Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible RootKit infection (prxts.sys) but not sure


  • This topic is locked This topic is locked
9 replies to this topic

#1 fubar70

fubar70

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 07 July 2012 - 11:56 AM

Hello,

Every so often, I scan my system for possible infections and today I did a scan with IceSword (ver 1.22) and noticed an few entries in the SSDT section name "prxts.sys" and after doing some research I learned that this file is supposedly a part of Prevex, but I have never had Prevex installed on my system so I thought I would ask the experts here to see if I have a RootKit on my system or not.

It may be helpful to know that I did run a Full Scan with MalewareBytes Anti-Maleware and it did not detect anything.I also ran a Full Scan with the NOD32 online scanner and again nothing was detected. Finally, I did a scan using Avast (my currently installed virus scanner) and yet again, everything came back normal.

Anyway here are the reports that you requested to go along with this post and thanks in advance for any and all replies.

Fubar

dds.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_31
Run by Michael at 11:45:36 on 2012-07-07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1430 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Executor\Executor.exe
C:\Program Files\SugarSync\SugarSyncManager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Java\jre6\launch4j-tmp\JShotTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\FastStone Image Viewer\FSViewer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Windows Internet Explorer
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mWindow Title = Windows Internet Explorer
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RocketDock] "c:\windows\bricopacks\crystal clear\rocketdock\RocketDock.exe"
uRun: [AtiTrayTools] "c:\program files\ray adams\ati tray tools\atitray.exe"
uRun: [Executor] "c:\program files\executor\Executor.exe" -s
uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Profiler] c:\program files\saitek\software\Profiler.exe
mRun: [SaiSmart] c:\program files\saitek\software\SaiSmart.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
StartupFolder: c:\docume~1\michael\startm~1\programs\startup\mru-bl~1.lnk - c:\program files\mru-blaster\mrublaster.exe
StartupFolder: c:\docume~1\michael\startm~1\programs\startup\rocket~1.lnk - c:\windows\bricopacks\crystal clear\rocketdock\RocketDock.exe
StartupFolder: c:\docume~1\michael\startm~1\programs\startup\y'ztoo~1.lnk - c:\windows\bricopacks\crystal clear\yztoolbar\YzToolBar.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\jshott~1.lnk - c:\program files\jshot\JShotTray.exe
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E0B4E5A1-2994-4D82-995A-C031A00E3A4E} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\michael\application data\mozilla\firefox\profiles\z68fxnjh.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\documents and settings\michael\application data\mozilla\firefox\profiles\z68fxnjh.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-31 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-31 353688]
R1 atitray;atitray;c:\program files\ray adams\ati tray tools\atitray.sys [2010-4-22 19232]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2012-5-29 158552]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2012-5-29 91992]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-31 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-31 44808]
R2 BT848;AVerMedia AVerTV WDM Video Capture (878);c:\windows\system32\drivers\Bt848.sys [2010-8-11 152064]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-8-12 68968]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2011-6-4 117584]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2012-5-22 104792]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2012-5-22 116056]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superadblocker.com\super ad blocker\sabkutil.sys --> c:\program files\superadblocker.com\super ad blocker\SABKUTIL.sys [?]
S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [2007-1-5 123264]
S3 cpuz135;cpuz135;\??\c:\docume~1\michael\locals~1\temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\michael\locals~1\temp\cpuz135\cpuz135_x32.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 113120]
S3 SaiHFF0C;SaiHFF0C;c:\windows\system32\drivers\SaiHFF0C.sys [2005-11-3 176640]
S3 SaiUFF0C;SaiUFF0C;c:\windows\system32\drivers\SaiUFF0C.sys [2005-11-3 27264]
S4 hpdj00;hpdj00;c:\docume~1\michael\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=hp deskjet 3740 series -product=3740 --> c:\docume~1\michael\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=HP Deskjet 3740 Series -product=3740 [?]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-4-5 158856]
.
=============== Created Last 30 ================
.
2012-07-07 12:06:16 -------- d-----w- c:\program files\ESET
2012-06-29 02:42:03 -------- d-----w- c:\documents and settings\michael\local settings\application data\Identities
2012-06-25 05:13:43 -------- d-----w- c:\program files\Free Download Manager
2012-06-17 15:15:39 4088320 ----a-w- c:\windows\system32\tmsexd7.bpl
2012-06-17 15:15:19 -------- d-----w- c:\documents and settings\michael\application data\tmssoftware
2012-06-16 02:35:21 1151488 ----a-w- c:\windows\system32\vclAbsDbd7.bpl
2012-06-15 01:27:01 -------- d-----w- c:\documents and settings\michael\application data\com.MALLite
.
==================== Find3M ====================
.
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-06-02 15:30:12 452096 ----a-w- c:\windows\system32\vclZipForged7.bpl
2012-05-24 20:01:36 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-05-22 19:08:34 91992 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-05-22 19:08:34 104792 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-05-22 19:08:32 158552 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-05-22 19:08:32 135512 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-05-22 19:08:32 116056 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
.
============= FINISH: 11:46:02.26 ===============

Attached Files


Edited by fubar70, 07 July 2012 - 01:02 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:13 PM

Posted 12 July 2012 - 12:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459659 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 fubar70

fubar70
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 12 July 2012 - 02:35 PM

Yes, I still need someone to look at my logs and see what is going on. Here is the latest dds.log file for review to go along with the first one I made. I did not make another GMER log because it took over 4 hours to do the first one and I have not changed anything on my system since then. I have my original Windows CD.

DDS Log File
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_31
Run by Michael at 15:28:46 on 2012-07-12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1260 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Executor\Executor.exe
C:\Program Files\SugarSync\SugarSyncManager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Java\jre6\launch4j-tmp\JShotTray.exe
C:\Program Files\Java\jre6\launch4j-tmp\JShotTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Windows Internet Explorer
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mWindow Title = Windows Internet Explorer
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RocketDock] "c:\windows\bricopacks\crystal clear\rocketdock\RocketDock.exe"
uRun: [AtiTrayTools] "c:\program files\ray adams\ati tray tools\atitray.exe"
uRun: [Executor] "c:\program files\executor\Executor.exe" -s
uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Profiler] c:\program files\saitek\software\Profiler.exe
mRun: [SaiSmart] c:\program files\saitek\software\SaiSmart.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
StartupFolder: c:\docume~1\michael\startm~1\programs\startup\mru-bl~1.lnk - c:\program files\mru-blaster\mrublaster.exe
StartupFolder: c:\docume~1\michael\startm~1\programs\startup\rocket~1.lnk - c:\windows\bricopacks\crystal clear\rocketdock\RocketDock.exe
StartupFolder: c:\docume~1\michael\startm~1\programs\startup\y'ztoo~1.lnk - c:\windows\bricopacks\crystal clear\yztoolbar\YzToolBar.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\jshott~1.lnk - c:\program files\jshot\JShotTray.exe
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E0B4E5A1-2994-4D82-995A-C031A00E3A4E} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\michael\application data\mozilla\firefox\profiles\z68fxnjh.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\documents and settings\michael\application data\mozilla\firefox\profiles\z68fxnjh.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-31 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-31 353688]
R1 atitray;atitray;c:\program files\ray adams\ati tray tools\atitray.sys [2010-4-22 19232]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2012-5-29 158552]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2012-5-29 91992]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-31 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-31 44808]
R2 BT848;AVerMedia AVerTV WDM Video Capture (878);c:\windows\system32\drivers\Bt848.sys [2010-8-11 152064]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-8-12 68968]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2011-6-4 117584]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2012-5-22 104792]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2012-5-22 116056]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superadblocker.com\super ad blocker\sabkutil.sys --> c:\program files\superadblocker.com\super ad blocker\SABKUTIL.sys [?]
S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [2007-1-5 123264]
S3 cpuz135;cpuz135;\??\c:\docume~1\michael\locals~1\temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\michael\locals~1\temp\cpuz135\cpuz135_x32.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 113120]
S3 SaiHFF0C;SaiHFF0C;c:\windows\system32\drivers\SaiHFF0C.sys [2005-11-3 176640]
S3 SaiUFF0C;SaiUFF0C;c:\windows\system32\drivers\SaiUFF0C.sys [2005-11-3 27264]
S4 hpdj00;hpdj00;c:\docume~1\michael\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=hp deskjet 3740 series -product=3740 --> c:\docume~1\michael\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=HP Deskjet 3740 Series -product=3740 [?]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-4-5 158856]
.
=============== Created Last 30 ================
.
2012-07-07 12:06:16 -------- d-----w- c:\program files\ESET
2012-06-29 02:42:03 -------- d-----w- c:\documents and settings\michael\local settings\application data\Identities
2012-06-25 05:13:43 -------- d-----w- c:\program files\Free Download Manager
2012-06-17 15:15:39 4088320 ----a-w- c:\windows\system32\tmsexd7.bpl
2012-06-17 15:15:19 -------- d-----w- c:\documents and settings\michael\application data\tmssoftware
2012-06-16 02:35:21 1151488 ----a-w- c:\windows\system32\vclAbsDbd7.bpl
2012-06-15 01:27:01 -------- d-----w- c:\documents and settings\michael\application data\com.MALLite
.
==================== Find3M ====================
.
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-06-02 15:30:12 452096 ----a-w- c:\windows\system32\vclZipForged7.bpl
2012-05-24 20:01:36 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-05-22 19:08:34 91992 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-05-22 19:08:34 104792 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-05-22 19:08:32 158552 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-05-22 19:08:32 135512 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-05-22 19:08:32 116056 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
.
============= FINISH: 15:29:21.65 ===============

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:13 PM

Posted 13 July 2012 - 09:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#5 fubar70

fubar70
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 13 July 2012 - 12:44 PM

Hello Nasdaq,

TDSSkiller found nothing, here is the report tho.

TDSSKiller Report

13:33:06.0812 2544 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
13:33:07.0218 2544 ============================================================
13:33:07.0218 2544 Current date / time: 2012/07/13 13:33:07.0218
13:33:07.0218 2544 SystemInfo:
13:33:07.0218 2544
13:33:07.0234 2544 OS Version: 5.1.2600 ServicePack: 2.0
13:33:07.0234 2544 Product type: Workstation
13:33:07.0234 2544 ComputerName: NOSIX
13:33:07.0250 2544 UserName: Michael
13:33:07.0250 2544 Windows directory: C:\WINDOWS
13:33:07.0250 2544 System windows directory: C:\WINDOWS
13:33:07.0250 2544 Processor architecture: Intel x86
13:33:07.0250 2544 Number of processors: 2
13:33:07.0250 2544 Page size: 0x1000
13:33:07.0250 2544 Boot type: Normal boot
13:33:07.0250 2544 ============================================================
13:33:09.0843 2544 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:33:09.0843 2544 Drive \Device\Harddisk1\DR4 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:33:09.0875 2544 ============================================================
13:33:09.0875 2544 \Device\Harddisk0\DR0:
13:33:09.0875 2544 MBR partitions:
13:33:09.0875 2544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEE021B0
13:33:09.0906 2544 \Device\Harddisk1\DR4:
13:33:09.0906 2544 MBR partitions:
13:33:09.0906 2544 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E074C1
13:33:09.0906 2544 ============================================================
13:33:09.0937 2544 C: <-> \Device\Harddisk0\DR0\Partition0
13:33:10.0015 2544 H: <-> \Device\Harddisk1\DR4\Partition0
13:33:10.0015 2544 ============================================================
13:33:10.0015 2544 Initialize success
13:33:10.0015 2544 ============================================================
13:33:12.0531 3660 ============================================================
13:33:12.0531 3660 Scan started
13:33:12.0531 3660 Mode: Manual;
13:33:12.0531 3660 ============================================================
13:33:14.0296 3660 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:33:14.0296 3660 !SASCORE - ok
13:33:14.0468 3660 Aavmker4 (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
13:33:14.0484 3660 Aavmker4 - ok
13:33:14.0484 3660 Abiosdsk - ok
13:33:14.0500 3660 abp480n5 - ok
13:33:14.0546 3660 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:33:14.0562 3660 ACPI - ok
13:33:14.0609 3660 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:33:14.0625 3660 ACPIEC - ok
13:33:14.0625 3660 adpu160m - ok
13:33:14.0687 3660 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
13:33:14.0703 3660 aec - ok
13:33:14.0765 3660 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
13:33:14.0796 3660 AFD - ok
13:33:14.0828 3660 Aha154x - ok
13:33:14.0843 3660 aic78u2 - ok
13:33:14.0890 3660 aic78xx - ok
13:33:15.0515 3660 ALCXWDM (9a0a8e525c50b732ea0f8f0b597a95f9) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
13:33:15.0812 3660 ALCXWDM - ok
13:33:16.0015 3660 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
13:33:16.0015 3660 Alerter - ok
13:33:16.0031 3660 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
13:33:16.0046 3660 ALG - ok
13:33:16.0078 3660 AliIde - ok
13:33:16.0140 3660 amsint - ok
13:33:16.0203 3660 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
13:33:16.0203 3660 AppMgmt - ok
13:33:16.0218 3660 asc - ok
13:33:16.0234 3660 asc3350p - ok
13:33:16.0250 3660 asc3550 - ok
13:33:16.0328 3660 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
13:33:16.0343 3660 Aspi32 - ok
13:33:16.0484 3660 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:33:16.0484 3660 aspnet_state - ok
13:33:16.0515 3660 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
13:33:16.0515 3660 aswFsBlk - ok
13:33:16.0578 3660 aswMon2 (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
13:33:16.0593 3660 aswMon2 - ok
13:33:16.0625 3660 AswRdr (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\AswRdr.sys
13:33:16.0640 3660 AswRdr - ok
13:33:16.0765 3660 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
13:33:16.0796 3660 aswSnx - ok
13:33:16.0906 3660 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
13:33:16.0984 3660 aswSP - ok
13:33:17.0015 3660 aswTdi (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
13:33:17.0015 3660 aswTdi - ok
13:33:17.0046 3660 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:33:17.0062 3660 AsyncMac - ok
13:33:17.0093 3660 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:33:17.0093 3660 atapi - ok
13:33:17.0109 3660 Atdisk - ok
13:33:17.0468 3660 Ati HotKey Poller (cfe0955f65263e82b659b0694691af6d) C:\WINDOWS\system32\Ati2evxx.exe
13:33:17.0531 3660 Ati HotKey Poller - ok
13:33:17.0671 3660 ATI Smart (31e0c106273443fc1ca0439235225044) C:\WINDOWS\system32\ati2sgag.exe
13:33:17.0750 3660 ATI Smart - ok
13:33:18.0125 3660 ati2mtag (208432a82e4de15936ed807c8f8f5188) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:33:18.0312 3660 ati2mtag - ok
13:33:18.0468 3660 atitray (029cbc24a51ef75f3da94467dc22b5f1) C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
13:33:18.0468 3660 atitray - ok
13:33:18.0640 3660 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:33:18.0656 3660 Atmarpc - ok
13:33:18.0734 3660 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
13:33:18.0765 3660 AudioSrv - ok
13:33:18.0828 3660 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:33:18.0828 3660 audstub - ok
13:33:18.0937 3660 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:33:18.0937 3660 avast! Antivirus - ok
13:33:18.0984 3660 BazisVirtualCDBus (a2ecece11639fea1ccb66d853451f7e2) C:\WINDOWS\system32\DRIVERS\BazisVirtualCDBus.sys
13:33:19.0015 3660 BazisVirtualCDBus - ok
13:33:19.0062 3660 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:33:19.0062 3660 Beep - ok
13:33:19.0187 3660 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
13:33:19.0250 3660 BITS - ok
13:33:19.0359 3660 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
13:33:19.0375 3660 Browser - ok
13:33:19.0453 3660 BT848 (197cdfa7bf2365f18acd2230ed584428) C:\WINDOWS\system32\drivers\Bt848.sys
13:33:19.0468 3660 BT848 - ok
13:33:19.0546 3660 CAM1690 (4334790af33dd4d994873b553ec50007) C:\WINDOWS\system32\Drivers\cam1690.sys
13:33:19.0546 3660 CAM1690 - ok
13:33:19.0578 3660 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:33:19.0578 3660 cbidf2k - ok
13:33:19.0625 3660 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:33:19.0625 3660 CCDECODE - ok
13:33:19.0640 3660 cd20xrnt - ok
13:33:19.0671 3660 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:33:19.0671 3660 Cdaudio - ok
13:33:19.0765 3660 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
13:33:19.0765 3660 Cdfs - ok
13:33:19.0796 3660 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:33:19.0812 3660 Cdrom - ok
13:33:19.0812 3660 Changer - ok
13:33:19.0859 3660 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
13:33:19.0859 3660 CiSvc - ok
13:33:19.0875 3660 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
13:33:19.0890 3660 ClipSrv - ok
13:33:20.0046 3660 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:33:20.0078 3660 clr_optimization_v2.0.50727_32 - ok
13:33:20.0109 3660 CmdIde - ok
13:33:20.0125 3660 COMSysApp - ok
13:33:20.0156 3660 Cpqarray - ok
13:33:20.0312 3660 cpuz135 - ok
13:33:20.0343 3660 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
13:33:20.0359 3660 CryptSvc - ok
13:33:20.0531 3660 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\Video Stuff\Converters\MediaCoder\SysInfo.sys
13:33:20.0562 3660 CrystalSysInfo - ok
13:33:20.0609 3660 dac2w2k - ok
13:33:20.0625 3660 dac960nt - ok
13:33:20.0734 3660 DcomLaunch (5c83a4408604f737717ab96371201680) C:\WINDOWS\system32\rpcss.dll
13:33:20.0781 3660 DcomLaunch - ok
13:33:20.0859 3660 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
13:33:20.0875 3660 Dhcp - ok
13:33:20.0937 3660 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
13:33:20.0937 3660 Disk - ok
13:33:20.0953 3660 dmadmin - ok
13:33:21.0093 3660 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
13:33:21.0140 3660 dmboot - ok
13:33:21.0171 3660 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
13:33:21.0203 3660 dmio - ok
13:33:21.0250 3660 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:33:21.0250 3660 dmload - ok
13:33:21.0296 3660 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
13:33:21.0312 3660 dmserver - ok
13:33:21.0421 3660 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
13:33:21.0421 3660 DMusic - ok
13:33:21.0562 3660 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
13:33:21.0562 3660 Dnscache - ok
13:33:21.0578 3660 dpti2o - ok
13:33:21.0609 3660 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
13:33:21.0609 3660 drmkaud - ok
13:33:21.0687 3660 dtscsi (6461e57bb51a848aae26f52427b7cf9e) C:\WINDOWS\System32\Drivers\dtscsi.sys
13:33:21.0687 3660 dtscsi - ok
13:33:21.0765 3660 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
13:33:21.0781 3660 ERSvc - ok
13:33:21.0796 3660 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
13:33:21.0828 3660 Eventlog - ok
13:33:21.0875 3660 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS\system32\es.dll
13:33:21.0906 3660 EventSystem - ok
13:33:22.0031 3660 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
13:33:22.0046 3660 Fastfat - ok
13:33:22.0109 3660 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
13:33:22.0125 3660 FastUserSwitchingCompatibility - ok
13:33:22.0156 3660 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:33:22.0187 3660 Fdc - ok
13:33:22.0250 3660 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
13:33:22.0250 3660 FETNDIS - ok
13:33:22.0328 3660 FETNDISB (a583bc166495b07f704533754ce29cbd) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
13:33:22.0343 3660 FETNDISB - ok
13:33:22.0375 3660 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
13:33:22.0375 3660 Fips - ok
13:33:22.0546 3660 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:33:22.0640 3660 FLEXnet Licensing Service - ok
13:33:22.0703 3660 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:33:22.0703 3660 Flpydisk - ok
13:33:22.0750 3660 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:33:22.0750 3660 FltMgr - ok
13:33:22.0890 3660 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:33:22.0890 3660 FontCache3.0.0.0 - ok
13:33:22.0953 3660 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:33:22.0953 3660 Fs_Rec - ok
13:33:23.0015 3660 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:33:23.0031 3660 Ftdisk - ok
13:33:23.0062 3660 GEARAspiWDM (f877c945233039914dbe63b76f9a1065) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:33:23.0078 3660 GEARAspiWDM - ok
13:33:23.0093 3660 GMSIPCI - ok
13:33:23.0109 3660 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:33:23.0125 3660 Gpc - ok
13:33:23.0140 3660 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:33:23.0156 3660 helpsvc - ok
13:33:23.0187 3660 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
13:33:23.0203 3660 HidServ - ok
13:33:23.0234 3660 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:33:23.0250 3660 HidUsb - ok
13:33:23.0390 3660 hpdj00 - ok
13:33:23.0390 3660 hpn - ok
13:33:23.0500 3660 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
13:33:23.0515 3660 HTTP - ok
13:33:23.0546 3660 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
13:33:23.0578 3660 HTTPFilter - ok
13:33:23.0593 3660 i2omgmt - ok
13:33:23.0593 3660 i2omp - ok
13:33:23.0640 3660 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:33:23.0640 3660 i8042prt - ok
13:33:23.0750 3660 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
13:33:23.0750 3660 IDriverT - ok
13:33:23.0968 3660 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:33:24.0062 3660 idsvc - ok
13:33:24.0109 3660 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:33:24.0109 3660 Imapi - ok
13:33:24.0140 3660 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
13:33:24.0171 3660 ImapiService - ok
13:33:24.0203 3660 ini910u - ok
13:33:24.0265 3660 IntelIde - ok
13:33:24.0296 3660 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:33:24.0296 3660 intelppm - ok
13:33:24.0328 3660 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:33:24.0328 3660 Ip6Fw - ok
13:33:24.0390 3660 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:33:24.0390 3660 IpFilterDriver - ok
13:33:24.0406 3660 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:33:24.0406 3660 IpInIp - ok
13:33:24.0468 3660 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:33:24.0484 3660 IpNat - ok
13:33:24.0593 3660 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:33:24.0593 3660 IPSec - ok
13:33:24.0656 3660 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:33:24.0671 3660 IRENUM - ok
13:33:24.0718 3660 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:33:24.0718 3660 isapnp - ok
13:33:24.0765 3660 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:33:24.0781 3660 Kbdclass - ok
13:33:24.0796 3660 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:33:24.0812 3660 kbdhid - ok
13:33:24.0843 3660 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
13:33:24.0875 3660 kmixer - ok
13:33:25.0015 3660 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
13:33:25.0031 3660 KSecDD - ok
13:33:25.0093 3660 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll
13:33:25.0125 3660 lanmanserver - ok
13:33:25.0203 3660 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS\System32\wkssvc.dll
13:33:25.0234 3660 lanmanworkstation - ok
13:33:25.0328 3660 lbrtfdc - ok
13:33:25.0421 3660 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
13:33:25.0421 3660 LmHosts - ok
13:33:25.0468 3660 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
13:33:25.0468 3660 ManyCam - ok
13:33:25.0546 3660 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
13:33:25.0562 3660 Messenger - ok
13:33:25.0671 3660 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:33:25.0687 3660 Microsoft Office Groove Audit Service - ok
13:33:25.0703 3660 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:33:25.0703 3660 mnmdd - ok
13:33:25.0750 3660 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
13:33:25.0765 3660 mnmsrvc - ok
13:33:25.0796 3660 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
13:33:25.0828 3660 Modem - ok
13:33:25.0875 3660 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:33:25.0875 3660 Mouclass - ok
13:33:25.0906 3660 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:33:25.0937 3660 mouhid - ok
13:33:26.0000 3660 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
13:33:26.0000 3660 MountMgr - ok
13:33:26.0062 3660 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:33:26.0078 3660 MozillaMaintenance - ok
13:33:26.0125 3660 mraid35x - ok
13:33:26.0156 3660 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:33:26.0156 3660 MRxDAV - ok
13:33:26.0328 3660 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:33:26.0359 3660 MRxSmb - ok
13:33:26.0406 3660 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
13:33:26.0437 3660 MSDTC - ok
13:33:26.0515 3660 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
13:33:26.0515 3660 Msfs - ok
13:33:26.0531 3660 MSIServer - ok
13:33:26.0578 3660 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:33:26.0578 3660 MSKSSRV - ok
13:33:26.0656 3660 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:33:26.0656 3660 MSPCLOCK - ok
13:33:26.0671 3660 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
13:33:26.0671 3660 MSPQM - ok
13:33:26.0734 3660 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:33:26.0734 3660 mssmbios - ok
13:33:26.0765 3660 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
13:33:26.0765 3660 MSTEE - ok
13:33:26.0796 3660 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
13:33:26.0796 3660 Mup - ok
13:33:26.0843 3660 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:33:26.0859 3660 NABTSFEC - ok
13:33:26.0906 3660 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
13:33:26.0921 3660 NDIS - ok
13:33:26.0953 3660 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:33:26.0968 3660 NdisIP - ok
13:33:27.0000 3660 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:33:27.0000 3660 NdisTapi - ok
13:33:27.0031 3660 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:33:27.0031 3660 Ndisuio - ok
13:33:27.0093 3660 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:33:27.0093 3660 NdisWan - ok
13:33:27.0109 3660 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
13:33:27.0109 3660 NDProxy - ok
13:33:27.0171 3660 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:33:27.0187 3660 NetBIOS - ok
13:33:27.0218 3660 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:33:27.0250 3660 NetBT - ok
13:33:27.0328 3660 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
13:33:27.0375 3660 NetDDE - ok
13:33:27.0375 3660 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
13:33:27.0406 3660 NetDDEdsdm - ok
13:33:27.0421 3660 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:33:27.0453 3660 Netlogon - ok
13:33:27.0546 3660 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
13:33:27.0578 3660 Netman - ok
13:33:27.0765 3660 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:33:27.0781 3660 NetTcpPortSharing - ok
13:33:27.0875 3660 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS\System32\mswsock.dll
13:33:27.0921 3660 Nla - ok
13:33:28.0062 3660 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files\CDBurnerXP\NMSAccessU.exe
13:33:28.0062 3660 NMSAccess - ok
13:33:28.0718 3660 Norton Ghost (88574d23f82dba325e079285a3d91a4f) C:\Program Files\Norton Ghost\Agent\VProSvc.exe
13:33:28.0984 3660 Norton Ghost - ok
13:33:29.0187 3660 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
13:33:29.0187 3660 Npfs - ok
13:33:29.0312 3660 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
13:33:29.0375 3660 Ntfs - ok
13:33:29.0468 3660 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:33:29.0484 3660 NtLmSsp - ok
13:33:29.0578 3660 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
13:33:29.0609 3660 NtmsSvc - ok
13:33:29.0687 3660 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:33:29.0687 3660 Null - ok
13:33:29.0765 3660 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:33:29.0765 3660 NwlnkFlt - ok
13:33:29.0796 3660 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:33:29.0796 3660 NwlnkFwd - ok
13:33:29.0953 3660 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:33:29.0968 3660 odserv - ok
13:33:30.0078 3660 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:33:30.0078 3660 ose - ok
13:33:30.0109 3660 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
13:33:30.0125 3660 Parport - ok
13:33:30.0187 3660 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
13:33:30.0187 3660 PartMgr - ok
13:33:30.0203 3660 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:33:30.0203 3660 ParVdm - ok
13:33:30.0250 3660 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
13:33:30.0265 3660 PCI - ok
13:33:30.0265 3660 PCIDump - ok
13:33:30.0281 3660 PCIIde - ok
13:33:30.0375 3660 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:33:30.0375 3660 Pcmcia - ok
13:33:30.0468 3660 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
13:33:30.0468 3660 pcouffin - ok
13:33:30.0484 3660 PDCOMP - ok
13:33:30.0500 3660 PDFRAME - ok
13:33:30.0562 3660 PDRELI - ok
13:33:30.0609 3660 PDRFRAME - ok
13:33:30.0656 3660 perc2 - ok
13:33:30.0703 3660 perc2hib - ok
13:33:30.0765 3660 PID_08A0 - ok
13:33:30.0796 3660 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
13:33:30.0812 3660 PlugPlay - ok
13:33:30.0875 3660 PnkBstrA (19e83b09ab8ee1d837665da941e2ac44) C:\WINDOWS\system32\PnkBstrA.exe
13:33:30.0890 3660 PnkBstrA - ok
13:33:30.0906 3660 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:33:30.0921 3660 PolicyAgent - ok
13:33:30.0953 3660 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:33:30.0968 3660 PptpMiniport - ok
13:33:30.0984 3660 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:33:31.0000 3660 ProtectedStorage - ok
13:33:31.0031 3660 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
13:33:31.0062 3660 PSched - ok
13:33:31.0156 3660 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:33:31.0171 3660 Ptilink - ok
13:33:31.0234 3660 pxrts (c897d1e74a6b5e3d95cbb9dd9c987742) C:\WINDOWS\system32\drivers\pxrts.sys
13:33:31.0250 3660 pxrts - ok
13:33:31.0250 3660 ql1080 - ok
13:33:31.0281 3660 Ql10wnt - ok
13:33:31.0343 3660 ql12160 - ok
13:33:31.0375 3660 ql1240 - ok
13:33:31.0390 3660 ql1280 - ok
13:33:31.0406 3660 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:33:31.0406 3660 RasAcd - ok
13:33:31.0500 3660 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
13:33:31.0515 3660 RasAuto - ok
13:33:31.0578 3660 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:33:31.0625 3660 Rasl2tp - ok
13:33:31.0765 3660 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
13:33:31.0781 3660 RasMan - ok
13:33:31.0812 3660 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:33:31.0812 3660 RasPppoe - ok
13:33:31.0828 3660 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:33:31.0828 3660 Raspti - ok
13:33:31.0921 3660 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:33:31.0937 3660 Rdbss - ok
13:33:31.0953 3660 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:33:31.0953 3660 RDPCDD - ok
13:33:32.0031 3660 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:33:32.0046 3660 rdpdr - ok
13:33:32.0125 3660 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
13:33:32.0140 3660 RDPWD - ok
13:33:32.0203 3660 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
13:33:32.0218 3660 RDSessMgr - ok
13:33:32.0281 3660 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:33:32.0296 3660 redbook - ok
13:33:32.0328 3660 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
13:33:32.0343 3660 RemoteAccess - ok
13:33:32.0484 3660 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
13:33:32.0515 3660 RemoteRegistry - ok
13:33:32.0625 3660 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
13:33:32.0656 3660 RpcLocator - ok
13:33:32.0765 3660 RpcSs (5c83a4408604f737717ab96371201680) C:\WINDOWS\system32\rpcss.dll
13:33:32.0781 3660 RpcSs - ok
13:33:32.0890 3660 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:33:32.0921 3660 RSVP - ok
13:33:32.0984 3660 SABKUTIL - ok
13:33:33.0000 3660 SABProcEnum - ok
13:33:33.0046 3660 SaiHFF0C (99c7c809b34d2dbc383de491860eb4a3) C:\WINDOWS\system32\DRIVERS\SaiHFF0C.sys
13:33:33.0093 3660 SaiHFF0C - ok
13:33:33.0218 3660 SaiMini (568e039e7817c3f0b40867c8f9f4801b) C:\WINDOWS\system32\DRIVERS\SaiMini.sys
13:33:33.0234 3660 SaiMini - ok
13:33:33.0265 3660 SaiNtBus (c91023fdb4abf3a514537ca1e479b1c0) C:\WINDOWS\system32\drivers\SaiNtBus.sys
13:33:33.0281 3660 SaiNtBus - ok
13:33:33.0343 3660 SaiUFF0C (41f734d89c88895e09584581c6d1f483) C:\WINDOWS\system32\DRIVERS\SaiUFF0C.sys
13:33:33.0375 3660 SaiUFF0C - ok
13:33:33.0468 3660 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:33:33.0484 3660 SamSs - ok
13:33:33.0515 3660 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:33:33.0531 3660 SASDIFSV - ok
13:33:33.0546 3660 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:33:33.0562 3660 SASKUTIL - ok
13:33:33.0593 3660 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
13:33:33.0640 3660 SCardSvr - ok
13:33:33.0750 3660 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
13:33:33.0765 3660 Schedule - ok
13:33:33.0796 3660 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:33:33.0796 3660 Secdrv - ok
13:33:33.0859 3660 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
13:33:33.0875 3660 seclogon - ok
13:33:33.0921 3660 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
13:33:33.0953 3660 SENS - ok
13:33:33.0984 3660 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:33:33.0984 3660 serenum - ok
13:33:34.0015 3660 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
13:33:34.0015 3660 Serial - ok
13:33:34.0093 3660 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:33:34.0093 3660 Sfloppy - ok
13:33:34.0234 3660 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
13:33:34.0250 3660 SharedAccess - ok
13:33:34.0312 3660 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
13:33:34.0343 3660 ShellHWDetection - ok
13:33:34.0343 3660 Simbad - ok
13:33:34.0406 3660 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files\Skype\Updater\Updater.exe
13:33:34.0421 3660 SkypeUpdate - ok
13:33:34.0453 3660 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:33:34.0468 3660 SLIP - ok
13:33:34.0484 3660 Sparrow - ok
13:33:34.0531 3660 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
13:33:34.0562 3660 splitter - ok
13:33:34.0640 3660 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
13:33:34.0671 3660 Spooler - ok
13:33:34.0890 3660 sptd (3e8bb42a8806571fca04c603f75a8d4a) C:\WINDOWS\System32\Drivers\sptd.sys
13:33:34.0953 3660 sptd - ok
13:33:34.0984 3660 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
13:33:35.0000 3660 sr - ok
13:33:35.0046 3660 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
13:33:35.0062 3660 srservice - ok
13:33:35.0140 3660 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
13:33:35.0156 3660 Srv - ok
13:33:35.0203 3660 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
13:33:35.0218 3660 SSDPSRV - ok
13:33:35.0265 3660 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
13:33:35.0265 3660 StarOpen - ok
13:33:35.0406 3660 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
13:33:35.0437 3660 stisvc - ok
13:33:35.0515 3660 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:33:35.0531 3660 streamip - ok
13:33:35.0593 3660 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:33:35.0625 3660 swenum - ok
13:33:35.0687 3660 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
13:33:35.0687 3660 swmidi - ok
13:33:35.0703 3660 SwPrv - ok
13:33:35.0734 3660 symc810 - ok
13:33:35.0765 3660 symc8xx - ok
13:33:35.0890 3660 symsnap (5c66e6aa29dad1875cc74662dd13c87e) C:\WINDOWS\system32\DRIVERS\symsnap.sys
13:33:35.0890 3660 symsnap - ok
13:33:35.0906 3660 sym_hi - ok
13:33:35.0921 3660 sym_u3 - ok
13:33:35.0968 3660 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
13:33:35.0984 3660 sysaudio - ok
13:33:36.0046 3660 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
13:33:36.0062 3660 SysmonLog - ok
13:33:36.0125 3660 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
13:33:36.0171 3660 TapiSrv - ok
13:33:36.0250 3660 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:33:36.0281 3660 Tcpip - ok
13:33:36.0328 3660 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:33:36.0328 3660 TDPIPE - ok
13:33:36.0343 3660 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
13:33:36.0359 3660 TDTCP - ok
13:33:36.0390 3660 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:33:36.0406 3660 TermDD - ok
13:33:36.0515 3660 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
13:33:36.0546 3660 TermService - ok
13:33:36.0578 3660 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
13:33:36.0593 3660 Themes - ok
13:33:36.0671 3660 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
13:33:36.0687 3660 TlntSvr - ok
13:33:36.0703 3660 TosIde - ok
13:33:36.0750 3660 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
13:33:36.0781 3660 TrkWks - ok
13:33:36.0812 3660 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys
13:33:36.0828 3660 uagp35 - ok
13:33:36.0859 3660 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
13:33:36.0875 3660 Udfs - ok
13:33:36.0890 3660 ultra - ok
13:33:36.0921 3660 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
13:33:36.0953 3660 UMWdf - ok
13:33:37.0046 3660 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
13:33:37.0062 3660 Update - ok
13:33:37.0140 3660 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
13:33:37.0156 3660 upnphost - ok
13:33:37.0187 3660 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
13:33:37.0203 3660 UPS - ok
13:33:37.0265 3660 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
13:33:37.0265 3660 usbaudio - ok
13:33:37.0390 3660 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:33:37.0406 3660 usbccgp - ok
13:33:37.0453 3660 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:33:37.0453 3660 usbehci - ok
13:33:37.0484 3660 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:33:37.0500 3660 usbhub - ok
13:33:37.0578 3660 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:33:37.0578 3660 usbprint - ok
13:33:37.0609 3660 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:33:37.0625 3660 usbscan - ok
13:33:37.0656 3660 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:33:37.0656 3660 USBSTOR - ok
13:33:37.0671 3660 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:33:37.0687 3660 usbuhci - ok
13:33:37.0718 3660 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:33:37.0734 3660 usbvideo - ok
13:33:37.0781 3660 v2imount (16662738e1ab857fb91ed2d4065440b0) C:\WINDOWS\system32\DRIVERS\v2imount.sys
13:33:37.0781 3660 v2imount - ok
13:33:37.0828 3660 VBoxDrv (1bb553ac0949a6d96d0768ed7c74c4fb) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
13:33:37.0859 3660 VBoxDrv - ok
13:33:38.0000 3660 VBoxNetAdp (b79cb2163ba6ea1250ea5c686eb83b37) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
13:33:38.0015 3660 VBoxNetAdp - ok
13:33:38.0062 3660 VBoxNetFlt (7cb02fd5c8f6cfc73df446e62783be80) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
13:33:38.0078 3660 VBoxNetFlt - ok
13:33:38.0171 3660 VBoxUSBMon (57e0c951c50060908fa5657295821757) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
13:33:38.0203 3660 VBoxUSBMon - ok
13:33:38.0250 3660 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
13:33:38.0250 3660 VgaSave - ok
13:33:38.0281 3660 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:33:38.0281 3660 ViaIde - ok
13:33:38.0328 3660 viamraid (9f3f276c7300ed211129757a411b605f) C:\WINDOWS\system32\DRIVERS\viamraid.sys
13:33:38.0359 3660 viamraid - ok
13:33:38.0453 3660 videX32 (c8ee49fa76eb7c41a9cddfe58151a74e) C:\WINDOWS\system32\DRIVERS\videX32.sys
13:33:38.0453 3660 videX32 - ok
13:33:38.0468 3660 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
13:33:38.0484 3660 VolSnap - ok
13:33:38.0515 3660 VProEventMonitor (6666a8ddcf315635fc3c13f18c944b19) C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys
13:33:38.0531 3660 VProEventMonitor - ok
13:33:38.0656 3660 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
13:33:38.0687 3660 VSS - ok
13:33:38.0765 3660 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
13:33:38.0781 3660 W32Time - ok
13:33:38.0906 3660 wampapache (f41e453a90ef19217cee1675f5256ee7) c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
13:33:38.0906 3660 wampapache - ok
13:33:38.0968 3660 wampmysqld - ok
13:33:39.0015 3660 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:33:39.0015 3660 Wanarp - ok
13:33:39.0031 3660 WDICA - ok
13:33:39.0109 3660 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
13:33:39.0109 3660 wdmaud - ok
13:33:39.0140 3660 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
13:33:39.0171 3660 WebClient - ok
13:33:39.0234 3660 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
13:33:39.0250 3660 WimFltr - ok
13:33:39.0359 3660 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:33:39.0375 3660 winmgmt - ok
13:33:39.0468 3660 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
13:33:39.0484 3660 WmdmPmSN - ok
13:33:39.0656 3660 Wmi (1aff244ca134956c54474f4e2433e4ce) C:\WINDOWS\System32\advapi32.dll
13:33:39.0687 3660 Wmi - ok
13:33:39.0750 3660 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:33:39.0781 3660 WmiApSrv - ok
13:33:39.0890 3660 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
13:33:39.0921 3660 wscsvc - ok
13:33:39.0984 3660 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:33:39.0984 3660 WSTCODEC - ok
13:33:40.0015 3660 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
13:33:40.0031 3660 wuauserv - ok
13:33:40.0125 3660 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
13:33:40.0171 3660 WZCSVC - ok
13:33:40.0218 3660 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
13:33:40.0250 3660 xmlprov - ok
13:33:40.0343 3660 MBR (0x1B8) (a3095e5b8060d0d6b97e87ec1bb50c3c) \Device\Harddisk0\DR0
13:33:40.0390 3660 \Device\Harddisk0\DR0 - ok
13:33:40.0390 3660 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR4
13:33:40.0421 3660 \Device\Harddisk1\DR4 - ok
13:33:40.0421 3660 Boot (0x1200) (5a0e0cac618ab55725a77ca7f3d414a7) \Device\Harddisk0\DR0\Partition0
13:33:40.0421 3660 \Device\Harddisk0\DR0\Partition0 - ok
13:33:40.0437 3660 Boot (0x1200) (86a49ffc5283ca64a0ed06379d9b86a2) \Device\Harddisk1\DR4\Partition0
13:33:40.0437 3660 \Device\Harddisk1\DR4\Partition0 - ok
13:33:40.0453 3660 ============================================================
13:33:40.0453 3660 Scan finished
13:33:40.0453 3660 ============================================================
13:33:40.0531 3588 Detected object count: 0
13:33:40.0531 3588 Actual detected object count: 0

I ran the aswMRR tool and it said "scan finished successfully" which I assume meant it was finished scanning so I pressed the save log button which created the following log.

aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-13 12:59:45
-----------------------------
12:59:45.781 OS Version: Windows 5.1.2600 Service Pack 2
12:59:45.781 Number of processors: 2 586 0x303
12:59:45.781 ComputerName: NOSIX UserName:
12:59:46.421 Initialize success
12:59:46.546 AVAST engine defs: 12071300
12:59:48.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:59:48.546 Disk 0 Vendor: WDC_WD1600JB-00REA0 20.00K20 Size: 152627MB BusType: 3
12:59:48.546 Disk 0 MBR read successfully
12:59:48.546 Disk 0 MBR scan
12:59:48.546 Disk 0 unknown MBR code
12:59:48.546 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 121860 MB offset 63
12:59:48.562 Disk 0 Partition - 00 05 Extended 30765 MB offset 249569836
12:59:48.578 Disk 0 Partition 2 00 83 Linux 29737 MB offset 249569838
12:59:48.578 Disk 0 Partition - 00 05 Extended 1027 MB offset 310472190
12:59:48.593 Disk 0 scanning sectors +312576705
12:59:48.640 Disk 0 scanning C:\WINDOWS\system32\drivers
12:59:56.421 Service scanning
13:00:00.265 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
13:00:08.734 Modules scanning
13:00:14.937 Disk 0 trace - called modules:
13:00:14.953 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
13:00:14.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89bfda68]
13:00:14.968 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\0000006e[0x89baef18]
13:00:14.968 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89b60d98]
13:00:15.593 AVAST engine scan C:\WINDOWS
13:00:24.750 AVAST engine scan C:\WINDOWS\system32
13:04:11.125 AVAST engine scan C:\WINDOWS\system32\drivers
13:04:38.593 AVAST engine scan C:\Documents and Settings\Michael
13:24:35.859 AVAST engine scan C:\Documents and Settings\All Users
13:36:19.437 Scan finished successfully
13:37:55.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michael\Desktop\MBR.dat"
13:37:55.031 The log file has been saved successfully to "C:\Documents and Settings\Michael\Desktop\aswMBR.txt"

Finally, I have zipped and attached the MBR.dat file as requested. Let me know if you need anything else, but from all the scans I have ran so far and nothing showing up, I am starting to believe that my system is clean, but I will let you be the judge of that.

Cheers,
Fubar

Attached Files

  • Attached File  MBR.zip   584bytes   0 downloads


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:13 PM

Posted 13 July 2012 - 01:31 PM

Looking good so far.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs and let me know if the problem persists.

#7 fubar70

fubar70
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 13 July 2012 - 02:02 PM

I was worried that you were going to suggest combofix. The last time I ran that application (about a yr ago) it totally messed up my otherwise working system and I had to reformat my machine. Since the other scanners showed nothing and I am not having any problems, I think I will leave well enough alone and consider the file as safe. Maybe I downloaded prevex (or some app that uses it) awhile back and don't remember it, but as I said I would rather not go thru the same problem with combofix that I had the last time so you can help someone else now and close this topic if you like.


Update
: I just ran this file through virus total not a single hit on any of the scanners. One thing that I did learn from the Virus Total scan is that this file has a known filesize and is digitally signed by Verisign (something I doubt they would do for maleware) so I am going to consider this a "no fix needed" situation and leave it at that.

ExifTool

UninitializedDataSize....: 0
InitializedDataSize......: 17280
ImageVersion.............: 6.0
ProductName..............: Prevx 3.0
FileVersionNumber........: 3.0.5.185
LanguageCode.............: English (U.S.)
FileFlagsMask............: 0x003f
FileDescription..........: Prevx Realtime Security
CharacterSet.............: Unicode
LinkerVersion............: 8.0
FileOS...................: Windows NT 32-bit
MIMEType.................: application/octet-stream
Subsystem................: Native
FileVersion..............: 3.0.5.185 built by: WinDDK
TimeStamp................: 2010:08:03 04:09:56+02:00
FileType.................: Win32 EXE
PEType...................: PE32
InternalName.............: pxsec.sys
ProductVersion...........: 3.0.5.185
SubsystemVersion.........: 5.1
OSVersion................: 6.0
OriginalFilename.........: pxsec.sys
LegalCopyright...........: © Prevx Ltd. 2010
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Prevx
CodeSize.................: 43392
FileSubtype..............: 7
ProductVersionNumber.....: 3.0.5.185
EntryPoint...............: 0x7020
ObjectFileType...........: Driver

Sigcheck

publisher................: Prevx
product..................: Prevx 3.0
internal name............: pxsec.sys
copyright................: © Prevx Ltd. 2010
original name............: pxsec.sys
signing date.............: 4:10 AM 8/3/2010
signers..................: Prevx
VeriSign Class 3 Code Signing 2009-2 CA
Class 3 Public Primary Certification Authority
file version.............: 3.0.5.185 built by: WinDDK
description..............: Prevx Realtime Security



Thx,
Fubar.

Edited by fubar70, 13 July 2012 - 02:33 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:13 PM

Posted 14 July 2012 - 08:01 AM

The file is from Prevx and not Prevex .

It came from a program by PrevX that you have executed sometime ago.
http://info.prevx.com/downloadprevx.asp

If you are interested in checking for 3rd party software issues please run the SecurityCheck in my post No 6.

#9 fubar70

fubar70
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 14 July 2012 - 10:48 AM

Hello Again,

Thanks for noticing the different spelling of the word. I totally overlooked it and here is the the result of the Security Check application. I realize I am still using SP2 and IE7 which could potentially be security issues, and do not mind updating to SP3 and IE8 but again it seems the last time I tried to update to IE8 something went wrong and I had to spend most of the day getting back to my system to normal spec. If you feel the file that is shown could be a problem then I will bite the bullet and do the upgrades tho.

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.3
SUPERAntiSpyware
Norton Ghost
VirusTotal Uploader 2.0
Malwarebytes Anti-Malware version 1.60.1.1000
CCleaner
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.10 Flash Player out of Date!
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:13 PM

Posted 14 July 2012 - 01:34 PM

SP2 and IE7 which could potentially be security issues, and do not mind updating to SP3 and IE8 but again it seems the last time I tried to update to IE8 something went wrong and I had to spend most of the day getting back to my system to normal spec. If you feel the file that is shown could be a problem then I will bite the bullet and do the upgrades tho.

It's your call but if you decide to upgrade do it one at a time.
Sp3 then test it. etc...
Any majot updates can be removed using the add/remove program applet.

===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 31


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

If these old versions of flash are still present after the update remove them using the Add/Remove Programs applet.
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.10 Flash Player out of Date!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users