[HELP Infected win32/01marik.tdl4 trojan]

The system seems to be operating ok Though I have not been using it?

From the Eset Log:

"C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan (unable to clean) BD1D3BF759D78450B2F5ABD9F29B5EF91D684536 I

C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (unable to clean) F281E8D97D77A6578BF8EA9290BEF4BBE02EF3FE I

C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan (unable to clean) F7F17F266BD9A76D66E4F4F8511CA12101A57FC5 I

C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan (unable to clean) DBDF099D4D9921EA809AB857CF1CA9776E109FD3 I

C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan (unable to clean) F6FE0B6B7C92FEF6CBA3DB3D1435AC00F27F7EA1 I

C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan (unable to clean) 5F329A1069EB6A8151C2CA3E589DBF1B481B50A2 I

C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0012.dta a variant of Win32/Olmarik.AYI trojan (unable to clean) BD1D3BF759D78450B2F5ABD9F29B5EF91D684536 I "

Does this no longer pose a threat?

[HELP Infected win32/01marik.tdl4 trojan]

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=8

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=ee38e376f834394eaf724efacf4b9fb6

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-12-18 07:09:26

# local_time=2012-12-18 02:09:26 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8199 16776701 100 100 0 74079686 0 0

# scanned=58621

# found=7

# cleaned=0

# scan_time=3089

# nod_component=V3 Build:0x30000000

C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan (unable to clean) BD1D3BF759D78450B2F5ABD9F29B5EF91D684536 I

C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (unable to clean) F281E8D97D77A6578BF8EA9290BEF4BBE02EF3FE I

C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan (unable to clean) F7F17F266BD9A76D66E4F4F8511CA12101A57FC5 I

C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan (unable to clean) DBDF099D4D9921EA809AB857CF1CA9776E109FD3 I

C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan (unable to clean) F6FE0B6B7C92FEF6CBA3DB3D1435AC00F27F7EA1 I

C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan (unable to clean) 5F329A1069EB6A8151C2CA3E589DBF1B481B50A2 I

C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0012.dta a variant of Win32/Olmarik.AYI trojan (unable to clean) BD1D3BF759D78450B2F5ABD9F29B5EF91D684536 I

# version=8

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=ee38e376f834394eaf724efacf4b9fb6

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-12-18 08:04:02

# local_time=2012-12-18 03:04:02 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8199 16776701 100 100 0 74082962 0 0

# scanned=58633

# found=7

# cleaned=0

# scan_time=3021

# nod_component=V3 Build:0x30000000

C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan (unable to clean) BD1D3BF759D78450B2F5ABD9F29B5EF91D684536 I

C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (unable to clean) F281E8D97D77A6578BF8EA9290BEF4BBE02EF3FE I

C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan (unable to clean) F7F17F266BD9A76D66E4F4F8511CA12101A57FC5 I

C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan (unable to clean) DBDF099D4D9921EA809AB857CF1CA9776E109FD3 I

C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan (unable to clean) F6FE0B6B7C92FEF6CBA3DB3D1435AC00F27F7EA1 I

C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan (unable to clean) 5F329A1069EB6A8151C2CA3E589DBF1B481B50A2 I

C:\TDSSKiller_Quarantine\03.12.2012_15.31.46\mbr0000\tdlfs0000\tsk0012.dta a variant of Win32/Olmarik.AYI trojan (unable to clean) BD1D3BF759D78450B2F5ABD9F29B5EF91D684536 I

[HELP Infected win32/01marik.tdl4 trojan]

{{ ping }}

Are you still with me ? Please provide a status update.

The Dr.Web Cureit will not run completely. It stall mid way while performing the "Express Scan". The computer freezes...I tried to run the scan 3 times and it happened all 3 times

[HELP Infected win32/01marik.tdl4 trojan]

Security Check Log:

Results of screen317's Security Check version 0.99.56

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

ESET NOD32 Antivirus 4.2

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Java 6 Update 24

Java 6 Update 5

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Reader 8 Adobe Reader out of Date!

Mozilla Firefox (2.0.0 Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

ESET NOD32 Antivirus egui.exe

ESET NOD32 Antivirus ekrn.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 7%

````````````````````End of Log``````````````````````

[HELP Infected win32/01marik.tdl4 trojan]

Mbam Log:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.09.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Joaquin :: HOME-8AE08796D2 [administrator]

Protection: Enabled

12/9/2012 7:18:43 AM

mbam-log-2012-12-09 (07-18-43).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 286621

Time elapsed: 40 minute(s), 35 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[HELP Infected win32/01marik.tdl4 trojan]

_{Combofix Log:}

_{ComboFix 12-12-04.01 - Joaquin 12/07/2012 17:29:13.1.1 - x86}

_{Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.394 [GMT -5:00]}

_{Running from: c:\documents and settings\Joaquin\Desktop\Combo-Fix.exe}

_{AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}}

_.

_.

_{((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))}

_.

_.

_{c:\documents and settings\Joaquin\Application Data\C8B8ED}

_{c:\documents and settings\Joaquin\g2mdlhlpx.exe}

_{c:\windows\system32\URTTemp}

_{c:\windows\system32\URTTemp\fusion.dll}

_{c:\windows\system32\URTTemp\mscoree.dll}

_{c:\windows\system32\URTTemp\mscoree.dll.local}

_{c:\windows\system32\URTTemp\mscorsn.dll}

_{c:\windows\system32\URTTemp\mscorwks.dll}

_{c:\windows\system32\URTTemp\msvcr71.dll}

_{c:\windows\system32\URTTemp\regtlib.exe}

_.

_.

_{((((((((((((((((((((((((( Files Created from 2012-11-07 to 2012-12-07 )))))))))))))))))))))))))))))))}

_.

_.

_{2012-12-04 08:11 . 2012-08-28 15:14 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll}

_{2012-12-03 21:52 . 2012-12-03 21:52 14336 ----a-w- c:\windows\system32\drivers\TrueSight.sys}

_{2012-12-03 20:35 . 2012-12-03 20:35 -------- d-----w- C:\TDSSKiller_Quarantine}

_{2012-12-03 20:27 . 2012-12-03 20:27 -------- d-----w- c:\program files\ERUNT}

_{2012-12-03 19:27 . 2012-12-03 19:27 -------- d-----w- c:\documents and settings\Joaquin\Local Settings\Application Data\ESET}

_{2012-12-03 19:12 . 2012-12-03 19:13 -------- d-----w- c:\documents and settings\Administrator}

_{2012-12-03 19:06 . 2012-12-03 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes}

_{2012-12-03 19:06 . 2012-12-03 19:06 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys}

_.

_.

_.

_{(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))}

_.

_{2012-10-22 08:37 . 2004-08-10 11:00 1866368 ----a-w- c:\windows\system32\win32k.sys}

_{2012-10-02 18:04 . 2004-08-10 11:00 58368 ----a-w- c:\windows\system32\synceng.dll}

_{2009-03-21 15:01 . 2008-05-07 04:17 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll}

_{2009-03-21 15:01 . 2008-05-07 04:17 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll}

_{2009-03-21 15:01 . 2008-05-07 04:17 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll}

_{2009-03-21 15:01 . 2008-05-07 04:17 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll}

_{2009-03-21 15:01 . 2008-05-07 04:17 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll}

_.

_.

_{((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))}

_.

_.

_{*Note* empty entries & legit default entries are not shown}

_REGEDIT4

_.

_{[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]}

_{"cdloader"="c:\documents and settings\Joaquin\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 50592]}

_.

_{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]}

_{"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]}

_{"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]}

_{"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]}

_{"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]}

_{"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]}

_{"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]}

_{"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-21 118784]}

_{"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]}

_{"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]}

_{"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]}

_{"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-07 185896]}

_{"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]}

_{"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]}

_{"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]}

_{"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]}

_{"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]}

_.

_{c:\documents and settings\Joaquin\Start Menu\Programs\Startup\}

_{ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]}

_{LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-4-18 147456]}

_.

_{[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]}

_{2008-05-07 03:20 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll}

_.

_{[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]}

_{"%windir%\\system32\\sessmgr.exe"=}

_{"%windir%\\Network Diagnostic\\xpnetdiag.exe"=}

_{"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=}

_{"c:\\Program Files\\iTunes\\iTunes.exe"=}

_{"c:\\Program Files\\LimeWire\\LimeWire.exe"=}

_{"c:\\Program Files\\Messenger\\msmsgs.exe"=}

_{"c:\\Documents and Settings\\Joaquin\\Application Data\\mjusbsp\\magicJack.exe"=}

_.

_{R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 12:31 PM 115008]}

_{R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/3/2010 12:28 PM 95896]}

_{R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/4/2010 5:15 PM 810144]}

_{S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [12/3/2012 2:06 PM 35144]}

_.

_{Contents of the 'Scheduled Tasks' folder}

_.

_{2012-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job}

_{- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 23:57]}

_.

_.

_{------- Supplementary Scan -------}

_.

_{uStart Page = hxxp://www.yahoo.com/}

_{uInternet Settings,ProxyOverride = *.local}

_{TCP: DhcpNameServer = 192.168.1.254}

_{FF - ProfilePath - c:\documents and settings\Joaquin\Application Data\Mozilla\Firefox\Profiles\x317rxl5.default\}

_.

_{- - - - ORPHANS REMOVED - - - -}

_.

_{SafeBoot-26742650.sys}

_.

_.

_.

_{**************************************************************************}

_.

_{catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net}

_{Rootkit scan 2012-12-07 17:38}

_{Windows 5.1.2600 Service Pack 3 NTFS}

_.

_{scanning hidden processes ...}

_.

_{scanning hidden autostart entries ...}

_.

_{scanning hidden files ...}

_.

_{scan completed successfully}

_{hidden files: 0}

_.

_{**************************************************************************}

_.

_{--------------------- DLLs Loaded Under Running Processes ---------------------}

_.

_{- - - - - - - > 'winlogon.exe'(832)}

_{c:\windows\system32\Ati2evxx.dll}

_{c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll}

_{c:\windows\System32\BCMLogon.dll}

_.

_{Completion time: 2012-12-07 17:40:51}

_{ComboFix-quarantined-files.txt 2012-12-07 22:40}

_.

_{Pre-Run: 60,471,128,064 bytes free}

_{Post-Run: 61,499,449,344 bytes free}

_.

_{WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe}

_{[boot loader]}

_timeout=2

_{default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS}

_{[operating systems]}

_{c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons}

_{UnsupportedDebug="do not select this" /debug}

_{multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect}

_{multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect}

_.

_{- - End Of File - - 12854971C52DA09658DAA16B44C71A1D}

[HELP Infected win32/01marik.tdl4 trojan]

aSWMBR Log:

ftware

Run date: 2012-12-07 16:58:50

-----------------------------

16:58:50.055 OS Version: Windows 5.1.2600 Service Pack 3

16:58:50.055 Number of processors: 1 586 0x4C02

16:58:50.055 ComputerName: HOME-8AE08796D2 UserName: Joaquin

16:58:51.102 Initialize success

16:59:34.901 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

16:59:34.901 Disk 0 Vendor: TOSHIBA_MK8034GSX AH301D Size: 76319MB BusType: 3

16:59:34.932 Disk 0 MBR read successfully

16:59:34.932 Disk 0 MBR scan

16:59:34.932 Disk 0 Windows XP default MBR code

16:59:34.932 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63

16:59:34.932 Disk 0 scanning sectors +156280320

16:59:35.011 Disk 0 scanning C:\WINDOWS\system32\drivers

16:59:47.417 Service scanning

17:00:01.371 Modules scanning

17:00:09.668 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**

17:00:11.090 Scan finished successfully

17:02:07.142 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Joaquin\Desktop\MBR.dat"

17:02:07.142 The log file has been saved successfully to "C:\Documents and Settings\Joaquin\Desktop\aswMBR.txt"

[HELP Infected win32/01marik.tdl4 trojan]

is this the log for TDSS?

15:31:45.0936 3060 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

15:31:46.0467 3060 ============================================================

15:31:46.0467 3060 Current date / time: 2012/12/03 15:31:46.0467

15:31:46.0467 3060 SystemInfo:

15:31:46.0467 3060

15:31:46.0467 3060 OS Version: 5.1.2600 ServicePack: 3.0

15:31:46.0467 3060 Product type: Workstation

15:31:46.0467 3060 ComputerName: HOME-8AE08796D2

15:31:46.0467 3060 UserName: Joaquin

15:31:46.0467 3060 Windows directory: C:\WINDOWS

15:31:46.0467 3060 System windows directory: C:\WINDOWS

15:31:46.0467 3060 Processor architecture: Intel x86

15:31:46.0467 3060 Number of processors: 1

15:31:46.0467 3060 Page size: 0x1000

15:31:46.0467 3060 Boot type: Normal boot

15:31:46.0467 3060 ============================================================

15:31:48.0749 3060 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

15:31:48.0749 3060 ============================================================

15:31:48.0749 3060 \Device\Harddisk0\DR0:

15:31:48.0749 3060 MBR partitions:

15:31:48.0749 3060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1

15:31:48.0749 3060 ============================================================

15:31:48.0796 3060 C: <-> \Device\Harddisk0\DR0\Partition1

15:31:48.0796 3060 ============================================================

15:31:48.0796 3060 Initialize success

15:31:48.0796 3060 ============================================================

15:32:31.0489 2888 ============================================================

15:32:31.0489 2888 Scan started

15:32:31.0489 2888 Mode: Manual;

15:32:31.0489 2888 ============================================================

15:32:31.0755 2888 ================ Scan system memory ========================

15:32:31.0770 2888 System memory - ok

15:32:31.0770 2888 ================ Scan services =============================

15:32:31.0833 2888 Abiosdsk - ok

15:32:31.0833 2888 abp480n5 - ok

15:32:31.0911 2888 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:32:31.0958 2888 ACPI - ok

15:32:31.0974 2888 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

15:32:31.0974 2888 ACPIEC - ok

15:32:31.0989 2888 adpu160m - ok

15:32:32.0020 2888 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

15:32:32.0052 2888 aec - ok

15:32:32.0114 2888 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

15:32:32.0114 2888 AFD - ok

15:32:32.0114 2888 Aha154x - ok

15:32:32.0130 2888 aic78u2 - ok

15:32:32.0146 2888 aic78xx - ok

15:32:32.0177 2888 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

15:32:32.0177 2888 Alerter - ok

15:32:32.0208 2888 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

15:32:32.0208 2888 ALG - ok

15:32:32.0224 2888 AliIde - ok

15:32:32.0239 2888 amsint - ok

15:32:32.0271 2888 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

15:32:32.0286 2888 APPDRV - ok

15:32:32.0396 2888 [ 1961CB10BB48EB4D97E37DB6373E9E63 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

15:32:32.0411 2888 Apple Mobile Device - ok

15:32:32.0458 2888 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

15:32:32.0458 2888 AppMgmt - ok

15:32:32.0474 2888 asc - ok

15:32:32.0474 2888 asc3350p - ok

15:32:32.0489 2888 asc3550 - ok

15:32:32.0599 2888 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

15:32:32.0614 2888 aspnet_state - ok

15:32:32.0661 2888 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:32:32.0677 2888 AsyncMac - ok

15:32:32.0708 2888 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

15:32:32.0708 2888 atapi - ok

15:32:32.0708 2888 Atdisk - ok

15:32:32.0755 2888 [ 8BB6A2488A93259FDDC18D040008C1A4 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

15:32:32.0771 2888 Ati HotKey Poller - ok

15:32:32.0864 2888 [ E78B73EB84C257D0D940E041742D2699 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

15:32:32.0896 2888 ati2mtag - ok

15:32:32.0927 2888 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:32:32.0958 2888 Atmarpc - ok

15:32:33.0005 2888 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

15:32:33.0021 2888 AudioSrv - ok

15:32:33.0068 2888 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

15:32:33.0083 2888 audstub - ok

15:32:33.0161 2888 [ 30D20FC98BCFD52E1DA778CF19B223D4 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

15:32:33.0177 2888 BCM43XX - ok

15:32:33.0224 2888 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

15:32:33.0239 2888 bcm4sbxp - ok

15:32:33.0302 2888 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

15:32:33.0318 2888 Beep - ok

15:32:33.0396 2888 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

15:32:33.0411 2888 BITS - ok

15:32:33.0474 2888 [ CFD4C3352E29A8B729536648466E8DF5 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

15:32:33.0474 2888 Bonjour Service - ok

15:32:33.0521 2888 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll

15:32:33.0536 2888 Browser - ok

15:32:33.0568 2888 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

15:32:33.0583 2888 cbidf2k - ok

15:32:33.0599 2888 cd20xrnt - ok

15:32:33.0599 2888 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

15:32:33.0614 2888 Cdaudio - ok

15:32:33.0646 2888 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

15:32:33.0677 2888 Cdfs - ok

15:32:33.0693 2888 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:32:33.0708 2888 Cdrom - ok

15:32:33.0739 2888 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys

15:32:33.0755 2888 cercsr6 - ok

15:32:33.0771 2888 Changer - ok

15:32:33.0786 2888 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

15:32:33.0786 2888 CiSvc - ok

15:32:33.0802 2888 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

15:32:33.0802 2888 ClipSrv - ok

15:32:33.0833 2888 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:32:33.0864 2888 clr_optimization_v2.0.50727_32 - ok

15:32:33.0896 2888 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys

15:32:33.0911 2888 CmBatt - ok

15:32:33.0927 2888 CmdIde - ok

15:32:33.0943 2888 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys

15:32:33.0943 2888 Compbatt - ok

15:32:33.0958 2888 COMSysApp - ok

15:32:33.0974 2888 Cpqarray - ok

15:32:34.0005 2888 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

15:32:34.0005 2888 CryptSvc - ok

15:32:34.0021 2888 dac2w2k - ok

15:32:34.0021 2888 dac960nt - ok

15:32:34.0083 2888 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

15:32:34.0099 2888 DcomLaunch - ok

15:32:34.0146 2888 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

15:32:34.0161 2888 Dhcp - ok

15:32:34.0193 2888 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

15:32:34.0193 2888 Disk - ok

15:32:34.0271 2888 [ D8D58A84F3ECE3359DF95FD2E459B330 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS

15:32:34.0302 2888 DLABOIOM - ok

15:32:34.0318 2888 [ EC6AE8BC9F773382D2EED49E4DFDAE2A ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

15:32:34.0318 2888 DLACDBHM - ok

15:32:34.0333 2888 [ 27C78078BD9C4F2DE2AD3EB04BFE101B ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS

15:32:34.0333 2888 DLADResN - ok

15:32:34.0333 2888 [ 7F2D93E560B763EF5D11422D78DA8ED0 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

15:32:34.0365 2888 DLAIFS_M - ok

15:32:34.0380 2888 [ F643637DE6AAC57E38D197AA63D9EA74 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

15:32:34.0396 2888 DLAOPIOM - ok

15:32:34.0396 2888 [ 340705474807F57A46D59D18FC2959F1 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS

15:32:34.0427 2888 DLAPoolM - ok

15:32:34.0427 2888 [ 0605B66052F82B6F07204DBDB61C13FF ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

15:32:34.0427 2888 DLARTL_N - ok

15:32:34.0443 2888 [ 6984EA763907C045CE813468882BC587 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

15:32:34.0474 2888 DLAUDFAM - ok

15:32:34.0474 2888 [ 12B30C449CFD36ADBED53EB6560933C6 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

15:32:34.0505 2888 DLAUDF_M - ok

15:32:34.0521 2888 dmadmin - ok

15:32:34.0568 2888 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

15:32:34.0615 2888 dmboot - ok

15:32:34.0646 2888 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

15:32:34.0661 2888 dmio - ok

15:32:34.0677 2888 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

15:32:34.0677 2888 dmload - ok

15:32:34.0724 2888 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

15:32:34.0724 2888 dmserver - ok

15:32:34.0740 2888 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

15:32:34.0740 2888 DMusic - ok

15:32:34.0802 2888 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

15:32:34.0802 2888 Dnscache - ok

15:32:34.0849 2888 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

15:32:34.0865 2888 Dot3svc - ok

15:32:34.0865 2888 dpti2o - ok

15:32:34.0880 2888 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

15:32:34.0896 2888 drmkaud - ok

15:32:34.0912 2888 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

15:32:34.0912 2888 DRVMCDB - ok

15:32:34.0927 2888 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

15:32:34.0927 2888 DRVNDDM - ok

15:32:34.0974 2888 [ 1CEB779239965000B8F6ADEE17D4515B ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys

15:32:34.0990 2888 eamon - ok

15:32:35.0005 2888 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

15:32:35.0021 2888 EapHost - ok

15:32:35.0052 2888 [ 7D300A43A7BD8769E0F901BF9E1AE367 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys

15:32:35.0083 2888 ehdrv - ok

15:32:35.0177 2888 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe

15:32:35.0177 2888 ehRecvr - ok

15:32:35.0240 2888 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe

15:32:35.0240 2888 ehSched - ok

15:32:35.0302 2888 [ 1CD97C1DE1EA4C185D2B3FAC1F8513ED ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

15:32:35.0318 2888 EhttpSrv - ok

15:32:35.0365 2888 [ E6A6E6D58A8DCB64A0FFBC43863D0A80 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

15:32:35.0380 2888 ekrn - ok

15:32:35.0396 2888 [ ECD5F68E32FF5C6A728EB03DC892AE7F ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys

15:32:35.0443 2888 epfwtdir - ok

15:32:35.0490 2888 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

15:32:35.0505 2888 ERSvc - ok

15:32:35.0552 2888 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

15:32:35.0552 2888 Eventlog - ok

15:32:35.0615 2888 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

15:32:35.0630 2888 EventSystem - ok

15:32:35.0630 2888 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

15:32:35.0662 2888 Fastfat - ok

15:32:35.0724 2888 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

15:32:35.0724 2888 FastUserSwitchingCompatibility - ok

15:32:35.0771 2888 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys

15:32:35.0787 2888 Fdc - ok

15:32:35.0802 2888 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

15:32:35.0818 2888 Fips - ok

15:32:35.0834 2888 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

15:32:35.0849 2888 Flpydisk - ok

15:32:35.0896 2888 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

15:32:35.0896 2888 FltMgr - ok

15:32:35.0974 2888 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

15:32:35.0974 2888 FontCache3.0.0.0 - ok

15:32:36.0005 2888 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:32:36.0021 2888 Fs_Rec - ok

15:32:36.0037 2888 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:32:36.0037 2888 Ftdisk - ok

15:32:36.0084 2888 [ 5DC17164F66380CBFEFD895C18467773 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

15:32:36.0084 2888 GEARAspiWDM - ok

15:32:36.0130 2888 [ 9D28B83E5830C143C37D6678C7409304 ] GoToAssist C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe

15:32:36.0130 2888 GoToAssist - ok

15:32:36.0193 2888 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:32:36.0209 2888 Gpc - ok

15:32:36.0224 2888 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

15:32:36.0240 2888 HDAudBus - ok

15:32:36.0334 2888 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

15:32:36.0349 2888 helpsvc - ok

15:32:36.0349 2888 HidServ - ok

15:32:36.0412 2888 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:32:36.0427 2888 HidUsb - ok

15:32:36.0474 2888 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

15:32:36.0474 2888 hkmsvc - ok

15:32:36.0490 2888 hpn - ok

15:32:36.0568 2888 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys

15:32:36.0599 2888 HSF_DPV - ok

15:32:36.0630 2888 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys

15:32:36.0662 2888 HSXHWAZL - ok

15:32:36.0724 2888 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

15:32:36.0756 2888 HTTP - ok

15:32:36.0787 2888 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

15:32:36.0818 2888 HTTPFilter - ok

15:32:36.0818 2888 i2omgmt - ok

15:32:36.0834 2888 i2omp - ok

15:32:36.0865 2888 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:32:36.0896 2888 i8042prt - ok

15:32:36.0990 2888 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:32:37.0037 2888 idsvc - ok

15:32:37.0068 2888 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

15:32:37.0084 2888 Imapi - ok

15:32:37.0115 2888 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

15:32:37.0131 2888 ImapiService - ok

15:32:37.0146 2888 ini910u - ok

15:32:37.0146 2888 IntelIde - ok

15:32:37.0193 2888 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

15:32:37.0240 2888 Ip6Fw - ok

15:32:37.0256 2888 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:32:37.0302 2888 IpFilterDriver - ok

15:32:37.0318 2888 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:32:37.0334 2888 IpInIp - ok

15:32:37.0365 2888 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:32:37.0396 2888 IpNat - ok

15:32:37.0459 2888 [ 1CB96E83FD76EB5580451CEF29E24303 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

15:32:37.0474 2888 iPod Service - ok

15:32:37.0490 2888 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:32:37.0521 2888 IPSec - ok

15:32:37.0537 2888 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

15:32:37.0568 2888 IRENUM - ok

15:32:37.0584 2888 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:32:37.0599 2888 isapnp - ok

15:32:37.0709 2888 [ 5E06A9D23727DAF96FAA796F1135FDCD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

15:32:37.0709 2888 JavaQuickStarterService - ok

15:32:37.0740 2888 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:32:37.0756 2888 Kbdclass - ok

15:32:37.0803 2888 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

15:32:37.0803 2888 kmixer - ok

15:32:37.0834 2888 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

15:32:37.0849 2888 KSecDD - ok

15:32:37.0896 2888 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

15:32:37.0896 2888 lanmanserver - ok

15:32:37.0928 2888 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

15:32:37.0928 2888 lanmanworkstation - ok

15:32:37.0943 2888 lbrtfdc - ok

15:32:37.0990 2888 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

15:32:37.0990 2888 LmHosts - ok

15:32:38.0021 2888 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys

15:32:38.0021 2888 mbamchameleon - ok

15:32:38.0084 2888 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe

15:32:38.0084 2888 McrdSvc - ok

15:32:38.0084 2888 MCSTRM - ok

15:32:38.0115 2888 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

15:32:38.0115 2888 mdmxsdk - ok

15:32:38.0146 2888 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

15:32:38.0162 2888 Messenger - ok

15:32:38.0193 2888 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll

15:32:38.0193 2888 MHN - ok

15:32:38.0209 2888 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys

15:32:38.0224 2888 MHNDRV - ok

15:32:38.0271 2888 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

15:32:38.0287 2888 mnmdd - ok

15:32:38.0318 2888 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

15:32:38.0318 2888 mnmsrvc - ok

15:32:38.0349 2888 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

15:32:38.0349 2888 Modem - ok

15:32:38.0365 2888 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:32:38.0396 2888 Mouclass - ok

15:32:38.0443 2888 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:32:38.0459 2888 mouhid - ok

15:32:38.0474 2888 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

15:32:38.0474 2888 MountMgr - ok

15:32:38.0490 2888 mraid35x - ok

15:32:38.0506 2888 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:32:38.0506 2888 MRxDAV - ok

15:32:38.0553 2888 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:32:38.0568 2888 MRxSmb - ok

15:32:38.0599 2888 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

15:32:38.0599 2888 MSDTC - ok

15:32:38.0615 2888 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

15:32:38.0615 2888 Msfs - ok

15:32:38.0631 2888 MSIServer - ok

15:32:38.0678 2888 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:32:38.0693 2888 MSKSSRV - ok

15:32:38.0725 2888 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:32:38.0740 2888 MSPCLOCK - ok

15:32:38.0756 2888 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

15:32:38.0771 2888 MSPQM - ok

15:32:38.0803 2888 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:32:38.0818 2888 mssmbios - ok

15:32:38.0865 2888 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

15:32:38.0865 2888 Mup - ok

15:32:38.0943 2888 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

15:32:38.0943 2888 napagent - ok

15:32:39.0006 2888 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

15:32:39.0006 2888 NDIS - ok

15:32:39.0037 2888 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:32:39.0068 2888 NdisTapi - ok

15:32:39.0100 2888 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:32:39.0115 2888 Ndisuio - ok

15:32:39.0115 2888 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:32:39.0146 2888 NdisWan - ok

15:32:39.0162 2888 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

15:32:39.0162 2888 NDProxy - ok

15:32:39.0178 2888 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

15:32:39.0178 2888 NetBIOS - ok

15:32:39.0209 2888 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

15:32:39.0240 2888 NetBT - ok

15:32:39.0287 2888 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

15:32:39.0287 2888 NetDDE - ok

15:32:39.0303 2888 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

15:32:39.0303 2888 NetDDEdsdm - ok

15:32:39.0350 2888 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

15:32:39.0350 2888 Netlogon - ok

15:32:39.0365 2888 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

15:32:39.0381 2888 Netman - ok

15:32:39.0412 2888 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:32:39.0412 2888 NetTcpPortSharing - ok

15:32:39.0475 2888 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

15:32:39.0475 2888 Nla - ok

15:32:39.0521 2888 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

15:32:39.0521 2888 Npfs - ok

15:32:39.0568 2888 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

15:32:39.0584 2888 Ntfs - ok

15:32:39.0600 2888 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

15:32:39.0600 2888 NtLmSsp - ok

15:32:39.0647 2888 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

15:32:39.0647 2888 NtmsSvc - ok

15:32:39.0678 2888 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

15:32:39.0709 2888 Null - ok

15:32:39.0756 2888 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:32:39.0772 2888 NwlnkFlt - ok

15:32:39.0787 2888 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:32:39.0803 2888 NwlnkFwd - ok

15:32:39.0818 2888 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys

15:32:39.0850 2888 Parport - ok

15:32:39.0850 2888 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

15:32:39.0850 2888 PartMgr - ok

15:32:39.0897 2888 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

15:32:39.0912 2888 ParVdm - ok

15:32:39.0928 2888 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

15:32:39.0928 2888 PCI - ok

15:32:39.0928 2888 PCIDump - ok

15:32:39.0959 2888 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

15:32:39.0959 2888 PCIIde - ok

15:32:39.0959 2888 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

15:32:40.0006 2888 Pcmcia - ok

15:32:40.0022 2888 PDCOMP - ok

15:32:40.0022 2888 PDFRAME - ok

15:32:40.0037 2888 PDRELI - ok

15:32:40.0037 2888 PDRFRAME - ok

15:32:40.0053 2888 perc2 - ok

15:32:40.0068 2888 perc2hib - ok

15:32:40.0115 2888 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

15:32:40.0115 2888 PlugPlay - ok

15:32:40.0115 2888 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

15:32:40.0131 2888 PolicyAgent - ok

15:32:40.0178 2888 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:32:40.0209 2888 PptpMiniport - ok

15:32:40.0225 2888 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys

15:32:40.0240 2888 Processor - ok

15:32:40.0256 2888 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

15:32:40.0256 2888 ProtectedStorage - ok

15:32:40.0272 2888 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

15:32:40.0303 2888 PSched - ok

15:32:40.0318 2888 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:32:40.0334 2888 Ptilink - ok

15:32:40.0365 2888 [ 7C81AE3C9B82BA2DA437ED4D31BC56CF ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

15:32:40.0365 2888 PxHelp20 - ok

15:32:40.0365 2888 ql1080 - ok

15:32:40.0381 2888 Ql10wnt - ok

15:32:40.0397 2888 ql12160 - ok

15:32:40.0397 2888 ql1240 - ok

15:32:40.0412 2888 ql1280 - ok

15:32:40.0443 2888 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:32:40.0459 2888 RasAcd - ok

15:32:40.0506 2888 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

15:32:40.0522 2888 RasAuto - ok

15:32:40.0537 2888 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:32:40.0553 2888 Rasl2tp - ok

15:32:40.0615 2888 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

15:32:40.0615 2888 RasMan - ok

15:32:40.0631 2888 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:32:40.0647 2888 RasPppoe - ok

15:32:40.0662 2888 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

15:32:40.0678 2888 Raspti - ok

15:32:40.0725 2888 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:32:40.0725 2888 Rdbss - ok

15:32:40.0740 2888 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:32:40.0756 2888 RDPCDD - ok

15:32:40.0787 2888 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:32:40.0803 2888 rdpdr - ok

15:32:40.0850 2888 [ 5B3055DAA788BD688594D2F5981F2A83 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

15:32:40.0850 2888 RDPWD - ok

15:32:40.0897 2888 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

15:32:40.0897 2888 RDSessMgr - ok

15:32:40.0912 2888 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

15:32:40.0944 2888 redbook - ok

15:32:40.0975 2888 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

15:32:40.0975 2888 RemoteAccess - ok

15:32:41.0006 2888 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

15:32:41.0006 2888 RemoteRegistry - ok

15:32:41.0022 2888 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

15:32:41.0022 2888 RpcLocator - ok

15:32:41.0069 2888 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

15:32:41.0069 2888 RpcSs - ok

15:32:41.0115 2888 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

15:32:41.0131 2888 RSVP - ok

15:32:41.0147 2888 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

15:32:41.0147 2888 SamSs - ok

15:32:41.0162 2888 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

15:32:41.0162 2888 SCardSvr - ok

15:32:41.0225 2888 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

15:32:41.0240 2888 Schedule - ok

15:32:41.0287 2888 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys

15:32:41.0350 2888 sdbus - ok

15:32:41.0381 2888 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:32:41.0412 2888 Secdrv - ok

15:32:41.0428 2888 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

15:32:41.0444 2888 seclogon - ok

15:32:41.0459 2888 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

15:32:41.0475 2888 SENS - ok

15:32:41.0506 2888 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys

15:32:41.0553 2888 Serial - ok

15:32:41.0631 2888 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys

15:32:41.0647 2888 sffdisk - ok

15:32:41.0678 2888 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

15:32:41.0694 2888 sffp_sd - ok

15:32:41.0725 2888 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

15:32:41.0741 2888 Sfloppy - ok

15:32:41.0803 2888 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

15:32:41.0819 2888 SharedAccess - ok

15:32:41.0834 2888 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

15:32:41.0850 2888 ShellHWDetection - ok

15:32:41.0850 2888 Simbad - ok

15:32:41.0866 2888 Sparrow - ok

15:32:41.0897 2888 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

15:32:41.0912 2888 splitter - ok

15:32:41.0959 2888 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

15:32:41.0959 2888 Spooler - ok

15:32:41.0991 2888 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

15:32:41.0991 2888 sr - ok

15:32:42.0053 2888 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

15:32:42.0053 2888 srservice - ok

15:32:42.0131 2888 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

15:32:42.0131 2888 Srv - ok

15:32:42.0178 2888 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

15:32:42.0178 2888 SSDPSRV - ok

15:32:42.0287 2888 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys

15:32:42.0366 2888 STHDA - ok

15:32:42.0428 2888 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

15:32:42.0444 2888 stisvc - ok

15:32:42.0491 2888 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

15:32:42.0506 2888 swenum - ok

15:32:42.0538 2888 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

15:32:42.0584 2888 swmidi - ok

15:32:42.0600 2888 SwPrv - ok

15:32:42.0600 2888 symc810 - ok

15:32:42.0616 2888 symc8xx - ok

15:32:42.0631 2888 sym_hi - ok

15:32:42.0647 2888 sym_u3 - ok

15:32:42.0694 2888 [ FA2DAA32BED908023272A0F77D625DAE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys

15:32:42.0725 2888 SynTP - ok

15:32:42.0741 2888 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

15:32:42.0756 2888 sysaudio - ok

15:32:42.0772 2888 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

15:32:42.0788 2888 SysmonLog - ok

15:32:42.0819 2888 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

15:32:42.0819 2888 TapiSrv - ok

15:32:42.0881 2888 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:32:42.0881 2888 Tcpip - ok

15:32:42.0913 2888 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

15:32:42.0928 2888 TDPIPE - ok

15:32:42.0928 2888 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

15:32:42.0959 2888 TDTCP - ok

15:32:42.0975 2888 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

15:32:43.0022 2888 TermDD - ok

15:32:43.0084 2888 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

15:32:43.0100 2888 TermService - ok

15:32:43.0116 2888 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

15:32:43.0116 2888 Themes - ok

15:32:43.0163 2888 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

15:32:43.0163 2888 TlntSvr - ok

15:32:43.0178 2888 TosIde - ok

15:32:43.0209 2888 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

15:32:43.0209 2888 TrkWks - ok

15:32:43.0225 2888 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

15:32:43.0256 2888 Udfs - ok

15:32:43.0256 2888 ultra - ok

15:32:43.0319 2888 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

15:32:43.0366 2888 Update - ok

15:32:43.0397 2888 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

15:32:43.0413 2888 upnphost - ok

15:32:43.0413 2888 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

15:32:43.0428 2888 UPS - ok

15:32:43.0475 2888 [ F340199E8CB097E1ACD58A967C665919 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys

15:32:43.0491 2888 USBAAPL - ok

15:32:43.0522 2888 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys

15:32:43.0553 2888 usbaudio - ok

15:32:43.0600 2888 [ D9F3BB7C292F194F3B053CE295754EB8 ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

15:32:43.0600 2888 usbbus - ok

15:32:43.0631 2888 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:32:43.0647 2888 usbccgp - ok

15:32:43.0678 2888 [ C4F77DA649F99FAD116EA585376FC164 ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys

15:32:43.0710 2888 UsbDiag - ok

15:32:43.0741 2888 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:32:43.0756 2888 usbehci - ok

15:32:43.0772 2888 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:32:43.0788 2888 usbhub - ok

15:32:43.0819 2888 [ C0613CE45E617BC671DE8EBB1B30D175 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

15:32:43.0819 2888 USBModem - ok

15:32:43.0850 2888 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys

15:32:43.0866 2888 usbohci - ok

15:32:43.0897 2888 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

15:32:43.0913 2888 usbscan - ok

15:32:43.0944 2888 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:32:43.0960 2888 USBSTOR - ok

15:32:43.0991 2888 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

15:32:44.0006 2888 VgaSave - ok

15:32:44.0022 2888 ViaIde - ok

15:32:44.0038 2888 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

15:32:44.0038 2888 VolSnap - ok

15:32:44.0100 2888 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

15:32:44.0116 2888 VSS - ok

15:32:44.0194 2888 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

15:32:44.0194 2888 W32Time - ok

15:32:44.0241 2888 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:32:44.0257 2888 Wanarp - ok

15:32:44.0272 2888 WDICA - ok

15:32:44.0288 2888 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

15:32:44.0303 2888 wdmaud - ok

15:32:44.0335 2888 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

15:32:44.0335 2888 WebClient - ok

15:32:44.0382 2888 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys

15:32:44.0413 2888 winachsf - ok

15:32:44.0507 2888 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

15:32:44.0522 2888 winmgmt - ok

15:32:44.0538 2888 wltrysvc - ok

15:32:44.0569 2888 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

15:32:44.0569 2888 WmdmPmSN - ok

15:32:44.0616 2888 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

15:32:44.0632 2888 Wmi - ok

15:32:44.0647 2888 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

15:32:44.0663 2888 WmiAcpi - ok

15:32:44.0694 2888 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

15:32:44.0694 2888 WmiApSrv - ok

15:32:44.0819 2888 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

15:32:44.0850 2888 WMPNetworkSvc - ok

15:32:44.0882 2888 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys

15:32:44.0882 2888 WpdUsb - ok

15:32:44.0944 2888 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

15:32:44.0944 2888 wscsvc - ok

15:32:44.0960 2888 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

15:32:44.0991 2888 wuauserv - ok

15:32:45.0022 2888 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:32:45.0038 2888 WudfPf - ok

15:32:45.0069 2888 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

15:32:45.0069 2888 WudfRd - ok

15:32:45.0085 2888 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

15:32:45.0085 2888 WudfSvc - ok

15:32:45.0147 2888 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

15:32:45.0163 2888 WZCSVC - ok

15:32:45.0163 2888 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

15:32:45.0179 2888 xmlprov - ok

15:32:45.0194 2888 ================ Scan global ===============================

15:32:45.0257 2888 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

15:32:45.0304 2888 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

15:32:45.0335 2888 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

15:32:45.0350 2888 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

15:32:45.0350 2888 [Global] - ok

15:32:45.0366 2888 ================ Scan MBR ==================================

15:32:45.0366 2888 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

15:32:45.0366 2888 Suspicious mbr (Forged): \Device\Harddisk0\DR0

15:32:45.0382 2888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

15:32:45.0382 2888 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

15:32:45.0397 2888 ================ Scan VBR ==================================

15:32:45.0397 2888 [ 71FAA3142DDC3CC757063053085BA61B ] \Device\Harddisk0\DR0\Partition1

15:32:45.0397 2888 \Device\Harddisk0\DR0\Partition1 - ok

15:32:45.0397 2888 ============================================================

15:32:45.0397 2888 Scan finished

15:32:45.0397 2888 ============================================================

15:32:45.0413 2608 Detected object count: 1

15:32:45.0413 2608 Actual detected object count: 1

15:35:23.0200 2608 \Device\Harddisk0\DR0\# - copied to quarantine

15:35:23.0200 2608 \Device\Harddisk0\DR0 - copied to quarantine

15:35:23.0231 2608 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

15:35:23.0262 2608 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

15:35:23.0278 2608 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

15:35:23.0294 2608 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

15:35:23.0309 2608 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

15:35:23.0356 2608 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

15:35:23.0356 2608 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

15:35:23.0372 2608 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

15:35:23.0372 2608 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

15:35:23.0372 2608 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

15:35:23.0372 2608 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

15:35:23.0372 2608 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

15:35:23.0387 2608 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

15:35:23.0419 2608 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

15:35:23.0419 2608 \Device\Harddisk0\DR0 - ok

15:35:23.0419 2608 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

15:35:29.0013 2160 Deinitialize success

[HELP Infected win32/01marik.tdl4 trojan]

RogueKiller Log

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Joaquin [Admin rights]

Mode : Scan -- Date : 12/03/2012 16:53:11

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK8034GSX +++++

--- User ---

[MBR] 9a154a23176dc6e2810ce6bf0e8b3706

[bSP] 0865dbc3033a5b0d1557ae0b87d99f0b : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12032012_02d1653.txt >>

RKreport[1]_S_12032012_02d1653.txt

[HELP Infected win32/01marik.tdl4 trojan]

Hello Maurice... do I need to uninstall ESET prior to all this?

[HELP Infected win32/01marik.tdl4 trojan]

I am running Windows XP Media Edition. ESET came back with "win32/01marik.tdl4" trojan infection as well as a detection for ..."newgenerationp.com/x".

I downloaded Mbar and it came back with the following logs...

mbar log:

Malwarebytes Anti-Rootkit 1.1.0.1009

www.malwarebytes.org

Database version: v2012.12.03.11

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Joaquin :: HOME-8AE08796D2 [administrator]

12/3/2012 2:45:57 PM

mbar-log-2012-12-03 (14-45-57).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: PUP | PUM | P2P

Objects scanned: 26068

Time elapsed: 24 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 5

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Bootstrap_0_0_44_infected.mbam (Rootkit.Pihar.c.MBR) -> Delete on reboot. [6fc15857440feacd8fcdb372e06b3ab0]

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Rootkit.Pihar.c.MBR) -> Delete on reboot. [9a154a23176dc6e2810ce6bf0e8b3706]

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_156301151_user.mbam (Forged physical sector) -> Delete on reboot. [8240dd042845ebed5e91aabb51877474]

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_156301177_user.mbam (Forged physical sector) -> Delete on reboot. [f036c0faf257caa4615e044197964be8]

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_156301279_user.mbam (Forged physical sector) -> Delete on reboot. [a5443992b8a3e8faa46a5b77afc914c8]

(end)

System log:

alwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_24

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.994000 GHz

Memory total: 937385984, free: 194953216

------------ Kernel report ------------

12/03/2012 14:06:41

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

compbatt.sys

\WINDOWS\system32\DRIVERS\BATTC.SYS

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

ACPIEC.sys

\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

PartMgr.sys

VolSnap.sys

atapi.sys

cercsr6.sys

\WINDOWS\System32\Drivers\SCSIPORT.SYS

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

sr.sys

DRVMCDB.SYS

PxHelp20.sys

KSecDD.sys

Ntfs.sys

NDIS.sys

Mup.sys

\SystemRoot\system32\DRIVERS\processr.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\ati2mtag.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\bcmwl5.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\System32\Drivers\DLACDBHM.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\System32\Drivers\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\bcm4sbxp.sys

\SystemRoot\system32\DRIVERS\sdbus.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\HSXHWAZL.sys

\SystemRoot\system32\DRIVERS\HSX_DPV.sys

\SystemRoot\system32\DRIVERS\HSX_CNXT.sys

\SystemRoot\System32\Drivers\Modem.SYS

\SystemRoot\system32\drivers\sthda.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\Drivers\DLARTL_N.SYS

\SystemRoot\system32\DRIVERS\ehdrv.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\epfwtdir.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\ati2dvag.dll

\SystemRoot\System32\ati2cqag.dll

\SystemRoot\System32\atikvmag.dll

\SystemRoot\System32\ati3duag.dll

\SystemRoot\System32\ativvaxx.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\eamon.sys

\SystemRoot\System32\Drivers\DRVNDDM.SYS

\SystemRoot\System32\DLA\DLADResN.SYS

\SystemRoot\System32\DLA\DLAIFS_M.SYS

\SystemRoot\System32\DLA\DLAOPIOM.SYS

\SystemRoot\System32\DLA\DLAPoolM.SYS

\SystemRoot\System32\DLA\DLABOIOM.SYS

\SystemRoot\System32\DLA\DLAUDFAM.SYS

\SystemRoot\System32\DLA\DLAUDF_M.SYS

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\mdmxsdk.sys

\SystemRoot\system32\DRIVERS\srv.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8572eab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: Unknown

Lower Device Object: 0xffffffff85788b00

Lower Device Driver Name: Unknown

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2012.12.03.11

Downloaded database version: v2012.11.30.01

Initializing...

Done!

Scanning directory: C:\WINDOWS\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8572eab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff85783e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8572eab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff85788b00, DeviceName: Unknown, DriverName: Unknown

------------ End ----------

Upper DeviceData: 0xffffffffe1c6ef88, 0xffffffff8572eab8, 0xffffffff845b7040

Lower DeviceData: 0xffffffffe2c0f308, 0xffffffff85788b00, 0xffffffff84635378

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: E686F016

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 156280257

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_24

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.994000 GHz

Memory total: 937385984, free: 399478784

------------ Kernel report ------------

12/03/2012 14:20:17

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

compbatt.sys

\WINDOWS\system32\DRIVERS\BATTC.SYS

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

ACPIEC.sys

\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

PartMgr.sys

VolSnap.sys

atapi.sys

cercsr6.sys

\WINDOWS\System32\Drivers\SCSIPORT.SYS

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

sr.sys

DRVMCDB.SYS

PxHelp20.sys

KSecDD.sys

Ntfs.sys

NDIS.sys

Mup.sys

\SystemRoot\system32\DRIVERS\processr.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\ati2mtag.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\bcmwl5.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\System32\Drivers\DLACDBHM.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\System32\Drivers\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\bcm4sbxp.sys

\SystemRoot\system32\DRIVERS\sdbus.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\HSXHWAZL.sys

\SystemRoot\system32\DRIVERS\HSX_DPV.sys

\SystemRoot\system32\DRIVERS\HSX_CNXT.sys

\SystemRoot\System32\Drivers\Modem.SYS

\SystemRoot\system32\drivers\sthda.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\Drivers\DLARTL_N.SYS

\SystemRoot\system32\DRIVERS\ehdrv.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\epfwtdir.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\ati2dvag.dll

\SystemRoot\System32\ati2cqag.dll

\SystemRoot\System32\atikvmag.dll

\SystemRoot\System32\ati3duag.dll

\SystemRoot\System32\ativvaxx.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\eamon.sys

\SystemRoot\System32\Drivers\DRVNDDM.SYS

\SystemRoot\System32\DLA\DLADResN.SYS

\SystemRoot\System32\DLA\DLAIFS_M.SYS

\SystemRoot\System32\DLA\DLAOPIOM.SYS

\SystemRoot\System32\DLA\DLAPoolM.SYS

\SystemRoot\System32\DLA\DLABOIOM.SYS

\SystemRoot\System32\DLA\DLAUDFAM.SYS

\SystemRoot\System32\DLA\DLAUDF_M.SYS

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\mdmxsdk.sys

\SystemRoot\system32\DRIVERS\srv.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff85781ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: Unknown

Lower Device Object: 0xffffffff85728b00

Lower Device Driver Name: Unknown

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

Initializing...

Done!

Scanning directory: C:\WINDOWS\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff85781ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8571f958, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff85781ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff85728b00, DeviceName: Unknown, DriverName: Unknown

------------ End ----------

Upper DeviceData: 0xffffffffe25b2e88, 0xffffffff85781ab8, 0xffffffff84788608

Lower DeviceData: 0xffffffffe1660868, 0xffffffff85728b00, 0xffffffff854f5040

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

MBR is forged!

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: E686F016

Partition information:

Partition 0 type is Empty (0x0)

Partition is ACTIVE.

Partition starts at LBA: 44 Numsec = 0

Partition is not bootable

Infected: VBR on Empty active partition --> [Rootkit.Pihar.c.MBR]

Changing partition to empty and not active. New active partition is 0 on drive 0 ...

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 156280257

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

MBR infection found on drive 0

Disk Size: 80026361856 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-43-156281488-156301488)...

Sector 156301151 --> [Forged physical sector]

Sector 156301152 --> [Forged physical sector]

Sector 156301153 --> [Forged physical sector]

Sector 156301154 --> [Forged physical sector]

Sector 156301155 --> [Forged physical sector]

Sector 156301156 --> [Forged physical sector]

Sector 156301157 --> [Forged physical sector]

here I deleted the lines because here were written all the sector's string and the post was too long

Done!

Performing system, memory and registry scan...

Done!

Scan finished