Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware or Runaway svchost?


  • Please log in to reply
12 replies to this topic

#1 svchostSkeptic

svchostSkeptic

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 09 April 2012 - 07:25 AM

I've been running Microsoft Security Essentials for some time now, and have generally been very pleased, but I'm worried now that I might have some malware despite MSE. I clicked on what looked like a legit link in an email from a friend, but it turned out to be less than legitimate. MSE didn't comlain, and I closed the web site. Around the same time the PC began performing poorly. This is a machine that the whole family uses, and no one is quite sure if the performance decline is truly correlated with my getting suckered by the email.

Since this started in the middle of the week, I've tried to roll back to various system restore points, but this did not help. I've used MSE to scan for viruses a number of times, but it reports no problems. I've also scanned with Spybot - Search & Destroy, which reported only tracking cookies.

I eventually found that a certain instance of svchost.exe was consuming as between 1 and 1.5 GB of memory! The machine has 2 GB of RAM, so this kind of memory use, along with all normal memory use, explains the performance problem.

Using Process Explorer I found that this svchost was hosting about 20 services. One by one I moved them to their own svchosts until I was able to isolate the hog. It's the Themes Service. It does not act up until the PC is connected to the LAN (I pulled the plug when I became suspicious), but once the network connection is established, that svchost starts claiming more and more memory. If I unplug the ethernet, it will release most of the memory. CPU usage is never much of an issue.

If I turn off the Themes service and plug the machine back into the network, a svchost with the DHCP service in it starts hogging memory. Looks like malware to me, but I haven't found other reports that appear to be the same.

Where do I go from here?


Dell Dimension 2400
Win XP Pro SP3
2.53GHz CPU
2GB RAM

MSE v 2.1.1116.0
Antimalware Client v 3.0.8402.0
Engine Version 1.1.8202.0
Antivirus definition: 1.123.1306.0
Antispyware definition: 1.123.1306.0

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:25 PM

Posted 09 April 2012 - 09:07 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 svchostSkeptic

svchostSkeptic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 09 April 2012 - 10:28 AM

I very much appreciate your fast response. Thank you.

TDSSKiller log follows. I did not instruct TDSSKiller to remove the objects it found. Should I let it take care of them?

I went to disable MSE in preparing to run GMER and found that it (MSE) is suddenly aware of threats that it somehow didn't find before. I did not ask MSE to remove the threats. They include the following:

Win64/Alureon.gen!F
Win64/Alureon.gen!J
DOS/Alureon.I.
Win32/Orsam!rts
more...

I don't know if I can trust MSE at this point, but I'm hesitant to turn it off in case it's actually doing its job and has suspended these guys like it says it has. Dare I turn it off in order to run GMER?





10:58:12.0781 2232 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37
10:58:12.0812 2232 ============================================================
10:58:12.0812 2232 Current date / time: 2012/04/09 10:58:12.0812
10:58:12.0812 2232 SystemInfo:
10:58:12.0812 2232
10:58:12.0812 2232 OS Version: 5.1.2600 ServicePack: 3.0
10:58:12.0812 2232 Product type: Workstation
10:58:12.0812 2232 ComputerName: BJP1
10:58:12.0812 2232 UserName: BnJ
10:58:12.0812 2232 Windows directory: C:\WINDOWS
10:58:12.0812 2232 System windows directory: C:\WINDOWS
10:58:12.0812 2232 Processor architecture: Intel x86
10:58:12.0812 2232 Number of processors: 1
10:58:12.0812 2232 Page size: 0x1000
10:58:12.0812 2232 Boot type: Normal boot
10:58:12.0812 2232 ============================================================
10:58:15.0312 2232 Drive \Device\Harddisk0\DR0 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1386, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:58:15.0328 2232 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:58:15.0359 2232 Drive \Device\Harddisk2\DR4 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:58:15.0359 2232 Drive \Device\Harddisk3\DR7 - Size: 0x79B00000 (1.90 Gb), SectorSize: 0x200, Cylinders: 0xF8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:58:15.0375 2232 \Device\Harddisk0\DR0:
10:58:15.0375 2232 MBR used
10:58:15.0375 2232 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4C8ED06
10:58:15.0375 2232 \Device\Harddisk1\DR1:
10:58:15.0375 2232 MBR used
10:58:15.0375 2232 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
10:58:15.0375 2232 \Device\Harddisk2\DR4:
10:58:15.0390 2232 MBR used
10:58:15.0390 2232 \Device\Harddisk2\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
10:58:15.0390 2232 \Device\Harddisk2\DR4\Partition1: MBR, Type 0x7, StartLBA 0x1D1C4581, BlocksNum 0x1D1C06C0
10:58:15.0390 2232 \Device\Harddisk3\DR7:
10:58:15.0390 2232 MBR used
10:58:15.0390 2232 \Device\Harddisk3\DR7\Partition0: MBR, Type 0xB, StartLBA 0xF0, BlocksNum 0x3CD710
10:58:15.0515 2232 Initialize success
10:58:15.0515 2232 ============================================================
10:58:43.0531 3684 ============================================================
10:58:43.0531 3684 Scan started
10:58:43.0531 3684 Mode: Manual; TDLFS;
10:58:43.0531 3684 ============================================================
10:58:43.0812 3684 Abiosdsk - ok
10:58:43.0843 3684 abp480n5 - ok
10:58:44.0015 3684 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:58:44.0015 3684 ACDaemon - ok
10:58:44.0156 3684 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:58:44.0171 3684 ACPI - ok
10:58:44.0250 3684 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:58:44.0250 3684 ACPIEC - ok
10:58:44.0343 3684 adpu160m - ok
10:58:44.0421 3684 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:58:44.0437 3684 aec - ok
10:58:44.0515 3684 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
10:58:44.0546 3684 Afc - ok
10:58:44.0609 3684 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:58:44.0640 3684 AFD - ok
10:58:44.0687 3684 Aha154x - ok
10:58:44.0718 3684 aic78u2 - ok
10:58:44.0765 3684 aic78xx - ok
10:58:44.0812 3684 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:58:44.0812 3684 Alerter - ok
10:58:44.0890 3684 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:58:44.0890 3684 ALG - ok
10:58:44.0968 3684 AliIde - ok
10:58:45.0000 3684 amsint - ok
10:58:45.0140 3684 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:58:45.0140 3684 Apple Mobile Device - ok
10:58:45.0250 3684 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
10:58:45.0265 3684 AppMgmt - ok
10:58:45.0375 3684 ArcCD (a82f1a1b09593c73efd02a59dc94920c) C:\WINDOWS\system32\drivers\ArcCD.sys
10:58:45.0421 3684 ArcCD - ok
10:58:45.0546 3684 ArcRec (1af9061b61741a912368ab4dc309d25e) C:\WINDOWS\system32\drivers\ArcRec.sys
10:58:45.0562 3684 ArcRec - ok
10:58:45.0640 3684 ArcUdfs (3ee9e41102a2c6b8f7dbad5d44abda05) C:\WINDOWS\system32\drivers\ArcUdfs.sys
10:58:45.0734 3684 ArcUdfs - ok
10:58:45.0781 3684 asc - ok
10:58:45.0828 3684 asc3350p - ok
10:58:45.0859 3684 asc3550 - ok
10:58:46.0031 3684 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:58:46.0125 3684 aspnet_state - ok
10:58:46.0234 3684 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:58:46.0234 3684 AsyncMac - ok
10:58:46.0328 3684 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:58:46.0328 3684 atapi - ok
10:58:46.0390 3684 Atdisk - ok
10:58:46.0468 3684 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:58:46.0468 3684 Atmarpc - ok
10:58:46.0546 3684 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:58:46.0546 3684 AudioSrv - ok
10:58:46.0625 3684 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:58:46.0640 3684 audstub - ok
10:58:46.0734 3684 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
10:58:46.0734 3684 bcm4sbxp - ok
10:58:46.0843 3684 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
10:58:46.0875 3684 BCMModem - ok
10:58:47.0000 3684 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:58:47.0062 3684 Beep - ok
10:58:47.0171 3684 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\System32\qmgr.dll
10:58:47.0234 3684 BITS - ok
10:58:47.0390 3684 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
10:58:47.0406 3684 Bonjour Service - ok
10:58:47.0515 3684 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:58:47.0515 3684 Browser - ok
10:58:47.0562 3684 c2scsi - ok
10:58:47.0640 3684 CA561 (50ded7c73e0fb40693edab8cad7c46e7) C:\WINDOWS\system32\Drivers\SPCA561.SYS
10:58:47.0671 3684 CA561 - ok
10:58:47.0750 3684 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:58:47.0750 3684 cbidf2k - ok
10:58:47.0859 3684 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:58:47.0859 3684 CCDECODE - ok
10:58:47.0906 3684 cd20xrnt - ok
10:58:48.0000 3684 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:58:48.0000 3684 Cdaudio - ok
10:58:48.0109 3684 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:58:48.0171 3684 Cdfs - ok
10:58:48.0234 3684 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:58:48.0296 3684 Cdrom - ok
10:58:48.0343 3684 Changer - ok
10:58:48.0437 3684 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:58:48.0453 3684 CiSvc - ok
10:58:48.0531 3684 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:58:48.0531 3684 ClipSrv - ok
10:58:48.0703 3684 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:58:48.0750 3684 clr_optimization_v2.0.50727_32 - ok
10:58:48.0921 3684 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:58:48.0921 3684 clr_optimization_v4.0.30319_32 - ok
10:58:49.0000 3684 CmdIde - ok
10:58:49.0046 3684 COMSysApp - ok
10:58:49.0109 3684 Cpqarray - ok
10:58:49.0187 3684 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:58:49.0187 3684 CryptSvc - ok
10:58:49.0312 3684 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
10:58:50.0062 3684 d347bus - ok
10:58:50.0171 3684 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys
10:58:50.0187 3684 d347prt - ok
10:58:50.0234 3684 dac2w2k - ok
10:58:50.0265 3684 dac960nt - ok
10:58:50.0343 3684 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:58:50.0359 3684 DcomLaunch - ok
10:58:50.0515 3684 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
10:58:50.0515 3684 DgiVecp - ok
10:58:50.0609 3684 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
10:58:50.0625 3684 Dhcp - ok
10:58:50.0703 3684 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:58:50.0750 3684 Disk - ok
10:58:50.0859 3684 DLABMFSM (ace95725b7d9e12227590f4c2e47707f) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
10:58:50.0890 3684 DLABMFSM - ok
10:58:51.0015 3684 DLABOIOM (f872cf678b07a7a415bc78c309c433a8) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
10:58:51.0046 3684 DLABOIOM - ok
10:58:51.0140 3684 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
10:58:51.0156 3684 DLACDBHM - ok
10:58:51.0218 3684 DLADResM (0049cb1260d08b4e28ae28073ab6d6bf) C:\WINDOWS\system32\DLA\DLADResM.SYS
10:58:51.0250 3684 DLADResM - ok
10:58:51.0343 3684 DLAIFS_M (8d74e30d25a962485c4620fbc795c576) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
10:58:51.0421 3684 DLAIFS_M - ok
10:58:51.0578 3684 DLAOPIOM (d4523b4284191c5824e79a4959cf8103) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
10:58:51.0609 3684 DLAOPIOM - ok
10:58:51.0718 3684 DLAPoolM (8330839e47287595545d4d4abdea2b18) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
10:58:51.0750 3684 DLAPoolM - ok
10:58:51.0859 3684 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
10:58:51.0859 3684 DLARTL_M - ok
10:58:51.0937 3684 DLAUDFAM (c1574997b02ed1c1fdde8ef66106ad90) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
10:58:52.0000 3684 DLAUDFAM - ok
10:58:52.0109 3684 DLAUDF_M (4bbb14b293a9ec274361b0a543c78f80) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
10:58:52.0171 3684 DLAUDF_M - ok
10:58:52.0250 3684 dmadmin - ok
10:58:52.0343 3684 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:58:52.0375 3684 dmboot - ok
10:58:52.0515 3684 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:58:52.0562 3684 dmio - ok
10:58:52.0687 3684 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:58:52.0703 3684 dmload - ok
10:58:52.0781 3684 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:58:52.0781 3684 dmserver - ok
10:58:52.0890 3684 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:58:52.0890 3684 DMusic - ok
10:58:53.0000 3684 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
10:58:53.0000 3684 Dnscache - ok
10:58:53.0062 3684 DokanCEDriver (87388ef3bd91dd2f6d4d5f1d0d891ec2) E:\Program Files\Pogoplug\dokance.sys
10:58:53.0062 3684 DokanCEDriver - ok
10:58:53.0093 3684 DokanCEMounter (31f9fb2c9c7018d7987d74f368748248) E:\Program Files\Pogoplug\dokanmnt.exe
10:58:53.0093 3684 DokanCEMounter - ok
10:58:53.0203 3684 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:58:53.0218 3684 Dot3svc - ok
10:58:53.0296 3684 dpti2o - ok
10:58:53.0359 3684 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:58:53.0359 3684 drmkaud - ok
10:58:53.0500 3684 drvmcdb (85d604bc7d97cdcd6fa78c7d4f70e3cf) C:\WINDOWS\system32\drivers\drvmcdb.sys
10:58:53.0515 3684 drvmcdb - ok
10:58:53.0625 3684 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
10:58:53.0625 3684 DRVNDDM - ok
10:58:53.0718 3684 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:58:53.0718 3684 EapHost - ok
10:58:53.0828 3684 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:58:53.0828 3684 ERSvc - ok
10:58:53.0906 3684 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:58:53.0906 3684 Eventlog - ok
10:58:54.0031 3684 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
10:58:54.0031 3684 EventSystem - ok
10:58:54.0140 3684 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:58:54.0140 3684 Fastfat - ok
10:58:54.0218 3684 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:58:54.0218 3684 FastUserSwitchingCompatibility - ok
10:58:54.0312 3684 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
10:58:54.0312 3684 Fax - ok
10:58:54.0406 3684 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:58:54.0437 3684 Fdc - ok
10:58:54.0531 3684 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:58:54.0578 3684 Fips - ok
10:58:54.0640 3684 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:58:54.0671 3684 Flpydisk - ok
10:58:54.0765 3684 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:58:54.0812 3684 FltMgr - ok
10:58:54.0953 3684 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:58:55.0015 3684 FontCache3.0.0.0 - ok
10:58:55.0125 3684 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:58:55.0140 3684 Fs_Rec - ok
10:58:55.0218 3684 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:58:55.0250 3684 Ftdisk - ok
10:58:55.0328 3684 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:58:55.0359 3684 GEARAspiWDM - ok
10:58:55.0437 3684 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:58:55.0500 3684 Gpc - ok
10:58:55.0593 3684 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:58:55.0593 3684 gusvc - ok
10:58:55.0718 3684 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:58:55.0718 3684 helpsvc - ok
10:58:55.0828 3684 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
10:58:55.0828 3684 HidServ - ok
10:58:55.0906 3684 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:58:55.0937 3684 HidUsb - ok
10:58:56.0015 3684 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:58:56.0015 3684 hkmsvc - ok
10:58:56.0093 3684 hpn - ok
10:58:56.0171 3684 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:58:56.0218 3684 HPZid412 - ok
10:58:56.0343 3684 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:58:56.0359 3684 HPZipr12 - ok
10:58:56.0437 3684 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:58:56.0468 3684 HPZius12 - ok
10:58:56.0796 3684 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:58:56.0812 3684 HTTP - ok
10:58:56.0890 3684 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:58:56.0906 3684 HTTPFilter - ok
10:58:56.0968 3684 i2omgmt - ok
10:58:57.0015 3684 i2omp - ok
10:58:57.0093 3684 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:58:57.0140 3684 i8042prt - ok
10:58:57.0250 3684 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:58:57.0328 3684 ialm - ok
10:58:57.0515 3684 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:58:57.0593 3684 IDriverT - ok
10:58:57.0765 3684 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:58:57.0812 3684 idsvc - ok
10:58:57.0921 3684 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:58:57.0968 3684 Imapi - ok
10:58:58.0062 3684 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
10:58:58.0062 3684 ImapiService - ok
10:58:58.0140 3684 ini910u - ok
10:58:58.0218 3684 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:58:58.0234 3684 IntelIde - ok
10:58:58.0343 3684 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:58:58.0390 3684 intelppm - ok
10:58:58.0468 3684 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:58:58.0468 3684 ip6fw - ok
10:58:58.0578 3684 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:58:58.0578 3684 IpFilterDriver - ok
10:58:58.0687 3684 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:58:58.0687 3684 IpInIp - ok
10:58:58.0796 3684 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:58:58.0796 3684 IpNat - ok
10:58:58.0921 3684 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
10:58:58.0953 3684 iPod Service - ok
10:58:59.0093 3684 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:58:59.0171 3684 IPSec - ok
10:58:59.0250 3684 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:58:59.0250 3684 IRENUM - ok
10:58:59.0343 3684 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:58:59.0390 3684 isapnp - ok
10:58:59.0515 3684 iWinTrusted (168c6caa3ec7f95d6b95d46986835912) C:\Program Files\iWin Games\iWinTrusted.exe
10:58:59.0531 3684 iWinTrusted - ok
10:58:59.0718 3684 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
10:58:59.0718 3684 JavaQuickStarterService - ok
10:58:59.0828 3684 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:58:59.0875 3684 Kbdclass - ok
10:58:59.0968 3684 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:58:59.0984 3684 kmixer - ok
10:59:00.0093 3684 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:59:00.0156 3684 KSecDD - ok
10:59:00.0250 3684 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
10:59:00.0250 3684 lanmanserver - ok
10:59:00.0328 3684 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
10:59:00.0343 3684 lanmanworkstation - ok
10:59:00.0406 3684 lbrtfdc - ok
10:59:00.0546 3684 LightScribeService (559c9b7800fac92fc515cd0003d7c631) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
10:59:00.0546 3684 LightScribeService - ok
10:59:00.0718 3684 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:59:00.0718 3684 LmHosts - ok
10:59:00.0828 3684 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:59:00.0828 3684 Messenger - ok
10:59:00.0937 3684 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:59:00.0968 3684 mnmdd - ok
10:59:01.0046 3684 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
10:59:01.0046 3684 mnmsrvc - ok
10:59:01.0203 3684 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:59:01.0203 3684 Modem - ok
10:59:01.0296 3684 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
10:59:01.0328 3684 MODEMCSA - ok
10:59:01.0468 3684 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:59:01.0500 3684 Mouclass - ok
10:59:01.0609 3684 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:59:01.0656 3684 mouhid - ok
10:59:01.0765 3684 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:59:01.0812 3684 MountMgr - ok
10:59:01.0906 3684 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
10:59:01.0906 3684 MpFilter - ok
10:59:02.0125 3684 MpKsl67b53cc2 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{23FAAD72-DA7E-4AA5-B82A-4C618BF8C486}\MpKsl67b53cc2.sys
10:59:02.0125 3684 MpKsl67b53cc2 - ok
10:59:02.0203 3684 mraid35x - ok
10:59:02.0312 3684 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:59:02.0312 3684 MRxDAV - ok
10:59:02.0437 3684 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:59:02.0546 3684 MRxSmb - ok
10:59:02.0656 3684 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
10:59:02.0671 3684 MSDTC - ok
10:59:02.0796 3684 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:59:02.0828 3684 Msfs - ok
10:59:02.0875 3684 MSIServer - ok
10:59:02.0968 3684 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:59:02.0968 3684 MSKSSRV - ok
10:59:03.0140 3684 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
10:59:03.0156 3684 MsMpSvc - ok
10:59:03.0265 3684 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:59:03.0265 3684 MSPCLOCK - ok
10:59:03.0359 3684 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:59:03.0359 3684 MSPQM - ok
10:59:03.0453 3684 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:59:03.0453 3684 mssmbios - ok
10:59:03.0531 3684 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:59:03.0531 3684 MSTEE - ok
10:59:03.0656 3684 msvad_simple (00c7b2306f1ca5389a1ac6d1df9c2e25) C:\WINDOWS\system32\drivers\povrtdev.sys
10:59:03.0687 3684 msvad_simple - ok
10:59:03.0812 3684 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:59:03.0859 3684 Mup - ok
10:59:03.0937 3684 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:59:03.0937 3684 NABTSFEC - ok
10:59:04.0046 3684 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:59:04.0046 3684 napagent - ok
10:59:04.0171 3684 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:59:04.0218 3684 NDIS - ok
10:59:04.0328 3684 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:59:04.0328 3684 NdisIP - ok
10:59:04.0437 3684 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:59:04.0468 3684 NdisTapi - ok
10:59:04.0562 3684 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:59:04.0578 3684 Ndisuio - ok
10:59:04.0687 3684 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:59:04.0796 3684 NdisWan - ok
10:59:04.0906 3684 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:59:04.0953 3684 NDProxy - ok
10:59:05.0093 3684 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
10:59:05.0093 3684 Net Driver HPZ12 - ok
10:59:05.0218 3684 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:59:05.0265 3684 NetBIOS - ok
10:59:05.0359 3684 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:59:05.0437 3684 NetBT - ok
10:59:05.0531 3684 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:59:05.0546 3684 NetDDE - ok
10:59:05.0562 3684 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:59:05.0562 3684 NetDDEdsdm - ok
10:59:05.0656 3684 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
10:59:05.0656 3684 Netlogon - ok
10:59:05.0812 3684 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:59:05.0812 3684 Netman - ok
10:59:05.0937 3684 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:59:05.0937 3684 NetTcpPortSharing - ok
10:59:06.0062 3684 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
10:59:06.0062 3684 Nla - ok
10:59:06.0187 3684 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:59:06.0218 3684 Npfs - ok
10:59:06.0312 3684 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:59:06.0390 3684 Ntfs - ok
10:59:06.0500 3684 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
10:59:06.0500 3684 NtLmSsp - ok
10:59:06.0593 3684 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:59:06.0609 3684 NtmsSvc - ok
10:59:06.0734 3684 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:59:06.0765 3684 Null - ok
10:59:07.0296 3684 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:59:09.0968 3684 nv - ok
10:59:10.0078 3684 NVSvc (0573c75a2895d973ea6ef2495620ba49) C:\WINDOWS\system32\nvsvc32.exe
10:59:10.0093 3684 NVSvc - ok
10:59:10.0281 3684 nvUpdatusService (9c84945feee40ea42d3bca5c22250d47) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
10:59:10.0343 3684 nvUpdatusService - ok
10:59:10.0453 3684 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:59:10.0453 3684 NwlnkFlt - ok
10:59:10.0562 3684 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:59:10.0562 3684 NwlnkFwd - ok
10:59:10.0687 3684 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:59:10.0687 3684 ose - ok
10:59:10.0796 3684 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:59:10.0859 3684 Parport - ok
10:59:10.0937 3684 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:59:10.0968 3684 PartMgr - ok
10:59:11.0062 3684 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:59:11.0078 3684 ParVdm - ok
10:59:11.0171 3684 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:59:11.0234 3684 PCI - ok
10:59:11.0281 3684 PCIDump - ok
10:59:11.0343 3684 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
10:59:11.0375 3684 PCIIde - ok
10:59:11.0500 3684 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:59:11.0515 3684 Pcmcia - ok
10:59:11.0562 3684 PDCOMP - ok
10:59:11.0593 3684 PDFRAME - ok
10:59:11.0640 3684 PDRELI - ok
10:59:11.0671 3684 PDRFRAME - ok
10:59:11.0703 3684 perc2 - ok
10:59:11.0734 3684 perc2hib - ok
10:59:11.0984 3684 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:59:11.0984 3684 PlugPlay - ok
10:59:12.0093 3684 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
10:59:12.0093 3684 Pml Driver HPZ12 - ok
10:59:12.0203 3684 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
10:59:12.0203 3684 PolicyAgent - ok
10:59:12.0312 3684 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:59:12.0359 3684 PptpMiniport - ok
10:59:12.0453 3684 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
10:59:12.0453 3684 Processor - ok
10:59:12.0515 3684 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:59:12.0515 3684 ProtectedStorage - ok
10:59:12.0625 3684 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:59:12.0687 3684 PSched - ok
10:59:12.0781 3684 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:59:12.0796 3684 Ptilink - ok
10:59:12.0875 3684 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:59:12.0890 3684 PxHelp20 - ok
10:59:12.0921 3684 ql1080 - ok
10:59:12.0984 3684 Ql10wnt - ok
10:59:13.0015 3684 ql12160 - ok
10:59:13.0046 3684 ql1240 - ok
10:59:13.0078 3684 ql1280 - ok
10:59:13.0140 3684 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:59:13.0171 3684 RasAcd - ok
10:59:13.0281 3684 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:59:13.0296 3684 RasAuto - ok
10:59:13.0406 3684 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:59:13.0453 3684 Rasl2tp - ok
10:59:13.0578 3684 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:59:13.0578 3684 RasMan - ok
10:59:13.0718 3684 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:59:13.0765 3684 RasPppoe - ok
10:59:13.0875 3684 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:59:13.0937 3684 Raspti - ok
10:59:14.0046 3684 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:59:14.0109 3684 Rdbss - ok
10:59:14.0187 3684 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:59:14.0218 3684 RDPCDD - ok
10:59:14.0312 3684 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:59:14.0390 3684 rdpdr - ok
10:59:14.0484 3684 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
10:59:14.0500 3684 RDPWD - ok
10:59:14.0609 3684 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:59:14.0609 3684 RDSessMgr - ok
10:59:14.0828 3684 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:59:14.0875 3684 redbook - ok
10:59:15.0109 3684 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:59:15.0125 3684 RemoteAccess - ok
10:59:15.0328 3684 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
10:59:15.0343 3684 RemoteRegistry - ok
10:59:15.0515 3684 Roxio UPnP Renderer 9 (b7de9448bec48d129b4d4380230331c7) C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
10:59:15.0531 3684 Roxio UPnP Renderer 9 - ok
10:59:15.0828 3684 Roxio Upnp Server 9 (f6e56be903a2f51a7fb69d522193f056) C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
10:59:15.0828 3684 Roxio Upnp Server 9 - ok
10:59:16.0015 3684 RoxLiveShare9 (2cd9000874e1687cde7d62a13915c97d) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
10:59:16.0015 3684 RoxLiveShare9 - ok
10:59:16.0234 3684 RoxMediaDB9 (cfa81dc1bbf0302c3946e3262fe8f80a) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
10:59:16.0515 3684 RoxMediaDB9 - ok
10:59:16.0625 3684 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
10:59:16.0625 3684 RpcLocator - ok
10:59:16.0718 3684 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:59:16.0734 3684 RpcSs - ok
10:59:16.0812 3684 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
10:59:16.0828 3684 RSVP - ok
10:59:16.0906 3684 RxFilter (30aed4a37e8f8bbf41983d4ae3a15df9) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
10:59:16.0968 3684 RxFilter - ok
10:59:17.0046 3684 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:59:17.0062 3684 SamSs - ok
10:59:17.0156 3684 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:59:17.0171 3684 SCardSvr - ok
10:59:17.0250 3684 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:59:17.0265 3684 Schedule - ok
10:59:17.0343 3684 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:59:17.0343 3684 Secdrv - ok
10:59:17.0437 3684 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:59:17.0437 3684 seclogon - ok
10:59:17.0546 3684 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
10:59:17.0562 3684 senfilt - ok
10:59:17.0687 3684 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:59:17.0687 3684 SENS - ok
10:59:17.0812 3684 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:59:17.0843 3684 serenum - ok
10:59:17.0937 3684 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:59:18.0031 3684 Serial - ok
10:59:18.0203 3684 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:59:18.0218 3684 Sfloppy - ok
10:59:18.0296 3684 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
10:59:18.0312 3684 SharedAccess - ok
10:59:18.0390 3684 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:59:18.0390 3684 ShellHWDetection - ok
10:59:18.0453 3684 Simbad - ok
10:59:18.0531 3684 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:59:18.0531 3684 SLIP - ok
10:59:18.0703 3684 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
10:59:18.0703 3684 smwdm - ok
10:59:18.0765 3684 Sparrow - ok
10:59:18.0828 3684 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:59:18.0859 3684 splitter - ok
10:59:18.0968 3684 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:59:19.0015 3684 Spooler - ok
10:59:19.0125 3684 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:59:19.0203 3684 sr - ok
10:59:19.0265 3684 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
10:59:19.0281 3684 srservice - ok
10:59:19.0375 3684 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:59:19.0375 3684 Srv - ok
10:59:19.0453 3684 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:59:19.0453 3684 SSDPSRV - ok
10:59:19.0500 3684 SSPORT - ok
10:59:19.0578 3684 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:59:19.0593 3684 stisvc - ok
10:59:19.0703 3684 stllssvr (4173a9cd59f15a64f54b3242c3232731) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
10:59:19.0796 3684 stllssvr - ok
10:59:19.0937 3684 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:59:19.0953 3684 streamip - ok
10:59:20.0078 3684 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:59:20.0093 3684 swenum - ok
10:59:20.0203 3684 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:59:20.0203 3684 swmidi - ok
10:59:20.0265 3684 SwPrv - ok
10:59:20.0312 3684 symc810 - ok
10:59:20.0359 3684 symc8xx - ok
10:59:20.0406 3684 sym_hi - ok
10:59:20.0468 3684 sym_u3 - ok
10:59:20.0562 3684 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:59:20.0562 3684 sysaudio - ok
10:59:20.0656 3684 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:59:20.0656 3684 SysmonLog - ok
10:59:20.0765 3684 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
10:59:20.0781 3684 TapiSrv - ok
10:59:20.0921 3684 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:59:20.0984 3684 Tcpip - ok
10:59:21.0203 3684 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:59:21.0203 3684 TDPIPE - ok
10:59:21.0328 3684 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:59:21.0328 3684 TDTCP - ok
10:59:21.0468 3684 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:59:21.0515 3684 TermDD - ok
10:59:21.0593 3684 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
10:59:21.0609 3684 TermService - ok
10:59:21.0718 3684 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:59:21.0718 3684 Themes - ok
10:59:21.0781 3684 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
10:59:21.0796 3684 TlntSvr - ok
10:59:21.0859 3684 TosIde - ok
10:59:22.0000 3684 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:59:22.0000 3684 TrkWks - ok
10:59:22.0140 3684 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:59:22.0140 3684 Udfs - ok
10:59:22.0187 3684 ultra - ok
10:59:22.0281 3684 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:59:22.0328 3684 Update - ok
10:59:22.0453 3684 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:59:22.0453 3684 upnphost - ok
10:59:22.0562 3684 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:59:22.0562 3684 UPS - ok
10:59:22.0671 3684 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:59:22.0718 3684 USBAAPL - ok
10:59:22.0812 3684 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:59:22.0843 3684 usbccgp - ok
10:59:22.0921 3684 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:59:22.0968 3684 usbehci - ok
10:59:23.0046 3684 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:59:23.0125 3684 usbhub - ok
10:59:23.0218 3684 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:59:23.0250 3684 usbprint - ok
10:59:23.0343 3684 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:59:23.0359 3684 usbscan - ok
10:59:23.0453 3684 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:59:23.0484 3684 USBSTOR - ok
10:59:23.0562 3684 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:59:23.0593 3684 usbuhci - ok
10:59:23.0687 3684 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:59:23.0703 3684 VgaSave - ok
10:59:23.0765 3684 ViaIde - ok
10:59:23.0859 3684 Visual Studio Analyzer RPC bridge (b5ba71eadeed0773d2e0978f962e1bf3) E:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe
10:59:23.0906 3684 Visual Studio Analyzer RPC bridge - ok
10:59:24.0000 3684 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:59:24.0046 3684 VolSnap - ok
10:59:24.0171 3684 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:59:24.0171 3684 VSS - ok
10:59:24.0296 3684 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
10:59:24.0312 3684 W32Time - ok
10:59:24.0437 3684 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:59:24.0500 3684 Wanarp - ok
10:59:24.0625 3684 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
10:59:24.0640 3684 Wdf01000 - ok
10:59:24.0718 3684 WDICA - ok
10:59:24.0796 3684 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:59:24.0796 3684 wdmaud - ok
10:59:24.0921 3684 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:59:24.0921 3684 WebClient - ok
10:59:25.0078 3684 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:59:25.0093 3684 winmgmt - ok
10:59:25.0234 3684 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\WINDOWS\system32\DRIVERS\winusb.sys
10:59:25.0265 3684 WinUSB - ok
10:59:25.0375 3684 WISTechVIDCAP (e14fdc8f4fabbd55cac6f35192232371) C:\WINDOWS\system32\drivers\wisgostrm.sys
10:59:25.0406 3684 WISTechVIDCAP - ok
10:59:25.0468 3684 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
10:59:25.0468 3684 WmdmPmSN - ok
10:59:25.0562 3684 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
10:59:25.0593 3684 Wmi - ok
10:59:25.0703 3684 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
10:59:25.0718 3684 WmiApSrv - ok
10:59:25.0843 3684 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
10:59:25.0875 3684 WMPNetworkSvc - ok
10:59:26.0000 3684 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:59:26.0000 3684 WpdUsb - ok
10:59:26.0203 3684 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:59:26.0218 3684 WPFFontCache_v0400 - ok
10:59:26.0328 3684 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
10:59:26.0343 3684 wscsvc - ok
10:59:26.0453 3684 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:59:26.0453 3684 WSTCODEC - ok
10:59:26.0546 3684 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
10:59:26.0546 3684 wuauserv - ok
10:59:26.0671 3684 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:59:26.0750 3684 WudfPf - ok
10:59:26.0875 3684 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
10:59:26.0875 3684 WUDFRd - ok
10:59:27.0000 3684 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:59:27.0015 3684 WudfSvc - ok
10:59:27.0140 3684 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
10:59:27.0171 3684 WZCSVC - ok
10:59:27.0296 3684 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:59:27.0312 3684 xmlprov - ok
10:59:27.0359 3684 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
10:59:27.0375 3684 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
10:59:27.0375 3684 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
10:59:27.0406 3684 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:59:27.0406 3684 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:59:27.0421 3684 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
10:59:27.0843 3684 \Device\Harddisk1\DR1 - ok
10:59:27.0875 3684 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4
10:59:28.0062 3684 \Device\Harddisk2\DR4 - ok
10:59:28.0078 3684 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk3\DR7
10:59:28.0250 3684 \Device\Harddisk3\DR7 - ok
10:59:28.0265 3684 Boot (0x1200) (a6b8887ce9976028b065f5877c79ce8c) \Device\Harddisk0\DR0\Partition0
10:59:28.0265 3684 \Device\Harddisk0\DR0\Partition0 - ok
10:59:28.0296 3684 Boot (0x1200) (96a2bab068e792c46b057f60ad4049a0) \Device\Harddisk1\DR1\Partition0
10:59:28.0296 3684 \Device\Harddisk1\DR1\Partition0 - ok
10:59:28.0328 3684 Boot (0x1200) (f86c3dc6e865c524e0b60969b743ae91) \Device\Harddisk2\DR4\Partition0
10:59:28.0328 3684 \Device\Harddisk2\DR4\Partition0 - ok
10:59:28.0375 3684 Boot (0x1200) (4d0d841463cc56d5888a0c13dce45ef8) \Device\Harddisk2\DR4\Partition1
10:59:28.0375 3684 \Device\Harddisk2\DR4\Partition1 - ok
10:59:28.0390 3684 Boot (0x1200) (c6919d7cd8c4e189a818af150d6c8967) \Device\Harddisk3\DR7\Partition0
10:59:28.0390 3684 \Device\Harddisk3\DR7\Partition0 - ok
10:59:28.0406 3684 ============================================================
10:59:28.0406 3684 Scan finished
10:59:28.0406 3684 ============================================================
10:59:28.0453 3680 Detected object count: 2
10:59:28.0453 3680 Actual detected object count: 2

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:25 PM

Posted 09 April 2012 - 10:37 AM

TDSSKiller log follows. I did not instruct TDSSKiller to remove the objects it found. Should I let it take care of them?

Yes,go ahead ,cure it

Restart the PC,run the TDSSkiller once again and post the new log(previous TDSSkiller log was incomplete)

Run GMER(disable MSSE),and aswmbr and post the logs

good luck

#5 svchostSkeptic

svchostSkeptic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 09 April 2012 - 12:03 PM

Hmm. I had to reboot, and after that TDSSKiller only reported one object and offered only a warning. Last time it found two and called one severe. Anyway, I'm running GMER now, and MSSE was not reporting any problem at all when I disabled it. Will post all logs when available.

#6 svchostSkeptic

svchostSkeptic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 09 April 2012 - 07:22 PM

This is TDSSkiller

10:58:12.0781 2232 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37
10:58:12.0812 2232 ============================================================
10:58:12.0812 2232 Current date / time: 2012/04/09 10:58:12.0812
10:58:12.0812 2232 SystemInfo:
10:58:12.0812 2232
10:58:12.0812 2232 OS Version: 5.1.2600 ServicePack: 3.0
10:58:12.0812 2232 Product type: Workstation
10:58:12.0812 2232 ComputerName: BJP1
10:58:12.0812 2232 UserName: BnJ
10:58:12.0812 2232 Windows directory: C:\WINDOWS
10:58:12.0812 2232 System windows directory: C:\WINDOWS
10:58:12.0812 2232 Processor architecture: Intel x86
10:58:12.0812 2232 Number of processors: 1
10:58:12.0812 2232 Page size: 0x1000
10:58:12.0812 2232 Boot type: Normal boot
10:58:12.0812 2232 ============================================================
10:58:15.0312 2232 Drive \Device\Harddisk0\DR0 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1386, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:58:15.0328 2232 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:58:15.0359 2232 Drive \Device\Harddisk2\DR4 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:58:15.0359 2232 Drive \Device\Harddisk3\DR7 - Size: 0x79B00000 (1.90 Gb), SectorSize: 0x200, Cylinders: 0xF8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:58:15.0375 2232 \Device\Harddisk0\DR0:
10:58:15.0375 2232 MBR used
10:58:15.0375 2232 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4C8ED06
10:58:15.0375 2232 \Device\Harddisk1\DR1:
10:58:15.0375 2232 MBR used
10:58:15.0375 2232 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
10:58:15.0375 2232 \Device\Harddisk2\DR4:
10:58:15.0390 2232 MBR used
10:58:15.0390 2232 \Device\Harddisk2\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
10:58:15.0390 2232 \Device\Harddisk2\DR4\Partition1: MBR, Type 0x7, StartLBA 0x1D1C4581, BlocksNum 0x1D1C06C0
10:58:15.0390 2232 \Device\Harddisk3\DR7:
10:58:15.0390 2232 MBR used
10:58:15.0390 2232 \Device\Harddisk3\DR7\Partition0: MBR, Type 0xB, StartLBA 0xF0, BlocksNum 0x3CD710
10:58:15.0515 2232 Initialize success
10:58:15.0515 2232 ============================================================
10:58:43.0531 3684 ============================================================
10:58:43.0531 3684 Scan started
10:58:43.0531 3684 Mode: Manual; TDLFS;
10:58:43.0531 3684 ============================================================
10:58:43.0812 3684 Abiosdsk - ok
10:58:43.0843 3684 abp480n5 - ok
10:58:44.0015 3684 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:58:44.0015 3684 ACDaemon - ok
10:58:44.0156 3684 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:58:44.0171 3684 ACPI - ok
10:58:44.0250 3684 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:58:44.0250 3684 ACPIEC - ok
10:58:44.0343 3684 adpu160m - ok
10:58:44.0421 3684 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:58:44.0437 3684 aec - ok
10:58:44.0515 3684 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
10:58:44.0546 3684 Afc - ok
10:58:44.0609 3684 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:58:44.0640 3684 AFD - ok
10:58:44.0687 3684 Aha154x - ok
10:58:44.0718 3684 aic78u2 - ok
10:58:44.0765 3684 aic78xx - ok
10:58:44.0812 3684 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:58:44.0812 3684 Alerter - ok
10:58:44.0890 3684 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:58:44.0890 3684 ALG - ok
10:58:44.0968 3684 AliIde - ok
10:58:45.0000 3684 amsint - ok
10:58:45.0140 3684 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:58:45.0140 3684 Apple Mobile Device - ok
10:58:45.0250 3684 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
10:58:45.0265 3684 AppMgmt - ok
10:58:45.0375 3684 ArcCD (a82f1a1b09593c73efd02a59dc94920c) C:\WINDOWS\system32\drivers\ArcCD.sys
10:58:45.0421 3684 ArcCD - ok
10:58:45.0546 3684 ArcRec (1af9061b61741a912368ab4dc309d25e) C:\WINDOWS\system32\drivers\ArcRec.sys
10:58:45.0562 3684 ArcRec - ok
10:58:45.0640 3684 ArcUdfs (3ee9e41102a2c6b8f7dbad5d44abda05) C:\WINDOWS\system32\drivers\ArcUdfs.sys
10:58:45.0734 3684 ArcUdfs - ok
10:58:45.0781 3684 asc - ok
10:58:45.0828 3684 asc3350p - ok
10:58:45.0859 3684 asc3550 - ok
10:58:46.0031 3684 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:58:46.0125 3684 aspnet_state - ok
10:58:46.0234 3684 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:58:46.0234 3684 AsyncMac - ok
10:58:46.0328 3684 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:58:46.0328 3684 atapi - ok
10:58:46.0390 3684 Atdisk - ok
10:58:46.0468 3684 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:58:46.0468 3684 Atmarpc - ok
10:58:46.0546 3684 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:58:46.0546 3684 AudioSrv - ok
10:58:46.0625 3684 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:58:46.0640 3684 audstub - ok
10:58:46.0734 3684 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
10:58:46.0734 3684 bcm4sbxp - ok
10:58:46.0843 3684 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
10:58:46.0875 3684 BCMModem - ok
10:58:47.0000 3684 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:58:47.0062 3684 Beep - ok
10:58:47.0171 3684 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\System32\qmgr.dll
10:58:47.0234 3684 BITS - ok
10:58:47.0390 3684 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
10:58:47.0406 3684 Bonjour Service - ok
10:58:47.0515 3684 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:58:47.0515 3684 Browser - ok
10:58:47.0562 3684 c2scsi - ok
10:58:47.0640 3684 CA561 (50ded7c73e0fb40693edab8cad7c46e7) C:\WINDOWS\system32\Drivers\SPCA561.SYS
10:58:47.0671 3684 CA561 - ok
10:58:47.0750 3684 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:58:47.0750 3684 cbidf2k - ok
10:58:47.0859 3684 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:58:47.0859 3684 CCDECODE - ok
10:58:47.0906 3684 cd20xrnt - ok
10:58:48.0000 3684 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:58:48.0000 3684 Cdaudio - ok
10:58:48.0109 3684 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:58:48.0171 3684 Cdfs - ok
10:58:48.0234 3684 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:58:48.0296 3684 Cdrom - ok
10:58:48.0343 3684 Changer - ok
10:58:48.0437 3684 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:58:48.0453 3684 CiSvc - ok
10:58:48.0531 3684 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:58:48.0531 3684 ClipSrv - ok
10:58:48.0703 3684 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:58:48.0750 3684 clr_optimization_v2.0.50727_32 - ok
10:58:48.0921 3684 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:58:48.0921 3684 clr_optimization_v4.0.30319_32 - ok
10:58:49.0000 3684 CmdIde - ok
10:58:49.0046 3684 COMSysApp - ok
10:58:49.0109 3684 Cpqarray - ok
10:58:49.0187 3684 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:58:49.0187 3684 CryptSvc - ok
10:58:49.0312 3684 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
10:58:50.0062 3684 d347bus - ok
10:58:50.0171 3684 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys
10:58:50.0187 3684 d347prt - ok
10:58:50.0234 3684 dac2w2k - ok
10:58:50.0265 3684 dac960nt - ok
10:58:50.0343 3684 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:58:50.0359 3684 DcomLaunch - ok
10:58:50.0515 3684 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
10:58:50.0515 3684 DgiVecp - ok
10:58:50.0609 3684 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
10:58:50.0625 3684 Dhcp - ok
10:58:50.0703 3684 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:58:50.0750 3684 Disk - ok
10:58:50.0859 3684 DLABMFSM (ace95725b7d9e12227590f4c2e47707f) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
10:58:50.0890 3684 DLABMFSM - ok
10:58:51.0015 3684 DLABOIOM (f872cf678b07a7a415bc78c309c433a8) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
10:58:51.0046 3684 DLABOIOM - ok
10:58:51.0140 3684 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
10:58:51.0156 3684 DLACDBHM - ok
10:58:51.0218 3684 DLADResM (0049cb1260d08b4e28ae28073ab6d6bf) C:\WINDOWS\system32\DLA\DLADResM.SYS
10:58:51.0250 3684 DLADResM - ok
10:58:51.0343 3684 DLAIFS_M (8d74e30d25a962485c4620fbc795c576) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
10:58:51.0421 3684 DLAIFS_M - ok
10:58:51.0578 3684 DLAOPIOM (d4523b4284191c5824e79a4959cf8103) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
10:58:51.0609 3684 DLAOPIOM - ok
10:58:51.0718 3684 DLAPoolM (8330839e47287595545d4d4abdea2b18) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
10:58:51.0750 3684 DLAPoolM - ok
10:58:51.0859 3684 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
10:58:51.0859 3684 DLARTL_M - ok
10:58:51.0937 3684 DLAUDFAM (c1574997b02ed1c1fdde8ef66106ad90) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
10:58:52.0000 3684 DLAUDFAM - ok
10:58:52.0109 3684 DLAUDF_M (4bbb14b293a9ec274361b0a543c78f80) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
10:58:52.0171 3684 DLAUDF_M - ok
10:58:52.0250 3684 dmadmin - ok
10:58:52.0343 3684 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:58:52.0375 3684 dmboot - ok
10:58:52.0515 3684 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:58:52.0562 3684 dmio - ok
10:58:52.0687 3684 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:58:52.0703 3684 dmload - ok
10:58:52.0781 3684 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:58:52.0781 3684 dmserver - ok
10:58:52.0890 3684 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:58:52.0890 3684 DMusic - ok
10:58:53.0000 3684 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
10:58:53.0000 3684 Dnscache - ok
10:58:53.0062 3684 DokanCEDriver (87388ef3bd91dd2f6d4d5f1d0d891ec2) E:\Program Files\Pogoplug\dokance.sys
10:58:53.0062 3684 DokanCEDriver - ok
10:58:53.0093 3684 DokanCEMounter (31f9fb2c9c7018d7987d74f368748248) E:\Program Files\Pogoplug\dokanmnt.exe
10:58:53.0093 3684 DokanCEMounter - ok
10:58:53.0203 3684 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:58:53.0218 3684 Dot3svc - ok
10:58:53.0296 3684 dpti2o - ok
10:58:53.0359 3684 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:58:53.0359 3684 drmkaud - ok
10:58:53.0500 3684 drvmcdb (85d604bc7d97cdcd6fa78c7d4f70e3cf) C:\WINDOWS\system32\drivers\drvmcdb.sys
10:58:53.0515 3684 drvmcdb - ok
10:58:53.0625 3684 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
10:58:53.0625 3684 DRVNDDM - ok
10:58:53.0718 3684 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:58:53.0718 3684 EapHost - ok
10:58:53.0828 3684 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:58:53.0828 3684 ERSvc - ok
10:58:53.0906 3684 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:58:53.0906 3684 Eventlog - ok
10:58:54.0031 3684 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
10:58:54.0031 3684 EventSystem - ok
10:58:54.0140 3684 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:58:54.0140 3684 Fastfat - ok
10:58:54.0218 3684 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:58:54.0218 3684 FastUserSwitchingCompatibility - ok
10:58:54.0312 3684 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
10:58:54.0312 3684 Fax - ok
10:58:54.0406 3684 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:58:54.0437 3684 Fdc - ok
10:58:54.0531 3684 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:58:54.0578 3684 Fips - ok
10:58:54.0640 3684 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:58:54.0671 3684 Flpydisk - ok
10:58:54.0765 3684 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:58:54.0812 3684 FltMgr - ok
10:58:54.0953 3684 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:58:55.0015 3684 FontCache3.0.0.0 - ok
10:58:55.0125 3684 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:58:55.0140 3684 Fs_Rec - ok
10:58:55.0218 3684 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:58:55.0250 3684 Ftdisk - ok
10:58:55.0328 3684 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:58:55.0359 3684 GEARAspiWDM - ok
10:58:55.0437 3684 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:58:55.0500 3684 Gpc - ok
10:58:55.0593 3684 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:58:55.0593 3684 gusvc - ok
10:58:55.0718 3684 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:58:55.0718 3684 helpsvc - ok
10:58:55.0828 3684 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
10:58:55.0828 3684 HidServ - ok
10:58:55.0906 3684 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:58:55.0937 3684 HidUsb - ok
10:58:56.0015 3684 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:58:56.0015 3684 hkmsvc - ok
10:58:56.0093 3684 hpn - ok
10:58:56.0171 3684 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:58:56.0218 3684 HPZid412 - ok
10:58:56.0343 3684 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:58:56.0359 3684 HPZipr12 - ok
10:58:56.0437 3684 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:58:56.0468 3684 HPZius12 - ok
10:58:56.0796 3684 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:58:56.0812 3684 HTTP - ok
10:58:56.0890 3684 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:58:56.0906 3684 HTTPFilter - ok
10:58:56.0968 3684 i2omgmt - ok
10:58:57.0015 3684 i2omp - ok
10:58:57.0093 3684 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:58:57.0140 3684 i8042prt - ok
10:58:57.0250 3684 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:58:57.0328 3684 ialm - ok
10:58:57.0515 3684 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:58:57.0593 3684 IDriverT - ok
10:58:57.0765 3684 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:58:57.0812 3684 idsvc - ok
10:58:57.0921 3684 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:58:57.0968 3684 Imapi - ok
10:58:58.0062 3684 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
10:58:58.0062 3684 ImapiService - ok
10:58:58.0140 3684 ini910u - ok
10:58:58.0218 3684 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:58:58.0234 3684 IntelIde - ok
10:58:58.0343 3684 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:58:58.0390 3684 intelppm - ok
10:58:58.0468 3684 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:58:58.0468 3684 ip6fw - ok
10:58:58.0578 3684 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:58:58.0578 3684 IpFilterDriver - ok
10:58:58.0687 3684 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:58:58.0687 3684 IpInIp - ok
10:58:58.0796 3684 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:58:58.0796 3684 IpNat - ok
10:58:58.0921 3684 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
10:58:58.0953 3684 iPod Service - ok
10:58:59.0093 3684 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:58:59.0171 3684 IPSec - ok
10:58:59.0250 3684 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:58:59.0250 3684 IRENUM - ok
10:58:59.0343 3684 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:58:59.0390 3684 isapnp - ok
10:58:59.0515 3684 iWinTrusted (168c6caa3ec7f95d6b95d46986835912) C:\Program Files\iWin Games\iWinTrusted.exe
10:58:59.0531 3684 iWinTrusted - ok
10:58:59.0718 3684 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
10:58:59.0718 3684 JavaQuickStarterService - ok
10:58:59.0828 3684 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:58:59.0875 3684 Kbdclass - ok
10:58:59.0968 3684 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:58:59.0984 3684 kmixer - ok
10:59:00.0093 3684 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:59:00.0156 3684 KSecDD - ok
10:59:00.0250 3684 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
10:59:00.0250 3684 lanmanserver - ok
10:59:00.0328 3684 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
10:59:00.0343 3684 lanmanworkstation - ok
10:59:00.0406 3684 lbrtfdc - ok
10:59:00.0546 3684 LightScribeService (559c9b7800fac92fc515cd0003d7c631) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
10:59:00.0546 3684 LightScribeService - ok
10:59:00.0718 3684 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:59:00.0718 3684 LmHosts - ok
10:59:00.0828 3684 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:59:00.0828 3684 Messenger - ok
10:59:00.0937 3684 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:59:00.0968 3684 mnmdd - ok
10:59:01.0046 3684 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
10:59:01.0046 3684 mnmsrvc - ok
10:59:01.0203 3684 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:59:01.0203 3684 Modem - ok
10:59:01.0296 3684 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
10:59:01.0328 3684 MODEMCSA - ok
10:59:01.0468 3684 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:59:01.0500 3684 Mouclass - ok
10:59:01.0609 3684 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:59:01.0656 3684 mouhid - ok
10:59:01.0765 3684 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:59:01.0812 3684 MountMgr - ok
10:59:01.0906 3684 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
10:59:01.0906 3684 MpFilter - ok
10:59:02.0125 3684 MpKsl67b53cc2 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{23FAAD72-DA7E-4AA5-B82A-4C618BF8C486}\MpKsl67b53cc2.sys
10:59:02.0125 3684 MpKsl67b53cc2 - ok
10:59:02.0203 3684 mraid35x - ok
10:59:02.0312 3684 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:59:02.0312 3684 MRxDAV - ok
10:59:02.0437 3684 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:59:02.0546 3684 MRxSmb - ok
10:59:02.0656 3684 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
10:59:02.0671 3684 MSDTC - ok
10:59:02.0796 3684 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:59:02.0828 3684 Msfs - ok
10:59:02.0875 3684 MSIServer - ok
10:59:02.0968 3684 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:59:02.0968 3684 MSKSSRV - ok
10:59:03.0140 3684 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
10:59:03.0156 3684 MsMpSvc - ok
10:59:03.0265 3684 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:59:03.0265 3684 MSPCLOCK - ok
10:59:03.0359 3684 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:59:03.0359 3684 MSPQM - ok
10:59:03.0453 3684 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:59:03.0453 3684 mssmbios - ok
10:59:03.0531 3684 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:59:03.0531 3684 MSTEE - ok
10:59:03.0656 3684 msvad_simple (00c7b2306f1ca5389a1ac6d1df9c2e25) C:\WINDOWS\system32\drivers\povrtdev.sys
10:59:03.0687 3684 msvad_simple - ok
10:59:03.0812 3684 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:59:03.0859 3684 Mup - ok
10:59:03.0937 3684 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:59:03.0937 3684 NABTSFEC - ok
10:59:04.0046 3684 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:59:04.0046 3684 napagent - ok
10:59:04.0171 3684 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:59:04.0218 3684 NDIS - ok
10:59:04.0328 3684 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:59:04.0328 3684 NdisIP - ok
10:59:04.0437 3684 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:59:04.0468 3684 NdisTapi - ok
10:59:04.0562 3684 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:59:04.0578 3684 Ndisuio - ok
10:59:04.0687 3684 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:59:04.0796 3684 NdisWan - ok
10:59:04.0906 3684 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:59:04.0953 3684 NDProxy - ok
10:59:05.0093 3684 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
10:59:05.0093 3684 Net Driver HPZ12 - ok
10:59:05.0218 3684 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:59:05.0265 3684 NetBIOS - ok
10:59:05.0359 3684 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:59:05.0437 3684 NetBT - ok
10:59:05.0531 3684 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:59:05.0546 3684 NetDDE - ok
10:59:05.0562 3684 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:59:05.0562 3684 NetDDEdsdm - ok
10:59:05.0656 3684 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
10:59:05.0656 3684 Netlogon - ok
10:59:05.0812 3684 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:59:05.0812 3684 Netman - ok
10:59:05.0937 3684 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:59:05.0937 3684 NetTcpPortSharing - ok
10:59:06.0062 3684 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
10:59:06.0062 3684 Nla - ok
10:59:06.0187 3684 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:59:06.0218 3684 Npfs - ok
10:59:06.0312 3684 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:59:06.0390 3684 Ntfs - ok
10:59:06.0500 3684 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
10:59:06.0500 3684 NtLmSsp - ok
10:59:06.0593 3684 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:59:06.0609 3684 NtmsSvc - ok
10:59:06.0734 3684 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:59:06.0765 3684 Null - ok
10:59:07.0296 3684 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:59:09.0968 3684 nv - ok
10:59:10.0078 3684 NVSvc (0573c75a2895d973ea6ef2495620ba49) C:\WINDOWS\system32\nvsvc32.exe
10:59:10.0093 3684 NVSvc - ok
10:59:10.0281 3684 nvUpdatusService (9c84945feee40ea42d3bca5c22250d47) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
10:59:10.0343 3684 nvUpdatusService - ok
10:59:10.0453 3684 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:59:10.0453 3684 NwlnkFlt - ok
10:59:10.0562 3684 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:59:10.0562 3684 NwlnkFwd - ok
10:59:10.0687 3684 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:59:10.0687 3684 ose - ok
10:59:10.0796 3684 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:59:10.0859 3684 Parport - ok
10:59:10.0937 3684 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:59:10.0968 3684 PartMgr - ok
10:59:11.0062 3684 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:59:11.0078 3684 ParVdm - ok
10:59:11.0171 3684 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:59:11.0234 3684 PCI - ok
10:59:11.0281 3684 PCIDump - ok
10:59:11.0343 3684 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
10:59:11.0375 3684 PCIIde - ok
10:59:11.0500 3684 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:59:11.0515 3684 Pcmcia - ok
10:59:11.0562 3684 PDCOMP - ok
10:59:11.0593 3684 PDFRAME - ok
10:59:11.0640 3684 PDRELI - ok
10:59:11.0671 3684 PDRFRAME - ok
10:59:11.0703 3684 perc2 - ok
10:59:11.0734 3684 perc2hib - ok
10:59:11.0984 3684 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:59:11.0984 3684 PlugPlay - ok
10:59:12.0093 3684 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
10:59:12.0093 3684 Pml Driver HPZ12 - ok
10:59:12.0203 3684 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
10:59:12.0203 3684 PolicyAgent - ok
10:59:12.0312 3684 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:59:12.0359 3684 PptpMiniport - ok
10:59:12.0453 3684 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
10:59:12.0453 3684 Processor - ok
10:59:12.0515 3684 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:59:12.0515 3684 ProtectedStorage - ok
10:59:12.0625 3684 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:59:12.0687 3684 PSched - ok
10:59:12.0781 3684 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:59:12.0796 3684 Ptilink - ok
10:59:12.0875 3684 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:59:12.0890 3684 PxHelp20 - ok
10:59:12.0921 3684 ql1080 - ok
10:59:12.0984 3684 Ql10wnt - ok
10:59:13.0015 3684 ql12160 - ok
10:59:13.0046 3684 ql1240 - ok
10:59:13.0078 3684 ql1280 - ok
10:59:13.0140 3684 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:59:13.0171 3684 RasAcd - ok
10:59:13.0281 3684 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:59:13.0296 3684 RasAuto - ok
10:59:13.0406 3684 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:59:13.0453 3684 Rasl2tp - ok
10:59:13.0578 3684 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:59:13.0578 3684 RasMan - ok
10:59:13.0718 3684 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:59:13.0765 3684 RasPppoe - ok
10:59:13.0875 3684 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:59:13.0937 3684 Raspti - ok
10:59:14.0046 3684 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:59:14.0109 3684 Rdbss - ok
10:59:14.0187 3684 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:59:14.0218 3684 RDPCDD - ok
10:59:14.0312 3684 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:59:14.0390 3684 rdpdr - ok
10:59:14.0484 3684 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
10:59:14.0500 3684 RDPWD - ok
10:59:14.0609 3684 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:59:14.0609 3684 RDSessMgr - ok
10:59:14.0828 3684 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:59:14.0875 3684 redbook - ok
10:59:15.0109 3684 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:59:15.0125 3684 RemoteAccess - ok
10:59:15.0328 3684 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
10:59:15.0343 3684 RemoteRegistry - ok
10:59:15.0515 3684 Roxio UPnP Renderer 9 (b7de9448bec48d129b4d4380230331c7) C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
10:59:15.0531 3684 Roxio UPnP Renderer 9 - ok
10:59:15.0828 3684 Roxio Upnp Server 9 (f6e56be903a2f51a7fb69d522193f056) C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
10:59:15.0828 3684 Roxio Upnp Server 9 - ok
10:59:16.0015 3684 RoxLiveShare9 (2cd9000874e1687cde7d62a13915c97d) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
10:59:16.0015 3684 RoxLiveShare9 - ok
10:59:16.0234 3684 RoxMediaDB9 (cfa81dc1bbf0302c3946e3262fe8f80a) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
10:59:16.0515 3684 RoxMediaDB9 - ok
10:59:16.0625 3684 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
10:59:16.0625 3684 RpcLocator - ok
10:59:16.0718 3684 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:59:16.0734 3684 RpcSs - ok
10:59:16.0812 3684 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
10:59:16.0828 3684 RSVP - ok
10:59:16.0906 3684 RxFilter (30aed4a37e8f8bbf41983d4ae3a15df9) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
10:59:16.0968 3684 RxFilter - ok
10:59:17.0046 3684 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:59:17.0062 3684 SamSs - ok
10:59:17.0156 3684 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:59:17.0171 3684 SCardSvr - ok
10:59:17.0250 3684 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:59:17.0265 3684 Schedule - ok
10:59:17.0343 3684 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:59:17.0343 3684 Secdrv - ok
10:59:17.0437 3684 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:59:17.0437 3684 seclogon - ok
10:59:17.0546 3684 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
10:59:17.0562 3684 senfilt - ok
10:59:17.0687 3684 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:59:17.0687 3684 SENS - ok
10:59:17.0812 3684 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:59:17.0843 3684 serenum - ok
10:59:17.0937 3684 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:59:18.0031 3684 Serial - ok
10:59:18.0203 3684 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:59:18.0218 3684 Sfloppy - ok
10:59:18.0296 3684 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
10:59:18.0312 3684 SharedAccess - ok
10:59:18.0390 3684 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:59:18.0390 3684 ShellHWDetection - ok
10:59:18.0453 3684 Simbad - ok
10:59:18.0531 3684 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:59:18.0531 3684 SLIP - ok
10:59:18.0703 3684 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
10:59:18.0703 3684 smwdm - ok
10:59:18.0765 3684 Sparrow - ok
10:59:18.0828 3684 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:59:18.0859 3684 splitter - ok
10:59:18.0968 3684 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:59:19.0015 3684 Spooler - ok
10:59:19.0125 3684 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:59:19.0203 3684 sr - ok
10:59:19.0265 3684 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
10:59:19.0281 3684 srservice - ok
10:59:19.0375 3684 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:59:19.0375 3684 Srv - ok
10:59:19.0453 3684 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:59:19.0453 3684 SSDPSRV - ok
10:59:19.0500 3684 SSPORT - ok
10:59:19.0578 3684 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:59:19.0593 3684 stisvc - ok
10:59:19.0703 3684 stllssvr (4173a9cd59f15a64f54b3242c3232731) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
10:59:19.0796 3684 stllssvr - ok
10:59:19.0937 3684 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:59:19.0953 3684 streamip - ok
10:59:20.0078 3684 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:59:20.0093 3684 swenum - ok
10:59:20.0203 3684 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:59:20.0203 3684 swmidi - ok
10:59:20.0265 3684 SwPrv - ok
10:59:20.0312 3684 symc810 - ok
10:59:20.0359 3684 symc8xx - ok
10:59:20.0406 3684 sym_hi - ok
10:59:20.0468 3684 sym_u3 - ok
10:59:20.0562 3684 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:59:20.0562 3684 sysaudio - ok
10:59:20.0656 3684 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:59:20.0656 3684 SysmonLog - ok
10:59:20.0765 3684 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
10:59:20.0781 3684 TapiSrv - ok
10:59:20.0921 3684 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:59:20.0984 3684 Tcpip - ok
10:59:21.0203 3684 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:59:21.0203 3684 TDPIPE - ok
10:59:21.0328 3684 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:59:21.0328 3684 TDTCP - ok
10:59:21.0468 3684 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:59:21.0515 3684 TermDD - ok
10:59:21.0593 3684 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
10:59:21.0609 3684 TermService - ok
10:59:21.0718 3684 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:59:21.0718 3684 Themes - ok
10:59:21.0781 3684 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
10:59:21.0796 3684 TlntSvr - ok
10:59:21.0859 3684 TosIde - ok
10:59:22.0000 3684 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:59:22.0000 3684 TrkWks - ok
10:59:22.0140 3684 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:59:22.0140 3684 Udfs - ok
10:59:22.0187 3684 ultra - ok
10:59:22.0281 3684 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:59:22.0328 3684 Update - ok
10:59:22.0453 3684 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:59:22.0453 3684 upnphost - ok
10:59:22.0562 3684 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:59:22.0562 3684 UPS - ok
10:59:22.0671 3684 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:59:22.0718 3684 USBAAPL - ok
10:59:22.0812 3684 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:59:22.0843 3684 usbccgp - ok
10:59:22.0921 3684 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:59:22.0968 3684 usbehci - ok
10:59:23.0046 3684 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:59:23.0125 3684 usbhub - ok
10:59:23.0218 3684 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:59:23.0250 3684 usbprint - ok
10:59:23.0343 3684 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:59:23.0359 3684 usbscan - ok
10:59:23.0453 3684 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:59:23.0484 3684 USBSTOR - ok
10:59:23.0562 3684 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:59:23.0593 3684 usbuhci - ok
10:59:23.0687 3684 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:59:23.0703 3684 VgaSave - ok
10:59:23.0765 3684 ViaIde - ok
10:59:23.0859 3684 Visual Studio Analyzer RPC bridge (b5ba71eadeed0773d2e0978f962e1bf3) E:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe
10:59:23.0906 3684 Visual Studio Analyzer RPC bridge - ok
10:59:24.0000 3684 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:59:24.0046 3684 VolSnap - ok
10:59:24.0171 3684 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:59:24.0171 3684 VSS - ok
10:59:24.0296 3684 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
10:59:24.0312 3684 W32Time - ok
10:59:24.0437 3684 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:59:24.0500 3684 Wanarp - ok
10:59:24.0625 3684 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
10:59:24.0640 3684 Wdf01000 - ok
10:59:24.0718 3684 WDICA - ok
10:59:24.0796 3684 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:59:24.0796 3684 wdmaud - ok
10:59:24.0921 3684 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:59:24.0921 3684 WebClient - ok
10:59:25.0078 3684 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:59:25.0093 3684 winmgmt - ok
10:59:25.0234 3684 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\WINDOWS\system32\DRIVERS\winusb.sys
10:59:25.0265 3684 WinUSB - ok
10:59:25.0375 3684 WISTechVIDCAP (e14fdc8f4fabbd55cac6f35192232371) C:\WINDOWS\system32\drivers\wisgostrm.sys
10:59:25.0406 3684 WISTechVIDCAP - ok
10:59:25.0468 3684 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
10:59:25.0468 3684 WmdmPmSN - ok
10:59:25.0562 3684 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
10:59:25.0593 3684 Wmi - ok
10:59:25.0703 3684 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
10:59:25.0718 3684 WmiApSrv - ok
10:59:25.0843 3684 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
10:59:25.0875 3684 WMPNetworkSvc - ok
10:59:26.0000 3684 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:59:26.0000 3684 WpdUsb - ok
10:59:26.0203 3684 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:59:26.0218 3684 WPFFontCache_v0400 - ok
10:59:26.0328 3684 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
10:59:26.0343 3684 wscsvc - ok
10:59:26.0453 3684 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:59:26.0453 3684 WSTCODEC - ok
10:59:26.0546 3684 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
10:59:26.0546 3684 wuauserv - ok
10:59:26.0671 3684 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:59:26.0750 3684 WudfPf - ok
10:59:26.0875 3684 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
10:59:26.0875 3684 WUDFRd - ok
10:59:27.0000 3684 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:59:27.0015 3684 WudfSvc - ok
10:59:27.0140 3684 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
10:59:27.0171 3684 WZCSVC - ok
10:59:27.0296 3684 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:59:27.0312 3684 xmlprov - ok
10:59:27.0359 3684 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
10:59:27.0375 3684 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
10:59:27.0375 3684 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
10:59:27.0406 3684 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:59:27.0406 3684 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:59:27.0421 3684 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
10:59:27.0843 3684 \Device\Harddisk1\DR1 - ok
10:59:27.0875 3684 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4
10:59:28.0062 3684 \Device\Harddisk2\DR4 - ok
10:59:28.0078 3684 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk3\DR7
10:59:28.0250 3684 \Device\Harddisk3\DR7 - ok
10:59:28.0265 3684 Boot (0x1200) (a6b8887ce9976028b065f5877c79ce8c) \Device\Harddisk0\DR0\Partition0
10:59:28.0265 3684 \Device\Harddisk0\DR0\Partition0 - ok
10:59:28.0296 3684 Boot (0x1200) (96a2bab068e792c46b057f60ad4049a0) \Device\Harddisk1\DR1\Partition0
10:59:28.0296 3684 \Device\Harddisk1\DR1\Partition0 - ok
10:59:28.0328 3684 Boot (0x1200) (f86c3dc6e865c524e0b60969b743ae91) \Device\Harddisk2\DR4\Partition0
10:59:28.0328 3684 \Device\Harddisk2\DR4\Partition0 - ok
10:59:28.0375 3684 Boot (0x1200) (4d0d841463cc56d5888a0c13dce45ef8) \Device\Harddisk2\DR4\Partition1
10:59:28.0375 3684 \Device\Harddisk2\DR4\Partition1 - ok
10:59:28.0390 3684 Boot (0x1200) (c6919d7cd8c4e189a818af150d6c8967) \Device\Harddisk3\DR7\Partition0
10:59:28.0390 3684 \Device\Harddisk3\DR7\Partition0 - ok
10:59:28.0406 3684 ============================================================
10:59:28.0406 3684 Scan finished
10:59:28.0406 3684 ============================================================
10:59:28.0453 3680 Detected object count: 2
10:59:28.0453 3680 Actual detected object count: 2

#7 svchostSkeptic

svchostSkeptic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 09 April 2012 - 07:24 PM

This is aswmbr..

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-09 20:08:06
-----------------------------
20:08:06.171 OS Version: Windows 5.1.2600 Service Pack 3
20:08:06.171 Number of processors: 1 586 0x209
20:08:06.171 ComputerName: BJP1 UserName: BnJ
20:08:06.671 Initialize success
20:08:11.109 AVAST engine download error: 0
20:10:23.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:10:23.390 Disk 0 Vendor: Maxtor_6E040L0 NAR61590 Size: 39205MB BusType: 3
20:10:23.390 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17
20:10:23.390 Disk 1 Vendor: WDC_WD1200JB-00GVA0 08.02D08 Size: 114473MB BusType: 3
20:10:23.421 Device \Driver\atapi -> DriverStartIo f747b864
20:10:23.421 Device \Driver\atapi -> MajorFunction 89fe3b18
20:10:23.468 Disk 0 MBR read successfully
20:10:23.468 Disk 0 MBR scan
20:10:23.468 Disk 0 Windows XP default MBR code
20:10:23.468 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39197 MB offset 63
20:10:23.468 Disk 0 scanning sectors +80276805
20:10:23.546 Disk 0 scanning C:\WINDOWS\system32\drivers
20:10:34.140 Service scanning
20:10:43.765 Service MpKslb48d1084 C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{23FAAD72-DA7E-4AA5-B82A-4C618BF8C486}\MpKslb48d1084.sys **LOCKED** 32
20:10:52.421 Modules scanning
20:11:01.890 Disk 0 trace - called modules:
20:11:01.937 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89fe3b18]<<
20:11:01.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a550ab8]
20:11:01.937 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a58bb00]
20:11:01.937 \Driver\atapi[0x8a574030] -> IRP_MJ_CREATE -> 0x89fe3b18
20:11:01.937 Scan finished successfully

#8 svchostSkeptic

svchostSkeptic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 09 April 2012 - 08:26 PM

...and GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-09 19:57:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6E040L0 rev.NAR61590
Running: fmvj4hid.exe; Driver: C:\DOCUME~1\BnJ\LOCALS~1\Temp\ugtdqpod.sys


---- System - GMER 1.0.15 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF75BD818]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xF75BD7D0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF75B1A20]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF75B22A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF75BD910]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF75BD794]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF75B22C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF75BD866]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF75BD0B0]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB708B380, 0x8D6CD5, 0xE8000020]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB6FE4F80]
init C:\WINDOWS\System32\Drivers\ArcRec.SYS entry point in "init" section [0xF79D2138]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A541960
Device \Driver\Cdrom \Device\CdRom0 8A185268
Device \FileSystem\Rdbss \Device\FsWrap 8A54A258
Device \Driver\Cdrom \Device\CdRom1 8A185268
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 89FE3B18
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89FE3B18
Device \Driver\atapi \Device\Ide\IdePort0 89FE3B18
Device \Driver\atapi \Device\Ide\IdePort1 89FE3B18
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 89FE3B18
Device \FileSystem\Srv \Device\LanmanServer 89FFC030
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A109258
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A109258
Device \FileSystem\Npfs \Device\NamedPipe 8A060CE0
Device \FileSystem\Msfs \Device\Mailslot 8A0A1CE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 8A400D68
Device \Driver\d347prt \Device\Scsi\d347prt1 8A400D68
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A14BCC8
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A14BCC8
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A14BCC8
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A14BCC8
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A14BCC8
Device \FileSystem\Cdfs \Cdfs 8A599618
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Modules - GMER 1.0.15 ----

Module _________ F7474000-F748C000 (98304 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z0 0x70 0x11 0x1A 0x27 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB7647$\2649504176 0 bytes
File C:\WINDOWS\$NtUninstallKB7647$\3682125479 0 bytes
File C:\WINDOWS\$NtUninstallKB7647$\3682125479\L 0 bytes
File C:\WINDOWS\$NtUninstallKB7647$\3682125479\U 0 bytes

---- EOF - GMER 1.0.15 ----

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:25 PM

Posted 11 April 2012 - 04:10 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Edited by narenxp, 11 April 2012 - 04:10 AM.


#10 svchostSkeptic

svchostSkeptic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 13 April 2012 - 07:31 AM

MBAM log shows no infections.

ESET results:

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\11C0AGJK\index[1].htm JS/Iframe.CV trojan cleaned by deleting - quarantined
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AQ3XIM0W\hautetalk_com[1].txt JS/Kryptik.LL trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0IDWFRYZ\foodoscope[1].txt JS/Iframe.CV trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.04.2012_10.58.12\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.04.2012_10.58.12\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.04.2012_10.58.12\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KS trojan cleaned by deleting - quarantined

#11 svchostSkeptic

svchostSkeptic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 13 April 2012 - 07:53 AM

MiniToolBox by Farbar Version: 18-01-2012
Ran by BnJ (administrator) on 12-04-2012 at 22:57:45
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
**************************************************************************

*

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings:

==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings:

==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration:

================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection

(Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=[as expected]

mask=255.255.255.0
set address name="Local Area Connection" gateway=[as expected] gwmetric=0
set dns name="Local Area Connection" source=static addr=[as expected]

register=PRIMARY
set wins name="Local Area Connection" source=static addr=none


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : bjp1

Primary Dns Suffix . . . . . . . : Node Type . . . . . . . .

. . . . : Unknown IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area

Connection: Connection-specific DNS Suffix . : Description

. . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-0D-56-57-4B-BA Dhcp Enabled.

. . . . . . . . . . : No IP Address. . . . . . . . . . . . : [as

expected] Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : [as expected] DNS Servers . . .

. . . . . . . . : [as expected]Server: UnKnown
Address: [as expected]

Name: google.com
Addresses: 74.125.65.101, 74.125.65.100, 74.125.65.139, 74.125.65.138
74.125.65.113, 74.125.65.102

Pinging google.com [74.125.65.102] with 32 bytes of data:Reply from

74.125.65.102: bytes=32 time=31ms TTL=54Reply from 74.125.65.102: bytes=32

time=31ms TTL=54Ping statistics for 74.125.65.102: Packets: Sent = 2,

Received = 2, Lost = 0 (0% loss),Approximate round trip times in

milli-seconds: Minimum = 31ms, Maximum = 31ms, Average = 31msServer:

UnKnown
Address: [as expected]

Name: yahoo.com
Addresses: 72.30.38.140, 209.191.122.70, 98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from

98.139.183.24: bytes=32 time=71ms TTL=47Reply from 98.139.183.24: bytes=32

time=72ms TTL=47Ping statistics for 98.139.183.24: Packets: Sent = 2,

Received = 2, Lost = 0 (0% loss),Approximate round trip times in

milli-seconds: Minimum = 71ms, Maximum = 72ms, Average = 71msServer:

UnKnown
Address: [as expected]

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply

from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2:

Destination host unreachable.Ping statistics for 208.43.87.2: Packets:

Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in

milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging

127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms

TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for

127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0%

loss),Approximate round trip times in milli-seconds: Minimum = 0ms,

Maximum = 0ms, Average =

0ms=======================================================================

====
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0d 56

57 4b ba ...... Broadcom 440x 10/100 Integrated Controller - Packet

Scheduler Miniport
==========================================================================

=
==========================================================================

=
Active Routes:
Network Destination Netmask Gateway Interface

Metric
0.0.0.0 0.0.0.0 [as expected] [as expected]

20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1

1
169.254.0.0 255.255.0.0 [as expected] [as expected]

20
[as expected] 255.255.255.0 [as expected] [as expected]

20
[as expected] 255.255.255.255 127.0.0.1 127.0.0.1

20
[as expected] 255.255.255.255 [as expected] [as expected]

20
224.0.0.0 240.0.0.0 [as expected] [as expected]

20
255.255.255.255 255.255.255.255 [as expected] [as expected]

1
Default Gateway: [as expected]
==========================================================================

=
Persistent Routes:
None
========================= Winsock entries

=====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft

Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft

Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft

Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft

Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft

Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft

Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft

Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft

Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft

Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft

Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft

Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft

Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft

Corporation)

========================= Event log errors:

===============================

Application errors:
==================
Error: (04/12/2012 10:12:52 PM) (Source: Application Error) (User: )
Description: Fault bucket -1646705725.
The Wep key exchange did not result in a secure connection setup after

802.1x authentication. The current setting has been marked as failed and

the Wireless connection will be disconnected.

Error: (04/12/2012 10:12:18 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702,

faulting module unknown, version 0.0.0.0, fault address 0x02d65ee0.
Processing media-specific event for [iexplore.exe!ws!]

Error: (04/12/2012 08:08:36 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search,

P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security

essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9

mptelemetry0, P10 mptelemetry1.

Error: (04/11/2012 10:06:04 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80240022, P2

processdownloadresults, P3 download, P4 3.0.8402.0, P5 mpsigdwn.dll, P6

3.0.8402.0, P7 microsoft security essentials

(edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10

mptelemetry1.

Error: (04/11/2012 08:48:51 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8007043c, P2 beginsearch, P3

search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft

security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9

mptelemetry0, P10 mptelemetry1.

Error: (04/11/2012 09:30:57 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search,

P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security

essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9

mptelemetry0, P10 mptelemetry1.

Error: (04/11/2012 09:30:01 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 118673750

Error: (04/11/2012 09:30:01 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 118673750

Error: (04/11/2012 09:30:01 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a

second

Error: (04/11/2012 09:29:45 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 118658109


System errors:
=============
Error: (04/12/2012 08:08:35 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update

signatures.

New Signature Version:

Previous Signature Version: 1.123.1306.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (04/12/2012 07:59:21 AM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following

error:
%%2

Error: (04/11/2012 10:41:46 PM) (Source: Service Control Manager) (User: )
Description: The iWinTrusted service terminated unexpectedly. It has done

this 1 time(s).

Error: (04/11/2012 10:41:25 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It

has done this 1 time(s). The following corrective action will be taken in

60000 milliseconds: Restart the service.

Error: (04/11/2012 10:40:49 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly. It has

done this 1 time(s).

Error: (04/11/2012 10:06:03 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update

signatures.

New Signature Version:

Previous Signature Version: 1.123.1306.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (04/11/2012 10:06:03 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update

signatures.

New Signature Version:

Previous Signature Version: 1.123.1306.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (04/11/2012 09:57:07 PM) (Source: DCOM) (User: BnJ)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not

register with DCOM within the required timeout.

Error: (04/11/2012 09:55:57 PM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following

error:
%%2

Error: (04/11/2012 08:56:47 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service

EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (04/12/2012 10:12:52 PM) (Source: Application Error)(User: )
Description: -1646705725

Error: (04/12/2012 10:12:18 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.002d65ee0

Error: (04/12/2012 08:08:36 AM) (Source: MPSampleSubmission)(User: )
Description:

mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsof

t security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (04/11/2012 10:06:04 PM) (Source: MPSampleSubmission)(User: )
Description:

mptelemetry80240022processdownloadresultsdownload3.0.8402.0mpsigdwn.dll3.0

.8402.0microsoft security essentials

(edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (04/11/2012 08:48:51 PM) (Source: MPSampleSubmission)(User: )
Description:

mptelemetry8007043cbeginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0micros

oft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (04/11/2012 09:30:57 AM) (Source: MPSampleSubmission)(User: )
Description:

mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsof

t security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (04/11/2012 09:30:01 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 118673750

Error: (04/11/2012 09:30:01 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 118673750

Error: (04/11/2012 09:30:01 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a

second

Error: (04/11/2012 09:29:45 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 118658109


=========================== Installed Programs

============================

32 Bit HP CIO Components Installer (Version: 1.0.0)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Flash Player 10 Plugin (Version: 10.1.85.3)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader 9.5.0 (Version: 9.5.0)
Amazon MP3 Downloader 1.0.9
Any Video Converter 3.3.1
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.1.116)
Apple Software Update (Version: 2.1.3.127)
ArcSoft MediaImpression for Kodak (Version: 2.0.24.1127)
Audacity 1.3.13 (Unicode)
BCM V.92 56K Modem
Bonjour (Version: 3.0.0.10)
BookSmart® 2.9.3 2.9.3
BrettspielWelt
Broadcom 440x 10/100 Integrated Controller (Version: 3.29)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 5.0.0.0)
CutePDF Writer 2.8
DAEMON Tools (Version: 3.47.0)
DJ_AIO_03_F2200_Software_Min (Version: 100.0.239.000)
ESET Online Scanner v3
Garmin Lifetime Updater (Version: 2.1.7)
HP Deskjet F2200 All-In-One Driver 10.0 Rel .3 (Version: 10.0)
Intel® Extreme Graphics Driver
iTunes (Version: 10.5.0.142)
iWin Games (remove only)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
LightScribe 1.4.136.1 (Version: 1.4.136.1)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Halo
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2000 Standard (Version: 9.00.2720)
Microsoft Office Access 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft VM for Java
Microsoft Web Publishing Wizard 1.52
Microsoft WinUsb 2.0
Mozilla Firefox (3.6.28) (Version: 3.6.28 (en-US))
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.0.2)
NVIDIA Control Panel 285.58 (Version: 285.58)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Graphics Driver 285.58 (Version: 285.58)
NVIDIA Install Application (Version: 2.1002.46.235)
NVIDIA nView 135.95 (Version: 135.95)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585)
NVIDIA Update 1.5.20 (Version: 1.5.20)
NVIDIA Update Components (Version: 1.5.20)
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Paper Jamz Pro 1.8.0 (Version: 1.8.0)
Philips PC Camera (Version: 1.0.4.1)
Photo Story 3 for Windows (Version: 3.0.1115.11)
Picasa 3 (Version: 3.8)
Picture Control Utility (Version: 1.0.3)
Pogoplug (Version: 2.5.5)
QuickTime (Version: 7.71.80.42)
Risk® (Version: 32.0.0.0)
Roxio Creator 9 XE (Version: 9.0.599)
Roxio Drag-to-Disc (Version: 9.05)
Roxio Update Manager (Version: 6.0.0)
Samsung ML-2510 Series
Scan (Version: 10.1.0.0)
Shockwave
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.5 (Version: 5.5.124)
SoundMAX (Version: 5.12.01.5246)
The Print Shop 20 (Version: 20.00.0000)
Toolbox (Version: 100.0.170.000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
ViewNX (Version: 1.0.3)
VLC media player 1.1.7 (Version: 1.1.7)
Walmart MP3 Music Downloads (Version: 1.6.4.4)
WebFldrs XP (Version: 9.50.6513)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

(Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 2046 MB
Available physical RAM: 1110.46 MB
Total Pagefile: 3432.28 MB
Available Pagefile: 2750.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.46 MB

========================= Partitions:

=====================================

2 Drive c: (Local Disk) (Fixed) (Total:38.28 GB) (Free:2.11 GB) NTFS
4 Drive e: (Local Drive) (Fixed) (Total:111.79 GB) (Free:30.04 GB) NTFS
5 Drive f: (Backup) (Fixed) (Total:232.88 GB) (Free:157.03 GB) NTFS
6 Drive g: (Photos) (Fixed) (Total:232.88 GB) (Free:125.5 GB) NTFS
7 Drive h: (HALO) (CDROM) (Total:0.61 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\BJP1

Administrator ASPNET BnJ
Guest HelpAssistant SUPPORT_388945a0
UpdatusUser VUSR_BJP1


**** End of log ****

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:25 PM

Posted 13 April 2012 - 08:16 AM

That looks good

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp


Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#13 svchostSkeptic

svchostSkeptic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 14 April 2012 - 03:22 PM

I'm very appreciative for you guidance! Does anyone know where I might be able to learn about what the malware may have been doing while it was running? I find that the developers of the various anti-malware software call the same threats by different names, and I've been unable to find any source that cross-references them, or provides in-depth explanations of their behaviors. Again, many thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users