slabhurta02

The system seems to be operating ok Though I have not been using it? From the Eset Log: "C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan (unable to clean) BD1D3BF759D78450B2F5ABD9F29B5EF91D684536 I C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (unable to clean) F281E8D97D77A6578BF8EA9290BEF4BBE02EF3FE I C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan (unable to clean) F7F17F266BD9A76D66E4F4F8511CA12101A57FC5 I C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan (unable to clean) DBDF099D4D9921EA809AB857CF1CA9776E109FD3 I C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan (unable to clean) F6FE0B6B7C92FEF6CBA3DB3D1435AC00F27F7EA1 I C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan (unable to clean) 5F329A1069EB6A8151C2CA3E589DBF1B481B50A2 I C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0012.dta a variant of Win32/Olmarik.AYI trojan (unable to clean) BD1D3BF759D78450B2F5ABD9F29B5EF91D684536 I " Does this no longer pose a threat?

ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=8 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=ee38e376f834394eaf724efacf4b9fb6 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-18 07:09:26 # local_time=2012-12-18 02:09:26 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=8199 16776701 100 100 0 74079686 0 0 # scanned=58621 # found=7 # cleaned=0 # scan_time=3089 # nod_component=V3 Build:0x30000000 C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan (unable to clean) BD1D3BF759D78450B2F5ABD9F29B5EF91D684536 I C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (unable to clean) F281E8D97D77A6578BF8EA9290BEF4BBE02EF3FE I C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan (unable to clean) F7F17F266BD9A76D66E4F4F8511CA12101A57FC5 I C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan (unable to clean) DBDF099D4D9921EA809AB857CF1CA9776E109FD3 I C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan (unable to clean) F6FE0B6B7C92FEF6CBA3DB3D1435AC00F27F7EA1 I C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan (unable to clean) 5F329A1069EB6A8151C2CA3E589DBF1B481B50A2 I C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0012.dta a variant of Win32/Olmarik.AYI trojan (unable to clean) BD1D3BF759D78450B2F5ABD9F29B5EF91D684536 I # version=8 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=ee38e376f834394eaf724efacf4b9fb6 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-12-18 08:04:02 # local_time=2012-12-18 03:04:02 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=8199 16776701 100 100 0 74082962 0 0 # scanned=58633 # found=7 # cleaned=0 # scan_time=3021 # nod_component=V3 Build:0x30000000 C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan (unable to clean) BD1D3BF759D78450B2F5ABD9F29B5EF91D684536 I C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (unable to clean) F281E8D97D77A6578BF8EA9290BEF4BBE02EF3FE I C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan (unable to clean) F7F17F266BD9A76D66E4F4F8511CA12101A57FC5 I C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan (unable to clean) DBDF099D4D9921EA809AB857CF1CA9776E109FD3 I C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan (unable to clean) F6FE0B6B7C92FEF6CBA3DB3D1435AC00F27F7EA1 I C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan (unable to clean) 5F329A1069EB6A8151C2CA3E589DBF1B481B50A2 I C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0012.dta a variant of Win32/Olmarik.AYI trojan (unable to clean) BD1D3BF759D78450B2F5ABD9F29B5EF91D684536 I

The Dr.Web Cureit will not run completely. It stall mid way while performing the "Express Scan". The computer freezes...I tried to run the scan 3 times and it happened all 3 times

Security Check Log: Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET NOD32 Antivirus 4.2 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 24 Java 6 Update 5 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 8 Adobe Reader out of Date! Mozilla Firefox (2.0.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 7% ````````````````````End of Log``````````````````````

Mbam Log: Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.09.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Joaquin :: HOME-8AE08796D2 [administrator] Protection: Enabled 12/9/2012 7:18:43 AM mbam-log-2012-12-09 (07-18-43).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 286621 Time elapsed: 40 minute(s), 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Combofix Log: ComboFix 12-12-04.01 - Joaquin 12/07/2012 17:29:13.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.394 [GMT -5:00] Running from: c:\documents and settings\Joaquin\Desktop\Combo-Fix.exe AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Joaquin\Application Data\C8B8ED c:\documents and settings\Joaquin\g2mdlhlpx.exe c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-11-07 to 2012-12-07 ))))))))))))))))))))))))))))))) . . 2012-12-04 08:11 . 2012-08-28 15:14 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-12-03 21:52 . 2012-12-03 21:52 14336 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-12-03 20:35 . 2012-12-03 20:35 -------- d-----w- C:\TDSSKiller_Quarantine 2012-12-03 20:27 . 2012-12-03 20:27 -------- d-----w- c:\program files\ERUNT 2012-12-03 19:27 . 2012-12-03 19:27 -------- d-----w- c:\documents and settings\Joaquin\Local Settings\Application Data\ESET 2012-12-03 19:12 . 2012-12-03 19:13 -------- d-----w- c:\documents and settings\Administrator 2012-12-03 19:06 . 2012-12-03 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-12-03 19:06 . 2012-12-03 19:06 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-22 08:37 . 2004-08-10 11:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-02 18:04 . 2004-08-10 11:00 58368 ----a-w- c:\windows\system32\synceng.dll 2009-03-21 15:01 . 2008-05-07 04:17 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-03-21 15:01 . 2008-05-07 04:17 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-03-21 15:01 . 2008-05-07 04:17 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-03-21 15:01 . 2008-05-07 04:17 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-03-21 15:01 . 2008-05-07 04:17 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdloader"="c:\documents and settings\Joaquin\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 50592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-21 118784] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-07 185896] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] . c:\documents and settings\Joaquin\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-4-18 147456] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-05-07 03:20 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Documents and Settings\\Joaquin\\Application Data\\mjusbsp\\magicJack.exe"= . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 12:31 PM 115008] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/3/2010 12:28 PM 95896] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/4/2010 5:15 PM 810144] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [12/3/2012 2:06 PM 35144] . Contents of the 'Scheduled Tasks' folder . 2012-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 23:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Joaquin\Application Data\Mozilla\Firefox\Profiles\x317rxl5.default\ . - - - - ORPHANS REMOVED - - - - . SafeBoot-26742650.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-07 17:38 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(832) c:\windows\system32\Ati2evxx.dll c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll c:\windows\System32\BCMLogon.dll . Completion time: 2012-12-07 17:40:51 ComboFix-quarantined-files.txt 2012-12-07 22:40 . Pre-Run: 60,471,128,064 bytes free Post-Run: 61,499,449,344 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 12854971C52DA09658DAA16B44C71A1D

aSWMBR Log: ftware Run date: 2012-12-07 16:58:50 ----------------------------- 16:58:50.055 OS Version: Windows 5.1.2600 Service Pack 3 16:58:50.055 Number of processors: 1 586 0x4C02 16:58:50.055 ComputerName: HOME-8AE08796D2 UserName: Joaquin 16:58:51.102 Initialize success 16:59:34.901 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 16:59:34.901 Disk 0 Vendor: TOSHIBA_MK8034GSX AH301D Size: 76319MB BusType: 3 16:59:34.932 Disk 0 MBR read successfully 16:59:34.932 Disk 0 MBR scan 16:59:34.932 Disk 0 Windows XP default MBR code 16:59:34.932 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63 16:59:34.932 Disk 0 scanning sectors +156280320 16:59:35.011 Disk 0 scanning C:\WINDOWS\system32\drivers 16:59:47.417 Service scanning 17:00:01.371 Modules scanning 17:00:09.668 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS** 17:00:11.090 Scan finished successfully 17:02:07.142 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Joaquin\Desktop\MBR.dat" 17:02:07.142 The log file has been saved successfully to "C:\Documents and Settings\Joaquin\Desktop\aswMBR.txt"

is this the log for TDSS? 15:31:45.0936 3060 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 15:31:46.0467 3060 ============================================================ 15:31:46.0467 3060 Current date / time: 2012/12/03 15:31:46.0467 15:31:46.0467 3060 SystemInfo: 15:31:46.0467 3060 15:31:46.0467 3060 OS Version: 5.1.2600 ServicePack: 3.0 15:31:46.0467 3060 Product type: Workstation 15:31:46.0467 3060 ComputerName: HOME-8AE08796D2 15:31:46.0467 3060 UserName: Joaquin 15:31:46.0467 3060 Windows directory: C:\WINDOWS 15:31:46.0467 3060 System windows directory: C:\WINDOWS 15:31:46.0467 3060 Processor architecture: Intel x86 15:31:46.0467 3060 Number of processors: 1 15:31:46.0467 3060 Page size: 0x1000 15:31:46.0467 3060 Boot type: Normal boot 15:31:46.0467 3060 ============================================================ 15:31:48.0749 3060 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 15:31:48.0749 3060 ============================================================ 15:31:48.0749 3060 \Device\Harddisk0\DR0: 15:31:48.0749 3060 MBR partitions: 15:31:48.0749 3060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1 15:31:48.0749 3060 ============================================================ 15:31:48.0796 3060 C: <-> \Device\Harddisk0\DR0\Partition1 15:31:48.0796 3060 ============================================================ 15:31:48.0796 3060 Initialize success 15:31:48.0796 3060 ============================================================ 15:32:31.0489 2888 ============================================================ 15:32:31.0489 2888 Scan started 15:32:31.0489 2888 Mode: Manual; 15:32:31.0489 2888 ============================================================ 15:32:31.0755 2888 ================ Scan system memory ======================== 15:32:31.0770 2888 System memory - ok 15:32:31.0770 2888 ================ Scan services ============================= 15:32:31.0833 2888 Abiosdsk - ok 15:32:31.0833 2888 abp480n5 - ok 15:32:31.0911 2888 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 15:32:31.0958 2888 ACPI - ok 15:32:31.0974 2888 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 15:32:31.0974 2888 ACPIEC - ok 15:32:31.0989 2888 adpu160m - ok 15:32:32.0020 2888 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 15:32:32.0052 2888 aec - ok 15:32:32.0114 2888 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 15:32:32.0114 2888 AFD - ok 15:32:32.0114 2888 Aha154x - ok 15:32:32.0130 2888 aic78u2 - ok 15:32:32.0146 2888 aic78xx - ok 15:32:32.0177 2888 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll 15:32:32.0177 2888 Alerter - ok 15:32:32.0208 2888 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe 15:32:32.0208 2888 ALG - ok 15:32:32.0224 2888 AliIde - ok 15:32:32.0239 2888 amsint - ok 15:32:32.0271 2888 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 15:32:32.0286 2888 APPDRV - ok 15:32:32.0396 2888 [ 1961CB10BB48EB4D97E37DB6373E9E63 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 15:32:32.0411 2888 Apple Mobile Device - ok 15:32:32.0458 2888 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 15:32:32.0458 2888 AppMgmt - ok 15:32:32.0474 2888 asc - ok 15:32:32.0474 2888 asc3350p - ok 15:32:32.0489 2888 asc3550 - ok 15:32:32.0599 2888 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 15:32:32.0614 2888 aspnet_state - ok 15:32:32.0661 2888 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:32:32.0677 2888 AsyncMac - ok 15:32:32.0708 2888 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 15:32:32.0708 2888 atapi - ok 15:32:32.0708 2888 Atdisk - ok 15:32:32.0755 2888 [ 8BB6A2488A93259FDDC18D040008C1A4 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe 15:32:32.0771 2888 Ati HotKey Poller - ok 15:32:32.0864 2888 [ E78B73EB84C257D0D940E041742D2699 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 15:32:32.0896 2888 ati2mtag - ok 15:32:32.0927 2888 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:32:32.0958 2888 Atmarpc - ok 15:32:33.0005 2888 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 15:32:33.0021 2888 AudioSrv - ok 15:32:33.0068 2888 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 15:32:33.0083 2888 audstub - ok 15:32:33.0161 2888 [ 30D20FC98BCFD52E1DA778CF19B223D4 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 15:32:33.0177 2888 BCM43XX - ok 15:32:33.0224 2888 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 15:32:33.0239 2888 bcm4sbxp - ok 15:32:33.0302 2888 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 15:32:33.0318 2888 Beep - ok 15:32:33.0396 2888 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll 15:32:33.0411 2888 BITS - ok 15:32:33.0474 2888 [ CFD4C3352E29A8B729536648466E8DF5 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 15:32:33.0474 2888 Bonjour Service - ok 15:32:33.0521 2888 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll 15:32:33.0536 2888 Browser - ok 15:32:33.0568 2888 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 15:32:33.0583 2888 cbidf2k - ok 15:32:33.0599 2888 cd20xrnt - ok 15:32:33.0599 2888 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 15:32:33.0614 2888 Cdaudio - ok 15:32:33.0646 2888 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 15:32:33.0677 2888 Cdfs - ok 15:32:33.0693 2888 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 15:32:33.0708 2888 Cdrom - ok 15:32:33.0739 2888 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys 15:32:33.0755 2888 cercsr6 - ok 15:32:33.0771 2888 Changer - ok 15:32:33.0786 2888 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe 15:32:33.0786 2888 CiSvc - ok 15:32:33.0802 2888 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 15:32:33.0802 2888 ClipSrv - ok 15:32:33.0833 2888 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:32:33.0864 2888 clr_optimization_v2.0.50727_32 - ok 15:32:33.0896 2888 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 15:32:33.0911 2888 CmBatt - ok 15:32:33.0927 2888 CmdIde - ok 15:32:33.0943 2888 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 15:32:33.0943 2888 Compbatt - ok 15:32:33.0958 2888 COMSysApp - ok 15:32:33.0974 2888 Cpqarray - ok 15:32:34.0005 2888 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 15:32:34.0005 2888 CryptSvc - ok 15:32:34.0021 2888 dac2w2k - ok 15:32:34.0021 2888 dac960nt - ok 15:32:34.0083 2888 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 15:32:34.0099 2888 DcomLaunch - ok 15:32:34.0146 2888 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 15:32:34.0161 2888 Dhcp - ok 15:32:34.0193 2888 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 15:32:34.0193 2888 Disk - ok 15:32:34.0271 2888 [ D8D58A84F3ECE3359DF95FD2E459B330 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS 15:32:34.0302 2888 DLABOIOM - ok 15:32:34.0318 2888 [ EC6AE8BC9F773382D2EED49E4DFDAE2A ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 15:32:34.0318 2888 DLACDBHM - ok 15:32:34.0333 2888 [ 27C78078BD9C4F2DE2AD3EB04BFE101B ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS 15:32:34.0333 2888 DLADResN - ok 15:32:34.0333 2888 [ 7F2D93E560B763EF5D11422D78DA8ED0 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 15:32:34.0365 2888 DLAIFS_M - ok 15:32:34.0380 2888 [ F643637DE6AAC57E38D197AA63D9EA74 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 15:32:34.0396 2888 DLAOPIOM - ok 15:32:34.0396 2888 [ 340705474807F57A46D59D18FC2959F1 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS 15:32:34.0427 2888 DLAPoolM - ok 15:32:34.0427 2888 [ 0605B66052F82B6F07204DBDB61C13FF ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS 15:32:34.0427 2888 DLARTL_N - ok 15:32:34.0443 2888 [ 6984EA763907C045CE813468882BC587 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 15:32:34.0474 2888 DLAUDFAM - ok 15:32:34.0474 2888 [ 12B30C449CFD36ADBED53EB6560933C6 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 15:32:34.0505 2888 DLAUDF_M - ok 15:32:34.0521 2888 dmadmin - ok 15:32:34.0568 2888 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 15:32:34.0615 2888 dmboot - ok 15:32:34.0646 2888 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys 15:32:34.0661 2888 dmio - ok 15:32:34.0677 2888 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 15:32:34.0677 2888 dmload - ok 15:32:34.0724 2888 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll 15:32:34.0724 2888 dmserver - ok 15:32:34.0740 2888 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 15:32:34.0740 2888 DMusic - ok 15:32:34.0802 2888 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 15:32:34.0802 2888 Dnscache - ok 15:32:34.0849 2888 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 15:32:34.0865 2888 Dot3svc - ok 15:32:34.0865 2888 dpti2o - ok 15:32:34.0880 2888 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 15:32:34.0896 2888 drmkaud - ok 15:32:34.0912 2888 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 15:32:34.0912 2888 DRVMCDB - ok 15:32:34.0927 2888 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 15:32:34.0927 2888 DRVNDDM - ok 15:32:34.0974 2888 [ 1CEB779239965000B8F6ADEE17D4515B ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys 15:32:34.0990 2888 eamon - ok 15:32:35.0005 2888 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll 15:32:35.0021 2888 EapHost - ok 15:32:35.0052 2888 [ 7D300A43A7BD8769E0F901BF9E1AE367 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys 15:32:35.0083 2888 ehdrv - ok 15:32:35.0177 2888 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe 15:32:35.0177 2888 ehRecvr - ok 15:32:35.0240 2888 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe 15:32:35.0240 2888 ehSched - ok 15:32:35.0302 2888 [ 1CD97C1DE1EA4C185D2B3FAC1F8513ED ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe 15:32:35.0318 2888 EhttpSrv - ok 15:32:35.0365 2888 [ E6A6E6D58A8DCB64A0FFBC43863D0A80 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe 15:32:35.0380 2888 ekrn - ok 15:32:35.0396 2888 [ ECD5F68E32FF5C6A728EB03DC892AE7F ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys 15:32:35.0443 2888 epfwtdir - ok 15:32:35.0490 2888 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll 15:32:35.0505 2888 ERSvc - ok 15:32:35.0552 2888 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe 15:32:35.0552 2888 Eventlog - ok 15:32:35.0615 2888 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll 15:32:35.0630 2888 EventSystem - ok 15:32:35.0630 2888 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 15:32:35.0662 2888 Fastfat - ok 15:32:35.0724 2888 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 15:32:35.0724 2888 FastUserSwitchingCompatibility - ok 15:32:35.0771 2888 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 15:32:35.0787 2888 Fdc - ok 15:32:35.0802 2888 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 15:32:35.0818 2888 Fips - ok 15:32:35.0834 2888 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 15:32:35.0849 2888 Flpydisk - ok 15:32:35.0896 2888 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 15:32:35.0896 2888 FltMgr - ok 15:32:35.0974 2888 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 15:32:35.0974 2888 FontCache3.0.0.0 - ok 15:32:36.0005 2888 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 15:32:36.0021 2888 Fs_Rec - ok 15:32:36.0037 2888 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:32:36.0037 2888 Ftdisk - ok 15:32:36.0084 2888 [ 5DC17164F66380CBFEFD895C18467773 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 15:32:36.0084 2888 GEARAspiWDM - ok 15:32:36.0130 2888 [ 9D28B83E5830C143C37D6678C7409304 ] GoToAssist C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe 15:32:36.0130 2888 GoToAssist - ok 15:32:36.0193 2888 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 15:32:36.0209 2888 Gpc - ok 15:32:36.0224 2888 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 15:32:36.0240 2888 HDAudBus - ok 15:32:36.0334 2888 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 15:32:36.0349 2888 helpsvc - ok 15:32:36.0349 2888 HidServ - ok 15:32:36.0412 2888 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 15:32:36.0427 2888 HidUsb - ok 15:32:36.0474 2888 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 15:32:36.0474 2888 hkmsvc - ok 15:32:36.0490 2888 hpn - ok 15:32:36.0568 2888 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys 15:32:36.0599 2888 HSF_DPV - ok 15:32:36.0630 2888 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys 15:32:36.0662 2888 HSXHWAZL - ok 15:32:36.0724 2888 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 15:32:36.0756 2888 HTTP - ok 15:32:36.0787 2888 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 15:32:36.0818 2888 HTTPFilter - ok 15:32:36.0818 2888 i2omgmt - ok 15:32:36.0834 2888 i2omp - ok 15:32:36.0865 2888 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 15:32:36.0896 2888 i8042prt - ok 15:32:36.0990 2888 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:32:37.0037 2888 idsvc - ok 15:32:37.0068 2888 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 15:32:37.0084 2888 Imapi - ok 15:32:37.0115 2888 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe 15:32:37.0131 2888 ImapiService - ok 15:32:37.0146 2888 ini910u - ok 15:32:37.0146 2888 IntelIde - ok 15:32:37.0193 2888 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 15:32:37.0240 2888 Ip6Fw - ok 15:32:37.0256 2888 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:32:37.0302 2888 IpFilterDriver - ok 15:32:37.0318 2888 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 15:32:37.0334 2888 IpInIp - ok 15:32:37.0365 2888 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 15:32:37.0396 2888 IpNat - ok 15:32:37.0459 2888 [ 1CB96E83FD76EB5580451CEF29E24303 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 15:32:37.0474 2888 iPod Service - ok 15:32:37.0490 2888 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 15:32:37.0521 2888 IPSec - ok 15:32:37.0537 2888 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 15:32:37.0568 2888 IRENUM - ok 15:32:37.0584 2888 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 15:32:37.0599 2888 isapnp - ok 15:32:37.0709 2888 [ 5E06A9D23727DAF96FAA796F1135FDCD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe 15:32:37.0709 2888 JavaQuickStarterService - ok 15:32:37.0740 2888 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:32:37.0756 2888 Kbdclass - ok 15:32:37.0803 2888 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 15:32:37.0803 2888 kmixer - ok 15:32:37.0834 2888 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 15:32:37.0849 2888 KSecDD - ok 15:32:37.0896 2888 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 15:32:37.0896 2888 lanmanserver - ok 15:32:37.0928 2888 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 15:32:37.0928 2888 lanmanworkstation - ok 15:32:37.0943 2888 lbrtfdc - ok 15:32:37.0990 2888 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 15:32:37.0990 2888 LmHosts - ok 15:32:38.0021 2888 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys 15:32:38.0021 2888 mbamchameleon - ok 15:32:38.0084 2888 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe 15:32:38.0084 2888 McrdSvc - ok 15:32:38.0084 2888 MCSTRM - ok 15:32:38.0115 2888 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 15:32:38.0115 2888 mdmxsdk - ok 15:32:38.0146 2888 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll 15:32:38.0162 2888 Messenger - ok 15:32:38.0193 2888 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll 15:32:38.0193 2888 MHN - ok 15:32:38.0209 2888 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys 15:32:38.0224 2888 MHNDRV - ok 15:32:38.0271 2888 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 15:32:38.0287 2888 mnmdd - ok 15:32:38.0318 2888 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 15:32:38.0318 2888 mnmsrvc - ok 15:32:38.0349 2888 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 15:32:38.0349 2888 Modem - ok 15:32:38.0365 2888 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 15:32:38.0396 2888 Mouclass - ok 15:32:38.0443 2888 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 15:32:38.0459 2888 mouhid - ok 15:32:38.0474 2888 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 15:32:38.0474 2888 MountMgr - ok 15:32:38.0490 2888 mraid35x - ok 15:32:38.0506 2888 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:32:38.0506 2888 MRxDAV - ok 15:32:38.0553 2888 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:32:38.0568 2888 MRxSmb - ok 15:32:38.0599 2888 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe 15:32:38.0599 2888 MSDTC - ok 15:32:38.0615 2888 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 15:32:38.0615 2888 Msfs - ok 15:32:38.0631 2888 MSIServer - ok 15:32:38.0678 2888 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 15:32:38.0693 2888 MSKSSRV - ok 15:32:38.0725 2888 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:32:38.0740 2888 MSPCLOCK - ok 15:32:38.0756 2888 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 15:32:38.0771 2888 MSPQM - ok 15:32:38.0803 2888 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:32:38.0818 2888 mssmbios - ok 15:32:38.0865 2888 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 15:32:38.0865 2888 Mup - ok 15:32:38.0943 2888 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll 15:32:38.0943 2888 napagent - ok 15:32:39.0006 2888 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 15:32:39.0006 2888 NDIS - ok 15:32:39.0037 2888 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:32:39.0068 2888 NdisTapi - ok 15:32:39.0100 2888 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:32:39.0115 2888 Ndisuio - ok 15:32:39.0115 2888 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:32:39.0146 2888 NdisWan - ok 15:32:39.0162 2888 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 15:32:39.0162 2888 NDProxy - ok 15:32:39.0178 2888 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 15:32:39.0178 2888 NetBIOS - ok 15:32:39.0209 2888 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 15:32:39.0240 2888 NetBT - ok 15:32:39.0287 2888 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe 15:32:39.0287 2888 NetDDE - ok 15:32:39.0303 2888 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 15:32:39.0303 2888 NetDDEdsdm - ok 15:32:39.0350 2888 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe 15:32:39.0350 2888 Netlogon - ok 15:32:39.0365 2888 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll 15:32:39.0381 2888 Netman - ok 15:32:39.0412 2888 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:32:39.0412 2888 NetTcpPortSharing - ok 15:32:39.0475 2888 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll 15:32:39.0475 2888 Nla - ok 15:32:39.0521 2888 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 15:32:39.0521 2888 Npfs - ok 15:32:39.0568 2888 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 15:32:39.0584 2888 Ntfs - ok 15:32:39.0600 2888 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 15:32:39.0600 2888 NtLmSsp - ok 15:32:39.0647 2888 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 15:32:39.0647 2888 NtmsSvc - ok 15:32:39.0678 2888 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 15:32:39.0709 2888 Null - ok 15:32:39.0756 2888 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:32:39.0772 2888 NwlnkFlt - ok 15:32:39.0787 2888 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:32:39.0803 2888 NwlnkFwd - ok 15:32:39.0818 2888 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys 15:32:39.0850 2888 Parport - ok 15:32:39.0850 2888 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 15:32:39.0850 2888 PartMgr - ok 15:32:39.0897 2888 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 15:32:39.0912 2888 ParVdm - ok 15:32:39.0928 2888 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 15:32:39.0928 2888 PCI - ok 15:32:39.0928 2888 PCIDump - ok 15:32:39.0959 2888 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 15:32:39.0959 2888 PCIIde - ok 15:32:39.0959 2888 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 15:32:40.0006 2888 Pcmcia - ok 15:32:40.0022 2888 PDCOMP - ok 15:32:40.0022 2888 PDFRAME - ok 15:32:40.0037 2888 PDRELI - ok 15:32:40.0037 2888 PDRFRAME - ok 15:32:40.0053 2888 perc2 - ok 15:32:40.0068 2888 perc2hib - ok 15:32:40.0115 2888 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe 15:32:40.0115 2888 PlugPlay - ok 15:32:40.0115 2888 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 15:32:40.0131 2888 PolicyAgent - ok 15:32:40.0178 2888 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 15:32:40.0209 2888 PptpMiniport - ok 15:32:40.0225 2888 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys 15:32:40.0240 2888 Processor - ok 15:32:40.0256 2888 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 15:32:40.0256 2888 ProtectedStorage - ok 15:32:40.0272 2888 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 15:32:40.0303 2888 PSched - ok 15:32:40.0318 2888 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 15:32:40.0334 2888 Ptilink - ok 15:32:40.0365 2888 [ 7C81AE3C9B82BA2DA437ED4D31BC56CF ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 15:32:40.0365 2888 PxHelp20 - ok 15:32:40.0365 2888 ql1080 - ok 15:32:40.0381 2888 Ql10wnt - ok 15:32:40.0397 2888 ql12160 - ok 15:32:40.0397 2888 ql1240 - ok 15:32:40.0412 2888 ql1280 - ok 15:32:40.0443 2888 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 15:32:40.0459 2888 RasAcd - ok 15:32:40.0506 2888 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll 15:32:40.0522 2888 RasAuto - ok 15:32:40.0537 2888 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:32:40.0553 2888 Rasl2tp - ok 15:32:40.0615 2888 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll 15:32:40.0615 2888 RasMan - ok 15:32:40.0631 2888 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:32:40.0647 2888 RasPppoe - ok 15:32:40.0662 2888 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 15:32:40.0678 2888 Raspti - ok 15:32:40.0725 2888 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 15:32:40.0725 2888 Rdbss - ok 15:32:40.0740 2888 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:32:40.0756 2888 RDPCDD - ok 15:32:40.0787 2888 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 15:32:40.0803 2888 rdpdr - ok 15:32:40.0850 2888 [ 5B3055DAA788BD688594D2F5981F2A83 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 15:32:40.0850 2888 RDPWD - ok 15:32:40.0897 2888 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 15:32:40.0897 2888 RDSessMgr - ok 15:32:40.0912 2888 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 15:32:40.0944 2888 redbook - ok 15:32:40.0975 2888 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 15:32:40.0975 2888 RemoteAccess - ok 15:32:41.0006 2888 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 15:32:41.0006 2888 RemoteRegistry - ok 15:32:41.0022 2888 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe 15:32:41.0022 2888 RpcLocator - ok 15:32:41.0069 2888 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll 15:32:41.0069 2888 RpcSs - ok 15:32:41.0115 2888 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe 15:32:41.0131 2888 RSVP - ok 15:32:41.0147 2888 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe 15:32:41.0147 2888 SamSs - ok 15:32:41.0162 2888 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 15:32:41.0162 2888 SCardSvr - ok 15:32:41.0225 2888 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll 15:32:41.0240 2888 Schedule - ok 15:32:41.0287 2888 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys 15:32:41.0350 2888 sdbus - ok 15:32:41.0381 2888 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 15:32:41.0412 2888 Secdrv - ok 15:32:41.0428 2888 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll 15:32:41.0444 2888 seclogon - ok 15:32:41.0459 2888 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll 15:32:41.0475 2888 SENS - ok 15:32:41.0506 2888 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys 15:32:41.0553 2888 Serial - ok 15:32:41.0631 2888 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys 15:32:41.0647 2888 sffdisk - ok 15:32:41.0678 2888 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 15:32:41.0694 2888 sffp_sd - ok 15:32:41.0725 2888 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 15:32:41.0741 2888 Sfloppy - ok 15:32:41.0803 2888 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 15:32:41.0819 2888 SharedAccess - ok 15:32:41.0834 2888 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 15:32:41.0850 2888 ShellHWDetection - ok 15:32:41.0850 2888 Simbad - ok 15:32:41.0866 2888 Sparrow - ok 15:32:41.0897 2888 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 15:32:41.0912 2888 splitter - ok 15:32:41.0959 2888 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 15:32:41.0959 2888 Spooler - ok 15:32:41.0991 2888 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 15:32:41.0991 2888 sr - ok 15:32:42.0053 2888 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll 15:32:42.0053 2888 srservice - ok 15:32:42.0131 2888 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 15:32:42.0131 2888 Srv - ok 15:32:42.0178 2888 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 15:32:42.0178 2888 SSDPSRV - ok 15:32:42.0287 2888 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys 15:32:42.0366 2888 STHDA - ok 15:32:42.0428 2888 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll 15:32:42.0444 2888 stisvc - ok 15:32:42.0491 2888 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 15:32:42.0506 2888 swenum - ok 15:32:42.0538 2888 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 15:32:42.0584 2888 swmidi - ok 15:32:42.0600 2888 SwPrv - ok 15:32:42.0600 2888 symc810 - ok 15:32:42.0616 2888 symc8xx - ok 15:32:42.0631 2888 sym_hi - ok 15:32:42.0647 2888 sym_u3 - ok 15:32:42.0694 2888 [ FA2DAA32BED908023272A0F77D625DAE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys 15:32:42.0725 2888 SynTP - ok 15:32:42.0741 2888 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 15:32:42.0756 2888 sysaudio - ok 15:32:42.0772 2888 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 15:32:42.0788 2888 SysmonLog - ok 15:32:42.0819 2888 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 15:32:42.0819 2888 TapiSrv - ok 15:32:42.0881 2888 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 15:32:42.0881 2888 Tcpip - ok 15:32:42.0913 2888 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 15:32:42.0928 2888 TDPIPE - ok 15:32:42.0928 2888 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 15:32:42.0959 2888 TDTCP - ok 15:32:42.0975 2888 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 15:32:43.0022 2888 TermDD - ok 15:32:43.0084 2888 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll 15:32:43.0100 2888 TermService - ok 15:32:43.0116 2888 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll 15:32:43.0116 2888 Themes - ok 15:32:43.0163 2888 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 15:32:43.0163 2888 TlntSvr - ok 15:32:43.0178 2888 TosIde - ok 15:32:43.0209 2888 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll 15:32:43.0209 2888 TrkWks - ok 15:32:43.0225 2888 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 15:32:43.0256 2888 Udfs - ok 15:32:43.0256 2888 ultra - ok 15:32:43.0319 2888 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 15:32:43.0366 2888 Update - ok 15:32:43.0397 2888 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll 15:32:43.0413 2888 upnphost - ok 15:32:43.0413 2888 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe 15:32:43.0428 2888 UPS - ok 15:32:43.0475 2888 [ F340199E8CB097E1ACD58A967C665919 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys 15:32:43.0491 2888 USBAAPL - ok 15:32:43.0522 2888 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 15:32:43.0553 2888 usbaudio - ok 15:32:43.0600 2888 [ D9F3BB7C292F194F3B053CE295754EB8 ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys 15:32:43.0600 2888 usbbus - ok 15:32:43.0631 2888 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 15:32:43.0647 2888 usbccgp - ok 15:32:43.0678 2888 [ C4F77DA649F99FAD116EA585376FC164 ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys 15:32:43.0710 2888 UsbDiag - ok 15:32:43.0741 2888 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 15:32:43.0756 2888 usbehci - ok 15:32:43.0772 2888 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 15:32:43.0788 2888 usbhub - ok 15:32:43.0819 2888 [ C0613CE45E617BC671DE8EBB1B30D175 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys 15:32:43.0819 2888 USBModem - ok 15:32:43.0850 2888 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys 15:32:43.0866 2888 usbohci - ok 15:32:43.0897 2888 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 15:32:43.0913 2888 usbscan - ok 15:32:43.0944 2888 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:32:43.0960 2888 USBSTOR - ok 15:32:43.0991 2888 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 15:32:44.0006 2888 VgaSave - ok 15:32:44.0022 2888 ViaIde - ok 15:32:44.0038 2888 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 15:32:44.0038 2888 VolSnap - ok 15:32:44.0100 2888 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe 15:32:44.0116 2888 VSS - ok 15:32:44.0194 2888 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll 15:32:44.0194 2888 W32Time - ok 15:32:44.0241 2888 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 15:32:44.0257 2888 Wanarp - ok 15:32:44.0272 2888 WDICA - ok 15:32:44.0288 2888 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 15:32:44.0303 2888 wdmaud - ok 15:32:44.0335 2888 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll 15:32:44.0335 2888 WebClient - ok 15:32:44.0382 2888 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 15:32:44.0413 2888 winachsf - ok 15:32:44.0507 2888 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 15:32:44.0522 2888 winmgmt - ok 15:32:44.0538 2888 wltrysvc - ok 15:32:44.0569 2888 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 15:32:44.0569 2888 WmdmPmSN - ok 15:32:44.0616 2888 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll 15:32:44.0632 2888 Wmi - ok 15:32:44.0647 2888 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 15:32:44.0663 2888 WmiAcpi - ok 15:32:44.0694 2888 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 15:32:44.0694 2888 WmiApSrv - ok 15:32:44.0819 2888 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe 15:32:44.0850 2888 WMPNetworkSvc - ok 15:32:44.0882 2888 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys 15:32:44.0882 2888 WpdUsb - ok 15:32:44.0944 2888 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll 15:32:44.0944 2888 wscsvc - ok 15:32:44.0960 2888 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll 15:32:44.0991 2888 wuauserv - ok 15:32:45.0022 2888 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 15:32:45.0038 2888 WudfPf - ok 15:32:45.0069 2888 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 15:32:45.0069 2888 WudfRd - ok 15:32:45.0085 2888 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 15:32:45.0085 2888 WudfSvc - ok 15:32:45.0147 2888 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 15:32:45.0163 2888 WZCSVC - ok 15:32:45.0163 2888 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 15:32:45.0179 2888 xmlprov - ok 15:32:45.0194 2888 ================ Scan global =============================== 15:32:45.0257 2888 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll 15:32:45.0304 2888 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 15:32:45.0335 2888 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 15:32:45.0350 2888 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe 15:32:45.0350 2888 [Global] - ok 15:32:45.0366 2888 ================ Scan MBR ================================== 15:32:45.0366 2888 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 15:32:45.0366 2888 Suspicious mbr (Forged): \Device\Harddisk0\DR0 15:32:45.0382 2888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 15:32:45.0382 2888 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 15:32:45.0397 2888 ================ Scan VBR ================================== 15:32:45.0397 2888 [ 71FAA3142DDC3CC757063053085BA61B ] \Device\Harddisk0\DR0\Partition1 15:32:45.0397 2888 \Device\Harddisk0\DR0\Partition1 - ok 15:32:45.0397 2888 ============================================================ 15:32:45.0397 2888 Scan finished 15:32:45.0397 2888 ============================================================ 15:32:45.0413 2608 Detected object count: 1 15:32:45.0413 2608 Actual detected object count: 1 15:35:23.0200 2608 \Device\Harddisk0\DR0\# - copied to quarantine 15:35:23.0200 2608 \Device\Harddisk0\DR0 - copied to quarantine 15:35:23.0231 2608 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 15:35:23.0262 2608 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 15:35:23.0278 2608 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 15:35:23.0294 2608 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 15:35:23.0309 2608 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 15:35:23.0356 2608 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 15:35:23.0356 2608 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 15:35:23.0372 2608 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 15:35:23.0372 2608 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 15:35:23.0372 2608 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 15:35:23.0372 2608 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 15:35:23.0372 2608 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 15:35:23.0387 2608 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 15:35:23.0419 2608 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 15:35:23.0419 2608 \Device\Harddisk0\DR0 - ok 15:35:23.0419 2608 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 15:35:29.0013 2160 Deinitialize success

RogueKiller Log RogueKiller V8.3.1 [Dec 2 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Joaquin [Admin rights] Mode : Scan -- Date : 12/03/2012 16:53:11 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK8034GSX +++++ --- User --- [MBR] 9a154a23176dc6e2810ce6bf0e8b3706 [bSP] 0865dbc3033a5b0d1557ae0b87d99f0b : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_12032012_02d1653.txt >> RKreport[1]_S_12032012_02d1653.txt

Hello Maurice... do I need to uninstall ESET prior to all this?

I am running Windows XP Media Edition. ESET came back with "win32/01marik.tdl4" trojan infection as well as a detection for ..."newgenerationp.com/x". I downloaded Mbar and it came back with the following logs... mbar log: Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.12.03.11 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Joaquin :: HOME-8AE08796D2 [administrator] 12/3/2012 2:45:57 PM mbar-log-2012-12-03 (14-45-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 26068 Time elapsed: 24 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Bootstrap_0_0_44_infected.mbam (Rootkit.Pihar.c.MBR) -> Delete on reboot. [6fc15857440feacd8fcdb372e06b3ab0] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Rootkit.Pihar.c.MBR) -> Delete on reboot. [9a154a23176dc6e2810ce6bf0e8b3706] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_156301151_user.mbam (Forged physical sector) -> Delete on reboot. [8240dd042845ebed5e91aabb51877474] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_156301177_user.mbam (Forged physical sector) -> Delete on reboot. [f036c0faf257caa4615e044197964be8] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_156301279_user.mbam (Forged physical sector) -> Delete on reboot. [a5443992b8a3e8faa46a5b77afc914c8] (end) System log: alwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_24 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.994000 GHz Memory total: 937385984, free: 194953216 ------------ Kernel report ------------ 12/03/2012 14:06:41 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys compbatt.sys \WINDOWS\system32\DRIVERS\BATTC.SYS pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys dmload.sys dmio.sys ACPIEC.sys \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS PartMgr.sys VolSnap.sys atapi.sys cercsr6.sys \WINDOWS\System32\Drivers\SCSIPORT.SYS disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys DRVMCDB.SYS PxHelp20.sys KSecDD.sys Ntfs.sys NDIS.sys Mup.sys \SystemRoot\system32\DRIVERS\processr.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\ati2mtag.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\bcmwl5.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\System32\Drivers\DLACDBHM.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\System32\Drivers\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\bcm4sbxp.sys \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\HSXHWAZL.sys \SystemRoot\system32\DRIVERS\HSX_DPV.sys \SystemRoot\system32\DRIVERS\HSX_CNXT.sys \SystemRoot\System32\Drivers\Modem.SYS \SystemRoot\system32\drivers\sthda.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\Drivers\DLARTL_N.SYS \SystemRoot\system32\DRIVERS\ehdrv.sys \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\epfwtdir.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\ati2dvag.dll \SystemRoot\System32\ati2cqag.dll \SystemRoot\System32\atikvmag.dll \SystemRoot\System32\ati3duag.dll \SystemRoot\System32\ativvaxx.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\eamon.sys \SystemRoot\System32\Drivers\DRVNDDM.SYS \SystemRoot\System32\DLA\DLADResN.SYS \SystemRoot\System32\DLA\DLAIFS_M.SYS \SystemRoot\System32\DLA\DLAOPIOM.SYS \SystemRoot\System32\DLA\DLAPoolM.SYS \SystemRoot\System32\DLA\DLABOIOM.SYS \SystemRoot\System32\DLA\DLAUDFAM.SYS \SystemRoot\System32\DLA\DLAUDF_M.SYS \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\mdmxsdk.sys \SystemRoot\system32\DRIVERS\srv.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8572eab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: Unknown Lower Device Object: 0xffffffff85788b00 Lower Device Driver Name: Unknown Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 Downloaded database version: v2012.12.03.11 Downloaded database version: v2012.11.30.01 Initializing... Done! Scanning directory: C:\WINDOWS\system32\drivers... <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8572eab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff85783e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8572eab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff85788b00, DeviceName: Unknown, DriverName: Unknown ------------ End ---------- Upper DeviceData: 0xffffffffe1c6ef88, 0xffffffff8572eab8, 0xffffffff845b7040 Lower DeviceData: 0xffffffffe2c0f308, 0xffffffff85788b00, 0xffffffff84635378 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: E686F016 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 156280257 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_24 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.994000 GHz Memory total: 937385984, free: 399478784 ------------ Kernel report ------------ 12/03/2012 14:20:17 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys compbatt.sys \WINDOWS\system32\DRIVERS\BATTC.SYS pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys dmload.sys dmio.sys ACPIEC.sys \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS PartMgr.sys VolSnap.sys atapi.sys cercsr6.sys \WINDOWS\System32\Drivers\SCSIPORT.SYS disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys DRVMCDB.SYS PxHelp20.sys KSecDD.sys Ntfs.sys NDIS.sys Mup.sys \SystemRoot\system32\DRIVERS\processr.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\ati2mtag.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\bcmwl5.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\System32\Drivers\DLACDBHM.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\System32\Drivers\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\bcm4sbxp.sys \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\HSXHWAZL.sys \SystemRoot\system32\DRIVERS\HSX_DPV.sys \SystemRoot\system32\DRIVERS\HSX_CNXT.sys \SystemRoot\System32\Drivers\Modem.SYS \SystemRoot\system32\drivers\sthda.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\Drivers\DLARTL_N.SYS \SystemRoot\system32\DRIVERS\ehdrv.sys \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\epfwtdir.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\ati2dvag.dll \SystemRoot\System32\ati2cqag.dll \SystemRoot\System32\atikvmag.dll \SystemRoot\System32\ati3duag.dll \SystemRoot\System32\ativvaxx.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\eamon.sys \SystemRoot\System32\Drivers\DRVNDDM.SYS \SystemRoot\System32\DLA\DLADResN.SYS \SystemRoot\System32\DLA\DLAIFS_M.SYS \SystemRoot\System32\DLA\DLAOPIOM.SYS \SystemRoot\System32\DLA\DLAPoolM.SYS \SystemRoot\System32\DLA\DLABOIOM.SYS \SystemRoot\System32\DLA\DLAUDFAM.SYS \SystemRoot\System32\DLA\DLAUDF_M.SYS \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\mdmxsdk.sys \SystemRoot\system32\DRIVERS\srv.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff85781ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: Unknown Lower Device Object: 0xffffffff85728b00 Lower Device Driver Name: Unknown Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 Initializing... Done! Scanning directory: C:\WINDOWS\system32\drivers... <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff85781ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8571f958, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff85781ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff85728b00, DeviceName: Unknown, DriverName: Unknown ------------ End ---------- Upper DeviceData: 0xffffffffe25b2e88, 0xffffffff85781ab8, 0xffffffff84788608 Lower DeviceData: 0xffffffffe1660868, 0xffffffff85728b00, 0xffffffff854f5040 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... MBR is forged! Inspecting partition table: MBR Signature: 55AA Disk Signature: E686F016 Partition information: Partition 0 type is Empty (0x0) Partition is ACTIVE. Partition starts at LBA: 44 Numsec = 0 Partition is not bootable Infected: VBR on Empty active partition --> [Rootkit.Pihar.c.MBR] Changing partition to empty and not active. New active partition is 0 on drive 0 ... Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 156280257 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 MBR infection found on drive 0 Disk Size: 80026361856 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-43-156281488-156301488)... Sector 156301151 --> [Forged physical sector] Sector 156301152 --> [Forged physical sector] Sector 156301153 --> [Forged physical sector] Sector 156301154 --> [Forged physical sector] Sector 156301155 --> [Forged physical sector] Sector 156301156 --> [Forged physical sector] Sector 156301157 --> [Forged physical sector] here I deleted the lines because here were written all the sector's string and the post was too long Done! Performing system, memory and registry scan... Done! Scan finished