Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with "Best Virus Protection"


  • This topic is locked This topic is locked
18 replies to this topic

#1 magcrew

magcrew

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 30 March 2012 - 09:26 AM

I have tried the malwarebytes guide twice with no luck

I have attached all the log as requested



.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by User at 9:22:45 on 2012-03-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2030.154 [GMT -4:00]
.
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Best Virus Protection *Enabled/Updated* {89553CAB-B403-47D6-A552-9C899B552C5D}
FW: Best Virus Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.henryschein.com/Default.aspx
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DtxQuickLaunch.exe] c:\program files\dentrix\DtxQuickLaunch.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [OATSWALLPAPER] c:\original\bginfo\Bginfo.exe /nolicprompt /silent /timer:0
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [kacsr] rundll32.exe "c:\windows\temp\kacsr.dll",GetRTFOptions
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRunOnce: [F4D55F3B000435DB0C0B2FB9D151FC4E] c:\documents and settings\all users\application data\f4d55f3b000435db0c0b2fb9d151fc4e\F4D55F3B000435DB0C0B2FB9D151FC4E.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\pamana~1.lnk - c:\program files\dentrixold\PAMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268334753546
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1318938340328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{2AF8BDDF-EF38-4C99-AFBF-95BCBA485FF5} : DhcpNameServer = 65.32.5.111 65.32.5.112
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-3-28 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-3-28 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-3-28 656320]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-1-15 24064]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-3-28 249616]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2009-1-15 144480]
S0 jgnlayj;jgnlayj;c:\windows\system32\drivers\unowdqj.sys --> c:\windows\system32\drivers\unowdqj.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-3-28 51984]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-3-28 69392]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S1 MpKslfd498d3a;MpKslfd498d3a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f84f3c56-14d8-4de1-a012-a230b6bb4a7a}\MpKslfd498d3a.sys [2012-3-29 29904]
S2 8057;8057;c:\docume~1\user\locals~1\temp\8057.sys [2012-3-20 145536]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2012-3-28 247760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-4 136176]
S2 GuruLELicensing;Guru Limited Edition Licensing;c:\program files\guru limited edition server\GuruLEService.exe [2008-4-28 60416]
S2 ikhfile;Snapman;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S2 pavagente;S24eventmonitor;\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs --> \\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs [?]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2012-3-28 366840]
S2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2012-3-28 1150936]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-1-18 737184]
S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-1-15 2054680]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-4 136176]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2012-3-28 70536]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-3-28 33552]
S3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
UnknownUnknown PROCEXP113;PROCEXP113; [x]
.
=============== Created Last 30 ================
.
2012-03-29 20:37:42 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f84f3c56-14d8-4de1-a012-a230b6bb4a7a}\MpKslfd498d3a.sys
2012-03-29 20:07:09 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f84f3c56-14d8-4de1-a012-a230b6bb4a7a}\MpKsld68caa3f.sys
2012-03-29 20:05:37 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f84f3c56-14d8-4de1-a012-a230b6bb4a7a}\offreg.dll
2012-03-29 16:50:28 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f84f3c56-14d8-4de1-a012-a230b6bb4a7a}\MpKsle29ab80f.sys
2012-03-29 12:48:25 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f84f3c56-14d8-4de1-a012-a230b6bb4a7a}\MpKsle4b86c32.sys
2012-03-29 12:32:46 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f84f3c56-14d8-4de1-a012-a230b6bb4a7a}\mpengine.dll
2012-03-29 02:36:31 69392 ------w- c:\windows\system32\drivers\TfSysMon.sys
2012-03-29 02:36:31 51984 ------w- c:\windows\system32\drivers\TfFsMon.sys
2012-03-29 02:36:31 33552 ------w- c:\windows\system32\drivers\TfNetMon.sys
2012-03-29 00:52:36 110080 ----a-w- c:\documents and settings\user\application data\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconF7A21AF7.exe
2012-03-29 00:52:36 110080 ----a-w- c:\documents and settings\user\application data\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconD7F16134.exe
2012-03-29 00:52:36 110080 ----a-w- c:\documents and settings\user\application data\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconCF33A0CE.exe
2012-03-29 00:52:32 -------- d-----w- C:\sh4ldr
2012-03-29 00:52:32 -------- d-----w- c:\program files\Enigma Software Group
2012-03-29 00:51:45 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-29 00:51:36 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-03-28 18:24:15 -------- d-----w- c:\documents and settings\user\local settings\application data\Threat Expert
2012-03-28 16:50:18 767952 ----a-w- c:\windows\BDTSupport.dll
2012-03-28 16:50:18 1996752 ----a-w- c:\windows\PCTBDCore.dll
2012-03-28 16:50:18 1533904 ----a-w- c:\windows\PCTBDRes.dll
2012-03-28 16:50:18 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-03-28 16:38:32 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-03-28 16:38:32 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-03-28 14:03:14 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-03-28 14:03:14 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-03-28 14:03:12 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-03-28 14:03:04 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-03-28 14:03:04 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-03-28 14:02:57 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-03-28 14:02:35 -------- d-----w- c:\program files\common files\PC Tools
2012-03-28 14:02:34 -------- d-----w- c:\program files\PC Tools Security
2012-03-28 14:02:34 -------- d-----w- c:\documents and settings\user\application data\PC Tools
2012-03-28 14:02:34 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-03-28 11:58:39 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-27 21:06:38 -------- d-----w- c:\documents and settings\all users\application data\F4D55F3B000435DB0C0B2FB9D151FC4E
2012-03-20 12:03:45 -------- d-----w- c:\documents and settings\all users\application data\BVNJTOBZRP
2012-03-20 12:03:31 -------- d-----w- c:\documents and settings\all users\application data\fb4149
2012-03-19 12:40:43 41680 ----a-w- c:\windows\system32\drivers\epbqnqpm.sys
2012-03-16 17:18:19 -------- d-----w- c:\documents and settings\user\application data\PCPro
2012-03-16 17:18:19 -------- d-----w- c:\documents and settings\user\application data\PC Cleaners
2012-03-16 17:18:16 -------- d-----w- c:\documents and settings\all users\application data\PC1Data
.
==================== Find3M ====================
.
2012-03-16 17:19:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-16 17:17:53 5276432 ----a-w- c:\windows\uninst.exe
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 9:24:40.87 ===============










.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
BioAPI Framework
Browser Defender 3.0
Canon i960
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Thai
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Polish
CCC Help Portuguese
CCC Help Spanish
CCC Help Thai
Crystal Reports Basic Runtime for Visual Studio 2008
Dell Security Device Driver Pack
DENTRIX G4
DEXclaim Printer Driver
DEXIS Integrator for Dentrix
DEXIS Sensor Library
DEXIS Software Suite
Google Update Helper
Guru Limited Edition
Guru Limited Edition Server
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HSD OATS Remote Support
Intel® Management Engine Interface
Intel® Network Connections Drivers
IntelÆ Active Management Technology
Java™ 6 Update 11
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel Viewer 2003
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC++8.0 SP1 redistributables
Microsoft VC++9.0 redistributables
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Journal Viewer
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PDFCreator
PowerDVD
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Send to Dentrix Document Center (novaPDF Professional Desktop O
SetPoint
SignatureSetup
Sonic CinePlayer Decoder Pack
SoundMAX
SpyHunter
Spyware Doctor 8.0
ST Microelectronics TPM Driver Installer
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
UPEK TouchChip Fingerprint Reader
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Driver Package - STMicroelectronics (stmtpm) System (05/24/2007 1.00.04.15)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Install Manager
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 AM

Posted 03 April 2012 - 10:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

Wait for further instructions.

#3 magcrew

magcrew
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 03 April 2012 - 01:30 PM

Here are the logs





14:15:43.0906 0704 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
14:15:43.0906 0704 ============================================================
14:15:43.0906 0704 Current date / time: 2012/04/03 14:15:43.0906
14:15:43.0906 0704 SystemInfo:
14:15:43.0906 0704
14:15:43.0906 0704 OS Version: 5.1.2600 ServicePack: 3.0
14:15:43.0906 0704 Product type: Workstation
14:15:43.0906 0704 ComputerName: WORKSTATION11
14:15:43.0906 0704 UserName: User
14:15:43.0906 0704 Windows directory: C:\WINDOWS
14:15:43.0906 0704 System windows directory: C:\WINDOWS
14:15:43.0906 0704 Processor architecture: Intel x86
14:15:43.0906 0704 Number of processors: 2
14:15:43.0906 0704 Page size: 0x1000
14:15:43.0906 0704 Boot type: Normal boot
14:15:43.0906 0704 ============================================================
14:15:44.0250 0704 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:15:44.0265 0704 Drive \Device\Harddisk1\DR3 - Size: 0x7A1FC000 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:15:44.0265 0704 \Device\Harddisk0\DR0:
14:15:44.0265 0704 MBR used
14:15:44.0265 0704 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x94DF3B5
14:15:44.0265 0704 \Device\Harddisk1\DR3:
14:15:44.0265 0704 MBR used
14:15:44.0265 0704 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3D0FA1
14:15:44.0296 0704 Initialize success
14:15:44.0296 0704 ============================================================
14:15:59.0531 2200 ============================================================
14:15:59.0531 2200 Scan started
14:15:59.0531 2200 Mode: Manual;
14:15:59.0531 2200 ============================================================
14:15:59.0703 2200 8057 - ok
14:15:59.0828 2200 Abiosdsk - ok
14:15:59.0843 2200 abp480n5 - ok
14:15:59.0906 2200 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:15:59.0921 2200 ACPI - ok
14:15:59.0953 2200 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:15:59.0953 2200 ACPIEC - ok
14:15:59.0984 2200 ADIHdAudAddService (d80d1d73d1dbf38d0afe692c8bdc939a) C:\WINDOWS\system32\drivers\ADIHdAud.sys
14:15:59.0984 2200 ADIHdAudAddService - ok
14:16:00.0000 2200 adpu160m - ok
14:16:00.0078 2200 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:16:00.0078 2200 aec - ok
14:16:00.0125 2200 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:16:00.0156 2200 AFD - ok
14:16:00.0171 2200 Aha154x - ok
14:16:00.0203 2200 aic78u2 - ok
14:16:00.0218 2200 aic78xx - ok
14:16:00.0250 2200 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:16:00.0250 2200 Alerter - ok
14:16:00.0265 2200 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:16:00.0265 2200 ALG - ok
14:16:00.0281 2200 AliIde - ok
14:16:00.0281 2200 amsint - ok
14:16:00.0328 2200 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
14:16:00.0328 2200 AppMgmt - ok
14:16:00.0328 2200 asc - ok
14:16:00.0343 2200 asc3350p - ok
14:16:00.0359 2200 asc3550 - ok
14:16:00.0437 2200 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:16:00.0437 2200 aspnet_state - ok
14:16:00.0484 2200 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:16:00.0484 2200 AsyncMac - ok
14:16:00.0515 2200 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:16:00.0515 2200 atapi - ok
14:16:00.0531 2200 Atdisk - ok
14:16:00.0578 2200 Ati HotKey Poller (6a35387e02b57062b8eb1bac131116e6) C:\WINDOWS\system32\Ati2evxx.exe
14:16:00.0578 2200 Ati HotKey Poller - ok
14:16:00.0593 2200 ATI Smart (d60e9129bd6b8507e277f46ac773792b) C:\WINDOWS\system32\ati2sgag.exe
14:16:00.0609 2200 ATI Smart - ok
14:16:00.0687 2200 ati2mtag (fb3f4c60d58d11fb7c7cec927315b0ae) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:16:00.0687 2200 ati2mtag - ok
14:16:00.0765 2200 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:16:00.0765 2200 Atmarpc - ok
14:16:00.0812 2200 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:16:00.0812 2200 AudioSrv - ok
14:16:00.0859 2200 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:16:00.0859 2200 audstub - ok
14:16:00.0906 2200 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:16:00.0906 2200 Beep - ok
14:16:00.0953 2200 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:16:01.0015 2200 BITS - ok
14:16:01.0031 2200 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:16:01.0031 2200 Browser - ok
14:16:01.0203 2200 Browser Defender Update Service (703a815f29fbd618d1a516bf5335bc1a) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
14:16:01.0203 2200 Browser Defender Update Service - ok
14:16:01.0265 2200 btaudio (75f2f99751005d1dd9afcd599e2bf544) C:\WINDOWS\system32\drivers\btaudio.sys
14:16:01.0281 2200 btaudio - ok
14:16:01.0328 2200 BTDriver (ed53d949fca98b9f633f4dce97b1d859) C:\WINDOWS\system32\DRIVERS\btport.sys
14:16:01.0328 2200 BTDriver - ok
14:16:01.0390 2200 BTKRNL (1a8a1d4dc2cf946eecdb7ffc853bdc1d) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
14:16:01.0406 2200 BTKRNL - ok
14:16:01.0500 2200 btwdins (de1ce8c16dcbbbb17f92ba5c383e58ad) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
14:16:01.0531 2200 btwdins - ok
14:16:01.0562 2200 btwhid (8f9ecc34280dbe5f2df32cd7cf2aa439) C:\WINDOWS\system32\DRIVERS\btwhid.sys
14:16:01.0562 2200 btwhid - ok
14:16:01.0609 2200 BTWUSB (65d626c2f030a9555b716efaa1cfb4ba) C:\WINDOWS\system32\Drivers\btwusb.sys
14:16:01.0640 2200 BTWUSB - ok
14:16:01.0750 2200 catchme - ok
14:16:01.0781 2200 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:16:01.0781 2200 cbidf2k - ok
14:16:01.0796 2200 cd20xrnt - ok
14:16:01.0843 2200 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:16:01.0843 2200 Cdaudio - ok
14:16:01.0890 2200 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:16:01.0890 2200 Cdfs - ok
14:16:01.0921 2200 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:16:01.0937 2200 Cdrom - ok
14:16:01.0937 2200 Changer - ok
14:16:01.0984 2200 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:16:01.0984 2200 CiSvc - ok
14:16:02.0000 2200 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:16:02.0000 2200 ClipSrv - ok
14:16:02.0046 2200 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:16:02.0062 2200 clr_optimization_v2.0.50727_32 - ok
14:16:02.0156 2200 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:16:02.0156 2200 clr_optimization_v4.0.30319_32 - ok
14:16:02.0156 2200 CmdIde - ok
14:16:02.0171 2200 COMSysApp - ok
14:16:02.0203 2200 Cpqarray - ok
14:16:02.0218 2200 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:16:02.0218 2200 CryptSvc - ok
14:16:02.0234 2200 dac2w2k - ok
14:16:02.0234 2200 dac960nt - ok
14:16:02.0281 2200 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:16:02.0296 2200 DcomLaunch - ok
14:16:02.0343 2200 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:16:02.0343 2200 Dhcp - ok
14:16:02.0375 2200 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:16:02.0390 2200 Disk - ok
14:16:02.0390 2200 dmadmin - ok
14:16:02.0421 2200 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:16:02.0437 2200 dmboot - ok
14:16:02.0468 2200 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:16:02.0468 2200 dmio - ok
14:16:02.0484 2200 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:16:02.0484 2200 dmload - ok
14:16:02.0546 2200 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:16:02.0546 2200 dmserver - ok
14:16:02.0593 2200 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:16:02.0593 2200 DMusic - ok
14:16:02.0640 2200 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:16:02.0640 2200 Dnscache - ok
14:16:02.0687 2200 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:16:02.0687 2200 Dot3svc - ok
14:16:02.0703 2200 dpti2o - ok
14:16:02.0734 2200 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:16:02.0734 2200 drmkaud - ok
14:16:02.0781 2200 e1kexpress (d60759140694150360bbefd9cab7c920) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
14:16:02.0781 2200 e1kexpress - ok
14:16:02.0796 2200 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:16:02.0796 2200 EapHost - ok
14:16:02.0828 2200 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:16:02.0828 2200 ERSvc - ok
14:16:02.0921 2200 esgiguard (2407b8164e966755bc6a4242fc9de31e) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
14:16:02.0937 2200 esgiguard - ok
14:16:02.0984 2200 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:16:03.0000 2200 Eventlog - ok14:16:03.0046 2200 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:16:03.0046 2200 EventSystem - ok
14:16:03.0093 2200 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:16:03.0093 2200 Fastfat - ok
14:16:03.0140 2200 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:16:03.0140 2200 FastUserSwitchingCompatibility - ok
14:16:03.0156 2200 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:16:03.0156 2200 Fdc - ok
14:16:03.0171 2200 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:16:03.0171 2200 Fips - ok
14:16:03.0187 2200 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:16:03.0187 2200 Flpydisk - ok
14:16:03.0234 2200 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:16:03.0234 2200 FltMgr - ok
14:16:03.0312 2200 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:16:03.0328 2200 FontCache3.0.0.0 - ok
14:16:03.0328 2200 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:16:03.0328 2200 Fs_Rec - ok
14:16:03.0343 2200 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:16:03.0343 2200 Ftdisk - ok
14:16:03.0359 2200 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:16:03.0359 2200 Gpc - ok
14:16:03.0468 2200 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:16:03.0484 2200 gupdate - ok
14:16:03.0484 2200 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:16:03.0484 2200 gupdatem - ok
14:16:03.0531 2200 GuruLELicensing (d2e3adf5f2d4b4b8ba25283ffc241d38) C:\Program Files\Guru Limited Edition Server\GuruLEService.exe
14:16:03.0531 2200 GuruLELicensing - ok
14:16:03.0546 2200 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:16:03.0546 2200 HDAudBus - ok
14:16:03.0593 2200 HECI (e4a123ad734a3731d29ebd3a01b3e535) C:\WINDOWS\system32\DRIVERS\HECI.sys
14:16:03.0593 2200 HECI - ok
14:16:03.0671 2200 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:16:03.0671 2200 helpsvc - ok
14:16:03.0703 2200 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
14:16:03.0703 2200 HidServ - ok
14:16:03.0750 2200 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:16:03.0750 2200 hidusb - ok
14:16:03.0796 2200 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:16:03.0796 2200 hkmsvc - ok
14:16:03.0859 2200 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
14:16:03.0859 2200 HP Port Resolver - ok
14:16:03.0875 2200 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
14:16:03.0875 2200 HP Status Server - ok
14:16:03.0875 2200 hpn - ok
14:16:03.0937 2200 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:16:03.0937 2200 HTTP - ok
14:16:03.0953 2200 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:16:03.0953 2200 HTTPFilter - ok
14:16:03.0953 2200 i2omgmt - ok
14:16:03.0968 2200 i2omp - ok
14:16:03.0984 2200 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
14:16:03.0984 2200 i8042prt - ok
14:16:04.0031 2200 iaStor (6c44fa574a17b31e12ddbbe973171728) C:\WINDOWS\system32\DRIVERS\iaStor.sys
14:16:04.0031 2200 iaStor - ok
14:16:04.0125 2200 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:16:04.0156 2200 IDriverT - ok
14:16:04.0281 2200 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:16:04.0296 2200 idsvc - ok
14:16:04.0390 2200 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:16:04.0390 2200 Imapi - ok
14:16:04.0437 2200 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:16:04.0437 2200 ImapiService - ok
14:16:04.0453 2200 ini910u - ok
14:16:04.0468 2200 IntelIde - ok
14:16:04.0500 2200 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:16:04.0500 2200 intelppm - ok
14:16:04.0531 2200 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:16:04.0531 2200 Ip6Fw - ok
14:16:04.0546 2200 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:16:04.0562 2200 IpFilterDriver - ok
14:16:04.0609 2200 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:16:04.0609 2200 IpInIp - ok
14:16:04.0625 2200 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:16:04.0625 2200 IpNat - ok
14:16:04.0640 2200 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:16:04.0671 2200 IPSec - ok
14:16:04.0703 2200 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:16:04.0703 2200 IRENUM - ok
14:16:04.0734 2200 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:16:04.0734 2200 isapnp - ok
14:16:04.0859 2200 JavaQuickStarterService (32192b4ebe8720ed8d49a455c962cb91) C:\Program Files\Java\jre6\bin\jqs.exe
14:16:04.0859 2200 JavaQuickStarterService - ok
14:16:04.0859 2200 jgnlayj - ok
14:16:04.0906 2200 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:16:04.0906 2200 Kbdclass - ok
14:16:04.0953 2200 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:16:04.0953 2200 kbdhid - ok
14:16:04.0968 2200 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:16:04.0968 2200 kmixer - ok
14:16:05.0015 2200 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:16:05.0015 2200 KSecDD - ok
14:16:05.0062 2200 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:16:05.0062 2200 lanmanserver - ok
14:16:05.0078 2200 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:16:05.0078 2200 lanmanworkstation - ok
14:16:05.0078 2200 lbrtfdc - ok
14:16:05.0156 2200 LBTServ (bac3e78fff4044c90a98fbdd5f878efa) C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
14:16:05.0187 2200 LBTServ - ok
14:16:05.0203 2200 LHidKe (952c825c2a3014d4d1648309c42d8718) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
14:16:05.0203 2200 LHidKe - ok
14:16:05.0265 2200 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:16:05.0265 2200 LmHosts - ok
14:16:05.0265 2200 LMouKE (bb9cc32385c3320074009fe4b9b3b3b6) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
14:16:05.0281 2200 LMouKE - ok
14:16:05.0296 2200 LMS (4c9407a6550a031b4b42e68795a5c84d) C:\Program Files\Intel\AMT\LMS.exe
14:16:05.0296 2200 LMS - ok
14:16:05.0312 2200 lvpr2mon - ok
14:16:05.0390 2200 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
14:16:05.0390 2200 MDM - ok
14:16:05.0421 2200 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:16:05.0421 2200 Messenger - ok
14:16:05.0453 2200 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:16:05.0468 2200 mnmdd - ok
14:16:05.0515 2200 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:16:05.0515 2200 mnmsrvc - ok
14:16:05.0562 2200 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:16:05.0562 2200 Modem - ok
14:16:05.0609 2200 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:16:05.0609 2200 Mouclass - ok
14:16:05.0609 2200 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:16:05.0625 2200 mouhid - ok
14:16:05.0625 2200 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:16:05.0625 2200 MountMgr - ok
14:16:05.0656 2200 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
14:16:05.0656 2200 MpFilter - ok
14:16:05.0765 2200 MpKsl2ffc62c4 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{374BE867-662F-44A5-8279-B2D00C76B2A6}\MpKsl2ffc62c4.sys
14:16:05.0765 2200 MpKsl2ffc62c4 - ok
14:16:05.0812 2200 mraid35x - ok
14:16:05.0828 2200 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:16:05.0828 2200 MRxDAV - ok
14:16:05.0875 2200 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:16:05.0890 2200 MRxSmb - ok
14:16:05.0937 2200 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:16:05.0937 2200 MSDTC - ok
14:16:05.0953 2200 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:16:05.0953 2200 Msfs - ok
14:16:05.0968 2200 MSIServer - ok
14:16:06.0000 2200 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:16:06.0000 2200 MSKSSRV - ok
14:16:06.0109 2200 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
14:16:06.0109 2200 MsMpSvc - ok
14:16:06.0109 2200 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:16:06.0109 2200 MSPCLOCK - ok
14:16:06.0125 2200 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:16:06.0125 2200 MSPQM - ok
14:16:06.0140 2200 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:16:06.0140 2200 mssmbios - ok
14:16:06.0156 2200 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:16:06.0171 2200 Mup - ok
14:16:06.0218 2200 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:16:06.0218 2200 napagent - ok
14:16:06.0281 2200 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:16:06.0281 2200 NDIS - ok
14:16:06.0328 2200 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:16:06.0328 2200 NdisTapi - ok
14:16:06.0343 2200 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:16:06.0343 2200 Ndisuio - ok
14:16:06.0359 2200 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:16:06.0359 2200 NdisWan - ok
14:16:06.0406 2200 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:16:06.0406 2200 NDProxy - ok
14:16:06.0406 2200 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:16:06.0406 2200 NetBIOS - ok
14:16:06.0421 2200 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:16:06.0453 2200 NetBT - ok
14:16:06.0500 2200 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:16:06.0500 2200 NetDDE - ok
14:16:06.0515 2200 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:16:06.0515 2200 NetDDEdsdm - ok
14:16:06.0578 2200 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:16:06.0578 2200 Netlogon - ok
14:16:06.0593 2200 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:16:06.0593 2200 Netman - ok
14:16:06.0703 2200 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:16:06.0718 2200 NetTcpPortSharing - ok
14:16:06.0750 2200 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:16:06.0765 2200 Nla - ok
14:16:06.0781 2200 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:16:06.0781 2200 Npfs - ok
14:16:06.0796 2200 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:16:06.0796 2200 Ntfs - ok
14:16:06.0843 2200 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:16:06.0843 2200 NtLmSsp - ok
14:16:06.0890 2200 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:16:06.0890 2200 NtmsSvc - ok
14:16:06.0921 2200 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:16:06.0921 2200 Null - ok
14:16:06.0953 2200 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:16:06.0953 2200 NwlnkFlt - ok
14:16:06.0968 2200 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:16:06.0968 2200 NwlnkFwd - ok
14:16:07.0093 2200 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:16:07.0093 2200 odserv - ok
14:16:07.0125 2200 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:16:07.0125 2200 ose - ok
14:16:07.0187 2200 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:16:07.0187 2200 Parport - ok
14:16:07.0187 2200 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:16:07.0203 2200 PartMgr - ok
14:16:07.0203 2200 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:16:07.0203 2200 ParVdm - ok
14:16:07.0234 2200 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
14:16:07.0234 2200 PBADRV - ok
14:16:07.0234 2200 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:16:07.0250 2200 PCI - ok
14:16:07.0281 2200 PCIDump - ok
14:16:07.0312 2200 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:16:07.0328 2200 PCIIde - ok
14:16:07.0343 2200 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:16:07.0343 2200 Pcmcia - ok
14:16:07.0375 2200 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\WINDOWS\system32\drivers\PCTCore.sys
14:16:07.0375 2200 PCTCore - ok
14:16:07.0390 2200 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
14:16:07.0390 2200 pctDS - ok
14:16:07.0437 2200 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
14:16:07.0453 2200 pctEFA - ok
14:16:07.0468 2200 pctgntdi (b76c829f00b9b534405b4ed5f58b8f52) C:\WINDOWS\system32\drivers\pctgntdi.sys
14:16:07.0484 2200 pctgntdi - ok
14:16:07.0515 2200 pctplsg (c5c488e6232b29f5744b8f7988a20730) C:\WINDOWS\system32\drivers\pctplsg.sys
14:16:07.0515 2200 pctplsg - ok
14:16:07.0531 2200 PDCOMP - ok
14:16:07.0546 2200 PDFRAME - ok
14:16:07.0562 2200 PDRELI - ok
14:16:07.0562 2200 PDRFRAME - ok
14:16:07.0578 2200 perc2 - ok
14:16:07.0593 2200 perc2hib - ok
14:16:07.0671 2200 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:16:07.0671 2200 PlugPlay - ok
14:16:07.0718 2200 Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\WINDOWS\system32\HPZipm12.dll
14:16:07.0796 2200 Pml Driver HPZ12 - ok
14:16:07.0968 2200 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:16:07.0968 2200 PolicyAgent - ok
14:16:08.0109 2200 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:16:08.0109 2200 PptpMiniport - ok
14:16:08.0125 2200 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:16:08.0125 2200 ProtectedStorage - ok
14:16:08.0140 2200 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:16:08.0140 2200 PSched - ok
14:16:08.0171 2200 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:16:08.0171 2200 Ptilink - ok
14:16:08.0234 2200 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:16:08.0234 2200 PxHelp20 - ok
14:16:08.0250 2200 ql1080 - ok
14:16:08.0296 2200 Ql10wnt - ok
14:16:08.0312 2200 ql12160 - ok
14:16:08.0343 2200 ql1240 - ok
14:16:08.0359 2200 ql1280 - ok
14:16:08.0390 2200 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:16:08.0390 2200 RasAcd - ok
14:16:08.0437 2200 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:16:08.0437 2200 RasAuto - ok
14:16:08.0468 2200 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:16:08.0484 2200 Rasl2tp - ok
14:16:08.0531 2200 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:16:08.0531 2200 RasMan - ok
14:16:08.0562 2200 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:16:08.0562 2200 RasPppoe - ok
14:16:08.0578 2200 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:16:08.0578 2200 Raspti - ok
14:16:08.0625 2200 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:16:08.0671 2200 Rdbss - ok
14:16:08.0687 2200 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:16:08.0687 2200 RDPCDD - ok
14:16:08.0718 2200 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:16:08.0718 2200 rdpdr - ok
14:16:08.0765 2200 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
14:16:08.0765 2200 RDPWD - ok
14:16:08.0828 2200 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:16:08.0828 2200 RDSessMgr - ok
14:16:08.0875 2200 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:16:08.0890 2200 redbook - ok
14:16:08.0937 2200 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:16:08.0937 2200 RemoteAccess - ok
14:16:08.0984 2200 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
14:16:08.0984 2200 RemoteRegistry - ok
14:16:09.0000 2200 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:16:09.0000 2200 RpcLocator - ok
14:16:09.0062 2200 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
14:16:09.0062 2200 RpcSs - ok
14:16:09.0109 2200 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:16:09.0125 2200 RSVP - ok
14:16:09.0156 2200 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:16:09.0156 2200 SamSs - ok
14:16:09.0187 2200 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:16:09.0187 2200 SCardSvr - ok
14:16:09.0218 2200 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:16:09.0218 2200 Schedule - ok
14:16:09.0390 2200 sdAuxService (a1089ac7683826e6c7c9fab9723dd80f) C:\Program Files\PC Tools Security\pctsAuxs.exe
14:16:09.0390 2200 sdAuxService - ok
14:16:09.0421 2200 sdCoreService (ed6c2efeb47524bff4d5e5109fb1a2bb) C:\Program Files\PC Tools Security\pctsSvc.exe
14:16:09.0437 2200 sdCoreService - ok
14:16:09.0593 2200 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:16:09.0593 2200 Secdrv - ok
14:16:09.0656 2200 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:16:09.0656 2200 seclogon - ok
14:16:09.0703 2200 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:16:09.0703 2200 SENS - ok
14:16:09.0750 2200 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:16:09.0750 2200 serenum - ok
14:16:09.0781 2200 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:16:09.0796 2200 Serial - ok
14:16:09.0875 2200 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
14:16:09.0875 2200 SFAUDIO - ok
14:16:09.0890 2200 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:16:09.0890 2200 Sfloppy - ok
14:16:09.0937 2200 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:16:09.0937 2200 SharedAccess - ok
14:16:10.0000 2200 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:16:10.0000 2200 ShellHWDetection - ok
14:16:10.0000 2200 Simbad - ok
14:16:10.0015 2200 Sparrow - ok
14:16:10.0046 2200 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:16:10.0046 2200 splitter - ok
14:16:10.0078 2200 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:16:10.0093 2200 Spooler - ok
14:16:10.0234 2200 SpyHunter 4 Service (63f2b52947577dbb075fe646bc758a2f) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
14:16:10.0281 2200 SpyHunter 4 Service - ok
14:16:10.0296 2200 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:16:10.0296 2200 sr - ok
14:16:10.0375 2200 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:16:10.0390 2200 srservice - ok
14:16:10.0437 2200 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:16:10.0437 2200 Srv - ok
14:16:10.0453 2200 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:16:10.0453 2200 SSDPSRV - ok
14:16:10.0515 2200 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:16:10.0515 2200 stisvc - ok
14:16:10.0531 2200 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:16:10.0531 2200 swenum - ok
14:16:10.0578 2200 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:16:10.0578 2200 swmidi - ok
14:16:10.0593 2200 SwPrv - ok
14:16:10.0593 2200 symc810 - ok
14:16:10.0609 2200 symc8xx - ok
14:16:10.0625 2200 sym_hi - ok
14:16:10.0640 2200 sym_u3 - ok
14:16:10.0656 2200 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:16:10.0656 2200 sysaudio - ok
14:16:10.0671 2200 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:16:10.0671 2200 SysmonLog - ok
14:16:10.0687 2200 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:16:10.0703 2200 TapiSrv - ok
14:16:10.0750 2200 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:16:10.0765 2200 Tcpip - ok
14:16:10.0781 2200 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:16:10.0781 2200 TDPIPE - ok
14:16:10.0812 2200 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:16:10.0812 2200 TDTCP - ok
14:16:10.0859 2200 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:16:10.0859 2200 TermDD - ok
14:16:10.0906 2200 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:16:10.0906 2200 TermService - ok
14:16:10.0953 2200 TfFsMon (18d09508877e3f697866b39e9d0e6dcf) C:\WINDOWS\system32\drivers\TfFsMon.sys
14:16:10.0953 2200 TfFsMon - ok
14:16:11.0000 2200 TfNetMon (c657f352613d8e592efb54cc35f21f5e) C:\WINDOWS\system32\drivers\TfNetMon.sys
14:16:11.0000 2200 TfNetMon - ok
14:16:11.0031 2200 TFSysMon (71e3073419cfda8d60813c1502acc420) C:\WINDOWS\system32\drivers\TfSysMon.sys
14:16:11.0031 2200 TFSysMon - ok
14:16:11.0093 2200 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:16:11.0093 2200 Themes - ok
14:16:11.0250 2200 ThreatFire - ok
14:16:11.0312 2200 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
14:16:11.0312 2200 TlntSvr - ok
14:16:11.0343 2200 TosIde - ok
14:16:11.0390 2200 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:16:11.0406 2200 TrkWks - ok
14:16:11.0437 2200 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:16:11.0437 2200 Udfs - ok
14:16:11.0453 2200 ultra - ok
14:16:11.0531 2200 UNS (361d6713a0b6821b7a99439e70cebd4e) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
14:16:11.0546 2200 UNS - ok
14:16:11.0593 2200 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:16:11.0609 2200 Update - ok
14:16:11.0640 2200 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:16:11.0656 2200 upnphost - ok
14:16:11.0671 2200 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:16:11.0671 2200 UPS - ok
14:16:11.0718 2200 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:16:11.0734 2200 usbccgp - ok
14:16:11.0750 2200 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:16:11.0750 2200 usbehci - ok
14:16:11.0796 2200 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:16:11.0796 2200 usbhub - ok
14:16:11.0843 2200 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:16:11.0843 2200 usbprint - ok
14:16:11.0875 2200 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:16:11.0875 2200 USBSTOR - ok
14:16:11.0906 2200 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:16:11.0906 2200 usbuhci - ok
14:16:11.0906 2200 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:16:11.0906 2200 VgaSave - ok
14:16:11.0921 2200 ViaIde - ok
14:16:11.0937 2200 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:16:11.0937 2200 VolSnap - ok
14:16:11.0953 2200 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:16:11.0968 2200 VSS - ok
14:16:11.0984 2200 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:16:11.0984 2200 W32Time - ok
14:16:12.0000 2200 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:16:12.0000 2200 Wanarp - ok
14:16:12.0015 2200 WDICA - ok
14:16:12.0031 2200 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:16:12.0031 2200 wdmaud - ok
14:16:12.0046 2200 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:16:12.0046 2200 WebClient - ok
14:16:12.0093 2200 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:16:12.0093 2200 winmgmt - ok
14:16:12.0156 2200 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:16:12.0156 2200 WmdmPmSN - ok
14:16:12.0218 2200 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
14:16:12.0218 2200 Wmi - ok
14:16:12.0265 2200 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:16:12.0265 2200 WmiAcpi - ok
14:16:12.0281 2200 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:16:12.0281 2200 WmiApSrv - ok
14:16:12.0421 2200 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:16:12.0437 2200 WMPNetworkSvc - ok
14:16:12.0703 2200 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:16:12.0718 2200 WPFFontCache_v0400 - ok
14:16:12.0828 2200 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:16:12.0828 2200 WS2IFSL - ok
14:16:12.0890 2200 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:16:12.0890 2200 wscsvc - ok
14:16:12.0937 2200 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:16:12.0937 2200 wuauserv - ok
14:16:12.0984 2200 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:16:12.0984 2200 WudfPf - ok
14:16:13.0031 2200 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:16:13.0031 2200 WudfRd - ok
14:16:13.0078 2200 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:16:13.0078 2200 WudfSvc - ok
14:16:13.0140 2200 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:16:13.0140 2200 WZCSVC - ok
14:16:13.0171 2200 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:16:13.0171 2200 xmlprov - ok
14:16:13.0187 2200 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
14:16:13.0218 2200 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
14:16:13.0218 2200 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
14:16:13.0218 2200 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
14:16:13.0218 2200 \Device\Harddisk1\DR3 - ok
14:16:13.0250 2200 Boot (0x1200) (a313c61338c893e7778688f5c0a1ce0a) \Device\Harddisk0\DR0\Partition0
14:16:13.0250 2200 \Device\Harddisk0\DR0\Partition0 - ok
14:16:13.0250 2200 Boot (0x1200) (88fdc8598fcda5549bd743f34ff73850) \Device\Harddisk1\DR3\Partition0
14:16:13.0250 2200 \Device\Harddisk1\DR3\Partition0 - ok
14:16:13.0250 2200 ============================================================
14:16:13.0250 2200 Scan finished
14:16:13.0250 2200 ============================================================
14:16:13.0281 2156 Detected object count: 1
14:16:13.0281 2156 Actual detected object count: 1
14:16:39.0984 2156 \Device\Harddisk0\DR0\# - copied to quarantine
14:16:40.0015 2156 \Device\Harddisk0\DR0 - copied to quarantine
14:16:40.0250 2156 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
14:16:40.0296 2156 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:16:40.0390 2156 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
14:16:40.0515 2156 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:16:40.0609 2156 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:16:40.0687 2156 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
14:16:41.0421 2156 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
14:16:41.0515 2156 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
14:16:41.0515 2156 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
14:16:41.0515 2156 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
14:16:41.0531 2156 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
14:16:41.0578 2156 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
14:16:41.0593 2156 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
14:16:41.0593 2156 \Device\Harddisk0\DR0 - ok
14:16:42.0687 2156 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
14:16:48.0250 0568 Deinitialize success








aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-03 14:19:27
-----------------------------
14:19:27.890 OS Version: Windows 5.1.2600 Service Pack 3
14:19:27.890 Number of processors: 2 586 0x170A
14:19:27.890 ComputerName: WORKSTATION11 UserName: User
14:19:28.203 Initialize success
14:20:40.671 AVAST engine download error: 0
14:22:05.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:22:05.640 Disk 0 Vendor: SAMSUNG_ 1AC0 Size: 76293MB BusType: 3
14:22:05.656 Disk 0 MBR read successfully
14:22:05.656 Disk 0 MBR scan
14:22:05.656 Disk 0 Windows XP default MBR code
14:22:05.656 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
14:22:05.671 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76222 MB offset 128520
14:22:05.671 Disk 0 scanning sectors +156232125
14:22:05.734 Disk 0 scanning C:\WINDOWS\system32\drivers
14:22:11.250 Service scanning
14:22:15.687 Service MpKsl09e4160d c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{374BE867-662F-44A5-8279-B2D00C76B2A6}\MpKsl09e4160d.sys **LOCKED** 32
14:22:20.531 Modules scanning
14:22:24.109 Disk 0 trace - called modules:
14:22:24.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys iaStor.sys hal.dll
14:22:24.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a545ab8]
14:22:24.125 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x89bc8348]
14:22:24.125 5 PCTCore.sys[b9dd3099] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x89fc9028]
14:22:24.125 Scan finished successfully
14:22:41.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
14:22:41.812 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"



Attached File  MBR.zip   513bytes   0 downloads

Edited by magcrew, 03 April 2012 - 02:29 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 AM

Posted 04 April 2012 - 08:16 AM

Looking better.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#5 magcrew

magcrew
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 04 April 2012 - 09:48 AM

After running combpfix I rebooted and the "Best Virus Protection" is still there







ComboFix 12-04-04.02 - User 04/04/2012 10:14:25.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2030.1543 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\ComboFix-1.exe
AV: Best Virus Protection *Enabled/Updated* {89553CAB-B403-47D6-A552-9C899B552C5D}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
FW: Best Virus Protection *Enabled* {73B2A6D5-2A85-4542-A9AC-3D6C5B9912B8}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 14:12 . 2012-04-04 14:12 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{543076B5-94F3-469E-89C4-5ABE152ACEFF}\MpKslf170c846.sys
2012-04-04 14:09 . 2012-04-04 14:09 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{543076B5-94F3-469E-89C4-5ABE152ACEFF}\offreg.dll
2012-04-03 19:16 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{543076B5-94F3-469E-89C4-5ABE152ACEFF}\mpengine.dll
2012-04-03 18:16 . 2012-04-03 18:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 00:07 . 2012-04-03 00:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-04-02 20:23 . 2008-04-14 06:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-03-29 02:36 . 2010-12-02 15:33 69392 ------w- c:\windows\system32\drivers\TfSysMon.sys
2012-03-29 02:36 . 2010-12-02 15:33 51984 ------w- c:\windows\system32\drivers\TfFsMon.sys
2012-03-29 02:36 . 2010-12-02 15:33 33552 ------w- c:\windows\system32\drivers\TfNetMon.sys
2012-03-29 00:52 . 2012-03-29 00:52 110080 ----a-w- c:\documents and settings\User\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe
2012-03-29 00:52 . 2012-03-29 00:52 110080 ----a-w- c:\documents and settings\User\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe
2012-03-29 00:52 . 2012-03-29 00:52 110080 ----a-w- c:\documents and settings\User\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe
2012-03-29 00:52 . 2012-03-29 00:52 -------- d-----w- C:\sh4ldr
2012-03-29 00:52 . 2012-03-29 00:52 -------- d-----w- c:\program files\Enigma Software Group
2012-03-29 00:51 . 2012-03-29 00:52 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-29 00:51 . 2012-03-29 00:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-03-28 18:24 . 2012-03-28 18:24 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Threat Expert
2012-03-28 16:50 . 2010-12-09 14:48 1996752 ----a-w- c:\windows\PCTBDCore.dll
2012-03-28 16:50 . 2010-12-03 19:34 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-03-28 16:50 . 2010-12-03 19:34 1533904 ----a-w- c:\windows\PCTBDRes.dll
2012-03-28 16:50 . 2010-12-03 19:34 767952 ----a-w- c:\windows\BDTSupport.dll
2012-03-28 16:38 . 2008-04-14 04:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-03-28 16:38 . 2008-04-14 04:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-03-28 14:03 . 2010-07-16 18:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-03-28 14:03 . 2010-07-16 18:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-03-28 14:03 . 2010-11-17 14:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-03-28 14:03 . 2010-11-25 14:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-03-28 14:03 . 2010-11-25 14:43 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-03-28 14:02 . 2010-11-25 14:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-03-28 14:02 . 2012-03-28 14:06 -------- d-----w- c:\program files\Common Files\PC Tools
2012-03-28 14:02 . 2012-04-02 13:10 -------- d-----w- c:\program files\PC Tools Security
2012-03-28 14:02 . 2012-03-29 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-03-28 14:02 . 2012-03-28 14:02 -------- d-----w- c:\documents and settings\User\Application Data\PC Tools
2012-03-27 21:06 . 2012-03-27 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F3B000435DB0C0B2FB9D151FC4E
2012-03-27 19:53 . 2012-03-30 15:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-03-27 14:15 . 2012-03-27 14:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-03-26 12:13 . 2012-03-26 12:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-03-20 12:03 . 2012-03-20 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\BVNJTOBZRP
2012-03-20 12:03 . 2012-03-27 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\fb4149
2012-03-19 12:40 . 2012-03-19 12:40 41680 ----a-w- c:\windows\system32\drivers\epbqnqpm.sys
2012-03-16 17:18 . 2012-04-02 12:18 -------- d-----w- c:\documents and settings\User\Application Data\PC Cleaners
2012-03-16 17:18 . 2012-03-19 15:57 -------- d-----w- c:\documents and settings\User\Application Data\PCPro
2012-03-16 17:18 . 2012-03-16 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-16 17:19 . 2012-01-04 21:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-16 17:17 . 2009-01-21 17:43 5276432 ----a-w- c:\windows\uninst.exe
2012-03-14 02:15 . 2011-10-17 19:05 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-10-17 19:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 19:06 . 2012-02-15 18:05 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2009-01-15 15:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-02_20.44.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-04 14:09 . 2012-04-04 14:09 16384 c:\windows\temp\Perflib_Perfdata_1d8.dat
+ 2006-02-28 12:00 . 2012-04-04 14:13 80560 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2012-04-02 20:29 80560 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2012-04-04 14:13 484164 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2012-04-02 20:29 484164 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DtxQuickLaunch.exe"="c:\program files\Dentrix\DtxQuickLaunch.exe" [2010-11-11 89240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-24 1044480]
"OATSWALLPAPER"="c:\original\BgInfo\Bginfo.exe" [2009-01-16 845864]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
PA Manager.lnk - c:\program files\Dentrixold\PAMgr.exe [2009-11-23 852480]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-6-12 622653]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2006-04-27 16:30 53248 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eSync Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eSync Reminder.lnk
backup=c:\windows\pss\eSync Reminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
backup=c:\windows\pss\SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WebSync Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WebSync Reminder.lnk
backup=c:\windows\pss\WebSync Reminder.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech BT Wizard]
LBTWiz.exe -silent [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-12-01 18:49 1589208 ----a-w- c:\program files\PC Tools Security\pctsGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2005-12-20 23:38 28160 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTools FGuard]
2010-12-03 19:34 108496 ----a-w- c:\program files\PC Tools Security\BDT\FGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 05:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
2012-01-18 10:22 4767648 ----a-w- c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 18:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/28/2012 10:03 AM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [3/28/2012 10:03 AM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [3/28/2012 10:03 AM 656320]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [1/15/2009 11:50 AM 24064]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [3/28/2012 10:36 PM 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [3/28/2012 10:36 PM 69392]
R1 MpKslf170c846;MpKslf170c846;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{543076B5-94F3-469E-89C4-5ABE152ACEFF}\MpKslf170c846.sys [4/4/2012 10:12 AM 29904]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/28/2012 10:03 AM 249616]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [3/28/2012 12:50 PM 247760]
R2 GuruLELicensing;Guru Limited Edition Licensing;c:\program files\Guru Limited Edition Server\GuruLEService.exe [4/28/2008 8:53 PM 60416]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [1/15/2009 12:00 PM 2054680]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [1/15/2009 12:00 PM 144480]
S0 jgnlayj;jgnlayj;c:\windows\system32\drivers\unowdqj.sys --> c:\windows\system32\drivers\unowdqj.sys [?]
S2 8057;8057;\??\c:\docume~1\User\LOCALS~1\Temp\8057.sys --> c:\docume~1\User\LOCALS~1\Temp\8057.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2012 5:07 PM 136176]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1/18/2012 6:21 AM 737184]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [5/6/2011 3:57 PM 13904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2012 5:07 PM 136176]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [3/28/2012 10:02 AM 70536]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [3/28/2012 10:02 AM 366840]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [3/28/2012 10:36 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLF170C846
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lvpr2mon
Wtcls2k
InCDsrvR
nwlnknb
midisyn
axsaki
SE2Bbus
MA-620
teefer
pavagente
whoisd32
int15
Memctl
smservaz
{834170a7-af3b-4d34-a757-e05eb29ee96d}
usbatapi2000
tdcmdpst
ikhfile
FET5X86V
msi_wlan_service
CdaD10BA
cdfsvc
xcomm
netwg311
Via4in1
USB_RNDIS
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-04 21:07]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-04 21:07]
.
2012-04-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.henryschein.com/Default.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-04 10:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'lsass.exe'(796)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(2308)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-04 10:25:28
ComboFix-quarantined-files.txt 2012-04-04 14:25
ComboFix2.txt 2012-04-03 18:45
ComboFix3.txt 2012-04-03 13:46
ComboFix4.txt 2012-04-03 12:44
ComboFix5.txt 2012-04-04 14:13
.
Pre-Run: 43,451,899,904 bytes free
Post-Run: 43,436,281,856 bytes free
.
- - End Of File - - 0C5435F8281353510347E26AADAAA694







Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
SignatureSetup
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Spyware Doctor 8.0
SpyHunter
Java™ 6 Update 11
Java version out of date!
Adobe Flash Player 10.0.42.34 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 AM

Posted 04 April 2012 - 01:10 PM

Open notepad and copy/paste the text in the quote box below into it:

Driver::
jgnlayj
8057

ClearJavaCache::



Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 11


===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Secunia Personal Software Inspector (PSI)
http://secunia.com/vulnerability_scanning/personal/
Secunia PSI is a security scanner which identifies programs that are insecure and need updates.
If interested in security I would download the tool and run it.
<<<>>>

Please post a fresh DDS log and include the latest ComboFix log as well.

Let me know that problem you are experiencing when you start the computer.
I do not see any running program in the startup key that would trigger a bad message.

#7 magcrew

magcrew
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 05 April 2012 - 11:35 AM

There is no problems when starting - every time I use combo fix it tells me that "Best Virus Protection" is running.

Here are the logs



ComboFix 12-04-04.02 - User 04/05/2012 8:05.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2030.1562 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\ComboFix-1.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: Best Virus Protection *Enabled/Updated* {89553CAB-B403-47D6-A552-9C899B552C5D}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
FW: Best Virus Protection *Enabled* {73B2A6D5-2A85-4542-A9AC-3D6C5B9912B8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_8057
-------\Service_8057
-------\Service_jgnlayj
.
.
((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
.
.
2012-04-05 12:25 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9349DC71-17D3-4581-AB4E-BEBF5206C178}\mpengine.dll
2012-04-05 12:14 . 2012-04-05 12:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2012-04-04 22:52 . 2012-04-04 22:53 -------- d-----w- C:\ComboFix-1
2012-04-03 18:16 . 2012-04-03 18:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 00:07 . 2012-04-03 00:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-04-02 20:23 . 2008-04-14 06:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-03-29 02:36 . 2010-12-02 15:33 69392 ------w- c:\windows\system32\drivers\TfSysMon.sys
2012-03-29 02:36 . 2010-12-02 15:33 51984 ------w- c:\windows\system32\drivers\TfFsMon.sys
2012-03-29 02:36 . 2010-12-02 15:33 33552 ------w- c:\windows\system32\drivers\TfNetMon.sys
2012-03-29 00:52 . 2012-03-29 00:52 110080 ----a-w- c:\documents and settings\User\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe
2012-03-29 00:52 . 2012-03-29 00:52 110080 ----a-w- c:\documents and settings\User\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe
2012-03-29 00:52 . 2012-03-29 00:52 110080 ----a-w- c:\documents and settings\User\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe
2012-03-29 00:52 . 2012-03-29 00:52 -------- d-----w- C:\sh4ldr
2012-03-29 00:52 . 2012-03-29 00:52 -------- d-----w- c:\program files\Enigma Software Group
2012-03-29 00:51 . 2012-03-29 00:52 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-29 00:51 . 2012-03-29 00:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-03-28 18:24 . 2012-03-28 18:24 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Threat Expert
2012-03-28 16:50 . 2010-12-09 14:48 1996752 ----a-w- c:\windows\PCTBDCore.dll
2012-03-28 16:50 . 2010-12-03 19:34 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-03-28 16:50 . 2010-12-03 19:34 1533904 ----a-w- c:\windows\PCTBDRes.dll
2012-03-28 16:50 . 2010-12-03 19:34 767952 ----a-w- c:\windows\BDTSupport.dll
2012-03-28 16:38 . 2008-04-14 04:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-03-28 16:38 . 2008-04-14 04:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-03-28 14:03 . 2010-07-16 18:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-03-28 14:03 . 2010-07-16 18:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-03-28 14:03 . 2010-11-17 14:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-03-28 14:03 . 2010-11-25 14:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-03-28 14:03 . 2010-11-25 14:43 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-03-28 14:02 . 2010-11-25 14:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-03-28 14:02 . 2012-03-28 14:06 -------- d-----w- c:\program files\Common Files\PC Tools
2012-03-28 14:02 . 2012-04-02 13:10 -------- d-----w- c:\program files\PC Tools Security
2012-03-28 14:02 . 2012-03-29 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-03-28 14:02 . 2012-03-28 14:02 -------- d-----w- c:\documents and settings\User\Application Data\PC Tools
2012-03-27 21:06 . 2012-03-27 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F3B000435DB0C0B2FB9D151FC4E
2012-03-27 19:53 . 2012-03-30 15:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-03-27 14:15 . 2012-03-27 14:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-03-26 12:13 . 2012-03-26 12:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-03-20 12:03 . 2012-03-20 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\BVNJTOBZRP
2012-03-20 12:03 . 2012-03-27 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\fb4149
2012-03-19 12:40 . 2012-03-19 12:40 41680 ----a-w- c:\windows\system32\drivers\epbqnqpm.sys
2012-03-16 17:18 . 2012-04-02 12:18 -------- d-----w- c:\documents and settings\User\Application Data\PC Cleaners
2012-03-16 17:18 . 2012-03-19 15:57 -------- d-----w- c:\documents and settings\User\Application Data\PCPro
2012-03-16 17:18 . 2012-03-16 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-16 17:19 . 2012-01-04 21:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-16 17:17 . 2009-01-21 17:43 5276432 ----a-w- c:\windows\uninst.exe
2012-03-14 02:15 . 2011-10-17 19:05 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-10-17 19:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 19:06 . 2012-02-15 18:05 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2009-01-15 15:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-02_20.44.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-05 12:14 . 2012-04-05 12:14 16384 c:\windows\temp\Perflib_Perfdata_684.dat
+ 2006-02-28 12:00 . 2012-04-05 12:31 80560 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2012-04-02 20:29 80560 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2012-04-05 12:31 484164 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2012-04-02 20:29 484164 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DtxQuickLaunch.exe"="c:\program files\Dentrix\DtxQuickLaunch.exe" [2010-11-11 89240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-24 1044480]
"OATSWALLPAPER"="c:\original\BgInfo\Bginfo.exe" [2009-01-16 845864]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
PA Manager.lnk - c:\program files\Dentrixold\PAMgr.exe [2009-11-23 852480]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-6-12 622653]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2006-04-27 16:30 53248 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eSync Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eSync Reminder.lnk
backup=c:\windows\pss\eSync Reminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
backup=c:\windows\pss\SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WebSync Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WebSync Reminder.lnk
backup=c:\windows\pss\WebSync Reminder.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech BT Wizard]
LBTWiz.exe -silent [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-12-01 18:49 1589208 ----a-w- c:\program files\PC Tools Security\pctsGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2005-12-20 23:38 28160 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTools FGuard]
2010-12-03 19:34 108496 ----a-w- c:\program files\PC Tools Security\BDT\FGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 05:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
2012-01-18 10:22 4767648 ----a-w- c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 18:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/28/2012 10:03 AM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [3/28/2012 10:03 AM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [3/28/2012 10:03 AM 656320]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [1/15/2009 11:50 AM 24064]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [3/28/2012 10:36 PM 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [3/28/2012 10:36 PM 69392]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/28/2012 10:03 AM 249616]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [3/28/2012 12:50 PM 247760]
R2 GuruLELicensing;Guru Limited Edition Licensing;c:\program files\Guru Limited Edition Server\GuruLEService.exe [4/28/2008 8:53 PM 60416]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1/18/2012 6:21 AM 737184]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [1/15/2009 12:00 PM 2054680]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [1/15/2009 12:00 PM 144480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2012 5:07 PM 136176]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [5/6/2011 3:57 PM 13904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2012 5:07 PM 136176]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [3/28/2012 10:02 AM 70536]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [3/28/2012 10:02 AM 366840]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [3/28/2012 10:36 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lvpr2mon
Wtcls2k
InCDsrvR
nwlnknb
midisyn
axsaki
SE2Bbus
MA-620
teefer
pavagente
whoisd32
int15
Memctl
smservaz
{834170a7-af3b-4d34-a757-e05eb29ee96d}
usbatapi2000
tdcmdpst
ikhfile
FET5X86V
msi_wlan_service
CdaD10BA
cdfsvc
xcomm
netwg311
Via4in1
USB_RNDIS
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-04 21:07]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-04 21:07]
.
2012-04-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.henryschein.com/Default.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-05 08:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'lsass.exe'(816)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(2292)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
.
**************************************************************************
.
Completion time: 2012-04-05 08:33:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-05 12:33
ComboFix2.txt 2012-04-04 14:25
ComboFix3.txt 2012-04-03 18:45
ComboFix4.txt 2012-04-03 13:46
ComboFix5.txt 2012-04-04 22:52
.
Pre-Run: 43,717,791,744 bytes free
Post-Run: 43,668,930,560 bytes free
.
- - End Of File - - B980D39E34D3730A3B71E043F23EA7F6

Attached Files

  • Attached File  MBR.zip   513bytes   0 downloads


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 AM

Posted 05 April 2012 - 01:17 PM

I was looking at the ComboFix without paying attention to the Header.

This should fix it.

Open notepad and copy/paste the text in the quote box below into it:

SecCenter::
{89553CAB-B403-47D6-A552-9C899B552C5D}
{73B2A6D5-2A85-4542-A9AC-3D6C5B9912B8}



Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

#9 magcrew

magcrew
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 05 April 2012 - 04:52 PM

It is still there



ComboFix 12-04-04.02 - User 04/05/2012 17:28:09.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2030.1541 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\ComboFix-1.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: Best Virus Protection *Enabled/Updated* {89553CAB-B403-47D6-A552-9C899B552C5D}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
FW: Best Virus Protection *Enabled* {73B2A6D5-2A85-4542-A9AC-3D6C5B9912B8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
.
.
2012-04-05 21:24 . 2012-04-05 21:24 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6ED6CB45-CC8C-4C80-9296-46FC6E690DED}\offreg.dll
2012-04-05 12:54 . 2012-04-05 12:54 -------- d-----w- c:\program files\MSECache
2012-04-05 12:50 . 2012-04-05 12:50 -------- d-----w- c:\program files\QuickTime
2012-04-05 12:50 . 2012-04-05 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2012-04-05 12:47 . 2012-04-05 12:47 -------- d-----w- c:\program files\Common Files\Java
2012-04-05 12:47 . 2012-04-05 12:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-05 12:47 . 2012-04-05 12:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-05 12:44 . 2012-04-05 12:44 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-05 12:39 . 2012-04-05 12:39 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Secunia PSI
2012-04-05 12:39 . 2012-04-05 12:39 -------- d-----w- c:\program files\Secunia
2012-04-05 12:35 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6ED6CB45-CC8C-4C80-9296-46FC6E690DED}\mpengine.dll
2012-04-04 22:52 . 2012-04-04 22:53 -------- d-----w- C:\ComboFix-1
2012-04-03 18:16 . 2012-04-03 18:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 00:07 . 2012-04-03 00:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-04-02 20:23 . 2008-04-14 06:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-03-29 02:36 . 2010-12-02 15:33 69392 ------w- c:\windows\system32\drivers\TfSysMon.sys
2012-03-29 02:36 . 2010-12-02 15:33 51984 ------w- c:\windows\system32\drivers\TfFsMon.sys
2012-03-29 02:36 . 2010-12-02 15:33 33552 ------w- c:\windows\system32\drivers\TfNetMon.sys
2012-03-29 00:52 . 2012-03-29 00:52 110080 ----a-w- c:\documents and settings\User\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe
2012-03-29 00:52 . 2012-03-29 00:52 110080 ----a-w- c:\documents and settings\User\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe
2012-03-29 00:52 . 2012-03-29 00:52 110080 ----a-w- c:\documents and settings\User\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe
2012-03-29 00:52 . 2012-03-29 00:52 -------- d-----w- C:\sh4ldr
2012-03-29 00:52 . 2012-03-29 00:52 -------- d-----w- c:\program files\Enigma Software Group
2012-03-29 00:51 . 2012-03-29 00:52 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-29 00:51 . 2012-03-29 00:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-03-28 18:24 . 2012-03-28 18:24 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Threat Expert
2012-03-28 16:50 . 2010-12-09 14:48 1996752 ----a-w- c:\windows\PCTBDCore.dll
2012-03-28 16:50 . 2010-12-03 19:34 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-03-28 16:50 . 2010-12-03 19:34 1533904 ----a-w- c:\windows\PCTBDRes.dll
2012-03-28 16:50 . 2010-12-03 19:34 767952 ----a-w- c:\windows\BDTSupport.dll
2012-03-28 16:38 . 2008-04-14 04:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-03-28 16:38 . 2008-04-14 04:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-03-28 14:03 . 2010-07-16 18:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-03-28 14:03 . 2010-07-16 18:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-03-28 14:03 . 2010-11-17 14:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-03-28 14:03 . 2010-11-25 14:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-03-28 14:03 . 2010-11-25 14:43 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-03-28 14:02 . 2010-11-25 14:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-03-28 14:02 . 2012-03-28 14:06 -------- d-----w- c:\program files\Common Files\PC Tools
2012-03-28 14:02 . 2012-04-02 13:10 -------- d-----w- c:\program files\PC Tools Security
2012-03-28 14:02 . 2012-03-29 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-03-28 14:02 . 2012-03-28 14:02 -------- d-----w- c:\documents and settings\User\Application Data\PC Tools
2012-03-27 21:06 . 2012-03-27 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F3B000435DB0C0B2FB9D151FC4E
2012-03-27 19:53 . 2012-03-30 15:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-03-27 14:15 . 2012-03-27 14:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-03-26 12:13 . 2012-03-26 12:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-03-20 12:03 . 2012-03-20 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\BVNJTOBZRP
2012-03-20 12:03 . 2012-03-27 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\fb4149
2012-03-19 12:40 . 2012-03-19 12:40 41680 ----a-w- c:\windows\system32\drivers\epbqnqpm.sys
2012-03-16 17:18 . 2012-04-02 12:18 -------- d-----w- c:\documents and settings\User\Application Data\PC Cleaners
2012-03-16 17:18 . 2012-03-19 15:57 -------- d-----w- c:\documents and settings\User\Application Data\PCPro
2012-03-16 17:18 . 2012-03-16 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 12:44 . 2012-01-04 21:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-16 17:17 . 2009-01-21 17:43 5276432 ----a-w- c:\windows\uninst.exe
2012-03-14 02:15 . 2011-10-17 19:05 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-10-17 19:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 19:06 . 2012-02-15 18:05 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2009-01-15 15:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-02_20.44.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-05 21:24 . 2012-04-05 21:24 16384 c:\windows\temp\Perflib_Perfdata_68c.dat
+ 2006-02-28 12:00 . 2012-04-05 21:28 80560 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2012-04-02 20:29 80560 c:\windows\system32\perfc009.dat
+ 2010-09-01 08:30 . 2010-09-01 08:30 15544 c:\windows\system32\drivers\psi_mf.sys
+ 2012-04-05 12:42 . 2012-04-05 12:42 81920 c:\windows\Installer\{F9D28ACF-D568-4D4C-9601-2ECEE27479A3}\ARPPRODUCTICON.exe
+ 2012-04-05 12:54 . 2012-04-05 12:54 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
- 2006-02-28 12:00 . 2012-04-02 20:29 484164 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2012-04-05 21:28 484164 c:\windows\system32\perfh009.dat
+ 2012-04-05 12:44 . 2012-04-05 12:44 353440 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
+ 2012-04-05 12:44 . 2012-04-05 12:44 424608 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.dll
+ 2012-04-05 12:42 . 2012-04-05 12:42 245408 c:\windows\system32\Macromed\Flash\FlashUtil10zb_Plugin.exe
+ 2012-04-05 12:44 . 2012-04-05 12:44 253600 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-05 12:47 . 2012-04-05 12:47 157472 c:\windows\system32\javaws.exe
+ 2012-04-05 12:47 . 2012-04-05 12:47 149280 c:\windows\system32\javaw.exe
+ 2012-04-05 12:47 . 2012-04-05 12:47 149280 c:\windows\system32\java.exe
+ 2012-04-05 12:54 . 2012-04-05 12:54 360448 c:\windows\Installer\19b4b1.msi
+ 2012-04-05 12:47 . 2012-04-05 12:47 203776 c:\windows\Installer\19b203.msi
+ 2012-04-05 12:47 . 2012-04-05 12:47 902656 c:\windows\Installer\19b1fe.msi
+ 2011-06-06 16:55 . 2011-06-06 16:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2009-10-28 03:40 . 2012-04-05 12:42 6277280 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2012-04-05 13:10 . 2012-04-05 13:10 2295808 c:\windows\Installer\73a2e.msi
+ 2012-04-05 12:50 . 2012-04-05 12:50 9474048 c:\windows\Installer\19b4a2.msi
+ 2012-04-05 12:42 . 2012-04-05 12:42 1093632 c:\windows\Installer\19af93.msi
+ 2011-06-06 16:55 . 2011-06-06 16:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 16:55 . 2011-06-06 16:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-01-03 17:44 . 2012-01-03 17:44 15929344 c:\windows\Installer\73a2f.msp
+ 2012-01-03 17:44 . 2012-01-03 17:44 15929344 c:\windows\Installer\19b4b3.msp
+ 2011-06-06 16:55 . 2011-06-06 16:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DtxQuickLaunch.exe"="c:\program files\Dentrix\DtxQuickLaunch.exe" [2010-11-11 89240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-24 1044480]
"OATSWALLPAPER"="c:\original\BgInfo\Bginfo.exe" [2009-01-16 845864]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
PA Manager.lnk - c:\program files\Dentrixold\PAMgr.exe [2009-11-23 852480]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-6-12 622653]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2006-04-27 16:30 53248 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eSync Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eSync Reminder.lnk
backup=c:\windows\pss\eSync Reminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
backup=c:\windows\pss\SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WebSync Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WebSync Reminder.lnk
backup=c:\windows\pss\WebSync Reminder.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech BT Wizard]
LBTWiz.exe -silent [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-12-01 18:49 1589208 ----a-w- c:\program files\PC Tools Security\pctsGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2005-12-20 23:38 28160 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTools FGuard]
2010-12-03 19:34 108496 ----a-w- c:\program files\PC Tools Security\BDT\FGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
2012-01-18 10:22 4767648 ----a-w- c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 18:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/28/2012 10:03 AM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [3/28/2012 10:03 AM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [3/28/2012 10:03 AM 656320]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [1/15/2009 11:50 AM 24064]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [3/28/2012 10:36 PM 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [3/28/2012 10:36 PM 69392]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/28/2012 10:03 AM 249616]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [3/28/2012 12:50 PM 247760]
R2 GuruLELicensing;Guru Limited Edition Licensing;c:\program files\Guru Limited Edition Server\GuruLEService.exe [4/28/2008 8:53 PM 60416]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 2:01 AM 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 2:01 AM 399416]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [1/15/2009 12:00 PM 2054680]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [1/15/2009 12:00 PM 144480]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2012 5:07 PM 136176]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1/18/2012 6:21 AM 737184]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 8:44 AM 253600]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [5/6/2011 3:57 PM 13904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2012 5:07 PM 136176]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [3/28/2012 10:02 AM 70536]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [3/28/2012 10:02 AM 366840]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [3/28/2012 10:36 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lvpr2mon
Wtcls2k
InCDsrvR
nwlnknb
midisyn
axsaki
SE2Bbus
MA-620
teefer
pavagente
whoisd32
int15
Memctl
smservaz
{834170a7-af3b-4d34-a757-e05eb29ee96d}
usbatapi2000
tdcmdpst
ikhfile
FET5X86V
msi_wlan_service
CdaD10BA
cdfsvc
xcomm
netwg311
Via4in1
USB_RNDIS
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 12:44]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-04 21:07]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-04 21:07]
.
2012-04-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.henryschein.com/Default.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-05 17:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'lsass.exe'(804)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(1672)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-05 17:40:28
ComboFix-quarantined-files.txt 2012-04-05 21:40
ComboFix2.txt 2012-04-05 20:49
ComboFix3.txt 2012-04-05 12:33
ComboFix4.txt 2012-04-04 14:25
ComboFix5.txt 2012-04-05 21:27
.
Pre-Run: 42,961,833,984 bytes free
Post-Run: 42,943,815,680 bytes free
.
- - End Of File - - 19F5BAC00F6F68B3DC3551445EA38FF4

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 AM

Posted 06 April 2012 - 09:45 AM

We must also take care of PC Cleaner Pro.

AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Best Virus Protection *Enabled/Updated* {89553CAB-B403-47D6-A552-9C899B552C5D}
FW: Best Virus Protection *Enabled* {73B2A6D5-2A85-4542-A9AC-3D6C5B9912B8}


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :regfind
    {737A8864-C2D9-4337-B49A-B5E35815B9BB}
    {89553CAB-B403-47D6-A552-9C899B552C5D}
    {73B2A6D5-2A85-4542-A9AC-3D6C5B9912B8}

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#11 magcrew

magcrew
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 07 April 2012 - 12:55 PM

Attached File  SystemLook.txt   740bytes   2 downloads

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 AM

Posted 07 April 2012 - 01:09 PM

If you remove the curly brackets {} do you see any of them?

:regfind
737A8864-C2D9-4337-B49A-B5E35815B9BB
89553CAB-B403-47D6-A552-9C899B552C5D
73B2A6D5-2A85-4542-A9AC-3D6C5B9912B8

These items in the registry may be set as superhidden files.
Run this.


This is only for XP or 2000 systems
  • Run this registry script, which forces Windows to show so called "superhidden" files:
  • Copy the contents of the Quote box to Notepad, and save in a location of your choice as Unhide.reg (make sure to save as type: "All Files")
  • Doubleclick Unhide.reg, and answer 'yes' when prompted to add its contents to the Registry.
  • Restart your computer.



Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"SearchSystemDirs"=dword:00000001
"SearchHidden"=dword:00000001
"IncludeSubFolders"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
"ShowSuperHidden"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden]
"DefaultValue"=dword:00000001


Delete the Unhide.reg file after the restart.

Any luck?

#13 magcrew

magcrew
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 07 April 2012 - 04:33 PM

Hi

I added the extra into the reg and restarted the computer

I checked again combo fix and it said it is still running "best virus protection"

I ran the system look program with and without the { } - no luck

Before I contacted you I was running some other program that said the MBR was changed if that helps

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 AM

Posted 08 April 2012 - 08:07 AM

Run the two tools suggested in post No. 2.

Post the logs.

#15 magcrew

magcrew
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 09 April 2012 - 08:10 AM

Here are the logs

combo fix still shows "best virus protection" running




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-03 14:19:27
-----------------------------
14:19:27.890 OS Version: Windows 5.1.2600 Service Pack 3
14:19:27.890 Number of processors: 2 586 0x170A
14:19:27.890 ComputerName: WORKSTATION11 UserName: User
14:19:28.203 Initialize success
14:20:40.671 AVAST engine download error: 0
14:22:05.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:22:05.640 Disk 0 Vendor: SAMSUNG_ 1AC0 Size: 76293MB BusType: 3
14:22:05.656 Disk 0 MBR read successfully
14:22:05.656 Disk 0 MBR scan
14:22:05.656 Disk 0 Windows XP default MBR code
14:22:05.656 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
14:22:05.671 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76222 MB offset 128520
14:22:05.671 Disk 0 scanning sectors +156232125
14:22:05.734 Disk 0 scanning C:\WINDOWS\system32\drivers
14:22:11.250 Service scanning
14:22:15.687 Service MpKsl09e4160d c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{374BE867-662F-44A5-8279-B2D00C76B2A6}\MpKsl09e4160d.sys **LOCKED** 32
14:22:20.531 Modules scanning
14:22:24.109 Disk 0 trace - called modules:
14:22:24.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys iaStor.sys hal.dll
14:22:24.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a545ab8]
14:22:24.125 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x89bc8348]
14:22:24.125 5 PCTCore.sys[b9dd3099] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x89fc9028]
14:22:24.125 Scan finished successfully
14:22:41.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
14:22:41.812 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"




08:34:23.0421 3708 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
08:34:23.0421 3708 ============================================================
08:34:23.0421 3708 Current date / time: 2012/04/09 08:34:23.0421
08:34:23.0421 3708 SystemInfo:
08:34:23.0421 3708
08:34:23.0421 3708 OS Version: 5.1.2600 ServicePack: 3.0
08:34:23.0421 3708 Product type: Workstation
08:34:23.0421 3708 ComputerName: WORKSTATION11
08:34:23.0421 3708 UserName: User
08:34:23.0421 3708 Windows directory: C:\WINDOWS
08:34:23.0421 3708 System windows directory: C:\WINDOWS
08:34:23.0421 3708 Processor architecture: Intel x86
08:34:23.0421 3708 Number of processors: 2
08:34:23.0421 3708 Page size: 0x1000
08:34:23.0421 3708 Boot type: Normal boot
08:34:23.0421 3708 ============================================================
08:34:23.0718 3708 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:34:23.0718 3708 Drive \Device\Harddisk1\DR3 - Size: 0x7A1FC000 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:34:23.0718 3708 \Device\Harddisk0\DR0:
08:34:23.0734 3708 MBR used
08:34:23.0734 3708 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x94DF3B5
08:34:23.0734 3708 \Device\Harddisk1\DR3:
08:34:23.0734 3708 MBR used
08:34:23.0734 3708 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3D0FA1
08:34:23.0796 3708 Initialize success
08:34:23.0796 3708 ============================================================
08:34:29.0546 3748 ============================================================
08:34:29.0546 3748 Scan started
08:34:29.0546 3748 Mode: Manual;
08:34:29.0546 3748 ============================================================
08:34:29.0656 3748 Abiosdsk - ok
08:34:29.0656 3748 abp480n5 - ok
08:34:29.0703 3748 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:34:29.0703 3748 ACPI - ok
08:34:29.0781 3748 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:34:29.0781 3748 ACPIEC - ok
08:34:29.0812 3748 ADIHdAudAddService (d80d1d73d1dbf38d0afe692c8bdc939a) C:\WINDOWS\system32\drivers\ADIHdAud.sys
08:34:29.0812 3748 ADIHdAudAddService - ok
08:34:29.0875 3748 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:34:29.0890 3748 AdobeFlashPlayerUpdateSvc - ok
08:34:29.0890 3748 adpu160m - ok
08:34:29.0921 3748 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:34:29.0937 3748 aec - ok
08:34:29.0968 3748 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:34:29.0968 3748 AFD - ok
08:34:29.0984 3748 Aha154x - ok
08:34:30.0000 3748 aic78u2 - ok
08:34:30.0000 3748 aic78xx - ok
08:34:30.0031 3748 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:34:30.0031 3748 Alerter - ok
08:34:30.0046 3748 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:34:30.0046 3748 ALG - ok
08:34:30.0046 3748 AliIde - ok
08:34:30.0062 3748 amsint - ok
08:34:30.0093 3748 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
08:34:30.0093 3748 AppMgmt - ok
08:34:30.0109 3748 asc - ok
08:34:30.0109 3748 asc3350p - ok
08:34:30.0125 3748 asc3550 - ok
08:34:30.0187 3748 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:34:30.0187 3748 aspnet_state - ok
08:34:30.0203 3748 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:34:30.0203 3748 AsyncMac - ok
08:34:30.0218 3748 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:34:30.0234 3748 atapi - ok
08:34:30.0234 3748 Atdisk - ok
08:34:30.0265 3748 Ati HotKey Poller (6a35387e02b57062b8eb1bac131116e6) C:\WINDOWS\system32\Ati2evxx.exe
08:34:30.0265 3748 Ati HotKey Poller - ok
08:34:30.0296 3748 ATI Smart (d60e9129bd6b8507e277f46ac773792b) C:\WINDOWS\system32\ati2sgag.exe
08:34:30.0296 3748 ATI Smart - ok
08:34:30.0375 3748 ati2mtag (fb3f4c60d58d11fb7c7cec927315b0ae) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:34:30.0390 3748 ati2mtag - ok
08:34:30.0406 3748 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:34:30.0406 3748 Atmarpc - ok
08:34:30.0437 3748 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:34:30.0437 3748 AudioSrv - ok
08:34:30.0468 3748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:34:30.0468 3748 audstub - ok
08:34:30.0500 3748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:34:30.0500 3748 Beep - ok
08:34:30.0562 3748 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:34:30.0609 3748 BITS - ok
08:34:30.0656 3748 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:34:30.0656 3748 Browser - ok
08:34:30.0718 3748 Browser Defender Update Service (703a815f29fbd618d1a516bf5335bc1a) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
08:34:30.0718 3748 Browser Defender Update Service - ok
08:34:30.0765 3748 btaudio (75f2f99751005d1dd9afcd599e2bf544) C:\WINDOWS\system32\drivers\btaudio.sys
08:34:30.0765 3748 btaudio - ok
08:34:30.0812 3748 BTDriver (ed53d949fca98b9f633f4dce97b1d859) C:\WINDOWS\system32\DRIVERS\btport.sys
08:34:30.0812 3748 BTDriver - ok
08:34:30.0859 3748 BTKRNL (1a8a1d4dc2cf946eecdb7ffc853bdc1d) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
08:34:30.0859 3748 BTKRNL - ok
08:34:30.0890 3748 btwdins (de1ce8c16dcbbbb17f92ba5c383e58ad) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
08:34:30.0890 3748 btwdins - ok
08:34:30.0906 3748 btwhid (8f9ecc34280dbe5f2df32cd7cf2aa439) C:\WINDOWS\system32\DRIVERS\btwhid.sys
08:34:30.0921 3748 btwhid - ok
08:34:30.0937 3748 BTWUSB (65d626c2f030a9555b716efaa1cfb4ba) C:\WINDOWS\system32\Drivers\btwusb.sys
08:34:30.0937 3748 BTWUSB - ok
08:34:31.0000 3748 catchme - ok
08:34:31.0031 3748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:34:31.0031 3748 cbidf2k - ok
08:34:31.0046 3748 cd20xrnt - ok
08:34:31.0062 3748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:34:31.0062 3748 Cdaudio - ok
08:34:31.0078 3748 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:34:31.0078 3748 Cdfs - ok
08:34:31.0093 3748 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:34:31.0093 3748 Cdrom - ok
08:34:31.0109 3748 Changer - ok
08:34:31.0140 3748 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:34:31.0140 3748 CiSvc - ok
08:34:31.0187 3748 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:34:31.0187 3748 ClipSrv - ok
08:34:31.0218 3748 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:34:31.0218 3748 clr_optimization_v2.0.50727_32 - ok
08:34:31.0296 3748 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:34:31.0296 3748 clr_optimization_v4.0.30319_32 - ok
08:34:31.0296 3748 CmdIde - ok
08:34:31.0312 3748 COMSysApp - ok
08:34:31.0328 3748 Cpqarray - ok
08:34:31.0359 3748 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:34:31.0359 3748 CryptSvc - ok
08:34:31.0359 3748 dac2w2k - ok
08:34:31.0375 3748 dac960nt - ok
08:34:31.0406 3748 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:34:31.0406 3748 DcomLaunch - ok
08:34:31.0437 3748 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:34:31.0437 3748 Dhcp - ok
08:34:31.0468 3748 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:34:31.0468 3748 Disk - ok
08:34:31.0468 3748 dmadmin - ok
08:34:31.0500 3748 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:34:31.0515 3748 dmboot - ok
08:34:31.0515 3748 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:34:31.0531 3748 dmio - ok
08:34:31.0546 3748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:34:31.0546 3748 dmload - ok
08:34:31.0578 3748 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:34:31.0578 3748 dmserver - ok
08:34:31.0609 3748 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:34:31.0609 3748 DMusic - ok
08:34:31.0640 3748 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:34:31.0640 3748 Dnscache - ok
08:34:31.0671 3748 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:34:31.0671 3748 Dot3svc - ok
08:34:31.0687 3748 dpti2o - ok
08:34:31.0687 3748 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:34:31.0687 3748 drmkaud - ok
08:34:31.0734 3748 e1kexpress (d60759140694150360bbefd9cab7c920) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
08:34:31.0734 3748 e1kexpress - ok
08:34:31.0750 3748 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:34:31.0750 3748 EapHost - ok
08:34:31.0765 3748 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:34:31.0765 3748 ERSvc - ok
08:34:31.0828 3748 esgiguard (2407b8164e966755bc6a4242fc9de31e) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
08:34:31.0828 3748 esgiguard - ok
08:34:31.0843 3748 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:34:31.0859 3748 Eventlog - ok
08:34:31.0875 3748 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
08:34:31.0890 3748 EventSystem - ok
08:34:31.0906 3748 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:34:31.0921 3748 Fastfat - ok
08:34:31.0953 3748 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:34:31.0953 3748 FastUserSwitchingCompatibility - ok
08:34:31.0968 3748 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:34:31.0968 3748 Fdc - ok
08:34:31.0984 3748 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:34:31.0984 3748 Fips - ok
08:34:32.0000 3748 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:34:32.0000 3748 Flpydisk - ok
08:34:32.0015 3748 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:34:32.0015 3748 FltMgr - ok
08:34:32.0078 3748 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:34:32.0078 3748 FontCache3.0.0.0 - ok
08:34:32.0093 3748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:34:32.0093 3748 Fs_Rec - ok
08:34:32.0093 3748 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:34:32.0109 3748 Ftdisk - ok
08:34:32.0109 3748 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:34:32.0125 3748 Gpc - ok
08:34:32.0187 3748 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:34:32.0187 3748 gupdate - ok
08:34:32.0187 3748 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:34:32.0187 3748 gupdatem - ok
08:34:32.0218 3748 GuruLELicensing (d2e3adf5f2d4b4b8ba25283ffc241d38) C:\Program Files\Guru Limited Edition Server\GuruLEService.exe
08:34:32.0218 3748 GuruLELicensing - ok
08:34:32.0234 3748 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:34:32.0250 3748 HDAudBus - ok
08:34:32.0265 3748 HECI (e4a123ad734a3731d29ebd3a01b3e535) C:\WINDOWS\system32\DRIVERS\HECI.sys
08:34:32.0265 3748 HECI - ok
08:34:32.0296 3748 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:34:32.0296 3748 helpsvc - ok
08:34:32.0312 3748 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
08:34:32.0312 3748 HidServ - ok
08:34:32.0343 3748 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:34:32.0343 3748 hidusb - ok
08:34:32.0375 3748 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:34:32.0375 3748 hkmsvc - ok
08:34:32.0453 3748 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
08:34:32.0453 3748 HP Port Resolver - ok
08:34:32.0468 3748 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
08:34:32.0468 3748 HP Status Server - ok
08:34:32.0468 3748 hpn - ok
08:34:32.0515 3748 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:34:32.0515 3748 HTTP - ok
08:34:32.0546 3748 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:34:32.0546 3748 HTTPFilter - ok
08:34:32.0562 3748 i2omgmt - ok
08:34:32.0562 3748 i2omp - ok
08:34:32.0578 3748 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
08:34:32.0578 3748 i8042prt - ok
08:34:32.0609 3748 iaStor (6c44fa574a17b31e12ddbbe973171728) C:\WINDOWS\system32\DRIVERS\iaStor.sys
08:34:32.0609 3748 iaStor - ok
08:34:32.0671 3748 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:34:32.0671 3748 IDriverT - ok
08:34:32.0781 3748 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:34:32.0781 3748 idsvc - ok
08:34:32.0843 3748 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:34:32.0843 3748 Imapi - ok
08:34:32.0875 3748 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:34:32.0890 3748 ImapiService - ok
08:34:32.0921 3748 ini910u - ok
08:34:32.0953 3748 IntelIde - ok
08:34:32.0968 3748 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:34:32.0968 3748 intelppm - ok
08:34:32.0984 3748 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:34:32.0984 3748 Ip6Fw - ok
08:34:33.0015 3748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:34:33.0015 3748 IpFilterDriver - ok
08:34:33.0031 3748 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:34:33.0031 3748 IpInIp - ok
08:34:33.0062 3748 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:34:33.0062 3748 IpNat - ok
08:34:33.0078 3748 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:34:33.0078 3748 IPSec - ok
08:34:33.0093 3748 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:34:33.0093 3748 IRENUM - ok
08:34:33.0109 3748 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:34:33.0109 3748 isapnp - ok
08:34:33.0218 3748 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
08:34:33.0218 3748 JavaQuickStarterService - ok
08:34:33.0250 3748 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:34:33.0250 3748 Kbdclass - ok
08:34:33.0250 3748 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:34:33.0265 3748 kbdhid - ok
08:34:33.0265 3748 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:34:33.0281 3748 kmixer - ok
08:34:33.0296 3748 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:34:33.0296 3748 KSecDD - ok
08:34:33.0328 3748 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:34:33.0328 3748 lanmanserver - ok
08:34:33.0343 3748 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:34:33.0343 3748 lanmanworkstation - ok
08:34:33.0359 3748 lbrtfdc - ok
08:34:33.0390 3748 LBTServ (bac3e78fff4044c90a98fbdd5f878efa) C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
08:34:33.0390 3748 LBTServ - ok
08:34:33.0421 3748 LHidKe (952c825c2a3014d4d1648309c42d8718) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
08:34:33.0421 3748 LHidKe - ok
08:34:33.0453 3748 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:34:33.0453 3748 LmHosts - ok
08:34:33.0468 3748 LMouKE (bb9cc32385c3320074009fe4b9b3b3b6) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
08:34:33.0468 3748 LMouKE - ok
08:34:33.0468 3748 LMS (4c9407a6550a031b4b42e68795a5c84d) C:\Program Files\Intel\AMT\LMS.exe
08:34:33.0468 3748 LMS - ok
08:34:33.0484 3748 lvpr2mon - ok
08:34:33.0531 3748 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
08:34:33.0531 3748 MDM - ok
08:34:33.0562 3748 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:34:33.0562 3748 Messenger - ok
08:34:33.0593 3748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:34:33.0593 3748 mnmdd - ok
08:34:33.0640 3748 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
08:34:33.0640 3748 mnmsrvc - ok
08:34:33.0687 3748 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:34:33.0687 3748 Modem - ok
08:34:33.0734 3748 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:34:33.0734 3748 Mouclass - ok
08:34:33.0750 3748 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:34:33.0750 3748 mouhid - ok
08:34:33.0750 3748 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:34:33.0750 3748 MountMgr - ok
08:34:33.0765 3748 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
08:34:33.0765 3748 MpFilter - ok
08:34:33.0781 3748 mraid35x - ok
08:34:33.0796 3748 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:34:33.0812 3748 MRxDAV - ok
08:34:33.0828 3748 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:34:33.0843 3748 MRxSmb - ok
08:34:33.0875 3748 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
08:34:33.0875 3748 MSDTC - ok
08:34:33.0890 3748 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:34:33.0890 3748 Msfs - ok
08:34:33.0890 3748 MSIServer - ok
08:34:33.0937 3748 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:34:33.0937 3748 MSKSSRV - ok
08:34:34.0000 3748 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
08:34:34.0000 3748 MsMpSvc - ok
08:34:34.0000 3748 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:34:34.0000 3748 MSPCLOCK - ok
08:34:34.0015 3748 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:34:34.0015 3748 MSPQM - ok
08:34:34.0031 3748 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:34:34.0031 3748 mssmbios - ok
08:34:34.0046 3748 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:34:34.0046 3748 Mup - ok
08:34:34.0078 3748 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:34:34.0093 3748 napagent - ok
08:34:34.0109 3748 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:34:34.0109 3748 NDIS - ok
08:34:34.0125 3748 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:34:34.0125 3748 NdisTapi - ok
08:34:34.0140 3748 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:34:34.0156 3748 Ndisuio - ok
08:34:34.0156 3748 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:34:34.0156 3748 NdisWan - ok
08:34:34.0187 3748 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:34:34.0187 3748 NDProxy - ok
08:34:34.0187 3748 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:34:34.0187 3748 NetBIOS - ok
08:34:34.0203 3748 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:34:34.0203 3748 NetBT - ok
08:34:34.0234 3748 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:34:34.0234 3748 NetDDE - ok
08:34:34.0234 3748 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:34:34.0250 3748 NetDDEdsdm - ok
08:34:34.0281 3748 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:34:34.0281 3748 Netlogon - ok
08:34:34.0296 3748 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:34:34.0296 3748 Netman - ok
08:34:34.0375 3748 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:34:34.0390 3748 NetTcpPortSharing - ok
08:34:34.0421 3748 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:34:34.0421 3748 Nla - ok
08:34:34.0437 3748 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:34:34.0437 3748 Npfs - ok
08:34:34.0453 3748 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:34:34.0453 3748 Ntfs - ok
08:34:34.0484 3748 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:34:34.0484 3748 NtLmSsp - ok
08:34:34.0531 3748 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:34:34.0531 3748 NtmsSvc - ok
08:34:34.0562 3748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:34:34.0562 3748 Null - ok
08:34:34.0593 3748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:34:34.0593 3748 NwlnkFlt - ok
08:34:34.0609 3748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:34:34.0609 3748 NwlnkFwd - ok
08:34:34.0687 3748 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:34:34.0703 3748 odserv - ok
08:34:34.0734 3748 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:34:34.0734 3748 ose - ok
08:34:34.0765 3748 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:34:34.0765 3748 Parport - ok
08:34:34.0781 3748 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:34:34.0796 3748 PartMgr - ok
08:34:34.0812 3748 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:34:34.0812 3748 ParVdm - ok
08:34:34.0828 3748 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
08:34:34.0828 3748 PBADRV - ok
08:34:34.0843 3748 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:34:34.0843 3748 PCI - ok
08:34:34.0843 3748 PCIDump - ok
08:34:34.0859 3748 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:34:34.0859 3748 PCIIde - ok
08:34:34.0875 3748 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:34:34.0890 3748 Pcmcia - ok
08:34:34.0906 3748 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\WINDOWS\system32\drivers\PCTCore.sys
08:34:34.0906 3748 PCTCore - ok
08:34:34.0921 3748 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
08:34:34.0921 3748 pctDS - ok
08:34:34.0937 3748 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
08:34:34.0937 3748 pctEFA - ok
08:34:34.0953 3748 pctgntdi (b76c829f00b9b534405b4ed5f58b8f52) C:\WINDOWS\system32\drivers\pctgntdi.sys
08:34:34.0953 3748 pctgntdi - ok
08:34:34.0984 3748 pctplsg (c5c488e6232b29f5744b8f7988a20730) C:\WINDOWS\system32\drivers\pctplsg.sys
08:34:34.0984 3748 pctplsg - ok
08:34:35.0000 3748 PDCOMP - ok
08:34:35.0000 3748 PDFRAME - ok
08:34:35.0000 3748 PDRELI - ok
08:34:35.0015 3748 PDRFRAME - ok
08:34:35.0015 3748 perc2 - ok
08:34:35.0015 3748 perc2hib - ok
08:34:35.0062 3748 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:34:35.0062 3748 PlugPlay - ok
08:34:35.0078 3748 Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\WINDOWS\system32\HPZipm12.dll
08:34:35.0093 3748 Pml Driver HPZ12 - ok
08:34:35.0093 3748 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:34:35.0093 3748 PolicyAgent - ok
08:34:35.0125 3748 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:34:35.0125 3748 PptpMiniport - ok
08:34:35.0125 3748 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:34:35.0125 3748 ProtectedStorage - ok
08:34:35.0125 3748 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:34:35.0140 3748 PSched - ok
08:34:35.0156 3748 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
08:34:35.0156 3748 PSI - ok
08:34:35.0171 3748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:34:35.0171 3748 Ptilink - ok
08:34:35.0203 3748 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:34:35.0203 3748 PxHelp20 - ok
08:34:35.0203 3748 ql1080 - ok
08:34:35.0203 3748 Ql10wnt - ok
08:34:35.0218 3748 ql12160 - ok
08:34:35.0234 3748 ql1240 - ok
08:34:35.0250 3748 ql1280 - ok
08:34:35.0265 3748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:34:35.0265 3748 RasAcd - ok
08:34:35.0281 3748 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:34:35.0296 3748 RasAuto - ok
08:34:35.0312 3748 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:34:35.0312 3748 Rasl2tp - ok
08:34:35.0328 3748 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:34:35.0343 3748 RasMan - ok
08:34:35.0343 3748 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:34:35.0343 3748 RasPppoe - ok
08:34:35.0359 3748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:34:35.0359 3748 Raspti - ok
08:34:35.0375 3748 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:34:35.0375 3748 Rdbss - ok
08:34:35.0390 3748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:34:35.0390 3748 RDPCDD - ok
08:34:35.0390 3748 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:34:35.0406 3748 rdpdr - ok
08:34:35.0421 3748 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
08:34:35.0437 3748 RDPWD - ok
08:34:35.0453 3748 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:34:35.0468 3748 RDSessMgr - ok
08:34:35.0515 3748 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:34:35.0515 3748 redbook - ok
08:34:35.0546 3748 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:34:35.0546 3748 RemoteAccess - ok
08:34:35.0609 3748 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
08:34:35.0609 3748 RemoteRegistry - ok
08:34:35.0625 3748 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
08:34:35.0625 3748 RpcLocator - ok
08:34:35.0656 3748 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
08:34:35.0671 3748 RpcSs - ok
08:34:35.0718 3748 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
08:34:35.0718 3748 RSVP - ok
08:34:35.0765 3748 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:34:35.0765 3748 SamSs - ok
08:34:35.0781 3748 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:34:35.0781 3748 SCardSvr - ok
08:34:35.0828 3748 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:34:35.0828 3748 Schedule - ok
08:34:35.0890 3748 sdAuxService (a1089ac7683826e6c7c9fab9723dd80f) C:\Program Files\PC Tools Security\pctsAuxs.exe
08:34:35.0890 3748 sdAuxService - ok
08:34:35.0937 3748 sdCoreService (ed6c2efeb47524bff4d5e5109fb1a2bb) C:\Program Files\PC Tools Security\pctsSvc.exe
08:34:35.0953 3748 sdCoreService - ok
08:34:36.0015 3748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:34:36.0015 3748 Secdrv - ok
08:34:36.0046 3748 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:34:36.0046 3748 seclogon - ok
08:34:36.0171 3748 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files\Secunia\PSI\PSIA.exe
08:34:36.0171 3748 Secunia PSI Agent - ok
08:34:36.0234 3748 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files\Secunia\PSI\sua.exe
08:34:36.0234 3748 Secunia Update Agent - ok
08:34:36.0250 3748 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:34:36.0250 3748 SENS - ok
08:34:36.0281 3748 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:34:36.0281 3748 serenum - ok
08:34:36.0296 3748 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:34:36.0296 3748 Serial - ok
08:34:36.0390 3748 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
08:34:36.0406 3748 SFAUDIO - ok
08:34:36.0406 3748 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:34:36.0406 3748 Sfloppy - ok
08:34:36.0437 3748 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:34:36.0453 3748 SharedAccess - ok
08:34:36.0468 3748 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:34:36.0484 3748 ShellHWDetection - ok
08:34:36.0484 3748 Simbad - ok
08:34:36.0500 3748 Sparrow - ok
08:34:36.0531 3748 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:34:36.0531 3748 splitter - ok
08:34:36.0562 3748 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:34:36.0562 3748 Spooler - ok
08:34:36.0625 3748 SpyHunter 4 Service (63f2b52947577dbb075fe646bc758a2f) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
08:34:36.0625 3748 SpyHunter 4 Service - ok
08:34:36.0656 3748 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:34:36.0656 3748 sr - ok
08:34:36.0687 3748 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:34:36.0687 3748 srservice - ok
08:34:36.0718 3748 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:34:36.0718 3748 Srv - ok
08:34:36.0750 3748 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:34:36.0750 3748 SSDPSRV - ok
08:34:36.0812 3748 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:34:36.0812 3748 stisvc - ok
08:34:36.0843 3748 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:34:36.0843 3748 swenum - ok
08:34:36.0859 3748 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:34:36.0859 3748 swmidi - ok
08:34:36.0859 3748 SwPrv - ok
08:34:36.0875 3748 symc810 - ok
08:34:36.0890 3748 symc8xx - ok
08:34:36.0890 3748 sym_hi - ok
08:34:36.0906 3748 sym_u3 - ok
08:34:36.0937 3748 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:34:36.0937 3748 sysaudio - ok
08:34:36.0968 3748 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:34:36.0984 3748 SysmonLog - ok
08:34:37.0015 3748 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:34:37.0031 3748 TapiSrv - ok
08:34:37.0062 3748 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:34:37.0062 3748 Tcpip - ok
08:34:37.0109 3748 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:34:37.0109 3748 TDPIPE - ok
08:34:37.0140 3748 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:34:37.0140 3748 TDTCP - ok
08:34:37.0187 3748 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:34:37.0187 3748 TermDD - ok
08:34:37.0203 3748 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:34:37.0218 3748 TermService - ok
08:34:37.0234 3748 TfFsMon (18d09508877e3f697866b39e9d0e6dcf) C:\WINDOWS\system32\drivers\TfFsMon.sys
08:34:37.0250 3748 TfFsMon - ok
08:34:37.0250 3748 TfNetMon (c657f352613d8e592efb54cc35f21f5e) C:\WINDOWS\system32\drivers\TfNetMon.sys
08:34:37.0250 3748 TfNetMon - ok
08:34:37.0265 3748 TFSysMon (71e3073419cfda8d60813c1502acc420) C:\WINDOWS\system32\drivers\TfSysMon.sys
08:34:37.0265 3748 TFSysMon - ok
08:34:37.0296 3748 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:34:37.0296 3748 Themes - ok
08:34:37.0359 3748 ThreatFire - ok
08:34:37.0390 3748 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
08:34:37.0390 3748 TlntSvr - ok
08:34:37.0421 3748 TosIde - ok
08:34:37.0437 3748 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:34:37.0437 3748 TrkWks - ok
08:34:37.0468 3748 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:34:37.0468 3748 Udfs - ok
08:34:37.0484 3748 ultra - ok
08:34:37.0546 3748 UNS (361d6713a0b6821b7a99439e70cebd4e) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
08:34:37.0562 3748 UNS - ok
08:34:37.0609 3748 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:34:37.0609 3748 Update - ok
08:34:37.0656 3748 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:34:37.0656 3748 upnphost - ok
08:34:37.0687 3748 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:34:37.0687 3748 UPS - ok
08:34:37.0734 3748 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:34:37.0734 3748 usbccgp - ok
08:34:37.0750 3748 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:34:37.0750 3748 usbehci - ok
08:34:37.0796 3748 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:34:37.0796 3748 usbhub - ok
08:34:37.0828 3748 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:34:37.0843 3748 usbprint - ok
08:34:37.0875 3748 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:34:37.0875 3748 USBSTOR - ok
08:34:37.0890 3748 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:34:37.0890 3748 usbuhci - ok
08:34:37.0921 3748 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:34:37.0937 3748 VgaSave - ok
08:34:37.0937 3748 ViaIde - ok
08:34:37.0953 3748 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:34:37.0953 3748 VolSnap - ok
08:34:38.0000 3748 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:34:38.0000 3748 VSS - ok
08:34:38.0031 3748 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:34:38.0031 3748 W32Time - ok
08:34:38.0046 3748 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:34:38.0046 3748 Wanarp - ok
08:34:38.0062 3748 WDICA - ok
08:34:38.0062 3748 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:34:38.0078 3748 wdmaud - ok
08:34:38.0078 3748 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:34:38.0078 3748 WebClient - ok
08:34:38.0125 3748 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:34:38.0125 3748 winmgmt - ok
08:34:38.0171 3748 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
08:34:38.0171 3748 WmdmPmSN - ok
08:34:38.0218 3748 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
08:34:38.0218 3748 Wmi - ok
08:34:38.0234 3748 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:34:38.0234 3748 WmiAcpi - ok
08:34:38.0265 3748 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:34:38.0265 3748 WmiApSrv - ok
08:34:38.0343 3748 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
08:34:38.0359 3748 WMPNetworkSvc - ok
08:34:38.0578 3748 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:34:38.0609 3748 WPFFontCache_v0400 - ok
08:34:38.0671 3748 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:34:38.0671 3748 WS2IFSL - ok
08:34:38.0703 3748 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
08:34:38.0703 3748 wscsvc - ok
08:34:38.0750 3748 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:34:38.0750 3748 wuauserv - ok
08:34:38.0781 3748 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:34:38.0781 3748 WudfPf - ok
08:34:38.0812 3748 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:34:38.0812 3748 WudfRd - ok
08:34:38.0828 3748 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
08:34:38.0828 3748 WudfSvc - ok
08:34:38.0859 3748 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:34:38.0875 3748 WZCSVC - ok
08:34:38.0906 3748 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:34:38.0906 3748 xmlprov - ok
08:34:38.0937 3748 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:34:39.0078 3748 \Device\Harddisk0\DR0 - ok
08:34:39.0078 3748 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
08:34:39.0078 3748 \Device\Harddisk1\DR3 - ok
08:34:39.0109 3748 Boot (0x1200) (a313c61338c893e7778688f5c0a1ce0a) \Device\Harddisk0\DR0\Partition0
08:34:39.0109 3748 \Device\Harddisk0\DR0\Partition0 - ok
08:34:39.0140 3748 Boot (0x1200) (dfd5ef53bc03b9ac8f8ab785297c79af) \Device\Harddisk1\DR3\Partition0
08:34:39.0140 3748 \Device\Harddisk1\DR3\Partition0 - ok
08:34:39.0156 3748 ============================================================
08:34:39.0156 3748 Scan finished
08:34:39.0156 3748 ============================================================
08:34:39.0218 3740 Detected object count: 0
08:34:39.0218 3740 Actual detected object count: 0
08:37:05.0812 3704 Deinitialize success

Attached Files

  • Attached File  MBR.zip   513bytes   0 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users