Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer possible virus infection (FUNMOODS)


  • Please log in to reply
8 replies to this topic

#1 virus_victim

virus_victim

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 07 August 2012 - 01:05 PM

I have a windows XP laptop that has become very slow and hangs frequently. The problem worsens if I use a browser (Firefox). This started in the last 15-20 days.
I have run Malware megabytes, Anvismart (Free trial version) and AVG to try to clean up the computer. Attached are the logs.

Malware recent log

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.04.10

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Prasanna :: PERSONAL-199B1F [administrator]

8/4/2012 11:19:16 PM
mbam-log-2012-08-04 (23-19-16).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 525468
Time elapsed: 7 hour(s), 19 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Prasanna\Local Settings\Temp\9F.tmp (Rootkit.TDSS.EXPD1) -> Quarantined and deleted successfully.
C:\Documents and Settings\Prasanna\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.

(end)

--------------------------------------------------------------------------------------------------------------------------------------------

Anvisoft log (08/05/2012)

[01:06:02] Scaned virus Trojan.Patched.GS.268943, C:\WINDOWS\system32\msimg32.dll
[05:58:54] FileGuard: Process 3628, found virus TR/Crypt.XPACK.Gen.273979, path E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\SETUP\OSE.EXE

[05:59:26] FileGuard: Process 4, found virus TR/Crypt.XPACK.Gen.273979, path E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\SETUP\OSE.EXE

[12:23:22] Repaired virus Trojan.Patched.GS.268943, C:\WINDOWS\system32\msimg32.dll
[18:09:49] Key regstriy item modified:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\parameters

------------------------------------------------------------------------------------------------------------------------------------------------

Thank you for any help.

BC AdBot (Login to Remove)

 


#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:11:10 AM

Posted 07 August 2012 - 01:36 PM

Hi,

Download TDSSkiller
Run it on the infected PC, click on change parameters and check the box for TDLFS file system.

Click on "Scan". If it finds suspicious objects leave it as Skip. Locate the log generated (should be in your C drive) with a name like this TDSSKiller.Version_Date_Time_log.txt.
Please post the log.

Edited by Rui Paz, 07 August 2012 - 01:36 PM.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 virus_victim

virus_victim
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 07 August 2012 - 06:46 PM

Thank you for the reply. Attached is the log file of the TDSSKiller scan
--------------------------------------------------------------------------------

19:40:43.0875 1752 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:40:44.0171 1752 ============================================================
19:40:44.0171 1752 Current date / time: 2012/08/07 19:40:44.0171
19:40:44.0171 1752 SystemInfo:
19:40:44.0171 1752
19:40:44.0171 1752 OS Version: 5.1.2600 ServicePack: 2.0
19:40:44.0171 1752 Product type: Workstation
19:40:44.0171 1752 ComputerName: PERSONAL-199B1F
19:40:44.0171 1752 UserName: Prasanna
19:40:44.0171 1752 Windows directory: C:\WINDOWS
19:40:44.0171 1752 System windows directory: C:\WINDOWS
19:40:44.0171 1752 Processor architecture: Intel x86
19:40:44.0171 1752 Number of processors: 2
19:40:44.0171 1752 Page size: 0x1000
19:40:44.0171 1752 Boot type: Normal boot
19:40:44.0171 1752 ============================================================
19:40:46.0875 1752 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:40:46.0875 1752 ============================================================
19:40:46.0875 1752 \Device\Harddisk0\DR0:
19:40:46.0875 1752 MBR partitions:
19:40:46.0875 1752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
19:40:46.0890 1752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0x4E1EDEC
19:40:46.0906 1752 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x88B515A, BlocksNum 0x4E1EDEC
19:40:46.0921 1752 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xD6D3F85, BlocksNum 0x5340C7B
19:40:46.0921 1752 ============================================================
19:40:46.0968 1752 D: <-> \Device\Harddisk0\DR0\Partition1
19:40:47.0031 1752 E: <-> \Device\Harddisk0\DR0\Partition2
19:40:47.0109 1752 F: <-> \Device\Harddisk0\DR0\Partition3
19:40:47.0171 1752 C: <-> \Device\Harddisk0\DR0\Partition0
19:40:47.0171 1752 ============================================================
19:40:47.0171 1752 Initialize success
19:40:47.0171 1752 ============================================================
19:40:49.0796 1004 ============================================================
19:40:49.0796 1004 Scan started
19:40:49.0796 1004 Mode: Manual;
19:40:49.0796 1004 ============================================================
19:40:50.0734 1004 .InCDRm - ok
19:40:50.0875 1004 Abiosdsk - ok
19:40:50.0875 1004 abp480n5 - ok
19:40:50.0968 1004 ACDaemon (61a581e5481e22a76a88490c57015105) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:40:50.0968 1004 ACDaemon - ok
19:40:51.0015 1004 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:40:51.0015 1004 ACPI - ok
19:40:51.0046 1004 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:40:51.0062 1004 ACPIEC - ok
19:40:51.0078 1004 adpu160m - ok
19:40:51.0937 1004 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
19:40:52.0000 1004 aec - ok
19:40:52.0812 1004 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
19:40:52.0812 1004 AFD - ok
19:40:52.0828 1004 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\WINDOWS\system32\agrsmsvc.exe
19:40:52.0828 1004 AgereModemAudio - ok
19:40:52.0953 1004 AgereSoftModem (d31d1a92479bd8c0d050a6ffbdd410d9) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
19:40:53.0015 1004 AgereSoftModem - ok
19:40:53.0015 1004 Aha154x - ok
19:40:53.0031 1004 aic78u2 - ok
19:40:53.0031 1004 aic78xx - ok
19:40:53.0062 1004 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
19:40:53.0078 1004 Alerter - ok
19:40:53.0078 1004 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
19:40:53.0078 1004 ALG - ok
19:40:53.0093 1004 AliIde - ok
19:40:53.0093 1004 amsint - ok
19:40:53.0187 1004 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
19:40:53.0187 1004 AppMgmt - ok
19:40:53.0218 1004 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:40:53.0218 1004 Arp1394 - ok
19:40:53.0218 1004 asc - ok
19:40:53.0234 1004 asc3350p - ok
19:40:53.0234 1004 asc3550 - ok
19:40:53.0265 1004 asdrm (16cde6977cc88433bf3767c4d42b22d3) C:\WINDOWS\system32\DRIVERS\asdrm.sys
19:40:53.0281 1004 asdrm - ok
19:40:53.0343 1004 asdrs (3e62e3122e534254dd314fa8a7b6bf48) C:\WINDOWS\system32\DRIVERS\asdrs.sys
19:40:53.0343 1004 asdrs - ok
19:40:53.0781 1004 asdsrv (197eb3cde17b18c78e1b5324d2e0a451) C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
19:40:53.0796 1004 asdsrv - ok
19:40:53.0828 1004 asdws (9afcf85708576f3ef6fb868b6c604c01) C:\WINDOWS\system32\DRIVERS\asdws.sys
19:40:53.0828 1004 asdws - ok
19:40:53.0875 1004 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:40:53.0875 1004 AsyncMac - ok
19:40:53.0906 1004 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:40:53.0906 1004 atapi - ok
19:40:53.0921 1004 Atdisk - ok
19:40:53.0937 1004 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:40:53.0937 1004 Atmarpc - ok
19:40:53.0968 1004 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
19:40:53.0968 1004 AudioSrv - ok
19:40:54.0046 1004 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:40:54.0046 1004 audstub - ok
19:40:55.0359 1004 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
19:40:56.0000 1004 AVGIDSAgent - ok
19:40:56.0109 1004 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
19:40:56.0140 1004 AVGIDSDriver - ok
19:40:56.0171 1004 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
19:40:56.0171 1004 AVGIDSEH - ok
19:40:56.0187 1004 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
19:40:56.0187 1004 AVGIDSFilter - ok
19:40:56.0218 1004 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
19:40:56.0234 1004 AVGIDSShim - ok
19:40:56.0265 1004 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:40:56.0281 1004 Avgldx86 - ok
19:40:56.0312 1004 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:40:56.0312 1004 Avgmfx86 - ok
19:40:56.0343 1004 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:40:56.0343 1004 Avgrkx86 - ok
19:40:56.0375 1004 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:40:56.0390 1004 Avgtdix - ok
19:40:56.0546 1004 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:40:56.0546 1004 avgwd - ok
19:40:56.0578 1004 b57w2k (71509c9db1a4b2c05141563fbe3e18a0) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
19:40:56.0593 1004 b57w2k - ok
19:40:56.0609 1004 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:40:56.0671 1004 Beep - ok
19:40:56.0703 1004 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
19:40:56.0718 1004 BITS - ok
19:40:56.0750 1004 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
19:40:56.0750 1004 Browser - ok
19:40:56.0812 1004 btaudio (ecdc40cc54603c711e1a7a1c9255184a) C:\WINDOWS\system32\drivers\btaudio.sys
19:40:56.0828 1004 btaudio - ok
19:40:56.0843 1004 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
19:40:56.0843 1004 BTDriver - ok
19:40:56.0906 1004 BTKRNL (885b6d0f826a216eee4c3ad883809012) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
19:40:56.0921 1004 BTKRNL - ok
19:40:57.0015 1004 btwdins (49e9ed37faec5e8c03e81fd73d3884d6) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
19:40:57.0015 1004 btwdins - ok
19:40:57.0062 1004 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
19:40:57.0062 1004 BTWDNDIS - ok
19:40:57.0078 1004 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys
19:40:57.0078 1004 btwhid - ok
19:40:57.0109 1004 btwmodem (8bcd7bfe9c70a8ff7444263435b18aa1) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
19:40:57.0109 1004 btwmodem - ok
19:40:57.0125 1004 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
19:40:57.0125 1004 BTWUSB - ok
19:40:57.0140 1004 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
19:40:57.0171 1004 BVRPMPR5 - ok
19:40:57.0187 1004 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:40:57.0218 1004 cbidf2k - ok
19:40:57.0250 1004 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:40:57.0250 1004 CCDECODE - ok
19:40:57.0250 1004 cd20xrnt - ok
19:40:57.0281 1004 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:40:57.0343 1004 Cdaudio - ok
19:40:57.0359 1004 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
19:40:57.0359 1004 Cdfs - ok
19:40:57.0390 1004 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:40:57.0390 1004 Cdrom - ok
19:40:57.0406 1004 Changer - ok
19:40:57.0437 1004 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
19:40:57.0437 1004 CiSvc - ok
19:40:57.0453 1004 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
19:40:57.0453 1004 ClipSrv - ok
19:40:57.0484 1004 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:40:57.0484 1004 CmBatt - ok
19:40:57.0500 1004 CmdIde - ok
19:40:57.0515 1004 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:40:57.0515 1004 Compbatt - ok
19:40:57.0515 1004 COMSysApp - ok
19:40:57.0515 1004 Cpqarray - ok
19:40:57.0578 1004 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
19:40:57.0593 1004 cpudrv - ok
19:40:57.0625 1004 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
19:40:57.0625 1004 CryptSvc - ok
19:40:57.0625 1004 dac2w2k - ok
19:40:57.0640 1004 dac960nt - ok
19:40:57.0671 1004 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
19:40:57.0687 1004 DcomLaunch - ok
19:40:57.0718 1004 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
19:40:57.0718 1004 Dhcp - ok
19:40:57.0734 1004 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
19:40:57.0734 1004 Disk - ok
19:40:57.0781 1004 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
19:40:57.0796 1004 DKbFltr - ok
19:40:57.0796 1004 dmadmin - ok
19:40:57.0843 1004 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
19:40:57.0875 1004 dmboot - ok
19:40:57.0906 1004 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
19:40:57.0906 1004 dmio - ok
19:40:57.0937 1004 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:40:57.0937 1004 dmload - ok
19:40:57.0968 1004 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
19:40:57.0968 1004 dmserver - ok
19:40:57.0984 1004 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
19:40:58.0000 1004 DMusic - ok
19:40:58.0015 1004 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
19:40:58.0015 1004 Dnscache - ok
19:40:58.0046 1004 Dot4 (ad7fc1963b152b3728e3c4f83554a576) C:\WINDOWS\system32\DRIVERS\Dot4.sys
19:40:58.0062 1004 Dot4 - ok
19:40:58.0078 1004 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
19:40:58.0078 1004 Dot4Print - ok
19:40:58.0093 1004 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
19:40:58.0093 1004 dot4usb - ok
19:40:58.0109 1004 dpti2o - ok
19:40:58.0109 1004 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
19:40:58.0125 1004 drmkaud - ok
19:40:58.0140 1004 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
19:40:58.0156 1004 ERSvc - ok
19:40:58.0171 1004 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
19:40:58.0187 1004 Eventlog - ok
19:40:58.0218 1004 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll
19:40:58.0218 1004 EventSystem - ok
19:40:58.0343 1004 EvtEng (52859724edd0ee282522225e056b6eb3) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:40:58.0359 1004 EvtEng - ok
19:40:58.0390 1004 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
19:40:58.0453 1004 Fastfat - ok
19:40:58.0484 1004 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
19:40:58.0500 1004 FastUserSwitchingCompatibility - ok
19:40:58.0515 1004 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
19:40:58.0562 1004 Fdc - ok
19:40:58.0593 1004 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
19:40:58.0625 1004 Fips - ok
19:40:58.0687 1004 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:40:58.0828 1004 Flpydisk - ok
19:40:58.0984 1004 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:40:59.0031 1004 FltMgr - ok
19:40:59.0078 1004 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:40:59.0140 1004 Fs_Rec - ok
19:40:59.0296 1004 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:40:59.0296 1004 Ftdisk - ok
19:40:59.0343 1004 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:40:59.0343 1004 Gpc - ok
19:40:59.0500 1004 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:40:59.0500 1004 gusvc - ok
19:40:59.0531 1004 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:40:59.0531 1004 HDAudBus - ok
19:40:59.0578 1004 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:40:59.0578 1004 helpsvc - ok
19:40:59.0609 1004 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
19:40:59.0609 1004 HidServ - ok
19:40:59.0625 1004 hidshim (6fdd1dd2d2ea9c4f690da8066055a3b3) C:\WINDOWS\system32\DRIVERS\hidshim.sys
19:40:59.0625 1004 hidshim - ok
19:40:59.0656 1004 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:40:59.0656 1004 hidusb - ok
19:40:59.0656 1004 hpn - ok
19:40:59.0703 1004 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
19:40:59.0703 1004 HTTP - ok
19:40:59.0750 1004 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
19:40:59.0750 1004 HTTPFilter - ok
19:40:59.0750 1004 i2omgmt - ok
19:40:59.0765 1004 i2omp - ok
19:40:59.0796 1004 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:40:59.0796 1004 i8042prt - ok
19:41:00.0015 1004 ialm (c5db546f9028cd00e64335091860d8f3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:41:00.0046 1004 ialm - ok
19:41:00.0125 1004 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:41:00.0140 1004 IDriverT - ok
19:41:00.0265 1004 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:41:00.0265 1004 Imapi - ok
19:41:00.0296 1004 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
19:41:00.0296 1004 ImapiService - ok
19:41:00.0390 1004 InCDfs (7bfc3eda22190c0fe8c2ca19e5379da5) C:\WINDOWS\system32\drivers\InCDFs.sys
19:41:00.0406 1004 InCDfs - ok
19:41:00.0437 1004 InCDPass (fc4dbf18a4eb0d2fe3171471a3d0f9a8) C:\WINDOWS\system32\drivers\InCDPass.sys
19:41:00.0437 1004 InCDPass - ok
19:41:00.0453 1004 InCDrec (f8e7c551def07fdc12ca5cc7ae5d975b) C:\WINDOWS\system32\drivers\InCDrec.sys
19:41:00.0515 1004 InCDrec - ok
19:41:00.0531 1004 incdrm - ok
19:41:00.0812 1004 InCDsrv (c773d093d5c18765e71c7992aee051a2) C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
19:41:00.0859 1004 InCDsrv - ok
19:41:00.0937 1004 ini910u - ok
19:41:01.0296 1004 IntcAzAudAddService (b45a576ad280dd4f605f58b24cdaafe1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:41:01.0484 1004 IntcAzAudAddService - ok
19:41:01.0578 1004 IntelIde - ok
19:41:01.0593 1004 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:41:01.0593 1004 intelppm - ok
19:41:01.0609 1004 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:41:01.0609 1004 Ip6Fw - ok
19:41:01.0640 1004 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:41:01.0640 1004 IpFilterDriver - ok
19:41:01.0656 1004 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:41:01.0656 1004 IpInIp - ok
19:41:01.0687 1004 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:41:01.0687 1004 IpNat - ok
19:41:01.0718 1004 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:41:01.0718 1004 IPSec - ok
19:41:01.0734 1004 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:41:01.0750 1004 IRENUM - ok
19:41:01.0765 1004 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:41:01.0781 1004 isapnp - ok
19:41:01.0812 1004 JavaQuickStarterService - ok
19:41:01.0843 1004 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:41:01.0843 1004 Kbdclass - ok
19:41:01.0875 1004 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:41:01.0875 1004 kbdhid - ok
19:41:01.0921 1004 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
19:41:01.0921 1004 kmixer - ok
19:41:01.0953 1004 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
19:41:02.0015 1004 KSecDD - ok
19:41:02.0046 1004 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll
19:41:02.0046 1004 lanmanserver - ok
19:41:02.0078 1004 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
19:41:02.0078 1004 lanmanworkstation - ok
19:41:02.0296 1004 Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
19:41:02.0328 1004 Lavasoft Ad-Aware Service - ok
19:41:02.0390 1004 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
19:41:02.0453 1004 Lavasoft Kernexplorer - ok
19:41:02.0703 1004 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
19:41:02.0703 1004 Lbd - ok
19:41:02.0703 1004 lbrtfdc - ok
19:41:02.0781 1004 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
19:41:02.0796 1004 LmHosts - ok
19:41:02.0796 1004 MATLAB License Server - ok
19:41:02.0859 1004 McAfeeFramework (1bc1a6b644d4cc1964cd851e92b604f4) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
19:41:02.0875 1004 McAfeeFramework - ok
19:41:02.0921 1004 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
19:41:02.0937 1004 mcdbus - ok
19:41:03.0078 1004 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:41:03.0109 1004 MDM - ok
19:41:03.0187 1004 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
19:41:03.0203 1004 Messenger - ok
19:41:03.0203 1004 mferkdk - ok
19:41:03.0250 1004 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:41:03.0281 1004 mnmdd - ok
19:41:03.0312 1004 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
19:41:03.0328 1004 mnmsrvc - ok
19:41:03.0390 1004 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
19:41:03.0390 1004 Modem - ok
19:41:03.0437 1004 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:41:03.0437 1004 Mouclass - ok
19:41:03.0500 1004 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:41:03.0515 1004 mouhid - ok
19:41:03.0578 1004 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
19:41:03.0625 1004 MountMgr - ok
19:41:03.0671 1004 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:41:03.0687 1004 MozillaMaintenance - ok
19:41:03.0687 1004 mraid35x - ok
19:41:03.0734 1004 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:41:03.0750 1004 MRxDAV - ok
19:41:03.0796 1004 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:41:03.0796 1004 MRxSmb - ok
19:41:03.0843 1004 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
19:41:03.0843 1004 MSDTC - ok
19:41:03.0843 1004 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
19:41:03.0890 1004 Msfs - ok
19:41:03.0890 1004 MSIServer - ok
19:41:03.0906 1004 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:41:03.0906 1004 MSKSSRV - ok
19:41:03.0906 1004 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:41:03.0921 1004 MSPCLOCK - ok
19:41:03.0953 1004 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
19:41:03.0953 1004 MSPQM - ok
19:41:03.0984 1004 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:41:03.0984 1004 mssmbios - ok
19:41:04.0000 1004 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
19:41:04.0000 1004 MSTEE - ok
19:41:04.0015 1004 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
19:41:04.0046 1004 Mup - ok
19:41:04.0093 1004 MySQL - ok
19:41:04.0125 1004 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:41:04.0125 1004 NABTSFEC - ok
19:41:04.0250 1004 NBService (6d8fcdd5bb3b676ef58fa234073492c6) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
19:41:04.0250 1004 NBService - ok
19:41:04.0296 1004 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
19:41:04.0328 1004 NDIS - ok
19:41:04.0359 1004 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:41:04.0359 1004 NdisIP - ok
19:41:04.0375 1004 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:41:04.0390 1004 NdisTapi - ok
19:41:04.0406 1004 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:41:04.0406 1004 Ndisuio - ok
19:41:04.0421 1004 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:41:04.0421 1004 NdisWan - ok
19:41:04.0437 1004 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
19:41:04.0500 1004 NDProxy - ok
19:41:04.0515 1004 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:41:04.0515 1004 NetBIOS - ok
19:41:04.0562 1004 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:41:04.0562 1004 NetBT - ok
19:41:04.0609 1004 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
19:41:04.0609 1004 NetDDE - ok
19:41:04.0609 1004 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
19:41:04.0609 1004 NetDDEdsdm - ok
19:41:04.0640 1004 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
19:41:04.0640 1004 Netlogon - ok
19:41:04.0671 1004 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
19:41:04.0671 1004 Netman - ok
19:41:04.0812 1004 NETw4x32 (e9d78fdf7ed53bc789cfeed1d3f15ef2) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
19:41:04.0843 1004 NETw4x32 - ok
19:41:05.0375 1004 NETw5x32 (3bdc90d9b12b685944f2b0896af5413c) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
19:41:05.0593 1004 NETw5x32 - ok
19:41:06.0031 1004 NETwLx32 (72062b53186e4a3f5fcbc41ebb62b905) C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
19:41:06.0234 1004 NETwLx32 - ok
19:41:06.0312 1004 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:41:06.0312 1004 NIC1394 - ok
19:41:06.0359 1004 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
19:41:06.0359 1004 Nla - ok
19:41:06.0468 1004 NMIndexingService (e584d6668e6a3923ff32e026a5ed2a03) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
19:41:06.0484 1004 NMIndexingService - ok
19:41:06.0515 1004 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
19:41:06.0515 1004 Npfs - ok
19:41:06.0578 1004 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
19:41:06.0625 1004 Ntfs - ok
19:41:06.0640 1004 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
19:41:06.0640 1004 NtLmSsp - ok
19:41:06.0671 1004 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
19:41:06.0687 1004 NtmsSvc - ok
19:41:06.0703 1004 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:41:06.0703 1004 Null - ok
19:41:06.0734 1004 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:41:06.0734 1004 NwlnkFlt - ok
19:41:06.0750 1004 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:41:06.0750 1004 NwlnkFwd - ok
19:41:06.0890 1004 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:41:06.0906 1004 odserv - ok
19:41:06.0937 1004 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:41:06.0937 1004 ohci1394 - ok
19:41:07.0062 1004 OracleOraHome81Agent (ba3e6b23c869b1821fe6cc77e2914b5c) E:\Oracle\Ora81\bin\dbsnmp.exe
19:41:07.0093 1004 OracleOraHome81Agent - ok
19:41:07.0109 1004 OracleOraHome81ClientCache (00b0b7d8d8cbf963105fbd85e7c5aa07) E:\Oracle\Ora81\BIN\ONRSD.EXE
19:41:07.0125 1004 OracleOraHome81ClientCache - ok
19:41:07.0156 1004 OracleOraHome81DataGatherer (525fb1969cbfbf760303fe4e141e983d) E:\Oracle\Ora81\bin\vppdc.exe
19:41:07.0156 1004 OracleOraHome81DataGatherer - ok
19:41:07.0156 1004 OracleOraHome81TNSListener - ok
19:41:07.0171 1004 OracleServiceORA - ok
19:41:07.0218 1004 OracleWebAssistant0 (4bc3b1212f540e4cc6f8ebc11d395d93) E:\Oracle\Ora81\BIN\OWASTSVR.EXE
19:41:07.0218 1004 OracleWebAssistant0 - ok
19:41:07.0312 1004 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:41:07.0312 1004 ose - ok
19:41:07.0343 1004 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
19:41:07.0343 1004 Parport - ok
19:41:07.0390 1004 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
19:41:07.0390 1004 PartMgr - ok
19:41:07.0390 1004 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:41:07.0406 1004 ParVdm - ok
19:41:07.0437 1004 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
19:41:07.0437 1004 PCI - ok
19:41:07.0437 1004 PCIDump - ok
19:41:07.0500 1004 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:41:07.0500 1004 PCIIde - ok
19:41:07.0531 1004 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:41:07.0562 1004 Pcmcia - ok
19:41:07.0562 1004 PDCOMP - ok
19:41:07.0562 1004 PDFRAME - ok
19:41:07.0578 1004 PDRELI - ok
19:41:07.0578 1004 PDRFRAME - ok
19:41:07.0578 1004 perc2 - ok
19:41:07.0578 1004 perc2hib - ok
19:41:07.0625 1004 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
19:41:07.0640 1004 PlugPlay - ok
19:41:07.0656 1004 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
19:41:07.0656 1004 PolicyAgent - ok
19:41:07.0671 1004 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:41:07.0687 1004 PptpMiniport - ok
19:41:07.0687 1004 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
19:41:07.0687 1004 ProtectedStorage - ok
19:41:07.0687 1004 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
19:41:07.0687 1004 PSched - ok
19:41:07.0734 1004 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:41:07.0734 1004 Ptilink - ok
19:41:07.0734 1004 ql1080 - ok
19:41:07.0734 1004 Ql10wnt - ok
19:41:07.0750 1004 ql12160 - ok
19:41:07.0750 1004 ql1240 - ok
19:41:07.0750 1004 ql1280 - ok
19:41:07.0765 1004 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:41:07.0765 1004 RasAcd - ok
19:41:07.0796 1004 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
19:41:07.0796 1004 RasAuto - ok
19:41:07.0812 1004 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:41:07.0812 1004 Rasl2tp - ok
19:41:07.0843 1004 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
19:41:07.0843 1004 RasMan - ok
19:41:07.0843 1004 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:41:07.0843 1004 RasPppoe - ok
19:41:07.0875 1004 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:41:07.0875 1004 Raspti - ok
19:41:07.0906 1004 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:41:07.0921 1004 Rdbss - ok
19:41:07.0937 1004 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:41:07.0937 1004 RDPCDD - ok
19:41:07.0984 1004 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:41:07.0984 1004 rdpdr - ok
19:41:08.0015 1004 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
19:41:08.0093 1004 RDPWD - ok
19:41:08.0125 1004 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
19:41:08.0125 1004 RDSessMgr - ok
19:41:08.0140 1004 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:41:08.0140 1004 redbook - ok
19:41:08.0250 1004 RegSrvc (3b1a7cea1e230103264405e0fb05532c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:41:08.0265 1004 RegSrvc - ok
19:41:08.0296 1004 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
19:41:08.0312 1004 RemoteAccess - ok
19:41:08.0343 1004 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
19:41:08.0343 1004 RemoteRegistry - ok
19:41:08.0375 1004 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
19:41:08.0375 1004 rimmptsk - ok
19:41:08.0375 1004 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
19:41:08.0390 1004 rimsptsk - ok
19:41:08.0406 1004 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
19:41:08.0406 1004 rismxdp - ok
19:41:08.0453 1004 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
19:41:08.0453 1004 RpcLocator - ok
19:41:08.0500 1004 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
19:41:08.0500 1004 RpcSs - ok
19:41:08.0546 1004 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:41:08.0546 1004 RSVP - ok
19:41:08.0656 1004 S24EventMonitor (8c9d57338b02d95c0fc7db428c50a001) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
19:41:08.0671 1004 S24EventMonitor - ok
19:41:08.0703 1004 s24trans (27fc71da659305e260acbda15a318399) C:\WINDOWS\system32\DRIVERS\s24trans.sys
19:41:08.0718 1004 s24trans - ok
19:41:08.0750 1004 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
19:41:08.0750 1004 SamSs - ok
19:41:08.0781 1004 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
19:41:08.0781 1004 SCardSvr - ok
19:41:08.0828 1004 SCDEmu (90226947195699eee8b1241627fe77ce) C:\WINDOWS\system32\drivers\SCDEmu.sys
19:41:08.0921 1004 SCDEmu - ok
19:41:08.0953 1004 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
19:41:08.0953 1004 Schedule - ok
19:41:08.0968 1004 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:41:08.0984 1004 sdbus - ok
19:41:09.0015 1004 se59bus (7c38fc284136981ebe002252fa0900d3) C:\WINDOWS\system32\DRIVERS\se59bus.sys
19:41:09.0031 1004 se59bus - ok
19:41:09.0046 1004 se59mdfl (3ced539f4373ccf8d3fe71ae51053d5d) C:\WINDOWS\system32\DRIVERS\se59mdfl.sys
19:41:09.0046 1004 se59mdfl - ok
19:41:09.0078 1004 se59mdm (c6a6aa039d14f2ea1998e5f922014067) C:\WINDOWS\system32\DRIVERS\se59mdm.sys
19:41:09.0078 1004 se59mdm - ok
19:41:09.0125 1004 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:41:09.0125 1004 Secdrv - ok
19:41:09.0156 1004 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
19:41:09.0171 1004 seclogon - ok
19:41:09.0187 1004 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
19:41:09.0187 1004 SENS - ok
19:41:09.0218 1004 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
19:41:09.0218 1004 Serial - ok
19:41:09.0234 1004 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:41:09.0265 1004 Sfloppy - ok
19:41:09.0312 1004 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
19:41:09.0328 1004 SharedAccess - ok
19:41:09.0343 1004 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
19:41:09.0343 1004 ShellHWDetection - ok
19:41:09.0359 1004 Simbad - ok
19:41:09.0390 1004 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:41:09.0390 1004 SLIP - ok
19:41:09.0421 1004 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
19:41:09.0421 1004 SONYPVU1 - ok
19:41:09.0421 1004 Sparrow - ok
19:41:09.0453 1004 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
19:41:09.0453 1004 splitter - ok
19:41:09.0484 1004 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
19:41:09.0484 1004 Spooler - ok
19:41:09.0562 1004 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
19:41:09.0562 1004 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
19:41:09.0562 1004 sptd ( LockedFile.Multi.Generic ) - warning
19:41:09.0562 1004 sptd - detected LockedFile.Multi.Generic (1)
19:41:09.0593 1004 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
19:41:09.0593 1004 sr - ok
19:41:09.0625 1004 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
19:41:09.0625 1004 srservice - ok
19:41:09.0687 1004 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
19:41:09.0703 1004 Srv - ok
19:41:09.0718 1004 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
19:41:09.0718 1004 SSDPSRV - ok
19:41:09.0796 1004 StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
19:41:09.0796 1004 StarWindServiceAE - ok
19:41:09.0843 1004 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
19:41:09.0859 1004 stisvc - ok
19:41:09.0875 1004 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:41:09.0875 1004 streamip - ok
19:41:09.0906 1004 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:41:09.0906 1004 swenum - ok
19:41:09.0937 1004 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
19:41:09.0953 1004 swmidi - ok
19:41:09.0953 1004 SwPrv - ok
19:41:09.0953 1004 symc810 - ok
19:41:09.0953 1004 symc8xx - ok
19:41:09.0968 1004 sym_hi - ok
19:41:09.0968 1004 sym_u3 - ok
19:41:10.0015 1004 SynTP (273ac5b332578d5af84290daa76e92b3) C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:41:10.0015 1004 SynTP - ok
19:41:10.0046 1004 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
19:41:10.0062 1004 sysaudio - ok
19:41:10.0093 1004 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
19:41:10.0093 1004 SysmonLog - ok
19:41:10.0140 1004 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
19:41:10.0140 1004 TapiSrv - ok
19:41:10.0187 1004 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:41:10.0203 1004 Tcpip - ok
19:41:10.0234 1004 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:41:10.0281 1004 TDPIPE - ok
19:41:10.0296 1004 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
19:41:10.0343 1004 TDTCP - ok
19:41:10.0359 1004 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:41:10.0359 1004 TermDD - ok
19:41:10.0390 1004 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
19:41:10.0406 1004 TermService - ok
19:41:10.0437 1004 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
19:41:10.0437 1004 Themes - ok
19:41:10.0468 1004 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
19:41:10.0468 1004 TlntSvr - ok
19:41:10.0484 1004 TosIde - ok
19:41:10.0515 1004 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
19:41:10.0515 1004 TrkWks - ok
19:41:10.0562 1004 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
19:41:10.0609 1004 Udfs - ok
19:41:10.0609 1004 ultra - ok
19:41:10.0656 1004 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
19:41:10.0656 1004 UMWdf - ok
19:41:10.0703 1004 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
19:41:10.0703 1004 Update - ok
19:41:10.0734 1004 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
19:41:10.0750 1004 upnphost - ok
19:41:10.0765 1004 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
19:41:10.0781 1004 UPS - ok
19:41:10.0812 1004 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:41:10.0812 1004 usbccgp - ok
19:41:10.0843 1004 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:41:10.0843 1004 usbehci - ok
19:41:10.0875 1004 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:41:10.0875 1004 usbhub - ok
19:41:10.0984 1004 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:41:11.0015 1004 USBSTOR - ok
19:41:11.0078 1004 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:41:11.0078 1004 usbuhci - ok
19:41:11.0140 1004 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:41:11.0140 1004 usbvideo - ok
19:41:11.0218 1004 UWIN_MS (9c8c82db7b6a5ba89e122c0bfe404f9a) C:\Program Files\UWIN\usr\etc\ums.exe
19:41:11.0234 1004 UWIN_MS - ok
19:41:11.0265 1004 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
19:41:11.0265 1004 VgaSave - ok
19:41:11.0281 1004 ViaIde - ok
19:41:11.0312 1004 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
19:41:11.0343 1004 VolSnap - ok
19:41:11.0390 1004 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
19:41:11.0406 1004 VSS - ok
19:41:11.0437 1004 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
19:41:11.0453 1004 W32Time - ok
19:41:11.0484 1004 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:41:11.0484 1004 Wanarp - ok
19:41:11.0531 1004 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:41:11.0546 1004 Wdf01000 - ok
19:41:11.0546 1004 WDICA - ok
19:41:11.0593 1004 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
19:41:11.0593 1004 wdmaud - ok
19:41:11.0640 1004 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
19:41:11.0656 1004 WebClient - ok
19:41:11.0671 1004 winbondhidcir (85072486ec208ca0c63c33bbc1a88a4b) C:\WINDOWS\system32\DRIVERS\winbondhidcir.sys
19:41:11.0671 1004 winbondhidcir - ok
19:41:11.0718 1004 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:41:11.0734 1004 winmgmt - ok
19:41:11.0765 1004 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
19:41:11.0765 1004 WmdmPmSN - ok
19:41:11.0859 1004 Wmi (1081c185aed0660b2b5f173c3e023b23) C:\WINDOWS\System32\advapi32.dll
19:41:11.0859 1004 Wmi - ok
19:41:11.0875 1004 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:41:11.0875 1004 WmiAcpi - ok
19:41:11.0906 1004 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:41:11.0906 1004 WmiApSrv - ok
19:41:11.0937 1004 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
19:41:11.0937 1004 WpdUsb - ok
19:41:11.0968 1004 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
19:41:11.0968 1004 wscsvc - ok
19:41:12.0000 1004 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:41:12.0000 1004 WSTCODEC - ok
19:41:12.0031 1004 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
19:41:12.0031 1004 WZCSVC - ok
19:41:12.0062 1004 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
19:41:12.0062 1004 xmlprov - ok
19:41:12.0093 1004 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:41:12.0109 1004 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
19:41:12.0109 1004 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
19:41:12.0109 1004 Boot (0x1200) (0077aa3bd1b3d0107989171a86b1ae99) \Device\Harddisk0\DR0\Partition0
19:41:12.0125 1004 \Device\Harddisk0\DR0\Partition0 - ok
19:41:12.0140 1004 Boot (0x1200) (89a9b78b835cb206c1f03736aa3136ca) \Device\Harddisk0\DR0\Partition1
19:41:12.0140 1004 \Device\Harddisk0\DR0\Partition1 - ok
19:41:12.0171 1004 Boot (0x1200) (95e1c3f044ab8e258993596344d40328) \Device\Harddisk0\DR0\Partition2
19:41:12.0171 1004 \Device\Harddisk0\DR0\Partition2 - ok
19:41:12.0187 1004 Boot (0x1200) (b4d7b1dca4a6f5a1cc3075293dbabb56) \Device\Harddisk0\DR0\Partition3
19:41:12.0187 1004 \Device\Harddisk0\DR0\Partition3 - ok
19:41:12.0187 1004 ============================================================
19:41:12.0187 1004 Scan finished
19:41:12.0187 1004 ============================================================
19:41:12.0203 1560 Detected object count: 2
19:41:12.0203 1560 Actual detected object count: 2
19:44:02.0921 1560 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:44:02.0921 1560 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:44:02.0921 1560 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
19:44:02.0921 1560 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip

#4 virus_victim

virus_victim
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 07 August 2012 - 06:49 PM

I forgot to copy and post the entire log earlier. Here it is -

19:40:43.0875 1752 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:40:44.0171 1752 ============================================================
19:40:44.0171 1752 Current date / time: 2012/08/07 19:40:44.0171
19:40:44.0171 1752 SystemInfo:
19:40:44.0171 1752
19:40:44.0171 1752 OS Version: 5.1.2600 ServicePack: 2.0
19:40:44.0171 1752 Product type: Workstation
19:40:44.0171 1752 ComputerName: PERSONAL-199B1F
19:40:44.0171 1752 UserName: Prasanna
19:40:44.0171 1752 Windows directory: C:\WINDOWS
19:40:44.0171 1752 System windows directory: C:\WINDOWS
19:40:44.0171 1752 Processor architecture: Intel x86
19:40:44.0171 1752 Number of processors: 2
19:40:44.0171 1752 Page size: 0x1000
19:40:44.0171 1752 Boot type: Normal boot
19:40:44.0171 1752 ============================================================
19:40:46.0875 1752 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:40:46.0875 1752 ============================================================
19:40:46.0875 1752 \Device\Harddisk0\DR0:
19:40:46.0875 1752 MBR partitions:
19:40:46.0875 1752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
19:40:46.0890 1752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0x4E1EDEC
19:40:46.0906 1752 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x88B515A, BlocksNum 0x4E1EDEC
19:40:46.0921 1752 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xD6D3F85, BlocksNum 0x5340C7B
19:40:46.0921 1752 ============================================================
19:40:46.0968 1752 D: <-> \Device\Harddisk0\DR0\Partition1
19:40:47.0031 1752 E: <-> \Device\Harddisk0\DR0\Partition2
19:40:47.0109 1752 F: <-> \Device\Harddisk0\DR0\Partition3
19:40:47.0171 1752 C: <-> \Device\Harddisk0\DR0\Partition0
19:40:47.0171 1752 ============================================================
19:40:47.0171 1752 Initialize success
19:40:47.0171 1752 ============================================================
19:40:49.0796 1004 ============================================================
19:40:49.0796 1004 Scan started
19:40:49.0796 1004 Mode: Manual;
19:40:49.0796 1004 ============================================================
19:40:50.0734 1004 .InCDRm - ok
19:40:50.0875 1004 Abiosdsk - ok
19:40:50.0875 1004 abp480n5 - ok
19:40:50.0968 1004 ACDaemon (61a581e5481e22a76a88490c57015105) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:40:50.0968 1004 ACDaemon - ok
19:40:51.0015 1004 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:40:51.0015 1004 ACPI - ok
19:40:51.0046 1004 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:40:51.0062 1004 ACPIEC - ok
19:40:51.0078 1004 adpu160m - ok
19:40:51.0937 1004 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
19:40:52.0000 1004 aec - ok
19:40:52.0812 1004 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
19:40:52.0812 1004 AFD - ok
19:40:52.0828 1004 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\WINDOWS\system32\agrsmsvc.exe
19:40:52.0828 1004 AgereModemAudio - ok
19:40:52.0953 1004 AgereSoftModem (d31d1a92479bd8c0d050a6ffbdd410d9) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
19:40:53.0015 1004 AgereSoftModem - ok
19:40:53.0015 1004 Aha154x - ok
19:40:53.0031 1004 aic78u2 - ok
19:40:53.0031 1004 aic78xx - ok
19:40:53.0062 1004 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
19:40:53.0078 1004 Alerter - ok
19:40:53.0078 1004 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
19:40:53.0078 1004 ALG - ok
19:40:53.0093 1004 AliIde - ok
19:40:53.0093 1004 amsint - ok
19:40:53.0187 1004 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
19:40:53.0187 1004 AppMgmt - ok
19:40:53.0218 1004 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:40:53.0218 1004 Arp1394 - ok
19:40:53.0218 1004 asc - ok
19:40:53.0234 1004 asc3350p - ok
19:40:53.0234 1004 asc3550 - ok
19:40:53.0265 1004 asdrm (16cde6977cc88433bf3767c4d42b22d3) C:\WINDOWS\system32\DRIVERS\asdrm.sys
19:40:53.0281 1004 asdrm - ok
19:40:53.0343 1004 asdrs (3e62e3122e534254dd314fa8a7b6bf48) C:\WINDOWS\system32\DRIVERS\asdrs.sys
19:40:53.0343 1004 asdrs - ok
19:40:53.0781 1004 asdsrv (197eb3cde17b18c78e1b5324d2e0a451) C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
19:40:53.0796 1004 asdsrv - ok
19:40:53.0828 1004 asdws (9afcf85708576f3ef6fb868b6c604c01) C:\WINDOWS\system32\DRIVERS\asdws.sys
19:40:53.0828 1004 asdws - ok
19:40:53.0875 1004 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:40:53.0875 1004 AsyncMac - ok
19:40:53.0906 1004 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:40:53.0906 1004 atapi - ok
19:40:53.0921 1004 Atdisk - ok
19:40:53.0937 1004 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:40:53.0937 1004 Atmarpc - ok
19:40:53.0968 1004 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
19:40:53.0968 1004 AudioSrv - ok
19:40:54.0046 1004 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:40:54.0046 1004 audstub - ok
19:40:55.0359 1004 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
19:40:56.0000 1004 AVGIDSAgent - ok
19:40:56.0109 1004 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
19:40:56.0140 1004 AVGIDSDriver - ok
19:40:56.0171 1004 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
19:40:56.0171 1004 AVGIDSEH - ok
19:40:56.0187 1004 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
19:40:56.0187 1004 AVGIDSFilter - ok
19:40:56.0218 1004 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
19:40:56.0234 1004 AVGIDSShim - ok
19:40:56.0265 1004 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:40:56.0281 1004 Avgldx86 - ok
19:40:56.0312 1004 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:40:56.0312 1004 Avgmfx86 - ok
19:40:56.0343 1004 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:40:56.0343 1004 Avgrkx86 - ok
19:40:56.0375 1004 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:40:56.0390 1004 Avgtdix - ok
19:40:56.0546 1004 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:40:56.0546 1004 avgwd - ok
19:40:56.0578 1004 b57w2k (71509c9db1a4b2c05141563fbe3e18a0) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
19:40:56.0593 1004 b57w2k - ok
19:40:56.0609 1004 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:40:56.0671 1004 Beep - ok
19:40:56.0703 1004 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
19:40:56.0718 1004 BITS - ok
19:40:56.0750 1004 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
19:40:56.0750 1004 Browser - ok
19:40:56.0812 1004 btaudio (ecdc40cc54603c711e1a7a1c9255184a) C:\WINDOWS\system32\drivers\btaudio.sys
19:40:56.0828 1004 btaudio - ok
19:40:56.0843 1004 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
19:40:56.0843 1004 BTDriver - ok
19:40:56.0906 1004 BTKRNL (885b6d0f826a216eee4c3ad883809012) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
19:40:56.0921 1004 BTKRNL - ok
19:40:57.0015 1004 btwdins (49e9ed37faec5e8c03e81fd73d3884d6) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
19:40:57.0015 1004 btwdins - ok
19:40:57.0062 1004 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
19:40:57.0062 1004 BTWDNDIS - ok
19:40:57.0078 1004 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys
19:40:57.0078 1004 btwhid - ok
19:40:57.0109 1004 btwmodem (8bcd7bfe9c70a8ff7444263435b18aa1) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
19:40:57.0109 1004 btwmodem - ok
19:40:57.0125 1004 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
19:40:57.0125 1004 BTWUSB - ok
19:40:57.0140 1004 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
19:40:57.0171 1004 BVRPMPR5 - ok
19:40:57.0187 1004 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:40:57.0218 1004 cbidf2k - ok
19:40:57.0250 1004 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:40:57.0250 1004 CCDECODE - ok
19:40:57.0250 1004 cd20xrnt - ok
19:40:57.0281 1004 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:40:57.0343 1004 Cdaudio - ok
19:40:57.0359 1004 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
19:40:57.0359 1004 Cdfs - ok
19:40:57.0390 1004 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:40:57.0390 1004 Cdrom - ok
19:40:57.0406 1004 Changer - ok
19:40:57.0437 1004 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
19:40:57.0437 1004 CiSvc - ok
19:40:57.0453 1004 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
19:40:57.0453 1004 ClipSrv - ok
19:40:57.0484 1004 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:40:57.0484 1004 CmBatt - ok
19:40:57.0500 1004 CmdIde - ok
19:40:57.0515 1004 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:40:57.0515 1004 Compbatt - ok
19:40:57.0515 1004 COMSysApp - ok
19:40:57.0515 1004 Cpqarray - ok
19:40:57.0578 1004 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
19:40:57.0593 1004 cpudrv - ok
19:40:57.0625 1004 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
19:40:57.0625 1004 CryptSvc - ok
19:40:57.0625 1004 dac2w2k - ok
19:40:57.0640 1004 dac960nt - ok
19:40:57.0671 1004 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
19:40:57.0687 1004 DcomLaunch - ok
19:40:57.0718 1004 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
19:40:57.0718 1004 Dhcp - ok
19:40:57.0734 1004 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
19:40:57.0734 1004 Disk - ok
19:40:57.0781 1004 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
19:40:57.0796 1004 DKbFltr - ok
19:40:57.0796 1004 dmadmin - ok
19:40:57.0843 1004 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
19:40:57.0875 1004 dmboot - ok
19:40:57.0906 1004 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
19:40:57.0906 1004 dmio - ok
19:40:57.0937 1004 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:40:57.0937 1004 dmload - ok
19:40:57.0968 1004 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
19:40:57.0968 1004 dmserver - ok
19:40:57.0984 1004 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
19:40:58.0000 1004 DMusic - ok
19:40:58.0015 1004 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
19:40:58.0015 1004 Dnscache - ok
19:40:58.0046 1004 Dot4 (ad7fc1963b152b3728e3c4f83554a576) C:\WINDOWS\system32\DRIVERS\Dot4.sys
19:40:58.0062 1004 Dot4 - ok
19:40:58.0078 1004 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
19:40:58.0078 1004 Dot4Print - ok
19:40:58.0093 1004 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
19:40:58.0093 1004 dot4usb - ok
19:40:58.0109 1004 dpti2o - ok
19:40:58.0109 1004 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
19:40:58.0125 1004 drmkaud - ok
19:40:58.0140 1004 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
19:40:58.0156 1004 ERSvc - ok
19:40:58.0171 1004 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
19:40:58.0187 1004 Eventlog - ok
19:40:58.0218 1004 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll
19:40:58.0218 1004 EventSystem - ok
19:40:58.0343 1004 EvtEng (52859724edd0ee282522225e056b6eb3) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:40:58.0359 1004 EvtEng - ok
19:40:58.0390 1004 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
19:40:58.0453 1004 Fastfat - ok
19:40:58.0484 1004 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
19:40:58.0500 1004 FastUserSwitchingCompatibility - ok
19:40:58.0515 1004 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
19:40:58.0562 1004 Fdc - ok
19:40:58.0593 1004 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
19:40:58.0625 1004 Fips - ok
19:40:58.0687 1004 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:40:58.0828 1004 Flpydisk - ok
19:40:58.0984 1004 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:40:59.0031 1004 FltMgr - ok
19:40:59.0078 1004 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:40:59.0140 1004 Fs_Rec - ok
19:40:59.0296 1004 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:40:59.0296 1004 Ftdisk - ok
19:40:59.0343 1004 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:40:59.0343 1004 Gpc - ok
19:40:59.0500 1004 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:40:59.0500 1004 gusvc - ok
19:40:59.0531 1004 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:40:59.0531 1004 HDAudBus - ok
19:40:59.0578 1004 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:40:59.0578 1004 helpsvc - ok
19:40:59.0609 1004 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
19:40:59.0609 1004 HidServ - ok
19:40:59.0625 1004 hidshim (6fdd1dd2d2ea9c4f690da8066055a3b3) C:\WINDOWS\system32\DRIVERS\hidshim.sys
19:40:59.0625 1004 hidshim - ok
19:40:59.0656 1004 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:40:59.0656 1004 hidusb - ok
19:40:59.0656 1004 hpn - ok
19:40:59.0703 1004 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
19:40:59.0703 1004 HTTP - ok
19:40:59.0750 1004 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
19:40:59.0750 1004 HTTPFilter - ok
19:40:59.0750 1004 i2omgmt - ok
19:40:59.0765 1004 i2omp - ok
19:40:59.0796 1004 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:40:59.0796 1004 i8042prt - ok
19:41:00.0015 1004 ialm (c5db546f9028cd00e64335091860d8f3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:41:00.0046 1004 ialm - ok
19:41:00.0125 1004 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:41:00.0140 1004 IDriverT - ok
19:41:00.0265 1004 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:41:00.0265 1004 Imapi - ok
19:41:00.0296 1004 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
19:41:00.0296 1004 ImapiService - ok
19:41:00.0390 1004 InCDfs (7bfc3eda22190c0fe8c2ca19e5379da5) C:\WINDOWS\system32\drivers\InCDFs.sys
19:41:00.0406 1004 InCDfs - ok
19:41:00.0437 1004 InCDPass (fc4dbf18a4eb0d2fe3171471a3d0f9a8) C:\WINDOWS\system32\drivers\InCDPass.sys
19:41:00.0437 1004 InCDPass - ok
19:41:00.0453 1004 InCDrec (f8e7c551def07fdc12ca5cc7ae5d975b) C:\WINDOWS\system32\drivers\InCDrec.sys
19:41:00.0515 1004 InCDrec - ok
19:41:00.0531 1004 incdrm - ok
19:41:00.0812 1004 InCDsrv (c773d093d5c18765e71c7992aee051a2) C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
19:41:00.0859 1004 InCDsrv - ok
19:41:00.0937 1004 ini910u - ok
19:41:01.0296 1004 IntcAzAudAddService (b45a576ad280dd4f605f58b24cdaafe1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:41:01.0484 1004 IntcAzAudAddService - ok
19:41:01.0578 1004 IntelIde - ok
19:41:01.0593 1004 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:41:01.0593 1004 intelppm - ok
19:41:01.0609 1004 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:41:01.0609 1004 Ip6Fw - ok
19:41:01.0640 1004 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:41:01.0640 1004 IpFilterDriver - ok
19:41:01.0656 1004 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:41:01.0656 1004 IpInIp - ok
19:41:01.0687 1004 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:41:01.0687 1004 IpNat - ok
19:41:01.0718 1004 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:41:01.0718 1004 IPSec - ok
19:41:01.0734 1004 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:41:01.0750 1004 IRENUM - ok
19:41:01.0765 1004 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:41:01.0781 1004 isapnp - ok
19:41:01.0812 1004 JavaQuickStarterService - ok
19:41:01.0843 1004 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:41:01.0843 1004 Kbdclass - ok
19:41:01.0875 1004 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:41:01.0875 1004 kbdhid - ok
19:41:01.0921 1004 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
19:41:01.0921 1004 kmixer - ok
19:41:01.0953 1004 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
19:41:02.0015 1004 KSecDD - ok
19:41:02.0046 1004 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll
19:41:02.0046 1004 lanmanserver - ok
19:41:02.0078 1004 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
19:41:02.0078 1004 lanmanworkstation - ok
19:41:02.0296 1004 Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
19:41:02.0328 1004 Lavasoft Ad-Aware Service - ok
19:41:02.0390 1004 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
19:41:02.0453 1004 Lavasoft Kernexplorer - ok
19:41:02.0703 1004 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
19:41:02.0703 1004 Lbd - ok
19:41:02.0703 1004 lbrtfdc - ok
19:41:02.0781 1004 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
19:41:02.0796 1004 LmHosts - ok
19:41:02.0796 1004 MATLAB License Server - ok
19:41:02.0859 1004 McAfeeFramework (1bc1a6b644d4cc1964cd851e92b604f4) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
19:41:02.0875 1004 McAfeeFramework - ok
19:41:02.0921 1004 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
19:41:02.0937 1004 mcdbus - ok
19:41:03.0078 1004 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:41:03.0109 1004 MDM - ok
19:41:03.0187 1004 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
19:41:03.0203 1004 Messenger - ok
19:41:03.0203 1004 mferkdk - ok
19:41:03.0250 1004 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:41:03.0281 1004 mnmdd - ok
19:41:03.0312 1004 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
19:41:03.0328 1004 mnmsrvc - ok
19:41:03.0390 1004 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
19:41:03.0390 1004 Modem - ok
19:41:03.0437 1004 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:41:03.0437 1004 Mouclass - ok
19:41:03.0500 1004 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:41:03.0515 1004 mouhid - ok
19:41:03.0578 1004 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
19:41:03.0625 1004 MountMgr - ok
19:41:03.0671 1004 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:41:03.0687 1004 MozillaMaintenance - ok
19:41:03.0687 1004 mraid35x - ok
19:41:03.0734 1004 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:41:03.0750 1004 MRxDAV - ok
19:41:03.0796 1004 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:41:03.0796 1004 MRxSmb - ok
19:41:03.0843 1004 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
19:41:03.0843 1004 MSDTC - ok
19:41:03.0843 1004 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
19:41:03.0890 1004 Msfs - ok
19:41:03.0890 1004 MSIServer - ok
19:41:03.0906 1004 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:41:03.0906 1004 MSKSSRV - ok
19:41:03.0906 1004 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:41:03.0921 1004 MSPCLOCK - ok
19:41:03.0953 1004 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
19:41:03.0953 1004 MSPQM - ok
19:41:03.0984 1004 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:41:03.0984 1004 mssmbios - ok
19:41:04.0000 1004 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
19:41:04.0000 1004 MSTEE - ok
19:41:04.0015 1004 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
19:41:04.0046 1004 Mup - ok
19:41:04.0093 1004 MySQL - ok
19:41:04.0125 1004 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:41:04.0125 1004 NABTSFEC - ok
19:41:04.0250 1004 NBService (6d8fcdd5bb3b676ef58fa234073492c6) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
19:41:04.0250 1004 NBService - ok
19:41:04.0296 1004 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
19:41:04.0328 1004 NDIS - ok
19:41:04.0359 1004 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:41:04.0359 1004 NdisIP - ok
19:41:04.0375 1004 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:41:04.0390 1004 NdisTapi - ok
19:41:04.0406 1004 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:41:04.0406 1004 Ndisuio - ok
19:41:04.0421 1004 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:41:04.0421 1004 NdisWan - ok
19:41:04.0437 1004 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
19:41:04.0500 1004 NDProxy - ok
19:41:04.0515 1004 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:41:04.0515 1004 NetBIOS - ok
19:41:04.0562 1004 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:41:04.0562 1004 NetBT - ok
19:41:04.0609 1004 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
19:41:04.0609 1004 NetDDE - ok
19:41:04.0609 1004 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
19:41:04.0609 1004 NetDDEdsdm - ok
19:41:04.0640 1004 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
19:41:04.0640 1004 Netlogon - ok
19:41:04.0671 1004 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
19:41:04.0671 1004 Netman - ok
19:41:04.0812 1004 NETw4x32 (e9d78fdf7ed53bc789cfeed1d3f15ef2) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
19:41:04.0843 1004 NETw4x32 - ok
19:41:05.0375 1004 NETw5x32 (3bdc90d9b12b685944f2b0896af5413c) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
19:41:05.0593 1004 NETw5x32 - ok
19:41:06.0031 1004 NETwLx32 (72062b53186e4a3f5fcbc41ebb62b905) C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
19:41:06.0234 1004 NETwLx32 - ok
19:41:06.0312 1004 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:41:06.0312 1004 NIC1394 - ok
19:41:06.0359 1004 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
19:41:06.0359 1004 Nla - ok
19:41:06.0468 1004 NMIndexingService (e584d6668e6a3923ff32e026a5ed2a03) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
19:41:06.0484 1004 NMIndexingService - ok
19:41:06.0515 1004 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
19:41:06.0515 1004 Npfs - ok
19:41:06.0578 1004 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
19:41:06.0625 1004 Ntfs - ok
19:41:06.0640 1004 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
19:41:06.0640 1004 NtLmSsp - ok
19:41:06.0671 1004 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
19:41:06.0687 1004 NtmsSvc - ok
19:41:06.0703 1004 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:41:06.0703 1004 Null - ok
19:41:06.0734 1004 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:41:06.0734 1004 NwlnkFlt - ok
19:41:06.0750 1004 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:41:06.0750 1004 NwlnkFwd - ok
19:41:06.0890 1004 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:41:06.0906 1004 odserv - ok
19:41:06.0937 1004 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:41:06.0937 1004 ohci1394 - ok
19:41:07.0062 1004 OracleOraHome81Agent (ba3e6b23c869b1821fe6cc77e2914b5c) E:\Oracle\Ora81\bin\dbsnmp.exe
19:41:07.0093 1004 OracleOraHome81Agent - ok
19:41:07.0109 1004 OracleOraHome81ClientCache (00b0b7d8d8cbf963105fbd85e7c5aa07) E:\Oracle\Ora81\BIN\ONRSD.EXE
19:41:07.0125 1004 OracleOraHome81ClientCache - ok
19:41:07.0156 1004 OracleOraHome81DataGatherer (525fb1969cbfbf760303fe4e141e983d) E:\Oracle\Ora81\bin\vppdc.exe
19:41:07.0156 1004 OracleOraHome81DataGatherer - ok
19:41:07.0156 1004 OracleOraHome81TNSListener - ok
19:41:07.0171 1004 OracleServiceORA - ok
19:41:07.0218 1004 OracleWebAssistant0 (4bc3b1212f540e4cc6f8ebc11d395d93) E:\Oracle\Ora81\BIN\OWASTSVR.EXE
19:41:07.0218 1004 OracleWebAssistant0 - ok
19:41:07.0312 1004 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:41:07.0312 1004 ose - ok
19:41:07.0343 1004 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
19:41:07.0343 1004 Parport - ok
19:41:07.0390 1004 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
19:41:07.0390 1004 PartMgr - ok
19:41:07.0390 1004 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:41:07.0406 1004 ParVdm - ok
19:41:07.0437 1004 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
19:41:07.0437 1004 PCI - ok
19:41:07.0437 1004 PCIDump - ok
19:41:07.0500 1004 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:41:07.0500 1004 PCIIde - ok
19:41:07.0531 1004 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:41:07.0562 1004 Pcmcia - ok
19:41:07.0562 1004 PDCOMP - ok
19:41:07.0562 1004 PDFRAME - ok
19:41:07.0578 1004 PDRELI - ok
19:41:07.0578 1004 PDRFRAME - ok
19:41:07.0578 1004 perc2 - ok
19:41:07.0578 1004 perc2hib - ok
19:41:07.0625 1004 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
19:41:07.0640 1004 PlugPlay - ok
19:41:07.0656 1004 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
19:41:07.0656 1004 PolicyAgent - ok
19:41:07.0671 1004 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:41:07.0687 1004 PptpMiniport - ok
19:41:07.0687 1004 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
19:41:07.0687 1004 ProtectedStorage - ok
19:41:07.0687 1004 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
19:41:07.0687 1004 PSched - ok
19:41:07.0734 1004 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:41:07.0734 1004 Ptilink - ok
19:41:07.0734 1004 ql1080 - ok
19:41:07.0734 1004 Ql10wnt - ok
19:41:07.0750 1004 ql12160 - ok
19:41:07.0750 1004 ql1240 - ok
19:41:07.0750 1004 ql1280 - ok
19:41:07.0765 1004 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:41:07.0765 1004 RasAcd - ok
19:41:07.0796 1004 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
19:41:07.0796 1004 RasAuto - ok
19:41:07.0812 1004 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:41:07.0812 1004 Rasl2tp - ok
19:41:07.0843 1004 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
19:41:07.0843 1004 RasMan - ok
19:41:07.0843 1004 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:41:07.0843 1004 RasPppoe - ok
19:41:07.0875 1004 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:41:07.0875 1004 Raspti - ok
19:41:07.0906 1004 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:41:07.0921 1004 Rdbss - ok
19:41:07.0937 1004 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:41:07.0937 1004 RDPCDD - ok
19:41:07.0984 1004 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:41:07.0984 1004 rdpdr - ok
19:41:08.0015 1004 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
19:41:08.0093 1004 RDPWD - ok
19:41:08.0125 1004 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
19:41:08.0125 1004 RDSessMgr - ok
19:41:08.0140 1004 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:41:08.0140 1004 redbook - ok
19:41:08.0250 1004 RegSrvc (3b1a7cea1e230103264405e0fb05532c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:41:08.0265 1004 RegSrvc - ok
19:41:08.0296 1004 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
19:41:08.0312 1004 RemoteAccess - ok
19:41:08.0343 1004 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
19:41:08.0343 1004 RemoteRegistry - ok
19:41:08.0375 1004 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
19:41:08.0375 1004 rimmptsk - ok
19:41:08.0375 1004 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
19:41:08.0390 1004 rimsptsk - ok
19:41:08.0406 1004 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
19:41:08.0406 1004 rismxdp - ok
19:41:08.0453 1004 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
19:41:08.0453 1004 RpcLocator - ok
19:41:08.0500 1004 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
19:41:08.0500 1004 RpcSs - ok
19:41:08.0546 1004 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:41:08.0546 1004 RSVP - ok
19:41:08.0656 1004 S24EventMonitor (8c9d57338b02d95c0fc7db428c50a001) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
19:41:08.0671 1004 S24EventMonitor - ok
19:41:08.0703 1004 s24trans (27fc71da659305e260acbda15a318399) C:\WINDOWS\system32\DRIVERS\s24trans.sys
19:41:08.0718 1004 s24trans - ok
19:41:08.0750 1004 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
19:41:08.0750 1004 SamSs - ok
19:41:08.0781 1004 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
19:41:08.0781 1004 SCardSvr - ok
19:41:08.0828 1004 SCDEmu (90226947195699eee8b1241627fe77ce) C:\WINDOWS\system32\drivers\SCDEmu.sys
19:41:08.0921 1004 SCDEmu - ok
19:41:08.0953 1004 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
19:41:08.0953 1004 Schedule - ok
19:41:08.0968 1004 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:41:08.0984 1004 sdbus - ok
19:41:09.0015 1004 se59bus (7c38fc284136981ebe002252fa0900d3) C:\WINDOWS\system32\DRIVERS\se59bus.sys
19:41:09.0031 1004 se59bus - ok
19:41:09.0046 1004 se59mdfl (3ced539f4373ccf8d3fe71ae51053d5d) C:\WINDOWS\system32\DRIVERS\se59mdfl.sys
19:41:09.0046 1004 se59mdfl - ok
19:41:09.0078 1004 se59mdm (c6a6aa039d14f2ea1998e5f922014067) C:\WINDOWS\system32\DRIVERS\se59mdm.sys
19:41:09.0078 1004 se59mdm - ok
19:41:09.0125 1004 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:41:09.0125 1004 Secdrv - ok
19:41:09.0156 1004 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
19:41:09.0171 1004 seclogon - ok
19:41:09.0187 1004 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
19:41:09.0187 1004 SENS - ok
19:41:09.0218 1004 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
19:41:09.0218 1004 Serial - ok
19:41:09.0234 1004 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:41:09.0265 1004 Sfloppy - ok
19:41:09.0312 1004 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
19:41:09.0328 1004 SharedAccess - ok
19:41:09.0343 1004 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
19:41:09.0343 1004 ShellHWDetection - ok
19:41:09.0359 1004 Simbad - ok
19:41:09.0390 1004 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:41:09.0390 1004 SLIP - ok
19:41:09.0421 1004 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
19:41:09.0421 1004 SONYPVU1 - ok
19:41:09.0421 1004 Sparrow - ok
19:41:09.0453 1004 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
19:41:09.0453 1004 splitter - ok
19:41:09.0484 1004 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
19:41:09.0484 1004 Spooler - ok
19:41:09.0562 1004 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
19:41:09.0562 1004 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
19:41:09.0562 1004 sptd ( LockedFile.Multi.Generic ) - warning
19:41:09.0562 1004 sptd - detected LockedFile.Multi.Generic (1)
19:41:09.0593 1004 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
19:41:09.0593 1004 sr - ok
19:41:09.0625 1004 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
19:41:09.0625 1004 srservice - ok
19:41:09.0687 1004 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
19:41:09.0703 1004 Srv - ok
19:41:09.0718 1004 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
19:41:09.0718 1004 SSDPSRV - ok
19:41:09.0796 1004 StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
19:41:09.0796 1004 StarWindServiceAE - ok
19:41:09.0843 1004 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
19:41:09.0859 1004 stisvc - ok
19:41:09.0875 1004 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:41:09.0875 1004 streamip - ok
19:41:09.0906 1004 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:41:09.0906 1004 swenum - ok
19:41:09.0937 1004 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
19:41:09.0953 1004 swmidi - ok
19:41:09.0953 1004 SwPrv - ok
19:41:09.0953 1004 symc810 - ok
19:41:09.0953 1004 symc8xx - ok
19:41:09.0968 1004 sym_hi - ok
19:41:09.0968 1004 sym_u3 - ok
19:41:10.0015 1004 SynTP (273ac5b332578d5af84290daa76e92b3) C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:41:10.0015 1004 SynTP - ok
19:41:10.0046 1004 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
19:41:10.0062 1004 sysaudio - ok
19:41:10.0093 1004 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
19:41:10.0093 1004 SysmonLog - ok
19:41:10.0140 1004 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
19:41:10.0140 1004 TapiSrv - ok
19:41:10.0187 1004 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:41:10.0203 1004 Tcpip - ok
19:41:10.0234 1004 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:41:10.0281 1004 TDPIPE - ok
19:41:10.0296 1004 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
19:41:10.0343 1004 TDTCP - ok
19:41:10.0359 1004 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:41:10.0359 1004 TermDD - ok
19:41:10.0390 1004 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
19:41:10.0406 1004 TermService - ok
19:41:10.0437 1004 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
19:41:10.0437 1004 Themes - ok
19:41:10.0468 1004 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
19:41:10.0468 1004 TlntSvr - ok
19:41:10.0484 1004 TosIde - ok
19:41:10.0515 1004 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
19:41:10.0515 1004 TrkWks - ok
19:41:10.0562 1004 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
19:41:10.0609 1004 Udfs - ok
19:41:10.0609 1004 ultra - ok
19:41:10.0656 1004 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
19:41:10.0656 1004 UMWdf - ok
19:41:10.0703 1004 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
19:41:10.0703 1004 Update - ok
19:41:10.0734 1004 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
19:41:10.0750 1004 upnphost - ok
19:41:10.0765 1004 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
19:41:10.0781 1004 UPS - ok
19:41:10.0812 1004 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:41:10.0812 1004 usbccgp - ok
19:41:10.0843 1004 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:41:10.0843 1004 usbehci - ok
19:41:10.0875 1004 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:41:10.0875 1004 usbhub - ok
19:41:10.0984 1004 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:41:11.0015 1004 USBSTOR - ok
19:41:11.0078 1004 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:41:11.0078 1004 usbuhci - ok
19:41:11.0140 1004 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:41:11.0140 1004 usbvideo - ok
19:41:11.0218 1004 UWIN_MS (9c8c82db7b6a5ba89e122c0bfe404f9a) C:\Program Files\UWIN\usr\etc\ums.exe
19:41:11.0234 1004 UWIN_MS - ok
19:41:11.0265 1004 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
19:41:11.0265 1004 VgaSave - ok
19:41:11.0281 1004 ViaIde - ok
19:41:11.0312 1004 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
19:41:11.0343 1004 VolSnap - ok
19:41:11.0390 1004 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
19:41:11.0406 1004 VSS - ok
19:41:11.0437 1004 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
19:41:11.0453 1004 W32Time - ok
19:41:11.0484 1004 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:41:11.0484 1004 Wanarp - ok
19:41:11.0531 1004 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:41:11.0546 1004 Wdf01000 - ok
19:41:11.0546 1004 WDICA - ok
19:41:11.0593 1004 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
19:41:11.0593 1004 wdmaud - ok
19:41:11.0640 1004 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
19:41:11.0656 1004 WebClient - ok
19:41:11.0671 1004 winbondhidcir (85072486ec208ca0c63c33bbc1a88a4b) C:\WINDOWS\system32\DRIVERS\winbondhidcir.sys
19:41:11.0671 1004 winbondhidcir - ok
19:41:11.0718 1004 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:41:11.0734 1004 winmgmt - ok
19:41:11.0765 1004 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
19:41:11.0765 1004 WmdmPmSN - ok
19:41:11.0859 1004 Wmi (1081c185aed0660b2b5f173c3e023b23) C:\WINDOWS\System32\advapi32.dll
19:41:11.0859 1004 Wmi - ok
19:41:11.0875 1004 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:41:11.0875 1004 WmiAcpi - ok
19:41:11.0906 1004 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:41:11.0906 1004 WmiApSrv - ok
19:41:11.0937 1004 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
19:41:11.0937 1004 WpdUsb - ok
19:41:11.0968 1004 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
19:41:11.0968 1004 wscsvc - ok
19:41:12.0000 1004 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:41:12.0000 1004 WSTCODEC - ok
19:41:12.0031 1004 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
19:41:12.0031 1004 WZCSVC - ok
19:41:12.0062 1004 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
19:41:12.0062 1004 xmlprov - ok
19:41:12.0093 1004 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:41:12.0109 1004 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
19:41:12.0109 1004 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
19:41:12.0109 1004 Boot (0x1200) (0077aa3bd1b3d0107989171a86b1ae99) \Device\Harddisk0\DR0\Partition0
19:41:12.0125 1004 \Device\Harddisk0\DR0\Partition0 - ok
19:41:12.0140 1004 Boot (0x1200) (89a9b78b835cb206c1f03736aa3136ca) \Device\Harddisk0\DR0\Partition1
19:41:12.0140 1004 \Device\Harddisk0\DR0\Partition1 - ok
19:41:12.0171 1004 Boot (0x1200) (95e1c3f044ab8e258993596344d40328) \Device\Harddisk0\DR0\Partition2
19:41:12.0171 1004 \Device\Harddisk0\DR0\Partition2 - ok
19:41:12.0187 1004 Boot (0x1200) (b4d7b1dca4a6f5a1cc3075293dbabb56) \Device\Harddisk0\DR0\Partition3
19:41:12.0187 1004 \Device\Harddisk0\DR0\Partition3 - ok
19:41:12.0187 1004 ============================================================
19:41:12.0187 1004 Scan finished
19:41:12.0187 1004 ============================================================
19:41:12.0203 1560 Detected object count: 2
19:41:12.0203 1560 Actual detected object count: 2
19:44:02.0921 1560 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:44:02.0921 1560 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:44:02.0921 1560 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
19:44:02.0921 1560 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip
19:46:00.0328 2020 Deinitialize success

#5 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:11:10 AM

Posted 08 August 2012 - 10:27 AM

Hi,

TDSKiller found a rootkit that we need to remove. Please run TDSKiller again and this time select skip for the sptd entrys and cure for the other two \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c )

After that download aswMBR and run the tool.
It will ask to download extra definitions accept that. Click on Scan and wait until it finish, then press the save log button.
Copy the generated log to your next reply.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#6 virus_victim

virus_victim
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 08 August 2012 - 03:07 PM

I ran TDSSKiller and cured the \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ). I then downloaded and updated aswMBR and ran a scan. Below are the logs of aswMBR. Thank you for the help.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-08 15:24:06
-----------------------------
15:24:06.609 OS Version: Windows 5.1.2600 Service Pack 2
15:24:06.609 Number of processors: 2 586 0xF0D
15:24:06.609 ComputerName: PERSONAL-199B1F UserName: Prasanna
15:24:07.531 Initialize success
15:27:31.234 AVAST engine defs: 12080800
15:28:16.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
15:28:16.875 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC70P Size: 152627MB BusType: 3
15:28:16.875 Disk 0 MBR read successfully
15:28:16.875 Disk 0 MBR scan
15:28:16.890 Disk 0 Windows XP default MBR code
15:28:16.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29996 MB offset 63
15:28:16.906 Disk 0 Partition - 00 0F Extended LBA 122621 MB offset 61432560
15:28:16.937 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 39997 MB offset 61432623
15:28:16.937 Disk 0 Partition - 00 05 Extended 39997 MB offset 143347995
15:28:16.953 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 39997 MB offset 143348058
15:28:16.953 Disk 0 Partition - 00 05 Extended 42625 MB offset 307178865
15:28:16.984 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 42625 MB offset 225263493
15:28:17.015 Disk 0 scanning sectors +312560640
15:28:17.093 Disk 0 scanning C:\WINDOWS\system32\drivers
15:28:38.312 Service scanning
15:28:38.656 Service .InCDRm \* **LOCKED** 123
15:28:56.843 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
15:29:00.765 Modules scanning
15:29:43.937 Disk 0 trace - called modules:
15:29:43.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86d651f8]<<
15:29:43.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c87ab8]
15:29:43.953 3 CLASSPNP.SYS[f761e05b] -> nt!IofCallDriver -> \Device\00000081[0x86da46c8]
15:29:43.953 5 ACPI.sys[f737b620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x86d0f2b8]
15:29:43.953 \Driver\atapi[0x86c89220] -> IRP_MJ_CREATE -> 0x86d651f8
15:29:44.984 AVAST engine scan C:\WINDOWS
15:29:55.546 AVAST engine scan C:\WINDOWS\system32
15:32:12.109 AVAST engine scan C:\WINDOWS\system32\drivers
15:32:25.593 AVAST engine scan C:\Documents and Settings\Prasanna
15:35:41.390 AVAST engine scan C:\Documents and Settings\All Users
15:39:38.765 Scan finished successfully
16:02:26.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Prasanna\Desktop\MBR.dat"
16:02:26.562 The log file has been saved successfully to "C:\Documents and Settings\Prasanna\Desktop\aswMBR.txt"

#7 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:11:10 AM

Posted 09 August 2012 - 04:09 PM

Hi,

It seems the MBR is now clean.
To be sure that all is clean do a scan using Eset On-line Scanner

Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, an check the options:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology are ticked.
Click Scan and then wait for the scan to finish (it will take some time).

When the scan ends press the button LIST OF THREATS FOUND, click Export to Text File open the text file and copy & Paste the contents to your reply.
Press the BACK button.
Press Finish

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#8 virus_victim

virus_victim
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 10 August 2012 - 06:13 PM

Hi,
Below is the ESET log -

C:\Documents and Settings\Prasanna\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-224728d9 multiple threats
C:\Documents and Settings\Prasanna\Application Data\Sun\Java\Deployment\cache\6.0\33\53784821-5c1b2035 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\Prasanna\Application Data\Sun\Java\Deployment\cache\6.0\33\5d149be1-6585284c multiple threats
C:\Documents and Settings\Prasanna\Application Data\Sun\Java\Deployment\cache\6.0\41\2d5a4e9-4e1f8479 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\Prasanna\Application Data\Sun\Java\Deployment\cache\6.0\43\58630b2b-50dff627 Java/TrojanDownloader.OpenStream.NCM trojan
C:\Documents and Settings\Prasanna\Application Data\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-338fbb5f probably a variant of Win32/Agent.DYXWUMY trojan
C:\Documents and Settings\Prasanna\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmaudio.jar-5d0105c8-39973a1c.zip probably a variant of Win32/Agent.DYXWUMY trojan
C:\Documents and Settings\Prasanna\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmseria.jar-2f8ffa6a-27cf6d51.zip multiple threats
C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application
C:\TDSSKiller_Quarantine\08.08.2012_14.52.39\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\08.08.2012_14.52.39\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\08.08.2012_14.52.39\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\08.08.2012_14.52.39\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\08.08.2012_14.52.39\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan
C:\TDSSKiller_Quarantine\08.08.2012_14.52.39\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\08.08.2012_14.52.39\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\08.08.2012_14.52.39\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan

#9 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:11:10 AM

Posted 12 August 2012 - 11:15 AM

Hi,

It seems almost clean, you should uninstall all the java versions you have installed, reboot the PC and then install the last version from www.java.com, do a custom installation to have a option to unselect any extras offered.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users