Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect to unwanted websites


  • This topic is locked This topic is locked
6 replies to this topic

#1 BAC NGUYEN

BAC NGUYEN

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 29 April 2012 - 11:31 PM

Hi there, I have a recurring issue with IE browsing in my computer. When I click a link or web address, my Malware -antimalware often pops up a message saying preventing an outgoing to malicious websites ; it showed the ip addresses of malicious sites that it blocks. Interested is an registry that my Easy Cleaner software cannot delete. My computer runs on Window XP S3 with all latest updates. Antivirus software is Microsoft Essential Security. Recent scans showed some trojan virus removals.

Please advise me next steps to solve this.

Thank you a lot.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:25 PM

Posted 29 April 2012 - 11:55 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 BAC NGUYEN

BAC NGUYEN
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 01 May 2012 - 10:43 AM

Hi,

Attached are the scan logs.

22:28:55.0578 0564 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
22:28:57.0031 0564 ============================================================
22:28:57.0031 0564 Current date / time: 2012/04/30 22:28:57.0031
22:28:57.0031 0564 SystemInfo:
22:28:57.0031 0564
22:28:57.0031 0564 OS Version: 5.1.2600 ServicePack: 3.0
22:28:57.0031 0564 Product type: Workstation
22:28:57.0031 0564 ComputerName: DELL04161
22:28:57.0031 0564 UserName: user
22:28:57.0031 0564 Windows directory: C:\WINDOWS
22:28:57.0031 0564 System windows directory: C:\WINDOWS
22:28:57.0031 0564 Processor architecture: Intel x86
22:28:57.0031 0564 Number of processors: 2
22:28:57.0031 0564 Page size: 0x1000
22:28:57.0031 0564 Boot type: Safe boot with network
22:28:57.0031 0564 ============================================================
22:28:59.0000 0564 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:28:59.0000 0564 ============================================================
22:28:59.0000 0564 \Device\Harddisk0\DR0:
22:28:59.0000 0564 MBR partitions:
22:28:59.0000 0564 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A050BD
22:28:59.0000 0564 ============================================================
22:28:59.0125 0564 C: <-> \Device\Harddisk0\DR0\Partition0
22:28:59.0125 0564 ============================================================
22:28:59.0125 0564 Initialize success
22:28:59.0125 0564 ============================================================
22:29:28.0062 0716 ============================================================
22:29:28.0062 0716 Scan started
22:29:28.0062 0716 Mode: Manual; TDLFS;
22:29:28.0062 0716 ============================================================
22:29:29.0000 0716 Abiosdsk - ok
22:29:29.0015 0716 abp480n5 - ok
22:29:29.0078 0716 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:29:29.0078 0716 ACPI - ok
22:29:29.0109 0716 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:29:29.0109 0716 ACPIEC - ok
22:29:29.0187 0716 ADIHdAudAddService (62afc64108bbdb8d3ca32aad559e5af1) C:\WINDOWS\system32\drivers\ADIHdAud.sys
22:29:29.0187 0716 ADIHdAudAddService - ok
22:29:29.0343 0716 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:29:29.0343 0716 AdobeFlashPlayerUpdateSvc - ok
22:29:29.0359 0716 adpu160m - ok
22:29:29.0406 0716 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:29:29.0406 0716 aec - ok
22:29:29.0453 0716 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:29:29.0468 0716 AegisP - ok
22:29:29.0515 0716 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:29:29.0515 0716 AFD - ok
22:29:29.0515 0716 Aha154x - ok
22:29:29.0546 0716 aic78u2 - ok
22:29:29.0578 0716 aic78xx - ok
22:29:29.0609 0716 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:29:29.0609 0716 Alerter - ok
22:29:29.0640 0716 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:29:29.0640 0716 ALG - ok
22:29:29.0656 0716 AliIde - ok
22:29:29.0671 0716 amsint - ok
22:29:29.0812 0716 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:29:29.0828 0716 Apple Mobile Device - ok
22:29:29.0859 0716 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:29:29.0859 0716 AppMgmt - ok
22:29:29.0875 0716 asc - ok
22:29:29.0890 0716 asc3350p - ok
22:29:29.0906 0716 asc3550 - ok
22:29:30.0078 0716 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:29:30.0093 0716 aspnet_state - ok
22:29:30.0109 0716 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:29:30.0109 0716 AsyncMac - ok
22:29:30.0140 0716 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:29:30.0140 0716 atapi - ok
22:29:30.0156 0716 Atdisk - ok
22:29:30.0218 0716 Ati HotKey Poller (1635a809b90eac3c0a844249e9a35856) C:\WINDOWS\system32\Ati2evxx.exe
22:29:30.0234 0716 Ati HotKey Poller - ok
22:29:30.0296 0716 ATI Smart (d4c5e0dfa6ff08d8f6bd3357819e5174) C:\WINDOWS\system32\ati2sgag.exe
22:29:30.0296 0716 ATI Smart - ok
22:29:30.0468 0716 ati2mtag (7452ab1a89f43785d20a10066bc3b73a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:29:30.0500 0716 ati2mtag - ok
22:29:30.0625 0716 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:29:30.0625 0716 Atmarpc - ok
22:29:30.0656 0716 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:29:30.0656 0716 AudioSrv - ok
22:29:30.0687 0716 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:29:30.0687 0716 audstub - ok
22:29:30.0734 0716 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:29:30.0734 0716 b57w2k - ok
22:29:30.0781 0716 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:29:30.0781 0716 Beep - ok
22:29:30.0843 0716 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:29:30.0937 0716 BITS - ok
22:29:31.0015 0716 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:29:31.0015 0716 Bonjour Service - ok
22:29:31.0078 0716 Brother XP spl Service (cac61bdd786a6928989451871fbcedb8) C:\WINDOWS\system32\brsvc01a.exe
22:29:31.0078 0716 Brother XP spl Service - ok
22:29:31.0109 0716 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:29:31.0109 0716 Browser - ok
22:29:31.0156 0716 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
22:29:31.0156 0716 BrPar - ok
22:29:31.0187 0716 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:29:31.0187 0716 cbidf2k - ok
22:29:31.0218 0716 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:29:31.0218 0716 CCDECODE - ok
22:29:31.0234 0716 cd20xrnt - ok
22:29:31.0281 0716 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:29:31.0281 0716 Cdaudio - ok
22:29:31.0328 0716 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:29:31.0328 0716 Cdfs - ok
22:29:31.0359 0716 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:29:31.0375 0716 Cdrom - ok
22:29:31.0375 0716 cerc6 - ok
22:29:31.0406 0716 Changer - ok
22:29:31.0437 0716 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:29:31.0437 0716 CiSvc - ok
22:29:31.0468 0716 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:29:31.0468 0716 ClipSrv - ok
22:29:31.0593 0716 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:29:31.0593 0716 clr_optimization_v2.0.50727_32 - ok
22:29:31.0656 0716 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:29:31.0656 0716 clr_optimization_v4.0.30319_32 - ok
22:29:31.0671 0716 CmdIde - ok
22:29:31.0687 0716 COMSysApp - ok
22:29:31.0734 0716 Cpqarray - ok
22:29:31.0781 0716 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:29:31.0781 0716 CryptSvc - ok
22:29:31.0796 0716 dac2w2k - ok
22:29:31.0812 0716 dac960nt - ok
22:29:31.0890 0716 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:29:31.0890 0716 DcomLaunch - ok
22:29:31.0906 0716 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:29:31.0906 0716 Dhcp - ok
22:29:31.0953 0716 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:29:31.0953 0716 Disk - ok
22:29:31.0968 0716 dmadmin - ok
22:29:32.0031 0716 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:29:32.0031 0716 dmboot - ok
22:29:32.0046 0716 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:29:32.0046 0716 dmio - ok
22:29:32.0062 0716 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:29:32.0062 0716 dmload - ok
22:29:32.0109 0716 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:29:32.0109 0716 dmserver - ok
22:29:32.0140 0716 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:29:32.0140 0716 DMusic - ok
22:29:32.0187 0716 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:29:32.0187 0716 Dnscache - ok
22:29:32.0234 0716 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:29:32.0234 0716 Dot3svc - ok
22:29:32.0234 0716 dpti2o - ok
22:29:32.0265 0716 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:29:32.0265 0716 drmkaud - ok
22:29:32.0296 0716 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:29:32.0296 0716 EapHost - ok
22:29:32.0312 0716 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:29:32.0312 0716 ERSvc - ok
22:29:32.0359 0716 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:29:32.0390 0716 Eventlog - ok
22:29:32.0421 0716 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:29:32.0421 0716 EventSystem - ok
22:29:32.0468 0716 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:29:32.0484 0716 Fastfat - ok
22:29:32.0531 0716 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:29:32.0531 0716 FastUserSwitchingCompatibility - ok
22:29:32.0562 0716 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:29:32.0562 0716 Fdc - ok
22:29:32.0593 0716 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:29:32.0593 0716 Fips - ok
22:29:32.0640 0716 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:29:32.0640 0716 Flpydisk - ok
22:29:32.0656 0716 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:29:32.0656 0716 FltMgr - ok
22:29:32.0765 0716 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:29:32.0765 0716 FontCache3.0.0.0 - ok
22:29:32.0937 0716 FreeAgentGoNext Service (c0504d5561d4e3872bcba47531e2763b) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
22:29:32.0937 0716 FreeAgentGoNext Service - ok
22:29:32.0984 0716 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:29:32.0984 0716 Fs_Rec - ok
22:29:33.0000 0716 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:29:33.0000 0716 Ftdisk - ok
22:29:33.0046 0716 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:29:33.0046 0716 GEARAspiWDM - ok
22:29:33.0078 0716 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:29:33.0078 0716 Gpc - ok
22:29:33.0125 0716 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:29:33.0125 0716 HDAudBus - ok
22:29:33.0171 0716 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:29:33.0171 0716 helpsvc - ok
22:29:33.0203 0716 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:29:33.0203 0716 HidServ - ok
22:29:33.0250 0716 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:29:33.0250 0716 hidusb - ok
22:29:33.0281 0716 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:29:33.0281 0716 hkmsvc - ok
22:29:33.0296 0716 hpn - ok
22:29:33.0359 0716 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:29:33.0359 0716 HTTP - ok
22:29:33.0390 0716 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:29:33.0406 0716 HTTPFilter - ok
22:29:33.0406 0716 i2omgmt - ok
22:29:33.0437 0716 i2omp - ok
22:29:33.0453 0716 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
22:29:33.0468 0716 i8042prt - ok
22:29:33.0687 0716 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:29:33.0812 0716 ialm - ok
22:29:34.0000 0716 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:29:34.0015 0716 idsvc - ok
22:29:34.0078 0716 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:29:34.0078 0716 Imapi - ok
22:29:34.0140 0716 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:29:34.0140 0716 ImapiService - ok
22:29:34.0156 0716 ini910u - ok
22:29:34.0187 0716 IntelIde - ok
22:29:34.0234 0716 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:29:34.0234 0716 intelppm - ok
22:29:34.0359 0716 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
22:29:34.0375 0716 IntuitUpdateService - ok
22:29:34.0406 0716 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
22:29:34.0421 0716 IntuitUpdateServiceV4 - ok
22:29:34.0453 0716 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:29:34.0453 0716 Ip6Fw - ok
22:29:34.0484 0716 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:29:34.0484 0716 IpFilterDriver - ok
22:29:34.0500 0716 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:29:34.0500 0716 IpInIp - ok
22:29:34.0546 0716 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:29:34.0546 0716 IpNat - ok
22:29:34.0609 0716 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
22:29:34.0625 0716 iPod Service - ok
22:29:34.0671 0716 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:29:34.0671 0716 IPSec - ok
22:29:34.0703 0716 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:29:34.0703 0716 IRENUM - ok
22:29:34.0750 0716 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:29:34.0750 0716 isapnp - ok
22:29:34.0843 0716 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
22:29:34.0843 0716 JavaQuickStarterService - ok
22:29:34.0859 0716 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:29:34.0859 0716 Kbdclass - ok
22:29:34.0875 0716 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:29:34.0875 0716 kbdhid - ok
22:29:34.0937 0716 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:29:34.0937 0716 kmixer - ok
22:29:34.0968 0716 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:29:34.0968 0716 KSecDD - ok
22:29:35.0000 0716 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:29:35.0015 0716 LanmanServer - ok
22:29:35.0046 0716 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:29:35.0062 0716 lanmanworkstation - ok
22:29:35.0062 0716 lbrtfdc - ok
22:29:35.0140 0716 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:29:35.0140 0716 LmHosts - ok
22:29:35.0203 0716 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
22:29:35.0203 0716 MBAMProtector - ok
22:29:35.0281 0716 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:29:35.0281 0716 MBAMService - ok
22:29:35.0312 0716 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:29:35.0312 0716 Messenger - ok
22:29:35.0343 0716 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:29:35.0343 0716 mnmdd - ok
22:29:35.0375 0716 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:29:35.0375 0716 mnmsrvc - ok
22:29:35.0406 0716 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:29:35.0406 0716 Modem - ok
22:29:35.0437 0716 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:29:35.0437 0716 Mouclass - ok
22:29:35.0453 0716 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:29:35.0453 0716 mouhid - ok
22:29:35.0484 0716 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:29:35.0484 0716 MountMgr - ok
22:29:35.0515 0716 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:29:35.0515 0716 MpFilter - ok
22:29:35.0531 0716 mraid35x - ok
22:29:35.0578 0716 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:29:35.0578 0716 MRxDAV - ok
22:29:35.0640 0716 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:29:35.0640 0716 MRxSmb - ok
22:29:35.0671 0716 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:29:35.0687 0716 MSDTC - ok
22:29:35.0718 0716 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:29:35.0718 0716 Msfs - ok
22:29:35.0734 0716 MSIServer - ok
22:29:35.0796 0716 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:29:35.0796 0716 MSKSSRV - ok
22:29:35.0937 0716 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
22:29:35.0937 0716 MsMpSvc - ok
22:29:35.0937 0716 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:29:35.0937 0716 MSPCLOCK - ok
22:29:35.0968 0716 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:29:35.0968 0716 MSPQM - ok
22:29:36.0031 0716 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:29:36.0031 0716 mssmbios - ok
22:29:36.0078 0716 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:29:36.0078 0716 MSTEE - ok
22:29:36.0109 0716 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:29:36.0125 0716 Mup - ok
22:29:36.0156 0716 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:29:36.0156 0716 NABTSFEC - ok
22:29:36.0218 0716 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:29:36.0218 0716 napagent - ok
22:29:36.0250 0716 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:29:36.0265 0716 NDIS - ok
22:29:36.0281 0716 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:29:36.0281 0716 NdisIP - ok
22:29:36.0328 0716 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:29:36.0328 0716 NdisTapi - ok
22:29:36.0375 0716 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:29:36.0375 0716 Ndisuio - ok
22:29:36.0390 0716 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:29:36.0390 0716 NdisWan - ok
22:29:36.0421 0716 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:29:36.0421 0716 NDProxy - ok
22:29:36.0453 0716 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:29:36.0453 0716 NetBIOS - ok
22:29:36.0468 0716 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:29:36.0468 0716 NetBT - ok
22:29:36.0500 0716 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:29:36.0500 0716 NetDDE - ok
22:29:36.0515 0716 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:29:36.0515 0716 NetDDEdsdm - ok
22:29:36.0562 0716 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:29:36.0562 0716 Netlogon - ok
22:29:36.0578 0716 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:29:36.0578 0716 Netman - ok
22:29:36.0671 0716 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:29:36.0687 0716 NetTcpPortSharing - ok
22:29:36.0843 0716 NGCLIENT (f385d460376e92d65aa22240aa57a95a) C:\Program Files\Symantec\Ghost\ngctw32.exe
22:29:36.0859 0716 NGCLIENT - ok
22:29:36.0890 0716 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:29:36.0906 0716 Nla - ok
22:29:36.0953 0716 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
22:29:36.0953 0716 NPF - ok
22:29:36.0984 0716 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:29:36.0984 0716 Npfs - ok
22:29:37.0046 0716 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:29:37.0078 0716 Ntfs - ok
22:29:37.0109 0716 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:29:37.0109 0716 NtLmSsp - ok
22:29:37.0140 0716 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:29:37.0156 0716 NtmsSvc - ok
22:29:37.0187 0716 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:29:37.0187 0716 Null - ok
22:29:37.0250 0716 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:29:37.0250 0716 NwlnkFlt - ok
22:29:37.0250 0716 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:29:37.0265 0716 NwlnkFwd - ok
22:29:37.0312 0716 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:29:37.0312 0716 Parport - ok
22:29:37.0328 0716 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:29:37.0328 0716 PartMgr - ok
22:29:37.0359 0716 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:29:37.0359 0716 ParVdm - ok
22:29:37.0375 0716 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:29:37.0375 0716 PCI - ok
22:29:37.0390 0716 PCIDump - ok
22:29:37.0406 0716 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:29:37.0406 0716 PCIIde - ok
22:29:37.0468 0716 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:29:37.0468 0716 Pcmcia - ok
22:29:37.0484 0716 PDCOMP - ok
22:29:37.0500 0716 PDFRAME - ok
22:29:37.0515 0716 PDRELI - ok
22:29:37.0546 0716 PDRFRAME - ok
22:29:37.0546 0716 perc2 - ok
22:29:37.0578 0716 perc2hib - ok
22:29:37.0656 0716 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:29:37.0656 0716 PlugPlay - ok
22:29:37.0671 0716 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:29:37.0671 0716 PolicyAgent - ok
22:29:37.0703 0716 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:29:37.0703 0716 PptpMiniport - ok
22:29:37.0718 0716 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:29:37.0718 0716 ProtectedStorage - ok
22:29:37.0734 0716 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:29:37.0734 0716 PSched - ok
22:29:37.0750 0716 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:29:37.0750 0716 Ptilink - ok
22:29:37.0812 0716 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:29:37.0812 0716 PxHelp20 - ok
22:29:37.0828 0716 ql1080 - ok
22:29:37.0843 0716 Ql10wnt - ok
22:29:37.0875 0716 ql12160 - ok
22:29:37.0890 0716 ql1240 - ok
22:29:37.0906 0716 ql1280 - ok
22:29:37.0953 0716 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:29:37.0968 0716 RasAcd - ok
22:29:38.0000 0716 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:29:38.0015 0716 RasAuto - ok
22:29:38.0015 0716 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:29:38.0031 0716 Rasl2tp - ok
22:29:38.0062 0716 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:29:38.0062 0716 RasMan - ok
22:29:38.0109 0716 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:29:38.0109 0716 RasPppoe - ok
22:29:38.0125 0716 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:29:38.0125 0716 Raspti - ok
22:29:38.0171 0716 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:29:38.0171 0716 Rdbss - ok
22:29:38.0187 0716 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:29:38.0187 0716 RDPCDD - ok
22:29:38.0250 0716 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:29:38.0250 0716 rdpdr - ok
22:29:38.0296 0716 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:29:38.0296 0716 RDPWD - ok
22:29:38.0343 0716 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:29:38.0343 0716 RDSessMgr - ok
22:29:38.0375 0716 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:29:38.0375 0716 redbook - ok
22:29:38.0406 0716 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:29:38.0406 0716 RemoteAccess - ok
22:29:38.0453 0716 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:29:38.0453 0716 RemoteRegistry - ok
22:29:38.0484 0716 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:29:38.0484 0716 RpcLocator - ok
22:29:38.0531 0716 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:29:38.0531 0716 RpcSs - ok
22:29:38.0562 0716 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:29:38.0562 0716 RSVP - ok
22:29:38.0593 0716 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
22:29:38.0593 0716 RT73 - ok
22:29:38.0640 0716 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:29:38.0640 0716 SamSs - ok
22:29:38.0687 0716 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:29:38.0687 0716 SCardSvr - ok
22:29:38.0718 0716 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:29:38.0718 0716 Schedule - ok
22:29:38.0765 0716 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:29:38.0765 0716 Secdrv - ok
22:29:38.0796 0716 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:29:38.0796 0716 seclogon - ok
22:29:38.0859 0716 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
22:29:38.0859 0716 SenFiltService - ok
22:29:38.0875 0716 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:29:38.0875 0716 SENS - ok
22:29:38.0921 0716 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:29:38.0921 0716 serenum - ok
22:29:38.0937 0716 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:29:38.0937 0716 Serial - ok
22:29:39.0015 0716 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:29:39.0015 0716 Sfloppy - ok
22:29:39.0078 0716 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:29:39.0078 0716 SharedAccess - ok
22:29:39.0125 0716 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:29:39.0125 0716 ShellHWDetection - ok
22:29:39.0140 0716 Simbad - ok
22:29:39.0218 0716 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:29:39.0218 0716 SLIP - ok
22:29:39.0296 0716 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
22:29:39.0296 0716 sonypvs1 - ok
22:29:39.0359 0716 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:29:39.0359 0716 SONYPVU1 - ok
22:29:39.0375 0716 Sparrow - ok
22:29:39.0421 0716 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:29:39.0421 0716 splitter - ok
22:29:39.0468 0716 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:29:39.0468 0716 Spooler - ok
22:29:39.0515 0716 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:29:39.0515 0716 sr - ok
22:29:39.0531 0716 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:29:39.0531 0716 srservice - ok
22:29:39.0562 0716 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:29:39.0578 0716 Srv - ok
22:29:39.0593 0716 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:29:39.0593 0716 SSDPSRV - ok
22:29:39.0640 0716 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:29:39.0640 0716 stisvc - ok
22:29:39.0687 0716 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:29:39.0687 0716 streamip - ok
22:29:39.0734 0716 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:29:39.0734 0716 swenum - ok
22:29:39.0781 0716 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:29:39.0781 0716 swmidi - ok
22:29:39.0781 0716 SwPrv - ok
22:29:39.0812 0716 symc810 - ok
22:29:39.0828 0716 symc8xx - ok
22:29:39.0843 0716 sym_hi - ok
22:29:39.0875 0716 sym_u3 - ok
22:29:39.0906 0716 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:29:39.0906 0716 sysaudio - ok
22:29:39.0921 0716 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:29:39.0937 0716 SysmonLog - ok
22:29:39.0968 0716 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:29:39.0968 0716 TapiSrv - ok
22:29:40.0015 0716 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:29:40.0031 0716 Tcpip - ok
22:29:40.0062 0716 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:29:40.0062 0716 TDPIPE - ok
22:29:40.0078 0716 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:29:40.0078 0716 TDTCP - ok
22:29:40.0125 0716 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:29:40.0125 0716 TermDD - ok
22:29:40.0156 0716 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:29:40.0156 0716 TermService - ok
22:29:40.0203 0716 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:29:40.0203 0716 Themes - ok
22:29:40.0234 0716 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
22:29:40.0250 0716 TlntSvr - ok
22:29:40.0250 0716 TosIde - ok
22:29:40.0281 0716 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:29:40.0281 0716 TrkWks - ok
22:29:40.0312 0716 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:29:40.0312 0716 Udfs - ok
22:29:40.0343 0716 ultra - ok
22:29:40.0406 0716 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:29:40.0421 0716 Update - ok
22:29:40.0546 0716 Updater Service for StartNow Toolbar (70eb41a4417ba0aa36ae12bf2b4d98f6) C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
22:29:40.0546 0716 Updater Service for StartNow Toolbar - ok
22:29:40.0593 0716 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:29:40.0593 0716 upnphost - ok
22:29:40.0625 0716 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:29:40.0625 0716 UPS - ok
22:29:40.0687 0716 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:29:40.0687 0716 usbaudio - ok
22:29:40.0718 0716 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:29:40.0718 0716 usbccgp - ok
22:29:40.0750 0716 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:29:40.0765 0716 usbehci - ok
22:29:40.0781 0716 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:29:40.0781 0716 usbhub - ok
22:29:40.0812 0716 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:29:40.0828 0716 usbprint - ok
22:29:40.0859 0716 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:29:40.0859 0716 usbscan - ok
22:29:40.0921 0716 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:29:40.0921 0716 USBSTOR - ok
22:29:40.0937 0716 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:29:40.0937 0716 usbuhci - ok
22:29:40.0968 0716 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:29:40.0968 0716 VgaSave - ok
22:29:40.0984 0716 ViaIde - ok
22:29:41.0031 0716 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:29:41.0031 0716 VolSnap - ok
22:29:41.0078 0716 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:29:41.0078 0716 VSS - ok
22:29:41.0109 0716 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:29:41.0125 0716 W32Time - ok
22:29:41.0140 0716 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:29:41.0140 0716 Wanarp - ok
22:29:41.0156 0716 WDICA - ok
22:29:41.0203 0716 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:29:41.0203 0716 wdmaud - ok
22:29:41.0250 0716 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:29:41.0250 0716 WebClient - ok
22:29:41.0359 0716 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:29:41.0359 0716 winmgmt - ok
22:29:41.0406 0716 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:29:41.0421 0716 WmdmPmSN - ok
22:29:41.0468 0716 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:29:41.0484 0716 Wmi - ok
22:29:41.0515 0716 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:29:41.0515 0716 WmiApSrv - ok
22:29:41.0687 0716 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:29:41.0703 0716 WMPNetworkSvc - ok
22:29:41.0890 0716 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:29:41.0906 0716 WPFFontCache_v0400 - ok
22:29:41.0937 0716 WSearch - ok
22:29:42.0000 0716 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:29:42.0000 0716 WSTCODEC - ok
22:29:42.0031 0716 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:29:42.0062 0716 wuauserv - ok
22:29:42.0078 0716 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:29:42.0078 0716 WudfPf - ok
22:29:42.0093 0716 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:29:42.0093 0716 WudfRd - ok
22:29:42.0156 0716 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:29:42.0156 0716 WudfSvc - ok
22:29:42.0234 0716 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:29:42.0250 0716 WZCSVC - ok
22:29:42.0281 0716 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:29:42.0312 0716 xmlprov - ok
22:29:42.0484 0716 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:29:42.0500 0716 YahooAUService - ok
22:29:42.0562 0716 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:29:42.0765 0716 \Device\Harddisk0\DR0 - ok
22:29:42.0765 0716 Boot (0x1200) (c9b4a85212c78cff21c29fb18edcf839) \Device\Harddisk0\DR0\Partition0
22:29:42.0765 0716 \Device\Harddisk0\DR0\Partition0 - ok
22:29:42.0781 0716 ============================================================
22:29:42.0781 0716 Scan finished
22:29:42.0781 0716 ============================================================
22:29:42.0812 0708 Detected object count: 0
22:29:42.0812 0708 Actual detected object count: 0
22:30:04.0015 0892 Deinitialize success

Gmer log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-30 23:33:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDS721616PLA380 rev.P22OAB3A
Running: 26yj1y32.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\fgtdrpod.sys


---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB30106$\1082144026 0 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\bckfg.tmp 851 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\cfg.ini 207 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\keywords 0 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\L 0 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\L\bvwbrney 138496 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U 0 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U\80000032.@ 98304 bytes
File C:\WINDOWS\$NtUninstallKB30106$\2398012239 0 bytes

---- EOF - GMER 1.0.15 ----
and Avast log
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-30 23:34:59
-----------------------------
23:34:59.453 OS Version: Windows 5.1.2600 Service Pack 3
23:34:59.453 Number of processors: 2 586 0x605
23:34:59.453 ComputerName: DELL04161 UserName: user
23:34:59.890 Initialize success
23:42:09.500 AVAST engine defs: 12043001
23:42:22.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:42:22.828 Disk 0 Vendor: Hitachi_HDS721616PLA380 P22OAB3A Size: 152587MB BusType: 3
23:42:22.859 Disk 0 MBR read successfully
23:42:22.875 Disk 0 MBR scan
23:42:22.890 Disk 0 Windows XP default MBR code
23:42:22.937 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152586 MB offset 63
23:42:22.968 Disk 0 scanning sectors +312496380
23:42:23.234 Disk 0 scanning C:\WINDOWS\system32\drivers
23:42:49.562 Service scanning
23:43:07.046 Modules scanning
23:43:47.296 Disk 0 trace - called modules:
23:43:47.375 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
23:43:47.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89c15ab8]
23:43:47.421 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89bbfd98]
23:43:47.953 AVAST engine scan C:\WINDOWS
23:44:26.500 AVAST engine scan C:\WINDOWS\system32
23:54:24.593 AVAST engine scan C:\WINDOWS\system32\drivers
23:55:23.203 AVAST engine scan C:\Documents and Settings\user
00:02:58.312 AVAST engine scan C:\Documents and Settings\All Users
00:08:47.562 Scan finished successfully
00:09:29.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
00:09:29.687 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:25 PM

Posted 01 May 2012 - 12:33 PM

Download

Fix zero access

launch it,allow it to restart the PC,let me know if it finds infections in reboot

Run TDSSkiller and GMER once again and post the new logs

good luck

#5 BAC NGUYEN

BAC NGUYEN
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 02 May 2012 - 01:20 AM

Hi there,

I ran Fix zero. No infection was found after completion of scan.

Here are the latest logs

20:50:35.0281 2716 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
20:50:35.0859 2716 ============================================================
20:50:35.0859 2716 Current date / time: 2012/05/01 20:50:35.0859
20:50:35.0859 2716 SystemInfo:
20:50:35.0859 2716
20:50:35.0859 2716 OS Version: 5.1.2600 ServicePack: 3.0
20:50:35.0859 2716 Product type: Workstation
20:50:35.0859 2716 ComputerName: DELL04161
20:50:35.0859 2716 UserName: user
20:50:35.0859 2716 Windows directory: C:\WINDOWS
20:50:35.0859 2716 System windows directory: C:\WINDOWS
20:50:35.0859 2716 Processor architecture: Intel x86
20:50:35.0859 2716 Number of processors: 2
20:50:35.0859 2716 Page size: 0x1000
20:50:35.0859 2716 Boot type: Normal boot
20:50:35.0859 2716 ============================================================
20:50:41.0687 2716 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:50:41.0687 2716 ============================================================
20:50:41.0687 2716 \Device\Harddisk0\DR0:
20:50:41.0687 2716 MBR partitions:
20:50:41.0687 2716 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A050BD
20:50:41.0687 2716 ============================================================
20:50:41.0734 2716 C: <-> \Device\Harddisk0\DR0\Partition0
20:50:41.0734 2716 ============================================================
20:50:41.0734 2716 Initialize success
20:50:41.0734 2716 ============================================================
20:51:02.0656 3012 ============================================================
20:51:02.0656 3012 Scan started
20:51:02.0656 3012 Mode: Manual; TDLFS;
20:51:02.0656 3012 ============================================================
20:51:03.0093 3012 Abiosdsk - ok
20:51:03.0109 3012 abp480n5 - ok
20:51:03.0218 3012 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:51:03.0234 3012 ACPI - ok
20:51:03.0265 3012 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:51:03.0281 3012 ACPIEC - ok
20:51:03.0390 3012 ADIHdAudAddService (62afc64108bbdb8d3ca32aad559e5af1) C:\WINDOWS\system32\drivers\ADIHdAud.sys
20:51:03.0406 3012 ADIHdAudAddService - ok
20:51:03.0562 3012 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:51:03.0765 3012 AdobeFlashPlayerUpdateSvc - ok
20:51:03.0765 3012 adpu160m - ok
20:51:03.0828 3012 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:51:03.0843 3012 aec - ok
20:51:03.0890 3012 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:51:03.0906 3012 AegisP - ok
20:51:03.0984 3012 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:51:04.0046 3012 AFD - ok
20:51:04.0046 3012 Aha154x - ok
20:51:04.0046 3012 aic78u2 - ok
20:51:04.0062 3012 aic78xx - ok
20:51:04.0109 3012 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:51:04.0125 3012 Alerter - ok
20:51:04.0156 3012 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:51:04.0156 3012 ALG - ok
20:51:04.0156 3012 AliIde - ok
20:51:04.0171 3012 amsint - ok
20:51:04.0296 3012 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:51:04.0312 3012 Apple Mobile Device - ok
20:51:04.0375 3012 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:51:04.0484 3012 AppMgmt - ok
20:51:04.0484 3012 asc - ok
20:51:04.0484 3012 asc3350p - ok
20:51:04.0500 3012 asc3550 - ok
20:51:04.0609 3012 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:51:04.0640 3012 aspnet_state - ok
20:51:04.0671 3012 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:51:04.0687 3012 AsyncMac - ok
20:51:04.0750 3012 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:51:04.0750 3012 atapi - ok
20:51:04.0750 3012 Atdisk - ok
20:51:04.0984 3012 Ati HotKey Poller (1635a809b90eac3c0a844249e9a35856) C:\WINDOWS\system32\Ati2evxx.exe
20:51:04.0984 3012 Ati HotKey Poller - ok
20:51:05.0171 3012 ATI Smart (d4c5e0dfa6ff08d8f6bd3357819e5174) C:\WINDOWS\system32\ati2sgag.exe
20:51:06.0203 3012 ATI Smart - ok
20:51:07.0500 3012 ati2mtag (7452ab1a89f43785d20a10066bc3b73a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:51:07.0984 3012 ati2mtag - ok
20:51:08.0265 3012 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:51:08.0312 3012 Atmarpc - ok
20:51:08.0359 3012 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:51:08.0375 3012 AudioSrv - ok
20:51:08.0437 3012 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:51:08.0453 3012 audstub - ok
20:51:08.0546 3012 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:51:08.0593 3012 b57w2k - ok
20:51:08.0640 3012 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:51:08.0671 3012 Beep - ok
20:51:08.0843 3012 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:51:09.0000 3012 BITS - ok
20:51:09.0203 3012 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:51:09.0312 3012 Bonjour Service - ok
20:51:09.0375 3012 Brother XP spl Service (cac61bdd786a6928989451871fbcedb8) C:\WINDOWS\system32\brsvc01a.exe
20:51:09.0375 3012 Brother XP spl Service - ok
20:51:09.0453 3012 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:51:09.0453 3012 Browser - ok
20:51:09.0500 3012 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
20:51:09.0531 3012 BrPar - ok
20:51:09.0578 3012 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:51:09.0593 3012 cbidf2k - ok
20:51:09.0640 3012 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:51:09.0656 3012 CCDECODE - ok
20:51:09.0671 3012 cd20xrnt - ok
20:51:09.0703 3012 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:51:09.0750 3012 Cdaudio - ok
20:51:09.0796 3012 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:51:09.0843 3012 Cdfs - ok
20:51:09.0921 3012 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:51:09.0968 3012 Cdrom - ok
20:51:09.0968 3012 cerc6 - ok
20:51:09.0984 3012 Changer - ok
20:51:10.0000 3012 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:51:10.0031 3012 CiSvc - ok
20:51:10.0062 3012 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:51:10.0109 3012 ClipSrv - ok
20:51:10.0218 3012 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:51:10.0281 3012 clr_optimization_v2.0.50727_32 - ok
20:51:10.0375 3012 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:51:10.0437 3012 clr_optimization_v4.0.30319_32 - ok
20:51:10.0453 3012 CmdIde - ok
20:51:10.0453 3012 COMSysApp - ok
20:51:10.0453 3012 Cpqarray - ok
20:51:10.0515 3012 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:51:10.0515 3012 CryptSvc - ok
20:51:10.0515 3012 dac2w2k - ok
20:51:10.0515 3012 dac960nt - ok
20:51:10.0687 3012 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:51:10.0687 3012 DcomLaunch - ok
20:51:10.0750 3012 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:51:10.0750 3012 Dhcp - ok
20:51:10.0812 3012 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:51:10.0843 3012 Disk - ok
20:51:10.0843 3012 dmadmin - ok
20:51:11.0140 3012 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:51:11.0406 3012 dmboot - ok
20:51:11.0468 3012 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:51:11.0531 3012 dmio - ok
20:51:11.0562 3012 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:51:11.0578 3012 dmload - ok
20:51:11.0609 3012 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:51:11.0609 3012 dmserver - ok
20:51:11.0687 3012 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:51:11.0687 3012 DMusic - ok
20:51:11.0734 3012 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:51:11.0750 3012 Dnscache - ok
20:51:11.0828 3012 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:51:11.0890 3012 Dot3svc - ok
20:51:11.0906 3012 dpti2o - ok
20:51:11.0906 3012 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:51:11.0906 3012 drmkaud - ok
20:51:11.0953 3012 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:51:12.0000 3012 EapHost - ok
20:51:12.0000 3012 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:51:12.0000 3012 ERSvc - ok
20:51:12.0093 3012 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:51:12.0109 3012 Eventlog - ok
20:51:12.0203 3012 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:51:12.0218 3012 EventSystem - ok
20:51:12.0312 3012 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:51:12.0359 3012 Fastfat - ok
20:51:12.0437 3012 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:51:12.0484 3012 FastUserSwitchingCompatibility - ok
20:51:12.0531 3012 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:51:12.0562 3012 Fdc - ok
20:51:12.0593 3012 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:51:12.0625 3012 Fips - ok
20:51:12.0656 3012 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:51:12.0671 3012 Flpydisk - ok
20:51:12.0734 3012 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:51:12.0781 3012 FltMgr - ok
20:51:12.0890 3012 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:51:12.0921 3012 FontCache3.0.0.0 - ok
20:51:13.0109 3012 FreeAgentGoNext Service (c0504d5561d4e3872bcba47531e2763b) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
20:51:13.0156 3012 FreeAgentGoNext Service - ok
20:51:13.0187 3012 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:51:13.0203 3012 Fs_Rec - ok
20:51:13.0281 3012 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:51:13.0343 3012 Ftdisk - ok
20:51:13.0390 3012 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:51:13.0390 3012 GEARAspiWDM - ok
20:51:13.0421 3012 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:51:13.0453 3012 Gpc - ok
20:51:13.0531 3012 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:51:13.0531 3012 HDAudBus - ok
20:51:13.0609 3012 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:51:13.0609 3012 helpsvc - ok
20:51:13.0640 3012 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:51:13.0640 3012 HidServ - ok
20:51:13.0671 3012 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:51:13.0687 3012 hidusb - ok
20:51:13.0718 3012 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:51:13.0796 3012 hkmsvc - ok
20:51:13.0796 3012 hpn - ok
20:51:13.0921 3012 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:51:14.0000 3012 HTTP - ok
20:51:14.0046 3012 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:51:14.0078 3012 HTTPFilter - ok
20:51:14.0078 3012 i2omgmt - ok
20:51:14.0078 3012 i2omp - ok
20:51:14.0109 3012 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
20:51:14.0156 3012 i8042prt - ok
20:51:16.0015 3012 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:51:17.0765 3012 ialm - ok
20:51:18.0250 3012 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:51:18.0609 3012 idsvc - ok
20:51:18.0859 3012 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:51:18.0906 3012 Imapi - ok
20:51:18.0984 3012 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:51:19.0000 3012 ImapiService - ok
20:51:19.0000 3012 ini910u - ok
20:51:19.0000 3012 IntelIde - ok
20:51:19.0062 3012 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:51:19.0062 3012 intelppm - ok
20:51:19.0171 3012 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
20:51:19.0171 3012 IntuitUpdateService - ok
20:51:19.0234 3012 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
20:51:19.0234 3012 IntuitUpdateServiceV4 - ok
20:51:19.0281 3012 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:51:19.0312 3012 Ip6Fw - ok
20:51:19.0359 3012 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:51:19.0359 3012 IpFilterDriver - ok
20:51:19.0375 3012 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:51:19.0421 3012 IpInIp - ok
20:51:19.0484 3012 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:51:19.0500 3012 IpNat - ok
20:51:19.0828 3012 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
20:51:20.0046 3012 iPod Service - ok
20:51:20.0125 3012 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:51:20.0187 3012 IPSec - ok
20:51:20.0218 3012 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:51:20.0234 3012 IRENUM - ok
20:51:20.0281 3012 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:51:20.0328 3012 isapnp - ok
20:51:20.0468 3012 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
20:51:20.0468 3012 JavaQuickStarterService - ok
20:51:20.0500 3012 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:51:20.0515 3012 Kbdclass - ok
20:51:20.0531 3012 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:51:20.0546 3012 kbdhid - ok
20:51:20.0640 3012 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:51:20.0703 3012 kmixer - ok
20:51:20.0750 3012 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:51:20.0812 3012 KSecDD - ok
20:51:20.0875 3012 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:51:20.0890 3012 LanmanServer - ok
20:51:20.0984 3012 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:51:21.0031 3012 lanmanworkstation - ok
20:51:21.0031 3012 lbrtfdc - ok
20:51:21.0078 3012 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:51:21.0093 3012 LmHosts - ok
20:51:21.0140 3012 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
20:51:21.0140 3012 MBAMProtector - ok
20:51:21.0390 3012 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:51:21.0578 3012 MBAMService - ok
20:51:21.0625 3012 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:51:21.0640 3012 Messenger - ok
20:51:21.0671 3012 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:51:21.0687 3012 mnmdd - ok
20:51:21.0734 3012 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:51:21.0796 3012 mnmsrvc - ok
20:51:21.0828 3012 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:51:21.0859 3012 Modem - ok
20:51:21.0890 3012 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:51:21.0906 3012 Mouclass - ok
20:51:21.0968 3012 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:51:21.0984 3012 mouhid - ok
20:51:22.0046 3012 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:51:22.0078 3012 MountMgr - ok
20:51:22.0171 3012 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:51:22.0171 3012 MpFilter - ok
20:51:22.0171 3012 mraid35x - ok
20:51:22.0234 3012 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:51:22.0281 3012 MRxDAV - ok
20:51:22.0453 3012 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:51:22.0640 3012 MRxSmb - ok
20:51:22.0671 3012 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:51:22.0687 3012 MSDTC - ok
20:51:22.0703 3012 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:51:22.0781 3012 Msfs - ok
20:51:22.0796 3012 MSIServer - ok
20:51:22.0812 3012 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:51:22.0828 3012 MSKSSRV - ok
20:51:22.0906 3012 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:51:22.0906 3012 MsMpSvc - ok
20:51:22.0921 3012 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:51:22.0921 3012 MSPCLOCK - ok
20:51:22.0937 3012 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:51:22.0953 3012 MSPQM - ok
20:51:23.0015 3012 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:51:23.0015 3012 mssmbios - ok
20:51:23.0078 3012 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:51:23.0078 3012 MSTEE - ok
20:51:23.0156 3012 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:51:23.0203 3012 Mup - ok
20:51:23.0250 3012 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:51:23.0312 3012 NABTSFEC - ok
20:51:23.0421 3012 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:51:23.0546 3012 napagent - ok
20:51:23.0625 3012 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:51:23.0703 3012 NDIS - ok
20:51:23.0734 3012 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:51:23.0750 3012 NdisIP - ok
20:51:23.0781 3012 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:51:23.0796 3012 NdisTapi - ok
20:51:23.0859 3012 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:51:23.0875 3012 Ndisuio - ok
20:51:23.0921 3012 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:51:24.0031 3012 NdisWan - ok
20:51:24.0078 3012 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:51:24.0109 3012 NDProxy - ok
20:51:24.0125 3012 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:51:24.0171 3012 NetBIOS - ok
20:51:24.0218 3012 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:51:24.0328 3012 NetBT - ok
20:51:24.0375 3012 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:51:24.0484 3012 NetDDE - ok
20:51:24.0500 3012 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:51:24.0500 3012 NetDDEdsdm - ok
20:51:24.0546 3012 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:51:24.0546 3012 Netlogon - ok
20:51:24.0609 3012 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:51:24.0609 3012 Netman - ok
20:51:24.0750 3012 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:51:24.0812 3012 NetTcpPortSharing - ok
20:51:25.0171 3012 NGCLIENT (f385d460376e92d65aa22240aa57a95a) C:\Program Files\Symantec\Ghost\ngctw32.exe
20:51:25.0265 3012 NGCLIENT - ok
20:51:25.0375 3012 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:51:25.0375 3012 Nla - ok
20:51:25.0453 3012 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
20:51:25.0468 3012 NPF - ok
20:51:25.0515 3012 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:51:25.0546 3012 Npfs - ok
20:51:25.0765 3012 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:51:25.0968 3012 Ntfs - ok
20:51:26.0015 3012 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:51:26.0031 3012 NtLmSsp - ok
20:51:26.0187 3012 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:51:26.0343 3012 NtmsSvc - ok
20:51:26.0375 3012 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:51:26.0375 3012 Null - ok
20:51:26.0421 3012 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:51:26.0437 3012 NwlnkFlt - ok
20:51:26.0453 3012 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:51:26.0484 3012 NwlnkFwd - ok
20:51:26.0546 3012 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:51:26.0609 3012 Parport - ok
20:51:26.0609 3012 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:51:26.0640 3012 PartMgr - ok
20:51:26.0656 3012 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:51:26.0703 3012 ParVdm - ok
20:51:26.0750 3012 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:51:26.0796 3012 PCI - ok
20:51:26.0796 3012 PCIDump - ok
20:51:26.0812 3012 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:51:26.0812 3012 PCIIde - ok
20:51:26.0890 3012 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:51:26.0953 3012 Pcmcia - ok
20:51:26.0953 3012 PDCOMP - ok
20:51:26.0953 3012 PDFRAME - ok
20:51:26.0953 3012 PDRELI - ok
20:51:26.0968 3012 PDRFRAME - ok
20:51:26.0968 3012 perc2 - ok
20:51:26.0968 3012 perc2hib - ok
20:51:27.0109 3012 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:51:27.0109 3012 PlugPlay - ok
20:51:27.0125 3012 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:51:27.0125 3012 PolicyAgent - ok
20:51:27.0156 3012 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:51:27.0187 3012 PptpMiniport - ok
20:51:27.0187 3012 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:51:27.0187 3012 ProtectedStorage - ok
20:51:27.0218 3012 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:51:27.0265 3012 PSched - ok
20:51:27.0296 3012 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:51:27.0328 3012 Ptilink - ok
20:51:27.0343 3012 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:51:27.0375 3012 PxHelp20 - ok
20:51:27.0375 3012 ql1080 - ok
20:51:27.0390 3012 Ql10wnt - ok
20:51:27.0390 3012 ql12160 - ok
20:51:27.0390 3012 ql1240 - ok
20:51:27.0390 3012 ql1280 - ok
20:51:27.0421 3012 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:51:27.0421 3012 RasAcd - ok
20:51:27.0484 3012 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:51:27.0531 3012 RasAuto - ok
20:51:27.0562 3012 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:51:27.0593 3012 Rasl2tp - ok
20:51:27.0687 3012 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:51:27.0703 3012 RasMan - ok
20:51:27.0718 3012 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:51:27.0765 3012 RasPppoe - ok
20:51:27.0765 3012 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:51:27.0781 3012 Raspti - ok
20:51:27.0875 3012 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:51:28.0015 3012 Rdbss - ok
20:51:28.0015 3012 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:51:28.0031 3012 RDPCDD - ok
20:51:28.0125 3012 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:51:28.0281 3012 rdpdr - ok
20:51:28.0359 3012 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:51:28.0406 3012 RDPWD - ok
20:51:28.0468 3012 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:51:28.0578 3012 RDSessMgr - ok
20:51:28.0625 3012 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:51:28.0671 3012 redbook - ok
20:51:28.0734 3012 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:51:28.0781 3012 RemoteAccess - ok
20:51:28.0828 3012 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:51:28.0828 3012 RemoteRegistry - ok
20:51:28.0890 3012 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:51:28.0953 3012 RpcLocator - ok
20:51:29.0140 3012 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:51:29.0140 3012 RpcSs - ok
20:51:29.0218 3012 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:51:29.0296 3012 RSVP - ok
20:51:29.0406 3012 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
20:51:29.0562 3012 RT73 - ok
20:51:29.0609 3012 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:51:29.0609 3012 SamSs - ok
20:51:29.0671 3012 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:51:29.0734 3012 SCardSvr - ok
20:51:29.0828 3012 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:51:29.0890 3012 Schedule - ok
20:51:29.0921 3012 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:51:29.0937 3012 Secdrv - ok
20:51:29.0984 3012 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:51:29.0984 3012 seclogon - ok
20:51:30.0156 3012 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
20:51:30.0312 3012 SenFiltService - ok
20:51:30.0328 3012 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:51:30.0328 3012 SENS - ok
20:51:30.0375 3012 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:51:30.0390 3012 serenum - ok
20:51:30.0421 3012 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:51:30.0515 3012 Serial - ok
20:51:30.0546 3012 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:51:30.0578 3012 Sfloppy - ok
20:51:30.0703 3012 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:51:30.0750 3012 SharedAccess - ok
20:51:30.0843 3012 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:51:30.0843 3012 ShellHWDetection - ok
20:51:30.0843 3012 Simbad - ok
20:51:30.0890 3012 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:51:30.0906 3012 SLIP - ok
20:51:30.0953 3012 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
20:51:31.0000 3012 sonypvs1 - ok
20:51:31.0046 3012 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:51:31.0062 3012 SONYPVU1 - ok
20:51:31.0062 3012 Sparrow - ok
20:51:31.0093 3012 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:51:31.0093 3012 splitter - ok
20:51:31.0156 3012 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:51:31.0156 3012 Spooler - ok
20:51:31.0234 3012 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:51:31.0296 3012 sr - ok
20:51:31.0359 3012 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:51:31.0359 3012 srservice - ok
20:51:31.0500 3012 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:51:31.0500 3012 Srv - ok
20:51:31.0546 3012 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:51:31.0546 3012 SSDPSRV - ok
20:51:31.0671 3012 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:51:31.0703 3012 stisvc - ok
20:51:31.0734 3012 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:51:31.0765 3012 streamip - ok
20:51:31.0796 3012 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:51:31.0812 3012 swenum - ok
20:51:31.0890 3012 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:51:31.0890 3012 swmidi - ok
20:51:31.0890 3012 SwPrv - ok
20:51:31.0890 3012 symc810 - ok
20:51:31.0890 3012 symc8xx - ok
20:51:31.0906 3012 sym_hi - ok
20:51:31.0906 3012 sym_u3 - ok
20:51:31.0937 3012 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:51:31.0937 3012 sysaudio - ok
20:51:32.0000 3012 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:51:32.0109 3012 SysmonLog - ok
20:51:32.0218 3012 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:51:32.0250 3012 TapiSrv - ok
20:51:32.0406 3012 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:51:32.0531 3012 Tcpip - ok
20:51:32.0562 3012 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:51:32.0578 3012 TDPIPE - ok
20:51:32.0578 3012 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:51:32.0593 3012 TDTCP - ok
20:51:32.0625 3012 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:51:32.0640 3012 TermDD - ok
20:51:32.0781 3012 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:51:32.0812 3012 TermService - ok
20:51:32.0921 3012 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:51:32.0921 3012 Themes - ok
20:51:32.0968 3012 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:51:33.0031 3012 TlntSvr - ok
20:51:33.0031 3012 TosIde - ok
20:51:33.0109 3012 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:51:33.0109 3012 TrkWks - ok
20:51:33.0156 3012 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:51:33.0218 3012 Udfs - ok
20:51:33.0218 3012 ultra - ok
20:51:33.0359 3012 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:51:33.0484 3012 Update - ok
20:51:33.0656 3012 Updater Service for StartNow Toolbar (70eb41a4417ba0aa36ae12bf2b4d98f6) C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
20:51:33.0671 3012 Updater Service for StartNow Toolbar - ok
20:51:33.0765 3012 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:51:33.0859 3012 upnphost - ok
20:51:33.0906 3012 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:51:33.0968 3012 UPS - ok
20:51:34.0015 3012 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:51:34.0078 3012 usbaudio - ok
20:51:34.0140 3012 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:51:34.0187 3012 usbccgp - ok
20:51:34.0250 3012 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:51:34.0328 3012 usbehci - ok
20:51:34.0406 3012 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:51:34.0546 3012 usbhub - ok
20:51:34.0625 3012 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:51:34.0640 3012 usbprint - ok
20:51:34.0687 3012 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:51:34.0703 3012 usbscan - ok
20:51:34.0750 3012 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:51:34.0750 3012 USBSTOR - ok
20:51:34.0812 3012 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:51:34.0843 3012 usbuhci - ok
20:51:34.0921 3012 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:51:34.0937 3012 VgaSave - ok
20:51:34.0937 3012 ViaIde - ok
20:51:35.0000 3012 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:51:35.0031 3012 VolSnap - ok
20:51:35.0218 3012 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:51:35.0359 3012 VSS - ok
20:51:35.0531 3012 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:51:35.0531 3012 W32Time - ok
20:51:35.0593 3012 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:51:35.0625 3012 Wanarp - ok
20:51:35.0625 3012 WDICA - ok
20:51:35.0703 3012 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:51:35.0703 3012 wdmaud - ok
20:51:35.0734 3012 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:51:35.0765 3012 WebClient - ok
20:51:35.0921 3012 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:51:35.0921 3012 winmgmt - ok
20:51:35.0968 3012 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:51:36.0000 3012 WmdmPmSN - ok
20:51:36.0250 3012 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:51:36.0250 3012 Wmi - ok
20:51:36.0328 3012 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:51:36.0437 3012 WmiApSrv - ok
20:51:36.0828 3012 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:51:37.0375 3012 WMPNetworkSvc - ok
20:51:37.0750 3012 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:51:38.0000 3012 WPFFontCache_v0400 - ok
20:51:38.0156 3012 WSearch - ok
20:51:38.0203 3012 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:51:38.0234 3012 WSTCODEC - ok
20:51:38.0265 3012 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:51:38.0296 3012 wuauserv - ok
20:51:38.0343 3012 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:51:38.0421 3012 WudfPf - ok
20:51:38.0453 3012 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:51:38.0531 3012 WudfRd - ok
20:51:38.0546 3012 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:51:38.0593 3012 WudfSvc - ok
20:51:38.0765 3012 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:51:38.0781 3012 WZCSVC - ok
20:51:38.0843 3012 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:51:38.0968 3012 xmlprov - ok
20:51:39.0296 3012 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
20:51:39.0468 3012 YahooAUService - ok
20:51:39.0500 3012 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:51:39.0890 3012 \Device\Harddisk0\DR0 - ok
20:51:39.0906 3012 Boot (0x1200) (c9b4a85212c78cff21c29fb18edcf839) \Device\Harddisk0\DR0\Partition0
20:51:39.0906 3012 \Device\Harddisk0\DR0\Partition0 - ok
20:51:39.0906 3012 ============================================================
20:51:39.0906 3012 Scan finished
20:51:39.0906 3012 ============================================================
20:51:39.0906 2856 Detected object count: 0
20:51:39.0906 2856 Actual detected object count: 0
20:52:05.0890 3792 Deinitialize success

and the gmer
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-01 22:24:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDS721616PLA380 rev.P22OAB3A
Running: 26yj1y32.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\fgtdrpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9885000, 0x1C5DC8, 0xE8000020]
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xAD303A00]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[608] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:568] AA10BFD0
Thread System [4:572] AA0FFC70

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB30106$\1082144026 0 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\bckfg.tmp 851 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\cfg.ini 207 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\keywords 0 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\L 0 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\L\bvwbrney 138496 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U 0 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U\80000032.@ 98304 bytes
File C:\WINDOWS\$NtUninstallKB30106$\2398012239 0 bytes

---- EOF - GMER 1.0.15 ----
Can you explain a little bit about the scan results? Thanks

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:25 PM

Posted 02 May 2012 - 01:25 AM

File C:\WINDOWS\$NtUninstallKB30106$\1082144026 0 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\bckfg.tmp 851 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\cfg.ini 207 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\keywords 0 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\L 0 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\L\bvwbrney 138496 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U 0 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB30106$\1082144026\U\80000032.@ 98304 bytes
File C:\WINDOWS\$NtUninstallKB30106$\2398012239 0 bytes


Files of zero access rootkit..TDSSkiller has started removing these partitions but in your case TDSSkiller doesnt seem to detect it.

We need advanced tools to remove them

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:25 PM

Posted 02 May 2012 - 10:27 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic452270.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users