41:26.0255 3292 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:41:26.0739 3292 FltMgr - ok
13:41:26.0911 3292 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:41:27.0051 3292 FontCache3.0.0.0 - ok
13:41:27.0114 3292 fsbts (1d2de58a837e6909f98ca35103d10739) C:\WINDOWS\system32\Drivers\fsbts.sys
13:41:27.0255 3292 fsbts - ok
13:41:27.0848 3292 FSDFWD (6bc997049c3cb6e39a7660d4c8cefbe0) C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe
13:41:29.0020 3292 FSDFWD - ok
13:41:29.0129 3292 FSFW (d93e91a800af12ccb14f3ee7cd3a22a2) C:\WINDOWS\system32\drivers\fsdfw.sys
13:41:29.0379 3292 FSFW - ok
13:41:29.0598 3292 FSMA (392e85687a902239c01baddf212b1a36) C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
13:41:30.0114 3292 FSMA - ok
13:41:30.0192 3292 FSORSPClient (10c6d96cc21a9b73fe1f0119cc38d9c0) C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe
13:41:30.0379 3292 FSORSPClient - ok
13:41:30.0426 3292 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:41:30.0598 3292 Fs_Rec - ok
13:41:30.0739 3292 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:41:31.0270 3292 Ftdisk - ok
13:41:31.0332 3292 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:41:31.0582 3292 Gpc - ok
13:41:31.0692 3292 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:41:31.0973 3292 helpsvc - ok
13:41:32.0020 3292 HidCom (d641bde4540c244179c12c51cf31eb34) C:\WINDOWS\system32\DRIVERS\BdHidCom.sys
13:41:32.0114 3292 HidCom - ok
13:41:32.0129 3292 HidServ - ok
13:41:32.0176 3292 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:41:32.0348 3292 HidUsb - ok
13:41:32.0442 3292 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:41:32.0770 3292 hkmsvc - ok
13:41:32.0785 3292 hpn - ok
13:41:32.0879 3292 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:41:33.0067 3292 HPZid412 - ok
13:41:33.0098 3292 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:41:33.0176 3292 HPZipr12 - ok
13:41:33.0223 3292 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:41:33.0332 3292 HPZius12 - ok
13:41:33.0598 3292 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:41:34.0348 3292 HTTP - ok
13:41:34.0410 3292 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:41:34.0598 3292 HTTPFilter - ok
13:41:34.0613 3292 i2omgmt - ok
13:41:34.0629 3292 i2omp - ok
13:41:34.0707 3292 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:41:35.0020 3292 i8042prt - ok
13:41:36.0285 3292 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:41:38.0191 3292 idsvc - ok
13:41:38.0691 3292 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:41:38.0941 3292 Imapi - ok
13:41:39.0113 3292 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:41:39.0644 3292 ImapiService - ok
13:41:39.0660 3292 ini910u - ok
13:41:39.0676 3292 IntelIde - ok
13:41:39.0847 3292 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:41:40.0176 3292 Ip6Fw - ok
13:41:40.0254 3292 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:41:40.0472 3292 IpFilterDriver - ok
13:41:40.0504 3292 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:41:40.0691 3292 IpInIp - ok
13:41:40.0863 3292 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:41:41.0410 3292 IpNat - ok
13:41:41.0519 3292 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:41:41.0847 3292 IPSec - ok
13:41:41.0879 3292 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:41:41.0988 3292 IRENUM - ok
13:41:42.0066 3292 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:41:42.0316 3292 isapnp - ok
13:41:42.0363 3292 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:41:42.0550 3292 Kbdclass - ok
13:41:42.0753 3292 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:41:43.0316 3292 kmixer - ok
13:41:43.0410 3292 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:41:43.0707 3292 KSecDD - ok
13:41:43.0816 3292 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:41:44.0128 3292 lanmanserver - ok
13:41:44.0300 3292 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:41:44.0675 3292 lanmanworkstation - ok
13:41:44.0691 3292 lbrtfdc - ok
13:41:44.0753 3292 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:41:44.0910 3292 LmHosts - ok
13:41:44.0988 3292 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:41:45.0206 3292 Messenger - ok
13:41:45.0316 3292 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
13:41:45.0566 3292 MHN ( UnsignedFile.Multi.Generic ) - warning
13:41:45.0566 3292 MHN - detected UnsignedFile.Multi.Generic (1)
13:41:45.0597 3292 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
13:41:45.0660 3292 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
13:41:45.0660 3292 MHNDRV - detected UnsignedFile.Multi.Generic (1)
13:41:45.0722 3292 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:41:45.0863 3292 mnmdd - ok
13:41:45.0941 3292 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:41:46.0175 3292 mnmsrvc - ok
13:41:46.0316 3292 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:41:46.0519 3292 Modem - ok
13:41:46.0566 3292 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:41:46.0784 3292 Mouclass - ok
13:41:46.0831 3292 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:41:47.0003 3292 mouhid - ok
13:41:47.0081 3292 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:41:47.0316 3292 MountMgr - ok
13:41:47.0331 3292 mraid35x - ok
13:41:47.0519 3292 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:41:48.0112 3292 MRxDAV - ok
13:41:48.0581 3292 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:41:49.0659 3292 MRxSmb - ok
13:41:49.0722 3292 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:41:49.0862 3292 MSDTC - ok
13:41:49.0909 3292 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:41:50.0144 3292 Msfs - ok
13:41:50.0159 3292 MSIServer - ok
13:41:50.0222 3292 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:41:50.0394 3292 MSKSSRV - ok
13:41:50.0425 3292 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:41:50.0565 3292 MSPCLOCK - ok
13:41:50.0581 3292 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:41:50.0769 3292 MSPQM - ok
13:41:50.0831 3292 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:41:51.0003 3292 mssmbios - ok
13:41:51.0128 3292 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:41:51.0456 3292 Mup - ok
13:41:51.0737 3292 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:41:52.0550 3292 napagent - ok
13:41:52.0737 3292 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:41:53.0393 3292 NDIS - ok
13:41:53.0456 3292 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:41:53.0534 3292 NdisTapi - ok
13:41:53.0581 3292 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:41:53.0753 3292 Ndisuio - ok
13:41:53.0878 3292 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:41:54.0268 3292 NdisWan - ok
13:41:54.0346 3292 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:41:54.0487 3292 NDProxy - ok
13:41:54.0581 3292 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:41:54.0831 3292 NetBIOS - ok
13:41:55.0018 3292 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:41:55.0581 3292 NetBT - ok
13:41:55.0721 3292 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:41:56.0159 3292 NetDDE - ok
13:41:56.0159 3292 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:41:56.0612 3292 NetDDEdsdm - ok
13:41:56.0659 3292 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:41:56.0846 3292 Netlogon - ok
13:41:57.0065 3292 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:41:57.0690 3292 Netman - ok
13:41:57.0940 3292 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:41:58.0299 3292 NetTcpPortSharing - ok
13:41:58.0409 3292 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:41:58.0721 3292 NIC1394 - ok
13:41:58.0987 3292 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:41:59.0659 3292 Nla - ok
13:41:59.0784 3292 Norton PC Checkup Application Launcher - ok
13:41:59.0830 3292 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:42:00.0049 3292 Npfs - ok
13:42:00.0674 3292 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:42:01.0705 3292 Ntfs - ok
13:42:01.0752 3292 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:42:01.0908 3292 NtLmSsp - ok
13:42:02.0346 3292 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:42:03.0361 3292 NtmsSvc - ok
13:42:03.0471 3292 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:42:03.0611 3292 Null - ok
13:42:03.0674 3292 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:42:03.0830 3292 NwlnkFlt - ok
13:42:03.0877 3292 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:42:04.0080 3292 NwlnkFwd - ok
13:42:04.0658 3292 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:42:05.0627 3292 odserv - ok
13:42:05.0721 3292 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:42:06.0017 3292 ohci1394 - ok
13:42:06.0205 3292 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:42:06.0658 3292 ose - ok
13:42:06.0767 3292 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:42:07.0111 3292 Parport - ok
13:42:07.0174 3292 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:42:07.0346 3292 PartMgr - ok
13:42:07.0392 3292 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:42:07.0549 3292 ParVdm - ok
13:42:07.0767 3292 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
13:42:08.0127 3292 PCCUJobMgr - ok
13:42:08.0205 3292 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:42:08.0517 3292 PCI - ok
13:42:08.0533 3292 PCIDump - ok
13:42:08.0549 3292 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:42:08.0736 3292 PCIIde - ok
13:42:08.0877 3292 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:42:09.0298 3292 Pcmcia - ok
13:42:09.0314 3292 PDCOMP - ok
13:42:09.0314 3292 PDFRAME - ok
13:42:09.0330 3292 PDRELI - ok
13:42:09.0345 3292 PDRFRAME - ok
13:42:09.0361 3292 perc2 - ok
13:42:09.0377 3292 perc2hib - ok
13:42:09.0533 3292 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:42:09.0845 3292 PlugPlay - ok
13:42:10.0002 3292 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
13:42:10.0236 3292 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:42:10.0236 3292 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:42:10.0283 3292 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:42:10.0439 3292 PolicyAgent - ok
13:42:10.0517 3292 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:42:10.0752 3292 PptpMiniport - ok
13:42:10.0814 3292 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
13:42:11.0033 3292 Processor - ok
13:42:11.0048 3292 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:42:11.0205 3292 ProtectedStorage - ok
13:42:11.0267 3292 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:42:11.0595 3292 PSched - ok
13:42:11.0830 3292 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:42:12.0001 3292 Ptilink - ok
13:42:12.0095 3292 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:42:12.0236 3292 PxHelp20 - ok
13:42:12.0251 3292 ql1080 - ok
13:42:12.0251 3292 Ql10wnt - ok
13:42:12.0267 3292 ql12160 - ok
13:42:12.0283 3292 ql1240 - ok
13:42:12.0298 3292 ql1280 - ok
13:42:12.0439 3292 QuickTimeUpdater (adb01aff425667720b43e60753911733) C:\Documents and Settings\John\Application Data\QuickTime\IE\QuickTimeUpdater.exe
13:42:12.0533 3292 QuickTimeUpdater ( UnsignedFile.Multi.Generic ) - warning
13:42:12.0533 3292 QuickTimeUpdater - detected UnsignedFile.Multi.Generic (1)
13:42:12.0580 3292 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:42:12.0736 3292 RasAcd - ok
13:42:12.0861 3292 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:42:13.0220 3292 RasAuto - ok
13:42:13.0298 3292 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:42:13.0564 3292 Rasl2tp - ok
13:42:13.0783 3292 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:42:14.0361 3292 RasMan - ok
13:42:14.0423 3292 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:42:14.0673 3292 RasPppoe - ok
13:42:14.0704 3292 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:42:14.0892 3292 Raspti - ok
13:42:15.0064 3292 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:42:15.0626 3292 Rdbss - ok
13:42:15.0689 3292 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:42:15.0845 3292 RDPCDD - ok
13:42:16.0064 3292 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:42:16.0689 3292 rdpdr - ok
13:42:16.0907 3292 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
13:42:17.0298 3292 RDPWD - ok
13:42:17.0548 3292 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:42:17.0985 3292 RDSessMgr - ok
13:42:18.0064 3292 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:42:18.0345 3292 redbook - ok
13:42:18.0517 3292 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:42:18.0798 3292 RemoteAccess - ok
13:42:18.0892 3292 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
13:42:19.0173 3292 RemoteRegistry - ok
13:42:19.0298 3292 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:42:19.0610 3292 RpcLocator - ok
13:42:20.0032 3292 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
13:42:20.0938 3292 RpcSs - ok
13:42:21.0157 3292 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:42:21.0610 3292 RSVP - ok
13:42:21.0860 3292 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
13:42:22.0251 3292 RTL8023xp - ok
13:42:22.0298 3292 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:42:22.0516 3292 rtl8139 - ok
13:42:22.0563 3292 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:42:22.0735 3292 SamSs - ok
13:42:22.0844 3292 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:42:22.0923 3292 SASDIFSV - ok
13:42:22.0985 3292 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:42:23.0188 3292 SASKUTIL - ok
13:42:23.0329 3292 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:42:23.0719 3292 SCardSvr - ok
13:42:23.0938 3292 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:42:24.0579 3292 Schedule - ok
13:42:24.0626 3292 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:42:24.0766 3292 Secdrv - ok
13:42:24.0813 3292 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:42:25.0001 3292 seclogon - ok
13:42:25.0079 3292 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:42:25.0313 3292 SENS - ok
13:42:25.0344 3292 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:42:25.0516 3292 Serenum - ok
13:42:25.0625 3292 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
13:42:25.0938 3292 Serial - ok
13:42:26.0000 3292 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:42:26.0172 3292 Sfloppy - ok
13:42:26.0500 3292 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:42:27.0297 3292 SharedAccess - ok
13:42:27.0469 3292 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:42:27.0828 3292 ShellHWDetection - ok
13:42:27.0844 3292 Simbad - ok
13:42:27.0860 3292 Sparrow - ok
13:42:27.0907 3292 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:42:28.0047 3292 splitter - ok
13:42:28.0141 3292 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:42:28.0344 3292 Spooler - ok
13:42:28.0438 3292 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:42:28.0735 3292 sr - ok
13:42:28.0938 3292 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:42:29.0422 3292 srservice - ok
13:42:29.0766 3292 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:42:30.0531 3292 Srv - ok
13:42:30.0719 3292 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:42:30.0984 3292 SSDPSRV - ok
13:42:31.0031 3292 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
13:42:31.0188 3292 StillCam - ok
13:42:31.0516 3292 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:42:32.0266 3292 stisvc - ok
13:42:32.0328 3292 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:42:32.0500 3292 swenum - ok
13:42:32.0578 3292 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:42:32.0859 3292 swmidi - ok
13:42:32.0875 3292 SwPrv - ok
13:42:32.0891 3292 symc810 - ok
13:42:32.0906 3292 symc8xx - ok
13:42:32.0922 3292 sym_hi - ok
13:42:32.0937 3292 sym_u3 - ok
13:42:33.0016 3292 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:42:33.0312 3292 sysaudio - ok
13:42:33.0437 3292 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:42:33.0812 3292 SysmonLog - ok
13:42:34.0078 3292 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:42:34.0828 3292 TapiSrv - ok
13:42:35.0281 3292 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:42:36.0062 3292 Tcpip - ok
13:42:36.0140 3292 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:42:36.0312 3292 TDPIPE - ok
13:42:36.0359 3292 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:42:36.0562 3292 TDTCP - ok
13:42:36.0640 3292 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:42:36.0922 3292 TermDD - ok
13:42:37.0234 3292 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:42:38.0109 3292 TermService - ok
13:42:38.0265 3292 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:42:38.0640 3292 Themes - ok
13:42:38.0734 3292 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
13:42:39.0015 3292 TlntSvr - ok
13:42:39.0031 3292 TosIde - ok
13:42:39.0156 3292 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:42:39.0515 3292 TrkWks - ok
13:42:39.0624 3292 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:42:39.0937 3292 Udfs - ok
13:42:39.0937 3292 ultra - ok
13:42:39.0999 3292 UMWdf (1977313e362c8732c1af4d1bcb9c06b7) C:\WINDOWS\system32\wdfmgr.exe
13:42:40.0140 3292 UMWdf ( UnsignedFile.Multi.Generic ) - warning
13:42:40.0140 3292 UMWdf - detected UnsignedFile.Multi.Generic (1)
13:42:40.0499 3292 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:42:41.0390 3292 Update - ok
13:42:41.0609 3292 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:42:42.0156 3292 upnphost - ok
13:42:42.0218 3292 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:42:42.0390 3292 UPS - ok
13:42:42.0452 3292 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:42:42.0671 3292 usbccgp - ok
13:42:42.0749 3292 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:42:42.0968 3292 usbehci - ok
13:42:43.0077 3292 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:42:43.0359 3292 usbhub - ok
13:42:43.0421 3292 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:42:43.0593 3292 usbohci - ok
13:42:43.0655 3292 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:42:43.0859 3292 usbprint - ok
13:42:43.0905 3292 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:42:44.0062 3292 usbscan - ok
13:42:44.0124 3292 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:42:44.0327 3292 usbstor - ok
13:42:44.0390 3292 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:42:44.0577 3292 VgaSave - ok
13:42:44.0593 3292 ViaIde - ok
13:42:44.0671 3292 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:42:44.0937 3292 VolSnap - ok
13:42:45.0374 3292 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:42:46.0233 3292 VSS - ok
13:42:46.0468 3292 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:42:47.0061 3292 W32Time - ok
13:42:47.0124 3292 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:42:47.0374 3292 Wanarp - ok
13:42:47.0452 3292 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
13:42:47.0577 3292 wanatw - ok
13:42:47.0593 3292 WDICA - ok
13:42:47.0686 3292 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:42:48.0061 3292 wdmaud - ok
13:42:48.0171 3292 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:42:48.0452 3292 WebClient - ok
13:42:48.0718 3292 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:42:49.0202 3292 winmgmt - ok
13:42:49.0296 3292 WmdmPmSN (6eaa72fd9ef993ec1fa9a06de65105da) C:\WINDOWS\system32\mspmsnsv.dll
13:42:49.0405 3292 WmdmPmSN - ok
13:42:50.0155 3292 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
13:42:51.0421 3292 Wmi - ok
13:42:51.0608 3292 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:42:52.0108 3292 WmiApSrv - ok
13:42:52.0249 3292 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:42:52.0420 3292 WS2IFSL - ok
13:42:52.0530 3292 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:42:52.0842 3292 wscsvc - ok
13:42:52.0889 3292 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:42:53.0030 3292 wuauserv - ok
13:42:53.0514 3292 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:42:54.0686 3292 WZCSVC - ok
13:42:54.0702 3292 xmlprov - ok
13:42:54.0764 3292 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:42:55.0592 3292 \Device\Harddisk0\DR0 - ok
13:42:55.0592 3292 Boot (0x1200) (4de0a7dfab75c1cba61a0292c4340ffc) \Device\Harddisk0\DR0\Partition0
13:42:55.0608 3292 \Device\Harddisk0\DR0\Partition0 - ok
13:42:55.0608 3292 ============================================================
13:42:55.0608 3292 Scan finished
13:42:55.0608 3292 ============================================================
13:42:55.0623 3284 Detected object count: 7
13:42:55.0623 3284 Actual detected object count: 7
13:56:09.0183 3284 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:09.0183 3284 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:56:09.0183 3284 ehRecvr ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:09.0183 3284 ehRecvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:56:09.0183 3284 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:09.0183 3284 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:56:09.0183 3284 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:09.0183 3284 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:56:09.0199 3284 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:09.0199 3284 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:56:09.0199 3284 QuickTimeUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:09.0199 3284 QuickTimeUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:56:09.0199 3284 UMWdf ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:09.0199 3284 UMWdf ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:56:13.0480 3888 Deinitialize success
  • 0

#20
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
My weekend was great! How was yours?



You have several things loading on bootup.

Let's try a clean boot and then run OTL with Quickscan.

Clean Boot

Can you please perform a clean boot and see if you can boot into windows normal mode then: http://support.microsoft.com/kb/310353


If that does not work let me know what you see when it hangs or stops.

Regards,

CompCav
  • 0

#21
Cotutor

Cotutor

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 494 posts
Same result, did a clean boot, ran quick scan and it scans the modules and the services without any problem but when it gets to 'scanning driver: xmlprov... that is where it hangs...and just locks up and sits there... YOu can close OTL and it gives you the 'non-responsive' report window...
  • 0

#22
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Try to run scan but click:

All users
Use Company-Name Whitelist
Skip Microsoft Files
Lop check
Purity check
Under Drivers select None


Then click Run Scan
  • 0

#23
Cotutor

Cotutor

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 494 posts
That ran:

OTL logfile created on: 7/30/2012 7:49:19 PM - Run 5
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\John\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 76.27% Memory free
1.95 Gb Paging File | 1.74 Gb Available in Paging File | 89.47% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 160.46 Gb Free Space | 86.13% Space Free | Partition Type: NTFS

Computer Name: STANLEY-B78766E | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/23 08:52:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/10 08:00:00 | 000,268,288 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\xmlprov.dll -- (xmlprov)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2011/11/30 03:28:49 | 000,135,608 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/07/12 12:08:14 | 000,018,432 | ---- | M] () [Disabled | Stopped] -- C:\Documents and Settings\John\Application Data\QuickTime\IE\QuickTimeUpdater.exe -- (QuickTimeUpdater)
SRV - [2011/05/03 17:56:02 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/08/05 11:59:26 | 000,055,904 | ---- | M] (F-Secure Corporation) [Disabled | Stopped] -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2009/08/05 11:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Disabled | Stopped] -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 11:57:20 | 000,522,848 | ---- | M] (F-Secure Corporation) [Disabled | Stopped] -- C:\Program Files\Charter Security Suite\FWES\program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/08/05 11:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Disabled | Stopped] -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2008/08/26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.co...e=tb50TB50CLie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-220523388-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..\SearchScopes,DefaultScope = {FD9D2D24-074E-46F5-93AB-EBA56AF0962F}
IE - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.co...e=tb50TB50CLie7
IE - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..\SearchScopes\{FD9D2D24-074E-46F5-93AB-EBA56AF0962F}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-220523388-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/07/15 17:43:07 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Charter Security Suite\NRS\[email protected] [2012/07/04 22:55:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


O1 HOSTS File: ([2012/07/27 09:37:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1340811782687 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADE2205F-57FA-4CD3-8DB4-99DA7343A9B4}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/22 15:11:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/30 19:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2012/07/30 13:20:17 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\John\Desktop\tdsskiller.exe
[2012/07/27 09:19:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/07/27 08:51:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/27 08:51:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/27 08:51:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/27 08:51:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/27 08:50:58 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/27 08:50:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/27 08:48:44 | 004,719,842 | R--- | C] (Swearware) -- C:\Documents and Settings\John\Desktop\ComboFix.exe
[2012/07/25 20:29:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/25 11:15:38 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\John\Desktop\aswMBR.exe
[2012/07/23 08:52:17 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2012/07/17 15:48:10 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/13 15:04:42 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\John\Desktop\dds.exe
[2012/07/04 22:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\f-secure
[2012/07/04 22:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Charter Security Suite
[2012/07/04 22:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure
[2012/07/04 22:35:31 | 000,080,000 | ---- | C] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys
[2012/07/04 22:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\Charter Security Suite
[2012/07/04 22:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fssg
[2012/07/04 22:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2012/07/04 21:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Malwarebytes

========== Files - Modified Within 30 Days ==========

[2012/07/30 19:26:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/30 19:22:13 | 000,000,433 | RHS- | M] () -- C:\boot.ini
[2012/07/30 13:21:00 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\John\Desktop\tdsskiller.exe
[2012/07/30 13:11:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/27 09:37:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/27 08:49:12 | 004,719,842 | R--- | M] (Swearware) -- C:\Documents and Settings\John\Desktop\ComboFix.exe
[2012/07/25 11:16:17 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\John\Desktop\aswMBR.exe
[2012/07/23 08:52:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2012/07/20 17:57:07 | 000,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/20 16:55:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/13 15:06:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\John\Desktop\dds.exe
[2012/07/04 22:56:10 | 000,044,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012/07/04 22:43:21 | 000,001,976 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Charter Security Suite.lnk
[2012/07/04 22:35:38 | 000,449,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/04 22:35:37 | 000,075,048 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/04 21:38:13 | 000,022,716 | ---- | M] () -- C:\Documents and Settings\John\Application Data\wklnhst.dat

========== Files Created - No Company Name ==========

[2012/07/27 08:51:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/27 08:51:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/27 08:51:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/27 08:51:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/27 08:51:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/04 22:43:21 | 000,001,976 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Charter Security Suite.lnk
[2012/07/04 22:36:50 | 000,044,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012/02/16 01:22:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/07/22 21:16:19 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/28 21:23:17 | 000,022,716 | ---- | C] () -- C:\Documents and Settings\John\Application Data\wklnhst.dat
[2009/05/22 15:27:26 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2012/07/30 19:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2009/05/22 15:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/11/23 16:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager
[2009/05/26 16:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/07/04 22:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2012/07/04 22:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2009/07/11 21:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova
[2009/05/30 13:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/05/03 21:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2011/11/23 16:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2009/08/03 11:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/03/29 21:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\DriverCure
[2012/07/04 22:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\f-secure
[2010/03/22 10:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\MSNInstaller
[2011/07/25 23:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\PhotoScape
[2009/08/02 15:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Skinux
[2012/03/29 21:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\SpeedyPC Software
[2009/05/28 21:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Template
[2011/11/23 17:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Tific

========== Purity Check ==========



< End of report >
  • 0

#24
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Do you have or can you borrow a Windows XP Media Center edition installation CD?

We might want to run a repair install, there are simply too many drivers in a corrupted state.
  • 0

#25
Cotutor

Cotutor

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 494 posts
I do have one.
Can you tell me how you determined there are corrupted drivers?
  • 0

Advertisements


#26
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Sure look at the list in the Farbar scan that have only an x

Also with OTL not running properly it is seeing artifacts of corruption that it cannot process normally.



Let's do a repair install. First back up any data you might want as a precaution. This should not be an issue but we should always be safe instead of sorry.

Repair Install of Windows XP

When you have had difficulty connecting to the internet and need to do a repair install there are a few steps you will need to do to prepare.


Step 1.

Uninstall your USB network adapter. If it is an external wireless. If not go on to the next step.


Step 2.

Prepare for Repair Install

Collect:

Windows XP CD (Not a recovery disk but a true Windows XP disk)

Make sure you have your Windows XP CD_KEY. Most madchines have it on a tag on the side or back of desktop computers or on the underside of laptops.

If you do not have the CD-Key, visit the keyfinder page to retrieve your CD-KEY by downloading and using Magical Jelly Bean Keyfinder.


Step 3.

Configuring Your Computer to Boot from CD

Many computers are not configured to boot from the CDROM. If you cannot boot from the CDROM, this is probably due to the boot order of your devices being incorrect. You can change this in the BIOS.

You enter the BIOS from the first screen you see when you turn your computer on. To enter your BIOS, most users here will press the DEL key.

Most Dell, Toshiba, Gateway, Sony & HP systems will press F2.

Compaq users will usually have to press F10.

IBM typically uses F1 or F2.

Other brands may have different keys to press to enter setup, F1, F2, Del, Tab and CTRL+S. If possible see the manual for your computer or motherboard. Also, the BIOS will usually display which button to press to "enter setup" during POST (if it flashes by too fast, press the Pause key).

When you enter the BIOS setup, you need to change the boot order. The CDROM should be setup before the Hard Drive. Each BIOS is different, but here is an example:

Posted Image


Step 4.

Repair Install of Windows XP

In previous versions of Windows, correcting an operating system error, or installing a new motherboard, usually meant formating and reinstalling, resulting in loss of all data. Don't worry; Windows XP repair feature won't delete your data, installed programs, personal information, or settings. It just repairs the operating system!

Note: The system repair function will remove any updates you have previously installed that are not included on the CD. Drivers will also be reverted to their original XP versions, as well as some settings (network & performance settings may sometimes be reset to their defaults). It may be necessary to reactivate your Windows XP as well. When finished, you will have to download all of the updates from Microsoft Windows Update, because they are all replaced during repair.

Why would I want to reinstall Windows XP?
1) Can't start Windows XP in safe mode.
2) You have problems caused by a recently installed system update (Windows Update, hotfix, Windows XP service pack, or Microsoft Internet Explorer update).
3) Your problems can't be solved with system restore, or you can't access system restore.
4) You've installed a new motherboard, or made other major hardware changes and need to reinstall Windows.

Let's get started!

Step 1: Rule out hardware issues. Windows Repair will only fix software problems. Hardware issues can also cause boot problems (i.e. bad hard drive, memory, CPU, or power supply).

Step 2: Backup. It's always a good idea to backup your important data before making changes to Windows XP. Relax, if you follow these instructions your data will be perfectly safe.

Step 3: Boot from your Windows XP CD. Insert the Windows XP CD into your computer's CD-ROM or DVD-ROM drive, and then restart your computer. When the "Press any key to boot from CD" message appears on the screen, press a key to start your computer from the Windows XP CD. Can't boot from your CD? Please see the note at the bottom of this page (Configuring Your Computer to Boot from CD).

Step 4: A blue screen will appear and begin loading Windows XP Setup from the CD.

Note: RAID/SCSI/Unsupported UDMA users:
You will be prompted to "press F6 to install any third party SCSI or RAID drivers". Most users will not have to press F6, but if you are running RAID, SCSI or unsupported UDMA controllers, then you will have to have your controller drivers on a floppy disk. If you are unsure whether you have RAID/SCSI, then simply let the CD load without pressing F6.

When completed loading files, you will be presented with the following "Windows Setup" screen, and your first option. Select "To set up Windows XP now, press ENTER". DO NOT select Recovery Console

Posted Image

When presented with the screen below. press the F8 key to continue.

Posted Image

Next, Windows Setup will find existing Windows XP installations. You will be asked to repair an existing XP installation, or install a fresh copy of Windows XP.

If no installations are found, then you will not be given the option to repair. This may happen if the data or partition on your drive is too corrupted.

Note: If you install a fresh copy, all data on that partition will be lost!

Posted Image

Your almost finished! Windows XP will appear to be installing itself for the first time, but it will retain all of your data and settings. Just follow the prompts, and have your CD-KEY ready if needed.

Update: Due to the proliferation of the Blaster and Welchia Worm/Virus be aware that a Repair Install will leave your system vulnerable. You can get infected within seconds. Do not go on line until you have enabled XP's firewall first

Remember to run Windows Update! (install critical updates first)


Step 5.

Make sure you have the windows firewall enabled.

Antvirus software is a necessity. This is your primary line of defense against the type of malware that has infected your computer. Each of the following products have real-time protection and scheduled scans. Please choose one, install it, update the antivirus database/definitions, and run a complete scan.

These are among the best free antivirus/antispyware products.
*Please note* You should never install more than one anti-virus program on a PC because it will cause conflicts.

Then reinstall your USB Network Adapter following your manufacturer's directions.

Once you have established an internet connection immediately go to Windows Update and install all remaining critical updates
  • 0

#27
Cotutor

Cotutor

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 494 posts
CompCav,
I'm starting repair install now, will let you know when that's complete, I'm assuming you want me to try and run OTL again after the repair and update?
Also, I noticed one step you might want to consider adding to your repair install. I highly recommend uninstalling IE 8.0 before beginning the repair. I've done a repair install in a couple of xp systems before and if IE 8 was installed it was a nitemare trying to get the system back online to do updates. But uninstalling IE 8.0 before the repair allows things to go much smoother. Just FYI. I don't mean to come across as a know it all or anything, obviously I'm still a newby at the malware side, but windows installs are not new territory to me.
  • 0

#28
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

I'm assuming you want me to try and run OTL again after the repair and update?

Yes after you have updated back to current.

But uninstalling IE 8.0 before the repair allows things to go much smoother.

Thanks for the tip! :thumbsup:

CompCav
  • 0

#29
Cotutor

Cotutor

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 494 posts
Well when you haven't done something in a while, you forget the little things. Another note, it is advisable to uninstall ALL .net software and updates before attempting a repair install. I didn't do this, and I remembered it when I got the load error messages during the repair install. Not sure if that's what is causing my issues now, but I'm having a problem getting SP3 to install. I am up to date with SP2, but battling with the sp3. I have the standalone installer and it just doesn't complete, pretty generic error

service pack 3 setup error an error in updating your system has occurred


If you have any suggestions, I'm all ears, but tacking this in the meantime.
  • 0

#30
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Run a check disk and then retry it!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP