Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUM Disables Avira AV security, Windows System Restore, MS Security Center notifications


  • This topic is locked This topic is locked
42 replies to this topic

#1 sosmoi

sosmoi

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 17 August 2012 - 03:45 AM

I cannot get rid of this trojan Security Center|UPDATESDISABLENOTIFY (PUM.Disabled.SecurityCenter). Since January, my Avira AV fails to run scheduled scans and now it will not launch at all. Windows System Restore won't create restore points. "System Restore not able to create a restore point. Please restart your computer, and then run system Restore again," and Windows XP Security Center notifications are constantly disabled by a PUM virus/trojan. And GMER hangs and does not comoplete or crashes my system with blue screen. Malwarebytes AntiMalware does however repeatedly find and quarantines the PUM.

Google Chrome v21.0.118079 fails to auto install Adobe Flash player and Google Chrome Settings always resets Background Apps from Disabled to Enabled on system restart. I researched and just found a command line command to keep Background apps from launching.

Adobe Flash Player fails to update to current version.

12 Windows Security Updates download and then report as Installed, but continue to show as needing to install.

Malwarebytes Pro (Trial) reports blocking malicious IP outgoing web attempts.

Please see DDS report attached. No GMER report cause it hangs and doesn't finish. Thanks!

-Windows XP v2002 SP3
MS Home Edition
Dell Inspiron I6400
2.0 GHz, 2.00 GB RAM


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by mio at 2:23:28 on 2012-08-17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1584 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Avira Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
C:\Documents and Settings\mio\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\DOCUME~1\mio\LOCALS~1\Temp\clclean.0001
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
svchost.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
uStart Page = hxxp://news.google.com/?hl=en
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = 192.168.1.1;localhost;127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {0483894e-2422-45e0-8384-021aff1af3cd} - iOpus iMacros
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Google Update] "c:\documents and settings\mio\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [Creative MediaSource Go] "c:\program files\creative\mediasource\go\CTCMSGo.exe" /SCB
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRunOnce: [RunNarrator] Narrator.exe
uExplorerRun: [Google Update] "c:\documents and settings\mio\local settings\application data\google\update\GoogleUpdate.exe" /c
StartupFolder: c:\docume~1\mio\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\mio\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-explorer: nosimplestartmenu = 0 (0x0)
uPolicies-explorer: norecentdochistory = 0 (0x0)
uPolicies-explorer: maxrecentdocs = 25 (0x19)
uPolicies-explorer: noshutdown = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: facebook.com\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188380653390
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8187456D-DAE1-44F6-9BE8-4AC4A32F3544} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-5-1 36000]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-5-1 83392]
R2 FAD;FAD;c:\program files\broadcom\bacs\FADXP32.sys [2007-2-14 16352]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-28 1373576]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\nti\nti backup now ez\BackupNowEZSvr.exe [2011-9-23 45592]
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2010-10-8 6609920]
S1 SABKUTIL;SABKUTIL; [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-5-1 86224]
S2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-5-1 110032]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-12 136176]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe --> c:\windows\system32\NLSSRV32.EXE [?]
S2 Secunia PSI Agent;Secunia PSI Agent;"c:\program files\secunia\psi\psia.exe" --start-service --> c:\program files\secunia\psi\PSIA.exe [?]
S2 Secunia Update Agent;Secunia Update Agent;"c:\program files\secunia\psi\sua.exe" --start-service --> c:\program files\secunia\psi\sua.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-4-5 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-5-17 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-5-17 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-12 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe --> c:\program files\mozilla maintenance service\maintenanceservice.exe [?]
S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2008-1-10 34136]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-11-16 18432]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys --> c:\windows\system32\drivers\psi_mf.sys [?]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys --> c:\windows\system32\drivers\rcvpn.sys [?]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys --> c:\windows\system32\drivers\tapoas.sys [?]
S3 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2008-1-10 2385896]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; [x]
S4 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;"c:\program files\nitro pdf\professional 7\nitropdfdriverservice2.exe" --> c:\program files\nitro pdf\professional 7\NitroPDFDriverService2.exe [?]
S4 OKI OPHC DCS Loader;OKI OPHC DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHCLDCS.EXE [2005-5-10 24576]
.
=============== Created Last 30 ================
.
2012-08-16 17:40:08 29760 ----a-w- c:\windows\system32\dllcache\OLD79A.tmp
2012-08-16 17:40:08 13894 ----a-w- c:\windows\system32\dllcache\OLD7A0.tmp
2012-08-16 17:40:08 113222 ----a-w- c:\windows\system32\dllcache\OLD79D.tmp
2012-08-16 17:40:07 4677 ----a-w- c:\windows\system32\dllcache\OLD797.tmp
2012-08-16 17:40:07 41029 ----a-w- c:\windows\system32\dllcache\OLD794.tmp
2012-08-16 17:40:07 36937 ----a-w- c:\windows\system32\dllcache\OLD791.tmp
2012-08-16 17:40:06 116224 ----a-w- c:\windows\system32\dllcache\OLD78E.tmp
2012-08-16 17:40:05 18944 ----a-w- c:\windows\system32\dllcache\OLD789.tmp
2012-08-16 17:39:43 19455 ----a-w- c:\windows\system32\dllcache\OLD77E.tmp
2012-08-16 17:39:40 12063 ----a-w- c:\windows\system32\dllcache\OLD77A.tmp
2012-08-16 17:39:38 8192 ----a-w- c:\windows\system32\dllcache\OLD776.tmp
2012-08-16 17:37:59 26112 ----a-w- c:\windows\system32\dllcache\OLD711.tmp
2012-08-16 17:36:52 101376 ----a-w- c:\windows\system32\dllcache\OLD6A5.tmp
2012-08-16 17:35:55 26112 ----a-w- c:\windows\system32\dllcache\OLD5F9.tmp
2012-08-16 17:34:56 482304 ----a-w- c:\windows\system32\dllcache\OLD552.tmp
2012-08-16 17:33:52 132695 ----a-w- c:\windows\system32\dllcache\OLD4EE.tmp
2012-08-16 17:33:31 229439 ----a-w- c:\windows\system32\dllcache\OLD4D9.tmp
2012-08-16 17:33:28 119808 ----a-w- c:\windows\system32\dllcache\OLD4D4.tmp
2012-08-16 17:32:58 49024 ----a-w- c:\windows\system32\dllcache\OLD4D1.tmp
2012-08-16 17:32:34 40960 ----a-w- c:\windows\system32\dllcache\OLD4CB.tmp
2012-08-16 17:32:34 22016 ----a-w- c:\windows\system32\dllcache\OLD4C7.tmp
2012-08-16 17:32:31 98304 ----a-w- c:\windows\system32\dllcache\OLD4C0.tmp
2012-08-16 17:32:31 1875968 ----a-w- c:\windows\system32\dllcache\OLD4C3.tmp
2012-08-16 17:32:15 126976 ----a-w- c:\windows\system32\dllcache\OLD4BD.tmp
2012-08-16 17:32:09 56832 ----a-w- c:\windows\system32\dllcache\OLD4B8.tmp
2012-08-16 17:32:09 51200 ----a-w- c:\windows\system32\dllcache\OLD4B4.tmp
2012-08-16 17:30:59 9216 ----a-w- c:\windows\system32\dllcache\OLD42D.tmp
2012-08-16 17:29:59 702845 ----a-w- c:\windows\system32\dllcache\OLD350.tmp
2012-08-16 17:29:50 10129408 ----a-w- c:\windows\system32\dllcache\OLD34A.tmp
2012-08-16 17:29:35 13463552 ----a-w- c:\windows\system32\dllcache\OLD347.tmp
2012-08-16 17:29:22 10096640 ----a-w- c:\windows\system32\dllcache\OLD344.tmp
2012-08-16 17:29:13 42573 ----a-w- c:\windows\system32\dllcache\OLD334.tmp
2012-08-16 17:29:12 57409 ----a-w- c:\windows\system32\dllcache\OLD32E.tmp
2012-08-16 17:29:12 1175635 ----a-w- c:\windows\system32\dllcache\OLD331.tmp
2012-08-16 17:29:10 39936 ----a-w- c:\windows\system32\dllcache\OLD31B.tmp
2012-08-16 17:29:08 20352 ----a-w- c:\windows\system32\dllcache\OLD315.tmp
2012-08-16 17:27:53 514587 ----a-w- c:\windows\system32\dllcache\OLD276.tmp
2012-08-16 17:27:07 206976 ----a-w- c:\windows\system32\dllcache\OLD26C.tmp
2012-08-16 17:27:02 8320 ----a-w- c:\windows\system32\dllcache\OLD267.tmp
2012-08-16 17:25:58 1677824 ----a-w- c:\windows\system32\dllcache\OLD1EC.tmp
2012-08-16 17:24:49 11776 ----a-w- c:\windows\system32\dllcache\OLDDE.tmp
2012-08-16 17:24:48 42577 ----a-w- c:\windows\system32\dllcache\OLDD1.tmp
2012-08-16 17:24:48 18432 ----a-w- c:\windows\system32\dllcache\OLDDA.tmp
2012-08-16 17:24:47 1817687 ----a-w- c:\windows\system32\dllcache\OLDCE.tmp
2012-08-16 17:24:44 82501 ----a-w- c:\windows\system32\dllcache\OLDCB.tmp
2012-08-16 17:24:37 13696 ----a-w- c:\windows\system32\dllcache\OLDBF.tmp
2012-08-16 17:24:36 38912 ----a-w- c:\windows\system32\dllcache\OLDB9.tmp
2012-08-16 17:24:03 45056 ----a-w- c:\windows\system32\dllcache\OLD9C.tmp
2012-08-16 17:24:03 331264 ----a-w- c:\windows\system32\dllcache\OLD9F.tmp
2012-08-16 17:24:01 36224 ----a-w- c:\windows\system32\dllcache\OLD97.tmp
2012-08-16 17:21:33 32827 ----a-w- c:\windows\system32\dllcache\OLD4B.tmp
2012-08-16 17:21:33 16384 ----a-w- c:\windows\system32\dllcache\OLD4E.tmp
2012-08-16 17:21:28 20536 ----a-w- c:\windows\system32\dllcache\OLD45.tmp
2012-08-16 17:21:28 16437 ----a-w- c:\windows\system32\dllcache\OLD48.tmp
2012-08-16 17:19:59 188480 ----a-w- c:\windows\system32\dllcache\OLDE.tmp
2012-08-16 17:19:57 16439 ----a-w- c:\windows\system32\dllcache\OLDB.tmp
2012-08-16 17:19:56 20540 ----a-w- c:\windows\system32\dllcache\OLD8.tmp
2012-08-16 17:19:50 16439 ----a-w- c:\windows\system32\dllcache\OLD5.tmp
2012-08-16 17:19:49 20540 ----a-w- c:\windows\system32\dllcache\OLD2.tmp
2012-08-16 12:38:35 -------- d-----w- C:\MGtools
2012-08-16 12:17:15 -------- d-----w- c:\program files\HitmanPro
2012-08-16 12:17:04 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-08-16 02:46:03 35552 ----a-w- c:\windows\system32\dllcache\wups.dll
2012-08-16 02:08:05 536576 ------w- c:\program files\common files\system\ado\SETA5.tmp
2012-08-16 02:08:05 536576 ------w- c:\program files\common files\system\ado\SET5E.tmp
2012-08-16 02:07:50 1172480 ------w- c:\windows\system32\SETA1.tmp
2012-08-16 02:07:50 1172480 ------w- c:\windows\system32\SET5A.tmp
2012-08-16 02:07:33 152576 ------w- c:\windows\system32\SET9D.tmp
2012-08-16 02:07:33 152576 ------w- c:\windows\system32\SET56.tmp
2012-08-14 14:33:24 1669749 ----a-w- C:\MGtools.exe
2012-08-04 23:13:44 53248 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\msihook.dll
2012-08-04 23:13:43 126976 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\knlwrap.exe
2012-08-04 23:13:41 114688 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\scpthdlr.dll
2012-08-04 18:48:02 54016 ----a-w- c:\windows\system32\drivers\brekgxt.sys
2012-08-03 19:51:34 -------- d-----w- c:\documents and settings\all users\application data\Registry First Aid
2012-08-03 12:37:28 -------- d-----w- c:\documents and settings\mio\application data\FixTDSS
2012-08-02 07:37:48 54016 ----a-w- c:\windows\system32\drivers\ihsp.sys
2012-07-30 19:23:36 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-07-30 12:32:53 171008 ----a-w- c:\windows\system32\OLD1D3.tmp
2012-07-29 08:28:45 -------- d-----w- c:\program files\ESET
2012-07-27 14:15:49 13894 ----a-w- c:\windows\system32\dllcache\OLD75D.tmp
2012-07-27 14:15:48 113222 ----a-w- c:\windows\system32\dllcache\OLD75A.tmp
2012-07-27 14:15:46 4677 ----a-w- c:\windows\system32\dllcache\OLD754.tmp
2012-07-27 14:15:46 29760 ----a-w- c:\windows\system32\dllcache\OLD757.tmp
2012-07-27 14:15:45 41029 ----a-w- c:\windows\system32\dllcache\OLD751.tmp
2012-07-27 14:15:45 36937 ----a-w- c:\windows\system32\dllcache\OLD74E.tmp
2012-07-27 14:15:45 116224 ----a-w- c:\windows\system32\dllcache\OLD74B.tmp
2012-07-27 14:15:44 18944 ----a-w- c:\windows\system32\dllcache\OLD746.tmp
2012-07-27 14:15:36 19455 ----a-w- c:\windows\system32\dllcache\OLD73B.tmp
2012-07-27 14:15:25 12063 ----a-w- c:\windows\system32\dllcache\OLD737.tmp
2012-07-27 14:15:23 8192 ----a-w- c:\windows\system32\dllcache\OLD733.tmp
2012-07-27 14:12:59 76288 ----a-w- c:\windows\system32\dllcache\OLD6C6.tmp
2012-07-27 14:11:58 101376 ----a-w- c:\windows\system32\dllcache\OLD66D.tmp
2012-07-27 14:10:59 753236 ----a-w- c:\windows\system32\dllcache\OLD58E.tmp
2012-07-27 14:09:20 2069120 ----a-w- c:\windows\system32\dllcache\OLD4DC.tmp
2012-07-27 14:09:08 38912 ----a-w- c:\windows\system32\dllcache\OLD4D8.tmp
2012-07-27 14:09:06 28672 ----a-w- c:\windows\system32\dllcache\OLD4D2.tmp
2012-07-27 14:08:57 132695 ----a-w- c:\windows\system32\dllcache\OLD4CA.tmp
2012-07-27 14:08:44 229439 ----a-w- c:\windows\system32\dllcache\OLD4B5.tmp
2012-07-27 14:08:42 119808 ----a-w- c:\windows\system32\dllcache\OLD4B1.tmp
2012-07-27 14:08:18 49024 ----a-w- c:\windows\system32\dllcache\OLD4AE.tmp
2012-07-27 14:08:06 40960 ----a-w- c:\windows\system32\dllcache\OLD4A8.tmp
2012-07-27 14:08:05 22016 ----a-w- c:\windows\system32\dllcache\OLD4A5.tmp
2012-07-27 14:08:04 98304 ----a-w- c:\windows\system32\dllcache\OLD49E.tmp
2012-07-27 14:08:04 1875968 ----a-w- c:\windows\system32\dllcache\OLD4A1.tmp
2012-07-27 14:06:55 70656 ----a-w- c:\windows\system32\dllcache\OLD43A.tmp
2012-07-27 14:05:48 10129408 ----a-w- c:\windows\system32\dllcache\OLD336.tmp
2012-07-27 14:05:27 13463552 ----a-w- c:\windows\system32\dllcache\OLD333.tmp
2012-07-27 14:05:20 10096640 ----a-w- c:\windows\system32\dllcache\OLD330.tmp
2012-07-27 14:05:16 42573 ----a-w- c:\windows\system32\dllcache\OLD320.tmp
2012-07-27 14:05:15 57409 ----a-w- c:\windows\system32\dllcache\OLD31A.tmp
2012-07-27 14:05:15 1175635 ----a-w- c:\windows\system32\dllcache\OLD31D.tmp
2012-07-27 14:05:13 39936 ----a-w- c:\windows\system32\dllcache\OLD307.tmp
2012-07-27 14:05:11 20352 ----a-w- c:\windows\system32\dllcache\OLD302.tmp
2012-07-27 14:05:09 36864 ----a-w- c:\windows\system32\dllcache\OLD2FD.tmp
2012-07-27 14:05:08 28288 ----a-w- c:\windows\system32\dllcache\OLD2F7.tmp
2012-07-27 14:03:52 206976 ----a-w- c:\windows\system32\dllcache\OLD25F.tmp
2012-07-27 14:03:48 8320 ----a-w- c:\windows\system32\dllcache\OLD25A.tmp
2012-07-27 14:03:36 78848 ----a-w- c:\windows\system32\dllcache\OLD232.tmp
2012-07-27 14:03:29 48640 ----a-w- c:\windows\system32\dllcache\OLD226.tmp
2012-07-27 14:03:28 249856 ----a-w- c:\windows\system32\dllcache\OLD21B.tmp
2012-07-27 14:03:24 18944 ----a-w- c:\windows\system32\dllcache\OLD211.tmp
2012-07-27 14:03:23 57399 ----a-w- c:\windows\system32\dllcache\OLD20C.tmp
2012-07-27 14:03:08 1039955 ----a-w- c:\windows\system32\dllcache\OLD207.tmp
2012-07-27 14:03:06 217160 ----a-w- c:\windows\system32\dllcache\OLD204.tmp
2012-07-27 14:03:02 480256 ----a-w- c:\windows\system32\dllcache\OLD1FB.tmp
2012-07-27 14:03:01 21504 ----a-w- c:\windows\system32\dllcache\OLD1F8.tmp
2012-07-27 14:03:01 198656 ----a-w- c:\windows\system32\dllcache\OLD1F5.tmp
2012-07-27 14:01:32 18432 ----a-w- c:\windows\system32\dllcache\OLDD5.tmp
2012-07-27 14:01:32 11776 ----a-w- c:\windows\system32\dllcache\OLDD9.tmp
2012-07-27 14:01:31 42577 ----a-w- c:\windows\system32\dllcache\OLDCD.tmp
2012-07-27 14:01:29 1817687 ----a-w- c:\windows\system32\dllcache\OLDCA.tmp
2012-07-27 14:01:28 82501 ----a-w- c:\windows\system32\dllcache\OLDC7.tmp
2012-07-27 14:01:22 13696 ----a-w- c:\windows\system32\dllcache\OLDBC.tmp
2012-07-27 14:01:21 38912 ----a-w- c:\windows\system32\dllcache\OLDB7.tmp
2012-07-27 13:52:39 32827 ----a-w- c:\windows\system32\dllcache\OLD4D.tmp
2012-07-27 13:52:39 16384 ----a-w- c:\windows\system32\dllcache\OLD50.tmp
2012-07-27 13:52:35 16437 ----a-w- c:\windows\system32\dllcache\OLD4A.tmp
2012-07-27 13:52:34 20536 ----a-w- c:\windows\system32\dllcache\OLD47.tmp
2012-07-27 13:52:10 2192640 ----a-w- c:\windows\system32\dllcache\OLD43.tmp
2012-07-24 21:38:05 -------- d-----w- c:\documents and settings\mio\application data\SUPERAntiSpyware.com
2012-07-24 21:36:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-24 21:36:40 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-07-24 13:43:57 13894 ----a-w- c:\windows\system32\dllcache\OLD495.tmp
2012-07-24 13:43:56 29760 ----a-w- c:\windows\system32\dllcache\OLD48F.tmp
2012-07-24 13:43:56 113222 ----a-w- c:\windows\system32\dllcache\OLD492.tmp
2012-07-24 13:43:55 4677 ----a-w- c:\windows\system32\dllcache\OLD48C.tmp
2012-07-24 13:43:55 41029 ----a-w- c:\windows\system32\dllcache\OLD489.tmp
2012-07-24 13:43:54 36937 ----a-w- c:\windows\system32\dllcache\OLD486.tmp
2012-07-24 13:43:53 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-07-24 13:43:52 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-07-24 13:43:45 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-07-24 13:43:38 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-07-24 13:43:36 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2012-07-24 13:41:55 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2012-07-24 13:41:53 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys
2012-07-24 13:41:51 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2012-07-24 13:41:47 32339 ----a-w- c:\windows\system32\dllcache\OLD436.tmp
2012-07-24 13:41:42 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2012-07-24 13:41:34 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2012-07-24 13:41:25 185344 ----a-w- c:\windows\system32\dllcache\thawbrkr.dll
2012-07-24 13:41:24 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys
2012-07-24 13:41:21 21896 ----a-w- c:\windows\system32\dllcache\tdipx.sys
2012-07-24 13:41:21 19464 ----a-w- c:\windows\system32\dllcache\tdspx.sys
2012-07-24 13:41:20 13192 ----a-w- c:\windows\system32\dllcache\tdasync.sys
2012-07-24 13:39:41 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2012-07-24 13:38:55 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys
2012-07-24 13:34:50 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-07-24 13:34:37 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll
2012-07-24 13:34:14 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2012-07-24 13:33:55 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-07-24 13:33:55 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2012-07-24 13:33:39 126976 ----a-w- c:\windows\system32\dllcache\OLD2E0.tmp
2012-07-24 13:33:35 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2012-07-24 13:33:19 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2012-07-24 13:33:02 34304 ----a-w- c:\windows\system32\dllcache\migisol.exe
2012-07-24 13:33:01 92416 ----a-w- c:\windows\system32\dllcache\mga.sys
2012-07-24 13:33:01 92032 ----a-w- c:\windows\system32\dllcache\mga.dll
2012-07-24 13:33:00 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2012-07-24 13:31:49 59904 ----a-w- c:\windows\system32\dllcache\imkrinst.exe
2012-07-24 13:30:56 59136 ----a-w- c:\windows\system32\dllcache\gckernel.sys
2012-07-24 13:30:55 10624 ----a-w- c:\windows\system32\dllcache\gameenum.sys
2012-07-24 13:30:44 6144 ----a-w- c:\windows\system32\dllcache\ftlx041e.dll
2012-07-24 13:30:42 55296 ----a-w- c:\windows\system32\dllcache\OLD1F2.tmp
2012-07-24 13:30:40 34173 ----a-w- c:\windows\system32\dllcache\forehe.sys
2012-07-24 13:30:37 14848 ----a-w- c:\windows\system32\dllcache\flattemp.exe
2012-07-24 13:30:34 43520 ----a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2012-07-24 13:30:27 25856 ----a-w- c:\windows\system32\dllcache\et4000.sys
2012-07-24 13:30:26 57856 ----a-w- c:\windows\system32\dllcache\esuimgd.dll
2012-07-24 13:30:26 45056 ----a-w- c:\windows\system32\dllcache\esunid.dll
2012-07-24 13:30:25 31744 ----a-w- c:\windows\system32\dllcache\esucmd.dll
2012-07-24 13:30:25 137088 ----a-w- c:\windows\system32\dllcache\essm2e.sys
2012-07-24 13:30:12 514587 ----a-w- c:\windows\system32\dllcache\edb500.dll
2012-07-24 13:29:50 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys
2012-07-24 13:29:45 8320 ----a-w- c:\windows\system32\dllcache\dlttape.sys
2012-07-24 13:29:23 48640 ----a-w- c:\windows\system32\dllcache\cwrwdm.sys
2012-07-24 13:29:21 249856 ----a-w- c:\windows\system32\dllcache\ctmasetp.dll
2012-07-24 13:29:18 18944 ----a-w- c:\windows\system32\dllcache\cprofile.exe
2012-07-24 13:29:07 1039955 ----a-w- c:\windows\system32\dllcache\OLD156.tmp
2012-07-24 13:29:05 217160 ----a-w- c:\windows\system32\dllcache\OLD153.tmp
2012-07-24 13:27:50 45056 ----a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2012-07-24 13:24:07 32827 ----a-w- c:\windows\system32\dllcache\OLD4C.tmp
2012-07-24 13:24:07 16384 ----a-w- c:\windows\system32\dllcache\OLD4F.tmp
2012-07-24 13:24:03 16437 ----a-w- c:\windows\system32\dllcache\OLD49.tmp
2012-07-24 13:24:02 20536 ----a-w- c:\windows\system32\dllcache\OLD46.tmp
2012-07-24 13:23:18 2192640 ----a-w- c:\windows\system32\dllcache\OLD42.tmp
2012-07-20 05:00:00 536576 ----a-w- c:\program files\common files\system\ado\SETC5.tmp
2012-07-20 05:00:00 536576 ------w- c:\program files\common files\system\ado\SETD4.tmp
2012-07-20 05:00:00 536576 ------w- c:\program files\common files\system\ado\SETD1.tmp
2012-07-20 05:00:00 536576 ------w- c:\program files\common files\system\ado\SET46.tmp
2012-07-20 05:00:00 536576 ------w- c:\program files\common files\system\ado\SET3D.tmp
2012-07-19 10:48:57 1212416 ------w- c:\windows\system32\SETC4.tmp
2012-07-19 10:48:57 1212416 ------w- c:\windows\system32\SET96.tmp
2012-07-19 10:48:57 1212416 ------w- c:\windows\system32\SET82.tmp
2012-07-19 10:48:57 1212416 ------w- c:\windows\system32\SET75.tmp
2012-07-19 10:48:57 1212416 ------w- c:\windows\system32\SET4D.tmp
2012-07-19 10:48:57 1212416 ------w- c:\windows\system32\SET44.tmp
2012-07-19 10:48:50 6007808 ------w- c:\windows\system32\SETC6.tmp
2012-07-19 10:48:50 6007808 ------w- c:\windows\system32\SET98.tmp
2012-07-19 10:48:50 6007808 ------w- c:\windows\system32\SET84.tmp
2012-07-19 10:48:50 6007808 ------w- c:\windows\system32\SET77.tmp
2012-07-19 10:48:50 6007808 ------w- c:\windows\system32\SET4F.tmp
2012-07-19 10:48:50 6007808 ------w- c:\windows\system32\SET46.tmp
.
==================== Find3M ====================
.
2012-08-16 11:58:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-16 11:58:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 13:58:52 337920 ----a-w- c:\windows\system32\SET10B.tmp
2012-07-06 13:58:52 337920 ------w- c:\windows\system32\SETA6.tmp
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\SET10C.tmp
2012-07-06 13:58:51 78336 ------w- c:\windows\system32\SETA7.tmp
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 21:19:34 11111424 ------w- c:\windows\system32\SETD2.tmp
2012-07-02 21:19:34 11111424 ------w- c:\windows\system32\SETA0.tmp
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-13 13:19:59 1866112 ------w- c:\windows\system32\_000008_.tmp.dll
2012-06-08 14:26:20 8462848 ----a-w- c:\windows\system32\SETAF.tmp
2012-06-08 14:26:20 8462848 ------w- c:\windows\system32\SETB5.tmp
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\SETBF.tmp
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\SETCE.tmp
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\SETCD.tmp
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\SETBE.tmp
2012-06-05 15:50:25 1172480 ------w- c:\windows\system32\SETCC.tmp
2012-06-05 15:50:25 1172480 ------w- c:\windows\system32\SETCB.tmp
2012-06-05 15:50:25 1172480 ------w- c:\windows\system32\SET55.tmp
2012-06-05 15:50:25 1172480 ------w- c:\windows\system32\SET54.tmp
2012-06-04 15:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\SETB3.tmp
2012-06-04 04:32:08 152576 ------w- c:\windows\system32\SETC1.tmp
2012-06-04 04:32:08 152576 ------w- c:\windows\system32\SETC0.tmp
2012-06-04 04:32:08 152576 ------w- c:\windows\system32\SET67.tmp
2012-06-04 04:32:08 152576 ------w- c:\windows\system32\SET65.tmp
2012-06-02 13:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 2:25:53.22 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sosmoi

sosmoi
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 21 August 2012 - 04:46 PM

Anyone available to analyze this log?

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 22 August 2012 - 03:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465539 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:06 AM

Posted 23 August 2012 - 09:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    Lately the Microsoft site has not been available. If this is the case please ignore and continue.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
===

Please post the logs and let me know if the problem persists.

#5 sosmoi

sosmoi
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 24 August 2012 - 04:53 AM

Thanks nasdaq. I still need help.

See following logs posts for
+ DDS.txt
+ GMER (ark.txt).
+ checkup.txt
+ AdwCleaner[R1].txt
+ combofix.txt

See also attached the zip of attach.txt.

My system is:

-Windows XP v2002 SP3
MS Home Edition
Dell Inspiron I6400
2.0 GHz, 2.00 GB RAM

I still have this recurring PUM disabling my security center and my Avira AntiVirus Free Edition is broken and wont uninstall nor can be fixed from a downloaded executable. It reports that AVG Antivirus is still on my system and active (I uninstalled it with the AVG remover 4 months ago). Funny thing is that cmobofix also reported that AVG is still active on my computer. But I do onot know how to find and delete the appropriate key.

Your help would be greatly appreciated on these items. Thanks in advance!

++++++++++++++++++++++++


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by mio at 23:05:38 on 2012-08-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1468 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Avira Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\mio\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
svchost.exe
C:\DOCUME~1\mio\LOCALS~1\Temp\clclean.0001
C:\Documents and Settings\mio\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
uStart Page = hxxp://news.google.com/?hl=en
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = 192.168.1.1;localhost;127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {0483894e-2422-45e0-8384-021aff1af3cd} - iOpus iMacros
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Google Update] "c:\documents and settings\mio\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRunOnce: [RunNarrator] Narrator.exe
uExplorerRun: [Google Update] "c:\documents and settings\mio\local settings\application data\google\update\GoogleUpdate.exe" /c
StartupFolder: c:\docume~1\mio\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\mio\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-explorer: nosimplestartmenu = 0 (0x0)
uPolicies-explorer: norecentdochistory = 0 (0x0)
uPolicies-explorer: maxrecentdocs = 25 (0x19)
uPolicies-explorer: noshutdown = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: facebook.com\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188380653390
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8187456D-DAE1-44F6-9BE8-4AC4A32F3544} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-5-1 36000]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-5-1 83392]
R2 FAD;FAD;c:\program files\broadcom\bacs\FADXP32.sys [2007-2-14 16352]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-28 1373576]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\nti\nti backup now ez\BackupNowEZSvr.exe [2011-9-23 45592]
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2010-10-8 6609920]
S1 SABKUTIL;SABKUTIL; [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-5-1 86224]
S2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-5-1 110032]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-12 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-4-5 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 efavdrv;efavdrv; [x]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-5-17 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-5-17 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-12 136176]
S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2008-1-10 34136]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-11-16 18432]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys --> c:\windows\system32\drivers\psi_mf.sys [?]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys --> c:\windows\system32\drivers\rcvpn.sys [?]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys --> c:\windows\system32\drivers\tapoas.sys [?]
S3 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2008-1-10 2385896]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; [x]
S4 OKI OPHC DCS Loader;OKI OPHC DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHCLDCS.EXE [2005-5-10 24576]
.
=============== Created Last 30 ================
.
2012-08-23 11:43:37 -------- d-----w- c:\program files\VS Revo Group
2012-08-21 22:53:44 54016 ----a-w- c:\windows\system32\drivers\dqdfb.sys
2012-08-20 07:16:46 -------- d-----w- c:\program files\DnsJumper
2012-08-18 08:40:05 67104 ----a-w- c:\windows\system32\drivers\OLD3D.tmp
2012-08-18 08:34:45 168576 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-08-18 08:34:32 67104 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-08-16 17:40:08 29760 ----a-w- c:\windows\system32\dllcache\OLD79A.tmp
2012-08-16 17:40:08 13894 ----a-w- c:\windows\system32\dllcache\OLD7A0.tmp
2012-08-16 17:40:08 113222 ----a-w- c:\windows\system32\dllcache\OLD79D.tmp
2012-08-16 17:40:07 4677 ----a-w- c:\windows\system32\dllcache\OLD797.tmp
2012-08-16 17:40:07 41029 ----a-w- c:\windows\system32\dllcache\OLD794.tmp
2012-08-16 17:40:07 36937 ----a-w- c:\windows\system32\dllcache\OLD791.tmp
2012-08-16 17:40:06 116224 ----a-w- c:\windows\system32\dllcache\OLD78E.tmp
2012-08-16 17:40:05 18944 ----a-w- c:\windows\system32\dllcache\OLD789.tmp
2012-08-16 17:39:43 19455 ----a-w- c:\windows\system32\dllcache\OLD77E.tmp
2012-08-16 17:39:40 12063 ----a-w- c:\windows\system32\dllcache\OLD77A.tmp
2012-08-16 17:39:38 8192 ----a-w- c:\windows\system32\dllcache\OLD776.tmp
2012-08-16 17:37:59 26112 ----a-w- c:\windows\system32\dllcache\OLD711.tmp
2012-08-16 17:36:52 101376 ----a-w- c:\windows\system32\dllcache\OLD6A5.tmp
2012-08-16 17:35:55 26112 ----a-w- c:\windows\system32\dllcache\OLD5F9.tmp
2012-08-16 17:34:56 482304 ----a-w- c:\windows\system32\dllcache\OLD552.tmp
2012-08-16 17:33:52 132695 ----a-w- c:\windows\system32\dllcache\OLD4EE.tmp
2012-08-16 17:33:31 229439 ----a-w- c:\windows\system32\dllcache\OLD4D9.tmp
2012-08-16 17:33:28 119808 ----a-w- c:\windows\system32\dllcache\OLD4D4.tmp
2012-08-16 17:32:58 49024 ----a-w- c:\windows\system32\dllcache\OLD4D1.tmp
2012-08-16 17:32:34 40960 ----a-w- c:\windows\system32\dllcache\OLD4CB.tmp
2012-08-16 17:32:34 22016 ----a-w- c:\windows\system32\dllcache\OLD4C7.tmp
2012-08-16 17:32:31 98304 ----a-w- c:\windows\system32\dllcache\OLD4C0.tmp
2012-08-16 17:32:31 1875968 ----a-w- c:\windows\system32\dllcache\OLD4C3.tmp
2012-08-16 17:32:15 126976 ----a-w- c:\windows\system32\dllcache\OLD4BD.tmp
2012-08-16 17:32:09 56832 ----a-w- c:\windows\system32\dllcache\OLD4B8.tmp
2012-08-16 17:32:09 51200 ----a-w- c:\windows\system32\dllcache\OLD4B4.tmp
2012-08-16 17:30:59 9216 ----a-w- c:\windows\system32\dllcache\OLD42D.tmp
2012-08-16 17:29:59 702845 ----a-w- c:\windows\system32\dllcache\OLD350.tmp
2012-08-16 17:29:50 10129408 ----a-w- c:\windows\system32\dllcache\OLD34A.tmp
2012-08-16 17:29:35 13463552 ----a-w- c:\windows\system32\dllcache\OLD347.tmp
2012-08-16 17:29:22 10096640 ----a-w- c:\windows\system32\dllcache\OLD344.tmp
2012-08-16 17:29:13 42573 ----a-w- c:\windows\system32\dllcache\OLD334.tmp
2012-08-16 17:29:12 57409 ----a-w- c:\windows\system32\dllcache\OLD32E.tmp
2012-08-16 17:29:12 1175635 ----a-w- c:\windows\system32\dllcache\OLD331.tmp
2012-08-16 17:29:10 39936 ----a-w- c:\windows\system32\dllcache\OLD31B.tmp
2012-08-16 17:29:08 20352 ----a-w- c:\windows\system32\dllcache\OLD315.tmp
2012-08-16 17:27:53 514587 ----a-w- c:\windows\system32\dllcache\OLD276.tmp
2012-08-16 17:27:07 206976 ----a-w- c:\windows\system32\dllcache\OLD26C.tmp
2012-08-16 17:27:02 8320 ----a-w- c:\windows\system32\dllcache\OLD267.tmp
2012-08-16 17:25:58 1677824 ----a-w- c:\windows\system32\dllcache\OLD1EC.tmp
2012-08-16 17:24:49 11776 ----a-w- c:\windows\system32\dllcache\OLDDE.tmp
2012-08-16 17:24:48 42577 ----a-w- c:\windows\system32\dllcache\OLDD1.tmp
2012-08-16 17:24:48 18432 ----a-w- c:\windows\system32\dllcache\OLDDA.tmp
2012-08-16 17:24:47 1817687 ----a-w- c:\windows\system32\dllcache\OLDCE.tmp
2012-08-16 17:24:44 82501 ----a-w- c:\windows\system32\dllcache\OLDCB.tmp
2012-08-16 17:24:37 13696 ----a-w- c:\windows\system32\dllcache\OLDBF.tmp
2012-08-16 17:24:36 38912 ----a-w- c:\windows\system32\dllcache\OLDB9.tmp
2012-08-16 17:24:03 45056 ----a-w- c:\windows\system32\dllcache\OLD9C.tmp
2012-08-16 17:24:03 331264 ----a-w- c:\windows\system32\dllcache\OLD9F.tmp
2012-08-16 17:24:01 36224 ----a-w- c:\windows\system32\dllcache\OLD97.tmp
2012-08-16 17:21:33 32827 ----a-w- c:\windows\system32\dllcache\OLD4B.tmp
2012-08-16 17:21:33 16384 ----a-w- c:\windows\system32\dllcache\OLD4E.tmp
2012-08-16 17:21:28 20536 ----a-w- c:\windows\system32\dllcache\OLD45.tmp
2012-08-16 17:21:28 16437 ----a-w- c:\windows\system32\dllcache\OLD48.tmp
2012-08-16 17:19:59 188480 ----a-w- c:\windows\system32\dllcache\OLDE.tmp
2012-08-16 17:19:57 16439 ----a-w- c:\windows\system32\dllcache\OLDB.tmp
2012-08-16 17:19:56 20540 ----a-w- c:\windows\system32\dllcache\OLD8.tmp
2012-08-16 17:19:50 16439 ----a-w- c:\windows\system32\dllcache\OLD5.tmp
2012-08-16 17:19:49 20540 ----a-w- c:\windows\system32\dllcache\OLD2.tmp
2012-08-16 12:38:35 -------- d-----w- C:\MGtools
2012-08-16 12:17:15 -------- d-----w- c:\program files\HitmanPro
2012-08-16 12:17:04 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-08-16 02:46:03 35552 ----a-w- c:\windows\system32\dllcache\wups.dll
2012-08-16 02:08:05 536576 ------w- c:\program files\common files\system\ado\SETA5.tmp
2012-08-16 02:08:05 536576 ------w- c:\program files\common files\system\ado\SET5E.tmp
2012-08-16 02:07:50 1172480 ------w- c:\windows\system32\SETA1.tmp
2012-08-16 02:07:50 1172480 ------w- c:\windows\system32\SET5A.tmp
2012-08-16 02:07:33 152576 ------w- c:\windows\system32\SET9D.tmp
2012-08-16 02:07:33 152576 ------w- c:\windows\system32\SET56.tmp
2012-08-14 14:33:24 1669749 ----a-w- C:\MGtools.exe
2012-08-04 23:13:44 53248 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\msihook.dll
2012-08-04 23:13:43 126976 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\knlwrap.exe
2012-08-04 23:13:41 114688 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\scpthdlr.dll
2012-08-04 18:48:02 54016 ----a-w- c:\windows\system32\drivers\brekgxt.sys
2012-08-03 19:51:34 -------- d-----w- c:\documents and settings\all users\application data\Registry First Aid
2012-08-03 12:37:28 -------- d-----w- c:\documents and settings\mio\application data\FixTDSS
2012-08-02 07:37:48 54016 ----a-w- c:\windows\system32\drivers\ihsp.sys
2012-07-30 19:23:36 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-07-30 12:32:53 171008 ----a-w- c:\windows\system32\OLD1D3.tmp
2012-07-29 08:28:45 -------- d-----w- c:\program files\ESET
2012-07-27 14:15:49 13894 ----a-w- c:\windows\system32\dllcache\OLD75D.tmp
2012-07-27 14:15:48 113222 ----a-w- c:\windows\system32\dllcache\OLD75A.tmp
2012-07-27 14:15:46 4677 ----a-w- c:\windows\system32\dllcache\OLD754.tmp
2012-07-27 14:15:46 29760 ----a-w- c:\windows\system32\dllcache\OLD757.tmp
2012-07-27 14:15:45 41029 ----a-w- c:\windows\system32\dllcache\OLD751.tmp
2012-07-27 14:15:45 36937 ----a-w- c:\windows\system32\dllcache\OLD74E.tmp
2012-07-27 14:15:45 116224 ----a-w- c:\windows\system32\dllcache\OLD74B.tmp
2012-07-27 14:15:44 18944 ----a-w- c:\windows\system32\dllcache\OLD746.tmp
2012-07-27 14:15:36 19455 ----a-w- c:\windows\system32\dllcache\OLD73B.tmp
2012-07-27 14:15:25 12063 ----a-w- c:\windows\system32\dllcache\OLD737.tmp
2012-07-27 14:15:23 8192 ----a-w- c:\windows\system32\dllcache\OLD733.tmp
2012-07-27 14:12:59 76288 ----a-w- c:\windows\system32\dllcache\OLD6C6.tmp
2012-07-27 14:11:58 101376 ----a-w- c:\windows\system32\dllcache\OLD66D.tmp
2012-07-27 14:10:59 753236 ----a-w- c:\windows\system32\dllcache\OLD58E.tmp
2012-07-27 14:09:20 2069120 ----a-w- c:\windows\system32\dllcache\OLD4DC.tmp
2012-07-27 14:09:08 38912 ----a-w- c:\windows\system32\dllcache\OLD4D8.tmp
2012-07-27 14:09:06 28672 ----a-w- c:\windows\system32\dllcache\OLD4D2.tmp
2012-07-27 14:08:57 132695 ----a-w- c:\windows\system32\dllcache\OLD4CA.tmp
2012-07-27 14:08:44 229439 ----a-w- c:\windows\system32\dllcache\OLD4B5.tmp
2012-07-27 14:08:42 119808 ----a-w- c:\windows\system32\dllcache\OLD4B1.tmp
2012-07-27 14:08:18 49024 ----a-w- c:\windows\system32\dllcache\OLD4AE.tmp
2012-07-27 14:08:06 40960 ----a-w- c:\windows\system32\dllcache\OLD4A8.tmp
2012-07-27 14:08:05 22016 ----a-w- c:\windows\system32\dllcache\OLD4A5.tmp
2012-07-27 14:08:04 98304 ----a-w- c:\windows\system32\dllcache\OLD49E.tmp
2012-07-27 14:08:04 1875968 ----a-w- c:\windows\system32\dllcache\OLD4A1.tmp
2012-07-27 14:06:55 70656 ----a-w- c:\windows\system32\dllcache\OLD43A.tmp
2012-07-27 14:05:48 10129408 ----a-w- c:\windows\system32\dllcache\OLD336.tmp
2012-07-27 14:05:27 13463552 ----a-w- c:\windows\system32\dllcache\OLD333.tmp
2012-07-27 14:05:20 10096640 ----a-w- c:\windows\system32\dllcache\OLD330.tmp
2012-07-27 14:05:16 42573 ----a-w- c:\windows\system32\dllcache\OLD320.tmp
2012-07-27 14:05:15 57409 ----a-w- c:\windows\system32\dllcache\OLD31A.tmp
2012-07-27 14:05:15 1175635 ----a-w- c:\windows\system32\dllcache\OLD31D.tmp
2012-07-27 14:05:13 39936 ----a-w- c:\windows\system32\dllcache\OLD307.tmp
2012-07-27 14:05:11 20352 ----a-w- c:\windows\system32\dllcache\OLD302.tmp
2012-07-27 14:05:09 36864 ----a-w- c:\windows\system32\dllcache\OLD2FD.tmp
2012-07-27 14:05:08 28288 ----a-w- c:\windows\system32\dllcache\OLD2F7.tmp
2012-07-27 14:03:52 206976 ----a-w- c:\windows\system32\dllcache\OLD25F.tmp
2012-07-27 14:03:48 8320 ----a-w- c:\windows\system32\dllcache\OLD25A.tmp
2012-07-27 14:03:36 78848 ----a-w- c:\windows\system32\dllcache\OLD232.tmp
2012-07-27 14:03:29 48640 ----a-w- c:\windows\system32\dllcache\OLD226.tmp
2012-07-27 14:03:28 249856 ----a-w- c:\windows\system32\dllcache\OLD21B.tmp
2012-07-27 14:03:24 18944 ----a-w- c:\windows\system32\dllcache\OLD211.tmp
2012-07-27 14:03:23 57399 ----a-w- c:\windows\system32\dllcache\OLD20C.tmp
2012-07-27 14:03:08 1039955 ----a-w- c:\windows\system32\dllcache\OLD207.tmp
2012-07-27 14:03:06 217160 ----a-w- c:\windows\system32\dllcache\OLD204.tmp
2012-07-27 14:03:02 480256 ----a-w- c:\windows\system32\dllcache\OLD1FB.tmp
2012-07-27 14:03:01 21504 ----a-w- c:\windows\system32\dllcache\OLD1F8.tmp
2012-07-27 14:03:01 198656 ----a-w- c:\windows\system32\dllcache\OLD1F5.tmp
2012-07-27 14:01:32 18432 ----a-w- c:\windows\system32\dllcache\OLDD5.tmp
2012-07-27 14:01:32 11776 ----a-w- c:\windows\system32\dllcache\OLDD9.tmp
2012-07-27 14:01:31 42577 ----a-w- c:\windows\system32\dllcache\OLDCD.tmp
2012-07-27 14:01:29 1817687 ----a-w- c:\windows\system32\dllcache\OLDCA.tmp
2012-07-27 14:01:28 82501 ----a-w- c:\windows\system32\dllcache\OLDC7.tmp
2012-07-27 14:01:22 13696 ----a-w- c:\windows\system32\dllcache\OLDBC.tmp
2012-07-27 14:01:21 38912 ----a-w- c:\windows\system32\dllcache\OLDB7.tmp
2012-07-27 13:52:39 32827 ----a-w- c:\windows\system32\dllcache\OLD4D.tmp
2012-07-27 13:52:39 16384 ----a-w- c:\windows\system32\dllcache\OLD50.tmp
2012-07-27 13:52:35 16437 ----a-w- c:\windows\system32\dllcache\OLD4A.tmp
2012-07-27 13:52:34 20536 ----a-w- c:\windows\system32\dllcache\OLD47.tmp
2012-07-27 13:52:10 2192640 ----a-w- c:\windows\system32\dllcache\OLD43.tmp
2012-07-24 21:38:05 -------- d-----w- c:\documents and settings\mio\application data\SUPERAntiSpyware.com
2012-07-24 21:36:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-24 21:36:40 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
.
==================== Find3M ====================
.
2012-08-23 21:02:58 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-23 21:02:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58:52 337920 ----a-w- c:\windows\system32\SET10B.tmp
2012-07-06 13:58:52 337920 ------w- c:\windows\system32\SETA6.tmp
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\SET10C.tmp
2012-07-06 13:58:51 78336 ------w- c:\windows\system32\SETA7.tmp
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 21:19:34 11111424 ------w- c:\windows\system32\SETD2.tmp
2012-07-02 21:19:34 11111424 ------w- c:\windows\system32\SETA0.tmp
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-13 13:19:59 1866112 ------w- c:\windows\system32\_000008_.tmp.dll
2012-06-08 14:26:20 8462848 ----a-w- c:\windows\system32\SETAF.tmp
2012-06-08 14:26:20 8462848 ------w- c:\windows\system32\SETB5.tmp
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\SETBF.tmp
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\SETCE.tmp
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\SETCD.tmp
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\SETBE.tmp
2012-06-05 15:50:25 1172480 ------w- c:\windows\system32\SETCC.tmp
2012-06-05 15:50:25 1172480 ------w- c:\windows\system32\SETCB.tmp
2012-06-05 15:50:25 1172480 ------w- c:\windows\system32\SET55.tmp
2012-06-05 15:50:25 1172480 ------w- c:\windows\system32\SET54.tmp
2012-06-04 15:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\SETB3.tmp
2012-06-04 04:32:08 152576 ------w- c:\windows\system32\SETC1.tmp
2012-06-04 04:32:08 152576 ------w- c:\windows\system32\SETC0.tmp
2012-06-04 04:32:08 152576 ------w- c:\windows\system32\SET67.tmp
2012-06-04 04:32:08 152576 ------w- c:\windows\system32\SET65.tmp
2012-06-02 13:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 23:07:43.26 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-24 08:12:34
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS721080G9SA00 rev.MC4OC10H
Running: odsh42in.exe; Driver: C:\DOCUME~1\mio\LOCALS~1\Temp\pxtdapog.sys


---- System - GMER 1.0.15 ----

SSDT BA7D7C3C ZwClose
SSDT BA7D7BF6 ZwCreateKey
SSDT BA7D7C46 ZwCreateSection
SSDT BA7D7BEC ZwCreateThread
SSDT BA7D7BFB ZwDeleteKey
SSDT BA7D7C05 ZwDeleteValueKey
SSDT BA7D7C37 ZwDuplicateObject
SSDT BA7D7C0A ZwLoadKey
SSDT BA7D7BD8 ZwOpenProcess
SSDT BA7D7BDD ZwOpenThread
SSDT BA7D7C5F ZwQueryValueKey
SSDT BA7D7C14 ZwReplaceKey
SSDT BA7D7C50 ZwRequestWaitReplyPort
SSDT BA7D7C0F ZwRestoreKey
SSDT BA7D7C4B ZwSetContextThread
SSDT BA7D7C55 ZwSetSecurityObject
SSDT BA7D7C00 ZwSetValueKey
SSDT BA7D7C5A ZwSystemDebugControl
SSDT BA7D7BE7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xB0652280]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device ABD2CD20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextSqmReportTime 2012-06-19 16:45:55
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@StartTime 2012/08/04-23:24:35
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19@ProfileLoadTimeLow -1644574886
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19@ProfileLoadTimeHigh 30241415
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20@ProfileLoadTimeLow -1972231136
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20@ProfileLoadTimeHigh 30241415
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3452390413-2444005890-489904141-1007@ProfileLoadTimeLow -1952543636
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3452390413-2444005890-489904141-1007@ProfileLoadTimeHigh 30241415
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----

ComboFix 12-08-22.03 - mio 08/24/2012 9:30:36.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1342 [GMT 2:00]
Running from: C:\Documents and Settings\mio\Desktop\MultiRipar.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Avira Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

ADS - WINDOWS: deleted 192 bytes in 1 streams.

----------------------------------


# AdwCleaner v1.801 - Logfile created 08/24/2012 at 08:36:57
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : mio - PONI
# Boot Mode : Normal
# Running from : C:\Documents and Settings\mio\desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Headlight
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

***** [Registre - GUID] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Documents and Settings\mio\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found : "description": "The fastest way to search the web.",
Found : "description": "Make calls, send SMS, preview Inbox, and get notified of new messages[...]

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found : "description": "The fastest way to search the web.",

*************************

AdwCleaner[R1].txt - [1694 octets] - [24/08/2012 08:36:57]

########## EOF - C:\AdwCleaner[R1].txt - [1822 octets] ##########


Results of screen317's Security Check version 0.99.46
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Free Antivirus
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (2.0.0.4003)
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
JavaFX 2.1.0
Java™ 7 Update 4
Java version out of Date!
Adobe Flash Player 11.3.300.271
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 24% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
Attached File  attach.zip   3.98KB   0 downloads

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:06 AM

Posted 25 August 2012 - 06:42 AM

Remove the AdWare.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

p.s.
The ComboFix log was not complete. Please post also the complete log for my review.

Let me know what problems persists.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:06 AM

Posted 25 August 2012 - 06:42 AM

Sorry double post.

Edited by nasdaq, 25 August 2012 - 06:43 AM.


#8 sosmoi

sosmoi
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 25 August 2012 - 08:17 PM

nasdaq, no worries about the double post. thanks for hanging in there with me. I ran the apps you asked for and posted their logs below. See also ZIP attached.

AdwCleaner ran and I deleted all it found then it restarted my computer.

Tdsskiller only found combofix as a "suspect" file. And I "skipped" it.

aswMBR hung three times on System32/afd.dll??? I ran it successfully though only after running and restarting with Combofix and by "not" selecting to download Avast's most recent updates first when prompted.

Combofix ran, and immediately got a windows Error: "Combofix Reg Save Error. Error saving file C:WINDOWS\erdnt\Hiv-backup\SOFTWARE ! [RegSaveKeyEx: 1016 - An I/O operation initiated by the registry failed unrecoverably. The registry could not read in, or write out, or flush, one of the files that contain the system's image of the registry]" I selected "Yes" to continue scanning. Then Combofix detected Avira AV Free running, but it is broken/disabled? Combofix also detected AVG running but I uninstalled AVG 4 months ago??? I even used the AVG cleanup remover tool more than once to assure its removal. I clicked "Yes to have Combofix continue scanning "at my own risk" since I could not figure out how to uninstall/disable the AV warnings. I cannot disable Avira from as it wount launch, nor from Add/Remove Progs nor stop the service from Services.msc. Then CF tried to install Windows Recovery Console but failed to reach MS server. Note: I had Windows recovery console but now its gone from the Startup list??? Then Combofix ran and gave an error after Scan Step_2 about "dumping hives". I clicked "Yes" to continue. CF completed the scan restarted (much faster boot!).



- - - - - - - - -
# AdwCleaner v1.801 - Logfile created 08/26/2012 at 01:17:25
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : mio - PONI
# Boot Mode : Normal
# Running from : C:\Documents and Settings\mio\desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Headlight
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

***** [Registre - GUID] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Documents and Settings\mio\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",
Deleted : "description": "Make calls, send SMS, preview Inbox, and get notified of new messages[...]

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",

*************************

AdwCleaner[R2].txt - [1662 octets] - [26/08/2012 01:15:13]
AdwCleaner[S1].txt - [297 octets] - [26/08/2012 01:15:52]
AdwCleaner[R3].txt - [1721 octets] - [26/08/2012 01:16:51]
AdwCleaner[S2].txt - [1666 octets] - [26/08/2012 01:17:25]

########## EOF - C:\AdwCleaner[S2].txt - [1794 octets] ##########

01:23:42.0296 2768 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
01:23:42.0343 2768 ============================================================
01:23:42.0343 2768 Current date / time: 2012/08/26 01:23:42.0343
01:23:42.0343 2768 SystemInfo:
01:23:42.0343 2768
01:23:42.0343 2768 OS Version: 5.1.2600 ServicePack: 3.0
01:23:42.0343 2768 Product type: Workstation
01:23:42.0343 2768 ComputerName: PONI
01:23:42.0343 2768 UserName: mio
01:23:42.0343 2768 Windows directory: C:\WINDOWS
01:23:42.0343 2768 System windows directory: C:\WINDOWS
01:23:42.0343 2768 Processor architecture: Intel x86
01:23:42.0343 2768 Number of processors: 2
01:23:42.0343 2768 Page size: 0x1000
01:23:42.0343 2768 Boot type: Normal boot
01:23:42.0343 2768 ============================================================
01:23:42.0843 2768 Drive \Device\Harddisk0\DR0 - Size: 0x1248119400 (73.13 Gb), SectorSize: 0x200, Cylinders: 0x254A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
01:23:42.0843 2768 ============================================================
01:23:42.0843 2768 \Device\Harddisk0\DR0:
01:23:42.0843 2768 MBR partitions:
01:23:42.0843 2768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x6970062
01:23:42.0875 2768 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6987928, BlocksNum 0x1378FF7
01:23:42.0890 2768 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7D0095E, BlocksNum 0xDAA83D
01:23:42.0890 2768 ============================================================
01:23:42.0921 2768 C: <-> \Device\Harddisk0\DR0\Partition1
01:23:42.0968 2768 D: <-> \Device\Harddisk0\DR0\Partition2
01:23:43.0000 2768 U: <-> \Device\Harddisk0\DR0\Partition3
01:23:43.0000 2768 ============================================================
01:23:43.0000 2768 Initialize success
01:23:43.0000 2768 ============================================================
01:23:44.0687 2840 ============================================================
01:23:44.0687 2840 Scan started
01:23:44.0687 2840 Mode: Manual;
01:23:44.0687 2840 ============================================================
01:23:45.0281 2840 ================ Scan system memory ========================
01:23:45.0281 2840 System memory - ok
01:23:45.0281 2840 ================ Scan services =============================
01:23:45.0546 2840 Abiosdsk - ok
01:23:45.0578 2840 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
01:23:45.0578 2840 abp480n5 - ok
01:23:45.0687 2840 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:23:45.0703 2840 ACPI - ok
01:23:45.0718 2840 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
01:23:45.0718 2840 ACPIEC - ok
01:23:45.0796 2840 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:23:45.0796 2840 AdobeFlashPlayerUpdateSvc - ok
01:23:45.0812 2840 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
01:23:45.0812 2840 adpu160m - ok
01:23:45.0843 2840 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
01:23:45.0859 2840 aec - ok
01:23:47.0406 2840 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
01:23:47.0421 2840 AFD - ok
01:23:47.0453 2840 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
01:23:47.0484 2840 agp440 - ok
01:23:47.0593 2840 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
01:23:47.0640 2840 agpCPQ - ok
01:23:47.0734 2840 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
01:23:47.0765 2840 Aha154x - ok
01:23:47.0796 2840 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
01:23:47.0828 2840 aic78u2 - ok
01:23:47.0843 2840 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
01:23:47.0859 2840 aic78xx - ok
01:23:48.0015 2840 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
01:23:48.0031 2840 Alerter - ok
01:23:48.0093 2840 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
01:23:48.0093 2840 ALG - ok
01:23:48.0140 2840 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
01:23:48.0156 2840 AliIde - ok
01:23:48.0156 2840 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
01:23:48.0171 2840 alim1541 - ok
01:23:48.0171 2840 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
01:23:48.0218 2840 amdagp - ok
01:23:48.0234 2840 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
01:23:48.0250 2840 amsint - ok
01:23:48.0796 2840 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
01:23:48.0796 2840 AntiVirSchedulerService - ok
01:23:48.0828 2840 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
01:23:48.0828 2840 AntiVirService - ok
01:23:48.0906 2840 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:23:48.0906 2840 Apple Mobile Device - ok
01:23:48.0984 2840 AppMgmt - ok
01:23:49.0062 2840 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
01:23:49.0062 2840 Arp1394 - ok
01:23:49.0093 2840 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
01:23:49.0093 2840 asc - ok
01:23:49.0093 2840 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
01:23:49.0093 2840 asc3350p - ok
01:23:49.0109 2840 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
01:23:49.0109 2840 asc3550 - ok
01:23:49.0234 2840 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
01:23:49.0250 2840 aspnet_state - ok
01:23:49.0250 2840 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:23:49.0250 2840 AsyncMac - ok
01:23:49.0281 2840 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
01:23:49.0281 2840 atapi - ok
01:23:49.0281 2840 Atdisk - ok
01:23:49.0390 2840 [ 3B11BE07AF444314794372AF5D7C9A5A ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
01:23:49.0406 2840 Ati HotKey Poller - ok
01:23:49.0640 2840 [ 2573C08729DD52B7B4F18DF1592E0B37 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
01:23:49.0656 2840 ati2mtag - ok
01:23:49.0671 2840 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:23:49.0687 2840 Atmarpc - ok
01:23:49.0718 2840 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
01:23:49.0718 2840 AudioSrv - ok
01:23:49.0781 2840 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
01:23:49.0781 2840 audstub - ok
01:23:49.0859 2840 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
01:23:49.0859 2840 avgntflt - ok
01:23:49.0875 2840 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
01:23:49.0875 2840 avipbb - ok
01:23:49.0875 2840 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
01:23:49.0875 2840 avkmgr - ok
01:23:49.0953 2840 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
01:23:49.0953 2840 bcm4sbxp - ok
01:23:49.0953 2840 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
01:23:49.0953 2840 Beep - ok
01:23:50.0000 2840 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
01:23:50.0062 2840 BITS - ok
01:23:50.0125 2840 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:23:50.0125 2840 Bonjour Service - ok
01:23:50.0156 2840 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
01:23:50.0171 2840 Browser - ok
01:23:50.0281 2840 [ 8893AE0B6B9B60E0521A60E8B2160216 ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
01:23:50.0281 2840 btaudio - ok
01:23:50.0343 2840 [ FDE318E3569F57264AF74B7E431F60AE ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
01:23:50.0343 2840 BTDriver - ok
01:23:51.0062 2840 [ 9C3C8B9E2EDA516EB44B51DAB81DBD68 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
01:23:51.0078 2840 BTKRNL - ok
01:23:51.0140 2840 [ 089F7526FF41C17B0A43896D0553D5A2 ] BTSERIAL C:\WINDOWS\system32\drivers\btserial.sys
01:23:51.0140 2840 BTSERIAL - ok
01:23:51.0203 2840 [ 3A462EBA453D84D036046772104CFBCB ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
01:23:51.0203 2840 btwdins - ok
01:23:51.0234 2840 [ 28531AB3183F498E58D93D585E6A6B70 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
01:23:51.0234 2840 BTWDNDIS - ok
01:23:51.0265 2840 [ C5C0E21C67089F053B964E0A8B8ADBAC ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
01:23:51.0281 2840 btwhid - ok
01:23:51.0312 2840 [ 7D295223C172AB4D61DC256721B2F09E ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
01:23:51.0312 2840 btwmodem - ok
01:23:51.0421 2840 [ 56C701580F2891952761362BA7594B3D ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
01:23:51.0421 2840 BTWUSB - ok
01:23:51.0593 2840 catchme - ok
01:23:51.0609 2840 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
01:23:51.0625 2840 cbidf - ok
01:23:51.0625 2840 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
01:23:51.0625 2840 cbidf2k - ok
01:23:51.0687 2840 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:23:51.0687 2840 CCDECODE - ok
01:23:51.0703 2840 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
01:23:51.0703 2840 cd20xrnt - ok
01:23:51.0718 2840 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
01:23:51.0718 2840 Cdaudio - ok
01:23:51.0750 2840 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
01:23:51.0750 2840 Cdfs - ok
01:23:51.0765 2840 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:23:51.0765 2840 Cdrom - ok
01:23:51.0765 2840 Changer - ok
01:23:51.0812 2840 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
01:23:51.0812 2840 CiSvc - ok
01:23:51.0828 2840 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
01:23:51.0843 2840 ClipSrv - ok
01:23:51.0875 2840 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:23:51.0968 2840 clr_optimization_v2.0.50727_32 - ok
01:23:52.0000 2840 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
01:23:52.0000 2840 CmBatt - ok
01:23:52.0046 2840 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
01:23:52.0046 2840 CmdIde - ok
01:23:52.0093 2840 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
01:23:52.0093 2840 Compbatt - ok
01:23:52.0109 2840 COMSysApp - ok
01:23:52.0125 2840 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
01:23:52.0125 2840 Cpqarray - ok
01:23:52.0156 2840 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
01:23:52.0156 2840 cpudrv - ok
01:23:52.0203 2840 [ 7DB5E3F44D797BD38B8E336CCC2E49D5 ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
01:23:52.0203 2840 Creative Labs Licensing Service - ok
01:23:52.0234 2840 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
01:23:52.0250 2840 Creative Service for CDROM Access - ok
01:23:52.0296 2840 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
01:23:52.0296 2840 CryptSvc - ok
01:23:52.0390 2840 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
01:23:52.0390 2840 ctsfm2k - ok
01:23:52.0437 2840 [ 4EE8822ADB764EDD28CE44E808097995 ] CTUSFSYN C:\WINDOWS\system32\drivers\ctusfsyn.sys
01:23:52.0437 2840 CTUSFSYN - ok
01:23:52.0453 2840 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
01:23:52.0453 2840 dac2w2k - ok
01:23:52.0468 2840 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
01:23:52.0468 2840 dac960nt - ok
01:23:52.0578 2840 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
01:23:52.0593 2840 DcomLaunch - ok
01:23:52.0625 2840 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
01:23:52.0640 2840 Dhcp - ok
01:23:52.0671 2840 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
01:23:52.0671 2840 Disk - ok
01:23:52.0671 2840 dmadmin - ok
01:23:52.0750 2840 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
01:23:52.0765 2840 dmboot - ok
01:23:52.0781 2840 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
01:23:52.0781 2840 dmio - ok
01:23:52.0796 2840 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
01:23:52.0796 2840 dmload - ok
01:23:52.0812 2840 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
01:23:52.0812 2840 dmserver - ok
01:23:52.0859 2840 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
01:23:52.0859 2840 DMusic - ok
01:23:52.0906 2840 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
01:23:52.0906 2840 Dnscache - ok
01:23:52.0953 2840 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
01:23:52.0953 2840 Dot3svc - ok
01:23:52.0953 2840 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
01:23:52.0953 2840 dpti2o - ok
01:23:52.0984 2840 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
01:23:52.0984 2840 drmkaud - ok
01:23:52.0984 2840 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
01:23:53.0000 2840 E100B - ok
01:23:53.0093 2840 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
01:23:53.0093 2840 EapHost - ok
01:23:53.0125 2840 efavdrv - ok
01:23:53.0187 2840 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys
01:23:53.0187 2840 epmntdrv - ok
01:23:53.0234 2840 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
01:23:53.0234 2840 ERSvc - ok
01:23:53.0265 2840 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys
01:23:53.0265 2840 EuGdiDrv - ok
01:23:53.0312 2840 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
01:23:53.0312 2840 Eventlog - ok
01:23:53.0406 2840 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
01:23:53.0406 2840 EventSystem - ok
01:23:53.0437 2840 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
01:23:53.0437 2840 Fastfat - ok
01:23:53.0500 2840 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
01:23:53.0515 2840 FastUserSwitchingCompatibility - ok
01:23:53.0562 2840 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
01:23:53.0562 2840 Fdc - ok
01:23:53.0593 2840 [ 20FE03294AC1429AE88A64C2F754B0D4 ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
01:23:53.0593 2840 FilterService - ok
01:23:53.0609 2840 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
01:23:53.0609 2840 Fips - ok
01:23:53.0609 2840 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
01:23:53.0609 2840 Flpydisk - ok
01:23:53.0671 2840 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
01:23:53.0687 2840 FltMgr - ok
01:23:53.0765 2840 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:23:53.0765 2840 FontCache3.0.0.0 - ok
01:23:53.0765 2840 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:23:53.0781 2840 Fs_Rec - ok
01:23:53.0796 2840 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:23:53.0796 2840 Ftdisk - ok
01:23:53.0812 2840 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GearAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
01:23:53.0812 2840 GearAspiWDM - ok
01:23:53.0859 2840 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:23:53.0859 2840 Gpc - ok
01:23:53.0921 2840 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
01:23:53.0921 2840 gupdate - ok
01:23:53.0937 2840 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
01:23:53.0937 2840 gupdatem - ok
01:23:55.0453 2840 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
01:23:55.0625 2840 hamachi - ok
01:23:55.0703 2840 [ FA89C0429821C7C429EEC7A0CE1C02D3 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
01:23:55.0734 2840 Hamachi2Svc - ok
01:23:55.0750 2840 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
01:23:55.0765 2840 HDAudBus - ok
01:23:55.0843 2840 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:23:55.0843 2840 helpsvc - ok
01:23:55.0875 2840 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
01:23:55.0890 2840 HidServ - ok
01:23:55.0921 2840 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:23:55.0921 2840 HidUsb - ok
01:23:55.0953 2840 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
01:23:55.0953 2840 hkmsvc - ok
01:23:55.0968 2840 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
01:23:55.0968 2840 hpn - ok
01:23:56.0000 2840 [ 1C8CAA80E91FB71864E9426F9EED048D ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
01:23:56.0015 2840 HSFHWAZL - ok
01:23:56.0125 2840 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
01:23:56.0140 2840 HSF_DPV - ok
01:23:56.0187 2840 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
01:23:56.0203 2840 HTTP - ok
01:23:56.0250 2840 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
01:23:56.0265 2840 HTTPFilter - ok
01:23:56.0265 2840 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
01:23:56.0265 2840 i2omgmt - ok
01:23:56.0281 2840 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
01:23:56.0281 2840 i2omp - ok
01:23:56.0296 2840 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:23:56.0296 2840 i8042prt - ok
01:23:56.0359 2840 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
01:23:56.0375 2840 IDriverT - ok
01:23:56.0468 2840 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:23:56.0500 2840 idsvc - ok
01:23:56.0562 2840 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
01:23:56.0562 2840 Imapi - ok
01:23:56.0609 2840 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
01:23:56.0625 2840 ImapiService - ok
01:23:56.0656 2840 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
01:23:56.0656 2840 ini910u - ok
01:23:56.0656 2840 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
01:23:56.0656 2840 IntelIde - ok
01:23:56.0687 2840 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:23:56.0687 2840 intelppm - ok
01:23:56.0703 2840 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
01:23:56.0703 2840 Ip6Fw - ok
01:23:56.0718 2840 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:23:56.0718 2840 IpFilterDriver - ok
01:23:56.0718 2840 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:23:56.0734 2840 IpInIp - ok
01:23:56.0734 2840 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:23:56.0734 2840 IpNat - ok
01:23:56.0796 2840 [ 6351B24DC3CB7DFFDE917D1276EE166C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:23:56.0828 2840 iPod Service - ok
01:23:56.0859 2840 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:23:56.0875 2840 IPSec - ok
01:23:56.0890 2840 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
01:23:56.0890 2840 IRENUM - ok
01:23:56.0937 2840 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:23:56.0937 2840 isapnp - ok
01:23:57.0015 2840 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
01:23:57.0015 2840 JavaQuickStarterService - ok
01:23:57.0015 2840 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:23:57.0015 2840 Kbdclass - ok
01:23:57.0031 2840 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:23:57.0031 2840 kbdhid - ok
01:23:57.0046 2840 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
01:23:57.0046 2840 kmixer - ok
01:23:57.0109 2840 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
01:23:57.0109 2840 KSecDD - ok
01:23:57.0156 2840 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
01:23:57.0156 2840 lanmanserver - ok
01:23:57.0203 2840 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
01:23:57.0218 2840 lanmanworkstation - ok
01:23:57.0218 2840 lbrtfdc - ok
01:23:57.0265 2840 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
01:23:57.0265 2840 LmHosts - ok
01:23:57.0281 2840 LVcKap - ok
01:23:57.0281 2840 LVMVDrv - ok
01:23:57.0328 2840 [ 8BE71D7EDB8C7494913722059F760DD0 ] LVPr2Mon C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
01:23:57.0328 2840 LVPr2Mon - ok
01:23:57.0375 2840 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
01:23:57.0375 2840 LVRS - ok
01:23:57.0406 2840 [ 6AD3F5275F117F08C12EAB2233A9E3FB ] LVUSBSta C:\WINDOWS\system32\drivers\lvusbsta.sys
01:23:57.0406 2840 LVUSBSta - ok
01:23:57.0578 2840 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
01:23:57.0781 2840 LVUVC - ok
01:23:57.0812 2840 [ A3E700D78EEC390F1208098CDCA5C6B6 ] MarvinBus C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
01:23:57.0828 2840 MarvinBus - ok
01:23:57.0890 2840 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
01:23:57.0890 2840 MDM - ok
01:23:57.0921 2840 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
01:23:57.0921 2840 mdmxsdk - ok
01:23:57.0968 2840 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
01:23:57.0968 2840 Messenger - ok
01:23:58.0000 2840 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
01:23:58.0000 2840 mnmdd - ok
01:23:58.0062 2840 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
01:23:58.0062 2840 mnmsrvc - ok
01:23:58.0093 2840 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
01:23:58.0093 2840 Modem - ok
01:23:58.0250 2840 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] monfilt C:\WINDOWS\system32\drivers\monfilt.sys
01:23:58.0296 2840 monfilt - ok
01:23:58.0328 2840 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:23:58.0328 2840 Mouclass - ok
01:23:58.0406 2840 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:23:58.0406 2840 mouhid - ok
01:23:58.0421 2840 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
01:23:58.0421 2840 MountMgr - ok
01:23:58.0437 2840 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
01:23:58.0437 2840 mraid35x - ok
01:23:58.0453 2840 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:23:58.0453 2840 MRxDAV - ok
01:23:58.0484 2840 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:23:58.0484 2840 MRxSmb - ok
01:23:58.0531 2840 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
01:23:58.0531 2840 MSDTC - ok
01:23:58.0531 2840 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
01:23:58.0546 2840 Msfs - ok
01:23:58.0578 2840 [ 1BF0EECE5D9268D3B822E6C50DBD085F ] MSHUSBVideo C:\WINDOWS\system32\Drivers\nx6000.sys
01:23:58.0578 2840 MSHUSBVideo - ok
01:23:58.0578 2840 MSIServer - ok
01:23:58.0593 2840 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:23:58.0593 2840 MSKSSRV - ok
01:23:58.0609 2840 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:23:58.0609 2840 MSPCLOCK - ok
01:23:58.0625 2840 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
01:23:58.0625 2840 MSPQM - ok
01:23:58.0640 2840 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:23:58.0640 2840 mssmbios - ok
01:23:58.0640 2840 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
01:23:58.0640 2840 MSTEE - ok
01:23:58.0671 2840 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
01:23:58.0671 2840 Mup - ok
01:23:58.0687 2840 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:23:58.0703 2840 NABTSFEC - ok
01:23:58.0734 2840 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
01:23:58.0750 2840 napagent - ok
01:23:58.0796 2840 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
01:23:58.0796 2840 NDIS - ok
01:23:58.0796 2840 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:23:58.0812 2840 NdisIP - ok
01:23:58.0828 2840 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:23:58.0828 2840 NdisTapi - ok
01:23:58.0843 2840 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:23:58.0843 2840 Ndisuio - ok
01:23:58.0859 2840 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:23:58.0875 2840 NdisWan - ok
01:23:58.0890 2840 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
01:23:58.0890 2840 NDProxy - ok
01:23:58.0906 2840 [ 7AFD0E39AB15CB355487B7CC19F4E2C5 ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl.sys
01:23:58.0906 2840 Netaapl - ok
01:23:58.0921 2840 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
01:23:58.0921 2840 NetBIOS - ok
01:23:58.0968 2840 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
01:23:58.0968 2840 NetBT - ok
01:23:59.0015 2840 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
01:23:59.0015 2840 NetDDE - ok
01:23:59.0031 2840 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
01:23:59.0031 2840 NetDDEdsdm - ok
01:23:59.0062 2840 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
01:23:59.0078 2840 Netlogon - ok
01:23:59.0125 2840 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
01:23:59.0125 2840 Netman - ok
01:23:59.0171 2840 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:23:59.0171 2840 NetTcpPortSharing - ok
01:23:59.0531 2840 [ 71371ED9086A3D65F43967C89634E9A9 ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
01:23:59.0593 2840 NETw3x32 - ok
01:23:59.0796 2840 [ 88100EBDD10309FBD445EF8E42452EAE ] NETw4x32 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
01:23:59.0859 2840 NETw4x32 - ok
01:24:00.0312 2840 [ 91F027C242D3FF6E5C09F92A0518297F ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
01:24:00.0890 2840 NETw5x32 - ok
01:24:01.0218 2840 [ 72062B53186E4A3F5FCBC41EBB62B905 ] NETwLx32 C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
01:24:01.0625 2840 NETwLx32 - ok
01:24:01.0640 2840 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
01:24:01.0640 2840 NIC1394 - ok
01:24:01.0703 2840 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
01:24:01.0703 2840 Nla - ok
01:24:01.0718 2840 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
01:24:01.0718 2840 Npfs - ok
01:24:01.0750 2840 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
01:24:01.0765 2840 Ntfs - ok
01:24:01.0828 2840 [ 07953351A3424BAA50FC5C4A1434FB04 ] NTI BackupNowEZSvr C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
01:24:01.0828 2840 NTI BackupNowEZSvr - ok
01:24:01.0843 2840 [ 8055859B87AC3E504ECE0C1E9353CC4E ] NTIDrvr C:\WINDOWS\system32\drivers\NTIDrvr.sys
01:24:01.0859 2840 NTIDrvr - ok
01:24:01.0875 2840 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
01:24:01.0875 2840 NtLmSsp - ok
01:24:01.0921 2840 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
01:24:01.0937 2840 NtmsSvc - ok
01:24:01.0984 2840 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
01:24:01.0984 2840 Null - ok
01:24:02.0218 2840 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
01:24:02.0250 2840 nv - ok
01:24:02.0296 2840 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:24:02.0296 2840 NwlnkFlt - ok
01:24:02.0296 2840 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:24:02.0296 2840 NwlnkFwd - ok
01:24:02.0312 2840 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
01:24:02.0312 2840 ohci1394 - ok
01:24:02.0343 2840 [ D380169A634C045FE55DC9E8682B55F7 ] OKI OPHC DCS Loader C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHCLDCS.EXE
01:24:02.0421 2840 OKI OPHC DCS Loader - ok
01:24:02.0453 2840 [ B17228142CEC9B3C222239FD935A37CA ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
01:24:02.0468 2840 omci - ok
01:24:02.0515 2840 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:24:02.0515 2840 ose - ok
01:24:02.0562 2840 [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
01:24:02.0562 2840 ossrv - ok
01:24:02.0578 2840 PalmUSBD - ok
01:24:02.0625 2840 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
01:24:02.0625 2840 Parport - ok
01:24:02.0656 2840 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
01:24:02.0687 2840 PartMgr - ok
01:24:02.0703 2840 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
01:24:02.0703 2840 ParVdm - ok
01:24:02.0718 2840 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
01:24:02.0718 2840 PCI - ok
01:24:02.0718 2840 PCIDump - ok
01:24:02.0734 2840 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
01:24:02.0734 2840 PCIIde - ok
01:24:02.0734 2840 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
01:24:02.0750 2840 Pcmcia - ok
01:24:02.0750 2840 PDCOMP - ok
01:24:02.0750 2840 PDFRAME - ok
01:24:02.0765 2840 PDRELI - ok
01:24:02.0765 2840 PDRFRAME - ok
01:24:02.0812 2840 [ 4350CB255AD546F4668C8B8AFD6A00A4 ] pepifilter C:\WINDOWS\system32\DRIVERS\lv302af.sys
01:24:02.0812 2840 pepifilter - ok
01:24:02.0812 2840 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
01:24:02.0828 2840 perc2 - ok
01:24:02.0828 2840 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
01:24:02.0828 2840 perc2hib - ok
01:24:02.0859 2840 [ EDE8241B75DADEF090AADB6C81C8E1D7 ] PfModNT C:\WINDOWS\system32\drivers\PfModNT.sys
01:24:02.0859 2840 PfModNT - ok
01:24:02.0921 2840 [ 6B310DE726E1A0DEFD66718A7F79B5D2 ] PID_08A0 C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
01:24:02.0937 2840 PID_08A0 - ok
01:24:02.0984 2840 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
01:24:02.0984 2840 PlugPlay - ok
01:24:03.0000 2840 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
01:24:03.0000 2840 PolicyAgent - ok
01:24:03.0046 2840 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:24:03.0046 2840 PptpMiniport - ok
01:24:03.0062 2840 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
01:24:03.0062 2840 ProtectedStorage - ok
01:24:03.0078 2840 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
01:24:03.0078 2840 PSched - ok
01:24:03.0093 2840 PSI - ok
01:24:03.0109 2840 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:24:03.0109 2840 Ptilink - ok
01:24:03.0125 2840 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:24:03.0125 2840 PxHelp20 - ok
01:24:03.0156 2840 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
01:24:03.0156 2840 ql1080 - ok
01:24:03.0156 2840 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
01:24:03.0156 2840 Ql10wnt - ok
01:24:03.0171 2840 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
01:24:03.0171 2840 ql12160 - ok
01:24:03.0171 2840 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
01:24:03.0187 2840 ql1240 - ok
01:24:03.0187 2840 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
01:24:03.0187 2840 ql1280 - ok
01:24:03.0203 2840 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:24:03.0203 2840 RasAcd - ok
01:24:03.0234 2840 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
01:24:03.0250 2840 RasAuto - ok
01:24:03.0250 2840 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:24:03.0250 2840 Rasl2tp - ok
01:24:03.0296 2840 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
01:24:03.0312 2840 RasMan - ok
01:24:03.0312 2840 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:24:03.0312 2840 RasPppoe - ok
01:24:03.0328 2840 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
01:24:03.0328 2840 Raspti - ok
01:24:03.0328 2840 rcvpn - ok
01:24:03.0343 2840 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:24:03.0421 2840 Rdbss - ok
01:24:03.0437 2840 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:24:03.0437 2840 RDPCDD - ok
01:24:03.0500 2840 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:24:03.0500 2840 rdpdr - ok
01:24:03.0578 2840 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
01:24:03.0578 2840 RDPWD - ok
01:24:03.0609 2840 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
01:24:03.0625 2840 RDSessMgr - ok
01:24:03.0640 2840 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
01:24:03.0640 2840 redbook - ok
01:24:03.0765 2840 [ 9155C9CD54F1F8F85B68440D896B6D63 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
01:24:03.0765 2840 RegSrvc - ok
01:24:03.0828 2840 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
01:24:03.0828 2840 RemoteAccess - ok
01:24:03.0859 2840 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
01:24:03.0859 2840 rimmptsk - ok
01:24:03.0859 2840 [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
01:24:03.0859 2840 rimsptsk - ok
01:24:03.0875 2840 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
01:24:03.0875 2840 rismxdp - ok
01:24:03.0906 2840 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
01:24:03.0906 2840 RpcLocator - ok
01:24:03.0937 2840 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
01:24:03.0953 2840 RpcSs - ok
01:24:04.0000 2840 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
01:24:04.0000 2840 RSVP - ok
01:24:04.0000 2840 SABKUTIL - ok
01:24:04.0031 2840 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
01:24:04.0031 2840 SamSs - ok
01:24:04.0093 2840 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
01:24:04.0093 2840 SCardSvr - ok
01:24:04.0140 2840 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
01:24:04.0140 2840 Schedule - ok
01:24:04.0187 2840 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
01:24:04.0203 2840 sdbus - ok
01:24:04.0234 2840 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:24:04.0234 2840 Secdrv - ok
01:24:04.0250 2840 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
01:24:04.0265 2840 seclogon - ok
01:24:04.0265 2840 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
01:24:04.0265 2840 SENS - ok
01:24:04.0296 2840 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
01:24:04.0312 2840 serenum - ok
01:24:04.0312 2840 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
01:24:04.0312 2840 Serial - ok
01:24:04.0343 2840 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
01:24:04.0343 2840 sffdisk - ok
01:24:04.0406 2840 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
01:24:04.0421 2840 sffp_sd - ok
01:24:04.0468 2840 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
01:24:04.0484 2840 Sfloppy - ok
01:24:04.0546 2840 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
01:24:04.0562 2840 SharedAccess - ok
01:24:04.0578 2840 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
01:24:04.0578 2840 ShellHWDetection - ok
01:24:04.0593 2840 Simbad - ok
01:24:04.0609 2840 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
01:24:04.0609 2840 sisagp - ok
01:24:04.0671 2840 [ 68EA68D03BF58389FE6AD2B38FAD798C ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
01:24:04.0671 2840 SkypeUpdate - ok
01:24:04.0703 2840 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
01:24:04.0703 2840 SLIP - ok
01:24:04.0718 2840 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
01:24:04.0718 2840 Sparrow - ok
01:24:04.0750 2840 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
01:24:04.0750 2840 splitter - ok
01:24:04.0812 2840 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
01:24:04.0828 2840 Spooler - ok
01:24:04.0875 2840 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
01:24:04.0890 2840 sr - ok
01:24:04.0921 2840 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
01:24:04.0921 2840 srservice - ok
01:24:05.0000 2840 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
01:24:05.0000 2840 Srv - ok
01:24:05.0046 2840 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
01:24:05.0046 2840 SSDPSRV - ok
01:24:05.0078 2840 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
01:24:05.0078 2840 ssmdrv - ok
01:24:05.0140 2840 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
01:24:05.0156 2840 STHDA - ok
01:24:05.0203 2840 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
01:24:05.0218 2840 stisvc - ok
01:24:05.0250 2840 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
01:24:05.0250 2840 streamip - ok
01:24:05.0265 2840 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
01:24:05.0265 2840 swenum - ok
01:24:05.0265 2840 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
01:24:05.0281 2840 swmidi - ok
01:24:05.0281 2840 SwPrv - ok
01:24:05.0296 2840 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
01:24:05.0296 2840 symc810 - ok
01:24:05.0296 2840 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
01:24:05.0296 2840 symc8xx - ok
01:24:05.0312 2840 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
01:24:05.0312 2840 sym_hi - ok
01:24:05.0312 2840 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
01:24:05.0328 2840 sym_u3 - ok
01:24:05.0406 2840 [ FA2DAA32BED908023272A0F77D625DAE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
01:24:05.0437 2840 SynTP - ok
01:24:05.0453 2840 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
01:24:05.0453 2840 sysaudio - ok
01:24:05.0484 2840 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
01:24:05.0500 2840 SysmonLog - ok
01:24:05.0500 2840 taphss - ok
01:24:05.0750 2840 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
01:24:05.0843 2840 TapiSrv - ok
01:24:05.0843 2840 tapoas - ok
01:24:05.0875 2840 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:24:05.0875 2840 Tcpip - ok
01:24:05.0906 2840 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
01:24:05.0906 2840 TDPIPE - ok
01:24:05.0921 2840 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
01:24:05.0921 2840 TDTCP - ok
01:24:05.0921 2840 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
01:24:05.0921 2840 TermDD - ok
01:24:06.0203 2840 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
01:24:06.0359 2840 TermService - ok
01:24:06.0484 2840 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
01:24:06.0484 2840 Themes - ok
01:24:06.0500 2840 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
01:24:06.0515 2840 TosIde - ok
01:24:06.0671 2840 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
01:24:06.0671 2840 TrkWks - ok
01:24:06.0703 2840 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
01:24:06.0718 2840 tunmp - ok
01:24:06.0734 2840 [ 9E39DC3022E6D84BF974678011A1EA4C ] UBHelper C:\WINDOWS\system32\drivers\UBHelper.sys
01:24:06.0734 2840 UBHelper - ok
01:24:06.0765 2840 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
01:24:06.0781 2840 Udfs - ok
01:24:06.0781 2840 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
01:24:06.0781 2840 ultra - ok
01:24:06.0859 2840 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
01:24:06.0875 2840 UMVPFSrv - ok
01:24:06.0921 2840 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
01:24:06.0937 2840 Update - ok
01:24:07.0046 2840 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
01:24:07.0062 2840 upnphost - ok
01:24:07.0109 2840 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
01:24:07.0109 2840 UPS - ok
01:24:07.0140 2840 [ 5C2BDC152BBAB34F36473DEAF7713F22 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
01:24:07.0140 2840 USBAAPL - ok
01:24:07.0171 2840 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
01:24:07.0171 2840 usbaudio - ok
01:24:07.0187 2840 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:24:07.0187 2840 usbccgp - ok
01:24:07.0203 2840 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:24:07.0203 2840 usbehci - ok
01:24:07.0234 2840 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:24:07.0234 2840 usbhub - ok
01:24:07.0265 2840 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:24:07.0265 2840 usbprint - ok
01:24:07.0281 2840 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:24:07.0281 2840 usbscan - ok
01:24:07.0296 2840 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:24:07.0312 2840 USBSTOR - ok
01:24:07.0328 2840 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:24:07.0328 2840 usbuhci - ok
01:24:07.0343 2840 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
01:24:07.0343 2840 usbvideo - ok
01:24:07.0421 2840 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
01:24:07.0421 2840 VgaSave - ok
01:24:07.0484 2840 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
01:24:07.0484 2840 viaagp - ok
01:24:07.0484 2840 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
01:24:07.0484 2840 ViaIde - ok
01:24:07.0484 2840 Suspicious service (Hidden): vkquwexg
01:24:07.0500 2840 vkquwexg ( HiddenService.Multi.Generic ) - warning
01:24:07.0500 2840 vkquwexg - detected HiddenService.Multi.Generic (1)
01:24:07.0531 2840 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
01:24:07.0531 2840 VolSnap - ok
01:24:07.0578 2840 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
01:24:07.0578 2840 VSS - ok
01:24:07.0890 2840 [ 3C296E30C519E2F71E47820D8F4DD1E7 ] VX6000 C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys
01:24:07.0953 2840 VX6000 - ok
01:24:08.0031 2840 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
01:24:08.0031 2840 w32time - ok
01:24:08.0156 2840 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
01:24:08.0187 2840 w39n51 - ok
01:24:08.0218 2840 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:24:08.0234 2840 Wanarp - ok
01:24:08.0234 2840 wanatw - ok
01:24:08.0312 2840 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
01:24:08.0312 2840 Wdf01000 - ok
01:24:08.0328 2840 WDICA - ok
01:24:08.0328 2840 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
01:24:08.0328 2840 wdmaud - ok
01:24:08.0453 2840 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
01:24:08.0453 2840 WebClient - ok
01:24:08.0531 2840 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
01:24:08.0546 2840 winachsf - ok
01:24:08.0625 2840 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
01:24:09.0859 2840 winmgmt - ok
01:24:09.0890 2840 wltrysvc - ok
01:24:09.0937 2840 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
01:24:09.0953 2840 WmdmPmSN - ok
01:24:09.0984 2840 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
01:24:09.0984 2840 WmiAcpi - ok
01:24:10.0031 2840 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
01:24:10.0046 2840 WmiApSrv - ok
01:24:10.0109 2840 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
01:24:10.0140 2840 WMPNetworkSvc - ok
01:24:10.0156 2840 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
01:24:10.0171 2840 WpdUsb - ok
01:24:10.0218 2840 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
01:24:10.0218 2840 WS2IFSL - ok
01:24:10.0265 2840 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
01:24:10.0265 2840 wscsvc - ok
01:24:10.0281 2840 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
01:24:10.0281 2840 WSTCODEC - ok
01:24:10.0281 2840 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
01:24:10.0312 2840 wuauserv - ok
01:24:10.0375 2840 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:24:10.0421 2840 WudfPf - ok
01:24:10.0468 2840 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:24:10.0484 2840 WudfRd - ok
01:24:10.0515 2840 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
01:24:10.0531 2840 WudfSvc - ok
01:24:10.0609 2840 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
01:24:10.0625 2840 WZCSVC - ok
01:24:10.0640 2840 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
01:24:10.0671 2840 xmlprov - ok
01:24:10.0718 2840 ================ Scan global ===============================
01:24:10.0781 2840 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
01:24:10.0843 2840 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
01:24:10.0859 2840 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
01:24:10.0875 2840 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
01:24:10.0890 2840 [Global] - ok
01:24:10.0890 2840 ================ Scan MBR ==================================
01:24:10.0906 2840 [ 2BA3E330828AD649A40EF55575D98871 ] \Device\Harddisk0\DR0
01:24:11.0156 2840 \Device\Harddisk0\DR0 - ok
01:24:11.0156 2840 ================ Scan VBR ==================================
01:24:11.0171 2840 [ A7E6DA784EE24B89228AB542A5D766A3 ] \Device\Harddisk0\DR0\Partition1
01:24:11.0171 2840 \Device\Harddisk0\DR0\Partition1 - ok
01:24:11.0187 2840 [ C783196BF7637EE59536ECDF8F053F6F ] \Device\Harddisk0\DR0\Partition2
01:24:11.0187 2840 \Device\Harddisk0\DR0\Partition2 - ok
01:24:11.0218 2840 [ 3D529D0491C4F7872BE6A560F94F13A5 ] \Device\Harddisk0\DR0\Partition3
01:24:11.0218 2840 \Device\Harddisk0\DR0\Partition3 - ok
01:24:11.0218 2840 ============================================================
01:24:11.0218 2840 Scan finished
01:24:11.0218 2840 ============================================================
01:24:11.0234 2832 Detected object count: 1
01:24:11.0234 2832 Actual detected object count: 1
01:24:32.0906 2832 vkquwexg ( HiddenService.Multi.Generic ) - skipped by user
01:24:32.0906 2832 vkquwexg ( HiddenService.Multi.Generic ) - User select action: Skip


# # # # # # # # # # # # # # # # # # # #

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-26 02:47:03
-----------------------------
02:47:03.468 OS Version: Windows 5.1.2600 Service Pack 3
02:47:03.468 Number of processors: 2 586 0xE08
02:47:03.468 ComputerName: PONI UserName: mio
02:47:04.218 Initialize success
02:47:09.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
02:47:09.890 Disk 0 Vendor: Hitachi_HTS721080G9SA00 MC4OC10H Size: 74881MB BusType: 3
02:47:09.906 Disk 0 MBR read successfully
02:47:09.906 Disk 0 MBR scan
02:47:09.906 Disk 0 unknown MBR code
02:47:09.906 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
02:47:09.921 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 53984 MB offset 96390
02:47:09.937 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3875 MB offset 145404315
02:47:09.953 Disk 0 Partition - 00 0F Extended LBA 16967 MB offset 110655721
02:47:09.968 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 9969 MB offset 110655784
02:47:09.968 Disk 0 Partition - 00 05 Extended 6997 MB offset 131074335
02:47:09.984 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 6997 MB offset 131074398
02:47:09.984 Disk 0 scanning sectors +153340425
02:47:10.109 Disk 0 scanning C:\WINDOWS\system32\drivers
02:47:22.640 Service scanning
02:47:48.843 Service vkquwexg C:\WINDOWS\system32\drivers\Combo-Fix.sys **HIDDEN**
02:47:51.046 Modules scanning
02:48:05.718 Disk 0 trace - called modules:
02:48:05.734 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
02:48:05.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b040ab8]
02:48:05.750 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000079[0x8b03a510]
02:48:05.750 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b013940]
02:48:05.750 Scan finished successfully
02:48:16.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mio\Desktop\POST\MBR.dat"
02:48:16.515 The log file has been saved successfully to "C:\Documents and Settings\mio\Desktop\POST\aswMBR.txt"


# # # # # # # # # # # # # # # # # # # #

ComboFix 12-08-25.04 - mio 08/26/2012 2:25:30.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1472 [GMT 2:00]
Running from: C:\Documents and Settings\mio\Desktop\MultiRipar.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Avira Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}


Attached File  MBR.zip   618bytes   0 downloads

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:06 AM

Posted 26 August 2012 - 07:33 AM

Tdsskiller only found combofix as a "suspect" file. And I "skipped" it.

This is not a ComboFix file. Remove it.

01:24:32.0906 2832 vkquwexg ( HiddenService.Multi.Generic ) - skipped by user
01:24:32.0906 2832 vkquwexg ( HiddenService.Multi.Generic ) - User select action: Skip

Please run the TDSSKiller tool and fix this.
===


Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Delete this file in bold.
C:\WINDOWS\system32\drivers\Combo-Fix.sys

Restart the computer normally.

Run ComboFix ignoring the AVG notice and post the log is you can.

#10 sosmoi

sosmoi
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 26 August 2012 - 08:46 AM

nasdaq, I ran tdsskiller which found but failed two times to successfully delete the suspect dll file, "vkquwexg". I manually deleted the file from System32/drivers folder and allowed tdsskiller to restart the computer. The file appears to be gone since reboot.

See attached Combofix Log. Note: Again combofix failed to find and download microsoft Recovery Console file on the web and thus "skipped" scanning for more serious infections. What do you advise? Is there a direct download link for an offline installer of recovery console? I do not have a CD as my system was OEM installed :-/

Oh, when can I know if combofix or another cleaning program can assure that my MBR is clean?
Thanks.
- - - - - - - - - - -

ComboFix 12-08-25.04 - mio 08/26/2012 15:15:33.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1461 [GMT 2:00]
Running from: C:\Documents and Settings\mio\Desktop\MultiRipar.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Avira Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:06 AM

Posted 26 August 2012 - 11:59 AM

This one scanning tool should work.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#12 sosmoi

sosmoi
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 26 August 2012 - 03:20 PM

nasdaq, OTL does not run. It downloads fine but gets an error every time on launch:

"OTL exception unknown software exception (0x0eedfade) occurred in application at location 0x7c812afb.

"Application Error: Exception EOLESysError in module OTL.exe at 000584A5. Class not registered."

I tried renaming it one time and even downloaded it to a folder on the desktop instead of the desktop itself another time. one aside, I do know that I have a bad hard drive which is giving me some difficulty in saving due to read/write errors. I do not know if this could be a cuase of OTL not functioning, but I don't know.

Please advise on OTL or other. Thanks!

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:06 AM

Posted 27 August 2012 - 06:37 AM

Can your run TDSSKiller and aswMBR tools again and post the logs.
I want to see if something else was created.

#14 sosmoi

sosmoi
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 27 August 2012 - 11:55 AM

Yeah, it's still there (the PUM). On computer restart after Combofix the boot time is impressively faster, however the Security Center notification is Disabled as is Windows Automatic Updates. I manually reset them then ran Malwarebytes. MB found the same PUM.

See following logs TDSSKiller (clean), aswMBR (clean) and aswMBR.DAT (attached), MalwareBytes Antimalware (found PUM).
Thanks!

+ + + + + + + + + + + + + + + +

15:14:58.0796 3900 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
15:15:00.0671 3900 ============================================================
15:15:00.0671 3900 Current date / time: 2012/08/27 15:15:00.0671
15:15:00.0671 3900 SystemInfo:
15:15:00.0671 3900
15:15:00.0671 3900 OS Version: 5.1.2600 ServicePack: 3.0
15:15:00.0671 3900 Product type: Workstation
15:15:00.0671 3900 ComputerName: PONI
15:15:00.0671 3900 UserName: mio
15:15:00.0671 3900 Windows directory: C:\WINDOWS
15:15:00.0671 3900 System windows directory: C:\WINDOWS
15:15:00.0671 3900 Processor architecture: Intel x86
15:15:00.0671 3900 Number of processors: 2
15:15:00.0671 3900 Page size: 0x1000
15:15:00.0671 3900 Boot type: Normal boot
15:15:00.0671 3900 ============================================================
15:15:05.0890 3900 Drive \Device\Harddisk0\DR0 - Size: 0x1248119400 (73.13 Gb), SectorSize: 0x200, Cylinders: 0x254A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:15:05.0921 3900 ============================================================
15:15:05.0921 3900 \Device\Harddisk0\DR0:
15:15:05.0921 3900 MBR partitions:
15:15:05.0921 3900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x6970062
15:15:05.0953 3900 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6987928, BlocksNum 0x1378FF7
15:15:05.0968 3900 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7D0095E, BlocksNum 0xDAA83D
15:15:05.0968 3900 ============================================================
15:15:06.0031 3900 C: <-> \Device\Harddisk0\DR0\Partition1
15:15:06.0156 3900 D: <-> \Device\Harddisk0\DR0\Partition2
15:15:06.0187 3900 U: <-> \Device\Harddisk0\DR0\Partition3
15:15:06.0187 3900 ============================================================
15:15:06.0187 3900 Initialize success
15:15:06.0187 3900 ============================================================
15:15:11.0031 0748 ============================================================
15:15:11.0031 0748 Scan started
15:15:11.0031 0748 Mode: Manual; TDLFS;
15:15:11.0031 0748 ============================================================
15:15:16.0171 0748 ================ Scan system memory ========================
15:15:16.0171 0748 System memory - ok
15:15:16.0187 0748 ================ Scan services =============================
15:15:18.0218 0748 Abiosdsk - ok
15:15:18.0250 0748 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:15:18.0265 0748 abp480n5 - ok
15:15:18.0328 0748 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:15:18.0359 0748 ACPI - ok
15:15:18.0375 0748 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:15:18.0390 0748 ACPIEC - ok
15:15:18.0500 0748 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:15:18.0515 0748 AdobeFlashPlayerUpdateSvc - ok
15:15:18.0515 0748 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:15:18.0531 0748 adpu160m - ok
15:15:18.0562 0748 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:15:18.0562 0748 aec - ok
15:15:23.0421 0748 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:15:24.0968 0748 AFD - ok
15:15:25.0140 0748 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
15:15:25.0187 0748 agp440 - ok
15:15:25.0187 0748 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:15:25.0218 0748 agpCPQ - ok
15:15:25.0250 0748 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:15:25.0265 0748 Aha154x - ok
15:15:25.0281 0748 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:15:25.0296 0748 aic78u2 - ok
15:15:25.0312 0748 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:15:25.0343 0748 aic78xx - ok
15:15:25.0375 0748 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:15:25.0375 0748 Alerter - ok
15:15:25.0406 0748 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:15:25.0406 0748 ALG - ok
15:15:25.0421 0748 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
15:15:25.0437 0748 AliIde - ok
15:15:25.0453 0748 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:15:25.0484 0748 alim1541 - ok
15:15:25.0500 0748 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:15:25.0515 0748 amdagp - ok
15:15:25.0531 0748 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
15:15:25.0546 0748 amsint - ok
15:15:25.0734 0748 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:15:25.0781 0748 Apple Mobile Device - ok
15:15:26.0000 0748 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:15:26.0031 0748 Arp1394 - ok
15:15:26.0062 0748 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
15:15:26.0078 0748 asc - ok
15:15:26.0078 0748 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:15:26.0109 0748 asc3350p - ok
15:15:26.0140 0748 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:15:26.0156 0748 asc3550 - ok
15:15:26.0312 0748 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:15:26.0328 0748 aspnet_state - ok
15:15:26.0343 0748 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:15:26.0375 0748 AsyncMac - ok
15:15:26.0406 0748 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:15:26.0406 0748 atapi - ok
15:15:26.0406 0748 Atdisk - ok
15:15:26.0515 0748 [ 3B11BE07AF444314794372AF5D7C9A5A ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
15:15:26.0515 0748 Ati HotKey Poller - ok
15:15:26.0593 0748 [ 2573C08729DD52B7B4F18DF1592E0B37 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:15:26.0609 0748 ati2mtag - ok
15:15:26.0671 0748 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:15:26.0687 0748 Atmarpc - ok
15:15:26.0718 0748 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:15:26.0718 0748 AudioSrv - ok
15:15:26.0765 0748 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:15:26.0781 0748 audstub - ok
15:15:27.0218 0748 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
15:15:27.0531 0748 AVGIDSAgent - ok
15:15:27.0578 0748 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
15:15:27.0578 0748 AVGIDSDriver - ok
15:15:27.0609 0748 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
15:15:27.0609 0748 AVGIDSFilter - ok
15:15:27.0625 0748 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
15:15:27.0625 0748 AVGIDSHX - ok
15:15:27.0671 0748 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
15:15:27.0671 0748 AVGIDSShim - ok
15:15:27.0718 0748 [ DDA6A2A18841E4C9172BB85958B8D948 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
15:15:27.0718 0748 Avgldx86 - ok
15:15:27.0750 0748 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
15:15:27.0750 0748 Avgmfx86 - ok
15:15:27.0765 0748 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
15:15:27.0765 0748 Avgrkx86 - ok
15:15:27.0812 0748 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
15:15:27.0812 0748 avgwd - ok
15:15:27.0843 0748 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
15:15:27.0859 0748 avkmgr - ok
15:15:27.0937 0748 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
15:15:27.0953 0748 bcm4sbxp - ok
15:15:27.0984 0748 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:15:28.0000 0748 Beep - ok
15:15:28.0046 0748 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
15:15:28.0046 0748 BITS - ok
15:15:28.0109 0748 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:15:28.0109 0748 Bonjour Service - ok
15:15:28.0156 0748 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
15:15:28.0156 0748 Browser - ok
15:15:28.0265 0748 [ 8893AE0B6B9B60E0521A60E8B2160216 ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
15:15:28.0296 0748 btaudio - ok
15:15:28.0406 0748 [ FDE318E3569F57264AF74B7E431F60AE ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
15:15:28.0406 0748 BTDriver - ok
15:15:28.0546 0748 [ 9C3C8B9E2EDA516EB44B51DAB81DBD68 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
15:15:28.0578 0748 BTKRNL - ok
15:15:28.0640 0748 [ 089F7526FF41C17B0A43896D0553D5A2 ] BTSERIAL C:\WINDOWS\system32\drivers\btserial.sys
15:15:28.0640 0748 BTSERIAL - ok
15:15:28.0703 0748 [ 3A462EBA453D84D036046772104CFBCB ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
15:15:28.0703 0748 btwdins - ok
15:15:28.0718 0748 [ 28531AB3183F498E58D93D585E6A6B70 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
15:15:28.0734 0748 BTWDNDIS - ok
15:15:28.0781 0748 [ C5C0E21C67089F053B964E0A8B8ADBAC ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
15:15:28.0796 0748 btwhid - ok
15:15:28.0843 0748 [ 7D295223C172AB4D61DC256721B2F09E ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
15:15:28.0843 0748 btwmodem - ok
15:15:28.0875 0748 [ 56C701580F2891952761362BA7594B3D ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
15:15:28.0875 0748 BTWUSB - ok
15:15:28.0906 0748 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:15:28.0921 0748 cbidf - ok
15:15:28.0937 0748 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:15:28.0937 0748 cbidf2k - ok
15:15:28.0953 0748 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:15:28.0968 0748 CCDECODE - ok
15:15:28.0968 0748 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:15:29.0000 0748 cd20xrnt - ok
15:15:29.0000 0748 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:15:29.0015 0748 Cdaudio - ok
15:15:29.0046 0748 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:15:29.0046 0748 Cdfs - ok
15:15:29.0062 0748 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:15:29.0093 0748 Cdrom - ok
15:15:29.0093 0748 Changer - ok
15:15:29.0140 0748 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:15:29.0140 0748 CiSvc - ok
15:15:29.0156 0748 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:15:29.0171 0748 ClipSrv - ok
15:15:29.0203 0748 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:15:29.0281 0748 clr_optimization_v2.0.50727_32 - ok
15:15:29.0500 0748 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:15:29.0500 0748 clr_optimization_v4.0.30319_32 - ok
15:15:29.0515 0748 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:15:29.0531 0748 CmBatt - ok
15:15:29.0578 0748 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:15:29.0609 0748 CmdIde - ok
15:15:29.0656 0748 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:15:29.0656 0748 Compbatt - ok
15:15:29.0671 0748 COMSysApp - ok
15:15:29.0687 0748 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:15:29.0718 0748 Cpqarray - ok
15:15:29.0750 0748 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
15:15:29.0781 0748 cpudrv - ok
15:15:29.0812 0748 [ 7DB5E3F44D797BD38B8E336CCC2E49D5 ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
15:15:29.0828 0748 Creative Labs Licensing Service - ok
15:15:29.0859 0748 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
15:15:29.0859 0748 Creative Service for CDROM Access - ok
15:15:29.0906 0748 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:15:29.0906 0748 CryptSvc - ok
15:15:29.0937 0748 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
15:15:29.0953 0748 ctsfm2k - ok
15:15:29.0968 0748 [ 4EE8822ADB764EDD28CE44E808097995 ] CTUSFSYN C:\WINDOWS\system32\drivers\ctusfsyn.sys
15:15:29.0968 0748 CTUSFSYN - ok
15:15:30.0015 0748 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:15:30.0046 0748 dac2w2k - ok
15:15:30.0046 0748 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:15:30.0062 0748 dac960nt - ok
15:15:30.0125 0748 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:15:30.0125 0748 DcomLaunch - ok
15:15:30.0187 0748 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:15:30.0187 0748 Dhcp - ok
15:15:30.0218 0748 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:15:30.0218 0748 Disk - ok
15:15:30.0234 0748 dmadmin - ok
15:15:30.0265 0748 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:15:30.0312 0748 dmboot - ok
15:15:30.0359 0748 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:15:30.0390 0748 dmio - ok
15:15:30.0421 0748 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:15:30.0437 0748 dmload - ok
15:15:30.0453 0748 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:15:30.0453 0748 dmserver - ok
15:15:30.0484 0748 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:15:30.0484 0748 DMusic - ok
15:15:30.0515 0748 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:15:30.0531 0748 Dnscache - ok
15:15:30.0562 0748 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:15:30.0578 0748 Dot3svc - ok
15:15:30.0578 0748 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:15:30.0593 0748 dpti2o - ok
15:15:30.0625 0748 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:15:30.0625 0748 drmkaud - ok
15:15:30.0640 0748 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:15:30.0687 0748 E100B - ok
15:15:30.0750 0748 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:15:30.0750 0748 EapHost - ok
15:15:30.0765 0748 efavdrv - ok
15:15:30.0812 0748 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys
15:15:30.0812 0748 epmntdrv - ok
15:15:30.0828 0748 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:15:30.0828 0748 ERSvc - ok
15:15:30.0875 0748 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys
15:15:30.0875 0748 EuGdiDrv - ok
15:15:30.0921 0748 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:15:30.0921 0748 Eventlog - ok
15:15:31.0000 0748 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
15:15:31.0046 0748 EventSystem - ok
15:15:31.0062 0748 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:15:31.0078 0748 Fastfat - ok
15:15:31.0125 0748 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:15:31.0140 0748 FastUserSwitchingCompatibility - ok
15:15:31.0140 0748 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:15:31.0171 0748 Fdc - ok
15:15:31.0203 0748 [ 20FE03294AC1429AE88A64C2F754B0D4 ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
15:15:31.0218 0748 FilterService - ok
15:15:31.0234 0748 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:15:31.0250 0748 Fips - ok
15:15:31.0250 0748 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:15:31.0281 0748 Flpydisk - ok
15:15:31.0296 0748 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:15:31.0312 0748 FltMgr - ok
15:15:31.0421 0748 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:15:31.0453 0748 FontCache3.0.0.0 - ok
15:15:31.0468 0748 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:15:31.0484 0748 Fs_Rec - ok
15:15:31.0500 0748 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:15:31.0515 0748 Ftdisk - ok
15:15:31.0515 0748 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GearAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:15:31.0546 0748 GearAspiWDM - ok
15:15:31.0578 0748 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:15:31.0593 0748 Gpc - ok
15:15:31.0765 0748 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:15:31.0765 0748 gupdate - ok
15:15:31.0781 0748 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:15:31.0796 0748 gupdatem - ok
15:15:33.0328 0748 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
15:15:33.0609 0748 hamachi - ok
15:15:33.0953 0748 [ FA89C0429821C7C429EEC7A0CE1C02D3 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
15:15:34.0125 0748 Hamachi2Svc - ok
15:15:34.0187 0748 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:15:34.0218 0748 HDAudBus - ok
15:15:34.0375 0748 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:15:34.0406 0748 helpsvc - ok
15:15:34.0468 0748 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
15:15:34.0500 0748 HidServ - ok
15:15:34.0671 0748 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:15:34.0703 0748 HidUsb - ok
15:15:34.0828 0748 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:15:34.0859 0748 hkmsvc - ok
15:15:34.0875 0748 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
15:15:34.0921 0748 hpn - ok
15:15:35.0062 0748 [ 1C8CAA80E91FB71864E9426F9EED048D ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
15:15:35.0187 0748 HSFHWAZL - ok
15:15:35.0687 0748 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
15:15:36.0125 0748 HSF_DPV - ok
15:15:36.0250 0748 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:15:36.0281 0748 HTTP - ok
15:15:36.0328 0748 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:15:36.0343 0748 HTTPFilter - ok
15:15:36.0406 0748 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
15:15:36.0437 0748 i2omgmt - ok
15:15:36.0453 0748 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:15:36.0531 0748 i2omp - ok
15:15:36.0593 0748 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:15:36.0671 0748 i8042prt - ok
15:15:36.0921 0748 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:15:37.0015 0748 IDriverT - ok
15:15:37.0515 0748 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:15:37.0796 0748 idsvc - ok
15:15:37.0875 0748 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:15:37.0953 0748 Imapi - ok
15:15:38.0046 0748 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:15:38.0078 0748 ImapiService - ok
15:15:38.0109 0748 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:15:38.0156 0748 ini910u - ok
15:15:38.0171 0748 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:15:38.0218 0748 IntelIde - ok
15:15:38.0265 0748 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:15:38.0265 0748 intelppm - ok
15:15:38.0281 0748 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:15:38.0312 0748 Ip6Fw - ok
15:15:38.0359 0748 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:15:38.0453 0748 IpFilterDriver - ok
15:15:38.0468 0748 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:15:38.0500 0748 IpInIp - ok
15:15:38.0609 0748 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:15:38.0671 0748 IpNat - ok
15:15:38.0937 0748 [ 6351B24DC3CB7DFFDE917D1276EE166C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:15:39.0468 0748 iPod Service - ok
15:15:39.0546 0748 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:15:39.0656 0748 IPSec - ok
15:15:39.0796 0748 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:15:39.0843 0748 IRENUM - ok
15:15:39.0875 0748 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:15:39.0890 0748 isapnp - ok
15:15:40.0140 0748 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
15:15:40.0140 0748 JavaQuickStarterService - ok
15:15:40.0156 0748 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:15:40.0187 0748 Kbdclass - ok
15:15:40.0203 0748 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:15:40.0234 0748 kbdhid - ok
15:15:40.0250 0748 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:15:40.0281 0748 kmixer - ok
15:15:40.0328 0748 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:15:40.0390 0748 KSecDD - ok
15:15:40.0484 0748 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:15:40.0500 0748 lanmanserver - ok
15:15:42.0359 0748 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:15:42.0375 0748 lanmanworkstation - ok
15:15:42.0390 0748 lbrtfdc - ok
15:15:42.0468 0748 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:15:42.0500 0748 LmHosts - ok
15:15:42.0515 0748 LVcKap - ok
15:15:42.0515 0748 LVMVDrv - ok
15:15:42.0750 0748 [ 8BE71D7EDB8C7494913722059F760DD0 ] LVPr2Mon C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
15:15:42.0812 0748 LVPr2Mon - ok
15:15:42.0890 0748 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
15:15:43.0015 0748 LVRS - ok
15:15:43.0093 0748 [ 6AD3F5275F117F08C12EAB2233A9E3FB ] LVUSBSta C:\WINDOWS\system32\drivers\lvusbsta.sys
15:15:43.0093 0748 LVUSBSta - ok
15:15:44.0140 0748 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
15:15:45.0531 0748 LVUVC - ok
15:15:45.0687 0748 [ A3E700D78EEC390F1208098CDCA5C6B6 ] MarvinBus C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
15:15:45.0781 0748 MarvinBus - ok
15:15:45.0828 0748 [ FB097BBC1A18F044BD17BD2FCCF97865 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
15:15:45.0828 0748 MBAMProtector - ok
15:15:46.0234 0748 [ BA400ED640BCA1EAE5C727AE17C10207 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:15:46.0250 0748 MBAMService - ok
15:15:46.0453 0748 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:15:46.0453 0748 MDM - ok
15:15:46.0546 0748 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:15:46.0546 0748 mdmxsdk - ok
15:15:46.0687 0748 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:15:46.0703 0748 Messenger - ok
15:15:46.0750 0748 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:15:46.0859 0748 mnmdd - ok
15:15:46.0921 0748 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:15:46.0937 0748 mnmsrvc - ok
15:15:47.0000 0748 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:15:47.0015 0748 Modem - ok
15:15:47.0515 0748 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] monfilt C:\WINDOWS\system32\drivers\monfilt.sys
15:15:50.0046 0748 monfilt - ok
15:15:50.0109 0748 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:15:50.0156 0748 Mouclass - ok
15:15:50.0218 0748 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:15:50.0250 0748 mouhid - ok
15:15:50.0312 0748 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:15:50.0312 0748 MountMgr - ok
15:15:50.0359 0748 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:15:50.0406 0748 mraid35x - ok
15:15:50.0421 0748 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:15:50.0437 0748 MRxDAV - ok
15:15:50.0531 0748 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:15:50.0921 0748 MRxSmb - ok
15:15:51.0046 0748 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:15:51.0093 0748 MSDTC - ok
15:15:51.0140 0748 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:15:51.0140 0748 Msfs - ok
15:15:51.0187 0748 [ 1BF0EECE5D9268D3B822E6C50DBD085F ] MSHUSBVideo C:\WINDOWS\system32\Drivers\nx6000.sys
15:15:51.0234 0748 MSHUSBVideo - ok
15:15:51.0234 0748 MSIServer - ok
15:15:51.0250 0748 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:15:51.0265 0748 MSKSSRV - ok
15:15:51.0328 0748 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:15:51.0375 0748 MSPCLOCK - ok
15:15:51.0375 0748 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:15:51.0406 0748 MSPQM - ok
15:15:51.0437 0748 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:15:51.0453 0748 mssmbios - ok
15:15:51.0453 0748 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
15:15:51.0484 0748 MSTEE - ok
15:15:51.0515 0748 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:15:51.0531 0748 Mup - ok
15:15:51.0843 0748 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:15:51.0859 0748 NABTSFEC - ok
15:15:51.0906 0748 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:15:51.0906 0748 napagent - ok
15:15:51.0968 0748 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:15:51.0968 0748 NDIS - ok
15:15:51.0984 0748 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:15:52.0000 0748 NdisIP - ok
15:15:52.0750 0748 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:15:52.0750 0748 NdisTapi - ok
15:15:52.0765 0748 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:15:52.0781 0748 Ndisuio - ok
15:15:52.0781 0748 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:15:52.0828 0748 NdisWan - ok
15:15:52.0890 0748 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:15:52.0890 0748 NDProxy - ok
15:15:52.0937 0748 [ 7AFD0E39AB15CB355487B7CC19F4E2C5 ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl.sys
15:15:53.0015 0748 Netaapl - ok
15:15:53.0234 0748 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:15:53.0234 0748 NetBIOS - ok
15:15:53.0312 0748 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:15:53.0453 0748 NetBT - ok
15:15:53.0500 0748 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:15:53.0531 0748 NetDDE - ok
15:15:53.0546 0748 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:15:53.0546 0748 NetDDEdsdm - ok
15:15:53.0609 0748 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:15:53.0609 0748 Netlogon - ok
15:15:53.0734 0748 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:15:53.0796 0748 Netman - ok
15:15:57.0578 0748 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:15:57.0750 0748 NetTcpPortSharing - ok
15:15:57.0968 0748 [ 71371ED9086A3D65F43967C89634E9A9 ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
15:16:01.0281 0748 NETw3x32 - ok
15:16:02.0406 0748 [ 88100EBDD10309FBD445EF8E42452EAE ] NETw4x32 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
15:16:02.0734 0748 NETw4x32 - ok
15:16:15.0828 0748 [ 91F027C242D3FF6E5C09F92A0518297F ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
15:16:22.0578 0748 NETw5x32 - ok
15:16:34.0468 0748 [ 72062B53186E4A3F5FCBC41EBB62B905 ] NETwLx32 C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
15:16:42.0046 0748 NETwLx32 - ok
15:16:42.0125 0748 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:16:42.0125 0748 NIC1394 - ok
15:16:42.0359 0748 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:16:42.0531 0748 Nla - ok
15:16:44.0218 0748 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:16:44.0234 0748 Npfs - ok
15:16:47.0484 0748 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:16:50.0187 0748 Ntfs - ok
15:17:05.0500 0748 [ 07953351A3424BAA50FC5C4A1434FB04 ] NTI BackupNowEZSvr C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
15:17:05.0500 0748 NTI BackupNowEZSvr - ok
15:17:05.0546 0748 [ 8055859B87AC3E504ECE0C1E9353CC4E ] NTIDrvr C:\WINDOWS\system32\drivers\NTIDrvr.sys
15:17:05.0578 0748 NTIDrvr - ok
15:17:05.0593 0748 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:17:05.0593 0748 NtLmSsp - ok
15:17:05.0640 0748 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:17:05.0671 0748 NtmsSvc - ok
15:17:05.0671 0748 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:17:05.0703 0748 Null - ok
15:17:05.0875 0748 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:17:06.0312 0748 nv - ok
15:17:06.0328 0748 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:17:06.0343 0748 NwlnkFlt - ok
15:17:06.0375 0748 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:17:06.0406 0748 NwlnkFwd - ok
15:17:06.0437 0748 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:17:06.0437 0748 ohci1394 - ok
15:17:06.0484 0748 [ D380169A634C045FE55DC9E8682B55F7 ] OKI OPHC DCS Loader C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHCLDCS.EXE
15:17:06.0500 0748 OKI OPHC DCS Loader - ok
15:17:06.0531 0748 [ B17228142CEC9B3C222239FD935A37CA ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
15:17:06.0546 0748 omci - ok
15:17:06.0578 0748 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:17:06.0593 0748 ose - ok
15:17:06.0828 0748 [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
15:17:06.0828 0748 ossrv - ok
15:17:06.0843 0748 PalmUSBD - ok
15:17:06.0921 0748 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:17:06.0984 0748 Parport - ok
15:17:07.0000 0748 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:17:07.0015 0748 PartMgr - ok
15:17:07.0031 0748 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:17:07.0031 0748 ParVdm - ok
15:17:07.0062 0748 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:17:07.0078 0748 PCI - ok
15:17:07.0078 0748 PCIDump - ok
15:17:07.0109 0748 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:17:07.0109 0748 PCIIde - ok
15:17:07.0156 0748 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:17:07.0218 0748 Pcmcia - ok
15:17:07.0218 0748 PDCOMP - ok
15:17:07.0234 0748 PDFRAME - ok
15:17:07.0234 0748 PDRELI - ok
15:17:07.0250 0748 PDRFRAME - ok
15:17:07.0515 0748 [ 4350CB255AD546F4668C8B8AFD6A00A4 ] pepifilter C:\WINDOWS\system32\DRIVERS\lv302af.sys
15:17:07.0546 0748 pepifilter - ok
15:17:07.0562 0748 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
15:17:07.0593 0748 perc2 - ok
15:17:07.0671 0748 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:17:07.0687 0748 perc2hib - ok
15:17:07.0781 0748 [ EDE8241B75DADEF090AADB6C81C8E1D7 ] PfModNT C:\WINDOWS\system32\drivers\PfModNT.sys
15:17:07.0781 0748 PfModNT - ok
15:17:07.0906 0748 [ 6B310DE726E1A0DEFD66718A7F79B5D2 ] PID_08A0 C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
15:17:08.0046 0748 PID_08A0 - ok
15:17:08.0062 0748 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:17:08.0062 0748 PlugPlay - ok
15:17:08.0109 0748 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:17:08.0109 0748 PolicyAgent - ok
15:17:08.0171 0748 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:17:08.0203 0748 PptpMiniport - ok
15:17:08.0218 0748 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:17:08.0218 0748 ProtectedStorage - ok
15:17:08.0234 0748 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:17:08.0281 0748 PSched - ok
15:17:08.0281 0748 PSI - ok
15:17:08.0343 0748 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:17:08.0359 0748 Ptilink - ok
15:17:08.0390 0748 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:17:08.0390 0748 PxHelp20 - ok
15:17:08.0421 0748 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:17:08.0437 0748 ql1080 - ok
15:17:08.0437 0748 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:17:08.0468 0748 Ql10wnt - ok
15:17:08.0484 0748 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:17:08.0515 0748 ql12160 - ok
15:17:08.0515 0748 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:17:08.0531 0748 ql1240 - ok
15:17:08.0562 0748 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:17:08.0578 0748 ql1280 - ok
15:17:10.0718 0748 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:17:10.0750 0748 RasAcd - ok
15:17:10.0796 0748 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:17:10.0828 0748 RasAuto - ok
15:17:10.0843 0748 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:17:10.0890 0748 Rasl2tp - ok
15:17:10.0953 0748 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:17:10.0984 0748 RasMan - ok
15:17:11.0000 0748 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:17:11.0031 0748 RasPppoe - ok
15:17:11.0031 0748 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:17:11.0062 0748 Raspti - ok
15:17:11.0062 0748 rcvpn - ok
15:17:11.0125 0748 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:17:11.0156 0748 Rdbss - ok
15:17:11.0187 0748 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:17:11.0250 0748 RDPCDD - ok
15:17:11.0343 0748 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:17:11.0406 0748 rdpdr - ok
15:17:11.0468 0748 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:17:11.0484 0748 RDPWD - ok
15:17:11.0531 0748 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:17:11.0531 0748 RDSessMgr - ok
15:17:11.0546 0748 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:17:11.0578 0748 redbook - ok
15:17:11.0968 0748 [ 9155C9CD54F1F8F85B68440D896B6D63 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:17:11.0984 0748 RegSrvc - ok
15:17:12.0046 0748 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:17:12.0062 0748 RemoteAccess - ok
15:17:12.0078 0748 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
15:17:12.0093 0748 rimmptsk - ok
15:17:12.0109 0748 [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
15:17:12.0125 0748 rimsptsk - ok
15:17:12.0125 0748 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
15:17:12.0140 0748 rismxdp - ok
15:17:12.0171 0748 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
15:17:12.0187 0748 RpcLocator - ok
15:17:12.0218 0748 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:17:12.0218 0748 RpcSs - ok
15:17:12.0265 0748 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:17:12.0281 0748 RSVP - ok
15:17:12.0281 0748 SABKUTIL - ok
15:17:12.0312 0748 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:17:12.0312 0748 SamSs - ok
15:17:12.0359 0748 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:17:12.0359 0748 SCardSvr - ok
15:17:12.0437 0748 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:17:12.0437 0748 Schedule - ok
15:17:12.0500 0748 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:17:12.0515 0748 sdbus - ok
15:17:12.0562 0748 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:17:12.0562 0748 Secdrv - ok
15:17:12.0578 0748 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:17:12.0578 0748 seclogon - ok
15:17:12.0687 0748 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:17:12.0687 0748 SENS - ok
15:17:12.0718 0748 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:17:12.0734 0748 serenum - ok
15:17:12.0734 0748 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:17:12.0765 0748 Serial - ok
15:17:12.0796 0748 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
15:17:12.0812 0748 sffdisk - ok
15:17:12.0828 0748 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
15:17:12.0843 0748 sffp_sd - ok
15:17:12.0875 0748 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
15:17:12.0890 0748 Sfloppy - ok
15:17:12.0937 0748 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:17:12.0937 0748 SharedAccess - ok
15:17:12.0968 0748 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:17:12.0968 0748 ShellHWDetection - ok
15:17:12.0984 0748 Simbad - ok
15:17:13.0000 0748 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:17:13.0015 0748 sisagp - ok
15:17:13.0078 0748 [ 68EA68D03BF58389FE6AD2B38FAD798C ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
15:17:13.0078 0748 SkypeUpdate - ok
15:17:13.0109 0748 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:17:13.0125 0748 SLIP - ok
15:17:13.0156 0748 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:17:13.0171 0748 Sparrow - ok
15:17:13.0218 0748 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:17:13.0218 0748 splitter - ok
15:17:13.0250 0748 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:17:13.0250 0748 Spooler - ok
15:17:13.0296 0748 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:17:13.0296 0748 sr - ok
15:17:13.0343 0748 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:17:13.0359 0748 srservice - ok
15:17:13.0421 0748 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:17:13.0421 0748 Srv - ok
15:17:13.0468 0748 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:17:13.0500 0748 SSDPSRV - ok
15:17:13.0562 0748 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
15:17:13.0687 0748 STHDA - ok
15:17:13.0718 0748 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:17:13.0734 0748 stisvc - ok
15:17:13.0796 0748 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:17:13.0812 0748 streamip - ok
15:17:13.0812 0748 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:17:13.0828 0748 swenum - ok
15:17:13.0843 0748 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:17:13.0843 0748 swmidi - ok
15:17:13.0859 0748 SwPrv - ok
15:17:13.0890 0748 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
15:17:13.0906 0748 symc810 - ok
15:17:13.0906 0748 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:17:13.0921 0748 symc8xx - ok
15:17:13.0937 0748 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:17:13.0968 0748 sym_hi - ok
15:17:13.0968 0748 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:17:13.0984 0748 sym_u3 - ok
15:17:14.0015 0748 [ FA2DAA32BED908023272A0F77D625DAE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:17:14.0062 0748 SynTP - ok
15:17:14.0062 0748 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:17:14.0078 0748 sysaudio - ok
15:17:14.0109 0748 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:17:14.0125 0748 SysmonLog - ok
15:17:14.0125 0748 taphss - ok
15:17:14.0421 0748 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:17:14.0500 0748 TapiSrv - ok
15:17:14.0515 0748 tapoas - ok
15:17:14.0656 0748 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:17:14.0671 0748 Tcpip - ok
15:17:14.0703 0748 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:17:14.0718 0748 TDPIPE - ok
15:17:14.0734 0748 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:17:14.0750 0748 TDTCP - ok
15:17:14.0765 0748 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:17:14.0781 0748 TermDD - ok
15:17:15.0046 0748 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:17:15.0046 0748 TermService - ok
15:17:15.0078 0748 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
15:17:15.0078 0748 Themes - ok
15:17:15.0109 0748 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
15:17:15.0125 0748 TosIde - ok
15:17:15.0265 0748 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:17:15.0281 0748 TrkWks - ok
15:17:15.0296 0748 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
15:17:15.0312 0748 tunmp - ok
15:17:15.0328 0748 [ 9E39DC3022E6D84BF974678011A1EA4C ] UBHelper C:\WINDOWS\system32\drivers\UBHelper.sys
15:17:15.0343 0748 UBHelper - ok
15:17:15.0390 0748 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:17:15.0406 0748 Udfs - ok
15:17:15.0421 0748 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
15:17:15.0437 0748 ultra - ok
15:17:15.0515 0748 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
15:17:15.0546 0748 UMVPFSrv - ok
15:17:15.0765 0748 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:17:15.0796 0748 Update - ok
15:17:16.0000 0748 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:17:16.0015 0748 upnphost - ok
15:17:16.0031 0748 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:17:16.0031 0748 UPS - ok
15:17:16.0062 0748 [ 5C2BDC152BBAB34F36473DEAF7713F22 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
15:17:16.0078 0748 USBAAPL - ok
15:17:16.0109 0748 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
15:17:16.0125 0748 usbaudio - ok
15:17:16.0140 0748 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:17:16.0156 0748 usbccgp - ok
15:17:16.0171 0748 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:17:16.0187 0748 usbehci - ok
15:17:16.0218 0748 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:17:16.0234 0748 usbhub - ok
15:17:16.0250 0748 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:17:16.0265 0748 usbprint - ok
15:17:16.0281 0748 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:17:16.0296 0748 usbscan - ok
15:17:16.0328 0748 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:17:16.0343 0748 USBSTOR - ok
15:17:16.0343 0748 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:17:16.0359 0748 usbuhci - ok
15:17:16.0390 0748 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
15:17:16.0406 0748 usbvideo - ok
15:17:16.0421 0748 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:17:16.0437 0748 VgaSave - ok
15:17:16.0437 0748 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:17:16.0468 0748 viaagp - ok
15:17:16.0484 0748 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
15:17:16.0500 0748 ViaIde - ok
15:17:16.0515 0748 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:17:16.0515 0748 VolSnap - ok
15:17:16.0562 0748 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:17:16.0578 0748 VSS - ok
15:17:17.0109 0748 [ 3C296E30C519E2F71E47820D8F4DD1E7 ] VX6000 C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys
15:17:17.0187 0748 VX6000 - ok
15:17:17.0234 0748 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
15:17:17.0234 0748 w32time - ok
15:17:17.0359 0748 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
15:17:17.0406 0748 w39n51 - ok
15:17:17.0437 0748 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:17:17.0453 0748 Wanarp - ok
15:17:17.0468 0748 wanatw - ok
15:17:17.0531 0748 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
15:17:17.0562 0748 Wdf01000 - ok
15:17:17.0578 0748 WDICA - ok
15:17:17.0625 0748 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:17:17.0640 0748 wdmaud - ok
15:17:17.0687 0748 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:17:17.0718 0748 WebClient - ok
15:17:17.0812 0748 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:17:17.0843 0748 winachsf - ok
15:17:17.0921 0748 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:17:17.0937 0748 winmgmt - ok
15:17:17.0953 0748 wltrysvc - ok
15:17:18.0000 0748 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:17:18.0000 0748 WmdmPmSN - ok
15:17:18.0062 0748 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:17:18.0062 0748 WmiAcpi - ok
15:17:18.0093 0748 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:17:18.0125 0748 WmiApSrv - ok
15:17:18.0203 0748 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:17:18.0250 0748 WMPNetworkSvc - ok
15:17:18.0281 0748 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
15:17:18.0296 0748 WpdUsb - ok
15:17:18.0531 0748 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:17:18.0531 0748 WPFFontCache_v0400 - ok
15:17:18.0546 0748 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:17:18.0562 0748 WS2IFSL - ok
15:17:18.0593 0748 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:17:18.0703 0748 wscsvc - ok
15:17:18.0734 0748 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:17:18.0765 0748 WSTCODEC - ok
15:17:18.0781 0748 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:17:18.0796 0748 wuauserv - ok
15:17:18.0859 0748 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:17:18.0875 0748 WudfPf - ok
15:17:18.0890 0748 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:17:18.0906 0748 WudfRd - ok
15:17:18.0921 0748 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:17:18.0921 0748 WudfSvc - ok
15:17:19.0000 0748 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:17:19.0015 0748 WZCSVC - ok
15:17:19.0031 0748 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:17:19.0046 0748 xmlprov - ok
15:17:19.0093 0748 ================ Scan global ===============================
15:17:19.0140 0748 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:17:19.0187 0748 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:17:19.0203 0748 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:17:19.0218 0748 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:17:19.0218 0748 [Global] - ok
15:17:19.0234 0748 ================ Scan MBR ==================================
15:17:19.0250 0748 [ 2BA3E330828AD649A40EF55575D98871 ] \Device\Harddisk0\DR0
15:17:19.0640 0748 \Device\Harddisk0\DR0 - ok
15:17:19.0640 0748 ================ Scan VBR ==================================
15:17:19.0640 0748 [ A7E6DA784EE24B89228AB542A5D766A3 ] \Device\Harddisk0\DR0\Partition1
15:17:19.0640 0748 \Device\Harddisk0\DR0\Partition1 - ok
15:17:19.0656 0748 [ C783196BF7637EE59536ECDF8F053F6F ] \Device\Harddisk0\DR0\Partition2
15:17:19.0656 0748 \Device\Harddisk0\DR0\Partition2 - ok
15:17:19.0671 0748 [ 3D529D0491C4F7872BE6A560F94F13A5 ] \Device\Harddisk0\DR0\Partition3
15:17:19.0671 0748 \Device\Harddisk0\DR0\Partition3 - ok
15:17:19.0671 0748 ============================================================
15:17:19.0671 0748 Scan finished
15:17:19.0671 0748 ============================================================
15:17:19.0703 3988 Detected object count: 0
15:17:19.0703 3988 Actual detected object count: 0
15:17:44.0375 3392 Deinitialize success


+ + + + + + + + + + + + + + + +


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-26 02:47:03
-----------------------------
02:47:03.468 OS Version: Windows 5.1.2600 Service Pack 3
02:47:03.468 Number of processors: 2 586 0xE08
02:47:03.468 ComputerName: PONI UserName: mio
02:47:04.218 Initialize success
02:47:09.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
02:47:09.890 Disk 0 Vendor: Hitachi_HTS721080G9SA00 MC4OC10H Size: 74881MB BusType: 3
02:47:09.906 Disk 0 MBR read successfully
02:47:09.906 Disk 0 MBR scan
02:47:09.906 Disk 0 unknown MBR code
02:47:09.906 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
02:47:09.921 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 53984 MB offset 96390
02:47:09.937 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3875 MB offset 145404315
02:47:09.953 Disk 0 Partition - 00 0F Extended LBA 16967 MB offset 110655721
02:47:09.968 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 9969 MB offset 110655784
02:47:09.968 Disk 0 Partition - 00 05 Extended 6997 MB offset 131074335
02:47:09.984 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 6997 MB offset 131074398
02:47:09.984 Disk 0 scanning sectors +153340425
02:47:10.109 Disk 0 scanning C:\WINDOWS\system32\drivers
02:47:22.640 Service scanning
02:47:48.843 Service vkquwexg C:\WINDOWS\system32\drivers\Combo-Fix.sys **HIDDEN**
02:47:51.046 Modules scanning
02:48:05.718 Disk 0 trace - called modules:
02:48:05.734 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
02:48:05.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b040ab8]
02:48:05.750 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000079[0x8b03a510]
02:48:05.750 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b013940]
02:48:05.750 Scan finished successfully
02:48:16.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mio\Desktop\POST\MBR.dat"
02:48:16.515 The log file has been saved successfully to "C:\Documents and Settings\mio\Desktop\POST\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-27 18:36:21
-----------------------------
18:36:21.437 OS Version: Windows 5.1.2600 Service Pack 3
18:36:21.437 Number of processors: 2 586 0xE08
18:36:21.437 ComputerName: PONI UserName: mio
18:36:22.781 Initialize success
18:36:26.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:36:26.421 Disk 0 Vendor: Hitachi_HTS721080G9SA00 MC4OC10H Size: 74881MB BusType: 3
18:36:26.437 Disk 0 MBR read successfully
18:36:26.437 Disk 0 MBR scan
18:36:26.437 Disk 0 unknown MBR code
18:36:26.437 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
18:36:26.453 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 53984 MB offset 96390
18:36:26.484 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3875 MB offset 145404315
18:36:26.484 Disk 0 Partition - 00 0F Extended LBA 16967 MB offset 110655721
18:36:26.500 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 9969 MB offset 110655784
18:36:26.515 Disk 0 Partition - 00 05 Extended 6997 MB offset 131074335
18:36:26.531 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 6997 MB offset 131074398
18:36:26.531 Disk 0 scanning sectors +153340425
18:36:26.671 Disk 0 scanning C:\WINDOWS\system32\drivers
18:36:43.625 Service scanning
18:37:05.093 Modules scanning
18:37:17.093 Disk 0 trace - called modules:
18:37:17.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:37:17.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac8fab8]
18:37:17.125 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000007b[0x8aca2510]
18:37:17.140 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ac92940]
18:37:17.140 Scan finished successfully
18:37:28.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mio\Desktop\POST\MBR.dat"
18:37:28.531 The log file has been saved successfully to "C:\Documents and Settings\mio\Desktop\POST\aswMBR.txt"


+ + + + + + + + + + + + + + + +

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.08.26.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
mio :: [administrator]

Protection: Enabled

8/27/2012 2:11:57 AM
mbam-log-2012-08-27 (02-11-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 217277
Time elapsed: 21 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Attached Files

  • Attached File  MBR.zip   618bytes   0 downloads


#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:06 AM

Posted 27 August 2012 - 01:35 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :regfind
    Start_ShowHelp
    :reg
    HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\


    ===

    >>> Run Jotti's malware scan: Please copy this line (in bold):
    c:\windows\system32\drivers\dqdfb.sys
    [list]
  • Go to Jotti's malware scan and click the Browse button,
  • A window will open, right-click in the File name field and choose Paste.
  • Click the Submit button and let the scan run uninterrupted.
  • At the end right-click the Permalink button and choose "Copy the link". Posted Image
  • Open Notepad (Start => All Programs => Accessories) and click "Edition" => "Paste".
Please copy and paste these Permalink in your next reply.
If Jotti is busy, please go to http://www.virustotal.com




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users