Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBR:SST [RTK] Infection


  • This topic is locked This topic is locked
33 replies to this topic

#1 OdinOneEye

OdinOneEye

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 01 November 2012 - 11:14 AM

I am not new to removing Malware from computers, but I have been working on this problem for days and this has been a persistent little bug that I have come across.

I am working on a HP Laptop running Windows XP Pro. It came to me with system errors and a constant BSOD, I have gotten it to actually boot up on it's own and cleaned what I could off of it with Malwarebytes and SuperAnti-spyware. The computer had no virus protection on it, so I installed Avast and found some more issues that were cleaned. After all of this, it would constantly come up with a little popup saying it blocked a website (the website changes everytime) by URL:MAL and the process would be either explorer.exe or iexplorer.exe. Obviously something was still infected so I tried running TDSS killer, which wouldn't run, then tried FixTDSS, which didn't run either. Then tried running ZeroAccess, which ran, but said it found no infections.

After this I ran Avast Boot Scanner, and that's when I found out about the MBR:SST root kit, plus hiberfil.sys infection with Win32:Agent-HZV (which can't be cleaned or moved).

I've tried everything I could think of to remove this thing, but it seems to hide itself well, I even tried to remove it manually, but don't know enough about it to do it competently enough. Also, I know this is frowned upon, but I did try to run ComboFix (I've used it in the past and have had success with it), but the machine freezes when it begins the scan, this happens in normal and safe mode.

I'm hoping you can help, because I just don't know what to do anymore.

Thank You

Summary of steps attempted:

Malwarebytes (zero infections)
Super Anti-spyware (zero infections)
Avast Scan (normal and root infections)
TDSS Killer (won't run)
FixTDSS Killer (won't run)
Zero Access (finds nothing wrong)
ComboFix (freezes up machine on beginning of scan)

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:56 AM

Posted 01 November 2012 - 12:07 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 OdinOneEye

OdinOneEye
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 01 November 2012 - 01:17 PM

Thank You for your reply

Here is the report from Security Check:


Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
NI Spy 2.1.0f0
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 21
Java 2 Runtime Environment, SE v1.4.2
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````


I tried running DDS, but it got about 80% of the way and just stopped. It's been sitting at Please Wait for almost 20min, computer isn't locked up or anything, but wasn't sure if it usually takes this long.

Correction: The computer is unresponsive while running DDS:

Edited by OdinOneEye, 01 November 2012 - 01:40 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:56 AM

Posted 01 November 2012 - 09:07 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 OdinOneEye

OdinOneEye
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 02 November 2012 - 08:28 AM

AdwCleaner Log:


# AdwCleaner v2.006 - Logfile created 11/02/2012 at 06:21:48
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - LAPTOP1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\AppGraffiti
Folder Deleted : C:\Program Files\TotalRecipeSearch_14EI

***** [Registry] *****

Key Deleted : HKCU\Software\CToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\Software\CToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language --> hxxp://www.google.com

*************************

AdwCleaner[S1].txt - [2872 octets] - [02/11/2012 06:21:48]

########## EOF - C:\AdwCleaner[S1].txt - [2932 octets] ##########


Rogue Killer Log:


RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 11/02/2012 06:28:45

Bad processes : 0

Registry Entries : 2
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [LOADED]
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF84E46F2)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF84E46F2)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF84E4712)
IRP[IRP_MJ_POWER] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF84E473C)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF84EB336)
IRP[IRP_MJ_PNP] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF84EB302)
IRP[DriverStartIo] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF84E1864)

Infection : Root.MBR

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: TOSHIBA MK4026GAX +++++
--- User ---
[MBR] 523bd32a130ae44259006b32155251fc
[BSP] 7a9c89a78664450b23bd97c705bdd429 : Standard MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38154 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 6625da1ad89a54588413085dac04e81b
[BSP] 2af4ea17421dfcc515c25a790bf9bae1 : MaxSS MBR Code!
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38154 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt




#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:56 AM

Posted 03 November 2012 - 06:10 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 OdinOneEye

OdinOneEye
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 05 November 2012 - 08:57 AM

I followed your instructions and it locks up the computer after about 10 minutes at the:

Scanning for infected files...
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:56 AM

Posted 05 November 2012 - 02:56 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 OdinOneEye

OdinOneEye
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 05 November 2012 - 03:34 PM

Neither of those programs will run.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:56 AM

Posted 05 November 2012 - 08:45 PM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 OdinOneEye

OdinOneEye
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 06 November 2012 - 09:25 AM

Here is the report:


ComboFix 12-11-04.01 - Administrator 11/06/2012 5:27.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.101 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\My Documents\~WRL1096.tmp
c:\documents and settings\Administrator\My Documents\~WRL1626.tmp
c:\documents and settings\Administrator\My Documents\~WRL2367.tmp
c:\documents and settings\Administrator\My Documents\~WRL2681.tmp
c:\documents and settings\Administrator\My Documents\~WRL3085.tmp
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TNRW24ohM5kjs0
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-10-31 20:27 . 2012-10-31 20:27 -------- d-----w- c:\program files\Enigma Software Group
2012-10-31 20:27 . 2012-11-01 15:28 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-10-31 20:26 . 2012-10-31 20:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-10-31 20:18 . 2012-10-31 20:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\DriverCure
2012-10-31 20:18 . 2012-10-31 20:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\SpeedyPC Software
2012-10-31 20:17 . 2012-11-01 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-10-31 16:47 . 2012-10-31 16:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\FixZeroAccess
2012-10-31 16:36 . 2012-10-31 16:36 97440 ----a-w- c:\windows\system32\drivers\SMR311.SYS
2012-10-31 16:03 . 2012-10-31 16:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NPE
2012-10-31 16:03 . 2012-10-31 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-10-30 19:59 . 2012-10-30 20:03 -------- d-----w- c:\program files\Free Window Registry Repair
2012-10-30 18:48 . 2012-10-30 18:48 -------- d-----w- c:\program files\ESET
2012-10-30 16:13 . 2012-10-30 16:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-10-30 16:13 . 2012-10-30 16:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-30 16:13 . 2012-10-30 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-10-29 20:34 . 2012-10-23 10:18 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-29 20:34 . 2012-10-23 10:18 360392 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-29 20:34 . 2012-10-23 10:18 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-29 20:34 . 2012-10-23 10:18 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-29 20:34 . 2012-10-23 10:18 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-29 20:33 . 2012-10-23 10:18 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-29 20:33 . 2012-10-23 10:18 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-29 20:33 . 2012-10-23 10:18 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-29 20:32 . 2012-10-23 10:17 41224 ----a-w- c:\windows\avastSS.scr
2012-10-29 20:32 . 2012-10-23 10:17 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-29 20:31 . 2012-10-29 20:31 -------- d-----w- c:\program files\AVAST Software
2012-10-29 20:31 . 2012-10-29 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-10-29 20:09 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-10-29 20:09 . 2001-08-18 05:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-10-29 20:09 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-10-29 20:09 . 2001-08-18 05:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-10-29 20:09 . 2001-08-18 05:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-10-29 20:08 . 2001-08-18 05:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2012-10-29 20:08 . 2001-08-17 19:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-10-29 20:08 . 2004-08-04 05:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-10-29 20:08 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2012-10-29 20:08 . 2004-08-04 05:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-10-29 20:08 . 2004-08-04 05:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-10-29 20:08 . 2001-08-17 19:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-10-29 20:06 . 2001-08-17 20:28 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2012-10-29 20:05 . 2008-04-13 18:45 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys
2012-10-29 20:04 . 2001-08-17 19:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2012-10-29 20:03 . 2001-08-17 19:51 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2012-10-29 20:02 . 2001-08-18 05:36 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2012-10-29 20:01 . 2001-08-17 20:51 61824 ----a-w- c:\windows\system32\dllcache\speed.sys
2012-10-29 20:00 . 2008-04-13 18:36 16000 ----a-w- c:\windows\system32\dllcache\smbbatt.sys
2012-10-29 19:59 . 2001-07-21 21:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-10-29 19:58 . 2001-08-18 05:36 495616 ----a-w- c:\windows\system32\dllcache\sblfx.dll
2012-10-29 19:57 . 2001-08-17 19:12 19017 ----a-w- c:\windows\system32\dllcache\rtl8029.sys
2012-10-29 19:56 . 2001-08-17 20:52 33152 ----a-w- c:\windows\system32\dllcache\ql10wnt.sys
2012-10-29 19:55 . 2001-08-17 21:04 173696 ----a-w- c:\windows\system32\dllcache\philcam2.sys
2012-10-29 19:54 . 2001-08-18 05:36 39424 ----a-w- c:\windows\system32\dllcache\ovcoms.exe
2012-10-29 19:53 . 2001-08-18 05:36 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2012-10-29 19:52 . 2001-08-17 19:50 13664 ----a-w- c:\windows\system32\dllcache\n9i128.sys
2012-10-29 19:51 . 2001-08-17 21:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2012-10-29 19:51 . 2001-08-17 20:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2012-10-29 19:51 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2012-10-29 19:50 . 2001-08-17 20:52 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-10-29 19:50 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2012-10-29 19:48 . 2001-08-18 05:36 58368 ----a-w- c:\windows\system32\dllcache\m3091dc.dll
2012-10-29 19:47 . 2004-08-04 13:00 18432 ----a-w- c:\windows\system32\dllcache\jupiw.dll
2012-10-29 19:46 . 2001-08-18 05:36 372824 ----a-w- c:\windows\system32\dllcache\iconf32.dll
2012-10-29 19:45 . 2001-08-17 20:28 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys
2012-10-29 19:44 . 2001-08-18 05:36 93696 ----a-w- c:\windows\system32\dllcache\hpgt42.dll
2012-10-29 19:43 . 2001-08-18 05:36 92160 ----a-w- c:\windows\system32\dllcache\fuusd.dll
2012-10-29 19:42 . 2004-08-04 05:32 137088 ----a-w- c:\windows\system32\dllcache\essm2e.sys
2012-10-29 19:41 . 2001-08-17 19:10 69692 ----a-w- c:\windows\system32\dllcache\el575nd5.sys
2012-10-29 19:40 . 2001-08-18 05:36 159828 ----a-w- c:\windows\system32\dllcache\digihlc.dll
2012-10-29 19:39 . 2001-08-17 19:19 72832 ----a-w- c:\windows\system32\dllcache\cwbwdm.sys
2012-10-29 19:38 . 2004-08-04 13:00 54528 ----a-w- c:\windows\system32\dllcache\cap7146.sys
2012-10-29 19:37 . 2008-04-13 18:46 38912 ----a-w- c:\windows\system32\dllcache\avc.sys
2012-10-29 19:36 . 2004-08-04 13:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2012-10-29 19:36 . 2001-08-17 21:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-10-29 19:35 . 2004-08-04 13:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2012-10-29 19:35 . 2004-08-04 13:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2012-10-29 19:35 . 2004-08-04 13:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2012-10-29 19:35 . 2004-08-04 13:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2012-10-29 19:35 . 2004-08-04 13:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2012-10-29 19:35 . 2004-08-04 13:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2012-10-29 17:29 . 2012-10-29 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-29 17:17 . 2012-10-29 17:17 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-29 16:19 . 2012-10-29 16:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-10-29 16:18 . 2012-10-29 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-27 04:24 . 2012-10-27 04:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Anvisoft
2012-10-27 04:24 . 2012-10-27 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Anvisoft
2012-10-27 04:24 . 2012-10-27 04:24 -------- d-----w- c:\program files\Anvisoft
2012-10-26 02:11 . 2012-10-29 17:10 -------- d-----w- C:\$AVG
2012-10-26 02:11 . 2012-10-29 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2012-10-26 02:09 . 2012-10-26 02:09 -------- d-----w- c:\program files\AVG
2012-10-26 01:57 . 2012-10-26 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2012-10-26 01:57 . 2012-10-29 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-10-26 01:57 . 2012-10-29 17:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Avg2013
2012-10-26 01:57 . 2012-10-26 01:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\MFAData
2012-10-26 00:36 . 2012-10-26 00:35 159608 ----a-w- c:\windows\system32\mfevtps.exe.046e.deleteme
2012-10-12 04:00 . 2012-10-12 04:00 -------- d-----w- C:\LGMobileUpgrade
2012-10-12 03:59 . 2012-10-12 03:59 -------- d-----w- c:\program files\LG Electronics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 00:43 . 2012-04-12 02:06 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 00:43 . 2011-07-28 03:22 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:14 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 08:00 385024 ---ha-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-04 08:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2004-08-04 08:00 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-04 08:00 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-03-16 01:51 . 2004-03-16 01:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2003-05-01 16:36 . 2003-05-01 16:36 114688 ----a-w- c:\program files\internet explorer\plugins\LV7ActiveXControl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-23 10:17 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Mobile Printing"="c:\program files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE" [2003-05-23 630784]
"BYR_AGENT"="c:\lgmobileupgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2012-09-24 392320]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-16 4762496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-30 88267]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-24 335872]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-03-01 200766]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 618496]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-09-26 114741]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-23 4297136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Button Manager.lnk - c:\program files\HP\Button Manager\BM.exe [2011-10-26 356864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Mouse Control Center.lnk - c:\program files\Targus\Mouse Control\Panel.exe [2005-5-22 32768]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OROS Internal Parameters Monitoring.lnk]
backup=c:\windows\pss\OROS Internal Parameters Monitoring.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/29/2012 1:34 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/29/2012 1:34 PM 360392]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 11:54 AM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/29/2012 1:34 PM 21256]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 1:00 AM 14336]
R2 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.dll [4/1/2004 10:16 AM 10829]
R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [3/7/2005 1:54 PM 37376]
R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [3/7/2005 1:54 PM 21504]
R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [3/7/2005 3:37 PM 674304]
R2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [3/1/2005 7:26 PM 145920]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [3/7/2005 3:41 PM 50688]
R2 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfk.dll [3/7/2005 11:25 PM 160768]
R2 nilvaik;nilvaik;c:\windows\system32\drivers\nilvaik.dll [3/5/2005 1:08 PM 11264]
R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [3/7/2005 1:55 PM 30208]
R2 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpk.dll [3/4/2005 9:33 PM 18944]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [10/19/2004 3:30 PM 41075]
R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [3/7/2005 1:56 PM 111616]
R2 niswdk;niswdk;c:\windows\system32\drivers\niswdk.dll [3/5/2005 11:32 AM 456704]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [10/26/2011 8:17 PM 104960]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [10/26/2011 8:17 PM 14336]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [10/13/2004 12:34 PM 182101]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [10/13/2004 12:34 PM 5689]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrk.dll [3/5/2005 4:18 AM 169472]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2k.dll [3/1/2005 7:53 PM 237056]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstsk.dll [3/4/2005 9:25 PM 50688]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdk.dll [3/5/2005 10:47 AM 500736]
S2 nidevldu;nidevldu;system32\nipalsm.exe --> system32\nipalsm.exe [?]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [9/22/2011 5:21 PM 245760]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [3/26/2003 3:13 AM 30208]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsark.dll [3/7/2005 4:18 PM 712192]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrk.dll [3/14/2005 8:13 PM 477184]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrk.dll [3/5/2005 5:56 AM 126976]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [12/9/2004 11:07 AM 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [12/9/2004 11:08 AM 151683]
S3 nipalusb;NI-PAL USB Driver;c:\windows\system32\drivers\nipalusb.sys [2/28/2005 6:09 PM 92258]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigk.dll [3/5/2005 5:33 AM 230912]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftk.dll [3/7/2005 2:39 PM 163328]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdk.dll [3/5/2005 10:47 AM 43008]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrk.dll [3/14/2005 8:13 PM 644096]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2k.dll [3/5/2005 1:29 AM 163328]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrk.dll [3/5/2005 6:09 AM 110080]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiork.dll [3/10/2005 10:46 AM 691200]
S3 NiViPxiK;NiViPxiK;c:\windows\system32\drivers\NiViPxiK.sys [7/14/2004 1:55 PM 24576]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrk.dll [3/14/2005 8:13 PM 416768]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrk.dll [3/14/2005 8:13 PM 860672]
S3 portor25;PortOr25 Service;c:\windows\system32\drivers\portor25.sys [12/15/2006 8:17 AM 7029]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NIPALK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 00:43]
.
2012-11-06 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-29 10:17]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-31 23:20]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-31 23:20]
.
2012-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3393650824-1097950842-2459437470-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-11 04:21]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3393650824-1097950842-2459437470-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-11 04:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 68.105.28.16 68.105.29.16
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-OROS - OR25 Analyzer V4.1 - c:\program files\OR25\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-06 06:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????h"??9?5?0?8??P???? ???B???????????????B? ???h"?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3393650824-1097950842-2459437470-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,20,d4,b0,19,e0,29,40,96,ca,41,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,20,d4,b0,19,e0,29,40,96,ca,41,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-11-06 06:22:33
ComboFix-quarantined-files.txt 2012-11-06 13:22
.
Pre-Run: 27,187,060,736 bytes free
Post-Run: 27,216,060,416 bytes free
.
- - End Of File - - 8F7E75A56513DC201955FF946E4F7E7F

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:56 AM

Posted 06 November 2012 - 11:32 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 OdinOneEye

OdinOneEye
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 06 November 2012 - 12:17 PM

Neither of those programs will run.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:56 AM

Posted 06 November 2012 - 12:56 PM

Step 1. Download TDSSKiller.exe
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Step 2. Place TDSSKiller.exe in Malwarebytes Chameleon folder.
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon

Step 3. Install the Chameleon driver by doing the following:
Press the Windows key + R and in the Run box, copy and paste the following command then press Enter.

"C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o

A black DOS prompt will appear with a prompt to press any key to continue, please do.

Step 4. Execute TDSSKiller.exe by doubleclicking on it
Press Start Scan
If Malicious objects are found, ensure Cure is selected (it should be by default)
Click Continue then click Reboot now
Once complete, a log will be produced at the root drive which is typically C:\
For example, C:\TDSSKiller.version_date_time_log.txt

Attach that log, please.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 OdinOneEye

OdinOneEye
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 06 November 2012 - 01:18 PM

Ok there were 2 logs in the C:/ drive, I am posting them both:


11:12:02.0858 0928 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:12:03.0970 0928 ============================================================
11:12:03.0970 0928 Current date / time: 2012/11/06 11:12:03.0970
11:12:03.0970 0928 SystemInfo:
11:12:03.0970 0928
11:12:03.0970 0928 OS Version: 5.1.2600 ServicePack: 3.0
11:12:03.0970 0928 Product type: Workstation
11:12:03.0970 0928 ComputerName: LAPTOP1
11:12:03.0970 0928 Windows directory: C:\WINDOWS
11:12:03.0970 0928 System windows directory: C:\WINDOWS
11:12:03.0970 0928 Processor architecture: Intel x86
11:12:03.0970 0928 Number of processors: 1
11:12:03.0970 0928 Page size: 0x1000
11:12:03.0970 0928 Boot type: Normal boot
11:12:03.0970 0928 ============================================================
11:12:06.0173 0928 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1430, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:12:06.0173 0928 Drive \Device\Harddisk1\DR4 - Size: 0x3E740000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:12:06.0183 0928 ============================================================
11:12:06.0183 0928 \Device\Harddisk0\DR0:
11:12:06.0183 0928 MBR partitions:
11:12:06.0183 0928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
11:12:06.0183 0928 \Device\Harddisk1\DR4:
11:12:06.0183 0928 MBR partitions:
11:12:06.0183 0928 \Device\Harddisk1\DR4\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x1F39E0
11:12:06.0183 0928 ============================================================
11:12:06.0203 0928 C: <-> \Device\Harddisk0\DR0\Partition1
11:12:06.0203 0928 ============================================================
11:12:06.0203 0928 Initialize success
11:12:06.0203 0928 ============================================================
11:12:08.0697 1156 ============================================================
11:12:08.0697 1156 Scan started
11:12:08.0697 1156 Mode: Manual;
11:12:08.0697 1156 ============================================================
11:12:10.0009 1156 ================ Scan system memory ========================
11:12:10.0019 1156 System memory - ok
11:12:10.0019 1156 ================ Scan services =============================
11:12:10.0169 1156 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
11:12:10.0179 1156 !SASCORE - ok
11:12:10.0409 1156 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
11:12:10.0419 1156 6to4 - ok
11:12:10.0569 1156 [ 68885EFEBC326F7FC9D0A35625D47BEA ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
11:12:10.0569 1156 Aavmker4 - ok
11:12:10.0589 1156 Abiosdsk - ok
11:12:10.0619 1156 abp480n5 - ok
11:12:11.0060 1156 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
11:12:11.0060 1156 ACDaemon - ok
11:12:11.0140 1156 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:12:11.0140 1156 ACPI - ok
11:12:11.0180 1156 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:12:11.0180 1156 ACPIEC - ok
11:12:11.0280 1156 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:12:11.0290 1156 AdobeFlashPlayerUpdateSvc - ok
11:12:11.0300 1156 adpu160m - ok
11:12:11.0360 1156 [ E696E749BEDCDA8B23757B8B5EA93780 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
11:12:11.0370 1156 aeaudio - ok
11:12:11.0401 1156 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:12:11.0401 1156 aec - ok
11:12:11.0461 1156 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:12:11.0471 1156 AFD - ok
11:12:11.0591 1156 [ 3E60F847C0C57EEDB7C0639710512CCC ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
11:12:11.0631 1156 AgereSoftModem - ok
11:12:11.0681 1156 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
11:12:11.0691 1156 agp440 - ok
11:12:11.0701 1156 Aha154x - ok
11:12:11.0721 1156 aic78u2 - ok
11:12:11.0741 1156 aic78xx - ok
11:12:11.0791 1156 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:12:11.0791 1156 Alerter - ok
11:12:11.0831 1156 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:12:11.0831 1156 ALG - ok
11:12:11.0851 1156 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
11:12:11.0861 1156 AliIde - ok
11:12:11.0871 1156 amsint - ok
11:12:11.0941 1156 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:12:11.0951 1156 AppMgmt - ok
11:12:12.0011 1156 [ 35A6A419D7526F5CF824AFB23AFA08D6 ] ArcSoftKsUFilter C:\WINDOWS\system32\DRIVERS\ArcSoftKsUFilter.sys
11:12:12.0011 1156 ArcSoftKsUFilter - ok
11:12:12.0031 1156 asc - ok
11:12:12.0051 1156 asc3350p - ok
11:12:12.0072 1156 asc3550 - ok
11:12:12.0152 1156 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
11:12:12.0152 1156 aspnet_state - ok
11:12:12.0192 1156 [ 598DAF89E7B2AD88FF6511CB9C4BA61A ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:12:12.0192 1156 aswFsBlk - ok
11:12:12.0252 1156 [ 8E69710F6A1016D47CCDDA6393F97D32 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
11:12:12.0252 1156 aswMon2 - ok
11:12:12.0272 1156 [ 816C6DCD6BF930C8FD8F68137E1BDDC4 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
11:12:12.0282 1156 AswRdr - ok
11:12:12.0342 1156 [ 6C8B09E245795E98B6BCC983D0AA4D26 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
11:12:12.0362 1156 aswSnx - ok
11:12:12.0412 1156 [ 437E3F4B4529AA616D4979A2B74CF8C5 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
11:12:12.0432 1156 aswSP - ok
11:12:12.0452 1156 [ BD07C8162C7FAD38FE4AAAE18E835216 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
11:12:12.0462 1156 aswTdi - ok
11:12:12.0512 1156 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:12:12.0522 1156 AsyncMac - ok
11:12:12.0542 1156 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:12:12.0542 1156 atapi - ok
11:12:12.0562 1156 Atdisk - ok
11:12:12.0602 1156 [ A0248F8E04443892841057C672A01D3D ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:12:12.0622 1156 Ati HotKey Poller - ok
11:12:12.0732 1156 [ 155F93D1D3B3DE83B0CA5EC44BA627E1 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:12:12.0762 1156 ati2mtag - ok
11:12:12.0823 1156 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:12:12.0833 1156 Atmarpc - ok
11:12:12.0873 1156 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:12:12.0883 1156 AudioSrv - ok
11:12:12.0963 1156 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:12:12.0973 1156 audstub - ok
11:12:13.0083 1156 [ FB05FF189FC5F57DE636315B1F5E56DB ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:12:13.0093 1156 avast! Antivirus - ok
11:12:13.0183 1156 [ 0E72B88B05A5931C46EFA7D511D9AEB9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:12:13.0193 1156 b57w2k - ok
11:12:13.0233 1156 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:12:13.0243 1156 Beep - ok
11:12:13.0313 1156 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:12:13.0393 1156 BITS - ok
11:12:13.0484 1156 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
11:12:13.0494 1156 Browser - ok
11:12:13.0554 1156 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
11:12:13.0584 1156 BrScnUsb - ok
11:12:13.0704 1156 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
11:12:13.0724 1156 BrYNSvc - ok
11:12:13.0874 1156 catchme - ok
11:12:13.0914 1156 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:12:13.0924 1156 cbidf2k - ok
11:12:13.0974 1156 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:12:13.0974 1156 CCDECODE - ok
11:12:14.0004 1156 cd20xrnt - ok
11:12:14.0024 1156 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:12:14.0034 1156 Cdaudio - ok
11:12:14.0074 1156 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:12:14.0084 1156 Cdfs - ok
11:12:14.0114 1156 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:12:14.0124 1156 Cdrom - ok
11:12:14.0144 1156 Changer - ok
11:12:14.0215 1156 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:12:14.0235 1156 CiSvc - ok
11:12:14.0255 1156 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:12:14.0265 1156 ClipSrv - ok
11:12:14.0295 1156 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:12:14.0305 1156 CmBatt - ok
11:12:14.0325 1156 CmdIde - ok
11:12:14.0355 1156 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:12:14.0355 1156 Compbatt - ok
11:12:14.0385 1156 COMSysApp - ok
11:12:14.0465 1156 [ 32B0AC2449D9EF70B719BFAF631F998A ] CONAN C:\WINDOWS\system32\drivers\o2mmb.sys
11:12:14.0495 1156 CONAN - ok
11:12:14.0525 1156 Cpqarray - ok
11:12:14.0565 1156 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:12:14.0575 1156 CryptSvc - ok
11:12:14.0585 1156 dac2w2k - ok
11:12:14.0605 1156 dac960nt - ok
11:12:14.0735 1156 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:12:14.0775 1156 DcomLaunch - ok
11:12:14.0845 1156 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:12:14.0866 1156 Dhcp - ok
11:12:14.0886 1156 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:12:14.0896 1156 Disk - ok
11:12:14.0916 1156 dmadmin - ok
11:12:15.0006 1156 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:12:15.0046 1156 dmboot - ok
11:12:15.0086 1156 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:12:15.0096 1156 dmio - ok
11:12:15.0116 1156 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:12:15.0126 1156 dmload - ok
11:12:15.0196 1156 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:12:15.0206 1156 dmserver - ok
11:12:15.0246 1156 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:12:15.0246 1156 DMusic - ok
11:12:15.0316 1156 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:12:15.0326 1156 Dnscache - ok
11:12:15.0446 1156 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:12:15.0456 1156 Dot3svc - ok
11:12:15.0476 1156 dpti2o - ok
11:12:15.0526 1156 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:12:15.0536 1156 drmkaud - ok
11:12:15.0577 1156 [ 1B539FC0D24997E9DB8B71CD0467C6DA ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
11:12:15.0587 1156 drvmcdb - ok
11:12:15.0617 1156 [ D3C1E501ED42E77574B3095309DD4075 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
11:12:15.0627 1156 drvnddm - ok
11:12:15.0697 1156 [ 81B7808D3B5892388F33273119C2DC31 ] eabfiltr C:\WINDOWS\system32\drivers\EABFiltr.sys
11:12:15.0707 1156 eabfiltr - ok
11:12:15.0737 1156 [ 1BA14DA377B66278335D4B9E8824CD42 ] eabusb C:\WINDOWS\system32\drivers\eabusb.sys
11:12:15.0737 1156 eabusb - ok
11:12:15.0837 1156 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:12:15.0847 1156 EapHost - ok
11:12:15.0897 1156 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:12:15.0907 1156 ERSvc - ok
11:12:15.0997 1156 esgiguard - ok
11:12:16.0057 1156 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:12:16.0087 1156 Eventlog - ok
11:12:16.0187 1156 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:12:16.0207 1156 EventSystem - ok
11:12:16.0237 1156 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:12:16.0268 1156 Fastfat - ok
11:12:16.0338 1156 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:12:16.0378 1156 FastUserSwitchingCompatibility - ok
11:12:16.0408 1156 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:12:16.0418 1156 Fdc - ok
11:12:16.0448 1156 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:12:16.0458 1156 Fips - ok
11:12:16.0478 1156 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:12:16.0488 1156 Flpydisk - ok
11:12:16.0568 1156 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:12:16.0578 1156 FltMgr - ok
11:12:16.0648 1156 [ 455F778EE14368468560BD7CB8C854D0 ] FsVga C:\WINDOWS\system32\DRIVERS\fsvga.sys
11:12:16.0658 1156 FsVga - ok
11:12:16.0698 1156 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:12:16.0698 1156 Fs_Rec - ok
11:12:16.0788 1156 [ A36E8BEEDB3AACA09BF55A1D17904BC8 ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
11:12:16.0798 1156 FTDIBUS - ok
11:12:16.0828 1156 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:12:16.0838 1156 Ftdisk - ok
11:12:16.0888 1156 [ A14A1F4BB391DF9C233CB5DBD05FEB70 ] FTSER2K C:\WINDOWS\system32\drivers\ftser2k.sys
11:12:16.0908 1156 FTSER2K - ok
11:12:16.0969 1156 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:12:16.0979 1156 Gpc - ok
11:12:17.0099 1156 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:12:17.0109 1156 gupdate - ok
11:12:17.0139 1156 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:12:17.0139 1156 gupdatem - ok
11:12:17.0229 1156 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:12:17.0239 1156 gusvc - ok
11:12:17.0349 1156 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:12:17.0359 1156 helpsvc - ok
11:12:17.0419 1156 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
11:12:17.0439 1156 HidServ - ok
11:12:17.0499 1156 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:12:17.0499 1156 HidUsb - ok
11:12:17.0599 1156 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:12:17.0619 1156 hkmsvc - ok
11:12:17.0640 1156 hpn - ok
11:12:17.0780 1156 [ E7E0CF2E13994DAB2CE10DFEF25BF610 ] hpqwmi C:\Program Files\HPQ\SHARED\HPQWMI.exe
11:12:17.0790 1156 hpqwmi - ok
11:12:17.0900 1156 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:12:17.0920 1156 HTTP - ok
11:12:17.0980 1156 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:12:18.0010 1156 HTTPFilter - ok
11:12:18.0040 1156 i2omgmt - ok
11:12:18.0060 1156 i2omp - ok
11:12:18.0100 1156 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:12:18.0110 1156 i8042prt - ok
11:12:18.0170 1156 [ D542B05BAB582295AFBD92B1965BE68A ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
11:12:18.0180 1156 IFXTPM - ok
11:12:18.0230 1156 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:12:18.0240 1156 Imapi - ok
11:12:18.0341 1156 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:12:18.0361 1156 ImapiService - ok
11:12:18.0391 1156 ini910u - ok
11:12:18.0431 1156 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:12:18.0441 1156 IntelIde - ok
11:12:18.0501 1156 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:12:18.0511 1156 intelppm - ok
11:12:18.0561 1156 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:12:18.0571 1156 Ip6Fw - ok
11:12:18.0621 1156 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:12:18.0631 1156 IpFilterDriver - ok
11:12:18.0691 1156 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:12:18.0701 1156 IpInIp - ok
11:12:18.0751 1156 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:12:18.0761 1156 IpNat - ok
11:12:18.0851 1156 [ F08D74EC300B8BA60CA953C58A24D19E ] Iprip C:\WINDOWS\System32\iprip.dll
11:12:18.0861 1156 Iprip - ok
11:12:18.0931 1156 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:12:18.0941 1156 IPSec - ok
11:12:18.0991 1156 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
11:12:19.0001 1156 irda - ok
11:12:19.0021 1156 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:12:19.0042 1156 IRENUM - ok
11:12:19.0072 1156 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
11:12:19.0082 1156 Irmon - ok
11:12:19.0112 1156 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:12:19.0122 1156 isapnp - ok
11:12:19.0262 1156 [ E4AE0CBC0B55A5FAA6996E38CE6C981B ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
11:12:19.0272 1156 JavaQuickStarterService - ok
11:12:19.0302 1156 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:12:19.0312 1156 Kbdclass - ok
11:12:19.0342 1156 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:12:19.0352 1156 kbdhid - ok
11:12:19.0402 1156 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:12:19.0412 1156 kmixer - ok
11:12:19.0462 1156 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:12:19.0472 1156 KSecDD - ok
11:12:19.0532 1156 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:12:19.0582 1156 lanmanserver - ok
11:12:19.0642 1156 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:12:19.0662 1156 lanmanworkstation - ok
11:12:19.0672 1156 lbrtfdc - ok
11:12:19.0763 1156 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:12:19.0773 1156 LmHosts - ok
11:12:19.0803 1156 [ AD1A428085F6499AFC085DB14E6C2EBC ] lvalarmk C:\WINDOWS\system32\drivers\lvalarmk.dll
11:12:19.0803 1156 lvalarmk - ok
11:12:19.0863 1156 [ 72F30FA2E98D628DFF8D82011E687EBB ] LxrJD31d C:\WINDOWS\system32\Drivers\LxrJD31d.sys
11:12:19.0873 1156 LxrJD31d - ok
11:12:19.0883 1156 LxrJD31s - ok
11:12:19.0923 1156 [ 34F2249A8EEE91AD85FBDB7440C0DF96 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
11:12:19.0923 1156 mbamchameleon - ok
11:12:19.0963 1156 [ 4C32B247524F91DB486D21DCB84D9C23 ] MbxStby C:\WINDOWS\system32\drivers\MbxStby.sys
11:12:19.0973 1156 MbxStby - ok
11:12:20.0013 1156 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:12:20.0013 1156 Messenger - ok
11:12:20.0043 1156 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:12:20.0043 1156 mnmdd - ok
11:12:20.0103 1156 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:12:20.0113 1156 mnmsrvc - ok
11:12:20.0173 1156 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:12:20.0183 1156 Modem - ok
11:12:20.0213 1156 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:12:20.0213 1156 Mouclass - ok
11:12:20.0283 1156 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:12:20.0283 1156 mouhid - ok
11:12:20.0333 1156 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:12:20.0343 1156 MountMgr - ok
11:12:20.0363 1156 mraid35x - ok
11:12:20.0383 1156 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:12:20.0393 1156 MRxDAV - ok
11:12:20.0444 1156 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:12:20.0464 1156 MRxSmb - ok
11:12:20.0484 1156 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:12:20.0494 1156 MSDTC - ok
11:12:20.0514 1156 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:12:20.0524 1156 Msfs - ok
11:12:20.0544 1156 MSIServer - ok
11:12:20.0584 1156 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:12:20.0594 1156 MSKSSRV - ok
11:12:20.0614 1156 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:12:20.0614 1156 MSPCLOCK - ok
11:12:20.0634 1156 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:12:20.0644 1156 MSPQM - ok
11:12:20.0734 1156 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:12:20.0744 1156 mssmbios - ok
11:12:20.0794 1156 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:12:20.0804 1156 Mup - ok
11:12:20.0914 1156 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:12:20.0944 1156 napagent - ok
11:12:20.0964 1156 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:12:20.0974 1156 NDIS - ok
11:12:21.0014 1156 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:12:21.0014 1156 NdisTapi - ok
11:12:21.0064 1156 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:12:21.0064 1156 Ndisuio - ok
11:12:21.0084 1156 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:12:21.0094 1156 NdisWan - ok
11:12:21.0145 1156 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:12:21.0155 1156 NDProxy - ok
11:12:21.0165 1156 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:12:21.0185 1156 NetBIOS - ok
11:12:21.0215 1156 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:12:21.0225 1156 NetBT - ok
11:12:21.0295 1156 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:12:21.0325 1156 NetDDE - ok
11:12:21.0345 1156 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:12:21.0365 1156 NetDDEdsdm - ok
11:12:21.0425 1156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:12:21.0435 1156 Netlogon - ok
11:12:21.0475 1156 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:12:21.0505 1156 Netman - ok
11:12:21.0575 1156 [ 5D249C5365F819F70882570A1746C9D2 ] niarbk C:\WINDOWS\system32\drivers\niarbk.dll
11:12:21.0585 1156 niarbk - ok
11:12:21.0625 1156 [ EC11F3561E9EF42B515839C5FEED393B ] nibffrk C:\WINDOWS\system32\drivers\nibffrk.dll
11:12:21.0635 1156 nibffrk - ok
11:12:21.0785 1156 [ E9B0EE82FDF6CA61C67B911811429D56 ] nicdrk C:\WINDOWS\system32\drivers\nicdrk.dll
11:12:21.0806 1156 nicdrk - ok
11:12:21.0896 1156 [ DE9F3ED56B191EB1A5DAF3BE2EDE0C82 ] Nidaq32k C:\WINDOWS\system32\drivers\Nidaq32k.sys
11:12:21.0936 1156 Nidaq32k - ok
11:12:22.0006 1156 [ A01029F0E59C8D6796019A5CA8278584 ] nidevldu C:\WINDOWS\system32\nipalsm.exe
11:12:22.0026 1156 nidevldu - ok
11:12:22.0076 1156 [ 9474C2DA89930771664EDBB39D5EFD72 ] nidimk C:\WINDOWS\system32\drivers\nidimk.dll
11:12:22.0086 1156 nidimk - ok
11:12:22.0116 1156 [ 7F89A2EFEC4B1296242AD05A00B3D4B1 ] nidmmk C:\WINDOWS\system32\drivers\nidmmk.dll
11:12:22.0126 1156 nidmmk - ok
11:12:22.0156 1156 [ F8A064C12A66EC3061B7C7C66C17C631 ] nidmxfk C:\WINDOWS\system32\drivers\nidmxfk.dll
11:12:22.0166 1156 nidmxfk - ok
11:12:22.0256 1156 [ D79E5F78E74ACD64685229E0E8F174E8 ] nidsark C:\WINDOWS\system32\drivers\nidsark.dll
11:12:22.0286 1156 nidsark - ok
11:12:22.0336 1156 [ F5126F456EEEE1F1BB639D0234FEDFA9 ] niesrk C:\WINDOWS\system32\drivers\niesrk.dll
11:12:22.0366 1156 niesrk - ok
11:12:22.0486 1156 [ F7FF2F0A1AF407E2671DB36C4D721500 ] NILM License Manager C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
11:12:22.0517 1156 NILM License Manager - ok
11:12:22.0557 1156 [ 5D535C2165D02642695FDD99520D6CDA ] nilvaik C:\WINDOWS\system32\drivers\nilvaik.dll
11:12:22.0577 1156 nilvaik - ok
11:12:22.0627 1156 [ 813C9163D719E85F98FE2D9F530BA117 ] nimdbgk C:\WINDOWS\system32\drivers\nimdbgk.dll
11:12:22.0657 1156 nimdbgk - ok
11:12:22.0687 1156 [ DD4B89019AB1ECA5C04757E2F7D8A9E4 ] nimdsk C:\WINDOWS\system32\drivers\nimdsk.dll
11:12:22.0687 1156 nimdsk - ok
11:12:22.0887 1156 [ 97113D59C5AB8466559238DC15F1B23E ] nimru2k C:\WINDOWS\system32\drivers\nimru2k.dll
11:12:22.0897 1156 nimru2k - ok
11:12:22.0927 1156 [ F49A760DDCA0A48A5C5A23B34533195D ] nimsdrk C:\WINDOWS\system32\drivers\nimsdrk.dll
11:12:22.0937 1156 nimsdrk - ok
11:12:22.0947 1156 [ 99521722C0858AB23E06855E1069C725 ] nimslk C:\WINDOWS\system32\drivers\nimslk.dll
11:12:22.0967 1156 nimslk - ok
11:12:23.0017 1156 [ ACFD05455DF010E85E0C8A56E9C255C3 ] nimsrlk C:\WINDOWS\system32\drivers\nimsrlk.dll
11:12:23.0037 1156 nimsrlk - ok
11:12:23.0067 1156 [ 80D7CF4F4FB7F1A9C457682C00134EB2 ] nimstsk C:\WINDOWS\system32\drivers\nimstsk.dll
11:12:23.0077 1156 nimstsk - ok
11:12:23.0157 1156 [ 4F0B68984C204F5CC5EDF8643C996095 ] nimxdfk C:\WINDOWS\system32\drivers\nimxdfk.dll
11:12:23.0167 1156 nimxdfk - ok
11:12:23.0198 1156 [ 1289DCDE2D7F9393849802FC9572409A ] nimxpk C:\WINDOWS\system32\drivers\nimxpk.dll
11:12:23.0208 1156 nimxpk - ok
11:12:23.0238 1156 [ 4A7BD0531777E021E7E21E549365F958 ] niorbk C:\WINDOWS\system32\drivers\niorbk.dll
11:12:23.0238 1156 niorbk - ok
11:12:23.0318 1156 [ C5A9C70BEC67316B2469851152AF7F44 ] NIPALK C:\WINDOWS\system32\drivers\nipalk.sys
11:12:23.0338 1156 NIPALK - ok
11:12:23.0398 1156 [ 15288881AF4E4A1B6BE337B5254BE00F ] nipalusb C:\WINDOWS\system32\DRIVERS\nipalusb.sys
11:12:23.0408 1156 nipalusb - ok
11:12:23.0428 1156 [ 6E5DCD3FDAA1C368F18B5B25D8C8658E ] nipxirmk C:\WINDOWS\system32\drivers\nipxirmk.dll
11:12:23.0438 1156 nipxirmk - ok
11:12:23.0468 1156 [ A01029F0E59C8D6796019A5CA8278584 ] nipxirmu C:\WINDOWS\system32\nipalsm.exe
11:12:23.0488 1156 nipxirmu - ok
11:12:23.0548 1156 [ 7F8D0AF577410F12E5EA0AAF20B0BE59 ] niscdk C:\WINDOWS\system32\drivers\niscdk.dll
11:12:23.0588 1156 niscdk - ok
11:12:23.0618 1156 [ 0160446FB0D40960A9A9D200C4AF8673 ] nisdigk C:\WINDOWS\system32\drivers\nisdigk.dll
11:12:23.0638 1156 nisdigk - ok
11:12:23.0698 1156 [ 74792B4771F87F75106C1730C41D36BF ] nisftk C:\WINDOWS\system32\drivers\nisftk.dll
11:12:23.0738 1156 nisftk - ok
11:12:23.0758 1156 [ E1FB457BF6B7386394FB01CA7A5C9CC1 ] nispdk C:\WINDOWS\system32\drivers\nispdk.dll
11:12:23.0768 1156 nispdk - ok
11:12:23.0868 1156 [ B403C388D439D146146D94780ADAB505 ] nissrk C:\WINDOWS\system32\drivers\nissrk.dll
11:12:23.0919 1156 nissrk - ok
11:12:23.0949 1156 [ 473CD2E3BC17E5028DA3134EDBF706AA ] nistc2k C:\WINDOWS\system32\drivers\nistc2k.dll
11:12:23.0959 1156 nistc2k - ok
11:12:23.0989 1156 [ 45BFFAED056B917407CC2D52A520A582 ] nistck C:\WINDOWS\system32\drivers\nistck.dll
11:12:23.0999 1156 nistck - ok
11:12:24.0059 1156 [ 65DCF1CAD18BFAB36C23EFF7483107C7 ] nistcrk C:\WINDOWS\system32\drivers\nistcrk.dll
11:12:24.0089 1156 nistcrk - ok
11:12:24.0189 1156 [ FA21E527D3C6EC9E5218DCD310E364A0 ] niswdk C:\WINDOWS\system32\drivers\niswdk.dll
11:12:24.0219 1156 niswdk - ok
11:12:24.0289 1156 [ 3DCE48DC6535B90FDB4ABA8522BF7BB1 ] nitiork C:\WINDOWS\system32\drivers\nitiork.dll
11:12:24.0329 1156 nitiork - ok
11:12:24.0359 1156 [ 9271A16398ED77BF40EDA4D12723D354 ] NiViPxiK C:\WINDOWS\system32\drivers\NiViPxiK.sys
11:12:24.0369 1156 NiViPxiK - ok
11:12:24.0429 1156 [ 199F1F4D927F0B7A02BD3B18B02505BD ] niwfrk C:\WINDOWS\system32\drivers\niwfrk.dll
11:12:24.0449 1156 niwfrk - ok
11:12:24.0529 1156 [ D03942BF3894B2AB30FBC0558A8D02B0 ] nixsrk C:\WINDOWS\system32\drivers\nixsrk.dll
11:12:24.0569 1156 nixsrk - ok
11:12:24.0630 1156 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:12:24.0660 1156 Nla - ok
11:12:24.0720 1156 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:12:24.0730 1156 Npfs - ok
11:12:24.0820 1156 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:12:24.0890 1156 Ntfs - ok
11:12:24.0930 1156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:12:24.0940 1156 NtLmSsp - ok
11:12:25.0020 1156 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:12:25.0060 1156 NtmsSvc - ok
11:12:25.0120 1156 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:12:25.0130 1156 Null - ok
11:12:25.0170 1156 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:12:25.0180 1156 NwlnkFlt - ok
11:12:25.0200 1156 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:12:25.0220 1156 NwlnkFwd - ok
11:12:25.0321 1156 [ 937A02981F11B2CE96B1D493C95AED2B ] p2pgasvc C:\WINDOWS\system32\p2pgasvc.dll
11:12:25.0351 1156 p2pgasvc - ok
11:12:25.0411 1156 [ 4A1035CB8F0D57BE41873B5183D96CF4 ] p2pimsvc C:\WINDOWS\system32\p2psvc.dll
11:12:25.0451 1156 p2pimsvc - ok
11:12:25.0491 1156 [ 4A1035CB8F0D57BE41873B5183D96CF4 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
11:12:25.0531 1156 p2psvc - ok
11:12:25.0581 1156 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:12:25.0581 1156 Parport - ok
11:12:25.0601 1156 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:12:25.0611 1156 PartMgr - ok
11:12:25.0661 1156 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:12:25.0671 1156 ParVdm - ok
11:12:25.0691 1156 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:12:25.0691 1156 PCI - ok
11:12:25.0701 1156 PCIDump - ok
11:12:25.0721 1156 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:12:25.0721 1156 PCIIde - ok
11:12:25.0741 1156 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:12:25.0741 1156 Pcmcia - ok
11:12:25.0761 1156 PDCOMP - ok
11:12:25.0771 1156 PDFRAME - ok
11:12:25.0781 1156 PDRELI - ok
11:12:25.0801 1156 PDRFRAME - ok
11:12:25.0811 1156 perc2 - ok
11:12:25.0821 1156 perc2hib - ok
11:12:25.0891 1156 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:12:25.0901 1156 PlugPlay - ok
11:12:25.0921 1156 [ 4A1035CB8F0D57BE41873B5183D96CF4 ] PNRPSvc C:\WINDOWS\system32\p2psvc.dll
11:12:25.0941 1156 PNRPSvc - ok
11:12:25.0951 1156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:12:25.0961 1156 PolicyAgent - ok
11:12:26.0002 1156 [ 9845080108D42C743BB420CBCDB2028D ] portor25 C:\WINDOWS\system32\drivers\portor25.sys
11:12:26.0002 1156 portor25 - ok
11:12:26.0042 1156 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:12:26.0042 1156 PptpMiniport - ok
11:12:26.0062 1156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:12:26.0062 1156 ProtectedStorage - ok
11:12:26.0092 1156 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:12:26.0102 1156 PSched - ok
11:12:26.0112 1156 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:12:26.0112 1156 Ptilink - ok
11:12:26.0142 1156 [ 7E1EACDECBA39E0B2A35306426F0DECC ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
11:12:26.0152 1156 PxHelp20 - ok
11:12:26.0162 1156 ql1080 - ok
11:12:26.0172 1156 Ql10wnt - ok
11:12:26.0192 1156 ql12160 - ok
11:12:26.0202 1156 ql1240 - ok
11:12:26.0212 1156 ql1280 - ok
11:12:26.0232 1156 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:12:26.0242 1156 RasAcd - ok
11:12:26.0292 1156 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:12:26.0302 1156 RasAuto - ok
11:12:26.0322 1156 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:12:26.0322 1156 Rasirda - ok
11:12:26.0332 1156 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:12:26.0352 1156 Rasl2tp - ok
11:12:26.0402 1156 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:12:26.0422 1156 RasMan - ok
11:12:26.0432 1156 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:12:26.0442 1156 RasPppoe - ok
11:12:26.0452 1156 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:12:26.0452 1156 Raspti - ok
11:12:26.0522 1156 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:12:26.0532 1156 Rdbss - ok
11:12:26.0562 1156 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:12:26.0562 1156 RDPCDD - ok
11:12:26.0612 1156 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:12:26.0622 1156 rdpdr - ok
11:12:26.0693 1156 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:12:26.0703 1156 RDPWD - ok
11:12:26.0753 1156 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:12:26.0773 1156 RDSessMgr - ok
11:12:26.0833 1156 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:12:26.0853 1156 redbook - ok
11:12:26.0903 1156 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:12:26.0913 1156 RemoteAccess - ok
11:12:26.0983 1156 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:12:27.0003 1156 RemoteRegistry - ok
11:12:27.0033 1156 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:12:27.0043 1156 RpcLocator - ok
11:12:27.0103 1156 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
11:12:27.0123 1156 RpcSs - ok
11:12:27.0173 1156 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:12:27.0193 1156 RSVP - ok
11:12:27.0213 1156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:12:27.0223 1156 SamSs - ok
11:12:27.0283 1156 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:12:27.0283 1156 SASDIFSV - ok
11:12:27.0303 1156 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:12:27.0313 1156 SASKUTIL - ok
11:12:27.0323 1156 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:12:27.0374 1156 SCardSvr - ok
11:12:27.0424 1156 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:12:27.0454 1156 Schedule - ok
11:12:27.0534 1156 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:12:27.0534 1156 Secdrv - ok
11:12:27.0584 1156 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:12:27.0614 1156 seclogon - ok
11:12:27.0714 1156 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:12:27.0734 1156 SENS - ok
11:12:27.0784 1156 [ 961040C7F15AB778AB37410C91B5A486 ] Ser2pl C:\WINDOWS\system32\DRIVERS\ser2pl.sys
11:12:27.0794 1156 Ser2pl - ok
11:12:27.0854 1156 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:12:27.0864 1156 serenum - ok
11:12:27.0894 1156 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:12:27.0904 1156 Serial - ok
11:12:27.0934 1156 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:12:27.0944 1156 Sfloppy - ok
11:12:28.0034 1156 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:12:28.0054 1156 SharedAccess - ok
11:12:28.0105 1156 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:12:28.0125 1156 ShellHWDetection - ok
11:12:28.0155 1156 Simbad - ok
11:12:28.0195 1156 [ 32933B07FC16D9F778BEE12545FA1B1A ] SimpTcp C:\WINDOWS\system32\tcpsvcs.exe
11:12:28.0225 1156 SimpTcp - ok
11:12:28.0295 1156 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:12:28.0305 1156 SLIP - ok
11:12:28.0345 1156 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
11:12:28.0365 1156 SMCIRDA - ok
11:12:28.0455 1156 [ F5A256E9755FD361D277FE1F5D02DD7A ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
11:12:28.0485 1156 smwdm - ok
11:12:28.0575 1156 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
11:12:28.0575 1156 SoundMAX Agent Service (default) - ok
11:12:28.0595 1156 Sparrow - ok
11:12:28.0645 1156 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:12:28.0655 1156 splitter - ok
11:12:28.0776 1156 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:12:28.0796 1156 Spooler - ok
11:12:28.0826 1156 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:12:28.0846 1156 sr - ok
11:12:28.0936 1156 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:12:28.0966 1156 srservice - ok
11:12:29.0036 1156 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:12:29.0056 1156 Srv - ok
11:12:29.0106 1156 [ 328E8BB94EC58480F60458FB4B8437A7 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
11:12:29.0116 1156 sscdbhk5 - ok
11:12:29.0166 1156 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:12:29.0196 1156 SSDPSRV - ok
11:12:29.0226 1156 [ 7EC8B427CEE5C0CDAC066320B93F1355 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
11:12:29.0236 1156 ssrtln - ok
11:12:29.0296 1156 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
11:12:29.0306 1156 StillCam - ok
11:12:29.0396 1156 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:12:29.0436 1156 stisvc - ok
11:12:29.0477 1156 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:12:29.0487 1156 swenum - ok
11:12:29.0527 1156 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:12:29.0537 1156 swmidi - ok
11:12:29.0547 1156 SwPrv - ok
11:12:29.0587 1156 symc810 - ok
11:12:29.0617 1156 symc8xx - ok
11:12:29.0637 1156 sym_hi - ok
11:12:29.0657 1156 sym_u3 - ok
11:12:29.0807 1156 [ 0C1762FEF34B265498EF2F3BEF7F1D64 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:12:29.0817 1156 SynTP - ok
11:12:29.0877 1156 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:12:29.0887 1156 sysaudio - ok
11:12:29.0947 1156 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:12:29.0977 1156 SysmonLog - ok
11:12:30.0067 1156 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:12:30.0097 1156 TapiSrv - ok
11:12:30.0208 1156 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:12:30.0228 1156 Tcpip - ok
11:12:30.0278 1156 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
11:12:30.0298 1156 Tcpip6 - ok
11:12:30.0338 1156 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:12:30.0348 1156 TDPIPE - ok
11:12:30.0368 1156 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:12:30.0388 1156 TDTCP - ok
11:12:30.0418 1156 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:12:30.0428 1156 TermDD - ok
11:12:30.0488 1156 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:12:30.0528 1156 TermService - ok
11:12:30.0648 1156 [ F807988624638744FF198142B5C4AF31 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
11:12:30.0658 1156 tfsnboio - ok
11:12:30.0688 1156 [ 97F2C4B4DE5B81D8D72BDE9D14B888CF ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
11:12:30.0688 1156 tfsncofs - ok
11:12:30.0718 1156 [ 29152FA1A9577304B37CAEECCEFFD1D2 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
11:12:30.0728 1156 tfsndrct - ok
11:12:30.0778 1156 [ 8EE2ED684E08DAD9EFEFCFAEE7AC94FE ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
11:12:30.0778 1156 tfsndres - ok
11:12:30.0808 1156 [ 7A9B002095B449C72E36A28632C9F470 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
11:12:30.0818 1156 tfsnifs - ok
11:12:30.0828 1156 [ 528FC50C6744199C2014DA25E4A21587 ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
11:12:30.0849 1156 tfsnopio - ok
11:12:30.0869 1156 [ 527529E843B8CBDC817B342A300729CF ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
11:12:30.0889 1156 tfsnpool - ok
11:12:30.0909 1156 [ B529966C80CEE24783600DA68E073B45 ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
11:12:30.0919 1156 tfsnudf - ok
11:12:30.0949 1156 [ C739497CA739C88DAA6345D4F3778E46 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
11:12:30.0959 1156 tfsnudfa - ok
11:12:30.0999 1156 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:12:31.0009 1156 Themes - ok
11:12:31.0049 1156 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:12:31.0059 1156 TlntSvr - ok
11:12:31.0069 1156 TosIde - ok
11:12:31.0089 1156 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:12:31.0099 1156 TrkWks - ok
11:12:31.0149 1156 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
11:12:31.0149 1156 tunmp - ok
11:12:31.0259 1156 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
11:12:31.0259 1156 uCamMonitor - ok
11:12:31.0269 1156 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:12:31.0279 1156 Udfs - ok
11:12:31.0289 1156 ultra - ok
11:12:31.0339 1156 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:12:31.0349 1156 Update - ok
11:12:31.0379 1156 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:12:31.0399 1156 upnphost - ok
11:12:31.0409 1156 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:12:31.0419 1156 UPS - ok
11:12:31.0479 1156 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
11:12:31.0489 1156 usbaudio - ok
11:12:31.0529 1156 [ AF9388E736AF0C325067F05EDC350010 ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
11:12:31.0539 1156 usbbus - ok
11:12:31.0570 1156 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:12:31.0580 1156 usbccgp - ok
11:12:31.0650 1156 [ AE30EA96E60E823C7B525DA356283AE8 ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
11:12:31.0660 1156 UsbDiag - ok
11:12:31.0710 1156 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:12:31.0720 1156 usbehci - ok
11:12:31.0740 1156 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:12:31.0740 1156 usbhub - ok
11:12:31.0790 1156 [ 46AC66DF3D6EFE81F69BEA823A53AAB5 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
11:12:31.0790 1156 USBModem - ok
11:12:31.0850 1156 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:12:31.0860 1156 usbprint - ok
11:12:31.0900 1156 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:12:31.0910 1156 USBSTOR - ok
11:12:31.0930 1156 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:12:31.0940 1156 usbuhci - ok
11:12:31.0960 1156 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
11:12:31.0970 1156 usbvideo - ok
11:12:31.0990 1156 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:12:32.0010 1156 VgaSave - ok
11:12:32.0040 1156 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
11:12:32.0050 1156 ViaIde - ok
11:12:32.0070 1156 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:12:32.0080 1156 VolSnap - ok
11:12:32.0160 1156 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:12:32.0190 1156 VSS - ok
11:12:32.0371 1156 [ B6CB2CCE557CE57C72C3D31E701E6E39 ] w22n51 C:\WINDOWS\system32\DRIVERS\w22n51.sys
11:12:32.0431 1156 w22n51 - ok
11:12:32.0471 1156 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:12:32.0491 1156 W32Time - ok
11:12:32.0531 1156 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:12:32.0541 1156 Wanarp - ok
11:12:32.0561 1156 WDICA - ok
11:12:32.0601 1156 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:12:32.0611 1156 wdmaud - ok
11:12:32.0641 1156 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:12:32.0671 1156 WebClient - ok
11:12:32.0801 1156 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:12:32.0811 1156 winmgmt - ok
11:12:32.0911 1156 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
11:12:32.0932 1156 WmdmPmSN - ok
11:12:33.0012 1156 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:12:33.0032 1156 Wmi - ok
11:12:33.0072 1156 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:12:33.0082 1156 WmiAcpi - ok
11:12:33.0122 1156 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:12:33.0142 1156 WmiApSrv - ok
11:12:33.0212 1156 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:12:33.0222 1156 WS2IFSL - ok
11:12:33.0292 1156 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:12:33.0332 1156 wscsvc - ok
11:12:33.0352 1156 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:12:33.0422 1156 wuauserv - ok
11:12:33.0512 1156 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:12:33.0552 1156 WZCSVC - ok
11:12:33.0622 1156 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:12:33.0663 1156 xmlprov - ok
11:12:33.0703 1156 ================ Scan global ===============================
11:12:33.0783 1156 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:12:33.0853 1156 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:12:33.0923 1156 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:12:34.0003 1156 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:12:34.0033 1156 [Global] - ok
11:12:34.0043 1156 ================ Scan MBR ==================================
11:12:34.0083 1156 [ 5901A5969459C03625E217601DFB3E93 ] \Device\Harddisk0\DR0
11:12:34.0083 1156 Suspicious mbr (NoAccess): \Device\Harddisk0\DR0
11:12:34.0093 1156 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
11:12:34.0093 1156 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
11:12:34.0113 1156 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR4
11:12:37.0949 1156 \Device\Harddisk1\DR4 - ok
11:12:37.0949 1156 ================ Scan VBR ==================================
11:12:37.0969 1156 [ 890723EDBD994455B4AB3C04488A1292 ] \Device\Harddisk0\DR0\Partition1
11:12:37.0969 1156 \Device\Harddisk0\DR0\Partition1 - ok
11:12:37.0979 1156 [ 50E9F2D0E5BFA1BBB7512657C01DD7BF ] \Device\Harddisk1\DR4\Partition1
11:12:37.0979 1156 \Device\Harddisk1\DR4\Partition1 - ok
11:12:37.0989 1156 ============================================================
11:12:37.0989 1156 Scan finished
11:12:37.0989 1156 ============================================================
11:12:37.0999 1404 Detected object count: 1
11:12:37.0999 1404 Actual detected object count: 1
11:12:44.0338 1404 \Device\Harddisk0\DR0\# - copied to quarantine
11:12:44.0338 1404 \Device\Harddisk0\DR0 - copied to quarantine
11:12:44.0478 1404 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
11:12:44.0488 1404 \Device\Harddisk0\DR0 - ok
11:12:44.0488 1404 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
11:12:51.0238 0916 Deinitialize success


Second Log:


11:16:28.0292 2120 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:16:30.0245 2120 ============================================================
11:16:30.0245 2120 Current date / time: 2012/11/06 11:16:30.0245
11:16:30.0245 2120 SystemInfo:
11:16:30.0245 2120
11:16:30.0245 2120 OS Version: 5.1.2600 ServicePack: 3.0
11:16:30.0245 2120 Product type: Workstation
11:16:30.0245 2120 ComputerName: LAPTOP1
11:16:30.0245 2120 UserName: Administrator
11:16:30.0245 2120 Windows directory: C:\WINDOWS
11:16:30.0245 2120 System windows directory: C:\WINDOWS
11:16:30.0245 2120 Processor architecture: Intel x86
11:16:30.0245 2120 Number of processors: 1
11:16:30.0245 2120 Page size: 0x1000
11:16:30.0245 2120 Boot type: Normal boot
11:16:30.0245 2120 ============================================================
11:16:37.0886 2120 BG loaded
11:16:38.0807 2120 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1430, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:16:38.0897 2120 Drive \Device\Harddisk1\DR2 - Size: 0x3E740000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:16:38.0897 2120 ============================================================
11:16:38.0897 2120 \Device\Harddisk0\DR0:
11:16:39.0027 2120 MBR partitions:
11:16:39.0027 2120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
11:16:39.0027 2120 \Device\Harddisk1\DR2:
11:16:39.0027 2120 MBR partitions:
11:16:39.0027 2120 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x1F39E0
11:16:39.0027 2120 ============================================================
11:16:39.0789 2120 C: <-> \Device\Harddisk0\DR0\Partition1
11:16:40.0169 2120 ============================================================
11:16:40.0169 2120 Initialize success
11:16:40.0169 2120 ============================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users