Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with DDS and GMER logs


  • This topic is locked This topic is locked
37 replies to this topic

#1 Rapid Dolphin

Rapid Dolphin

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 25 August 2012 - 10:32 AM

My system has no specific infection that I know of. But I would really appreciate if someone could check over my DDS and GMER logs for any possible malware or rootkit installations.

I've had this Windows XP installation running for about 9 years now, and would just like to give it a thorough check-over, as I have never done so before. Recently, ESET 5 Smart Security has started to consume close to 99% CPU usage which tends to happen shortly after a reboot if I try to run games or do other system intensive things. So, I'd like to determine whether malware/rootkits could be causing that (or any other unrelated issues) on my PC.

I do have an original Windows XP Installation CD with Service Pack 2. (FYI, running sfc /scannow gets stuck asking for the Windows CD -- even after I've copied the I386 folder from the XP installation CD to my C:/ drive, and used regedit to change the SourcePath entry to C:\).

Thanks!
---------




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Chris at 21:03:14 on 2012-08-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.1576 [GMT 10:00]
.
AV: ESET Smart Security 5.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\CNAC3RPK.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer\Imperator\RazerImperatorSysTray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\INTERN~2\mum.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DynAdvance\DynAdvance Notifier\MailNotifier.Exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MemTurbo\memturbo.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar =
uSearch Page = hxxp://au.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://au.search.yahoo.com
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://au.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://au.search.yahoo.com
uURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: BrowserHelper Class: {ebcdda60-2a68-11d3-8a43-0060083cfb9c} - c:\windows\system32\nzdd.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - d:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [InternodeUsage] c:\progra~1\intern~2\mum.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DynAdvance Notifier] c:\program files\dynadvance\dynadvance notifier\MailNotifier.Exe
uRun: [AdobeBridge]
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\documents and settings\chris\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [OE] "c:\program files\trend micro\internet security 2007\tmas_oe\TMAS_OEMon.exe"
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [USIUDF_Eject_Monitor] c:\program files\common files\ulead systems\dvd\USISrv.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe
mRun: [Adobe Acrobat Speed Launcher] "d:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "d:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Razer Imperator Driver] c:\program files\razer\imperator\RazerImperatorSysTray.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\memturbo.lnk - c:\program files\memturbo\memturbo.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realdo~1.lnk - c:\program files\real\realdownload\RealDownload.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: <NO NAME> =
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: ChatSpace Full Java Client 4.0.0.300 - hxxp://63.102.226.240:8000/Java/cfs40300.cab
DPF: ChatSpace Full Java Client 4.0.0.320 - hxxp://63.102.226.240:8000/Java/cfs40320.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: St.George Internet Banking - hxxps://ibank.stgeorge.com.au/html/bbb11s.cab
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2373AE74-5821-5D53-A64D-23397D2605ED} - hxxp://209.8.161.54/1/rdgAU1022.exe
DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - hxxp://www.miniclip.com/supergerball/miniclipGameLoader.dll
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
DPF: {44D9F344-12A8-5AC1-D624-71C30CDB8A38} - hxxp://209.8.161.54/1/rdgAU1022.exe
DPF: {498A0AC2-A3AC-11D4-80A9-0050DA680987} - hxxp://www.englishtown.com/EtownResources/HearMe/hmvcfe.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132754688138
DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} - hxxp://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170999204546
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - hxxp://chat.yahoo.com/cab/yacsui.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {9A95FE4A-0CD3-4698-A0F4-D2264C6E7046} - hxxp://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/ISPEActiveChat.CAB
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37877.2775462963
DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} - hxxp://www.microsoft.com/security/controls/SassCln.CAB
DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - hxxp://www.trendmicro.com/spyware-scan/as4web.cab
DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - hxxp://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeFreeInstall.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D1792F99-AA90-4D46-8B73-2CE45DADDD3C} - hxxps://www.web-a-file.com/webafiledownloader.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D417ED3B-259D-4A1A-AF83-070D942C2017} - hxxp://gromozon.com/73d12727/50300/1/xp/FreeAccess.ocx
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
TCP: Interfaces\{1B920E41-5D7E-4884-968D-AFAAC5BCDE09} : NameServer = 192.168.1.254
TCP: Interfaces\{8FC5D8F0-1954-466D-A1FB-6F3B9C753B72} : NameServer = 192.168.1.254
TCP: Interfaces\{A8221B31-C75A-4CF8-B486-F09CAA1644D3} : DhcpNameServer = 203.0.178.191
TCP: Interfaces\{FE05EB90-FE75-465E-B7BF-FE7681AC136A} : NameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
LSA: Authentication Packages = msv1_0 nwprovau
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\chris\application data\mozilla\firefox\profiles\kdr9sf9w.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\chris\application data\mozilla\firefox\profiles\kdr9sf9w.default\extensions\firefogg@firefogg.org\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\chris\application data\mozilla\firefox\profiles\kdr9sf9w.default\extensions\firefogg@firefogg.org\platform\winnt_x86-msvc\components\libfirefoggencoder.dll
FF - plugin: c:\documents and settings\chris\application data\mozilla\firefox\profiles\kdr9sf9w.default\extensions\gametap@gametap.com\plugins\npGameTapWebUpdater.dll
FF - plugin: c:\documents and settings\chris\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\chris\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\chris\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\gametap web player\bin\release\npGameTapWebPlayer.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - plugin: d:\program files\opera\program\plugins\np_gp.dll
FF - plugin: d:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: d:\program files\opera\program\plugins\npdrmv2.dll
FF - plugin: d:\program files\opera\program\plugins\npdsplay.dll
FF - plugin: d:\program files\opera\program\plugins\NPJava11.dll
FF - plugin: d:\program files\opera\program\plugins\NPJava12.dll
FF - plugin: d:\program files\opera\program\plugins\NPJava13.dll
FF - plugin: d:\program files\opera\program\plugins\NPJava32.dll
FF - plugin: d:\program files\opera\program\plugins\NPJPI141_02.dll
FF - plugin: d:\program files\opera\program\plugins\NPOJI610.dll
FF - plugin: d:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin2.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin3.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin4.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin5.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin6.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin7.dll
FF - plugin: d:\program files\opera\program\plugins\npqtplugin8.dll
FF - plugin: d:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: d:\program files\opera\program\plugins\NPSWF32.dll
FF - plugin: d:\program files\opera\program\plugins\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2003-7-6 85265]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 120152]
R1 SLEE_13_DRIVER;Steganos Live Encryption Engine 13 [Driver];c:\windows\system32\drivers\slee13.sys [2005-10-4 74240]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2012-3-7 913144]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-2 217600]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
R3 DLKRTL;D-Link DFE-528TX PCI Adapter NT Driver;c:\windows\system32\drivers\DLKRTL.SYS [2001-10-10 25434]
S0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys --> c:\windows\system32\drivers\iteraid.sys [?]
S1 Wttablet;Serial Tablet Driver;c:\windows\system32\drivers\WTTABLET.SYS [1980-1-1 26240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-16 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 250568]
S3 Aic.ne;Aic.ne; [x]
S3 Aicmsr;Aicmsr; [x]
S3 Asytcci;Asytcci; [x]
S3 AWHelpServer;Alias Wavefront Help Server;c:\program files\aliaswavefront\maya5.0\docs\Wrapper.exe [2004-2-26 98304]
S3 Cobokitp;Cobokitp; [x]
S3 Coidriix_lic;Coidriix_lic; [x]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-8-28 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 ctgame;Game Port;c:\windows\system32\drivers\CTGAME.SYS [2002-12-30 12160]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 Dacosvrinpa;Dacosvrinpa; [x]
S3 DCamUSBNW800;CIF USB Camera (2110);c:\windows\system32\drivers\pcam800.sys [2010-12-28 210792]
S3 Desura Install Service;Desura Install Service;c:\program files\common files\desura\desura_service.exe [2011-4-11 131912]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-12-1 78136]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 glauiad;D-Link DSL-302G Modem;c:\windows\system32\drivers\glauiad.sys --> c:\windows\system32\drivers\glauiad.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-16 136176]
S3 Ipmc8xfgena;Ipmc8xfgena; [x]
S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2011-11-1 12032]
S3 Licm_gode;Licm_gode; [x]
S3 Maya5PLEHelpServer;Alias Maya 5.0 PLE Help Server;"d:\program files\aliaswavefront\maya 5.0 personal learning edition\docs\wrapper.exe" -s "d:\program files\aliaswavefront\maya 5.0 personal learning edition\docs/wrapper.conf" --> d:\program files\aliaswavefront\maya 5.0 personal learning edition\docs\Wrapper.exe [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PCNat;PC-Nat Miniport;c:\windows\system32\drivers\pcnat.sys [2004-11-2 30336]
S3 QDDWZ;QDDWZ;c:\docume~1\chris\locals~1\temp\QDDWZ.exe [2011-11-27 547712]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 SM200DPA;SkyMedia-200DPA Ethernet Adapter Win2000 Driver;c:\windows\system32\drivers\sm200dpa.sys [2004-1-30 40603]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-12-1 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-12-1 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-12-1 136808]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-12-1 181432]
S3 Usb0xr;Usb0xr; [x]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-23 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Cta960nds;Cta960nds; [x]
.
=============== Created Last 30 ================
.
2012-08-24 18:54:40 -------- d-----w- c:\documents and settings\chris\application data\Ad-Aware Antivirus
2012-08-24 17:06:31 -------- d-----w- C:\I386
2012-08-24 14:16:54 -------- d-----w- c:\documents and settings\chris\application data\ElevatedDiagnostics
2012-08-24 12:48:40 -------- d-----w- c:\program files\uTorrent
2012-08-24 12:33:34 -------- d-----w- c:\program files\Xiph.Org
2012-08-22 11:26:32 -------- d-----w- c:\documents and settings\chris\application data\Solveig Multimedia
2012-08-22 11:24:31 -------- d-----w- c:\program files\common files\Solveig Multimedia
2012-08-22 11:24:21 -------- d-----w- c:\program files\HyperCam 3
2012-08-22 10:42:51 -------- d-----w- c:\program files\CamStudio 2.6b
2012-08-14 07:11:12 65536 ----a-w- c:\windows\system32\frapsvid.dll
2012-08-14 05:49:35 -------- d-----w- c:\documents and settings\chris\local settings\application data\Sun
2012-08-14 05:44:35 -------- d-----w- c:\program files\Oracle
2012-08-13 03:35:32 5115584 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2012-08-03 08:28:37 -------- d-----w- c:\program files\Resonance
2012-08-03 04:27:20 -------- d-----w- C:\AGS6
2012-07-27 20:51:30 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-07-27 12:32:36 -------- d-----w- C:\tempflash
.
==================== Find3M ====================
.
2012-08-24 03:00:33 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 03:00:33 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 14:48:56 9826504 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-08-13 17:04:39 253120 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-08-13 17:04:39 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-08-13 17:03:24 253120 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-05 12:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-05 12:06:30 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec
2012-06-16 20:23:37 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 07:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 05:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 05:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 05:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 05:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 05:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 05:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1001FALS-00J7B1 rev.05.00K05 -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-10
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8B7B97AC]<<
c:\windows\system32\drivers\sptd.sys
_asm { PUSH EBP; MOV EBP, ESP; JMP 0xfffffffff4d34ea9; }
1 ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\Harddisk1\DR1[0x8B70FAB8]
3 CLASSPNP[0xB8118FD7] -> ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\000000a5[0x8B7DC6C8]
5 ACPI[0xB7E90620] -> ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\Ide\IdeDeviceP2T0L0-1f[0x8B712D98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 21:05:31.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:15 PM

Posted 28 August 2012 - 06:10 PM

Hello Rapid Dolphin, and welcome to BC!!! :thumbsup:

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

Sorry for the delay in response, our helping staff is quite outnumbered by the users in need of help!

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.

==========

Your logs do show some signs of concern:

c:\program files\uTorrent


I see you have downloaded uTorrent, a P2P program!

Please try not to use this program as it's a recipe for disaster! See my canned speech below for the dangers:

Going over your logs I noticed that you have <p2p program> installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent if it is installed, however that choice is up to you. If you choose to remove this program, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

==========

Step :step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

==========

Step :step2:

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

==========

In your next reply, please provide the following:


  • The TDSSKiller log
  • The aswMBR log

bloopie

Edited by bloopie, 28 August 2012 - 06:11 PM.


#3 Rapid Dolphin

Rapid Dolphin
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 29 August 2012 - 02:34 AM

Hi, bloopie,

Thanks very much for your assistance!

Yes, I do have the original Windows CD with SP2 included (but not SP3). As mentioned in my first post, however, sfc /scannow does not want to work.

Furthermore, here are some notes regarding aswMBR:

-aswMBR is now larger than 511KB as mentioned in your post. The current version is 4.5MB. It also prompts the user to download the latest Avast! virus signatures, which your post doesn't mention. I went ahead and downloaded those. But just letting you know in case you need to update/amend the instructions to cover these additional steps.

-While scanning with aswMBR, my ESET Smart Security popped up a warning box. "Threat: a variant of Win32/InstallCore.D potentially unwanted application". Please take a look at the JPG image that I have attached to this post called "Eset_warning.jpg" for the full message. Is this likely to be a false positive? What action do you recommend ESET to take?


Both TDSKiller and aswMBR turned up some issues.

Below are the two logs you have requested:

TDSSKiller.2.8.8.0_29.08.2012_15.44.38_log.txt

15:44:38.0187 7064 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
15:44:39.0250 7064 ============================================================
15:44:39.0250 7064 Current date / time: 2012/08/29 15:44:39.0250
15:44:39.0250 7064 SystemInfo:
15:44:39.0250 7064
15:44:39.0250 7064 OS Version: 5.1.2600 ServicePack: 3.0
15:44:39.0250 7064 Product type: Workstation
15:44:39.0250 7064 ComputerName: HERO
15:44:39.0250 7064 UserName: Chris
15:44:39.0250 7064 Windows directory: C:\WINDOWS
15:44:39.0250 7064 System windows directory: C:\WINDOWS
15:44:39.0265 7064 Processor architecture: Intel x86
15:44:39.0265 7064 Number of processors: 1
15:44:39.0265 7064 Page size: 0x1000
15:44:39.0265 7064 Boot type: Normal boot
15:44:39.0265 7064 ============================================================
15:44:40.0859 7064 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:44:40.0875 7064 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:44:40.0875 7064 Drive \Device\Harddisk2\DR4 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:44:40.0875 7064 ============================================================
15:44:40.0875 7064 \Device\Harddisk1\DR1:
15:44:40.0875 7064 MBR partitions:
15:44:40.0875 7064 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
15:44:40.0875 7064 \Device\Harddisk0\DR0:
15:44:40.0875 7064 MBR partitions:
15:44:40.0875 7064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
15:44:40.0875 7064 \Device\Harddisk2\DR4:
15:44:40.0875 7064 MBR partitions:
15:44:40.0875 7064 \Device\Harddisk2\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
15:44:40.0875 7064 ============================================================
15:44:40.0890 7064 C: <-> \Device\Harddisk1\DR1\Partition1
15:44:40.0921 7064 D: <-> \Device\Harddisk0\DR0\Partition1
15:44:40.0937 7064 I: <-> \Device\Harddisk2\DR4\Partition1
15:44:40.0937 7064 ============================================================
15:44:40.0937 7064 Initialize success
15:44:40.0937 7064 ============================================================
15:45:20.0390 6272 ============================================================
15:45:20.0390 6272 Scan started
15:45:20.0390 6272 Mode: Manual;
15:45:20.0390 6272 ============================================================
15:45:22.0187 6272 ================ Scan system memory ========================
15:45:22.0187 6272 System memory - ok
15:45:22.0187 6272 ================ Scan services =============================
15:45:22.0265 6272 [ 17067069B9A7865028C1F2E6971D0CCC ] aawservice C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
15:45:22.0281 6272 aawservice - ok
15:45:22.0312 6272 Abiosdsk - ok
15:45:22.0328 6272 abp480n5 - ok
15:45:22.0328 6272 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:45:22.0328 6272 ACPI - ok
15:45:22.0359 6272 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:45:22.0359 6272 ACPIEC - ok
15:45:22.0421 6272 [ 5532CF36C3E43ED99DF0D4092E3735E0 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
15:45:22.0421 6272 AcrSch2Svc - ok
15:45:22.0421 6272 adfs - ok
15:45:22.0453 6272 [ 303C174A7303A7702A68653152FC65A0 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:45:22.0453 6272 Adobe LM Service - ok
15:45:22.0515 6272 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:45:22.0515 6272 AdobeFlashPlayerUpdateSvc - ok
15:45:22.0531 6272 adpu160m - ok
15:45:22.0546 6272 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:45:22.0546 6272 aec - ok
15:45:22.0578 6272 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:45:22.0578 6272 AFD - ok
15:45:22.0593 6272 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
15:45:22.0609 6272 agp440 - ok
15:45:22.0609 6272 Aha154x - ok
15:45:22.0609 6272 aic78u2 - ok
15:45:22.0609 6272 aic78xx - ok
15:45:22.0625 6272 Aicmsr - ok
15:45:22.0656 6272 [ A9355A51698F6901B362EF738B15631D ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS
15:45:22.0671 6272 ALCXSENS - ok
15:45:22.0718 6272 [ B191753B1AA2E7B11A18D5FDE8248AA2 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
15:45:22.0734 6272 ALCXWDM - ok
15:45:22.0765 6272 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:45:22.0765 6272 Alerter - ok
15:45:22.0765 6272 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:45:22.0765 6272 ALG - ok
15:45:22.0765 6272 AliIde - ok
15:45:22.0781 6272 [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
15:45:22.0796 6272 AmdK7 - ok
15:45:22.0796 6272 amsint - ok
15:45:22.0828 6272 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:45:22.0828 6272 Apple Mobile Device - ok
15:45:22.0843 6272 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:45:22.0843 6272 AppMgmt - ok
15:45:22.0859 6272 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:45:22.0875 6272 Arp1394 - ok
15:45:22.0875 6272 asc - ok
15:45:22.0875 6272 asc3350p - ok
15:45:22.0875 6272 asc3550 - ok
15:45:22.0906 6272 [ ED8CEE58C1E4C5893F5B2FD686A272BF ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
15:45:22.0906 6272 Aspi32 - ok
15:45:22.0937 6272 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:45:22.0968 6272 aspnet_state - ok
15:45:22.0984 6272 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:45:22.0984 6272 AsyncMac - ok
15:45:22.0984 6272 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:45:22.0984 6272 atapi - ok
15:45:22.0984 6272 Atdisk - ok
15:45:23.0000 6272 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:45:23.0000 6272 Atmarpc - ok
15:45:23.0031 6272 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:45:23.0031 6272 AudioSrv - ok
15:45:23.0062 6272 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:45:23.0062 6272 audstub - ok
15:45:23.0093 6272 [ 277E8A2F70366EB959344BB89AC687CB ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
15:45:23.0093 6272 Autodesk Licensing Service - ok
15:45:23.0171 6272 [ B9636DF9CAF4787F15B20800F086B4C2 ] AWHelpServer C:\Program Files\AliasWavefront\Maya5.0\docs\Wrapper.exe
15:45:23.0171 6272 AWHelpServer - ok
15:45:23.0203 6272 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:45:23.0203 6272 Beep - ok
15:45:23.0250 6272 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
15:45:23.0250 6272 BITS - ok
15:45:23.0312 6272 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:45:23.0328 6272 Bonjour Service - ok
15:45:23.0328 6272 [ F934D1B230F84E1D19DD00AC5A7A83ED ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys
15:45:23.0328 6272 Bridge - ok
15:45:23.0328 6272 [ F934D1B230F84E1D19DD00AC5A7A83ED ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
15:45:23.0328 6272 BridgeMP - ok
15:45:23.0359 6272 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
15:45:23.0359 6272 Browser - ok
15:45:23.0375 6272 [ 349CBF60320E86E345D47931440DFE8A ] C-DillaSrv C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
15:45:23.0375 6272 C-DillaSrv - ok
15:45:23.0375 6272 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:45:23.0390 6272 cbidf2k - ok
15:45:23.0406 6272 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:45:23.0406 6272 CCDECODE - ok
15:45:23.0406 6272 cd20xrnt - ok
15:45:23.0421 6272 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:45:23.0421 6272 Cdaudio - ok
15:45:23.0453 6272 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:45:23.0453 6272 Cdfs - ok
15:45:23.0468 6272 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:45:23.0468 6272 Cdrom - ok
15:45:23.0468 6272 Changer - ok
15:45:23.0500 6272 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\System32\cisvc.exe
15:45:23.0500 6272 cisvc - ok
15:45:23.0531 6272 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:45:23.0531 6272 ClipSrv - ok
15:45:23.0578 6272 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:45:23.0687 6272 clr_optimization_v2.0.50727_32 - ok
15:45:23.0687 6272 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:45:23.0796 6272 clr_optimization_v4.0.30319_32 - ok
15:45:23.0796 6272 CmdIde - ok
15:45:23.0796 6272 Cobokitp - ok
15:45:23.0796 6272 Coidriix_lic - ok
15:45:23.0796 6272 COMSysApp - ok
15:45:23.0812 6272 Cpqarray - ok
15:45:23.0828 6272 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
15:45:23.0828 6272 Creative Audio Engine Licensing Service - ok
15:45:23.0875 6272 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\System32\CTsvcCDA.exe
15:45:23.0875 6272 Creative Service for CDROM Access - ok
15:45:23.0890 6272 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:45:23.0890 6272 CryptSvc - ok
15:45:23.0953 6272 [ F054744F67576A01139885173392502B ] CrystalSysInfo C:\Program Files\MediaCoder\SysInfo.sys
15:45:23.0953 6272 CrystalSysInfo - ok
15:45:24.0000 6272 [ 134CDD242AF1AE9961F065FBA3508A7B ] CT20XUT C:\WINDOWS\system32\drivers\CT20XUT.SYS
15:45:24.0015 6272 CT20XUT - ok
15:45:24.0015 6272 [ 134CDD242AF1AE9961F065FBA3508A7B ] CT20XUT.SYS C:\WINDOWS\System32\drivers\CT20XUT.SYS
15:45:24.0015 6272 CT20XUT.SYS - ok
15:45:24.0046 6272 Cta960nds - ok
15:45:24.0093 6272 [ 93439BAF09CE3C6D4CE55DA5B07D1B6A ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
15:45:24.0093 6272 ctac32k - ok
15:45:24.0109 6272 [ 6AB74512F09D673452D63DDEC9014DB5 ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys
15:45:24.0125 6272 ctaud2k - ok
15:45:24.0171 6272 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
15:45:24.0171 6272 CTAudSvcService - ok
15:45:24.0203 6272 [ 788DB5D99B2CA44FF61D8ED7B3C67C2E ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys
15:45:24.0203 6272 ctdvda2k - ok
15:45:24.0250 6272 [ 3A9AD039D94BE8D955AD0B2CB207378D ] CTEXFIFX C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
15:45:24.0265 6272 CTEXFIFX - ok
15:45:24.0281 6272 [ 3A9AD039D94BE8D955AD0B2CB207378D ] CTEXFIFX.SYS C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
15:45:24.0296 6272 CTEXFIFX.SYS - ok
15:45:24.0328 6272 [ BFC40092329CF4AB838CC4A6F2FAD659 ] ctgame C:\WINDOWS\system32\DRIVERS\ctgame.sys
15:45:24.0328 6272 ctgame - ok
15:45:24.0328 6272 [ 4602AD8C8E1B285E1A23A957F487DA86 ] CTHWIUT C:\WINDOWS\system32\drivers\CTHWIUT.SYS
15:45:24.0328 6272 CTHWIUT - ok
15:45:24.0328 6272 [ 4602AD8C8E1B285E1A23A957F487DA86 ] CTHWIUT.SYS C:\WINDOWS\System32\drivers\CTHWIUT.SYS
15:45:24.0328 6272 CTHWIUT.SYS - ok
15:45:24.0343 6272 [ D42B84671F2193330215D3C375A2E948 ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
15:45:24.0343 6272 ctprxy2k - ok
15:45:24.0359 6272 [ 974CFCBE3206367BEC1D527D9DADE998 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
15:45:24.0359 6272 ctsfm2k - ok
15:45:24.0375 6272 dac2w2k - ok
15:45:24.0375 6272 dac960nt - ok
15:45:24.0375 6272 Dacosvrinpa - ok
15:45:24.0406 6272 [ BB005CB49D0638039703AC4F67FE0A05 ] DC21x4 C:\WINDOWS\system32\DRIVERS\dc21x4.sys
15:45:24.0406 6272 DC21x4 - ok
15:45:24.0421 6272 [ 50EA1768AE3DCB62BD8DC8DC0CF1C43D ] DCamUSBMke C:\WINDOWS\system32\Drivers\Mkeusbi.sys
15:45:24.0421 6272 DCamUSBMke - ok
15:45:24.0421 6272 [ 5A5E1C673FD8751A54734A7BE7D35BA0 ] DCamUSBMke2 C:\WINDOWS\system32\Drivers\Mkeusbi2.sys
15:45:24.0437 6272 DCamUSBMke2 - ok
15:45:24.0484 6272 [ 964990E5EDCFFA33F8B4EAB1063CF3DB ] DCamUSBNW800 C:\WINDOWS\system32\DRIVERS\pcam800.sys
15:45:24.0484 6272 DCamUSBNW800 - ok
15:45:24.0515 6272 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:45:24.0531 6272 DcomLaunch - ok
15:45:24.0562 6272 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files\Common Files\Desura\desura_service.exe
15:45:24.0562 6272 Desura Install Service - ok
15:45:24.0562 6272 dgderdrv - ok
15:45:24.0609 6272 [ D8522960163FA593694E441194A9A574 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
15:45:24.0609 6272 dg_ssudbus - ok
15:45:24.0640 6272 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:45:24.0640 6272 Dhcp - ok
15:45:24.0656 6272 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:45:24.0656 6272 Disk - ok
15:45:24.0687 6272 [ 23E991DBA80C26F456B0CB0DD0CD3F24 ] DLKRTL C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS
15:45:24.0687 6272 DLKRTL - ok
15:45:24.0687 6272 dmadmin - ok
15:45:24.0734 6272 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:45:24.0734 6272 dmboot - ok
15:45:24.0750 6272 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:45:24.0750 6272 dmio - ok
15:45:24.0765 6272 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:45:24.0765 6272 dmload - ok
15:45:24.0796 6272 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:45:24.0796 6272 dmserver - ok
15:45:24.0796 6272 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:45:24.0796 6272 DMusic - ok
15:45:24.0828 6272 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:45:24.0828 6272 Dnscache - ok
15:45:24.0859 6272 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:45:24.0859 6272 Dot3svc - ok
15:45:24.0890 6272 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
15:45:24.0890 6272 dot4 - ok
15:45:24.0890 6272 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
15:45:24.0906 6272 Dot4Print - ok
15:45:24.0921 6272 [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
15:45:24.0921 6272 dot4usb - ok
15:45:24.0921 6272 dpti2o - ok
15:45:24.0921 6272 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:45:24.0921 6272 drmkaud - ok
15:45:24.0937 6272 [ 2476936F4994E9084CCFE75ED4F6226A ] E1000 C:\WINDOWS\system32\DRIVERS\e1000325.sys
15:45:24.0937 6272 E1000 - ok
15:45:24.0968 6272 [ 8C2B6BBC82AD12CD9A2E73E5DCBBA705 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
15:45:24.0968 6272 eamon - ok
15:45:25.0000 6272 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:45:25.0000 6272 EapHost - ok
15:45:25.0000 6272 [ 5412ED24FFFCA64E2F0168399B86C952 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
15:45:25.0000 6272 ehdrv - ok
15:45:25.0078 6272 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
15:45:25.0078 6272 ekrn - ok
15:45:25.0125 6272 [ 04AFE5C11777E33178EC11E1FAC47B07 ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys
15:45:25.0125 6272 emupia - ok
15:45:25.0156 6272 [ 774BABCB1144513DC86992003740B774 ] epfw C:\WINDOWS\system32\DRIVERS\epfw.sys
15:45:25.0156 6272 epfw - ok
15:45:25.0171 6272 [ 4B86DA2C58063B647577CD669CFFAEEB ] Epfwndis C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
15:45:25.0171 6272 Epfwndis - ok
15:45:25.0203 6272 [ 1B36748EA9E25549EBE5D8EA105BD981 ] epfwtdi C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
15:45:25.0203 6272 epfwtdi - ok
15:45:25.0218 6272 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:45:25.0218 6272 ERSvc - ok
15:45:25.0250 6272 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:45:25.0250 6272 Eventlog - ok
15:45:25.0265 6272 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
15:45:25.0265 6272 EventSystem - ok
15:45:25.0265 6272 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:45:25.0281 6272 Fastfat - ok
15:45:25.0328 6272 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:45:25.0328 6272 FastUserSwitchingCompatibility - ok
15:45:25.0343 6272 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:45:25.0343 6272 Fdc - ok
15:45:25.0359 6272 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:45:25.0375 6272 Fips - ok
15:45:25.0390 6272 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:45:25.0406 6272 FLEXnet Licensing Service - ok
15:45:25.0421 6272 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:45:25.0421 6272 Flpydisk - ok
15:45:25.0437 6272 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:45:25.0437 6272 FltMgr - ok
15:45:25.0500 6272 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:45:25.0500 6272 FontCache3.0.0.0 - ok
15:45:25.0500 6272 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:45:25.0500 6272 Fs_Rec - ok
15:45:25.0515 6272 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:45:25.0515 6272 Ftdisk - ok
15:45:25.0531 6272 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
15:45:25.0531 6272 gameenum - ok
15:45:25.0546 6272 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
15:45:25.0546 6272 GEARAspiWDM - ok
15:45:25.0546 6272 glauiad - ok
15:45:25.0578 6272 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:45:25.0578 6272 Gpc - ok
15:45:25.0609 6272 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:45:25.0609 6272 gupdate - ok
15:45:25.0609 6272 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:45:25.0609 6272 gupdatem - ok
15:45:25.0640 6272 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:45:25.0640 6272 gusvc - ok
15:45:25.0687 6272 [ 75804D07BE3727C4106E2504E9F8D883 ] ha10kx2k C:\WINDOWS\system32\drivers\ha10kx2k.sys
15:45:25.0703 6272 ha10kx2k - ok
15:45:25.0734 6272 [ 41FCE1833D8F659ACC56CB0EE43B2CED ] ha20x2k C:\WINDOWS\system32\drivers\ha20x2k.sys
15:45:25.0750 6272 ha20x2k - ok
15:45:25.0750 6272 [ 9A67B35B9FBE2C38E67E8339FD7182E7 ] hap16v2k C:\WINDOWS\system32\drivers\hap16v2k.sys
15:45:25.0781 6272 hap16v2k - ok
15:45:25.0843 6272 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:45:25.0843 6272 helpsvc - ok
15:45:25.0859 6272 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
15:45:25.0859 6272 HidServ - ok
15:45:25.0875 6272 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:45:25.0875 6272 hidusb - ok
15:45:25.0906 6272 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:45:25.0906 6272 hkmsvc - ok
15:45:25.0906 6272 hpn - ok
15:45:25.0906 6272 hpt3xx - ok
15:45:25.0953 6272 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:45:25.0953 6272 HTTP - ok
15:45:25.0984 6272 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:45:25.0984 6272 HTTPFilter - ok
15:45:26.0000 6272 i2omgmt - ok
15:45:26.0000 6272 i2omp - ok
15:45:26.0015 6272 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:45:26.0015 6272 i8042prt - ok
15:45:26.0093 6272 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:45:26.0093 6272 IDriverT - ok
15:45:26.0140 6272 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:45:26.0140 6272 idsvc - ok
15:45:26.0203 6272 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:45:26.0203 6272 Imapi - ok
15:45:26.0234 6272 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
15:45:26.0234 6272 ImapiService - ok
15:45:26.0234 6272 ini910u - ok
15:45:26.0234 6272 IntelIde - ok
15:45:26.0265 6272 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:45:26.0265 6272 intelppm - ok
15:45:26.0296 6272 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:45:26.0296 6272 Ip6Fw - ok
15:45:26.0296 6272 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:45:26.0296 6272 IpFilterDriver - ok
15:45:26.0312 6272 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:45:26.0328 6272 IpInIp - ok
15:45:26.0328 6272 Ipmc8xfgena - ok
15:45:26.0359 6272 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:45:26.0359 6272 IpNat - ok
15:45:26.0390 6272 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:45:26.0390 6272 iPod Service - ok
15:45:26.0421 6272 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:45:26.0421 6272 IPSec - ok
15:45:26.0437 6272 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:45:26.0437 6272 IRENUM - ok
15:45:26.0468 6272 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:45:26.0468 6272 isapnp - ok
15:45:26.0468 6272 iteraid - ok
15:45:26.0515 6272 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
15:45:26.0515 6272 JavaQuickStarterService - ok
15:45:26.0531 6272 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:45:26.0531 6272 Kbdclass - ok
15:45:26.0531 6272 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:45:26.0531 6272 kbdhid - ok
15:45:26.0546 6272 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:45:26.0546 6272 kmixer - ok
15:45:26.0562 6272 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:45:26.0562 6272 KSecDD - ok
15:45:26.0578 6272 [ 5E34CD48B7EB440BB77E93528CC9F0CC ] LachesisFltr C:\WINDOWS\system32\drivers\Lachesis.sys
15:45:26.0578 6272 LachesisFltr - ok
15:45:26.0609 6272 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
15:45:26.0609 6272 LanmanServer - ok
15:45:26.0625 6272 [ A8888A5327621856C0CEC4E385F69309 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
15:45:26.0625 6272 LanmanWorkstation - ok
15:45:26.0625 6272 lbrtfdc - ok
15:45:26.0656 6272 [ 10EB325F40685EF8304895BDE9544BAF ] LCcfltr C:\WINDOWS\system32\drivers\lccfltr.sys
15:45:26.0671 6272 LCcfltr - ok
15:45:26.0703 6272 [ E8E25EDB0D3AB0BC459405BCAF824FDF ] LHidFlt2 C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys
15:45:26.0703 6272 LHidFlt2 - ok
15:45:26.0734 6272 [ FF683C656AC51E28AFE5CCB53A4BD247 ] LHidUsb C:\WINDOWS\system32\drivers\LHidUsb.Sys
15:45:26.0750 6272 LHidUsb - ok
15:45:26.0750 6272 [ 18E48E9D5683860773A078C7C3837DAF ] LKbdFlt2 C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
15:45:26.0750 6272 LKbdFlt2 - ok
15:45:26.0796 6272 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:45:26.0796 6272 LmHosts - ok
15:45:26.0796 6272 [ D1D5F7CBECEF5C0C9F019B0C534BE289 ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
15:45:26.0812 6272 LMouFlt2 - ok
15:45:26.0843 6272 Maya5PLEHelpServer - ok
15:45:26.0875 6272 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:45:26.0875 6272 Messenger - ok
15:45:26.0968 6272 Microsoft SharePoint Workspace Audit Service - ok
15:45:27.0000 6272 [ 14FA0E88146BD100EA222BD0231A97BE ] MKEMUSB C:\WINDOWS\system32\Drivers\Mkemusb.sys
15:45:27.0000 6272 MKEMUSB - ok
15:45:27.0015 6272 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:45:27.0015 6272 mnmdd - ok
15:45:27.0031 6272 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
15:45:27.0031 6272 mnmsrvc - ok
15:45:27.0078 6272 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:45:27.0078 6272 Modem - ok
15:45:27.0093 6272 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
15:45:27.0093 6272 MODEMCSA - ok
15:45:27.0109 6272 [ FE80C18BA448DDD76B7BEAD9EB203D37 ] motmodem C:\WINDOWS\system32\DRIVERS\motmodem.sys
15:45:27.0109 6272 motmodem - ok
15:45:27.0140 6272 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:45:27.0140 6272 Mouclass - ok
15:45:27.0140 6272 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:45:27.0140 6272 mouhid - ok
15:45:27.0140 6272 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:45:27.0140 6272 MountMgr - ok
15:45:27.0203 6272 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:45:27.0203 6272 MozillaMaintenance - ok
15:45:27.0218 6272 mraid35x - ok
15:45:27.0234 6272 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:45:27.0234 6272 MRxDAV - ok
15:45:27.0281 6272 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:45:27.0281 6272 MRxSmb - ok
15:45:27.0312 6272 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
15:45:27.0343 6272 MSDTC - ok
15:45:27.0375 6272 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:45:27.0375 6272 Msfs - ok
15:45:27.0375 6272 MSIServer - ok
15:45:27.0406 6272 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:45:27.0406 6272 MSKSSRV - ok
15:45:27.0437 6272 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:45:27.0437 6272 MSPCLOCK - ok
15:45:27.0437 6272 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:45:27.0437 6272 MSPQM - ok
15:45:27.0437 6272 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:45:27.0437 6272 mssmbios - ok
15:45:27.0453 6272 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
15:45:27.0453 6272 MSTEE - ok
15:45:27.0468 6272 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
15:45:27.0468 6272 ms_mpu401 - ok
15:45:27.0484 6272 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:45:27.0484 6272 Mup - ok
15:45:27.0500 6272 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:45:27.0500 6272 NABTSFEC - ok
15:45:27.0546 6272 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:45:27.0546 6272 napagent - ok
15:45:27.0562 6272 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:45:27.0562 6272 NDIS - ok
15:45:27.0578 6272 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:45:27.0578 6272 NdisIP - ok
15:45:27.0609 6272 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:45:27.0609 6272 NdisTapi - ok
15:45:27.0609 6272 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:45:27.0609 6272 Ndisuio - ok
15:45:27.0625 6272 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:45:27.0625 6272 NdisWan - ok
15:45:27.0640 6272 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:45:27.0640 6272 NDProxy - ok
15:45:27.0656 6272 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:45:27.0656 6272 NetBIOS - ok
15:45:27.0687 6272 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:45:27.0687 6272 NetBT - ok
15:45:27.0718 6272 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:45:27.0718 6272 NetDDE - ok
15:45:27.0718 6272 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:45:27.0718 6272 NetDDEdsdm - ok
15:45:27.0734 6272 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
15:45:27.0734 6272 Netlogon - ok
15:45:27.0781 6272 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:45:27.0796 6272 Netman - ok
15:45:27.0828 6272 [ 737351F39FEF765234037770ABDD72BD ] NetSvc C:\Program Files\Intel\NCS\Sync\NetSvc.exe
15:45:27.0828 6272 NetSvc - ok
15:45:27.0859 6272 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:45:27.0859 6272 NetTcpPortSharing - ok
15:45:27.0875 6272 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:45:27.0890 6272 NIC1394 - ok
15:45:27.0937 6272 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:45:27.0937 6272 Nla - ok
15:45:27.0937 6272 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:45:27.0937 6272 Npfs - ok
15:45:27.0953 6272 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:45:27.0953 6272 Ntfs - ok
15:45:27.0968 6272 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
15:45:27.0968 6272 NtLmSsp - ok
15:45:28.0015 6272 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:45:28.0015 6272 NtmsSvc - ok
15:45:28.0031 6272 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:45:28.0031 6272 Null - ok
15:45:28.0203 6272 [ 18C9B152DA7BEA76B2F9E4B6412E0AAF ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:45:28.0375 6272 nv - ok
15:45:28.0390 6272 [ F45FDCB8D45439459A6B738AEF45AA94 ] nvatabus C:\WINDOWS\system32\DRIVERS\nvatabus.sys
15:45:28.0390 6272 nvatabus - ok
15:45:28.0406 6272 [ A8C1E6FF53FB0628A302843EA5FA5AB6 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
15:45:28.0421 6272 nvsvc - ok
15:45:28.0453 6272 [ 2C2FD0E6B0180F94C260DD26706AA5F4 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
15:45:28.0453 6272 NWCWorkstation - ok
15:45:28.0484 6272 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:45:28.0484 6272 NwlnkFlt - ok
15:45:28.0484 6272 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:45:28.0484 6272 NwlnkFwd - ok
15:45:28.0515 6272 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
15:45:28.0515 6272 NwlnkIpx - ok
15:45:28.0531 6272 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
15:45:28.0531 6272 NwlnkNb - ok
15:45:28.0562 6272 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
15:45:28.0562 6272 NwlnkSpx - ok
15:45:28.0593 6272 [ 36B9B950E3D2E100970A48D8BAD86740 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
15:45:28.0593 6272 NWRDR - ok
15:45:28.0593 6272 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:45:28.0593 6272 ohci1394 - ok
15:45:28.0671 6272 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:45:28.0671 6272 ose - ok
15:45:28.0796 6272 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:45:28.0875 6272 osppsvc - ok
15:45:28.0875 6272 [ 11B3328D84ED6C11BAF4F4F115459AB6 ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys
15:45:28.0890 6272 ossrv - ok
15:45:28.0890 6272 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:45:28.0890 6272 Parport - ok
15:45:28.0906 6272 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:45:28.0906 6272 PartMgr - ok
15:45:28.0921 6272 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:45:28.0921 6272 ParVdm - ok
15:45:28.0921 6272 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:45:28.0921 6272 PCI - ok
15:45:28.0921 6272 PCIDump - ok
15:45:28.0937 6272 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:45:28.0937 6272 PCIIde - ok
15:45:28.0968 6272 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:45:28.0968 6272 Pcmcia - ok
15:45:29.0000 6272 [ DE0D039B1A3C7ABF5755C38FCF560B3F ] PCNat C:\WINDOWS\system32\DRIVERS\pcnat.sys
15:45:29.0015 6272 PCNat - ok
15:45:29.0015 6272 Pcouffin - ok
15:45:29.0031 6272 PDCOMP - ok
15:45:29.0031 6272 PDFRAME - ok
15:45:29.0031 6272 PDRELI - ok
15:45:29.0031 6272 PDRFRAME - ok
15:45:29.0046 6272 perc2 - ok
15:45:29.0046 6272 perc2hib - ok
15:45:29.0078 6272 [ 391CC6558303C5C3DE04A5D50F1C4B2A ] PfModNT C:\WINDOWS\System32\drivers\PfModNT.sys
15:45:29.0078 6272 PfModNT - ok
15:45:29.0093 6272 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:45:29.0093 6272 PlugPlay - ok
15:45:29.0109 6272 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
15:45:29.0109 6272 PolicyAgent - ok
15:45:29.0109 6272 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:45:29.0109 6272 PptpMiniport - ok
15:45:29.0125 6272 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
15:45:29.0125 6272 Processor - ok
15:45:29.0125 6272 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:45:29.0125 6272 ProtectedStorage - ok
15:45:29.0125 6272 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:45:29.0125 6272 Ptilink - ok
15:45:29.0140 6272 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:45:29.0140 6272 PxHelp20 - ok
15:45:29.0328 6272 [ 291BA02A6C2A6A8D981C104935AF2BFE ] QDDWZ C:\DOCUME~1\Chris\LOCALS~1\Temp\QDDWZ.exe
15:45:29.0328 6272 QDDWZ - ok
15:45:29.0343 6272 ql1080 - ok
15:45:29.0343 6272 Ql10wnt - ok
15:45:29.0343 6272 ql12160 - ok
15:45:29.0343 6272 ql1240 - ok
15:45:29.0343 6272 ql1280 - ok
15:45:29.0359 6272 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:45:29.0359 6272 RasAcd - ok
15:45:29.0390 6272 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:45:29.0390 6272 RasAuto - ok
15:45:29.0406 6272 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:45:29.0406 6272 Rasl2tp - ok
15:45:29.0437 6272 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:45:29.0437 6272 RasMan - ok
15:45:29.0468 6272 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:45:29.0468 6272 RasPppoe - ok
15:45:29.0468 6272 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:45:29.0468 6272 Raspti - ok
15:45:29.0500 6272 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:45:29.0500 6272 Rdbss - ok
15:45:29.0500 6272 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:45:29.0500 6272 RDPCDD - ok
15:45:29.0515 6272 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:45:29.0515 6272 rdpdr - ok
15:45:29.0562 6272 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:45:29.0562 6272 RDPWD - ok
15:45:29.0578 6272 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:45:29.0578 6272 RDSessMgr - ok
15:45:29.0593 6272 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:45:29.0593 6272 redbook - ok
15:45:29.0609 6272 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:45:29.0609 6272 RemoteAccess - ok
15:45:29.0656 6272 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:45:29.0656 6272 RemoteRegistry - ok
15:45:29.0671 6272 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
15:45:29.0671 6272 RpcLocator - ok
15:45:29.0703 6272 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
15:45:29.0703 6272 RpcSs - ok
15:45:29.0703 6272 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
15:45:29.0718 6272 RSVP - ok
15:45:29.0718 6272 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:45:29.0718 6272 rtl8139 - ok
15:45:29.0734 6272 [ 0C57C0F776361B155B00D245C99B41F6 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
15:45:29.0734 6272 RTLE8023xp - ok
15:45:29.0734 6272 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:45:29.0734 6272 SamSs - ok
15:45:29.0734 6272 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:45:29.0750 6272 SCardSvr - ok
15:45:29.0750 6272 [ 65B47E763ED55F35F787A7918272D155 ] SCDEmu C:\WINDOWS\system32\drivers\SCDEmu.sys
15:45:29.0750 6272 SCDEmu - ok
15:45:29.0765 6272 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:45:29.0765 6272 Schedule - ok
15:45:29.0765 6272 SCREAMINGBDRIVER - ok
15:45:29.0843 6272 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:45:29.0843 6272 SeaPort - ok
15:45:29.0875 6272 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:45:29.0875 6272 Secdrv - ok
15:45:29.0890 6272 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:45:29.0890 6272 seclogon - ok
15:45:29.0906 6272 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:45:29.0906 6272 SENS - ok
15:45:29.0953 6272 [ 8627C992B8A80504FC477B2E8FF8EC4F ] Sentinel C:\WINDOWS\System32\Drivers\SENTINEL.SYS
15:45:29.0953 6272 Sentinel - ok
15:45:29.0953 6272 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:45:29.0953 6272 serenum - ok
15:45:29.0953 6272 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:45:29.0968 6272 Serial - ok
15:45:30.0015 6272 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:45:30.0015 6272 Sfloppy - ok
15:45:30.0046 6272 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:45:30.0046 6272 ShellHWDetection - ok
15:45:30.0093 6272 [ 6B52D4C37D8D2295D14BDE2E53B8D9FE ] SI3112r C:\WINDOWS\system32\DRIVERS\si3112r.sys
15:45:30.0093 6272 SI3112r - ok
15:45:30.0109 6272 [ E393A2822FDBB3EC3648FD64E54CDDA0 ] SiFilter C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
15:45:30.0109 6272 SiFilter - ok
15:45:30.0125 6272 Simbad - ok
15:45:30.0250 6272 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:45:30.0296 6272 Skype C2C Service - ok
15:45:30.0312 6272 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
15:45:30.0312 6272 SkypeUpdate - ok
15:45:30.0312 6272 [ 17F8208256434AB3B975BAC90BA090F0 ] SLEE_13_DRIVER C:\WINDOWS\System32\drivers\SLEE13.sys
15:45:30.0312 6272 SLEE_13_DRIVER - ok
15:45:30.0328 6272 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:45:30.0328 6272 SLIP - ok
15:45:30.0343 6272 SLService - ok
15:45:30.0359 6272 [ A14AE500C1D544A94765F48A20CE7A49 ] SM200DPA C:\WINDOWS\system32\DRIVERS\sm200dpa.sys
15:45:30.0375 6272 SM200DPA - ok
15:45:30.0390 6272 [ 5CE1CF27620B144E212D407CDB14D339 ] snapman380 C:\WINDOWS\system32\DRIVERS\snman380.sys
15:45:30.0390 6272 snapman380 - ok
15:45:30.0406 6272 Sparrow - ok
15:45:30.0437 6272 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:45:30.0437 6272 splitter - ok
15:45:30.0468 6272 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:45:30.0468 6272 Spooler - ok
15:45:30.0500 6272 [ 73205BD9A388639C210636793FE3FD61 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
15:45:30.0500 6272 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 73205BD9A388639C210636793FE3FD61
15:45:30.0500 6272 sptd ( LockedFile.Multi.Generic ) - warning
15:45:30.0500 6272 sptd - detected LockedFile.Multi.Generic (1)
15:45:30.0500 6272 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:45:30.0500 6272 sr - ok
15:45:30.0546 6272 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
15:45:30.0546 6272 srservice - ok
15:45:30.0562 6272 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:45:30.0562 6272 Srv - ok
15:45:30.0578 6272 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
15:45:30.0593 6272 ssadbus - ok
15:45:30.0593 6272 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
15:45:30.0593 6272 ssadmdfl - ok
15:45:30.0625 6272 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
15:45:30.0625 6272 ssadmdm - ok
15:45:30.0640 6272 [ 069351A1D7D291013177A90AE6EDCCBC ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
15:45:30.0640 6272 sscdbus - ok
15:45:30.0656 6272 [ 1C925BE223A5C0F9F469252292A48DF6 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
15:45:30.0656 6272 sscdmdfl - ok
15:45:30.0671 6272 [ AE3E77AE0FBDB07EB1AC3FED74A0695E ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
15:45:30.0671 6272 sscdmdm - ok
15:45:30.0687 6272 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:45:30.0687 6272 SSDPSRV - ok
15:45:30.0734 6272 [ 1B4052F016BA5E087689ABA536A0A927 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
15:45:30.0734 6272 ssudmdm - ok
15:45:30.0796 6272 [ AB2B9349ADA4AC5EC74B622B8303FE23 ] StarWindService C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
15:45:30.0796 6272 StarWindService - ok
15:45:30.0828 6272 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:45:30.0828 6272 stisvc - ok
15:45:30.0859 6272 [ 5708D7B7352B5B07A9A6ED4AE8DE08DF ] StkAMini C:\WINDOWS\system32\Drivers\StkAMini.sys
15:45:30.0859 6272 StkAMini - ok
15:45:30.0890 6272 [ 5CCFE3B03F97005D221BA897C9A20B38 ] StkASSrv C:\WINDOWS\System32\StkASv2K.exe
15:45:30.0890 6272 StkASSrv - ok
15:45:30.0921 6272 [ 83406FB18CB0ABFEC501ADD986D63572 ] StkScan C:\WINDOWS\system32\Drivers\StkScan.sys
15:45:30.0921 6272 StkScan - ok
15:45:30.0937 6272 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:45:30.0937 6272 streamip - ok
15:45:30.0968 6272 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:45:30.0968 6272 swenum - ok
15:45:30.0968 6272 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:45:30.0968 6272 swmidi - ok
15:45:30.0984 6272 SwPrv - ok
15:45:30.0984 6272 symc810 - ok
15:45:30.0984 6272 symc8xx - ok
15:45:30.0984 6272 sym_hi - ok
15:45:30.0984 6272 sym_u3 - ok
15:45:31.0000 6272 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:45:31.0000 6272 sysaudio - ok
15:45:31.0015 6272 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:45:31.0015 6272 SysmonLog - ok
15:45:31.0046 6272 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:45:31.0062 6272 TapiSrv - ok
15:45:31.0078 6272 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:45:31.0078 6272 Tcpip - ok
15:45:31.0109 6272 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:45:31.0109 6272 TDPIPE - ok
15:45:31.0156 6272 [ D953F161177DAB3C8440844A9AB6E5A2 ] tdrpman174 C:\WINDOWS\system32\DRIVERS\tdrpm174.sys
15:45:31.0156 6272 tdrpman174 - ok
15:45:31.0171 6272 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:45:31.0171 6272 TDTCP - ok
15:45:31.0187 6272 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:45:31.0187 6272 TermDD - ok
15:45:31.0234 6272 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:45:31.0234 6272 TermService - ok
15:45:31.0250 6272 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:45:31.0250 6272 Themes - ok
15:45:31.0265 6272 [ 6DCB8DDB481CD3C40FA68593723B4D89 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
15:45:31.0265 6272 tifsfilter - ok
15:45:31.0265 6272 [ 394FC70B88B7958FA85798BBC76D140A ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
15:45:31.0281 6272 timounter - ok
15:45:31.0296 6272 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
15:45:31.0296 6272 TlntSvr - ok
15:45:31.0296 6272 TosIde - ok
15:45:31.0312 6272 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:45:31.0312 6272 TrkWks - ok
15:45:31.0312 6272 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:45:31.0312 6272 Udfs - ok
15:45:31.0328 6272 [ 1C768107AC5BD510686C8F0E4DA30C48 ] uisp C:\WINDOWS\system32\Drivers\usbicp.sys
15:45:31.0328 6272 uisp - ok
15:45:31.0343 6272 [ 8E6D8AF8B2E589338292D8373195F206 ] ULCDRHlp C:\WINDOWS\system32\Drivers\ULCDRHlp.sys
15:45:31.0343 6272 ULCDRHlp - ok
15:45:31.0375 6272 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
15:45:31.0375 6272 UleadBurningHelper - ok
15:45:31.0375 6272 ultra - ok
15:45:31.0390 6272 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:45:31.0406 6272 Update - ok
15:45:31.0437 6272 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:45:31.0453 6272 upnphost - ok
15:45:31.0468 6272 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:45:31.0468 6272 UPS - ok
15:45:31.0500 6272 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
15:45:31.0500 6272 USBAAPL - ok
15:45:31.0515 6272 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
15:45:31.0515 6272 usbaudio - ok
15:45:31.0531 6272 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:45:31.0531 6272 usbccgp - ok
15:45:31.0562 6272 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:45:31.0562 6272 usbehci - ok
15:45:31.0562 6272 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:45:31.0562 6272 usbhub - ok
15:45:31.0609 6272 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:45:31.0625 6272 usbohci - ok
15:45:31.0640 6272 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:45:31.0640 6272 usbprint - ok
15:45:31.0671 6272 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:45:31.0671 6272 usbscan - ok
15:45:31.0703 6272 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:45:31.0703 6272 USBSTOR - ok
15:45:31.0734 6272 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:45:31.0734 6272 usbuhci - ok
15:45:31.0734 6272 [ CCC552DEF5FCDC9FFA86C98452F7B8B5 ] USIUDF C:\WINDOWS\system32\Drivers\USIUDF.sys
15:45:31.0734 6272 USIUDF - ok
15:45:31.0765 6272 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:45:31.0765 6272 VgaSave - ok
15:45:31.0765 6272 ViaIde - ok
15:45:31.0781 6272 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:45:31.0781 6272 VolSnap - ok
15:45:31.0796 6272 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:45:31.0796 6272 VSS - ok
15:45:31.0859 6272 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
15:45:31.0875 6272 W32Time - ok
15:45:31.0906 6272 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:45:31.0906 6272 Wanarp - ok
15:45:31.0937 6272 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:45:31.0953 6272 Wdf01000 - ok
15:45:31.0953 6272 WDICA - ok
15:45:31.0984 6272 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:45:31.0984 6272 wdmaud - ok
15:45:32.0000 6272 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:45:32.0000 6272 WebClient - ok
15:45:32.0062 6272 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:45:32.0062 6272 winmgmt - ok
15:45:32.0109 6272 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
15:45:32.0125 6272 WinRM - ok
15:45:32.0156 6272 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
15:45:32.0156 6272 WinUSB - ok
15:45:32.0234 6272 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:45:32.0250 6272 wlidsvc - ok
15:45:32.0281 6272 [ 581176F60885AEF8F78C6E38DCC3CDF9 ] WMDM PMSP Service C:\WINDOWS\System32\MsPMSPSv.exe
15:45:32.0281 6272 WMDM PMSP Service - ok
15:45:32.0328 6272 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:45:32.0328 6272 WmdmPmSN - ok
15:45:32.0375 6272 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:45:32.0390 6272 Wmi - ok
15:45:32.0406 6272 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:45:32.0406 6272 WmiAcpi - ok
15:45:32.0437 6272 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
15:45:32.0437 6272 WmiApSrv - ok
15:45:32.0515 6272 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:45:32.0515 6272 WMPNetworkSvc - ok
15:45:32.0546 6272 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
15:45:32.0546 6272 WpdUsb - ok
15:45:32.0687 6272 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:45:32.0703 6272 WPFFontCache_v0400 - ok
15:45:32.0734 6272 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:45:32.0734 6272 wscsvc - ok
15:45:32.0734 6272 WSearch - ok
15:45:32.0781 6272 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:45:32.0796 6272 WSTCODEC - ok
15:45:32.0828 6272 [ A65F38094345598788E287A1F8483BD0 ] Wttablet C:\WINDOWS\system32\Drivers\Wttablet.sys
15:45:32.0843 6272 Wttablet - ok
15:45:32.0875 6272 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:45:32.0875 6272 wuauserv - ok
15:45:32.0921 6272 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:45:32.0921 6272 WudfPf - ok
15:45:32.0937 6272 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:45:32.0953 6272 WudfRd - ok
15:45:32.0968 6272 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:45:32.0968 6272 WudfSvc - ok
15:45:33.0000 6272 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:45:33.0000 6272 WZCSVC - ok
15:45:33.0078 6272 [ 72E8F37E00DCBD7432C7824570A3A7AA ] X4HSX32 C:\Program Files\GameTap Web Player\bin\Release\X4HSX32.Sys
15:45:33.0078 6272 X4HSX32 - ok
15:45:33.0125 6272 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:45:33.0125 6272 xmlprov - ok
15:45:33.0156 6272 ================ Scan global ===============================
15:45:33.0187 6272 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:45:33.0218 6272 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:45:33.0218 6272 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:45:33.0281 6272 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:45:33.0281 6272 [Global] - ok
15:45:33.0281 6272 ================ Scan MBR ==================================
15:45:33.0296 6272 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
15:45:33.0484 6272 \Device\Harddisk1\DR1 - ok
15:45:33.0500 6272 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:45:33.0703 6272 \Device\Harddisk0\DR0 - ok
15:45:33.0718 6272 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk2\DR4
15:45:33.0906 6272 \Device\Harddisk2\DR4 - ok
15:45:33.0906 6272 ================ Scan VBR ==================================
15:45:33.0906 6272 [ D129E38E087A59205550A1D0E85A0158 ] \Device\Harddisk1\DR1\Partition1
15:45:33.0906 6272 \Device\Harddisk1\DR1\Partition1 - ok
15:45:33.0906 6272 [ 0D038056E2F5A02574D97215FEAC3207 ] \Device\Harddisk0\DR0\Partition1
15:45:33.0906 6272 \Device\Harddisk0\DR0\Partition1 - ok
15:45:33.0906 6272 [ 79F35C9E55DB80265E84958E37E08256 ] \Device\Harddisk2\DR4\Partition1
15:45:33.0906 6272 \Device\Harddisk2\DR4\Partition1 - ok
15:45:33.0906 6272 ============================================================
15:45:33.0906 6272 Scan finished
15:45:33.0906 6272 ============================================================
15:45:33.0921 5240 Detected object count: 1
15:45:33.0921 5240 Actual detected object count: 1
15:48:00.0625 5240 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:48:00.0625 5240 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:48:10.0390 6996 Deinitialize success




---------------------------------------------------
---------------------------------------------------


aswMBR.txt

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-29 15:51:29
-----------------------------
15:51:29.421 OS Version: Windows 5.1.2600 Service Pack 3
15:51:29.421 Number of processors: 1 586 0x1A05
15:51:29.421 ComputerName: HERO UserName:
15:51:32.156 Initialize success
15:59:38.953 AVAST engine defs: 12082803
16:03:19.703 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
16:03:19.703 Disk 0 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953869MB BusType: 3
16:03:19.703 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-1f
16:03:19.703 Disk 1 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953868MB BusType: 3
16:03:19.718 Disk 1 MBR read successfully
16:03:19.718 Disk 1 MBR scan
16:03:19.765 Disk 1 Windows XP default MBR code
16:03:19.765 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 63
16:03:19.765 Disk 1 scanning sectors +1953520065
16:03:19.843 Disk 1 scanning C:\WINDOWS\system32\drivers
16:03:39.750 Service scanning
16:04:00.453 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
16:04:05.125 Modules scanning
16:04:23.484 Disk 1 trace - called modules:
16:04:23.515 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8b7b97ac]<<
16:04:23.515 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8b70fab8]
16:04:23.515 3 CLASSPNP.SYS[b8118fd7] -> nt!IofCallDriver -> \Device\000000a5[0x8b7dc6c8]
16:04:23.515 5 ACPI.sys[b7e90620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-1f[0x8b712d98]
16:04:25.015 AVAST engine scan C:\WINDOWS
16:04:47.234 AVAST engine scan C:\WINDOWS\system32
16:10:33.703 AVAST engine scan C:\WINDOWS\system32\drivers
16:11:11.421 AVAST engine scan C:\Documents and Settings\Chris
16:54:59.671 AVAST engine scan C:\Documents and Settings\All Users
17:07:34.484 Scan finished successfully
17:14:28.828 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Chris\Desktop\MBR.dat"
17:14:28.828 The log file has been saved successfully to "C:\Documents and Settings\Chris\Desktop\aswMBR.txt"

Attached Files



#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:15 PM

Posted 29 August 2012 - 12:08 PM

Hi again,

Thanks very much for your assistance!

It's my pleasure! :thumbup2:

ESET Security is being flagged by the aswMBR program, but I assure you it's completely legit. Have ESET allow the program to run.

Those detections in the logs are most likely due to CD Emulation programs. See the Preperation Guide for more information.

Please download DeFogger and save it to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

==========

Now rerun TDSSKiller and aswMBR and post the logs here. You may install AVAST definitions also when running aswMBR.

Thanks for the heads up with the instructions. I'm still using an old speech. :wink:

bloopie

#5 Rapid Dolphin

Rapid Dolphin
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 29 August 2012 - 03:37 PM

Alright, as requested, I followed those instructions and ran both again. Didn't seem to detect anything this time.

TDSSKiller.2.8.8.0_30.08.2012_05.26.47_log.txt

05:26:47.0593 1528 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
05:26:48.0484 1528 ============================================================
05:26:48.0484 1528 Current date / time: 2012/08/30 05:26:48.0484
05:26:48.0484 1528 SystemInfo:
05:26:48.0484 1528
05:26:48.0484 1528 OS Version: 5.1.2600 ServicePack: 3.0
05:26:48.0484 1528 Product type: Workstation
05:26:48.0484 1528 ComputerName: HERO
05:26:48.0484 1528 UserName: Chris
05:26:48.0484 1528 Windows directory: C:\WINDOWS
05:26:48.0484 1528 System windows directory: C:\WINDOWS
05:26:48.0484 1528 Processor architecture: Intel x86
05:26:48.0484 1528 Number of processors: 1
05:26:48.0484 1528 Page size: 0x1000
05:26:48.0484 1528 Boot type: Normal boot
05:26:48.0484 1528 ============================================================
05:26:49.0796 1528 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
05:26:49.0812 1528 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
05:26:49.0812 1528 Drive \Device\Harddisk2\DR4 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
05:26:49.0812 1528 ============================================================
05:26:49.0812 1528 \Device\Harddisk1\DR1:
05:26:49.0812 1528 MBR partitions:
05:26:49.0812 1528 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
05:26:49.0812 1528 \Device\Harddisk0\DR0:
05:26:49.0812 1528 MBR partitions:
05:26:49.0812 1528 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
05:26:49.0812 1528 \Device\Harddisk2\DR4:
05:26:49.0812 1528 MBR partitions:
05:26:49.0812 1528 \Device\Harddisk2\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
05:26:49.0812 1528 ============================================================
05:26:49.0843 1528 C: <-> \Device\Harddisk1\DR1\Partition1
05:26:49.0843 1528 D: <-> \Device\Harddisk0\DR0\Partition1
05:26:49.0921 1528 I: <-> \Device\Harddisk2\DR4\Partition1
05:26:49.0921 1528 ============================================================
05:26:49.0921 1528 Initialize success
05:26:49.0921 1528 ============================================================
05:26:53.0203 2040 ============================================================
05:26:53.0203 2040 Scan started
05:26:53.0203 2040 Mode: Manual;
05:26:53.0203 2040 ============================================================
05:26:56.0859 2040 ================ Scan system memory ========================
05:26:56.0859 2040 System memory - ok
05:26:56.0859 2040 ================ Scan services =============================
05:26:57.0000 2040 [ 17067069B9A7865028C1F2E6971D0CCC ] aawservice C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
05:26:57.0062 2040 aawservice - ok
05:26:57.0421 2040 Abiosdsk - ok
05:26:57.0421 2040 abp480n5 - ok
05:26:57.0453 2040 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
05:26:57.0468 2040 ACPI - ok
05:26:57.0484 2040 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
05:26:57.0484 2040 ACPIEC - ok
05:26:57.0640 2040 [ 5532CF36C3E43ED99DF0D4092E3735E0 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
05:26:57.0640 2040 AcrSch2Svc - ok
05:26:57.0640 2040 adfs - ok
05:26:57.0671 2040 [ 303C174A7303A7702A68653152FC65A0 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
05:26:57.0671 2040 Adobe LM Service - ok
05:26:57.0734 2040 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
05:26:57.0734 2040 AdobeFlashPlayerUpdateSvc - ok
05:26:57.0750 2040 adpu160m - ok
05:26:57.0781 2040 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
05:26:57.0781 2040 aec - ok
05:26:57.0812 2040 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
05:26:57.0812 2040 AFD - ok
05:26:57.0828 2040 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
05:26:57.0828 2040 agp440 - ok
05:26:57.0828 2040 Aha154x - ok
05:26:57.0843 2040 aic78u2 - ok
05:26:57.0843 2040 aic78xx - ok
05:26:57.0843 2040 Aicmsr - ok
05:26:57.0875 2040 [ A9355A51698F6901B362EF738B15631D ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS
05:26:57.0890 2040 ALCXSENS - ok
05:26:57.0937 2040 [ B191753B1AA2E7B11A18D5FDE8248AA2 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
05:26:57.0937 2040 ALCXWDM - ok
05:26:57.0968 2040 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
05:26:57.0984 2040 Alerter - ok
05:26:57.0984 2040 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
05:26:58.0000 2040 ALG - ok
05:26:58.0000 2040 AliIde - ok
05:26:58.0015 2040 [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
05:26:58.0015 2040 AmdK7 - ok
05:26:58.0015 2040 amsint - ok
05:26:58.0046 2040 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
05:26:58.0046 2040 Apple Mobile Device - ok
05:26:58.0078 2040 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
05:26:58.0093 2040 AppMgmt - ok
05:26:58.0125 2040 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
05:26:58.0125 2040 Arp1394 - ok
05:26:58.0125 2040 asc - ok
05:26:58.0140 2040 asc3350p - ok
05:26:58.0140 2040 asc3550 - ok
05:26:58.0171 2040 [ ED8CEE58C1E4C5893F5B2FD686A272BF ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
05:26:58.0171 2040 Aspi32 - ok
05:26:58.0281 2040 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
05:26:58.0296 2040 aspnet_state - ok
05:26:58.0312 2040 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
05:26:58.0312 2040 AsyncMac - ok
05:26:58.0312 2040 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
05:26:58.0312 2040 atapi - ok
05:26:58.0328 2040 Atdisk - ok
05:26:58.0343 2040 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
05:26:58.0343 2040 Atmarpc - ok
05:26:58.0359 2040 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
05:26:58.0359 2040 AudioSrv - ok
05:26:58.0390 2040 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
05:26:58.0390 2040 audstub - ok
05:26:58.0421 2040 [ 277E8A2F70366EB959344BB89AC687CB ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
05:26:58.0421 2040 Autodesk Licensing Service - ok
05:26:58.0484 2040 [ B9636DF9CAF4787F15B20800F086B4C2 ] AWHelpServer C:\Program Files\AliasWavefront\Maya5.0\docs\Wrapper.exe
05:26:58.0484 2040 AWHelpServer - ok
05:26:58.0515 2040 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
05:26:58.0531 2040 Beep - ok
05:26:58.0562 2040 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
05:26:58.0578 2040 BITS - ok
05:26:58.0609 2040 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
05:26:58.0609 2040 Bonjour Service - ok
05:26:58.0640 2040 [ F934D1B230F84E1D19DD00AC5A7A83ED ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys
05:26:58.0640 2040 Bridge - ok
05:26:58.0640 2040 [ F934D1B230F84E1D19DD00AC5A7A83ED ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
05:26:58.0640 2040 BridgeMP - ok
05:26:58.0671 2040 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
05:26:58.0671 2040 Browser - ok
05:26:58.0687 2040 [ 349CBF60320E86E345D47931440DFE8A ] C-DillaSrv C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
05:26:58.0687 2040 C-DillaSrv - ok
05:26:58.0703 2040 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
05:26:58.0703 2040 cbidf2k - ok
05:26:58.0718 2040 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
05:26:58.0718 2040 CCDECODE - ok
05:26:58.0718 2040 cd20xrnt - ok
05:26:58.0734 2040 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
05:26:58.0734 2040 Cdaudio - ok
05:26:58.0750 2040 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
05:26:58.0750 2040 Cdfs - ok
05:26:58.0750 2040 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
05:26:58.0750 2040 Cdrom - ok
05:26:58.0750 2040 Changer - ok
05:26:58.0765 2040 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\System32\cisvc.exe
05:26:58.0765 2040 cisvc - ok
05:26:58.0796 2040 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
05:26:58.0796 2040 ClipSrv - ok
05:26:58.0859 2040 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:26:58.0984 2040 clr_optimization_v2.0.50727_32 - ok
05:26:59.0015 2040 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:26:59.0031 2040 clr_optimization_v4.0.30319_32 - ok
05:26:59.0046 2040 CmdIde - ok
05:26:59.0046 2040 Cobokitp - ok
05:26:59.0046 2040 Coidriix_lic - ok
05:26:59.0046 2040 COMSysApp - ok
05:26:59.0062 2040 Cpqarray - ok
05:26:59.0093 2040 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
05:26:59.0093 2040 Creative Audio Engine Licensing Service - ok
05:26:59.0125 2040 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\System32\CTsvcCDA.exe
05:26:59.0125 2040 Creative Service for CDROM Access - ok
05:26:59.0140 2040 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
05:26:59.0140 2040 CryptSvc - ok
05:26:59.0265 2040 [ F054744F67576A01139885173392502B ] CrystalSysInfo C:\Program Files\MediaCoder\SysInfo.sys
05:26:59.0265 2040 CrystalSysInfo - ok
05:26:59.0296 2040 [ 134CDD242AF1AE9961F065FBA3508A7B ] CT20XUT C:\WINDOWS\system32\drivers\CT20XUT.SYS
05:26:59.0296 2040 CT20XUT - ok
05:26:59.0312 2040 [ 134CDD242AF1AE9961F065FBA3508A7B ] CT20XUT.SYS C:\WINDOWS\System32\drivers\CT20XUT.SYS
05:26:59.0312 2040 CT20XUT.SYS - ok
05:26:59.0328 2040 Cta960nds - ok
05:26:59.0359 2040 [ 93439BAF09CE3C6D4CE55DA5B07D1B6A ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
05:26:59.0359 2040 ctac32k - ok
05:26:59.0375 2040 [ 6AB74512F09D673452D63DDEC9014DB5 ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys
05:26:59.0390 2040 ctaud2k - ok
05:26:59.0421 2040 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
05:26:59.0421 2040 CTAudSvcService - ok
05:26:59.0453 2040 [ 788DB5D99B2CA44FF61D8ED7B3C67C2E ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys
05:26:59.0468 2040 ctdvda2k - ok
05:26:59.0515 2040 [ 3A9AD039D94BE8D955AD0B2CB207378D ] CTEXFIFX C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
05:26:59.0562 2040 CTEXFIFX - ok
05:26:59.0562 2040 [ 3A9AD039D94BE8D955AD0B2CB207378D ] CTEXFIFX.SYS C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
05:26:59.0578 2040 CTEXFIFX.SYS - ok
05:26:59.0593 2040 [ BFC40092329CF4AB838CC4A6F2FAD659 ] ctgame C:\WINDOWS\system32\DRIVERS\ctgame.sys
05:26:59.0593 2040 ctgame - ok
05:26:59.0609 2040 [ 4602AD8C8E1B285E1A23A957F487DA86 ] CTHWIUT C:\WINDOWS\system32\drivers\CTHWIUT.SYS
05:26:59.0609 2040 CTHWIUT - ok
05:26:59.0609 2040 [ 4602AD8C8E1B285E1A23A957F487DA86 ] CTHWIUT.SYS C:\WINDOWS\System32\drivers\CTHWIUT.SYS
05:26:59.0609 2040 CTHWIUT.SYS - ok
05:26:59.0609 2040 [ D42B84671F2193330215D3C375A2E948 ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
05:26:59.0625 2040 ctprxy2k - ok
05:26:59.0640 2040 [ 974CFCBE3206367BEC1D527D9DADE998 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
05:26:59.0640 2040 ctsfm2k - ok
05:26:59.0640 2040 dac2w2k - ok
05:26:59.0640 2040 dac960nt - ok
05:26:59.0640 2040 Dacosvrinpa - ok
05:26:59.0671 2040 [ BB005CB49D0638039703AC4F67FE0A05 ] DC21x4 C:\WINDOWS\system32\DRIVERS\dc21x4.sys
05:26:59.0671 2040 DC21x4 - ok
05:26:59.0703 2040 [ 50EA1768AE3DCB62BD8DC8DC0CF1C43D ] DCamUSBMke C:\WINDOWS\system32\Drivers\Mkeusbi.sys
05:26:59.0718 2040 DCamUSBMke - ok
05:26:59.0734 2040 [ 5A5E1C673FD8751A54734A7BE7D35BA0 ] DCamUSBMke2 C:\WINDOWS\system32\Drivers\Mkeusbi2.sys
05:26:59.0734 2040 DCamUSBMke2 - ok
05:26:59.0781 2040 [ 964990E5EDCFFA33F8B4EAB1063CF3DB ] DCamUSBNW800 C:\WINDOWS\system32\DRIVERS\pcam800.sys
05:26:59.0781 2040 DCamUSBNW800 - ok
05:26:59.0812 2040 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
05:26:59.0828 2040 DcomLaunch - ok
05:26:59.0859 2040 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files\Common Files\Desura\desura_service.exe
05:26:59.0859 2040 Desura Install Service - ok
05:26:59.0859 2040 dgderdrv - ok
05:26:59.0890 2040 [ D8522960163FA593694E441194A9A574 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
05:26:59.0890 2040 dg_ssudbus - ok
05:26:59.0921 2040 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
05:26:59.0921 2040 Dhcp - ok
05:26:59.0953 2040 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
05:26:59.0953 2040 Disk - ok
05:26:59.0984 2040 [ 23E991DBA80C26F456B0CB0DD0CD3F24 ] DLKRTL C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS
05:26:59.0984 2040 DLKRTL - ok
05:26:59.0984 2040 dmadmin - ok
05:27:00.0015 2040 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
05:27:00.0015 2040 dmboot - ok
05:27:00.0031 2040 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
05:27:00.0046 2040 dmio - ok
05:27:00.0046 2040 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
05:27:00.0046 2040 dmload - ok
05:27:00.0093 2040 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
05:27:00.0093 2040 dmserver - ok
05:27:00.0125 2040 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
05:27:00.0125 2040 DMusic - ok
05:27:00.0171 2040 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
05:27:00.0171 2040 Dnscache - ok
05:27:00.0250 2040 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
05:27:00.0250 2040 Dot3svc - ok
05:27:00.0281 2040 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
05:27:00.0296 2040 dot4 - ok
05:27:00.0296 2040 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
05:27:00.0296 2040 Dot4Print - ok
05:27:00.0296 2040 [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
05:27:00.0296 2040 dot4usb - ok
05:27:00.0296 2040 dpti2o - ok
05:27:00.0296 2040 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
05:27:00.0296 2040 drmkaud - ok
05:27:00.0312 2040 [ 2476936F4994E9084CCFE75ED4F6226A ] E1000 C:\WINDOWS\system32\DRIVERS\e1000325.sys
05:27:00.0328 2040 E1000 - ok
05:27:00.0343 2040 [ 8C2B6BBC82AD12CD9A2E73E5DCBBA705 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
05:27:00.0343 2040 eamon - ok
05:27:00.0359 2040 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
05:27:00.0359 2040 EapHost - ok
05:27:00.0375 2040 [ 5412ED24FFFCA64E2F0168399B86C952 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
05:27:00.0375 2040 ehdrv - ok
05:27:00.0453 2040 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
05:27:00.0453 2040 ekrn - ok
05:27:00.0453 2040 [ 04AFE5C11777E33178EC11E1FAC47B07 ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys
05:27:00.0453 2040 emupia - ok
05:27:00.0484 2040 [ 774BABCB1144513DC86992003740B774 ] epfw C:\WINDOWS\system32\DRIVERS\epfw.sys
05:27:00.0500 2040 epfw - ok
05:27:00.0546 2040 [ 4B86DA2C58063B647577CD669CFFAEEB ] Epfwndis C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
05:27:00.0546 2040 Epfwndis - ok
05:27:00.0578 2040 [ 1B36748EA9E25549EBE5D8EA105BD981 ] epfwtdi C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
05:27:00.0578 2040 epfwtdi - ok
05:27:00.0593 2040 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
05:27:00.0609 2040 ERSvc - ok
05:27:00.0625 2040 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
05:27:00.0625 2040 Eventlog - ok
05:27:00.0656 2040 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
05:27:00.0656 2040 EventSystem - ok
05:27:00.0671 2040 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
05:27:00.0671 2040 Fastfat - ok
05:27:00.0687 2040 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
05:27:00.0703 2040 FastUserSwitchingCompatibility - ok
05:27:00.0703 2040 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
05:27:00.0703 2040 Fdc - ok
05:27:00.0734 2040 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
05:27:00.0734 2040 Fips - ok
05:27:00.0781 2040 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
05:27:00.0796 2040 FLEXnet Licensing Service - ok
05:27:00.0828 2040 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
05:27:00.0828 2040 Flpydisk - ok
05:27:00.0843 2040 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
05:27:00.0859 2040 FltMgr - ok
05:27:00.0906 2040 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
05:27:00.0921 2040 FontCache3.0.0.0 - ok
05:27:00.0921 2040 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
05:27:00.0921 2040 Fs_Rec - ok
05:27:00.0921 2040 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
05:27:00.0921 2040 Ftdisk - ok
05:27:00.0937 2040 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
05:27:00.0937 2040 gameenum - ok
05:27:00.0968 2040 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
05:27:00.0968 2040 GEARAspiWDM - ok
05:27:00.0968 2040 glauiad - ok
05:27:01.0000 2040 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
05:27:01.0000 2040 Gpc - ok
05:27:01.0031 2040 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
05:27:01.0031 2040 gupdate - ok
05:27:01.0031 2040 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
05:27:01.0031 2040 gupdatem - ok
05:27:01.0078 2040 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
05:27:01.0078 2040 gusvc - ok
05:27:01.0125 2040 [ 75804D07BE3727C4106E2504E9F8D883 ] ha10kx2k C:\WINDOWS\system32\drivers\ha10kx2k.sys
05:27:01.0125 2040 ha10kx2k - ok
05:27:01.0171 2040 [ 41FCE1833D8F659ACC56CB0EE43B2CED ] ha20x2k C:\WINDOWS\system32\drivers\ha20x2k.sys
05:27:01.0250 2040 ha20x2k - ok
05:27:01.0250 2040 [ 9A67B35B9FBE2C38E67E8339FD7182E7 ] hap16v2k C:\WINDOWS\system32\drivers\hap16v2k.sys
05:27:01.0250 2040 hap16v2k - ok
05:27:01.0312 2040 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
05:27:01.0312 2040 helpsvc - ok
05:27:01.0328 2040 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
05:27:01.0328 2040 HidServ - ok
05:27:01.0343 2040 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
05:27:01.0343 2040 hidusb - ok
05:27:01.0375 2040 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
05:27:01.0375 2040 hkmsvc - ok
05:27:01.0390 2040 hpn - ok
05:27:01.0390 2040 hpt3xx - ok
05:27:01.0421 2040 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
05:27:01.0421 2040 HTTP - ok
05:27:01.0453 2040 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
05:27:01.0453 2040 HTTPFilter - ok
05:27:01.0453 2040 i2omgmt - ok
05:27:01.0468 2040 i2omp - ok
05:27:01.0484 2040 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
05:27:01.0484 2040 i8042prt - ok
05:27:01.0656 2040 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
05:27:01.0687 2040 IDriverT - ok
05:27:01.0765 2040 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
05:27:01.0765 2040 idsvc - ok
05:27:01.0812 2040 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
05:27:01.0812 2040 Imapi - ok
05:27:01.0843 2040 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
05:27:01.0843 2040 ImapiService - ok
05:27:01.0843 2040 ini910u - ok
05:27:01.0859 2040 IntelIde - ok
05:27:01.0890 2040 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
05:27:01.0890 2040 intelppm - ok
05:27:01.0906 2040 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
05:27:01.0906 2040 Ip6Fw - ok
05:27:01.0906 2040 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
05:27:01.0906 2040 IpFilterDriver - ok
05:27:01.0906 2040 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
05:27:01.0906 2040 IpInIp - ok
05:27:01.0921 2040 Ipmc8xfgena - ok
05:27:01.0937 2040 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
05:27:01.0937 2040 IpNat - ok
05:27:01.0984 2040 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
05:27:02.0000 2040 iPod Service - ok
05:27:02.0015 2040 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
05:27:02.0015 2040 IPSec - ok
05:27:02.0031 2040 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
05:27:02.0031 2040 IRENUM - ok
05:27:02.0031 2040 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
05:27:02.0031 2040 isapnp - ok
05:27:02.0031 2040 iteraid - ok
05:27:02.0093 2040 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
05:27:02.0093 2040 JavaQuickStarterService - ok
05:27:02.0109 2040 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
05:27:02.0109 2040 Kbdclass - ok
05:27:02.0125 2040 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
05:27:02.0125 2040 kbdhid - ok
05:27:02.0125 2040 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
05:27:02.0140 2040 kmixer - ok
05:27:02.0156 2040 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
05:27:02.0156 2040 KSecDD - ok
05:27:02.0156 2040 [ 5E34CD48B7EB440BB77E93528CC9F0CC ] LachesisFltr C:\WINDOWS\system32\drivers\Lachesis.sys
05:27:02.0156 2040 LachesisFltr - ok
05:27:02.0218 2040 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
05:27:02.0218 2040 LanmanServer - ok
05:27:02.0234 2040 [ A8888A5327621856C0CEC4E385F69309 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
05:27:02.0234 2040 LanmanWorkstation - ok
05:27:02.0234 2040 lbrtfdc - ok
05:27:02.0265 2040 [ 10EB325F40685EF8304895BDE9544BAF ] LCcfltr C:\WINDOWS\system32\drivers\lccfltr.sys
05:27:02.0265 2040 LCcfltr - ok
05:27:02.0296 2040 [ E8E25EDB0D3AB0BC459405BCAF824FDF ] LHidFlt2 C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys
05:27:02.0296 2040 LHidFlt2 - ok
05:27:02.0312 2040 [ FF683C656AC51E28AFE5CCB53A4BD247 ] LHidUsb C:\WINDOWS\system32\drivers\LHidUsb.Sys
05:27:02.0312 2040 LHidUsb - ok
05:27:02.0312 2040 [ 18E48E9D5683860773A078C7C3837DAF ] LKbdFlt2 C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
05:27:02.0312 2040 LKbdFlt2 - ok
05:27:02.0359 2040 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
05:27:02.0359 2040 LmHosts - ok
05:27:02.0359 2040 [ D1D5F7CBECEF5C0C9F019B0C534BE289 ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
05:27:02.0359 2040 LMouFlt2 - ok
05:27:02.0406 2040 Maya5PLEHelpServer - ok
05:27:02.0453 2040 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
05:27:02.0468 2040 Messenger - ok
05:27:02.0593 2040 Microsoft SharePoint Workspace Audit Service - ok
05:27:02.0625 2040 [ 14FA0E88146BD100EA222BD0231A97BE ] MKEMUSB C:\WINDOWS\system32\Drivers\Mkemusb.sys
05:27:02.0625 2040 MKEMUSB - ok
05:27:02.0640 2040 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
05:27:02.0640 2040 mnmdd - ok
05:27:02.0656 2040 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
05:27:02.0671 2040 mnmsrvc - ok
05:27:02.0671 2040 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
05:27:02.0687 2040 Modem - ok
05:27:02.0687 2040 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
05:27:02.0687 2040 MODEMCSA - ok
05:27:02.0703 2040 [ FE80C18BA448DDD76B7BEAD9EB203D37 ] motmodem C:\WINDOWS\system32\DRIVERS\motmodem.sys
05:27:02.0703 2040 motmodem - ok
05:27:02.0734 2040 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
05:27:02.0734 2040 Mouclass - ok
05:27:02.0734 2040 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
05:27:02.0734 2040 mouhid - ok
05:27:02.0750 2040 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
05:27:02.0750 2040 MountMgr - ok
05:27:02.0796 2040 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
05:27:02.0796 2040 MozillaMaintenance - ok
05:27:02.0812 2040 mraid35x - ok
05:27:02.0812 2040 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
05:27:02.0812 2040 MRxDAV - ok
05:27:02.0843 2040 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
05:27:02.0859 2040 MRxSmb - ok
05:27:02.0859 2040 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
05:27:02.0859 2040 MSDTC - ok
05:27:02.0875 2040 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
05:27:02.0875 2040 Msfs - ok
05:27:02.0875 2040 MSIServer - ok
05:27:02.0875 2040 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
05:27:02.0875 2040 MSKSSRV - ok
05:27:02.0890 2040 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
05:27:02.0906 2040 MSPCLOCK - ok
05:27:02.0906 2040 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
05:27:02.0906 2040 MSPQM - ok
05:27:02.0906 2040 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
05:27:02.0906 2040 mssmbios - ok
05:27:02.0921 2040 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
05:27:02.0921 2040 MSTEE - ok
05:27:02.0953 2040 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
05:27:02.0953 2040 ms_mpu401 - ok
05:27:02.0953 2040 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
05:27:02.0953 2040 Mup - ok
05:27:02.0984 2040 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
05:27:02.0984 2040 NABTSFEC - ok
05:27:03.0015 2040 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
05:27:03.0015 2040 napagent - ok
05:27:03.0046 2040 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
05:27:03.0046 2040 NDIS - ok
05:27:03.0062 2040 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
05:27:03.0062 2040 NdisIP - ok
05:27:03.0078 2040 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
05:27:03.0078 2040 NdisTapi - ok
05:27:03.0093 2040 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
05:27:03.0093 2040 Ndisuio - ok
05:27:03.0093 2040 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
05:27:03.0093 2040 NdisWan - ok
05:27:03.0109 2040 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
05:27:03.0109 2040 NDProxy - ok
05:27:03.0125 2040 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
05:27:03.0125 2040 NetBIOS - ok
05:27:03.0156 2040 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
05:27:03.0156 2040 NetBT - ok
05:27:03.0171 2040 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
05:27:03.0171 2040 NetDDE - ok
05:27:03.0171 2040 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
05:27:03.0171 2040 NetDDEdsdm - ok
05:27:03.0187 2040 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
05:27:03.0187 2040 Netlogon - ok
05:27:03.0265 2040 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
05:27:03.0265 2040 Netman - ok
05:27:03.0312 2040 [ 737351F39FEF765234037770ABDD72BD ] NetSvc C:\Program Files\Intel\NCS\Sync\NetSvc.exe
05:27:03.0312 2040 NetSvc - ok
05:27:03.0328 2040 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
05:27:03.0343 2040 NetTcpPortSharing - ok
05:27:03.0359 2040 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
05:27:03.0359 2040 NIC1394 - ok
05:27:03.0390 2040 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
05:27:03.0390 2040 Nla - ok
05:27:03.0390 2040 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
05:27:03.0390 2040 Npfs - ok
05:27:03.0406 2040 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
05:27:03.0406 2040 Ntfs - ok
05:27:03.0406 2040 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
05:27:03.0406 2040 NtLmSsp - ok
05:27:03.0453 2040 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
05:27:03.0453 2040 NtmsSvc - ok
05:27:03.0468 2040 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
05:27:03.0468 2040 Null - ok
05:27:03.0687 2040 [ 18C9B152DA7BEA76B2F9E4B6412E0AAF ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
05:27:03.0859 2040 nv - ok
05:27:03.0875 2040 [ F45FDCB8D45439459A6B738AEF45AA94 ] nvatabus C:\WINDOWS\system32\DRIVERS\nvatabus.sys
05:27:03.0875 2040 nvatabus - ok
05:27:03.0906 2040 [ A8C1E6FF53FB0628A302843EA5FA5AB6 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
05:27:03.0906 2040 nvsvc - ok
05:27:03.0953 2040 [ 2C2FD0E6B0180F94C260DD26706AA5F4 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
05:27:03.0953 2040 NWCWorkstation - ok
05:27:03.0953 2040 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
05:27:03.0953 2040 NwlnkFlt - ok
05:27:03.0968 2040 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
05:27:03.0968 2040 NwlnkFwd - ok
05:27:03.0984 2040 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
05:27:03.0984 2040 NwlnkIpx - ok
05:27:04.0000 2040 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
05:27:04.0000 2040 NwlnkNb - ok
05:27:04.0031 2040 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
05:27:04.0031 2040 NwlnkSpx - ok
05:27:04.0046 2040 [ 36B9B950E3D2E100970A48D8BAD86740 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
05:27:04.0046 2040 NWRDR - ok
05:27:04.0062 2040 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
05:27:04.0062 2040 ohci1394 - ok
05:27:04.0140 2040 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
05:27:04.0140 2040 ose - ok
05:27:04.0328 2040 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
05:27:04.0406 2040 osppsvc - ok
05:27:04.0406 2040 [ 11B3328D84ED6C11BAF4F4F115459AB6 ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys
05:27:04.0406 2040 ossrv - ok
05:27:04.0406 2040 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
05:27:04.0406 2040 Parport - ok
05:27:04.0421 2040 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
05:27:04.0421 2040 PartMgr - ok
05:27:04.0437 2040 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
05:27:04.0437 2040 ParVdm - ok
05:27:04.0453 2040 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
05:27:04.0453 2040 PCI - ok
05:27:04.0453 2040 PCIDump - ok
05:27:04.0468 2040 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
05:27:04.0468 2040 PCIIde - ok
05:27:04.0500 2040 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
05:27:04.0500 2040 Pcmcia - ok
05:27:04.0546 2040 [ DE0D039B1A3C7ABF5755C38FCF560B3F ] PCNat C:\WINDOWS\system32\DRIVERS\pcnat.sys
05:27:04.0546 2040 PCNat - ok
05:27:04.0546 2040 Pcouffin - ok
05:27:04.0546 2040 PDCOMP - ok
05:27:04.0546 2040 PDFRAME - ok
05:27:04.0546 2040 PDRELI - ok
05:27:04.0562 2040 PDRFRAME - ok
05:27:04.0562 2040 perc2 - ok
05:27:04.0562 2040 perc2hib - ok
05:27:04.0578 2040 [ 391CC6558303C5C3DE04A5D50F1C4B2A ] PfModNT C:\WINDOWS\System32\drivers\PfModNT.sys
05:27:04.0578 2040 PfModNT - ok
05:27:04.0609 2040 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
05:27:04.0609 2040 PlugPlay - ok
05:27:04.0609 2040 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
05:27:04.0609 2040 PolicyAgent - ok
05:27:04.0625 2040 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
05:27:04.0625 2040 PptpMiniport - ok
05:27:04.0625 2040 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
05:27:04.0625 2040 Processor - ok
05:27:04.0625 2040 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
05:27:04.0625 2040 ProtectedStorage - ok
05:27:04.0640 2040 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
05:27:04.0640 2040 Ptilink - ok
05:27:04.0656 2040 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
05:27:04.0656 2040 PxHelp20 - ok
05:27:04.0828 2040 [ 291BA02A6C2A6A8D981C104935AF2BFE ] QDDWZ C:\DOCUME~1\Chris\LOCALS~1\Temp\QDDWZ.exe
05:27:06.0781 2040 QDDWZ - ok
05:27:06.0781 2040 ql1080 - ok
05:27:06.0781 2040 Ql10wnt - ok
05:27:06.0796 2040 ql12160 - ok
05:27:06.0796 2040 ql1240 - ok
05:27:06.0796 2040 ql1280 - ok
05:27:06.0828 2040 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
05:27:06.0828 2040 RasAcd - ok
05:27:06.0859 2040 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
05:27:06.0859 2040 RasAuto - ok
05:27:06.0906 2040 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
05:27:06.0906 2040 Rasl2tp - ok
05:27:06.0937 2040 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
05:27:06.0937 2040 RasMan - ok
05:27:06.0953 2040 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
05:27:06.0953 2040 RasPppoe - ok
05:27:06.0968 2040 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
05:27:06.0968 2040 Raspti - ok
05:27:06.0984 2040 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
05:27:07.0000 2040 Rdbss - ok
05:27:07.0000 2040 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
05:27:07.0000 2040 RDPCDD - ok
05:27:07.0015 2040 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
05:27:07.0015 2040 rdpdr - ok
05:27:07.0046 2040 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
05:27:07.0062 2040 RDPWD - ok
05:27:07.0062 2040 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
05:27:07.0078 2040 RDSessMgr - ok
05:27:07.0093 2040 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
05:27:07.0093 2040 redbook - ok
05:27:07.0125 2040 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
05:27:07.0125 2040 RemoteAccess - ok
05:27:07.0156 2040 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
05:27:07.0171 2040 RemoteRegistry - ok
05:27:07.0171 2040 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
05:27:07.0187 2040 RpcLocator - ok
05:27:07.0203 2040 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
05:27:07.0203 2040 RpcSs - ok
05:27:07.0218 2040 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
05:27:07.0218 2040 RSVP - ok
05:27:07.0234 2040 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
05:27:07.0234 2040 rtl8139 - ok
05:27:07.0265 2040 [ 0C57C0F776361B155B00D245C99B41F6 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
05:27:07.0265 2040 RTLE8023xp - ok
05:27:07.0281 2040 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
05:27:07.0281 2040 SamSs - ok
05:27:07.0343 2040 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
05:27:07.0343 2040 SCardSvr - ok
05:27:07.0359 2040 [ 65B47E763ED55F35F787A7918272D155 ] SCDEmu C:\WINDOWS\system32\drivers\SCDEmu.sys
05:27:07.0359 2040 SCDEmu - ok
05:27:07.0375 2040 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
05:27:07.0375 2040 Schedule - ok
05:27:07.0375 2040 SCREAMINGBDRIVER - ok
05:27:07.0453 2040 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
05:27:07.0453 2040 SeaPort - ok
05:27:07.0484 2040 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
05:27:07.0484 2040 Secdrv - ok
05:27:07.0500 2040 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
05:27:07.0500 2040 seclogon - ok
05:27:07.0546 2040 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
05:27:07.0546 2040 SENS - ok
05:27:07.0578 2040 [ 8627C992B8A80504FC477B2E8FF8EC4F ] Sentinel C:\WINDOWS\System32\Drivers\SENTINEL.SYS
05:27:07.0578 2040 Sentinel - ok
05:27:07.0625 2040 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
05:27:07.0625 2040 serenum - ok
05:27:07.0625 2040 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
05:27:07.0640 2040 Serial - ok
05:27:07.0671 2040 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
05:27:07.0671 2040 Sfloppy - ok
05:27:07.0703 2040 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
05:27:07.0703 2040 ShellHWDetection - ok
05:27:07.0734 2040 [ 6B52D4C37D8D2295D14BDE2E53B8D9FE ] SI3112r C:\WINDOWS\system32\DRIVERS\si3112r.sys
05:27:07.0734 2040 SI3112r - ok
05:27:07.0765 2040 [ E393A2822FDBB3EC3648FD64E54CDDA0 ] SiFilter C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
05:27:07.0765 2040 SiFilter - ok
05:27:07.0765 2040 Simbad - ok
05:27:07.0890 2040 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
05:27:07.0937 2040 Skype C2C Service - ok
05:27:07.0953 2040 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
05:27:07.0953 2040 SkypeUpdate - ok
05:27:07.0968 2040 [ 17F8208256434AB3B975BAC90BA090F0 ] SLEE_13_DRIVER C:\WINDOWS\System32\drivers\SLEE13.sys
05:27:07.0968 2040 SLEE_13_DRIVER - ok
05:27:08.0000 2040 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
05:27:08.0000 2040 SLIP - ok
05:27:08.0000 2040 SLService - ok
05:27:08.0031 2040 [ A14AE500C1D544A94765F48A20CE7A49 ] SM200DPA C:\WINDOWS\system32\DRIVERS\sm200dpa.sys
05:27:08.0046 2040 SM200DPA - ok
05:27:08.0062 2040 [ 5CE1CF27620B144E212D407CDB14D339 ] snapman380 C:\WINDOWS\system32\DRIVERS\snman380.sys
05:27:08.0062 2040 snapman380 - ok
05:27:08.0062 2040 Sparrow - ok
05:27:08.0078 2040 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
05:27:08.0078 2040 splitter - ok
05:27:08.0109 2040 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
05:27:08.0109 2040 Spooler - ok
05:27:08.0125 2040 [ 73205BD9A388639C210636793FE3FD61 ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
05:27:08.0156 2040 sptd - ok
05:27:08.0156 2040 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
05:27:08.0156 2040 sr - ok
05:27:08.0187 2040 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
05:27:08.0187 2040 srservice - ok
05:27:08.0218 2040 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
05:27:08.0218 2040 Srv - ok
05:27:08.0234 2040 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
05:27:08.0234 2040 ssadbus - ok
05:27:08.0250 2040 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
05:27:08.0250 2040 ssadmdfl - ok
05:27:08.0265 2040 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
05:27:08.0265 2040 ssadmdm - ok
05:27:08.0281 2040 [ 069351A1D7D291013177A90AE6EDCCBC ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
05:27:08.0281 2040 sscdbus - ok
05:27:08.0296 2040 [ 1C925BE223A5C0F9F469252292A48DF6 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
05:27:08.0296 2040 sscdmdfl - ok
05:27:08.0296 2040 [ AE3E77AE0FBDB07EB1AC3FED74A0695E ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
05:27:08.0296 2040 sscdmdm - ok
05:27:08.0328 2040 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
05:27:08.0328 2040 SSDPSRV - ok
05:27:08.0359 2040 [ 1B4052F016BA5E087689ABA536A0A927 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
05:27:08.0375 2040 ssudmdm - ok
05:27:08.0421 2040 [ AB2B9349ADA4AC5EC74B622B8303FE23 ] StarWindService C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
05:27:08.0421 2040 StarWindService - ok
05:27:08.0453 2040 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
05:27:08.0453 2040 stisvc - ok
05:27:08.0484 2040 [ 5708D7B7352B5B07A9A6ED4AE8DE08DF ] StkAMini C:\WINDOWS\system32\Drivers\StkAMini.sys
05:27:08.0484 2040 StkAMini - ok
05:27:08.0515 2040 [ 5CCFE3B03F97005D221BA897C9A20B38 ] StkASSrv C:\WINDOWS\System32\StkASv2K.exe
05:27:08.0531 2040 StkASSrv - ok
05:27:08.0562 2040 [ 83406FB18CB0ABFEC501ADD986D63572 ] StkScan C:\WINDOWS\system32\Drivers\StkScan.sys
05:27:08.0562 2040 StkScan - ok
05:27:08.0578 2040 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
05:27:08.0578 2040 streamip - ok
05:27:08.0609 2040 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
05:27:08.0609 2040 swenum - ok
05:27:08.0609 2040 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
05:27:08.0609 2040 swmidi - ok
05:27:08.0609 2040 SwPrv - ok
05:27:08.0625 2040 symc810 - ok
05:27:08.0625 2040 symc8xx - ok
05:27:08.0625 2040 sym_hi - ok
05:27:08.0625 2040 sym_u3 - ok
05:27:08.0640 2040 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
05:27:08.0640 2040 sysaudio - ok
05:27:08.0656 2040 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
05:27:08.0656 2040 SysmonLog - ok
05:27:08.0687 2040 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
05:27:08.0687 2040 TapiSrv - ok
05:27:08.0703 2040 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
05:27:08.0703 2040 Tcpip - ok
05:27:08.0718 2040 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
05:27:08.0718 2040 TDPIPE - ok
05:27:08.0734 2040 [ D953F161177DAB3C8440844A9AB6E5A2 ] tdrpman174 C:\WINDOWS\system32\DRIVERS\tdrpm174.sys
05:27:08.0750 2040 tdrpman174 - ok
05:27:08.0765 2040 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
05:27:08.0765 2040 TDTCP - ok
05:27:08.0781 2040 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
05:27:08.0781 2040 TermDD - ok
05:27:08.0828 2040 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
05:27:08.0828 2040 TermService - ok
05:27:08.0843 2040 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
05:27:08.0843 2040 Themes - ok
05:27:08.0843 2040 [ 6DCB8DDB481CD3C40FA68593723B4D89 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
05:27:08.0843 2040 tifsfilter - ok
05:27:08.0859 2040 [ 394FC70B88B7958FA85798BBC76D140A ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
05:27:08.0859 2040 timounter - ok
05:27:08.0875 2040 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
05:27:08.0875 2040 TlntSvr - ok
05:27:08.0875 2040 TosIde - ok
05:27:08.0890 2040 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
05:27:08.0890 2040 TrkWks - ok
05:27:08.0906 2040 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
05:27:08.0906 2040 Udfs - ok
05:27:08.0937 2040 [ 1C768107AC5BD510686C8F0E4DA30C48 ] uisp C:\WINDOWS\system32\Drivers\usbicp.sys
05:27:08.0937 2040 uisp - ok
05:27:08.0968 2040 [ 8E6D8AF8B2E589338292D8373195F206 ] ULCDRHlp C:\WINDOWS\system32\Drivers\ULCDRHlp.sys
05:27:08.0968 2040 ULCDRHlp - ok
05:27:08.0984 2040 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
05:27:08.0984 2040 UleadBurningHelper - ok
05:27:09.0000 2040 ultra - ok
05:27:09.0015 2040 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
05:27:09.0015 2040 Update - ok
05:27:09.0015 2040 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
05:27:09.0031 2040 upnphost - ok
05:27:09.0031 2040 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
05:27:09.0031 2040 UPS - ok
05:27:09.0062 2040 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
05:27:09.0062 2040 USBAAPL - ok
05:27:09.0078 2040 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
05:27:09.0078 2040 usbaudio - ok
05:27:09.0093 2040 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
05:27:09.0093 2040 usbccgp - ok
05:27:09.0140 2040 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
05:27:09.0140 2040 usbehci - ok
05:27:09.0140 2040 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
05:27:09.0140 2040 usbhub - ok
05:27:09.0156 2040 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
05:27:09.0171 2040 usbohci - ok
05:27:09.0187 2040 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
05:27:09.0187 2040 usbprint - ok
05:27:09.0203 2040 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
05:27:09.0203 2040 usbscan - ok
05:27:09.0234 2040 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
05:27:09.0250 2040 USBSTOR - ok
05:27:09.0265 2040 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
05:27:09.0281 2040 usbuhci - ok
05:27:09.0281 2040 [ CCC552DEF5FCDC9FFA86C98452F7B8B5 ] USIUDF C:\WINDOWS\system32\Drivers\USIUDF.sys
05:27:09.0281 2040 USIUDF - ok
05:27:09.0296 2040 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
05:27:09.0296 2040 VgaSave - ok
05:27:09.0296 2040 ViaIde - ok
05:27:09.0312 2040 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
05:27:09.0312 2040 VolSnap - ok
05:27:09.0328 2040 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
05:27:09.0328 2040 VSS - ok
05:27:09.0359 2040 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
05:27:09.0359 2040 W32Time - ok
05:27:09.0390 2040 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
05:27:09.0390 2040 Wanarp - ok
05:27:09.0437 2040 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
05:27:09.0437 2040 Wdf01000 - ok
05:27:09.0453 2040 WDICA - ok
05:27:09.0500 2040 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
05:27:09.0500 2040 wdmaud - ok
05:27:09.0500 2040 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
05:27:09.0500 2040 WebClient - ok
05:27:09.0625 2040 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
05:27:09.0625 2040 winmgmt - ok
05:27:09.0671 2040 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
05:27:09.0687 2040 WinRM - ok
05:27:09.0718 2040 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
05:27:09.0718 2040 WinUSB - ok
05:27:09.0796 2040 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
05:27:09.0796 2040 wlidsvc - ok
05:27:09.0843 2040 [ 581176F60885AEF8F78C6E38DCC3CDF9 ] WMDM PMSP Service C:\WINDOWS\System32\MsPMSPSv.exe
05:27:09.0843 2040 WMDM PMSP Service - ok
05:27:09.0875 2040 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
05:27:09.0875 2040 WmdmPmSN - ok
05:27:09.0937 2040 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
05:27:09.0953 2040 Wmi - ok
05:27:09.0968 2040 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
05:27:09.0968 2040 WmiAcpi - ok
05:27:10.0015 2040 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
05:27:10.0015 2040 WmiApSrv - ok
05:27:10.0093 2040 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
05:27:10.0093 2040 WMPNetworkSvc - ok
05:27:10.0125 2040 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
05:27:10.0125 2040 WpdUsb - ok
05:27:10.0265 2040 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
05:27:10.0281 2040 WPFFontCache_v0400 - ok
05:27:10.0312 2040 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
05:27:10.0312 2040 wscsvc - ok
05:27:10.0312 2040 WSearch - ok
05:27:10.0328 2040 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
05:27:10.0328 2040 WSTCODEC - ok
05:27:10.0343 2040 [ A65F38094345598788E287A1F8483BD0 ] Wttablet C:\WINDOWS\system32\Drivers\Wttablet.sys
05:27:10.0359 2040 Wttablet - ok
05:27:10.0375 2040 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
05:27:10.0390 2040 wuauserv - ok
05:27:10.0421 2040 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
05:27:10.0421 2040 WudfPf - ok
05:27:10.0437 2040 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
05:27:10.0437 2040 WudfRd - ok
05:27:10.0453 2040 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
05:27:10.0453 2040 WudfSvc - ok
05:27:10.0484 2040 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
05:27:10.0500 2040 WZCSVC - ok
05:27:10.0625 2040 [ 72E8F37E00DCBD7432C7824570A3A7AA ] X4HSX32 C:\Program Files\GameTap Web Player\bin\Release\X4HSX32.Sys
05:27:10.0625 2040 X4HSX32 - ok
05:27:10.0640 2040 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
05:27:10.0656 2040 xmlprov - ok
05:27:10.0687 2040 ================ Scan global ===============================
05:27:10.0718 2040 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
05:27:10.0750 2040 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
05:27:10.0750 2040 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
05:27:10.0796 2040 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
05:27:10.0812 2040 [Global] - ok
05:27:10.0812 2040 ================ Scan MBR ==================================
05:27:10.0828 2040 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
05:27:10.0984 2040 \Device\Harddisk1\DR1 - ok
05:27:11.0015 2040 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
05:27:11.0218 2040 \Device\Harddisk0\DR0 - ok
05:27:11.0234 2040 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk2\DR4
05:27:11.0468 2040 \Device\Harddisk2\DR4 - ok
05:27:11.0468 2040 ================ Scan VBR ==================================
05:27:11.0468 2040 [ D129E38E087A59205550A1D0E85A0158 ] \Device\Harddisk1\DR1\Partition1
05:27:11.0468 2040 \Device\Harddisk1\DR1\Partition1 - ok
05:27:11.0468 2040 [ 0D038056E2F5A02574D97215FEAC3207 ] \Device\Harddisk0\DR0\Partition1
05:27:11.0468 2040 \Device\Harddisk0\DR0\Partition1 - ok
05:27:11.0484 2040 [ 79F35C9E55DB80265E84958E37E08256 ] \Device\Harddisk2\DR4\Partition1
05:27:11.0484 2040 \Device\Harddisk2\DR4\Partition1 - ok
05:27:11.0484 2040 ============================================================
05:27:11.0484 2040 Scan finished
05:27:11.0484 2040 ============================================================
05:27:11.0484 2884 Detected object count: 0
05:27:11.0484 2884 Actual detected object count: 0
05:28:17.0015 3892 Deinitialize success




----------------------------------------------------------------------------------



aswMBR.txt

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-30 05:28:53
-----------------------------
05:28:53.578 OS Version: Windows 5.1.2600 Service Pack 3
05:28:53.578 Number of processors: 1 586 0x1A05
05:28:53.578 ComputerName: HERO UserName:
05:28:55.578 Initialize success
05:35:36.062 AVAST engine defs: 12082900
05:35:47.468 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
05:35:47.468 Disk 0 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953869MB BusType: 3
05:35:47.468 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-1f
05:35:47.468 Disk 1 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953868MB BusType: 3
05:35:47.468 Disk 1 MBR read successfully
05:35:47.468 Disk 1 MBR scan
05:35:47.515 Disk 1 Windows XP default MBR code
05:35:47.515 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 63
05:35:47.515 Disk 1 scanning sectors +1953520065
05:35:47.593 Disk 1 scanning C:\WINDOWS\system32\drivers
05:36:05.703 Service scanning
05:36:37.796 Modules scanning
05:36:43.250 Disk 1 trace - called modules:
05:36:43.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
05:36:43.750 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8b7b4ab8]
05:36:43.750 3 CLASSPNP.SYS[b8118fd7] -> nt!IofCallDriver -> \Device\000000a4[0x8b811a00]
05:36:43.750 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-1f[0x8b77dd98]
05:36:45.921 AVAST engine scan C:\WINDOWS
05:37:03.750 AVAST engine scan C:\WINDOWS\system32
05:42:15.906 AVAST engine scan C:\WINDOWS\system32\drivers
05:42:51.250 AVAST engine scan C:\Documents and Settings\Chris
06:21:43.531 AVAST engine scan C:\Documents and Settings\All Users
06:32:01.640 Scan finished successfully
06:32:13.468 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Chris\Desktop\MBR.dat"
06:32:13.468 The log file has been saved successfully to "C:\Documents and Settings\Chris\Desktop\aswMBR.txt"

#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:15 PM

Posted 29 August 2012 - 03:47 PM

Hi again,

That's looking better. Let's run Combofix to clear up a few things:

Run Combofix

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

==========

Please include the ComboFix.txt in your next reply!

bloopie

#7 Rapid Dolphin

Rapid Dolphin
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 29 August 2012 - 11:13 PM

Thanks! Here's the combofix log below. By the way, do you have any ideas why combofix deleted some JPG files from my root directory and also deleted an entire game directory (c:\program files\sss) without first prompting/warning?


Combofix.txt


ComboFix 12-08-29.03 - Chris 30/08/2012 13:31:19.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.1986 [GMT 10:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\F6077282D9.sys
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\389703C2.TMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\documents and settings\Chris\WINDOWS
C:\DSC00410.JPG
C:\DSCF0067.jpg
C:\DSCF1025.jpg
C:\DSCF1026.jpg
c:\program files\Internet Explorer\SET5F.tmp
c:\program files\Internet Explorer\SET60.tmp
c:\program files\Internet Explorer\SET62.tmp
c:\program files\sss
c:\program files\sss\acsetup.cfg
c:\program files\sss\agssave.001
c:\program files\sss\agssave.002
c:\program files\sss\game.exe
c:\program files\sss\Game.url
c:\program files\sss\music1.mid
c:\program files\sss\music10.mid
c:\program files\sss\music11.mid
c:\program files\sss\music12.mid
c:\program files\sss\music13.mid
c:\program files\sss\music14.mid
c:\program files\sss\music2.mid
c:\program files\sss\music3.mid
c:\program files\sss\music4.mid
c:\program files\sss\music42.mid
c:\program files\sss\music43.mid
c:\program files\sss\music44.mid
c:\program files\sss\music5.mid
c:\program files\sss\music6.mid
c:\program files\sss\music7.mid
c:\program files\sss\music8.mid
c:\program files\sss\music9.mid
c:\program files\sss\sound1.ogg
c:\program files\sss\sound2.ogg
c:\program files\sss\speech.vox
c:\program files\sss\unins000.dat
c:\program files\sss\unins000.exe
c:\program files\sss\warnings.log
c:\program files\sss\winsetup.exe
C:\setup.exe
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\dat
c:\windows\system32\SET1F2.tmp
c:\windows\system32\SET1F4.tmp
c:\windows\system32\SET1F9.tmp
c:\windows\system32\SET200.tmp
c:\windows\system32\SET6C.tmp
c:\windows\system32\SET6D.tmp
c:\windows\system32\SET70.tmp
c:\windows\system32\SET71.tmp
c:\windows\system32\SET72.tmp
c:\windows\system32\SET73.tmp
c:\windows\system32\SET75.tmp
c:\windows\system32\SET77.tmp
c:\windows\system32\SET78.tmp
c:\windows\system32\SET79.tmp
c:\windows\system32\SET7C.tmp
c:\windows\system32\SET7D.tmp
c:\windows\system32\SET80.tmp
c:\windows\system32\SET81.tmp
c:\windows\system32\SET83.tmp
c:\windows\system32\SET86.tmp
c:\windows\system32\SET87.tmp
c:\windows\system32\SET88.tmp
c:\windows\system32\SET89.tmp
c:\windows\system32\SET8A.tmp
c:\windows\system32\SET8B.tmp
c:\windows\system32\SET8F.tmp
c:\windows\system32\SET90.tmp
c:\windows\system32\SET91.tmp
c:\windows\system32\SET92.tmp
c:\windows\system32\SET93.tmp
c:\windows\system32\SET94.tmp
c:\windows\system32\SET95.tmp
c:\windows\system32\SET96.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\SET98.tmp
c:\windows\system32\SET99.tmp
c:\windows\system32\SET9B.tmp
c:\windows\system32\SET9C.tmp
c:\windows\system32\SET9D.tmp
c:\windows\system32\SET9E.tmp
c:\windows\system32\SETA0.tmp
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
c:\windows\system32\Temp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-30 )))))))))))))))))))))))))))))))
.
.
2012-08-29 19:23 . 2012-08-29 19:23 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-24 18:54 . 2012-08-24 19:26 -------- d-----w- c:\documents and settings\Chris\Application Data\Ad-Aware Antivirus
2012-08-24 17:06 . 2012-08-25 10:42 -------- d-----w- C:\I386
2012-08-24 14:16 . 2012-08-24 14:16 -------- d-----w- c:\documents and settings\Chris\Application Data\ElevatedDiagnostics
2012-08-24 12:48 . 2012-08-24 12:48 -------- d-----w- c:\program files\uTorrent
2012-08-24 12:33 . 2012-08-24 12:33 -------- d-----w- c:\program files\Xiph.Org
2012-08-22 11:26 . 2012-08-22 11:26 -------- d-----w- c:\documents and settings\Chris\Application Data\Solveig Multimedia
2012-08-22 11:24 . 2012-08-22 11:24 -------- d-----w- c:\program files\Common Files\Solveig Multimedia
2012-08-22 11:24 . 2012-08-22 11:24 -------- d-----w- c:\program files\HyperCam 3
2012-08-22 10:42 . 2012-08-22 10:42 -------- d-----w- c:\program files\CamStudio 2.6b
2012-08-14 07:11 . 2012-08-14 07:11 65536 ----a-w- c:\windows\system32\frapsvid.dll
2012-08-14 05:49 . 2012-08-14 05:49 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Sun
2012-08-14 05:44 . 2012-08-14 05:44 -------- d-----w- c:\program files\Oracle
2012-08-14 05:44 . 2012-08-14 05:44 -------- d-----w- c:\documents and settings\Chris\Application Data\Oracle
2012-08-13 03:35 . 2012-08-13 03:35 5115584 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-08-03 08:28 . 2012-08-03 08:30 -------- d-----w- c:\program files\Resonance
2012-08-03 04:27 . 2012-08-23 17:34 -------- d-----w- C:\AGS6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-24 03:00 . 2012-04-10 08:20 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 03:00 . 2011-05-22 01:47 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 14:48 . 2012-05-05 14:40 9826504 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-06 13:58 . 2003-07-05 18:50 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-05 12:07 . 2007-04-26 22:33 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-05 12:06 . 2012-06-16 20:24 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-04 14:05 . 2003-07-05 18:29 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2003-07-06 06:24 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2005-02-18 06:19 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2003-07-05 18:50 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 17:49 . 2003-07-05 18:50 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 12:05 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-06-16 20:23 . 2010-05-10 10:41 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-07 03:46 . 2012-06-07 03:46 8128 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\d3d9caps.tmp
2012-06-05 15:50 . 2007-05-15 05:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2003-07-05 18:50 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 07:35 . 2005-05-25 17:19 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2001-08-23 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:19 . 2007-05-16 03:05 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 05:19 . 2007-05-16 03:05 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 05:19 . 2005-05-25 17:19 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 05:19 . 2004-08-03 04:03 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 05:19 . 2004-08-03 04:02 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 05:19 . 2007-05-16 03:05 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 05:19 . 2005-11-23 14:05 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 05:19 . 2004-08-03 03:59 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 05:19 . 2003-07-05 18:50 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 05:19 . 2003-07-05 18:49 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 05:19 . 2007-05-16 03:05 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 05:19 . 2004-08-03 04:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 05:19 . 2003-07-05 18:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 05:18 . 2007-05-17 03:52 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 05:18 . 2007-03-16 06:05 275696 ----a-w- c:\windows\system32\mucltui.dll
2002-04-03 05:01 . 2003-07-23 17:45 286720 ------w- c:\program files\internet explorer\plugins\PanoViewer.dll
1999-04-30 06:00 . 2003-07-23 17:45 98304 ------w- c:\program files\internet explorer\plugins\UPjpeg.dll
2012-08-29 19:23 . 2011-04-04 13:35 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"InternodeUsage"="c:\progra~1\INTERN~2\mum.exe" [2010-02-07 1363456]
"DynAdvance Notifier"="c:\program files\DynAdvance\DynAdvance Notifier\MailNotifier.Exe" [2011-11-01 312832]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-22 6591800]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-05-27 81920]
"CTHelper"="CTHELPER.EXE" [2006-05-24 17920]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-11 37232]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-03 1753192]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Razer Imperator Driver"="c:\program files\Razer\Imperator\RazerImperatorSysTray.exe" [2012-02-09 979360]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-21 4352832]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-19 35328]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-21 960528]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-21 165144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
MemTurbo.lnk - c:\program files\MemTurbo\memturbo.exe [2004-1-18 221696]
.
c:\documents and settings\Chris\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-6-10 110592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MemTurbo.lnk - c:\program files\MemTurbo\memturbo.exe [2004-1-18 221696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
RealDownload Plus.lnk - c:\program files\Real\RealDownload\RealDownload.exe [2004-5-30 20515]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Inno Script Generator\\InnoScriptGenerator.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [6/07/2003 2:54 PM 85265]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/03/2012 8:40 AM 120152]
R1 SLEE_13_DRIVER;Steganos Live Encryption Engine 13 [Driver];c:\windows\system32\drivers\slee13.sys [4/10/2005 5:42 PM 74240]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [7/03/2012 3:40 PM 913144]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [4/06/2009 2:46 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [4/06/2009 2:46 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [4/06/2009 2:46 AM 72728]
R3 DLKRTL;D-Link DFE-528TX PCI Adapter NT Driver;c:\windows\system32\drivers\DLKRTL.SYS [10/10/2001 5:37 PM 25434]
S0 iteraid;ITERAID_Service_Install;c:\windows\system32\DRIVERS\iteraid.sys --> c:\windows\system32\DRIVERS\iteraid.sys [?]
S1 Wttablet;Serial Tablet Driver;c:\windows\system32\drivers\WTTABLET.SYS [1/01/1980 26240]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/09/2010 4:08 PM 136176]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 1:33 PM 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3/07/2012 1:19 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10/04/2012 6:20 PM 250568]
S3 Aic.ne;Aic.ne; [x]
S3 Aicmsr;Aicmsr; [x]
S3 Asytcci;Asytcci; [x]
S3 AWHelpServer;Alias Wavefront Help Server;c:\program files\AliasWavefront\Maya5.0\docs\Wrapper.exe [26/02/2004 7:01 PM 98304]
S3 Cobokitp;Cobokitp; [x]
S3 Coidriix_lic;Coidriix_lic; [x]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [28/08/2009 10:31 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [4/06/2009 2:46 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [4/06/2009 2:46 AM 1324056]
S3 ctgame;Game Port;c:\windows\system32\drivers\CTGAME.SYS [30/12/2002 12:53 PM 12160]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [4/06/2009 2:46 AM 72728]
S3 Dacosvrinpa;Dacosvrinpa; [x]
S3 DCamUSBNW800;CIF USB Camera (2110);c:\windows\system32\drivers\pcam800.sys [28/12/2010 2:34 PM 210792]
S3 Desura Install Service;Desura Install Service;c:\program files\Common Files\Desura\desura_service.exe [11/04/2011 1:52 AM 131912]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [1/12/2011 11:29 PM 78136]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 glauiad;D-Link DSL-302G Modem;c:\windows\system32\DRIVERS\glauiad.sys --> c:\windows\system32\DRIVERS\glauiad.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16/09/2010 4:08 PM 136176]
S3 Ipmc8xfgena;Ipmc8xfgena; [x]
S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [1/11/2011 11:25 AM 12032]
S3 Licm_gode;Licm_gode; [x]
S3 Maya5PLEHelpServer;Alias Maya 5.0 PLE Help Server;"d:\program files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe" -s "d:\program files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf" --> d:\program files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [21/01/2010 4:51 PM 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [26/04/2012 5:10 PM 114144]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/01/2010 7:37 PM 4640000]
S3 PCNat;PC-Nat Miniport;c:\windows\system32\drivers\pcnat.sys [2/11/2004 12:09 AM 30336]
S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
S3 QDDWZ;QDDWZ;c:\docume~1\Chris\LOCALS~1\Temp\QDDWZ.exe --> c:\docume~1\Chris\LOCALS~1\Temp\QDDWZ.exe [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 SM200DPA;SkyMedia-200DPA Ethernet Adapter Win2000 Driver;c:\windows\system32\drivers\sm200dpa.sys [30/01/2004 3:57 PM 40603]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [1/12/2011 11:29 PM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [1/12/2011 11:29 PM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [1/12/2011 11:29 PM 136808]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [1/12/2011 11:29 PM 181432]
S3 Usb0xr;Usb0xr; [x]
S4 Cta960nds;Cta960nds; [x]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/03/2007 2:59 AM 639224]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 63783362
*Deregistered* - 63783362
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 03:00]
.
2012-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]
.
2012-08-29 c:\windows\Tasks\AutoRearm.job
- c:\windows\AutoRearm\AutoRearm.exe [2012-01-16 18:02]
.
2012-08-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-16 03:42]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-16 06:07]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-16 06:07]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1580436667-839522115-1003Core.job
- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-20 20:01]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1580436667-839522115-1003UA.job
- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-20 20:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://au.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://au.search.yahoo.com
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: Interfaces\{1B920E41-5D7E-4884-968D-AFAAC5BCDE09}: NameServer = 192.168.1.254
TCP: Interfaces\{8FC5D8F0-1954-466D-A1FB-6F3B9C753B72}: NameServer = 192.168.1.254
TCP: Interfaces\{FE05EB90-FE75-465E-B7BF-FE7681AC136A}: NameServer = 192.168.1.254
DPF: ChatSpace Full Java Client 4.0.0.300 - hxxp://63.102.226.240:8000/Java/cfs40300.cab
DPF: ChatSpace Full Java Client 4.0.0.320 - hxxp://63.102.226.240:8000/Java/cfs40320.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: St.George Internet Banking - hxxps://ibank.stgeorge.com.au/html/bbb11s.cab
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: {2373AE74-5821-5D53-A64D-23397D2605ED} - hxxp://209.8.161.54/1/rdgAU1022.exe
DPF: {44D9F344-12A8-5AC1-D624-71C30CDB8A38} - hxxp://209.8.161.54/1/rdgAU1022.exe
DPF: {498A0AC2-A3AC-11D4-80A9-0050DA680987} - hxxp://www.englishtown.com/EtownResources/HearMe/hmvcfe.cab
DPF: {D1792F99-AA90-4D46-8B73-2CE45DADDD3C} - hxxps://www.web-a-file.com/webafiledownloader.cab
DPF: {D417ED3B-259D-4A1A-AF83-070D942C2017} - hxxp://gromozon.com/73d12727/50300/1/xp/FreeAccess.ocx
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\kdr9sf9w.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe
HKLM-Run-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
Notify-klogon - (no file)
AddRemove-Beavis And Butt-head - c:\beavis and butthead virtual stupidity\BBGAME.EXE
AddRemove-Desura - d:\program files\Desura\Desura_Uninstall.exe
AddRemove-Hero of Infamous Kingdoms_is1 - c:\program files\SSS\unins000.exe
AddRemove-ICQ - c:\progra~1\ICQ\ICQUninstall.EXE
AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files\DivX\DivXConverterUninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files\DivX\DivXPlayerUninstall.exe
AddRemove-{B13A7C41581B411290FBC0395694E2A9} - c:\program files\DivX\DivXConverterUninstall.exe
AddRemove-{D050D7362D214723AD585B541FFB6C11} - c:\program files\DivX\DivXContentUploaderUninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-Dr. DivX 2.0 OSS - c:\program files\DivX\Dr. DivX 2.0 OSS\Remove.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-30 13:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1001FALS-00J7B1 rev.05.00K05 -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-10
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-1580436667-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1935655697-1580436667-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:ac,08,37,93,a9,3e,71,25,18,1a,b3,3e,03,b9,15,ae,a8,d3,89,02,a0,
c3,ea,3e,e3,7c,60,9a,93,4a,a7,c6,e9,70,cd,dd,d8,a8,0b,33,8f,4d,b1,9a,d4,93,\
"rkeysecu"=hex:3c,35,70,7f,80,a4,b1,4f,95,14,90,61,8c,e5,3d,39
.
Completion time: 2012-08-30 13:48:25
ComboFix-quarantined-files.txt 2012-08-30 03:48
.
Pre-Run: 834,070,183,936 bytes free
Post-Run: 838,543,790,080 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - E754F536020C0903B7218E6602DA96EE

#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:15 PM

Posted 30 August 2012 - 10:11 AM

Hi again,

I can't be 100% sure of all the Combofix routines as I did not create the program, but seeing JPG's on the root directory immediately looks bad as well as seeing some .exe's there also. If you'd like anything back again, just list them for me and I'll have Combofix put them back in their old places for you. :wink:

Otherwise, let me know and we'll move on. :)

You may want to consider putting JPG's in a "pictures" folder on the desktop or other area, but that's up to you.

bloopie

#9 Rapid Dolphin

Rapid Dolphin
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 30 August 2012 - 10:22 AM

Hi,

If we could recover these 3 JPGs, it'd be great (not sure what they were, but I'd like to check all the same).

C:\DSC00410.JPG
C:\DSCF0067.jpg
C:\DSCF1025.jpg
C:\DSCF1026.jpg

I find it quite odd that it took the liberty of deleting the game folder and files in the program files/sss directory. However, I won't worry about recovering that.

Strangely, I have other files and JPGs in the root folder, but Combofix didn't touch any of them.

Thanks!

#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:15 PM

Posted 30 August 2012 - 10:41 AM

Hi again,

Strangely, I have other files and JPGs in the root folder, but Combofix didn't touch any of them.

It's quite possible that the ones CF removed were infected, and that's why it left the others.

Let's see if we can upload them to be safe, so please provide me with the following text file:

Navigate to C:\QooBox\ComboFix-quarantined-files.txt, copy and paste the contents of the text file in your next reply.

bloopie

#11 Rapid Dolphin

Rapid Dolphin
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 30 August 2012 - 02:10 PM

Interesting. Most of the aforementioned files are marked as .vir in ComboFix-quarantined-files.txt.

A virus or malware of some kind? As far as I know, JPGs and MIDI files cannot contain either, unless they're masquerading as a different file type by changing the extension.

At any rate, here is the log:


2012-08-30 03:46:13 . 2012-08-30 03:46:13 626 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Dr. DivX 2.0 OSS.reg.dat
2012-08-30 03:46:13 . 2012-08-30 03:46:13 916 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-25_escape.reg.dat
2012-08-30 03:46:13 . 2012-08-30 03:46:13 928 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-24_flashusbdriver.reg.dat
2012-08-30 03:46:13 . 2012-08-30 03:46:13 924 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-22_WiBro_WiMAX.reg.dat
2012-08-30 03:46:13 . 2012-08-30 03:46:13 912 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-21_Searsburg.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 916 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-20_NXP_Driver.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 916 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-19_VIA_driver.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 948 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-18_Zinia_Serial_Driver.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 924 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-17_EMP_Chipset2.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 916 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-16_Shrewsbury.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 936 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-11_HSP_Plus_Default.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 884 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-09_Hsp.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 916 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-08_EMPChipset.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 896 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-07_Schorl.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 904 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-06_Spencer.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 892 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-05_Sloan.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 908 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-04_semseyite.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 920 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-03_Swallowtail.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 908 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-02_Siberian.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 908 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-01_Simmental.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 1,046 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{D050D7362D214723AD585B541FFB6C11}.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 1,136 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{B13A7C41581B411290FBC0395694E2A9}.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 1,132 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9}.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 1,248 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{7B63B2922B174135AFC0E1377DD81EC2}.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 1,010 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{7585478E9D9B42108671C12F8714CEFE}.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 504 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-ICQ.reg.dat
2012-08-30 03:46:12 . 2012-08-30 03:46:12 1,736 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Hero of Infamous Kingdoms_is1.reg.dat
2012-08-30 03:46:11 . 2012-08-30 03:46:11 950 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Desura.reg.dat
2012-08-30 03:46:11 . 2012-08-30 03:46:11 508 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Beavis And Butt-head.reg.dat
2012-08-30 03:45:46 . 2012-08-30 03:45:46 266 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-klogon.reg.dat
2012-08-30 03:45:39 . 2012-08-30 03:45:39 163 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-DivXUpdate.reg.dat
2012-08-30 03:45:37 . 2012-08-30 03:45:37 147 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-KiesHelper.reg.dat
2012-08-30 03:45:37 . 2012-08-30 03:45:37 97 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-AdobeBridge.reg.dat
2012-08-30 03:45:36 . 2012-08-30 03:45:36 173 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2012-08-30 03:38:05 . 2012-08-30 03:38:05 31,257 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-08-30 03:22:18 . 2012-08-30 03:22:18 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-12-01 13:42:58 . 2011-11-29 07:38:12 24,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\System32\MASetupCleaner.exe.vir
2011-12-01 13:42:57 . 2011-11-29 07:38:12 172,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\System32\muzapp.exe.vir
2011-10-22 17:29:55 . 2011-10-22 17:30:29 1,255,083 ----a-w- C:\Qoobox\Quarantine\C\DSC00410.JPG.vir
2010-07-10 19:43:14 . 2010-07-10 19:43:27 145,761 ----a-w- C:\Qoobox\Quarantine\C\DSCF0067.jpg.vir
2009-11-16 13:07:57 . 2009-11-16 13:07:57 492,111 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\agssave.002.vir
2009-11-16 12:58:30 . 2009-11-16 12:58:34 122 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\warnings.log.vir
2009-10-29 08:26:12 . 2009-10-29 08:26:13 526,333 ----a-w- C:\Qoobox\Quarantine\C\DSCF1026.jpg.vir
2009-10-29 07:58:48 . 2009-10-29 07:58:50 363,728 ----a-w- C:\Qoobox\Quarantine\C\DSCF1025.jpg.vir
2009-03-09 11:09:02 . 2009-03-11 11:00:11 88 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\F6077282D9.sys.vir
2008-05-28 05:48:51 . 2008-05-28 05:48:59 992,536 ----a-w- C:\Qoobox\Quarantine\C\setup.exe.vir
2006-11-07 10:03:36 . 2006-11-07 10:03:36 131,584 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET72.tmp.vir
2006-11-07 10:03:36 . 2006-11-07 10:03:36 191,488 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET80.tmp.vir
2006-11-07 10:03:36 . 2006-11-07 10:03:36 27,136 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET8A.tmp.vir
2006-11-07 10:03:36 . 2006-11-07 10:03:36 3,577,856 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET90.tmp.vir
2006-11-07 10:03:36 . 2006-11-07 10:03:36 475,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET92.tmp.vir
2006-11-07 10:03:36 . 2006-11-07 10:03:36 156,160 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET94.tmp.vir
2006-11-07 10:03:36 . 2006-11-07 10:03:36 670,720 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET96.tmp.vir
2006-11-07 10:03:36 . 2006-11-07 10:03:36 1,162,240 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9C.tmp.vir
2006-11-07 10:03:36 . 2006-11-07 10:03:36 413,696 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9D.tmp.vir
2006-11-07 10:03:36 . 2006-11-07 10:03:36 231,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9E.tmp.vir
2006-11-07 10:03:36 . 2006-11-07 10:03:36 818,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA0.tmp.vir
2006-11-06 16:27:10 . 2006-11-06 16:27:10 382,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7C.tmp.vir
2006-11-06 16:27:02 . 2006-11-06 16:27:02 229,376 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET78.tmp.vir
2006-11-06 16:26:56 . 2006-11-06 16:26:56 152,064 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET77.tmp.vir
2006-11-06 16:26:44 . 2006-11-06 16:26:44 71,680 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6C.tmp.vir
2006-11-06 16:26:42 . 2006-11-06 16:26:42 55,296 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET83.tmp.vir
2006-11-06 16:26:28 . 2006-11-06 16:26:28 54,784 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET75.tmp.vir
2006-11-06 16:26:28 . 2006-11-06 16:26:28 43,008 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET81.tmp.vir
2006-11-06 16:26:24 . 2006-11-06 16:26:24 123,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6D.tmp.vir
2006-11-06 16:26:24 . 2006-11-06 16:26:24 92,672 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET88.tmp.vir
2006-11-06 16:25:14 . 2006-11-06 16:25:14 161,792 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET79.tmp.vir
2006-10-18 10:47:22 . 2006-10-18 10:47:22 2,450,944 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET200.tmp.vir
2006-10-18 10:47:20 . 2006-10-18 10:47:20 937,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1F9.tmp.vir
2006-10-18 10:47:18 . 2006-10-18 10:47:18 757,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1F2.tmp.vir
2006-10-18 10:47:18 . 2006-10-18 10:47:18 222,208 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1F4.tmp.vir
2006-10-17 01:06:10 . 2006-10-17 01:06:10 443,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET73.tmp.vir
2006-10-17 01:06:00 . 2006-10-17 01:06:00 78,336 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7D.tmp.vir
2006-10-17 01:05:48 . 2006-10-17 01:05:48 1,817,088 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET87.tmp.vir
2006-10-17 01:05:22 . 2006-10-17 01:05:22 105,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9B.tmp.vir
2006-10-17 01:05:10 . 2006-10-17 01:05:10 40,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET8B.tmp.vir
2006-10-17 01:05:10 . 2006-10-17 01:05:10 192,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET95.tmp.vir
2006-10-17 01:04:50 . 2006-10-17 01:04:50 69,120 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET60.tmp.vir
2006-10-17 01:04:46 . 2006-10-17 01:04:46 101,376 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET97.tmp.vir
2006-10-17 01:04:40 . 2006-10-17 01:04:40 622,080 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET62.tmp.vir
2006-10-17 01:00:00 . 2006-10-17 01:00:00 491,520 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET89.tmp.vir
2006-10-17 00:58:08 . 2006-10-17 00:58:08 44,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET98.tmp.vir
2006-10-17 00:58:06 . 2006-10-17 00:58:06 346,624 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET70.tmp.vir
2006-10-17 00:57:58 . 2006-10-17 00:57:58 36,352 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET86.tmp.vir
2006-10-17 00:57:50 . 2006-10-17 00:57:50 214,528 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET71.tmp.vir
2006-10-17 00:56:10 . 2006-10-17 00:56:10 45,568 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET8F.tmp.vir
2006-10-17 00:55:56 . 2006-10-17 00:55:56 66,560 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET99.tmp.vir
2006-10-17 00:44:36 . 2006-10-17 00:44:36 60,416 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET5F.tmp.vir
2006-10-17 00:28:56 . 2006-10-17 00:28:56 48,128 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET93.tmp.vir
2006-10-17 00:19:54 . 2006-10-17 00:19:54 1,383,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET91.tmp.vir
2005-03-31 10:52:30 . 2005-03-31 10:52:30 621,494 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\agssave.001.vir
2005-03-31 10:08:49 . 2005-03-31 10:08:49 60 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\Game.url.vir
2005-03-31 10:08:47 . 2005-03-31 10:08:49 3,191 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\unins000.dat.vir
2005-03-30 15:20:34 . 2009-11-16 12:54:16 176 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\acsetup.cfg.vir
2005-03-30 15:20:34 . 2005-03-30 15:20:34 5,408,433 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\game.exe.vir
2005-03-30 15:20:34 . 2005-03-30 15:20:34 49,173 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\winsetup.exe.vir
2005-03-30 12:27:38 . 2005-03-30 12:27:38 7,930,804 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\speech.vox.vir
2005-03-29 16:17:24 . 2005-03-29 16:17:24 94,850 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\sound1.ogg.vir
2005-03-27 12:08:12 . 2005-03-27 12:08:12 33,235 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\sound2.ogg.vir
2005-03-24 20:19:18 . 2005-03-24 20:19:18 27,570 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\music14.mid.vir
2005-03-24 20:16:12 . 2005-03-24 20:16:12 44,317 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\music7.mid.vir
2005-03-24 19:08:20 . 2005-03-24 19:08:20 8,531 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\music5.mid.vir
2005-03-24 18:31:26 . 2005-03-24 18:31:26 6,591 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\music12.mid.vir
2005-03-24 17:51:30 . 2005-03-24 17:51:30 18,153 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\music9.mid.vir
2005-03-24 14:04:22 . 2005-03-24 14:04:22 7,313 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\music44.mid.vir
2005-03-24 14:01:10 . 2005-03-24 14:01:10 9,414 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\music13.mid.vir
2005-03-24 07:54:28 . 2005-03-24 07:54:28 7,270 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\music6.mid.vir
2005-03-23 14:29:34 . 2005-03-23 14:29:34 29,164 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\music42.mid.vir
2005-03-21 06:15:40 . 2005-03-21 06:15:40 5,773 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\music10.mid.vir
2005-03-21 05:51:18 . 2005-03-21 05:51:18 4,591 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\music43.mid.vir
2005-03-21 05:49:16 . 2005-03-21 05:49:16 10,627 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\music8.mid.vir
2005-03-21 05:37:48 . 2005-03-21 05:37:48 2,465 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\music4.mid.vir
2005-03-21 05:29:32 . 2005-03-21 05:29:32 6,842 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\music3.mid.vir
2005-03-21 05:27:54 . 2005-03-21 05:27:54 18,367 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\music1.mid.vir
2005-03-19 10:44:52 . 2005-03-19 10:44:52 32,134 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\music11.mid.vir
2005-03-19 05:11:26 . 2005-03-19 05:11:26 1,592 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\music2.mid.vir
2004-06-26 07:00:00 . 2004-06-26 07:00:00 77,257 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SSS\unins000.exe.vir
2004-06-10 11:12:38 . 2004-06-10 11:12:38 890 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk.vir
2004-01-30 04:32:14 . 2009-08-04 14:20:08 2,066,048 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000010_.tmp.dll.vir
2004-01-30 04:32:14 . 2009-12-08 18:43:50 2,066,048 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000011_.tmp.dll.vir
2004-01-30 04:32:14 . 2010-02-16 13:25:04 2,066,816 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000012_.tmp.dll.vir
2004-01-30 04:32:14 . 2010-04-27 13:05:00 2,066,816 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000014_.tmp.dll.vir
2003-02-20 18:16:08 . 2003-02-20 18:16:08 49,152 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTEMP\regtlib.exe.vir

#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:15 PM

Posted 30 August 2012 - 03:14 PM

Hi again,

No, the .vir extension is on of CF's routines. It will move the file and add a .vir extension so the file cannot execute anymore. It's a safety routine. :thumbup2:

==========

I'd like you to upload those files in question to VT:

  • Go to VirusTotal.com
  • Click the "Choose File" button.
  • Navigate to the file C:\Qoobox\Quarantine\C\DSC00410.JPG.vir and click Open.
  • Click the "Scan It" button (***Note: If it says this file has already been scanned, please click "Reanalyze").
  • When it is finished scanning please provide a link to the results page in your next reply.

Now please follow the same procedure for these files as well and link me to the results page in your next reply:

C:\Qoobox\Quarantine\C\DSCF0067.jpg.vir
C:\Qoobox\Quarantine\C\DSCF1025.jpg.vir
C:\Qoobox\Quarantine\C\DSCF1026.jpg.vir


bloopie

#13 Rapid Dolphin

Rapid Dolphin
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 30 August 2012 - 03:38 PM

Hi again,

No, the .vir extension is on of CF's routines. It will move the file and add a .vir extension so the file cannot execute anymore. It's a safety routine. :thumbup2:


Ah, okay. Got it!

Alright, I just uploaded the four JPG files with the .vir extension to the VT site. Looks like nothing was detected in any of the files (nor in several other files from C:/Program Files/SSS which I also uploaded and scanned).

Here are the VT URLs for the 4 JPG files:

https://www.virustotal.com/file/90d05ba75a1678cf8ddb6a6785148047fa61460ce0de5a4eafda283397057771/analysis/1346358213/

https://www.virustotal.com/file/d9332257b83f9233fb3d5066826fe0b908d1f786b09b7dec3b91596279d95f11/analysis/1346358377/

https://www.virustotal.com/file/6129e70afa9e6bb7299afde39a8bff284ab229449ef8d082f32623b5b1c1662a/analysis/1346358466/

https://www.virustotal.com/file/c909e9c04b865a551244c3d3efdd55f54b7c197dbfdf631ca59e092ee3980250/analysis/1346358665/


Cheers!

#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:15 PM

Posted 30 August 2012 - 05:29 PM

Hi again,

Good Job! :)

Okay, let's put those JPG files back with ComboFix:

:step1:
Run a Combofix Script

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy the text in the codebox below, then paste it into the empty notepad:

DeQuarantine:: 
C:\Qoobox\Quarantine\C\DSC00410.JPG.vir
C:\Qoobox\Quarantine\C\DSCF0067.jpg.vir
C:\Qoobox\Quarantine\C\DSCF1025.jpg.vir
C:\Qoobox\Quarantine\C\DSCF1026.jpg.vir

ClearJavaCache::
Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

:step2:

Upload another file to VT for me just as you did before and link me the results:

c:\windows\system32\drivers\WTTABLET.SYS

==========

In your next reply please include:

  • The latest Combofix log
  • The link to VT on the file above
  • Let me know if the JPG's are back again! :thumbup2:
bloopie

Edited by bloopie, 30 August 2012 - 05:31 PM.


#15 Rapid Dolphin

Rapid Dolphin
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 30 August 2012 - 11:27 PM

Hi, bloopie,

I did all that, but combofix ran a full system scan again, and deleted the same JPG files during the process. They're not in the directory and are still listed under "Other Deletions" in the combofix log file.

When I dragged & dropped the txt file onto the combofix icon, it told me there was a new version of CF available. I clicked "yes" to update it. Then, after CF finished updating, it continued with a full scan. I'm not sure whether that's what was supposed to happen or not, but the scan did seem to find an infection that it somehow missed last time.

Additionally, during the scan, CF gave me a message that the Recycle Bin on drive C: was corrupt and asked did I want to delete the Recycle Bin's contents. I clicked "yes".

The file located at c:\windows\system32\drivers\WTTABLET.SYS didn't seem to turn up any issues:

https://www.virustotal.com/file/a035d2912237d8fe1d170d7baacd96f23c2e42d54c570d313cf3a37d4a24d695/analysis/1346386762/



And here is the latest combofix log:


ComboFix 12-08-30.05 - Chris 31/08/2012 13:43:00.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.1903 [GMT 10:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris\Desktop\CFScript.txt
AV: ESET Smart Security 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Chris\LOCALS~1\Temp\Adobelm_Cleanup.0001.dir.0000\~de2fd8.tmp
c:\docume~1\Chris\LOCALS~1\Temp\Adobelm_Cleanup.0001.dir.0000\~df394b.tmp
c:\docume~1\Chris\LOCALS~1\Temp\Adobelm_Cleanup.0001.dir.0002\~df394b.tmp
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Chris\Local Settings\Temp\Adobelm_Cleanup.0001.dir.0000\~de2fd8.tmp
c:\documents and settings\Chris\Local Settings\Temp\Adobelm_Cleanup.0001.dir.0000\~df394b.tmp
c:\documents and settings\Chris\Local Settings\Temp\Adobelm_Cleanup.0001.dir.0002\~df394b.tmp
C:\DSC00410.JPG
C:\DSCF0067.jpg
C:\DSCF1025.jpg
C:\DSCF1026.jpg
c:\program files\INSTALL.LOG
C:\Thumbs.db
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\iun6002.exe
c:\windows\patch.exe
c:\windows\SNMPAPI.DLL
c:\windows\ST6UNST.000
c:\windows\system32\csftxctl.ocx
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\FlashPlayerInstaller.exe
c:\windows\system32\ie.ico
c:\windows\system32\imas3r
c:\windows\system32\muzapp.exe
c:\windows\system32\open.ico
.
Infected copy of c:\windows\system32\samsrv.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\samsrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-31 )))))))))))))))))))))))))))))))
.
.
2012-08-29 19:23 . 2012-08-29 19:23 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-24 18:54 . 2012-08-24 19:26 -------- d-----w- c:\documents and settings\Chris\Application Data\Ad-Aware Antivirus
2012-08-24 17:06 . 2012-08-25 10:42 -------- d-----w- C:\I386
2012-08-24 14:16 . 2012-08-24 14:16 -------- d-----w- c:\documents and settings\Chris\Application Data\ElevatedDiagnostics
2012-08-24 12:48 . 2012-08-24 12:48 -------- d-----w- c:\program files\uTorrent
2012-08-24 12:33 . 2012-08-24 12:33 -------- d-----w- c:\program files\Xiph.Org
2012-08-22 11:26 . 2012-08-22 11:26 -------- d-----w- c:\documents and settings\Chris\Application Data\Solveig Multimedia
2012-08-22 11:24 . 2012-08-22 11:24 -------- d-----w- c:\program files\Common Files\Solveig Multimedia
2012-08-22 11:24 . 2012-08-22 11:24 -------- d-----w- c:\program files\HyperCam 3
2012-08-22 10:42 . 2012-08-22 10:42 -------- d-----w- c:\program files\CamStudio 2.6b
2012-08-14 07:11 . 2012-08-14 07:11 65536 ----a-w- c:\windows\system32\frapsvid.dll
2012-08-14 05:49 . 2012-08-14 05:49 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Sun
2012-08-14 05:44 . 2012-08-14 05:44 -------- d-----w- c:\program files\Oracle
2012-08-14 05:44 . 2012-08-14 05:44 -------- d-----w- c:\documents and settings\Chris\Application Data\Oracle
2012-08-13 03:35 . 2012-08-13 03:35 5115584 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-08-03 08:28 . 2012-08-03 08:30 -------- d-----w- c:\program files\Resonance
2012-08-03 04:27 . 2012-08-23 17:34 -------- d-----w- C:\AGS6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-24 03:00 . 2012-04-10 08:20 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 03:00 . 2011-05-22 01:47 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2003-07-05 18:50 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-05 12:07 . 2007-04-26 22:33 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-05 12:06 . 2012-06-16 20:24 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-04 14:05 . 2003-07-05 18:29 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2003-07-06 06:24 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2005-02-18 06:19 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2003-07-05 18:50 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 17:49 . 2003-07-05 18:50 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 12:05 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-06-16 20:23 . 2010-05-10 10:41 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-07 03:46 . 2012-06-07 03:46 8128 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\d3d9caps.tmp
2012-06-05 15:50 . 2007-05-15 05:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2003-07-05 18:50 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 07:35 . 2005-05-25 17:19 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2001-08-23 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:19 . 2007-05-16 03:05 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 05:19 . 2007-05-16 03:05 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 05:19 . 2005-05-25 17:19 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 05:19 . 2004-08-03 04:03 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 05:19 . 2004-08-03 04:02 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 05:19 . 2007-05-16 03:05 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 05:19 . 2005-11-23 14:05 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 05:19 . 2004-08-03 03:59 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 05:19 . 2003-07-05 18:50 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 05:19 . 2003-07-05 18:49 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 05:19 . 2007-05-16 03:05 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 05:19 . 2004-08-03 04:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 05:19 . 2003-07-05 18:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 05:18 . 2007-05-17 03:52 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 05:18 . 2007-03-16 06:05 275696 ----a-w- c:\windows\system32\mucltui.dll
2002-04-03 05:01 . 2003-07-23 17:45 286720 ------w- c:\program files\internet explorer\plugins\PanoViewer.dll
1999-04-30 06:00 . 2003-07-23 17:45 98304 ------w- c:\program files\internet explorer\plugins\UPjpeg.dll
2012-08-29 19:23 . 2011-04-04 13:35 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-30_03.43.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-31 04:03 . 2012-08-31 04:03 16384 c:\windows\Temp\Perflib_Perfdata_168.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"InternodeUsage"="c:\progra~1\INTERN~2\mum.exe" [2010-02-07 1363456]
"DynAdvance Notifier"="c:\program files\DynAdvance\DynAdvance Notifier\MailNotifier.Exe" [2011-11-01 312832]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-22 6591800]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-05-27 81920]
"CTHelper"="CTHELPER.EXE" [2006-05-24 17920]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-11 37232]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-03 1753192]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Razer Imperator Driver"="c:\program files\Razer\Imperator\RazerImperatorSysTray.exe" [2012-02-09 979360]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-21 4352832]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-19 35328]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-21 960528]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-21 165144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
MemTurbo.lnk - c:\program files\MemTurbo\memturbo.exe [2004-1-18 221696]
.
c:\documents and settings\Chris\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-6-10 110592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MemTurbo.lnk - c:\program files\MemTurbo\memturbo.exe [2004-1-18 221696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
RealDownload Plus.lnk - c:\program files\Real\RealDownload\RealDownload.exe [2004-5-30 20515]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Inno Script Generator\\InnoScriptGenerator.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [6/07/2003 2:54 PM 85265]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/03/2012 8:40 AM 120152]
R1 SLEE_13_DRIVER;Steganos Live Encryption Engine 13 [Driver];c:\windows\system32\drivers\slee13.sys [4/10/2005 5:42 PM 74240]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [7/03/2012 3:40 PM 913144]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 1:33 PM 3064000]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [4/06/2009 2:46 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [4/06/2009 2:46 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [4/06/2009 2:46 AM 72728]
R3 DLKRTL;D-Link DFE-528TX PCI Adapter NT Driver;c:\windows\system32\drivers\DLKRTL.SYS [10/10/2001 5:37 PM 25434]
S0 iteraid;ITERAID_Service_Install;c:\windows\system32\DRIVERS\iteraid.sys --> c:\windows\system32\DRIVERS\iteraid.sys [?]
S1 Wttablet;Serial Tablet Driver;c:\windows\system32\drivers\WTTABLET.SYS [1/01/1980 26240]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/09/2010 4:08 PM 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3/07/2012 1:19 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10/04/2012 6:20 PM 250568]
S3 Aic.ne;Aic.ne; [x]
S3 Aicmsr;Aicmsr; [x]
S3 Asytcci;Asytcci; [x]
S3 AWHelpServer;Alias Wavefront Help Server;c:\program files\AliasWavefront\Maya5.0\docs\Wrapper.exe [26/02/2004 7:01 PM 98304]
S3 Cobokitp;Cobokitp; [x]
S3 Coidriix_lic;Coidriix_lic; [x]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [28/08/2009 10:31 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [4/06/2009 2:46 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [4/06/2009 2:46 AM 1324056]
S3 ctgame;Game Port;c:\windows\system32\drivers\CTGAME.SYS [30/12/2002 12:53 PM 12160]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [4/06/2009 2:46 AM 72728]
S3 Dacosvrinpa;Dacosvrinpa; [x]
S3 DCamUSBNW800;CIF USB Camera (2110);c:\windows\system32\drivers\pcam800.sys [28/12/2010 2:34 PM 210792]
S3 Desura Install Service;Desura Install Service;c:\program files\Common Files\Desura\desura_service.exe [11/04/2011 1:52 AM 131912]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [1/12/2011 11:29 PM 78136]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 glauiad;D-Link DSL-302G Modem;c:\windows\system32\DRIVERS\glauiad.sys --> c:\windows\system32\DRIVERS\glauiad.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16/09/2010 4:08 PM 136176]
S3 Ipmc8xfgena;Ipmc8xfgena; [x]
S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [1/11/2011 11:25 AM 12032]
S3 Licm_gode;Licm_gode; [x]
S3 Maya5PLEHelpServer;Alias Maya 5.0 PLE Help Server;"d:\program files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe" -s "d:\program files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf" --> d:\program files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [21/01/2010 4:51 PM 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [26/04/2012 5:10 PM 114144]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/01/2010 7:37 PM 4640000]
S3 PCNat;PC-Nat Miniport;c:\windows\system32\drivers\pcnat.sys [2/11/2004 12:09 AM 30336]
S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
S3 QDDWZ;QDDWZ;c:\docume~1\Chris\LOCALS~1\Temp\QDDWZ.exe --> c:\docume~1\Chris\LOCALS~1\Temp\QDDWZ.exe [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 SM200DPA;SkyMedia-200DPA Ethernet Adapter Win2000 Driver;c:\windows\system32\drivers\sm200dpa.sys [30/01/2004 3:57 PM 40603]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [1/12/2011 11:29 PM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [1/12/2011 11:29 PM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [1/12/2011 11:29 PM 136808]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [1/12/2011 11:29 PM 181432]
S3 Usb0xr;Usb0xr; [x]
S4 Cta960nds;Cta960nds; [x]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/03/2007 2:59 AM 639224]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 03:00]
.
2012-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]
.
2012-08-31 c:\windows\Tasks\AutoRearm.job
- c:\windows\AutoRearm\AutoRearm.exe [2012-01-16 18:02]
.
2012-08-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-16 03:42]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-16 06:07]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-16 06:07]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1580436667-839522115-1003Core.job
- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-20 20:01]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1580436667-839522115-1003UA.job
- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-20 20:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://au.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://au.search.yahoo.com
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: Interfaces\{1B920E41-5D7E-4884-968D-AFAAC5BCDE09}: NameServer = 192.168.1.254
TCP: Interfaces\{8FC5D8F0-1954-466D-A1FB-6F3B9C753B72}: NameServer = 192.168.1.254
TCP: Interfaces\{FE05EB90-FE75-465E-B7BF-FE7681AC136A}: NameServer = 192.168.1.254
DPF: ChatSpace Full Java Client 4.0.0.300 - hxxp://63.102.226.240:8000/Java/cfs40300.cab
DPF: ChatSpace Full Java Client 4.0.0.320 - hxxp://63.102.226.240:8000/Java/cfs40320.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: St.George Internet Banking - hxxps://ibank.stgeorge.com.au/html/bbb11s.cab
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: {2373AE74-5821-5D53-A64D-23397D2605ED} - hxxp://209.8.161.54/1/rdgAU1022.exe
DPF: {44D9F344-12A8-5AC1-D624-71C30CDB8A38} - hxxp://209.8.161.54/1/rdgAU1022.exe
DPF: {498A0AC2-A3AC-11D4-80A9-0050DA680987} - hxxp://www.englishtown.com/EtownResources/HearMe/hmvcfe.cab
DPF: {D1792F99-AA90-4D46-8B73-2CE45DADDD3C} - hxxps://www.web-a-file.com/webafiledownloader.cab
DPF: {D417ED3B-259D-4A1A-AF83-070D942C2017} - hxxp://gromozon.com/73d12727/50300/1/xp/FreeAccess.ocx
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\kdr9sf9w.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-AutoPlay Media Studio 4.0 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-31 14:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1001FALS-00J7B1 rev.05.00K05 -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-10
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-1580436667-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1935655697-1580436667-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:ac,08,37,93,a9,3e,71,25,18,1a,b3,3e,03,b9,15,ae,a8,d3,89,02,a0,
c3,ea,3e,e3,7c,60,9a,93,4a,a7,c6,e9,70,cd,dd,d8,a8,0b,33,8f,4d,b1,9a,d4,93,\
"rkeysecu"=hex:3c,35,70,7f,80,a4,b1,4f,95,14,90,61,8c,e5,3d,39
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2464)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
d:\program files\WS_FTP Pro\nsftpch.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\DRIVERS\CDANTSRV.EXE
c:\windows\System32\CTsvcCDA.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\System32\StkASv2K.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\CNAC3RPK.EXE
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-08-31 14:13:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-31 04:13
C:\DeQuarantine.txt
.
Pre-Run: 838,207,012,864 bytes free
Post-Run: 838,271,791,104 bytes free
.
- - End Of File - - 6C4F5E3049A6BAA4631258A8EF9C1B6A




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users