Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to remove a Disable Security Center Virus


  • Please log in to reply
9 replies to this topic

#1 mach0

mach0

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 07 December 2012 - 11:20 AM

Hello All,

A couple of days ago on booting my system, I go a blue screen saying that there were some errors and it automatically went on rectifying them. Below are the changes that seem to have occurred according to the log in windows event viewer.

___________________________________________________________
Checking file system on C:
The type of the file system is NTFS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
The segment number 0x374000000000 in file 0x373e is incorrect.
Correcting a minor error in file 14142.
The segment number 0x374100000000 in file 0x373f is incorrect.
Correcting a minor error in file 14143.
The segment number 0x374200000000 in file 0x3740 is incorrect.
Correcting a minor error in file 14144.
The segment number 0x374300000000 in file 0x3741 is incorrect.
Correcting a minor error in file 14145.
The segment number 0x376c00000000 in file 0x3742 is incorrect.
Correcting a minor error in file 14146.
The segment number 0x376d00000000 in file 0x3743 is incorrect.
Correcting a minor error in file 14147.
The segment number 0x376e00000000 in file 0x3744 is incorrect.
Correcting a minor error in file 14148.
The segment number 0x376f00000000 in file 0x3745 is incorrect.
Correcting a minor error in file 14149.
The segment number 0x379400000000 in file 0x3746 is incorrect.
Correcting a minor error in file 14150.
The segment number 0x379500000000 in file 0x3747 is incorrect.
Correcting a minor error in file 14151.
The attribute list in file 0x3747 indicates the standard information
attribute is outside the base file record segment.
Deleted corrupt attribute list for file 14151.
The segment number 0x379a00000000 in file 0x374c is incorrect.
Correcting a minor error in file 14156.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x171eb for possibly 0x4 clusters.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x171eb for possibly 0x4 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x376c is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 14188.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x3cf47a for possibly 0x1c clusters.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x3cf47a for possibly 0x1c clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x376e is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 14190.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x3cf84a for possibly 0x1ee clusters.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x3cf84a for possibly 0x1ee clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x376f is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 14191.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0xb5f3b for possibly 0x4 clusters.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0xb5f3b for possibly 0x4 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x3794 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 14228.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x2a03 for possibly 0x6 clusters.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x2a03 for possibly 0x6 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x379a is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 14234.
Cleaning up instance tags for file 0xb43c.
Deleting orphan file record segment 14157.
The object id in file 0x3745 already existed in the object
id index in file 0x19.
c8 3e 13 6c b0 1d de 11 b7 64 00 19 d1 7b ff aa .>.l.....d...{..
05 2d 00 00 bc e5 06 00 cf 98 05 01 a4 e2 06 00 .-..............
Deleting duplicate object id from file record segment 14149.
The file reference 0x100000000374c of index entry ATHPRXY.DLL of index $I30
with parent 0x1d is not the same as 0xd6400000000374c.
Deleting index entry ATHPRXY.DLL in index $I30 of file 29.
The file reference 0x12fa00000000373f of index entry _REGISTRY_USER_USRCLASS_S-1-5-20 of index $I30
with parent 0x361e is not the same as 0x100000000373f.
Deleting index entry _REGISTRY_USER_USRCLASS_S-1-5-20 in index $I30 of file 13854.
The file reference 0x12fa00000000373f of index entry _RF17F~1 of index $I30
with parent 0x361e is not the same as 0x100000000373f.
Deleting index entry _RF17F~1 in index $I30 of file 13854.
Index entry MAPPING.VER of index $I30 in file 0x371a points to unused file 0x374d.
Deleting index entry MAPPING.VER in index $I30 of file 14106.
Unable to locate the file name attribute of index entry 1033
of index $I30 with parent 0x371b in file 0x3740.
Deleting index entry 1033 in index $I30 of file 14107.
The file reference 0x1000000003742 of index entry mdm.exe of index $I30
with parent 0x371b is not the same as 0x113a000000003742.
Deleting index entry mdm.exe in index $I30 of file 14107.
The file reference 0x1000000003746 of index entry msdbg2.dll of index $I30
with parent 0x371b is not the same as 0x87f000000003746.
Deleting index entry msdbg2.dll in index $I30 of file 14107.
The file reference 0x1000000003743 of index entry pdm.dll of index $I30
with parent 0x371b is not the same as 0xea000000003743.
Deleting index entry pdm.dll in index $I30 of file 14107.
The parent 0x1000000003740 of index entry mdmui.dll of index $I30
in file 0x3741 is incorrect. The expected parent is 0x100000000373e.
Deleting index entry mdmui.dll in index $I30 of file 14142.
The parent 0xea00000000376d of index entry settings.sol of index $I30
in file 0x3775 is incorrect. The expected parent is 0xea000000003743.
Deleting index entry settings.sol in index $I30 of file 14147.
The file reference 0x2d200000000373e of index entry Dc5101.bmp of index $I30
with parent 0x5bfe is not the same as 0x100000000373e.
Deleting index entry Dc5101.bmp in index $I30 of file 23550.
The file reference 0x8db000000003747 of index entry queue.xml of index $I30
with parent 0x9d79 is not the same as 0x871000000003747.
Deleting index entry queue.xml in index $I30 of file 40313.
The file reference 0xd71000000003744 of index entry HT8579~1.LOC of index $I30
with parent 0x9f7a is not the same as 0x72000000003744.
Deleting index entry HT8579~1.LOC in index $I30 of file 40826.
The file reference 0xd71000000003744 of index entry http_www.ndtv.com_0.localstorage-journal of index $I30
with parent 0x9f7a is not the same as 0x72000000003744.
Deleting index entry http_www.ndtv.com_0.localstorage-journal in index $I30 of file 40826.
The file reference 0xe9000000003745 of index entry RT88B3~1.YML of index $I30
with parent 0x11157 is not the same as 0x7f000000003745.
Deleting index entry RT88B3~1.YML in index $I30 of file 69975.
The file reference 0xe9000000003745 of index entry rt_20090628-090315.yml of index $I30
with parent 0x11157 is not the same as 0x7f000000003745.
Deleting index entry rt_20090628-090315.yml in index $I30 of file 69975.
Cleaning up minor inconsistencies on the drive.
CHKDSK is recovering lost files.
Recovering orphaned file 1033 (14142) into directory file 14107.
Recovering orphaned file mdm.exe (14144) into directory file 14107.
Recovering orphaned file pdm.dll (14145) into directory file 14107.
Cleaning up 688 unused index entries from index $SII of file 0x9.
Cleaning up 688 unused index entries from index $SDH of file 0x9.
Cleaning up 688 unused security descriptors.
Inserting data attribute into file 14151.
Inserting data attribute into file 14188.
Inserting data attribute into file 14190.
Inserting data attribute into file 14191.
Inserting data attribute into file 14228.
Inserting data attribute into file 14234.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

61440560 KB total disk space.
13410732 KB in 49495 files.
25200 KB in 6469 indexes.
0 KB in bad sectors.
148716 KB in use by the system.
65536 KB occupied by the log file.
47855912 KB available on disk.

4096 bytes in each allocation unit.
15360140 total allocation units on disk.
11963978 allocation units available on disk.

Internal Info:
a0 39 01 00 aa da 00 00 2c 36 01 00 00 00 00 00 .9......,6......
e5 00 00 00 02 00 00 00 da 03 00 00 00 00 00 00 ................
f4 69 b3 02 00 00 00 00 44 e0 b5 2a 00 00 00 00 .i......D..*....
b8 40 dc 07 00 00 00 00 00 00 00 00 00 00 00 00 .@..............
00 00 00 00 00 00 00 00 8e b4 6b 3d 00 00 00 00 ..........k=....
10 1e 2f 6b 00 00 00 00 80 36 07 00 57 c1 00 00 ../k.....6..W...
00 00 00 00 00 b0 86 32 03 00 00 00 45 19 00 00 .......2....E...

Windows has finished checking your disk.
Please wait while your computer restarts.
_______________________________________________________________

After the changes were finished Windows XP seemed to start normally, but my AntiVirus NOD32 4.0 did not start automatically. And every time I tried to open it manually I got the message that egui.exe is invalid.

I did a MBAM (Malware Bytes) scan and it returned three potential malwares

Vendor: PUM.Disabled.SecurityCenterDisabled
Category: Registry Data
Item: HKLM\Software\Microsoft\Security Center|UpdatesDisableNotify
Item: HKLM\Software\Microsoft\Security Center|FirewallDisableNotify
Item: HKLM\Software\Microsoft\Security Center|AntiVirusDisableNotify

I removed all three of them using MBAM but was still unable to open NOD32.

I used the NOD32 setup file to repair NOD32 and after restarting the system, NOD32 was working again and I did a complete scan but it did not detect anything.

Now NOD32 is working fine and updating automatically. The Firewall is on and all applications seem to be working normally.

As far as Windows Updates are concerned, I am getting a Red Balloon in the System Tray that my Automatic Updates are OFF.

I have always kept Windows Automatic Updates OFF and never got any Red Balloon in the System Tray nor did MBAM ever show it as a potential threat. But now if I manually keep Windows Automatic Updates OFF MBAM is showing it as a threat (Item: HKLM\Software\Microsoft\Security Center|UpdatesDisableNotify). If I clean it using MBAM then the red baloon is coming in the system tray but MBAM isnt showing any threat.

If I remove the Red Baloon then again MBAM is showing the threat. I tried using SuperAntiSpyware and it also showing the exact same thing in the same way.

Can anyone please explain to me what kind of virus threat I am dealing with and how to clean it?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:04 PM

Posted 07 December 2012 - 10:55 PM

Hello mach0

Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 mach0

mach0
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 10 December 2012 - 06:39 AM

Thank You for the reply. Below are the Logs from MBAM Scan and the TDSSKiller Scan

___________________________________________________________________________________

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.07.03

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
Administrator :: HOME [administrator]

12/10/2012 4:53:16 PM
mbam-log-2012-12-10 (16-53-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188848
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
_________________________________________________________________________________________________________


17:03:06.0187 3456 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
17:03:08.0187 3456 ============================================================
17:03:08.0187 3456 Current date / time: 2012/12/10 17:03:08.0187
17:03:08.0187 3456 SystemInfo:
17:03:08.0187 3456
17:03:08.0187 3456 OS Version: 5.1.2600 ServicePack: 2.0
17:03:08.0187 3456 Product type: Workstation
17:03:08.0187 3456 ComputerName: HOME
17:03:08.0187 3456 UserName: Administrator
17:03:08.0187 3456 Windows directory: C:\WINDOWS
17:03:08.0187 3456 System windows directory: C:\WINDOWS
17:03:08.0187 3456 Processor architecture: Intel x86
17:03:08.0187 3456 Number of processors: 2
17:03:08.0187 3456 Page size: 0x1000
17:03:08.0187 3456 Boot type: Normal boot
17:03:08.0187 3456 ============================================================
17:03:09.0046 3456 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:03:09.0046 3456 ============================================================
17:03:09.0046 3456 \Device\Harddisk0\DR0:
17:03:09.0046 3456 MBR partitions:
17:03:09.0046 3456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
17:03:09.0062 3456 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0x61A7927
17:03:09.0078 3456 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xD6D7E46, BlocksNum 0x5340C7B
17:03:09.0078 3456 ============================================================
17:03:09.0109 3456 C: <-> \Device\Harddisk0\DR0\Partition1
17:03:09.0156 3456 D: <-> \Device\Harddisk0\DR0\Partition2
17:03:09.0234 3456 E: <-> \Device\Harddisk0\DR0\Partition3
17:03:09.0234 3456 ============================================================
17:03:09.0234 3456 Initialize success
17:03:09.0234 3456 ============================================================
17:03:14.0546 2548 ============================================================
17:03:14.0546 2548 Scan started
17:03:14.0546 2548 Mode: Manual;
17:03:14.0546 2548 ============================================================
17:03:15.0000 2548 ================ Scan system memory ========================
17:03:15.0000 2548 System memory - ok
17:03:15.0000 2548 ================ Scan services =============================
17:03:15.0093 2548 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:03:15.0109 2548 !SASCORE - ok
17:03:15.0171 2548 Abiosdsk - ok
17:03:15.0171 2548 abp480n5 - ok
17:03:15.0203 2548 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:03:15.0203 2548 ACPI - ok
17:03:15.0265 2548 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:03:15.0265 2548 ACPIEC - ok
17:03:15.0265 2548 adpu160m - ok
17:03:15.0312 2548 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:03:15.0312 2548 aec - ok
17:03:15.0343 2548 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:03:15.0343 2548 AFD - ok
17:03:15.0359 2548 Aha154x - ok
17:03:15.0359 2548 aic78u2 - ok
17:03:15.0359 2548 aic78xx - ok
17:03:15.0390 2548 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:03:15.0390 2548 Alerter - ok
17:03:15.0390 2548 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
17:03:15.0406 2548 ALG - ok
17:03:15.0406 2548 AliIde - ok
17:03:15.0406 2548 amsint - ok
17:03:15.0437 2548 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:03:15.0437 2548 AppMgmt - ok
17:03:15.0437 2548 asc - ok
17:03:15.0437 2548 asc3350p - ok
17:03:15.0453 2548 asc3550 - ok
17:03:15.0515 2548 [ 4EABF511B1AF176A971C3271E48FA3A8 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:03:15.0515 2548 aspnet_state - ok
17:03:15.0546 2548 [ C2DF2E3C676414D6F8C8F35F0EA46C60 ] astcc C:\WINDOWS\system32\AstSrv.exe
17:03:15.0546 2548 astcc - ok
17:03:15.0578 2548 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:03:15.0593 2548 AsyncMac - ok
17:03:15.0625 2548 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:03:15.0625 2548 atapi - ok
17:03:15.0625 2548 Atdisk - ok
17:03:15.0671 2548 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:03:15.0671 2548 Atmarpc - ok
17:03:15.0718 2548 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:03:15.0718 2548 AudioSrv - ok
17:03:15.0796 2548 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:03:15.0796 2548 audstub - ok
17:03:15.0828 2548 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:03:15.0828 2548 Beep - ok
17:03:15.0875 2548 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
17:03:15.0875 2548 BITS - ok
17:03:15.0906 2548 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
17:03:15.0906 2548 Browser - ok
17:03:15.0953 2548 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:03:15.0953 2548 cbidf2k - ok
17:03:15.0953 2548 cd20xrnt - ok
17:03:15.0953 2548 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:03:15.0953 2548 Cdaudio - ok
17:03:15.0984 2548 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:03:15.0984 2548 Cdfs - ok
17:03:16.0015 2548 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:03:16.0015 2548 Cdrom - ok
17:03:16.0015 2548 Changer - ok
17:03:16.0062 2548 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:03:16.0062 2548 CiSvc - ok
17:03:16.0078 2548 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:03:16.0078 2548 ClipSrv - ok
17:03:16.0125 2548 [ 234B1BC2796483E1F5C3F26649FB3388 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:03:16.0125 2548 clr_optimization_v2.0.50727_32 - ok
17:03:16.0125 2548 CmdIde - ok
17:03:16.0125 2548 COMSysApp - ok
17:03:16.0140 2548 Cpqarray - ok
17:03:16.0171 2548 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:03:16.0171 2548 CryptSvc - ok
17:03:16.0171 2548 dac2w2k - ok
17:03:16.0187 2548 dac960nt - ok
17:03:16.0218 2548 [ 5C83A4408604F737717AB96371201680 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:03:16.0218 2548 DcomLaunch - ok
17:03:16.0234 2548 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:03:16.0234 2548 Dhcp - ok
17:03:16.0265 2548 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:03:16.0265 2548 Disk - ok
17:03:16.0265 2548 dmadmin - ok
17:03:16.0312 2548 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:03:16.0359 2548 dmboot - ok
17:03:16.0375 2548 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:03:16.0375 2548 dmio - ok
17:03:16.0390 2548 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:03:16.0390 2548 dmload - ok
17:03:16.0406 2548 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
17:03:16.0406 2548 dmserver - ok
17:03:16.0437 2548 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:03:16.0437 2548 DMusic - ok
17:03:16.0468 2548 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:03:16.0468 2548 Dnscache - ok
17:03:16.0468 2548 dpti2o - ok
17:03:16.0484 2548 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:03:16.0484 2548 drmkaud - ok
17:03:16.0515 2548 [ 5C940A174DFB2C42B9F6BA6EDC2BAA0B ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:03:16.0515 2548 E100B - ok
17:03:16.0562 2548 [ 59D9E5DBCFEF1E0E3DBAC1B55C718F2D ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
17:03:16.0562 2548 eamon - ok
17:03:16.0593 2548 [ 3BD67A869964BF57266CBBD1DCA38C6A ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
17:03:16.0593 2548 ehdrv - ok
17:03:16.0640 2548 [ 96FC9AD2C1B008424093F5367CA1AE3E ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
17:03:16.0640 2548 EhttpSrv - ok
17:03:16.0687 2548 [ D543E7E8BCAE3F5D256335EEE809ADF5 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
17:03:16.0687 2548 ekrn - ok
17:03:16.0718 2548 [ AA0AF2830FC14FFD7E80611614ECAC74 ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
17:03:16.0718 2548 epfwtdir - ok
17:03:16.0750 2548 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:03:16.0750 2548 ERSvc - ok
17:03:16.0781 2548 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe
17:03:16.0781 2548 Eventlog - ok
17:03:16.0796 2548 [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] EventSystem C:\WINDOWS\system32\es.dll
17:03:16.0796 2548 EventSystem - ok
17:03:16.0828 2548 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:03:16.0828 2548 Fastfat - ok
17:03:16.0875 2548 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:03:16.0875 2548 FastUserSwitchingCompatibility - ok
17:03:16.0906 2548 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:03:16.0921 2548 Fdc - ok
17:03:16.0968 2548 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:03:16.0968 2548 Fips - ok
17:03:16.0984 2548 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
17:03:16.0984 2548 Flpydisk - ok
17:03:17.0031 2548 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:03:17.0031 2548 FltMgr - ok
17:03:17.0046 2548 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:03:17.0046 2548 Fs_Rec - ok
17:03:17.0062 2548 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:03:17.0078 2548 Ftdisk - ok
17:03:17.0125 2548 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:03:17.0125 2548 Gpc - ok
17:03:17.0140 2548 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:03:17.0156 2548 HDAudBus - ok
17:03:17.0203 2548 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:03:17.0203 2548 helpsvc - ok
17:03:17.0234 2548 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:03:17.0234 2548 HidServ - ok
17:03:17.0250 2548 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:03:17.0250 2548 HidUsb - ok
17:03:17.0250 2548 hpn - ok
17:03:17.0281 2548 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:03:17.0281 2548 HTTP - ok
17:03:17.0312 2548 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:03:17.0312 2548 HTTPFilter - ok
17:03:17.0312 2548 i2omgmt - ok
17:03:17.0328 2548 i2omp - ok
17:03:17.0343 2548 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:03:17.0343 2548 i8042prt - ok
17:03:17.0406 2548 [ 6FCB904910DA07C9DC2593D66438FA29 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:03:17.0406 2548 ialm - ok
17:03:17.0437 2548 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:03:17.0437 2548 Imapi - ok
17:03:17.0468 2548 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:03:17.0468 2548 ImapiService - ok
17:03:17.0468 2548 ini910u - ok
17:03:17.0484 2548 IntelIde - ok
17:03:17.0515 2548 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:03:17.0515 2548 intelppm - ok
17:03:17.0515 2548 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:03:17.0515 2548 Ip6Fw - ok
17:03:17.0546 2548 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:03:17.0546 2548 IpFilterDriver - ok
17:03:17.0578 2548 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:03:17.0578 2548 IpInIp - ok
17:03:17.0593 2548 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:03:17.0593 2548 IpNat - ok
17:03:17.0609 2548 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:03:17.0640 2548 IPSec - ok
17:03:17.0671 2548 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:03:17.0671 2548 IRENUM - ok
17:03:17.0703 2548 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:03:17.0703 2548 isapnp - ok
17:03:17.0734 2548 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:03:17.0734 2548 Kbdclass - ok
17:03:17.0750 2548 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:03:17.0750 2548 kmixer - ok
17:03:17.0781 2548 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:03:17.0781 2548 KSecDD - ok
17:03:17.0812 2548 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:03:17.0828 2548 lanmanserver - ok
17:03:17.0859 2548 [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:03:17.0859 2548 lanmanworkstation - ok
17:03:17.0859 2548 lbrtfdc - ok
17:03:17.0875 2548 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:03:17.0875 2548 LmHosts - ok
17:03:17.0921 2548 [ 0EFEE4F2D23BA2D8B27FBA942106E0E1 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
17:03:17.0937 2548 MDM - ok
17:03:17.0937 2548 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:03:17.0937 2548 Messenger - ok
17:03:18.0031 2548 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:03:18.0031 2548 Microsoft Office Groove Audit Service - ok
17:03:18.0062 2548 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:03:18.0062 2548 mnmdd - ok
17:03:18.0078 2548 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:03:18.0078 2548 mnmsrvc - ok
17:03:18.0109 2548 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:03:18.0109 2548 Modem - ok
17:03:18.0125 2548 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:03:18.0125 2548 Mouclass - ok
17:03:18.0171 2548 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:03:18.0171 2548 mouhid - ok
17:03:18.0171 2548 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:03:18.0171 2548 MountMgr - ok
17:03:18.0187 2548 mraid35x - ok
17:03:18.0187 2548 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:03:18.0187 2548 MRxDAV - ok
17:03:18.0234 2548 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:03:18.0234 2548 MRxSmb - ok
17:03:18.0265 2548 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:03:18.0265 2548 MSDTC - ok
17:03:18.0281 2548 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:03:18.0281 2548 Msfs - ok
17:03:18.0281 2548 MSIServer - ok
17:03:18.0296 2548 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:03:18.0296 2548 MSKSSRV - ok
17:03:18.0312 2548 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:03:18.0312 2548 MSPCLOCK - ok
17:03:18.0343 2548 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:03:18.0343 2548 MSPQM - ok
17:03:18.0390 2548 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:03:18.0390 2548 mssmbios - ok
17:03:18.0421 2548 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:03:18.0421 2548 Mup - ok
17:03:18.0500 2548 [ B8F73372C02963913F764DF75C53EAE2 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
17:03:18.0515 2548 NBService - ok
17:03:18.0531 2548 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:03:18.0531 2548 NDIS - ok
17:03:18.0562 2548 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:03:18.0562 2548 NdisTapi - ok
17:03:18.0593 2548 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:03:18.0593 2548 Ndisuio - ok
17:03:18.0609 2548 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:03:18.0609 2548 NdisWan - ok
17:03:18.0609 2548 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:03:18.0609 2548 NDProxy - ok
17:03:18.0625 2548 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:03:18.0625 2548 NetBIOS - ok
17:03:18.0640 2548 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:03:18.0640 2548 NetBT - ok
17:03:18.0671 2548 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
17:03:18.0687 2548 NetDDE - ok
17:03:18.0703 2548 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:03:18.0703 2548 NetDDEdsdm - ok
17:03:18.0718 2548 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:03:18.0718 2548 Netlogon - ok
17:03:18.0718 2548 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll
17:03:18.0734 2548 Netman - ok
17:03:18.0750 2548 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll
17:03:18.0750 2548 Nla - ok
17:03:18.0765 2548 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:03:18.0765 2548 Npfs - ok
17:03:18.0796 2548 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:03:18.0796 2548 Ntfs - ok
17:03:18.0812 2548 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:03:18.0812 2548 NtLmSsp - ok
17:03:18.0843 2548 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:03:18.0859 2548 NtmsSvc - ok
17:03:18.0859 2548 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:03:18.0859 2548 Null - ok
17:03:18.0890 2548 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:03:18.0890 2548 NwlnkFlt - ok
17:03:18.0906 2548 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:03:18.0906 2548 NwlnkFwd - ok
17:03:18.0968 2548 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:03:18.0968 2548 odserv - ok
17:03:19.0000 2548 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:03:19.0000 2548 ose - ok
17:03:19.0015 2548 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:03:19.0015 2548 Parport - ok
17:03:19.0031 2548 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:03:19.0031 2548 PartMgr - ok
17:03:19.0046 2548 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:03:19.0078 2548 ParVdm - ok
17:03:19.0109 2548 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:03:19.0109 2548 PCI - ok
17:03:19.0109 2548 PCIDump - ok
17:03:19.0125 2548 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:03:19.0125 2548 PCIIde - ok
17:03:19.0156 2548 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:03:19.0156 2548 Pcmcia - ok
17:03:19.0156 2548 PDCOMP - ok
17:03:19.0171 2548 PDFRAME - ok
17:03:19.0171 2548 PDRELI - ok
17:03:19.0171 2548 PDRFRAME - ok
17:03:19.0171 2548 perc2 - ok
17:03:19.0187 2548 perc2hib - ok
17:03:19.0203 2548 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe
17:03:19.0203 2548 PlugPlay - ok
17:03:19.0218 2548 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:03:19.0218 2548 PolicyAgent - ok
17:03:19.0234 2548 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:03:19.0234 2548 PptpMiniport - ok
17:03:19.0234 2548 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:03:19.0234 2548 ProtectedStorage - ok
17:03:19.0250 2548 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:03:19.0250 2548 PSched - ok
17:03:19.0250 2548 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:03:19.0250 2548 Ptilink - ok
17:03:19.0281 2548 [ B572ED0C3E6165643FA116AF20425A54 ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
17:03:19.0312 2548 PxHelp20 - ok
17:03:19.0312 2548 ql1080 - ok
17:03:19.0328 2548 Ql10wnt - ok
17:03:19.0328 2548 ql12160 - ok
17:03:19.0328 2548 ql1240 - ok
17:03:19.0343 2548 ql1280 - ok
17:03:19.0343 2548 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:03:19.0343 2548 RasAcd - ok
17:03:19.0390 2548 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:03:19.0390 2548 RasAuto - ok
17:03:19.0406 2548 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:03:19.0406 2548 Rasl2tp - ok
17:03:19.0406 2548 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:03:19.0406 2548 RasMan - ok
17:03:19.0421 2548 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:03:19.0421 2548 RasPppoe - ok
17:03:19.0421 2548 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:03:19.0437 2548 Raspti - ok
17:03:19.0437 2548 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:03:19.0437 2548 Rdbss - ok
17:03:19.0453 2548 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:03:19.0453 2548 RDPCDD - ok
17:03:19.0484 2548 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:03:19.0484 2548 rdpdr - ok
17:03:19.0531 2548 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:03:19.0531 2548 RDPWD - ok
17:03:19.0562 2548 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:03:19.0562 2548 RDSessMgr - ok
17:03:19.0593 2548 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:03:19.0609 2548 redbook - ok
17:03:19.0640 2548 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:03:19.0640 2548 RemoteAccess - ok
17:03:19.0671 2548 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:03:19.0671 2548 RemoteRegistry - ok
17:03:19.0703 2548 [ 1E790AD744D988D9F521B1A8111F6E17 ] RMSPPPOE C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS
17:03:19.0703 2548 RMSPPPOE - ok
17:03:19.0734 2548 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
17:03:19.0734 2548 RpcLocator - ok
17:03:19.0765 2548 [ 5C83A4408604F737717AB96371201680 ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:03:19.0765 2548 RpcSs - ok
17:03:19.0796 2548 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:03:19.0796 2548 RSVP - ok
17:03:19.0812 2548 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
17:03:19.0812 2548 SamSs - ok
17:03:19.0843 2548 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:03:19.0843 2548 SASDIFSV - ok
17:03:19.0859 2548 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:03:19.0890 2548 SASKUTIL - ok
17:03:19.0921 2548 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:03:19.0921 2548 SCardSvr - ok
17:03:19.0953 2548 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:03:19.0953 2548 Schedule - ok
17:03:19.0984 2548 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:03:19.0984 2548 Secdrv - ok
17:03:20.0000 2548 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
17:03:20.0000 2548 seclogon - ok
17:03:20.0015 2548 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
17:03:20.0015 2548 SENS - ok
17:03:20.0015 2548 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:03:20.0015 2548 serenum - ok
17:03:20.0031 2548 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:03:20.0031 2548 Serial - ok
17:03:20.0031 2548 ServiceLayer - ok
17:03:20.0062 2548 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:03:20.0062 2548 Sfloppy - ok
17:03:20.0078 2548 [ 5FE18FFF6FBCF218290042009EAB023D ] sfng32 C:\WINDOWS\system32\drivers\sfng32.sys
17:03:20.0093 2548 sfng32 - ok
17:03:20.0109 2548 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:03:20.0109 2548 SharedAccess - ok
17:03:20.0125 2548 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:03:20.0125 2548 ShellHWDetection - ok
17:03:20.0125 2548 Simbad - ok
17:03:20.0125 2548 Sparrow - ok
17:03:20.0156 2548 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:03:20.0171 2548 splitter - ok
17:03:20.0171 2548 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:03:20.0171 2548 Spooler - ok
17:03:20.0218 2548 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:03:20.0218 2548 sr - ok
17:03:20.0218 2548 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
17:03:20.0218 2548 srservice - ok
17:03:20.0250 2548 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:03:20.0250 2548 Srv - ok
17:03:20.0281 2548 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:03:20.0281 2548 SSDPSRV - ok
17:03:20.0312 2548 [ 754804F95F1E16E5AC6FA1623938D48F ] STacSV C:\WINDOWS\system32\STacSV.exe
17:03:20.0312 2548 STacSV - ok
17:03:20.0343 2548 [ 237CCBFC82B4C98435461972597F29D5 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
17:03:20.0359 2548 STHDA - ok
17:03:20.0390 2548 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:03:20.0390 2548 stisvc - ok
17:03:20.0406 2548 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:03:20.0406 2548 swenum - ok
17:03:20.0421 2548 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:03:20.0421 2548 swmidi - ok
17:03:20.0421 2548 SwPrv - ok
17:03:20.0437 2548 symc810 - ok
17:03:20.0437 2548 symc8xx - ok
17:03:20.0437 2548 sym_hi - ok
17:03:20.0453 2548 sym_u3 - ok
17:03:20.0453 2548 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:03:20.0453 2548 sysaudio - ok
17:03:20.0484 2548 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:03:20.0484 2548 SysmonLog - ok
17:03:20.0515 2548 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:03:20.0515 2548 TapiSrv - ok
17:03:20.0531 2548 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:03:20.0562 2548 Tcpip - ok
17:03:20.0578 2548 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:03:20.0593 2548 TDPIPE - ok
17:03:20.0609 2548 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:03:20.0609 2548 TDTCP - ok
17:03:20.0625 2548 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:03:20.0625 2548 TermDD - ok
17:03:20.0656 2548 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
17:03:20.0656 2548 TermService - ok
17:03:20.0671 2548 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:03:20.0671 2548 Themes - ok
17:03:20.0703 2548 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:03:20.0703 2548 TlntSvr - ok
17:03:20.0703 2548 TosIde - ok
17:03:20.0734 2548 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:03:20.0734 2548 TrkWks - ok
17:03:20.0765 2548 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:03:20.0765 2548 Udfs - ok
17:03:20.0765 2548 ultra - ok
17:03:20.0796 2548 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
17:03:20.0796 2548 UMWdf - ok
17:03:20.0828 2548 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:03:20.0828 2548 Update - ok
17:03:20.0859 2548 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
17:03:20.0859 2548 upnphost - ok
17:03:20.0875 2548 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
17:03:20.0875 2548 UPS - ok
17:03:20.0906 2548 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
17:03:20.0906 2548 usbaudio - ok
17:03:20.0906 2548 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:03:20.0906 2548 usbccgp - ok
17:03:20.0937 2548 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:03:20.0937 2548 usbehci - ok
17:03:20.0953 2548 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:03:20.0953 2548 usbhub - ok
17:03:20.0984 2548 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:03:20.0984 2548 USBSTOR - ok
17:03:21.0015 2548 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:03:21.0015 2548 usbuhci - ok
17:03:21.0015 2548 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:03:21.0046 2548 VgaSave - ok
17:03:21.0046 2548 ViaIde - ok
17:03:21.0046 2548 VISSV - ok
17:03:21.0062 2548 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:03:21.0062 2548 VolSnap - ok
17:03:21.0093 2548 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
17:03:21.0093 2548 VSS - ok
17:03:21.0125 2548 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
17:03:21.0125 2548 W32Time - ok
17:03:21.0140 2548 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:03:21.0171 2548 Wanarp - ok
17:03:21.0171 2548 WDICA - ok
17:03:21.0203 2548 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:03:21.0234 2548 wdmaud - ok
17:03:21.0250 2548 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:03:21.0250 2548 WebClient - ok
17:03:21.0312 2548 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:03:21.0312 2548 winmgmt - ok
17:03:21.0343 2548 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:03:21.0343 2548 WmdmPmSN - ok
17:03:21.0375 2548 [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi C:\WINDOWS\System32\advapi32.dll
17:03:21.0390 2548 Wmi - ok
17:03:21.0421 2548 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:03:21.0421 2548 WmiApSrv - ok
17:03:21.0453 2548 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:03:21.0453 2548 WS2IFSL - ok
17:03:21.0484 2548 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:03:21.0484 2548 wscsvc - ok
17:03:21.0515 2548 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:03:21.0515 2548 wuauserv - ok
17:03:21.0546 2548 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:03:21.0546 2548 WZCSVC - ok
17:03:21.0562 2548 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:03:21.0562 2548 xmlprov - ok
17:03:21.0578 2548 ================ Scan global ===============================
17:03:21.0593 2548 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
17:03:21.0609 2548 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
17:03:21.0625 2548 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
17:03:21.0640 2548 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
17:03:21.0640 2548 [Global] - ok
17:03:21.0640 2548 ================ Scan MBR ==================================
17:03:21.0656 2548 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:03:21.0828 2548 \Device\Harddisk0\DR0 - ok
17:03:21.0828 2548 ================ Scan VBR ==================================
17:03:21.0828 2548 [ D2F542A92F16CAB77B47F9505D416C8F ] \Device\Harddisk0\DR0\Partition1
17:03:21.0828 2548 \Device\Harddisk0\DR0\Partition1 - ok
17:03:21.0859 2548 [ BC5E896C2B3ECABA8FD1AE3643CF967B ] \Device\Harddisk0\DR0\Partition2
17:03:21.0859 2548 \Device\Harddisk0\DR0\Partition2 - ok
17:03:21.0875 2548 [ 4F1789F4613CD4DCA5EC018124780974 ] \Device\Harddisk0\DR0\Partition3
17:03:21.0875 2548 \Device\Harddisk0\DR0\Partition3 - ok
17:03:21.0875 2548 ============================================================
17:03:21.0875 2548 Scan finished
17:03:21.0875 2548 ============================================================
17:03:21.0890 3472 Detected object count: 0
17:03:21.0890 3472 Actual detected object count: 0
17:03:28.0671 2072 Deinitialize success

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:04 PM

Posted 10 December 2012 - 11:22 AM

Looks like a hit. How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 mach0

mach0
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 10 December 2012 - 01:53 PM

Do you mean the System is infected?

I cant detect anything other than what MBAM is showing. If I dont reboot, everything seems fine. After I reebot I get the red balloon in the system tray. If I go to Security Center and remove the red balloon then again MBAM shows the PUM.SecurityCenter malware. What should I do?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:04 PM

Posted 10 December 2012 - 02:09 PM

Yes,, we need to dig it out. Start a new topic as instructed in the guide below. Title it...Cannot remove PUM.SecurityCenter malware

Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 mach0

mach0
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 11 December 2012 - 01:35 AM

Thanks for your patience.

After cleaning the PUM malware with MBAM yesterday. I have rebooted today and interestingly the red balloon hasnt reappeared. MBAM is also not showing any Malware. I did a NOD scan and it isnt showing anything. Is my system clean?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:04 PM

Posted 11 December 2012 - 01:02 PM

Then we did get it... great.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 mach0

mach0
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 12 December 2012 - 01:15 AM

Thank you for the help.

I sent the original event viewer log to NOD and they say it may not be a virus and could be potential disk failure.

Can you tell me what do you think the original problem was. If it is disk failure why did it disable only Antivirus and Firewall and no other application?

Also, is there a way to know the current state of my hard disk and if it is at risk of failing?

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:04 PM

Posted 12 December 2012 - 12:59 PM

I did think it was a hardware issue also,but felt best to rule out malware first..

Repost the 1st log )first post) in the XP forum and they can check your system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users