Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Window XP hangs - programs open on start will run but no programs will


  • This topic is locked This topic is locked

#46
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
The instructions were corect and complete. I probably just didn't make them clear enough. I will try to clarify them. If you don't understand this, let me know.

This is what TDSSKiller found:

20:39:42.0078 3536 Detected object count: 16
20:39:42.0078 3536 Actual detected object count: 16
20:46:55.0093 3536 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:55.0093 3536 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:55.0093 3536 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:55.0093 3536 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:55.0093 3536 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:55.0093 3536 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:55.0093 3536 McrdSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:55.0093 3536 McrdSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:55.0093 3536 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:55.0093 3536 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:55.0109 3536 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:55.0109 3536 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:55.0109 3536 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:55.0109 3536 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:55.0109 3536 QWAVE ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:55.0109 3536 QWAVE ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:55.0109 3536 QWAVEDRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:55.0109 3536 QWAVEDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:55.0109 3536 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:55.0109 3536 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:55.0109 3536 RMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:55.0109 3536 RMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:55.0109 3536 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:55.0109 3536 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:55.0125 3536 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:55.0125 3536 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:55.0125 3536 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:55.0125 3536 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:55.0125 3536 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:55.0125 3536 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:55.0125 3536 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:46:55.0125 3536 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

The entry in red is the one we want to delete. To do that, I want you to run TDSSKiller with the dame settings as in post #40

After you click the Start Scan button in Step 5, you will get the following screen:

Posted Image

When the Scan has finished, TDSSKiller will then open a screen titled Threats Detected (See the image below). If you look at the image you will see the following at the bottom of the window:

TDSS FILE System
Physical Drive : \Device\Harddisk0\DR0
Suspicous object, medium risk

To the right of that entry you will see the word Skip and a drop down arrow to the right of it .

Posted Image

You need to click that dorp down arrow and change Skip to Delete, for the TDSS File System only. Leave all of the other entries alone. Then press the Continue button. This will delete the TDSS File System.
Then follow the rest of the instructions for running the tool and post the resultant log.
  • 0

Advertisements


#47
Quint2724

Quint2724

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
OK - found it this time on the scan. Changed setting to delete and hit continue. Here is the log:

15:01:56.0375 5384 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:01:57.0093 5384 ============================================================
15:01:57.0093 5384 Current date / time: 2013/01/27 15:01:57.0093
15:01:57.0093 5384 SystemInfo:
15:01:57.0093 5384
15:01:57.0093 5384 OS Version: 5.1.2600 ServicePack: 3.0
15:01:57.0093 5384 Product type: Workstation
15:01:57.0093 5384 ComputerName: D4065BB1
15:01:57.0093 5384 UserName: Sherman
15:01:57.0093 5384 Windows directory: C:\WINDOWS
15:01:57.0093 5384 System windows directory: C:\WINDOWS
15:01:57.0093 5384 Processor architecture: Intel x86
15:01:57.0093 5384 Number of processors: 2
15:01:57.0093 5384 Page size: 0x1000
15:01:57.0093 5384 Boot type: Normal boot
15:01:57.0093 5384 ============================================================
15:02:07.0640 5384 Drive \Device\Harddisk0\DR0 - Size: 0x16F0649400 (91.76 Gb), SectorSize: 0x200, Cylinders: 0x2ECA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:02:07.0968 5384 ============================================================
15:02:07.0968 5384 \Device\Harddisk0\DR0:
15:02:07.0968 5384 MBR partitions:
15:02:07.0968 5384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0xAE1EE25
15:02:07.0968 5384 ============================================================
15:02:08.0046 5384 C: <-> \Device\Harddisk0\DR0\Partition1
15:02:08.0046 5384 ============================================================
15:02:08.0046 5384 Initialize success
15:02:08.0046 5384 ============================================================
15:02:18.0000 1916 ============================================================
15:02:18.0000 1916 Scan started
15:02:18.0000 1916 Mode: Manual; SigCheck; TDLFS;
15:02:18.0000 1916 ============================================================
15:02:38.0578 5948 ============================================================
15:02:38.0578 5948 Scan started
15:02:38.0578 5948 Mode: Manual; SigCheck; TDLFS;
15:02:38.0578 5948 ============================================================
15:02:39.0218 5948 ================ Scan system memory ========================
15:02:44.0250 5948 System memory - ok
15:02:44.0250 5948 ================ Scan services =============================
15:02:44.0390 5948 Abiosdsk - ok
15:02:44.0437 5948 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:02:46.0156 5948 abp480n5 - ok
15:02:46.0218 5948 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:02:46.0546 5948 ACPI - ok
15:02:46.0578 5948 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:02:46.0828 5948 ACPIEC - ok
15:02:46.0937 5948 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:02:47.0468 5948 AdobeFlashPlayerUpdateSvc - ok
15:02:47.0515 5948 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:02:47.0781 5948 adpu160m - ok
15:02:47.0812 5948 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:02:48.0187 5948 aec - ok
15:02:48.0234 5948 [ A1AD1A4A9F18D900CA9C93FA3EFDCB56 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:02:48.0359 5948 AegisP - ok
15:02:48.0406 5948 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:02:48.0484 5948 AFD - ok
15:02:48.0562 5948 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
15:02:48.0812 5948 agp440 - ok
15:02:48.0843 5948 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:02:49.0046 5948 agpCPQ - ok
15:02:49.0078 5948 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:02:49.0234 5948 Aha154x - ok
15:02:49.0265 5948 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:02:49.0484 5948 aic78u2 - ok
15:02:49.0515 5948 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:02:49.0718 5948 aic78xx - ok
15:02:49.0765 5948 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:02:49.0937 5948 Alerter - ok
15:02:49.0968 5948 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:02:50.0203 5948 ALG - ok
15:02:50.0234 5948 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
15:02:50.0406 5948 AliIde - ok
15:02:50.0437 5948 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:02:50.0609 5948 alim1541 - ok
15:02:50.0640 5948 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:02:51.0140 5948 amdagp - ok
15:02:51.0156 5948 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
15:02:51.0281 5948 amsint - ok
15:02:51.0437 5948 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:02:51.0640 5948 Apple Mobile Device - ok
15:02:51.0671 5948 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:02:51.0968 5948 AppMgmt - ok
15:02:52.0015 5948 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:02:52.0250 5948 Arp1394 - ok
15:02:52.0265 5948 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
15:02:52.0546 5948 asc - ok
15:02:52.0578 5948 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:02:52.0734 5948 asc3350p - ok
15:02:52.0765 5948 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:02:52.0937 5948 asc3550 - ok
15:02:53.0000 5948 [ 31ED89BADD47130AD57CCE8C8DFB5B27 ] ASPI32 C:\WINDOWS\system32\drivers\ASPI32.sys
15:02:53.0046 5948 ASPI32 ( UnsignedFile.Multi.Generic ) - warning
15:02:53.0046 5948 ASPI32 - detected UnsignedFile.Multi.Generic (1)
15:02:53.0203 5948 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:02:53.0406 5948 aspnet_state - ok
15:02:53.0437 5948 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:02:53.0671 5948 AsyncMac - ok
15:02:53.0718 5948 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:02:53.0890 5948 atapi - ok
15:02:53.0890 5948 Atdisk - ok
15:02:53.0921 5948 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:02:54.0171 5948 Atmarpc - ok
15:02:54.0218 5948 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:02:54.0406 5948 AudioSrv - ok
15:02:54.0484 5948 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:02:54.0671 5948 audstub - ok
15:02:54.0718 5948 [ C768C8A463D32C219CE291645A0621A4 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
15:02:54.0843 5948 bcm4sbxp - ok
15:02:54.0906 5948 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:02:55.0078 5948 Beep - ok
15:02:55.0156 5948 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
15:02:55.0515 5948 BITS - ok
15:02:55.0562 5948 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
15:02:55.0703 5948 Browser - ok
15:02:55.0718 5948 catchme - ok
15:02:55.0750 5948 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:02:55.0906 5948 cbidf - ok
15:02:55.0921 5948 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:02:56.0046 5948 cbidf2k - ok
15:02:56.0093 5948 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:02:56.0296 5948 CCDECODE - ok
15:02:56.0328 5948 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:02:56.0437 5948 cd20xrnt - ok
15:02:56.0468 5948 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:02:56.0687 5948 Cdaudio - ok
15:02:56.0718 5948 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:02:56.0953 5948 Cdfs - ok
15:02:56.0984 5948 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:02:57.0171 5948 Cdrom - ok
15:02:57.0187 5948 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
15:02:57.0250 5948 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
15:02:57.0250 5948 cercsr6 - detected UnsignedFile.Multi.Generic (1)
15:02:57.0250 5948 Changer - ok
15:02:57.0296 5948 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:02:57.0546 5948 CiSvc - ok
15:02:57.0609 5948 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:02:57.0906 5948 ClipSrv - ok
15:02:57.0937 5948 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:02:58.0250 5948 clr_optimization_v2.0.50727_32 - ok
15:02:58.0281 5948 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:02:58.0468 5948 CmBatt - ok
15:02:58.0515 5948 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:02:58.0796 5948 CmdIde - ok
15:02:58.0828 5948 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:02:59.0031 5948 Compbatt - ok
15:02:59.0046 5948 COMSysApp - ok
15:02:59.0093 5948 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:02:59.0281 5948 Cpqarray - ok
15:02:59.0453 5948 cpuz135 - ok
15:02:59.0500 5948 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:02:59.0796 5948 CryptSvc - ok
15:02:59.0828 5948 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:03:00.0046 5948 dac2w2k - ok
15:03:00.0093 5948 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:03:00.0250 5948 dac960nt - ok
15:03:00.0312 5948 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:03:00.0453 5948 DcomLaunch - ok
15:03:00.0515 5948 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:03:01.0187 5948 Dhcp - ok
15:03:01.0234 5948 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:03:01.0437 5948 Disk - ok
15:03:01.0453 5948 dmadmin - ok
15:03:01.0515 5948 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:03:01.0890 5948 dmboot - ok
15:03:01.0890 5948 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
15:03:02.0093 5948 dmio - ok
15:03:02.0109 5948 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:03:02.0296 5948 dmload - ok
15:03:02.0343 5948 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:03:02.0500 5948 dmserver - ok
15:03:02.0531 5948 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:03:02.0750 5948 DMusic - ok
15:03:02.0781 5948 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:03:02.0843 5948 Dnscache - ok
15:03:02.0906 5948 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:03:03.0218 5948 Dot3svc - ok
15:03:03.0265 5948 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:03:03.0437 5948 dpti2o - ok
15:03:03.0468 5948 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:03:03.0671 5948 drmkaud - ok
15:03:03.0703 5948 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:03:03.0953 5948 E100B - ok
15:03:03.0968 5948 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:03:04.0187 5948 EapHost - ok
15:03:04.0296 5948 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
15:03:04.0562 5948 ehRecvr - ok
15:03:04.0625 5948 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
15:03:04.0906 5948 ehSched - ok
15:03:04.0953 5948 [ 7EC42EC12A4BAC14BCCA99FB06F2D125 ] elagopro C:\WINDOWS\system32\DRIVERS\elagopro.sys
15:03:05.0093 5948 elagopro - ok
15:03:05.0125 5948 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] elaunidr C:\WINDOWS\system32\DRIVERS\elaunidr.sys
15:03:05.0187 5948 elaunidr - ok
15:03:05.0234 5948 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:03:05.0421 5948 ERSvc - ok
15:03:05.0468 5948 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:03:05.0515 5948 Eventlog - ok
15:03:05.0593 5948 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
15:03:05.0671 5948 EventSystem - ok
15:03:05.0781 5948 [ E71B03FF6B819AE1A286AA27E956D523 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
15:03:06.0109 5948 EvtEng ( UnsignedFile.Multi.Generic ) - warning
15:03:06.0109 5948 EvtEng - detected UnsignedFile.Multi.Generic (1)
15:03:06.0171 5948 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:03:06.0375 5948 Fastfat - ok
15:03:06.0421 5948 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:03:06.0468 5948 FastUserSwitchingCompatibility - ok
15:03:06.0531 5948 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
15:03:06.0953 5948 Fax - ok
15:03:07.0000 5948 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:03:07.0265 5948 Fdc - ok
15:03:07.0312 5948 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:03:07.0500 5948 Fips - ok
15:03:07.0531 5948 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:03:07.0718 5948 Flpydisk - ok
15:03:07.0765 5948 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:03:07.0953 5948 FltMgr - ok
15:03:08.0062 5948 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:03:08.0140 5948 FontCache3.0.0.0 - ok
15:03:08.0187 5948 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:03:08.0375 5948 Fs_Rec - ok
15:03:08.0375 5948 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:03:08.0562 5948 Ftdisk - ok
15:03:08.0703 5948 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
15:03:08.0937 5948 GameConsoleService - ok
15:03:08.0984 5948 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:03:09.0093 5948 GEARAspiWDM - ok
15:03:09.0125 5948 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:03:09.0359 5948 Gpc - ok
15:03:09.0406 5948 [ 6003BC70F1A8307262BD3C941BDA0B7E ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
15:03:09.0515 5948 grmnusb - ok
15:03:09.0609 5948 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:03:09.0625 5948 gupdate - ok
15:03:09.0625 5948 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:03:09.0656 5948 gupdatem - ok
15:03:09.0718 5948 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:03:09.0953 5948 HDAudBus - ok
15:03:10.0031 5948 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:03:10.0250 5948 helpsvc - ok
15:03:10.0265 5948 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
15:03:10.0437 5948 HidServ - ok
15:03:10.0453 5948 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:03:10.0625 5948 HidUsb - ok
15:03:10.0671 5948 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:03:10.0937 5948 hkmsvc - ok
15:03:10.0984 5948 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
15:03:11.0187 5948 hpn - ok
15:03:11.0250 5948 [ 287A63BD8509BD78E7978823B38AFA81 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:03:11.0343 5948 HPZid412 - ok
15:03:11.0375 5948 [ 0B4FDA2657C3E0315EAA57F9C6D4FD1F ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:03:11.0484 5948 HPZipr12 - ok
15:03:11.0515 5948 [ 29559DB25258B60510A60C4E470FCE32 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:03:11.0609 5948 HPZius12 - ok
15:03:11.0718 5948 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
15:03:11.0953 5948 HSF_DPV - ok
15:03:11.0984 5948 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
15:03:12.0187 5948 HSXHWAZL - ok
15:03:12.0250 5948 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:03:12.0312 5948 HTTP - ok
15:03:12.0359 5948 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:03:12.0531 5948 HTTPFilter - ok
15:03:12.0578 5948 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
15:03:12.0734 5948 i2omgmt - ok
15:03:12.0781 5948 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:03:13.0062 5948 i2omp - ok
15:03:13.0093 5948 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:03:13.0359 5948 i8042prt - ok
15:03:13.0468 5948 [ CC449157474D5E43DAEA7E20F52C635A ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:03:13.0718 5948 ialm - ok
15:03:13.0843 5948 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:03:14.0156 5948 idsvc - ok
15:03:14.0203 5948 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:03:14.0421 5948 Imapi - ok
15:03:14.0468 5948 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:03:14.0687 5948 ImapiService - ok
15:03:14.0734 5948 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:03:14.0921 5948 ini910u - ok
15:03:14.0953 5948 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:03:15.0125 5948 IntelIde - ok
15:03:15.0156 5948 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:03:15.0359 5948 intelppm - ok
15:03:15.0375 5948 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:03:15.0656 5948 Ip6Fw - ok
15:03:15.0687 5948 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:03:16.0156 5948 IpFilterDriver - ok
15:03:16.0234 5948 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:03:16.0500 5948 IpInIp - ok
15:03:16.0546 5948 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:03:16.0750 5948 IpNat - ok
15:03:16.0843 5948 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:03:17.0031 5948 iPod Service - ok
15:03:17.0046 5948 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:03:17.0250 5948 IPSec - ok
15:03:17.0265 5948 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:03:17.0406 5948 IRENUM - ok
15:03:17.0437 5948 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:03:17.0625 5948 isapnp - ok
15:03:17.0906 5948 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
15:03:18.0218 5948 JavaQuickStarterService - ok
15:03:18.0234 5948 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:03:18.0515 5948 Kbdclass - ok
15:03:18.0562 5948 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:03:18.0765 5948 kbdhid - ok
15:03:18.0796 5948 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:03:18.0968 5948 kmixer - ok
15:03:19.0015 5948 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:03:19.0093 5948 KSecDD - ok
15:03:19.0140 5948 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:03:19.0187 5948 lanmanserver - ok
15:03:19.0250 5948 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:03:19.0312 5948 lanmanworkstation - ok
15:03:19.0328 5948 lbrtfdc - ok
15:03:19.0375 5948 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:03:19.0562 5948 LmHosts - ok
15:03:19.0562 5948 LVRS - ok
15:03:19.0578 5948 LVUVC - ok
15:03:19.0656 5948 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
15:03:19.0765 5948 MatSvc - ok
15:03:19.0796 5948 [ BEC8D118490817F93FBE620B30EC7264 ] McrdSvc C:\WINDOWS\ehome\McrdSvc.exe
15:03:19.0859 5948 McrdSvc ( UnsignedFile.Multi.Generic ) - warning
15:03:19.0859 5948 McrdSvc - detected UnsignedFile.Multi.Generic (1)
15:03:19.0921 5948 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:03:19.0984 5948 mdmxsdk - ok
15:03:20.0015 5948 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:03:20.0171 5948 Messenger - ok
15:03:20.0203 5948 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
15:03:20.0562 5948 MHN ( UnsignedFile.Multi.Generic ) - warning
15:03:20.0562 5948 MHN - detected UnsignedFile.Multi.Generic (1)
15:03:20.0593 5948 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
15:03:20.0640 5948 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
15:03:20.0640 5948 MHNDRV - detected UnsignedFile.Multi.Generic (1)
15:03:20.0718 5948 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:03:20.0890 5948 mnmdd - ok
15:03:20.0937 5948 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:03:21.0218 5948 mnmsrvc - ok
15:03:21.0250 5948 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:03:21.0406 5948 Modem - ok
15:03:21.0437 5948 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:03:21.0687 5948 Mouclass - ok
15:03:21.0734 5948 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:03:21.0921 5948 mouhid - ok
15:03:21.0953 5948 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:03:22.0171 5948 MountMgr - ok
15:03:22.0250 5948 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:03:22.0390 5948 MozillaMaintenance - ok
15:03:22.0406 5948 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:03:22.0515 5948 MpFilter - ok
15:03:22.0578 5948 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:03:22.0765 5948 mraid35x - ok
15:03:22.0796 5948 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:03:22.0984 5948 MRxDAV - ok
15:03:23.0062 5948 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:03:23.0140 5948 MRxSmb - ok
15:03:23.0187 5948 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:03:23.0390 5948 MSDTC - ok
15:03:23.0421 5948 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:03:23.0734 5948 Msfs - ok
15:03:23.0750 5948 MSIServer - ok
15:03:23.0765 5948 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:03:23.0953 5948 MSKSSRV - ok
15:03:24.0031 5948 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:03:24.0078 5948 MsMpSvc - ok
15:03:24.0125 5948 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:03:24.0296 5948 MSPCLOCK - ok
15:03:24.0343 5948 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:03:24.0531 5948 MSPQM - ok
15:03:24.0593 5948 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:03:24.0843 5948 mssmbios - ok
15:03:24.0875 5948 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
15:03:25.0015 5948 MSTEE - ok
15:03:25.0062 5948 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:03:25.0125 5948 Mup - ok
15:03:25.0140 5948 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:03:25.0328 5948 NABTSFEC - ok
15:03:25.0375 5948 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:03:25.0703 5948 napagent - ok
15:03:25.0750 5948 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:03:26.0156 5948 NDIS - ok
15:03:26.0171 5948 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:03:26.0328 5948 NdisIP - ok
15:03:26.0375 5948 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:03:26.0437 5948 NdisTapi - ok
15:03:26.0468 5948 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:03:26.0671 5948 Ndisuio - ok
15:03:26.0687 5948 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:03:26.0890 5948 NdisWan - ok
15:03:26.0906 5948 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:03:26.0937 5948 NDProxy - ok
15:03:26.0953 5948 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:03:27.0140 5948 NetBIOS - ok
15:03:27.0187 5948 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:03:27.0421 5948 NetBT - ok
15:03:27.0453 5948 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:03:27.0828 5948 NetDDE - ok
15:03:27.0843 5948 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:03:27.0968 5948 NetDDEdsdm - ok
15:03:28.0015 5948 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:03:28.0171 5948 Netlogon - ok
15:03:28.0234 5948 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:03:28.0437 5948 Netman - ok
15:03:28.0484 5948 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:03:28.0562 5948 NetTcpPortSharing - ok
15:03:28.0671 5948 [ 71371ED9086A3D65F43967C89634E9A9 ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
15:03:28.0906 5948 NETw3x32 - ok
15:03:29.0062 5948 [ B5AB1108B377B5F3D37409FABDA01453 ] NETw4x32 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
15:03:29.0375 5948 NETw4x32 - ok
15:03:29.0421 5948 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:03:29.0718 5948 NIC1394 - ok
15:03:29.0796 5948 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:03:29.0828 5948 Nla - ok
15:03:29.0859 5948 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:03:30.0046 5948 Npfs - ok
15:03:30.0093 5948 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:03:30.0296 5948 Ntfs - ok
15:03:30.0328 5948 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:03:30.0468 5948 NtLmSsp - ok
15:03:30.0515 5948 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:03:30.0765 5948 NtmsSvc - ok
15:03:30.0781 5948 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:03:30.0937 5948 Null - ok
15:03:31.0046 5948 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:03:31.0406 5948 nv - ok
15:03:31.0453 5948 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:03:31.0687 5948 NwlnkFlt - ok
15:03:31.0734 5948 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:03:31.0921 5948 NwlnkFwd - ok
15:03:31.0953 5948 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:03:32.0125 5948 ohci1394 - ok
15:03:32.0218 5948 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:03:32.0328 5948 ose - ok
15:03:32.0625 5948 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:03:33.0328 5948 osppsvc - ok
15:03:33.0421 5948 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:03:33.0671 5948 Parport - ok
15:03:33.0718 5948 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:03:33.0906 5948 PartMgr - ok
15:03:33.0953 5948 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:03:34.0093 5948 ParVdm - ok
15:03:34.0109 5948 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:03:34.0343 5948 PCI - ok
15:03:34.0343 5948 PCIDump - ok
15:03:34.0375 5948 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:03:34.0515 5948 PCIIde - ok
15:03:34.0546 5948 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:03:34.0750 5948 Pcmcia - ok
15:03:34.0765 5948 PDCOMP - ok
15:03:34.0765 5948 PDFRAME - ok
15:03:34.0781 5948 PDRELI - ok
15:03:34.0781 5948 PDRFRAME - ok
15:03:34.0828 5948 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
15:03:35.0015 5948 perc2 - ok
15:03:35.0046 5948 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:03:35.0203 5948 perc2hib - ok
15:03:35.0250 5948 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:03:35.0265 5948 PlugPlay - ok
15:03:35.0312 5948 [ 5C1CADD1CB67C0B9D8A84EC6E4D6B5CC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
15:03:35.0640 5948 Pml Driver HPZ12 - ok
15:03:35.0687 5948 [ E4910CE9D882BF825979FCF4636A9BD8 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
15:03:35.0796 5948 Point32 - ok
15:03:35.0812 5948 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:03:35.0953 5948 PolicyAgent - ok
15:03:35.0984 5948 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:03:36.0156 5948 PptpMiniport - ok
15:03:36.0156 5948 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:03:36.0281 5948 ProtectedStorage - ok
15:03:36.0296 5948 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:03:36.0468 5948 PSched - ok
15:03:36.0484 5948 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:03:36.0671 5948 Ptilink - ok
15:03:36.0687 5948 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:03:36.0734 5948 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
15:03:36.0734 5948 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
15:03:36.0765 5948 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:03:36.0953 5948 ql1080 - ok
15:03:36.0984 5948 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:03:37.0171 5948 Ql10wnt - ok
15:03:37.0187 5948 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:03:37.0328 5948 ql12160 - ok
15:03:37.0359 5948 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:03:37.0515 5948 ql1240 - ok
15:03:37.0546 5948 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:03:37.0718 5948 ql1280 - ok
15:03:37.0781 5948 [ D2EA58899FCF66539FAD12897B787216 ] QWAVE C:\WINDOWS\system32\qwave.dll
15:03:37.0843 5948 QWAVE ( UnsignedFile.Multi.Generic ) - warning
15:03:37.0843 5948 QWAVE - detected UnsignedFile.Multi.Generic (1)
15:03:37.0875 5948 [ 2BB1D2BAF3493362E5C1949C5F210D5F ] QWAVEDRV C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
15:03:37.0906 5948 QWAVEDRV ( UnsignedFile.Multi.Generic ) - warning
15:03:37.0906 5948 QWAVEDRV - detected UnsignedFile.Multi.Generic (1)
15:03:37.0937 5948 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:03:38.0109 5948 RasAcd - ok
15:03:38.0156 5948 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:03:38.0375 5948 RasAuto - ok
15:03:38.0390 5948 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:03:38.0609 5948 Rasl2tp - ok
15:03:38.0656 5948 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:03:38.0890 5948 RasMan - ok
15:03:38.0890 5948 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:03:39.0078 5948 RasPppoe - ok
15:03:39.0140 5948 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:03:39.0296 5948 Raspti - ok
15:03:39.0328 5948 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:03:39.0515 5948 Rdbss - ok
15:03:39.0515 5948 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:03:39.0687 5948 RDPCDD - ok
15:03:39.0703 5948 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:03:39.0937 5948 rdpdr - ok
15:03:40.0000 5948 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:03:40.0062 5948 RDPWD - ok
15:03:40.0093 5948 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:03:40.0343 5948 RDSessMgr - ok
15:03:40.0390 5948 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:03:40.0562 5948 redbook - ok
15:03:40.0609 5948 [ 2CF574D0965F58E514A2DC94114D7ECA ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
15:03:40.0796 5948 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
15:03:40.0796 5948 RegSrvc - detected UnsignedFile.Multi.Generic (1)
15:03:40.0843 5948 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:03:41.0062 5948 RemoteAccess - ok
15:03:41.0109 5948 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:03:41.0281 5948 RemoteRegistry - ok
15:03:41.0296 5948 [ 24ED7AF20651F9FA1F249482E7C1F165 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
15:03:41.0359 5948 rimmptsk - ok
15:03:41.0390 5948 [ 1BDBA2D2D402415A78A4BA766DFE0F7B ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
15:03:41.0515 5948 rimsptsk - ok
15:03:41.0546 5948 [ F774ECD11A064F0DEBB2D4395418153C ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
15:03:41.0671 5948 rismxdp - ok
15:03:41.0703 5948 [ 868E6C58E9B301A768AE50E2A8E3C5D5 ] RMSvc C:\WINDOWS\ehome\RMSvc.exe
15:03:41.0765 5948 RMSvc ( UnsignedFile.Multi.Generic ) - warning
15:03:41.0765 5948 RMSvc - detected UnsignedFile.Multi.Generic (1)
15:03:41.0781 5948 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
15:03:42.0062 5948 RpcLocator - ok
15:03:42.0125 5948 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:03:42.0187 5948 RpcSs - ok
15:03:42.0218 5948 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:03:42.0406 5948 RSVP - ok
15:03:42.0500 5948 [ 874173EDBD4F2FE711F245855A2FFA23 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
15:03:43.0000 5948 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
15:03:43.0000 5948 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
15:03:43.0031 5948 [ EADFB87F911A7A75D1B80617F92901E8 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
15:03:43.0140 5948 s24trans ( UnsignedFile.Multi.Generic ) - warning
15:03:43.0140 5948 s24trans - detected UnsignedFile.Multi.Generic (1)
15:03:43.0187 5948 SABProcEnum - ok
15:03:43.0218 5948 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:03:43.0406 5948 SamSs - ok
15:03:43.0406 5948 SBRE - ok
15:03:43.0468 5948 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:03:43.0765 5948 SCardSvr - ok
15:03:43.0812 5948 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:03:44.0046 5948 Schedule - ok
15:03:44.0093 5948 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:03:44.0281 5948 sdbus - ok
15:03:44.0328 5948 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:03:44.0437 5948 Secdrv - ok
15:03:44.0484 5948 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:03:44.0656 5948 seclogon - ok
15:03:44.0687 5948 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:03:44.0859 5948 SENS - ok
15:03:44.0890 5948 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:03:45.0078 5948 serenum - ok
15:03:45.0109 5948 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:03:45.0328 5948 Serial - ok
15:03:45.0390 5948 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:03:45.0546 5948 Sfloppy - ok
15:03:45.0609 5948 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:03:45.0828 5948 SharedAccess - ok
15:03:45.0859 5948 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:03:45.0890 5948 ShellHWDetection - ok
15:03:45.0906 5948 Simbad - ok
15:03:45.0937 5948 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:03:46.0125 5948 sisagp - ok
15:03:46.0156 5948 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:03:46.0296 5948 SLIP - ok
15:03:46.0328 5948 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:03:46.0437 5948 Sparrow - ok
15:03:46.0468 5948 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:03:46.0671 5948 splitter - ok
15:03:46.0718 5948 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:03:46.0765 5948 Spooler - ok
15:03:46.0796 5948 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:03:46.0984 5948 sr - ok
15:03:47.0031 5948 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:03:47.0203 5948 srservice - ok
15:03:47.0250 5948 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:03:47.0359 5948 Srv - ok
15:03:47.0406 5948 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:03:47.0515 5948 SSDPSRV - ok
15:03:47.0625 5948 [ 3AD78E22210D3FBD9F76DE84A8DF19B5 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
15:03:47.0828 5948 STHDA - ok
15:03:47.0890 5948 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:03:48.0265 5948 stisvc - ok
15:03:48.0296 5948 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:03:48.0531 5948 streamip - ok
15:03:48.0609 5948 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:03:48.0843 5948 swenum - ok
15:03:48.0875 5948 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:03:49.0140 5948 swmidi - ok
15:03:49.0140 5948 SwPrv - ok
15:03:49.0203 5948 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
15:03:49.0406 5948 symc810 - ok
15:03:49.0437 5948 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:03:49.0609 5948 symc8xx - ok
15:03:49.0656 5948 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:03:49.0812 5948 sym_hi - ok
15:03:49.0828 5948 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:03:49.0984 5948 sym_u3 - ok
15:03:50.0046 5948 [ FA2DAA32BED908023272A0F77D625DAE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:03:50.0140 5948 SynTP - ok
15:03:50.0171 5948 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:03:50.0359 5948 sysaudio - ok
15:03:50.0406 5948 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:03:50.0671 5948 SysmonLog - ok
15:03:50.0718 5948 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:03:51.0140 5948 TapiSrv - ok
15:03:51.0187 5948 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:03:51.0218 5948 Tcpip - ok
15:03:51.0234 5948 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:03:51.0437 5948 TDPIPE - ok
15:03:51.0453 5948 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:03:51.0609 5948 TDTCP - ok
15:03:51.0640 5948 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:03:51.0828 5948 TermDD - ok
15:03:51.0875 5948 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:03:52.0046 5948 TermService - ok
15:03:52.0062 5948 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:03:52.0078 5948 Themes - ok
15:03:52.0125 5948 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
15:03:52.0343 5948 TlntSvr - ok
15:03:52.0375 5948 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
15:03:52.0531 5948 TosIde - ok
15:03:52.0562 5948 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:03:52.0750 5948 TrkWks - ok
15:03:52.0781 5948 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:03:52.0968 5948 Udfs - ok
15:03:53.0000 5948 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
15:03:53.0093 5948 ultra - ok
15:03:53.0125 5948 [ 6634C460C56EC7E48D6BE20B745DC03A ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
15:03:53.0203 5948 UMWdf - ok
15:03:53.0265 5948 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:03:53.0453 5948 Update - ok
15:03:53.0500 5948 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:03:53.0625 5948 upnphost - ok
15:03:53.0640 5948 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:03:53.0890 5948 UPS - ok
15:03:53.0937 5948 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
15:03:54.0046 5948 USBAAPL - ok
15:03:54.0093 5948 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
15:03:54.0281 5948 usbaudio - ok
15:03:54.0296 5948 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:03:54.0515 5948 usbccgp - ok
15:03:54.0546 5948 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:03:54.0750 5948 usbehci - ok
15:03:54.0765 5948 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:03:54.0953 5948 usbhub - ok
15:03:54.0984 5948 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:03:55.0156 5948 usbprint - ok
15:03:55.0187 5948 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:03:55.0406 5948 usbscan - ok
15:03:55.0437 5948 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:03:55.0593 5948 USBSTOR - ok
15:03:55.0625 5948 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:03:55.0796 5948 usbuhci - ok
15:03:55.0828 5948 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
15:03:56.0000 5948 usbvideo - ok
15:03:56.0015 5948 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
15:03:56.0187 5948 usb_rndisx - ok
15:03:56.0218 5948 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:03:56.0390 5948 VgaSave - ok
15:03:56.0406 5948 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:03:56.0593 5948 viaagp - ok
15:03:56.0609 5948 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
15:03:56.0781 5948 ViaIde - ok
15:03:56.0812 5948 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:03:57.0000 5948 VolSnap - ok
15:03:57.0046 5948 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:03:57.0312 5948 VSS - ok
15:03:57.0359 5948 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
15:03:57.0546 5948 w32time - ok
15:03:57.0625 5948 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
15:03:57.0781 5948 w39n51 - ok
15:03:57.0843 5948 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:03:58.0031 5948 Wanarp - ok
15:03:58.0031 5948 wanatw - ok
15:03:58.0031 5948 WDICA - ok
15:03:58.0078 5948 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:03:58.0296 5948 wdmaud - ok
15:03:58.0296 5948 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:03:58.0500 5948 WebClient - ok
15:03:58.0578 5948 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
15:03:58.0703 5948 winachsf - ok
15:03:58.0781 5948 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:03:58.0984 5948 winmgmt - ok
15:03:59.0046 5948 [ 4307641CA3389A210295FDFFD2A73DEE ] WLANKEEPER C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
15:03:59.0281 5948 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning
15:03:59.0281 5948 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)
15:03:59.0328 5948 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
15:03:59.0453 5948 WmdmPmSN - ok
15:03:59.0515 5948 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:03:59.0609 5948 Wmi - ok
15:03:59.0656 5948 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:03:59.0796 5948 WmiAcpi - ok
15:03:59.0828 5948 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:04:00.0078 5948 WmiApSrv - ok
15:04:00.0187 5948 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:04:00.0703 5948 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
15:04:00.0703 5948 WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
15:04:00.0750 5948 [ 0770ACCA345B35EF455AC0D96C8B39A0 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:04:00.0812 5948 WpdUsb - ok
15:04:00.0859 5948 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:04:01.0015 5948 WS2IFSL - ok
15:04:01.0062 5948 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:04:01.0281 5948 wscsvc - ok
15:04:01.0312 5948 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:04:01.0515 5948 WSTCODEC - ok
15:04:01.0562 5948 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:04:01.0734 5948 wuauserv - ok
15:04:01.0781 5948 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:04:01.0906 5948 WudfPf - ok
15:04:01.0953 5948 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:04:02.0062 5948 WudfRd - ok
15:04:02.0093 5948 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:04:02.0203 5948 WudfSvc - ok
15:04:02.0296 5948 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:04:02.0562 5948 WZCSVC - ok
15:04:02.0578 5948 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:04:02.0781 5948 xmlprov - ok
15:04:02.0812 5948 ================ Scan global ===============================
15:04:02.0859 5948 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:04:02.0953 5948 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:04:02.0968 5948 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:04:02.0984 5948 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:04:03.0000 5948 [Global] - ok
15:04:03.0000 5948 ================ Scan MBR ==================================
15:04:03.0031 5948 [ DEA9E81F0228B68C9ADAF84C9B0CF931 ] \Device\Harddisk0\DR0
15:04:03.0281 5948 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:04:03.0281 5948 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:04:03.0281 5948 ================ Scan VBR ==================================
15:04:03.0281 5948 [ 906090EE3E0DCC02260B16732F31435B ] \Device\Harddisk0\DR0\Partition1
15:04:03.0281 5948 \Device\Harddisk0\DR0\Partition1 - ok
15:04:03.0281 5948 ============================================================
15:04:03.0281 5948 Scan finished
15:04:03.0281 5948 ============================================================
15:04:03.0421 5936 Detected object count: 16
15:04:03.0421 5936 Actual detected object count: 16
15:05:39.0500 5936 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:39.0500 5936 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:39.0500 5936 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:39.0500 5936 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:39.0515 5936 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:39.0515 5936 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:39.0515 5936 McrdSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:39.0515 5936 McrdSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:39.0515 5936 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:39.0515 5936 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:39.0515 5936 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:39.0515 5936 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:39.0515 5936 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:39.0515 5936 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:39.0515 5936 QWAVE ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:39.0515 5936 QWAVE ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:39.0515 5936 QWAVEDRV ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:39.0515 5936 QWAVEDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:39.0515 5936 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:39.0531 5936 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:39.0531 5936 RMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:39.0531 5936 RMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:39.0531 5936 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:39.0531 5936 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:39.0531 5936 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:39.0531 5936 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:39.0531 5936 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:39.0531 5936 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:39.0531 5936 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:39.0531 5936 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:39.0656 5936 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
15:05:39.0687 5936 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:05:39.0968 5936 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:05:41.0734 5936 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
15:05:49.0812 5936 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
15:05:50.0093 5936 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
15:05:50.0109 5936 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
15:05:50.0140 5936 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:05:50.0562 5936 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:05:50.0671 5936 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:05:50.0796 5936 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
15:05:50.0828 5936 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
15:05:51.0234 5936 \Device\Harddisk0\DR0\TDLFS - deleted
15:05:51.0234 5936 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
  • 0

#48
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Did this have any impact on the issue of windows hanging or the updates?
  • 0

#49
Quint2724

Quint2724

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
The last scan run and deletion of the one file did not impact the performance of the computer. However, the computer does run much much better and it no longer hangs nor does the volume control arbitrarily go to mute as of the first scan run of TDSS rootkill. That program seems to have fixed the issue.

Windows must have updated its self at some point in time the past week or so - as when I just ran the Windows Update, it showed that there are no critical updates identified to be downloaded.
  • 0

#50
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
That's great news. :) And a little strange as the first run of TDSSKiller didn't remove anything. I've never had that happen before, but as long as it corrected the issues.
If there aren't any further issues with the system we will run a tool to see if any programs need to be updated, then we will be ready to clean up.


Step-1.

Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step-2.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The Checkup.txt log
  • 0

#51
Quint2724

Quint2724

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Here it is:

Results of screen317's Security Check version 0.99.57
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 11
Java 7 Update 11
Adobe Flash Player 11.5.502.146
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader 10.1.5 Adobe Reader out of Date!
Mozilla Firefox (18.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````
  • 0

#52
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Quint,

Your have old versions of Java and Adobe Reader that need to be uninstalled. Your current Adobe Reader is also out of date. Recently ther has been a hightened security alert concerning Java. I will give instructions to uninstall the older version, but unless you need Java I would recommend uninstalling the current version.

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:
Step-1

Use either A or B, but not both.

A.
Uninstall Java 6 Update 11

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs heading click Uninstall a program
1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

Java 6 Update 11

3. Click on each program to highlight it and click Change/Remove. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

2. Close Windows Explorer.


B.
Completely Remove Java

Version 2.1

Please download JavaRa to your desktop.
  • Click the Download button next to Version 2.1 to download JavaRA-2.1.zip and save it to the desktop.
  • Close the Browser and all open windows.
  • Right click the JavaRA-2.1.zip file and click Extract All and unzip it to its own folder on the desktop.
  • Open the Java-2.0 folder
  • Open the JavaRA folder
  • Double click on the JavaRa.exe file to run the program. You will see a console like the one below:

    Posted Image
  • Click the Update JavaRa Definitions and update the definitions.
  • Click Remove Java JRE (See the image below)
Posted Image

Step 1 will run Java's built in installers (See the image below):
  • JavaRa will automatically detect the available JRE uninstallers. The Run Uninstaller button will begin the removal process; which should be performed on all listed versions of the Java Runtime Environment. In some situations; Windows security features may interfere with this process, causing the Run Uninstaller button do to nothing. You will need to use the Add Or Remove Programs function in Windows if this occurs.

Posted Image

Then Step 2 will run. (See image below)

Step 2 will run the JRE Removal Routine

Posted Image

The removal routine is JavaRa’s most important feature. It quickly scans your computer; identifying and removing files and registry keys associated with Java. With every tiny Java remnant purged; you never need to worry about Java exploits again.

Step-2.

Update Adobe Reader

Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy.
  • Go to Start > Control Panel > Add/Remove Programs
  • Windows Vista /7 Users: Click the Start Orb and click Control Panel. Under the Programs heading click Uninstall a program
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, download the latest version of Adobe Reader from Here.
  • Remove the check mark next to Yes, install McAfee Security Scan Plus-optional box.
  • Click the Download Now button to download Adobe Reader and follow the directions.
Alternative Option: After uninstalling Adobe Reader, you could try installing Foxit Reader from HERE. Foxit Reader is a much smaller program. It has fewer add-ons therefore loads more quickly.
NOTE: When installing FoxitReader, be careful not to install anything to do with AskBar or any of the other foistware they try to get you to install.


OK! Well done. :thumbsup: Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please proceed with the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

If you didn't uninstall ESET after running the program we will do it now.

Step-1.

Uninstall ESET

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs heading click Uninstall a program
1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

ESET

3. Click on each program to highlight it and click Change/Remove. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\ESET

2. Close Windows Explorer.

Step-2.

Uninstall ComboFix
  • Click Start, then click Run. This will display the Run dialogue box .
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen.
  • A message should appear confirming that ComboFix was uninstalled
Step-3.

Uninstall AdwCleaner

Re-open AdwCleaner
  • Click the Uninstall button
  • Confirm with yes
Posted Image

Step-4.

OTL Cleanup
1. Please copy all of the text in the Quote box below (Do Not copy the word Quote). To do this, highlight everything inside the Quote box (except the word Quote) , right click and click Copy.
  • :COMMANDS
    [EMPTYTEMP]
    [REBOOT]

  • Please re-open Posted Image on your desktop.
  • Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
  • Click the Posted Image button.
  • Let the program run unhindered. When finished click the OK button and close the log that appears.
  • NOTE: I do not need to review the log produced.
  • OTL may ask to reboot the machine. Please do so if asked.
2. Please re-open Posted Image on your desktop.
  • Be sure all other programs are closed as this step will require a reboot.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
The above process remove most/all of the tools used and logs created during the cleanup process. After it is finished, OTL will remove itself. This is so that if you are ever infected again you will download the most current copy of the tool.

Step-5.

Delete the following Files and Folders (If Present):

Files on the Desktop
MBR.dat
checkhd.txt
spsetup119.exe
Dial-a-fix v0.60.0.24.zip
windows_repair_aio_setup.exe
SecurityCheck.exe
checkup.txt


Folders
C:\DialAFix

Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.

NOTE: Leave the fullregbackup.reg file on the desktop for a couple of weeks. If the computer is still working ok you can delete it then.

Step-6.

Reset Hidden Files and Folders

1. Click Start.
2. Open My Computer.
4. Select the Tools menu and click Folder Options.
5. Select the View tab.
6. Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
7. Click the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK.

Step-7.

Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore

The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Windows XP
  • Click Start > All Programs > Accessories > System tools > System Restore. The System Restore Wizard opens.
  • Note: If the System Restore Wizard does not open, the System Restore feature may be turned off. To turn System Restore on, follow these steps:
  • Click Start, click Control Panel, and then double-click System.
  • Click the System Restore tab.
  • Make sure that the Turn off System Restore check box is not selected. Or, make sure that the Turn off System Restore on all drives check box is not selected.
  • Click OK.
[*] On the dialogue box that appears select Create a Restore Point
[*] Click NEXT
[*] Enter a name e.g. Clean
[*] Click CREATE
[*] Close System Restore[/list]Turn OFF System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
    Restart your computer.
Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.
    System Restore will now be active again.



Preventing Re-Infection


Below, I have included a number of recommendations for how to protect your computer against future malware infections.

:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

XP Users: You must use Internet Explorer to Update Windows.

1. Click Start> All Programs, in the programs window that comes up, look for Windows Update toward the top of the list and click it.

:Turn On Automatic Updates:

XP Users:
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:If you still want to keep Java
  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
: Keep Adobe Reader Updated :
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed
NOTE: Whether you use Adobe Reader, Acrobat or Foxit Reader to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Click Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. Click OK Close program. It's the same for Foxit Reader except Preferences is under the Tools menu, and you uncheck Enable Javascript Actions.

:Web Browsers:

:Make your Internet Explorer more secure:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to "Prompt"
6. Change the Download unsigned ActiveX controls to "Disable"
7. Change the Initialise and script ActiveX controls not marked as safe to "Disable"
8. Change the Installation of desktop items to "Prompt"
9. Change the Launching programs and files in an IFRAME to "Prompt"
10. When all these settings have been made, click on the OK button.
11. If it prompts you as to whether or not you want to save the settings, click the Yes button.
12. Next press the Apply button and then the OK to exit the Internet Properties page.

:Alternate Browsers:

If you use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  • NoScript - for blocking ads and other potential website attacks
  • WebOfTrust - a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
:Install the MVPs Hosts File:
  • MVPS Hosts file-replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

Preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running a full scan at least once a month. Run Quick Scans at least once a week. Download the Free versions. And update the definitions before running scans.

========Anti Spyware========
  • Malwarebytes-Free Version- a powerful tool to search for and eliminate malware found on your computer.
  • SUPERAntiSpyware Free Edition-another scanning tool to find and eliminate malware.
  • SpywareBlaster-to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard-to catch and block spyware before it can execute. A tutorial can be found here.
  • WinPatrol - will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found here.

It's a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

========TEMP File Cleaners========
  • TFC by OldTimer-A very powerful cleaning program for 32 and 64 bit OS. Note: You may have this already as part of the fixes you have run.
  • CleanUP-Click the Download CleanUP! link. There is also a Learn how to use CleanUP! link on this page.
:BACKUPS:
  • Keep a backup of your important files.-Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT-(Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
:Keep Installed Programs Up to Date:

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
A program that will do this is listed below. Download and install the program and run it monthly:
Filehippo Update Checker

Finally, please read How did I get infected in the first place? by Mr. Tony Cline

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For 24 hours or so. If Anything Comes Up - Just Come Back And Let Me Know

Stay Safe :wave:
godawgs
  • 0

#53
Quint2724

Quint2724

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Got it. Thanks much for the help on this. Your patience and advise is of grate value. Much appreciated.
  • 0

#54
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP