Jump to content

Help Help Help! How to clean "Win32/Olmarik.TDL4 trojan"?


Recommended Posts

Hello my friends! I'm new here, asking for a HUGE favour from you...SAVE my poor laptop please... :excl:

I have this virus for several months, used a number of different anti-virus software, still unable to clean.

This is the report from my ESET Smart Security 5.0:

Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean

Recently, there is another problem, I don't know if they are linked:

Win32/Olmasco.O.trojan (this is unable to clean as well, I have attached a picture to show it)

The virus caused a number of different problems: system slow, internet explorer crashed, some unsolvable error messages appear when I switch on my labtop, can not update my drivers or any sofewares...exc...

My system is Windows XP Home Edition SP2, Sony VGN S46C

I have attached the necessary files as required, sorry about the foreign language. :wacko:

If possible, I don't want to re-install windows.

Thanks in advance! :wub:

post-112710-0-48619900-1338396125.jpg

dds.txt

attach.txt

Link to post
Share on other sites

Hello apple_nicole and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • TDSSKiller logfile
  • C:\ComboFix.txt
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

Hello D-FRED-BROWN! It is very very nice to meet you here!

Thank you very much for helping me!

I have done everything as you told me to...

This is the TDSSKiller report:

13:55:51.0390 3712 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

13:55:51.0640 3712 ============================================================

13:55:51.0640 3712 Current date / time: 2012/05/31 13:55:51.0640

13:55:51.0640 3712 SystemInfo:

13:55:51.0640 3712

13:55:51.0640 3712 OS Version: 5.1.2600 ServicePack: 2.0

13:55:51.0640 3712 Product type: Workstation

13:55:51.0640 3712 ComputerName: 6BA456D39547489

13:55:51.0640 3712 UserName: Kitten

13:55:51.0640 3712 Windows directory: C:\WINDOWS

13:55:51.0640 3712 System windows directory: C:\WINDOWS

13:55:51.0640 3712 Processor architecture: Intel x86

13:55:51.0640 3712 Number of processors: 1

13:55:51.0640 3712 Page size: 0x1000

13:55:51.0640 3712 Boot type: Normal boot

13:55:51.0640 3712 ============================================================

13:55:53.0953 3712 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

13:55:53.0953 3712 Drive \Device\Harddisk2\DR7 - Size: 0x3A38B2DE00 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

13:55:56.0390 3712 ============================================================

13:55:56.0390 3712 \Device\Harddisk0\DR0:

13:55:56.0390 3712 MBR partitions:

13:55:56.0390 3712 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x950A60, BlocksNum 0x1BF1F20

13:55:56.0406 3712 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x25429BF, BlocksNum 0x128DABC

13:55:56.0437 3712 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37D04BA, BlocksNum 0x12B0F85

13:55:56.0437 3712 \Device\Harddisk2\DR7:

13:55:56.0437 3712 MBR partitions:

13:55:56.0437 3712 \Device\Harddisk2\DR7\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C5930

13:55:56.0437 3712 ============================================================

13:55:56.0468 3712 C: <-> \Device\Harddisk0\DR0\Partition0

13:55:56.0546 3712 D: <-> \Device\Harddisk0\DR0\Partition1

13:55:56.0687 3712 E: <-> \Device\Harddisk0\DR0\Partition2

13:55:56.0906 3712 H: <-> \Device\Harddisk2\DR7\Partition0

13:55:56.0906 3712 ============================================================

13:55:56.0906 3712 Initialize success

13:55:56.0906 3712 ============================================================

13:55:59.0546 2124 ============================================================

13:55:59.0546 2124 Scan started

13:55:59.0546 2124 Mode: Manual;

13:55:59.0546 2124 ============================================================

13:56:00.0093 2124 Abiosdsk - ok

13:56:00.0109 2124 abp480n5 - ok

13:56:00.0171 2124 ACPI (5ecd0c75cf5ebd2c2847ec93b2021322) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:56:00.0171 2124 ACPI - ok

13:56:00.0203 2124 ACPIEC (28046b6867800b3f12c652ce2c9ea340) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

13:56:00.0203 2124 ACPIEC - ok

13:56:00.0218 2124 adpu160m - ok

13:56:00.0281 2124 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

13:56:00.0281 2124 aec - ok

13:56:00.0328 2124 AegisP (f498fd605c08404b20a48954c722ff74) C:\WINDOWS\system32\DRIVERS\AegisP.sys

13:56:00.0343 2124 AegisP - ok

13:56:00.0406 2124 AFD (885b2f107a071eebfc87d4cb16e2a6c3) C:\WINDOWS\System32\drivers\afd.sys

13:56:00.0421 2124 AFD - ok

13:56:00.0437 2124 Aha154x - ok

13:56:00.0437 2124 aic78u2 - ok

13:56:00.0453 2124 aic78xx - ok

13:56:00.0500 2124 Alerter (d3b55cadbe9bdc57e0c8601842e43066) C:\WINDOWS\system32\alrsvc.dll

13:56:00.0500 2124 Alerter - ok

13:56:00.0531 2124 ALG (a9de20df2c89b6b2ffda0e6cd52a8599) C:\WINDOWS\System32\alg.exe

13:56:00.0531 2124 ALG - ok

13:56:00.0562 2124 AliIde - ok

13:56:00.0734 2124 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

13:56:00.0828 2124 Ambfilt - ok

13:56:01.0062 2124 amsint - ok

13:56:01.0109 2124 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

13:56:01.0125 2124 ApfiltrService - ok

13:56:01.0171 2124 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

13:56:01.0171 2124 Arp1394 - ok

13:56:01.0187 2124 asc - ok

13:56:01.0203 2124 asc3350p - ok

13:56:01.0218 2124 asc3550 - ok

13:56:01.0250 2124 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:56:01.0250 2124 AsyncMac - ok

13:56:01.0281 2124 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:56:01.0296 2124 atapi - ok

13:56:01.0296 2124 Atdisk - ok

13:56:01.0328 2124 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:56:01.0328 2124 Atmarpc - ok

13:56:01.0375 2124 AudioSrv (bb9c41f8af9593a0ba0faabf28051bc4) C:\WINDOWS\System32\audiosrv.dll

13:56:01.0375 2124 AudioSrv - ok

13:56:01.0421 2124 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:56:01.0421 2124 audstub - ok

13:56:01.0453 2124 BC (c3066df6477438f57a1d7f38c117c08f) C:\WINDOWS\system32\Drivers\BC.sys

13:56:01.0484 2124 BC - ok

13:56:01.0531 2124 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:56:01.0531 2124 Beep - ok

13:56:01.0609 2124 BITS (cdc7027806a38968592c54ea2555c147) C:\WINDOWS\system32\qmgr.dll

13:56:01.0656 2124 BITS - ok

13:56:01.0703 2124 Browser (7f0b098e0ea857f40c155785cc9a7239) C:\WINDOWS\System32\browser.dll

13:56:01.0703 2124 Browser - ok

13:56:01.0953 2124 Browser Defender Update Service (703a815f29fbd618d1a516bf5335bc1a) D:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

13:56:01.0953 2124 Browser Defender Update Service - ok

13:56:02.0015 2124 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

13:56:02.0015 2124 BthEnum - ok

13:56:02.0031 2124 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys

13:56:02.0046 2124 BthPan - ok

13:56:02.0109 2124 BTHPORT (81ae863f2aff07505b68c4678dc12566) C:\WINDOWS\system32\Drivers\BTHport.sys

13:56:02.0125 2124 BTHPORT - ok

13:56:02.0171 2124 BthServ (e1b1cc3129e56f69dcab36492030e77c) C:\WINDOWS\System32\bthserv.dll

13:56:02.0171 2124 BthServ - ok

13:56:02.0187 2124 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys

13:56:02.0203 2124 BTHUSB - ok

13:56:02.0250 2124 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:56:02.0250 2124 cbidf2k - ok

13:56:02.0265 2124 cd20xrnt - ok

13:56:02.0296 2124 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:56:02.0312 2124 Cdaudio - ok

13:56:02.0343 2124 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

13:56:02.0343 2124 Cdfs - ok

13:56:02.0375 2124 Cdrom (882b4257e5a5adfb6b5c03e8a02d4bf1) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:56:02.0390 2124 Cdrom - ok

13:56:02.0406 2124 Changer - ok

13:56:02.0421 2124 CiSvc (ea4078ba0794994ad10d0371ce2070f9) C:\WINDOWS\system32\cisvc.exe

13:56:02.0421 2124 CiSvc - ok

13:56:02.0437 2124 ClipSrv (95d48a471e45a78e145ce3e8a2e6f61b) C:\WINDOWS\system32\clipsrv.exe

13:56:02.0453 2124 ClipSrv - ok

13:56:02.0484 2124 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

13:56:02.0484 2124 CmBatt - ok

13:56:02.0500 2124 CmdIde - ok

13:56:02.0515 2124 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

13:56:02.0515 2124 Compbatt - ok

13:56:02.0531 2124 COMSysApp - ok

13:56:02.0562 2124 Cpqarray - ok

13:56:02.0593 2124 CryptSvc (c78fbd718a49039ecd024605d855ba5a) C:\WINDOWS\System32\cryptsvc.dll

13:56:02.0593 2124 CryptSvc - ok

13:56:02.0609 2124 dac2w2k - ok

13:56:02.0625 2124 dac960nt - ok

13:56:02.0687 2124 DcomLaunch (917403736238a3aca3365e163c2e6d2d) C:\WINDOWS\system32\rpcss.dll

13:56:02.0703 2124 DcomLaunch - ok

13:56:02.0765 2124 Dhcp (306683ed71b00d297cd73bade50a8bd5) C:\WINDOWS\System32\dhcpcsvc.dll

13:56:02.0765 2124 Dhcp - ok

13:56:02.0781 2124 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

13:56:02.0796 2124 Disk - ok

13:56:02.0812 2124 dmadmin - ok

13:56:02.0906 2124 dmboot (1fa081387f3229721793da65aad8e9ca) C:\WINDOWS\system32\drivers\dmboot.sys

13:56:02.0921 2124 dmboot - ok

13:56:02.0968 2124 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys

13:56:02.0968 2124 DMICall - ok

13:56:03.0031 2124 dmio (124b0140d377cc4e44cf513dbb019c2f) C:\WINDOWS\system32\drivers\dmio.sys

13:56:03.0031 2124 dmio - ok

13:56:03.0062 2124 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:56:03.0062 2124 dmload - ok

13:56:03.0093 2124 dmserver (9c690c012ff38710ea3fee2984f43006) C:\WINDOWS\System32\dmserver.dll

13:56:03.0093 2124 dmserver - ok

13:56:03.0125 2124 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

13:56:03.0140 2124 DMusic - ok

13:56:03.0171 2124 Dnscache (72d05a51461f31e59ad6edff27c46aa9) C:\WINDOWS\System32\dnsrslvr.dll

13:56:03.0187 2124 Dnscache - ok

13:56:03.0203 2124 dpti2o - ok

13:56:03.0203 2124 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

13:56:03.0218 2124 drmkaud - ok

13:56:03.0281 2124 E100B (5182244c0bb338a7545306cb6ca1daba) C:\WINDOWS\system32\DRIVERS\e100b325.sys

13:56:03.0296 2124 E100B - ok

13:56:03.0343 2124 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys

13:56:03.0359 2124 eamon - ok

13:56:03.0390 2124 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys

13:56:03.0406 2124 ehdrv - ok

13:56:03.0687 2124 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET Smart Security\ekrn.exe

13:56:03.0703 2124 ekrn - ok

13:56:03.0750 2124 epfw (5ba193ca0ae31209aaa39939ce6736b2) C:\WINDOWS\system32\DRIVERS\epfw.sys

13:56:03.0750 2124 epfw - ok

13:56:03.0781 2124 Epfwndis (75d3bcd3e0eded0ab0f96d9a10ff01c9) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys

13:56:03.0781 2124 Epfwndis - ok

13:56:03.0812 2124 epfwtdi (dc64f26f35e32c9472bbf8acd84060d3) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys

13:56:03.0812 2124 epfwtdi - ok

13:56:03.0859 2124 ERSvc (8b8064d31bacb4f8371a1da3f0daf97e) C:\WINDOWS\System32\ersvc.dll

13:56:03.0859 2124 ERSvc - ok

13:56:03.0921 2124 Eventlog (2c7d9a00bc34aa9fb60ea8660ed9f9c3) C:\WINDOWS\system32\services.exe

13:56:03.0921 2124 Eventlog - ok

13:56:04.0000 2124 EventSystem (73b841941ab7a9dbf9dd7d63448cd3b9) C:\WINDOWS\system32\es.dll

13:56:04.0000 2124 EventSystem - ok

13:56:04.0093 2124 EvtEng (b0c6b8df9f20f84bdc9183dd520a8275) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

13:56:04.0093 2124 EvtEng - ok

13:56:04.0156 2124 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

13:56:04.0171 2124 Fastfat - ok

13:56:04.0234 2124 FastUserSwitchingCompatibility (a084032ec0ed343118c6c38d04a4a4a4) C:\WINDOWS\System32\shsvcs.dll

13:56:04.0265 2124 FastUserSwitchingCompatibility - ok

13:56:04.0312 2124 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

13:56:04.0312 2124 Fdc - ok

13:56:04.0359 2124 Fips (fffc25ccbe40efb0609bd249721aae83) C:\WINDOWS\system32\drivers\Fips.sys

13:56:04.0359 2124 Fips - ok

13:56:04.0375 2124 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

13:56:04.0375 2124 Flpydisk - ok

13:56:04.0421 2124 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

13:56:04.0421 2124 FltMgr - ok

13:56:04.0468 2124 FsVga (ab4983120e4e4527ae9ffe4177ecd6e7) C:\WINDOWS\system32\DRIVERS\fsvga.sys

13:56:04.0484 2124 FsVga - ok

13:56:04.0500 2124 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:56:04.0500 2124 Fs_Rec - ok

13:56:04.0531 2124 Ftdisk (38375a4d9582a08c14c928cc099b8836) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:56:04.0546 2124 Ftdisk - ok

13:56:04.0578 2124 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys

13:56:04.0578 2124 giveio - ok

13:56:04.0609 2124 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:56:04.0609 2124 Gpc - ok

13:56:04.0687 2124 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

13:56:04.0687 2124 HDAudBus - ok

13:56:04.0734 2124 helpsvc (a37732a722edeb76522e8c826abd87e5) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

13:56:04.0750 2124 helpsvc - ok

13:56:04.0750 2124 HidServ - ok

13:56:04.0796 2124 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:56:04.0812 2124 HidUsb - ok

13:56:04.0828 2124 hpn - ok

13:56:04.0875 2124 HSFHWAZL (3d812d0de9344bc9bd1a1b8575b883db) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

13:56:04.0906 2124 HSFHWAZL - ok

13:56:05.0031 2124 HSF_DP (0e130bec5a13cf68adaa216ab55a8dff) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

13:56:05.0078 2124 HSF_DP - ok

13:56:05.0125 2124 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

13:56:05.0125 2124 HTTP - ok

13:56:05.0171 2124 HTTPFilter (c377bb41180c4def6481c691aa962917) C:\WINDOWS\System32\w3ssl.dll

13:56:05.0187 2124 HTTPFilter - ok

13:56:05.0203 2124 i2omgmt - ok

13:56:05.0203 2124 i2omp - ok

13:56:05.0265 2124 i8042prt (2a802d189fce734903c46cd5d8f5e3ec) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:56:05.0281 2124 i8042prt - ok

13:56:05.0406 2124 ialm (0c7b8efc2b1ac4cd62f4e7eafc864b95) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

13:56:05.0437 2124 ialm - ok

13:56:05.0484 2124 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:56:05.0484 2124 Imapi - ok

13:56:05.0531 2124 ImapiService (100781d36ae5ffbf0a96fc8ce57c31a7) C:\WINDOWS\system32\imapi.exe

13:56:05.0531 2124 ImapiService - ok

13:56:05.0546 2124 ini910u - ok

13:56:05.0796 2124 IntcAzAudAddService (51eb28d8602a9df0926cbbbd9997cbb9) C:\WINDOWS\system32\drivers\RtkHDAud.sys

13:56:05.0937 2124 IntcAzAudAddService - ok

13:56:06.0203 2124 IntelIde (064d4c00e64fd690965cc4d612ce03d6) C:\WINDOWS\system32\DRIVERS\intelide.sys

13:56:06.0218 2124 IntelIde - ok

13:56:06.0265 2124 intelppm (73a0033b129741374e6c90fa50dd0a1c) C:\WINDOWS\system32\DRIVERS\intelppm.sys

13:56:06.0265 2124 intelppm - ok

13:56:06.0312 2124 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

13:56:06.0312 2124 Ip6Fw - ok

13:56:06.0343 2124 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:56:06.0343 2124 IpFilterDriver - ok

13:56:06.0359 2124 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:56:06.0359 2124 IpInIp - ok

13:56:06.0406 2124 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:56:06.0406 2124 IpNat - ok

13:56:06.0453 2124 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:56:06.0468 2124 IPSec - ok

13:56:06.0515 2124 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:56:06.0515 2124 IRENUM - ok

13:56:06.0531 2124 isapnp (d81587ada44fed322419fc833e734441) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:56:06.0546 2124 isapnp - ok

13:56:06.0671 2124 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

13:56:06.0671 2124 JavaQuickStarterService - ok

13:56:06.0718 2124 Kbdclass (f7699fb067024b82e9ca8ffb86936923) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:56:06.0734 2124 Kbdclass - ok

13:56:06.0906 2124 Kingsoft Rescue Service (4b8641b890acd9496ae476e827f54580) D:\Program Files\kingsoft\KSM\ksmsvc.exe

13:56:06.0906 2124 Kingsoft Rescue Service - ok

13:56:06.0968 2124 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

13:56:06.0968 2124 kmixer - ok

13:56:07.0015 2124 ksapi (ee311b2fafb0d6cc52142dc48ec3983e) C:\WINDOWS\system32\drivers\ksapi.sys

13:56:07.0015 2124 ksapi - ok

13:56:07.0062 2124 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

13:56:07.0062 2124 KSecDD - ok

13:56:07.0109 2124 lanmanserver (98de81f0d34cad9569400b1510921d2f) C:\WINDOWS\System32\srvsvc.dll

13:56:07.0125 2124 lanmanserver - ok

13:56:07.0171 2124 lanmanworkstation (7dc92c2ac19b4888fd6c7733236f4505) C:\WINDOWS\System32\wkssvc.dll

13:56:07.0187 2124 lanmanworkstation - ok

13:56:07.0203 2124 lbrtfdc - ok

13:56:07.0281 2124 LmHosts (7b8a110aae74605fa301b1b249c4f561) C:\WINDOWS\System32\lmhsvc.dll

13:56:07.0281 2124 LmHosts - ok

13:56:07.0328 2124 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

13:56:07.0328 2124 MBAMProtector - ok

13:56:07.0546 2124 MBAMService (ba400ed640bca1eae5c727ae17c10207) H:\Malwarebytes' Anti-Malware\mbamservice.exe

13:56:07.0562 2124 MBAMService - ok

13:56:07.0687 2124 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

13:56:07.0703 2124 MDM - ok

13:56:07.0718 2124 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

13:56:07.0734 2124 mdmxsdk - ok

13:56:07.0750 2124 Messenger (682805e6394d20e2f2a3402a329f1ace) C:\WINDOWS\System32\msgsvc.dll

13:56:07.0765 2124 Messenger - ok

13:56:07.0796 2124 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:56:07.0796 2124 mnmdd - ok

13:56:07.0843 2124 mnmsrvc (d9972601d1bdc3f15275a6d0202b1e61) C:\WINDOWS\system32\mnmsrvc.exe

13:56:07.0843 2124 mnmsrvc - ok

13:56:07.0890 2124 Modem (f351113fd77b61b81bf7accada735789) C:\WINDOWS\system32\drivers\Modem.sys

13:56:07.0906 2124 Modem - ok

13:56:08.0062 2124 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

13:56:08.0140 2124 Monfilt - ok

13:56:08.0187 2124 Mouclass (f171bdcedaee9797a5bf47613f5456ac) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:56:08.0187 2124 Mouclass - ok

13:56:08.0234 2124 mouhid (692910b446d0b751b2462f3624c7b1a7) C:\WINDOWS\system32\DRIVERS\mouhid.sys

13:56:08.0234 2124 mouhid - ok

13:56:08.0281 2124 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

13:56:08.0281 2124 MountMgr - ok

13:56:08.0343 2124 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

13:56:08.0359 2124 MozillaMaintenance - ok

13:56:08.0375 2124 mraid35x - ok

13:56:08.0437 2124 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:56:08.0437 2124 MRxDAV - ok

13:56:08.0531 2124 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:56:08.0546 2124 MRxSmb - ok

13:56:08.0656 2124 MSCSPTISRV (7419d631c390c558a5a87484567babd5) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

13:56:08.0656 2124 MSCSPTISRV - ok

13:56:08.0687 2124 MSDTC (8461b089f14a35411b32b2fb4602bc11) C:\WINDOWS\system32\msdtc.exe

13:56:08.0687 2124 MSDTC - ok

13:56:08.0734 2124 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

13:56:08.0734 2124 Msfs - ok

13:56:08.0750 2124 MSIServer - ok

13:56:08.0796 2124 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:56:08.0796 2124 MSKSSRV - ok

13:56:08.0812 2124 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:56:08.0812 2124 MSPCLOCK - ok

13:56:08.0828 2124 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

13:56:08.0843 2124 MSPQM - ok

13:56:08.0875 2124 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:56:08.0875 2124 mssmbios - ok

13:56:08.0921 2124 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

13:56:08.0921 2124 Mup - ok

13:56:08.0984 2124 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

13:56:08.0984 2124 NDIS - ok

13:56:09.0015 2124 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:56:09.0031 2124 NdisTapi - ok

13:56:09.0046 2124 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:56:09.0062 2124 Ndisuio - ok

13:56:09.0078 2124 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:56:09.0093 2124 NdisWan - ok

13:56:09.0109 2124 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

13:56:09.0109 2124 NDProxy - ok

13:56:09.0125 2124 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:56:09.0125 2124 NetBIOS - ok

13:56:09.0156 2124 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:56:09.0156 2124 NetBT - ok

13:56:09.0187 2124 NetDDE (c8b34df15e22bc172e784d36d8210602) C:\WINDOWS\system32\netdde.exe

13:56:09.0187 2124 NetDDE - ok

13:56:09.0203 2124 NetDDEdsdm (c8b34df15e22bc172e784d36d8210602) C:\WINDOWS\system32\netdde.exe

13:56:09.0203 2124 NetDDEdsdm - ok

13:56:09.0234 2124 Netlogon (891600e79c38249028f1bacc1c6cc5d2) C:\WINDOWS\system32\lsass.exe

13:56:09.0234 2124 Netlogon - ok

13:56:09.0296 2124 Netman (d4ed3f567e04d99e3206a000211d1916) C:\WINDOWS\System32\netman.dll

13:56:09.0296 2124 Netman - ok

13:56:09.0328 2124 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

13:56:09.0328 2124 NIC1394 - ok

13:56:09.0375 2124 Nla (23794840ef8d25fda393debc22bc004f) C:\WINDOWS\System32\mswsock.dll

13:56:09.0375 2124 Nla - ok

13:56:09.0390 2124 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

13:56:09.0390 2124 Npfs - ok

13:56:09.0468 2124 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

13:56:09.0468 2124 Ntfs - ok

13:56:09.0484 2124 NtLmSsp (891600e79c38249028f1bacc1c6cc5d2) C:\WINDOWS\system32\lsass.exe

13:56:09.0484 2124 NtLmSsp - ok

13:56:09.0531 2124 NtmsSvc (d1c443e3fd1491d459bad3c29caa1cde) C:\WINDOWS\system32\ntmssvc.dll

13:56:09.0546 2124 NtmsSvc - ok

13:56:09.0578 2124 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:56:09.0578 2124 Null - ok

13:56:10.0515 2124 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

13:56:10.0921 2124 nv - ok

13:56:11.0171 2124 NVSvc (a8c1e6ff53fb0628a302843ea5fa5ab6) C:\WINDOWS\system32\nvsvc32.exe

13:56:11.0171 2124 NVSvc - ok

13:56:11.0203 2124 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:56:11.0218 2124 NwlnkFlt - ok

13:56:11.0234 2124 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:56:11.0250 2124 NwlnkFwd - ok

13:56:11.0296 2124 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

13:56:11.0312 2124 ohci1394 - ok

13:56:11.0421 2124 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:56:11.0421 2124 ose - ok

13:56:11.0531 2124 PACSPTISVR (778c309121067d83b8a48cdb658b4c17) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

13:56:11.0531 2124 PACSPTISVR - ok

13:56:11.0578 2124 Parport (f54a2e5de40b71317a5c2054439615a6) C:\WINDOWS\system32\drivers\Parport.sys

13:56:11.0578 2124 Parport - ok

13:56:11.0593 2124 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

13:56:11.0609 2124 PartMgr - ok

13:56:11.0640 2124 ParVdm (4f3fc4954972da46284641091deee02e) C:\WINDOWS\system32\drivers\ParVdm.sys

13:56:11.0656 2124 ParVdm - ok

13:56:11.0687 2124 PCI (2fe168cfccae0d8961f25ee611d301d4) C:\WINDOWS\system32\DRIVERS\pci.sys

13:56:11.0703 2124 PCI - ok

13:56:11.0703 2124 PCIDump - ok

13:56:11.0718 2124 PCIIde (a4d41f0279f405d6f5c19465aad82834) C:\WINDOWS\system32\DRIVERS\pciide.sys

13:56:11.0734 2124 PCIIde - ok

13:56:11.0765 2124 Pcmcia (837b61827a34845fc87e21cfb9aacd72) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

13:56:11.0781 2124 Pcmcia - ok

13:56:11.0828 2124 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\WINDOWS\system32\drivers\PCTCore.sys

13:56:11.0828 2124 PCTCore - ok

13:56:11.0859 2124 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys

13:56:11.0875 2124 pctDS - ok

13:56:11.0937 2124 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys

13:56:11.0953 2124 pctEFA - ok

13:56:12.0015 2124 pctgntdi (b76c829f00b9b534405b4ed5f58b8f52) C:\WINDOWS\system32\drivers\pctgntdi.sys

13:56:12.0015 2124 pctgntdi - ok

13:56:12.0046 2124 pctplsg (c5c488e6232b29f5744b8f7988a20730) C:\WINDOWS\system32\drivers\pctplsg.sys

13:56:12.0046 2124 pctplsg - ok

13:56:12.0062 2124 PDCOMP - ok

13:56:12.0062 2124 PDFRAME - ok

13:56:12.0078 2124 PDRELI - ok

13:56:12.0093 2124 PDRFRAME - ok

13:56:12.0093 2124 perc2 - ok

13:56:12.0109 2124 perc2hib - ok

13:56:12.0156 2124 PlugPlay (2c7d9a00bc34aa9fb60ea8660ed9f9c3) C:\WINDOWS\system32\services.exe

13:56:12.0171 2124 PlugPlay - ok

13:56:12.0187 2124 PolicyAgent (891600e79c38249028f1bacc1c6cc5d2) C:\WINDOWS\system32\lsass.exe

13:56:12.0187 2124 PolicyAgent - ok

13:56:12.0218 2124 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:56:12.0218 2124 PptpMiniport - ok

13:56:12.0234 2124 ProtectedStorage (891600e79c38249028f1bacc1c6cc5d2) C:\WINDOWS\system32\lsass.exe

13:56:12.0234 2124 ProtectedStorage - ok

13:56:12.0265 2124 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

13:56:12.0265 2124 PSched - ok

13:56:12.0296 2124 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:56:12.0296 2124 Ptilink - ok

13:56:12.0312 2124 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys

13:56:12.0343 2124 PxHelp20 - ok

13:56:12.0359 2124 ql1080 - ok

13:56:12.0375 2124 Ql10wnt - ok

13:56:12.0375 2124 ql12160 - ok

13:56:12.0390 2124 ql1240 - ok

13:56:12.0406 2124 ql1280 - ok

13:56:12.0421 2124 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:56:12.0421 2124 RasAcd - ok

13:56:12.0453 2124 RasAuto (73f57631d090770afda31dae9b84aa5c) C:\WINDOWS\System32\rasauto.dll

13:56:12.0468 2124 RasAuto - ok

13:56:12.0515 2124 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:56:12.0515 2124 Rasl2tp - ok

13:56:12.0562 2124 RasMan (a4e7d142f6a794563565836053a8491c) C:\WINDOWS\System32\rasmans.dll

13:56:12.0578 2124 RasMan - ok

13:56:12.0593 2124 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:56:12.0609 2124 RasPppoe - ok

13:56:12.0609 2124 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:56:12.0625 2124 Raspti - ok

13:56:12.0656 2124 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:56:12.0671 2124 Rdbss - ok

13:56:12.0687 2124 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:56:12.0687 2124 RDPCDD - ok

13:56:12.0750 2124 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

13:56:12.0750 2124 RDPWD - ok

13:56:12.0812 2124 RDSessMgr (f28de50c35113ac6f813121105c17552) C:\WINDOWS\system32\sessmgr.exe

13:56:12.0812 2124 RDSessMgr - ok

13:56:12.0859 2124 redbook (f720de7bfe7ae26846e7ebe9caf3f49a) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:56:12.0859 2124 redbook - ok

13:56:12.0953 2124 RegSrvc (b44b1bf0107c55707494f5e83a17d35b) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

13:56:12.0953 2124 RegSrvc - ok

13:56:13.0000 2124 RemoteAccess (761dceac6eccef5aa38974d0cd53dee8) C:\WINDOWS\System32\mprdim.dll

13:56:13.0000 2124 RemoteAccess - ok

13:56:13.0031 2124 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

13:56:13.0046 2124 RFCOMM - ok

13:56:13.0078 2124 RpcLocator (cf55d680db483883fd0765449e2e1a53) C:\WINDOWS\system32\locator.exe

13:56:13.0093 2124 RpcLocator - ok

13:56:13.0156 2124 RpcSs (917403736238a3aca3365e163c2e6d2d) C:\WINDOWS\system32\rpcss.dll

13:56:13.0171 2124 RpcSs - ok

13:56:13.0218 2124 RSVP (53a79336f917ca1ff120043dcb74def8) C:\WINDOWS\system32\rsvp.exe

13:56:13.0218 2124 RSVP - ok

13:56:13.0296 2124 S24EventMonitor (2f7a8be42103918bbd4a30f62eda6931) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

13:56:13.0296 2124 S24EventMonitor - ok

13:56:13.0328 2124 s24trans (85a26a3bb748dfd3170cdbf45b0dd7fd) C:\WINDOWS\system32\DRIVERS\s24trans.sys

13:56:13.0328 2124 s24trans - ok

13:56:13.0343 2124 SamSs (891600e79c38249028f1bacc1c6cc5d2) C:\WINDOWS\system32\lsass.exe

13:56:13.0343 2124 SamSs - ok

13:56:13.0375 2124 SCardSvr (ea08e7fecd0d3b87299219a695ba6044) C:\WINDOWS\System32\SCardSvr.exe

13:56:13.0390 2124 SCardSvr - ok

13:56:13.0437 2124 Schedule (64d0e7a615a59670c61e7f3de9cc9b39) C:\WINDOWS\system32\schedsvc.dll

13:56:13.0453 2124 Schedule - ok

13:56:13.0515 2124 sdAuxService (a1089ac7683826e6c7c9fab9723dd80f) D:\Program Files\PC Tools Security\pctsAuxs.exe

13:56:13.0531 2124 sdAuxService - ok

13:56:13.0656 2124 sdCoreService (ed6c2efeb47524bff4d5e5109fb1a2bb) D:\Program Files\PC Tools Security\pctsSvc.exe

13:56:13.0687 2124 sdCoreService - ok

13:56:13.0734 2124 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:56:13.0750 2124 Secdrv - ok

13:56:13.0796 2124 seclogon (2027dd427d91a3b7488912ff75cffb2d) C:\WINDOWS\System32\seclogon.dll

13:56:13.0796 2124 seclogon - ok

13:56:13.0812 2124 SENS (da59bb205b7032312ea7725d3d4cbdd7) C:\WINDOWS\system32\sens.dll

13:56:13.0828 2124 SENS - ok

13:56:13.0875 2124 Serial (de0aa3fcae95d2339628f0caf013dfe1) C:\WINDOWS\system32\drivers\Serial.sys

13:56:13.0875 2124 Serial - ok

13:56:13.0890 2124 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

13:56:13.0890 2124 Sfloppy - ok

13:56:13.0968 2124 SharedAccess (1cc32420529b85d64a551b61ae9a17ab) C:\WINDOWS\System32\ipnathlp.dll

13:56:13.0968 2124 SharedAccess - ok

13:56:14.0015 2124 ShellHWDetection (a084032ec0ed343118c6c38d04a4a4a4) C:\WINDOWS\System32\shsvcs.dll

13:56:14.0031 2124 ShellHWDetection - ok

13:56:14.0031 2124 Simbad - ok

13:56:14.0078 2124 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys

13:56:14.0078 2124 SNC - ok

13:56:14.0078 2124 Sparrow - ok

13:56:14.0109 2124 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys

13:56:14.0125 2124 speedfan - ok

13:56:14.0140 2124 SPI (ad9436c46c10222b8f03405628a8cd86) C:\WINDOWS\system32\DRIVERS\SonyPI.sys

13:56:14.0156 2124 SPI - ok

13:56:14.0187 2124 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

13:56:14.0203 2124 splitter - ok

13:56:14.0234 2124 Spooler (38ebfab700f1b22ae84fdd87be6d1548) C:\WINDOWS\system32\spoolsv.exe

13:56:14.0234 2124 Spooler - ok

13:56:14.0375 2124 SPTISRV (9cab0a38deebd30f3c8fe9d9826f43b1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

13:56:14.0375 2124 SPTISRV - ok

13:56:14.0406 2124 sr (386b3576ec9959bde0331fb5fc648dba) C:\WINDOWS\system32\DRIVERS\sr.sys

13:56:14.0406 2124 sr - ok

13:56:14.0437 2124 srservice (dda0bc29483f867468a1f500c07e09f0) C:\WINDOWS\system32\srsvc.dll

13:56:14.0453 2124 srservice - ok

13:56:14.0515 2124 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

13:56:14.0531 2124 Srv - ok

13:56:14.0546 2124 SSDPSRV (516bb4c1fdeec32792faa09008416a9b) C:\WINDOWS\System32\ssdpsrv.dll

13:56:14.0562 2124 SSDPSRV - ok

13:56:14.0625 2124 SSScsiSV (45b83808bf5c9968c3259a48898c7dd5) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

13:56:14.0625 2124 SSScsiSV - ok

13:56:14.0703 2124 stisvc (dc750a7adc5ecb85a12729285fb72653) C:\WINDOWS\system32\wiaservc.dll

13:56:14.0718 2124 stisvc - ok

13:56:14.0750 2124 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

13:56:14.0750 2124 swenum - ok

13:56:14.0796 2124 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

13:56:14.0796 2124 swmidi - ok

13:56:14.0812 2124 SwPrv - ok

13:56:14.0828 2124 symc810 - ok

13:56:14.0828 2124 symc8xx - ok

13:56:14.0843 2124 sym_hi - ok

13:56:14.0859 2124 sym_u3 - ok

13:56:14.0890 2124 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

13:56:14.0890 2124 sysaudio - ok

13:56:14.0921 2124 SysmonLog (b7022b3616ca3f632c18426837ddf6de) C:\WINDOWS\system32\smlogsvc.exe

13:56:14.0937 2124 SysmonLog - ok

13:56:14.0968 2124 TapiSrv (5844738f1362b399e99bfe04f688b3be) C:\WINDOWS\System32\tapisrv.dll

13:56:14.0984 2124 TapiSrv - ok

13:56:15.0046 2124 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:56:15.0062 2124 Tcpip - ok

13:56:15.0109 2124 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

13:56:15.0125 2124 TDPIPE - ok

13:56:15.0140 2124 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

13:56:15.0156 2124 TDTCP - ok

13:56:15.0171 2124 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

13:56:15.0171 2124 TermDD - ok

13:56:15.0250 2124 TermService (ab5b2ac7ffb870673d6806e974bf2f52) C:\WINDOWS\System32\termsrv.dll

13:56:15.0265 2124 TermService - ok

13:56:15.0296 2124 TfFsMon (18d09508877e3f697866b39e9d0e6dcf) C:\WINDOWS\system32\drivers\TfFsMon.sys

13:56:15.0328 2124 TfFsMon - ok

13:56:15.0359 2124 TfNetMon (c657f352613d8e592efb54cc35f21f5e) C:\WINDOWS\system32\drivers\TfNetMon.sys

13:56:15.0359 2124 TfNetMon - ok

13:56:15.0390 2124 TFSysMon (71e3073419cfda8d60813c1502acc420) C:\WINDOWS\system32\drivers\TfSysMon.sys

13:56:15.0390 2124 TFSysMon - ok

13:56:15.0468 2124 Themes (a084032ec0ed343118c6c38d04a4a4a4) C:\WINDOWS\System32\shsvcs.dll

13:56:15.0468 2124 Themes - ok

13:56:15.0531 2124 ThreatFire - ok

13:56:15.0578 2124 tifmsony (fb481e8cd426d0e5f96a838a47390c94) C:\WINDOWS\system32\drivers\tifmsony.sys

13:56:15.0593 2124 tifmsony - ok

13:56:15.0609 2124 TosIde - ok

13:56:15.0656 2124 TrkWks (91bef237caaa97abf07ff235a7f2da7f) C:\WINDOWS\system32\trkwks.dll

13:56:15.0671 2124 TrkWks - ok

13:56:15.0718 2124 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

13:56:15.0734 2124 Udfs - ok

13:56:15.0734 2124 ultra - ok

13:56:15.0765 2124 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe

13:56:15.0765 2124 UMWdf - ok

13:56:15.0843 2124 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

13:56:15.0859 2124 Update - ok

13:56:15.0906 2124 upnphost (878d59d1e7415f799b06ab22fcbbaf06) C:\WINDOWS\System32\upnphost.dll

13:56:15.0921 2124 upnphost - ok

13:56:15.0953 2124 UPS (9cf73b37823794e0b30dd71137dcff1a) C:\WINDOWS\System32\ups.exe

13:56:15.0968 2124 UPS - ok

13:56:16.0015 2124 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:56:16.0015 2124 usbccgp - ok

13:56:16.0031 2124 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

13:56:16.0046 2124 usbehci - ok

13:56:16.0078 2124 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:56:16.0078 2124 usbhub - ok

13:56:16.0109 2124 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:56:16.0140 2124 USBSTOR - ok

13:56:16.0156 2124 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

13:56:16.0171 2124 usbuhci - ok

13:56:16.0359 2124 VAIO Entertainment TV Device Arbitration Service (82e39b3232baee4b6b943092fb042206) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

13:56:16.0375 2124 VAIO Entertainment TV Device Arbitration Service - ok

13:56:16.0453 2124 VAIO Event Service (66c78dc68c0c418c5d5e62745e9fd764) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

13:56:16.0468 2124 VAIO Event Service - ok

13:56:16.0484 2124 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

13:56:16.0484 2124 VgaSave - ok

13:56:16.0500 2124 ViaIde - ok

13:56:16.0546 2124 VolSnap (4594bda728648447ec10c49190bd37a7) C:\WINDOWS\system32\drivers\VolSnap.sys

13:56:16.0546 2124 VolSnap - ok

13:56:16.0593 2124 VSS (1ef0ef50df1679052b6fa1859dbb9662) C:\WINDOWS\System32\vssvc.exe

13:56:16.0609 2124 VSS - ok

13:56:16.0718 2124 VzCdbSvc (d8e244d4b3721170179f324603f460f0) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

13:56:16.0718 2124 VzCdbSvc - ok

13:56:16.0765 2124 VzFw (48b4ad23f8c37c5c525d01db9541d45b) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

13:56:16.0765 2124 VzFw - ok

13:56:17.0062 2124 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys

13:56:17.0218 2124 w29n51 - ok

13:56:17.0281 2124 W32Time (f8559534a2e23a44f0a03d53e3022519) C:\WINDOWS\system32\w32time.dll

13:56:17.0296 2124 W32Time - ok

13:56:17.0359 2124 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:56:17.0359 2124 Wanarp - ok

13:56:17.0375 2124 WDICA - ok

13:56:17.0421 2124 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

13:56:17.0421 2124 wdmaud - ok

13:56:17.0453 2124 WebClient (e806963a35cac59a355191957d0156fd) C:\WINDOWS\System32\webclnt.dll

13:56:17.0468 2124 WebClient - ok

13:56:17.0546 2124 winachsf (c08fad1207bb219bdf9eec30afc1809e) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

13:56:17.0578 2124 winachsf - ok

13:56:17.0656 2124 winmgmt (ec735ce05be04b9e685479f59c7c4159) C:\WINDOWS\system32\wbem\WMIsvc.dll

13:56:17.0656 2124 winmgmt - ok

13:56:17.0734 2124 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll

13:56:17.0734 2124 WmdmPmSN - ok

13:56:17.0812 2124 WmiApSrv (5c23ddc43ba370a788eeb8c9aeb8b2db) C:\WINDOWS\system32\wbem\wmiapsrv.exe

13:56:17.0812 2124 WmiApSrv - ok

13:56:17.0859 2124 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

13:56:17.0859 2124 WS2IFSL - ok

13:56:17.0906 2124 wscsvc (89a37acd0ef00571a28c4e63d54b402f) C:\WINDOWS\system32\wscsvc.dll

13:56:17.0921 2124 wscsvc - ok

13:56:18.0000 2124 WZCSVC (5b5cfccae9c690432707014627ff3b36) C:\WINDOWS\System32\wzcsvc.dll

13:56:18.0015 2124 WZCSVC - ok

13:56:18.0062 2124 xmlprov (e581208b0b84caaeebe56a51b1bf9d6d) C:\WINDOWS\System32\xmlprov.dll

13:56:18.0109 2124 xmlprov - ok

13:56:18.0156 2124 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0

13:56:18.0203 2124 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected

13:56:18.0203 2124 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)

13:56:18.0203 2124 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk2\DR7

13:56:19.0015 2124 \Device\Harddisk2\DR7 - ok

13:56:19.0046 2124 Boot (0x1200) (c77b0489ff8851aa58d737bc9b960edb) \Device\Harddisk0\DR0\Partition0

13:56:19.0046 2124 \Device\Harddisk0\DR0\Partition0 - ok

13:56:19.0078 2124 Boot (0x1200) (6f700b46b70c8d210e0c006e1eebdc2c) \Device\Harddisk0\DR0\Partition1

13:56:19.0078 2124 \Device\Harddisk0\DR0\Partition1 - ok

13:56:19.0093 2124 Boot (0x1200) (c6c2f3459a575a4d29ab4fde7768fdb6) \Device\Harddisk0\DR0\Partition2

13:56:19.0093 2124 \Device\Harddisk0\DR0\Partition2 - ok

13:56:19.0109 2124 Boot (0x1200) (36c46a244181c2179b6d9e3a3831675f) \Device\Harddisk2\DR7\Partition0

13:56:19.0109 2124 \Device\Harddisk2\DR7\Partition0 - ok

13:56:19.0109 2124 ============================================================

13:56:19.0109 2124 Scan finished

13:56:19.0109 2124 ============================================================

13:56:19.0125 1460 Detected object count: 1

13:56:19.0125 1460 Actual detected object count: 1

13:59:06.0234 1460 \Device\Harddisk0\DR0\# - copied to quarantine

13:59:06.0250 1460 \Device\Harddisk0\DR0 - copied to quarantine

13:59:06.0328 1460 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine

13:59:06.0343 1460 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine

13:59:06.0343 1460 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine

13:59:06.0375 1460 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine

13:59:06.0390 1460 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine

13:59:10.0796 1460 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine

13:59:12.0265 1460 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine

13:59:13.0703 1460 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine

13:59:15.0171 1460 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

13:59:16.0703 1460 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

13:59:18.0156 1460 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

13:59:19.0640 1460 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

13:59:21.0109 1460 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine

13:59:21.0140 1460 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine

13:59:21.0156 1460 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine

13:59:21.0203 1460 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine

13:59:21.0250 1460 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine

13:59:21.0312 1460 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine

13:59:22.0953 1460 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine

13:59:22.0968 1460 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine

13:59:22.0984 1460 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine

13:59:23.0093 1460 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot

13:59:23.0093 1460 \Device\Harddisk0\DR0 - ok

13:59:23.0093 1460 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure

13:59:50.0984 0284 Deinitialize success

Link to post
Share on other sites

This is the Security Check report:

Results of screen317's Security Check version 0.99.41

Windows XP Service Pack 2 x86

Out of date service pack!!

Internet Explorer 6 Out of date!

``````````````Antivirus/Firewall Check:``````````````

ESET Smart Security

`````````Anti-malware/Other Utilities Check:`````````

MVPS Hosts File

Spyware Doctor

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.61.0.1400

CCleaner

JavaFX 2.1.0

Java 7 Update 4

Adobe Flash Player 11.1.102.62

Adobe Reader X (10.1.3)

Mozilla Firefox (12.0)

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C::

````````````````````End of Log``````````````````````

I was trying to run combofix but it does not run, it says something about don't run in compatibility mode, should I run it in the safe mode?

:wub:THANKS A LOT!!! :wub:

Link to post
Share on other sites

Hi :unsure: ... I'm afraid it's not good...

The virus created a new system for my windows, so even in the safe mode, it will go to the compatibility mode automatically.

If I try to choose the normal mode, the computer will tell you this:

<Windows root>\system32\hal.dll. missing or damaged, please re-install this file.

I don't know how to repair it, if it doesn't get sorted, I can not run combofix, because this error message would come up:

Warning! Do not run combofix in compatibility mode, doing so may damage the machine.

Then it won't run. (the image is in the attachment)

What should I do next, thanks! :o:wub:

Link to post
Share on other sites

Let's forget about ComboFix for now ;).

Please do the following:

  • Please download aswMBR.exe from here and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  • This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

Note: you can opt-out of the optional Avast scan.

After that, please run TDSSKiller once again and post the new log it creates.

Link to post
Share on other sites

Hi again DFB! :)

Sorry I was away for a few days! I should have told you, sorry!

My problems are still there, these are the results:

log: (aswMBR.txt)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-06-06 14:24:32

-----------------------------

14:24:32.531 OS Version: Windows 5.1.2600 Service Pack 2

14:24:32.531 Number of processors: 1 586 0xD08

14:24:32.531 ComputerName: 6BA456D39547489 UserName: Kitten

14:24:33.093 Initialize success

14:28:02.265 AVAST engine defs: 12060601

14:28:23.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

14:28:23.625 Disk 0 Vendor: HTS541040G9SA00 MB2OC40H Size: 38154MB BusType: 3

14:28:23.625 Disk 1 \Device\Harddisk1\DR5 -> \Device\00000092

14:28:23.640 Disk 1 Vendor: ( Size: 38154MB BusType: 0

14:28:23.656 Disk 0 MBR read successfully

14:28:23.671 Disk 0 MBR scan

14:28:23.703 Disk 0 Windows XP default MBR code

14:28:23.703 Disk 0 Partition 1 00 12 Compaq diag NTFS 4769 MB offset 63

14:28:23.750 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 14307 MB offset 9767520

14:28:23.765 Disk 0 Partition - 00 0F Extended LBA 19069 MB offset 39070080

14:28:23.781 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 9499 MB offset 39070143

14:28:23.796 Disk 0 Partition - 00 05 Extended 9569 MB offset 58524795

14:28:23.828 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 9569 MB offset 58524858

14:28:23.843 Disk 0 scanning sectors +78124095

14:28:23.953 Disk 0 scanning C:\WINDOWS\system32\drivers

14:28:54.156 Service scanning

14:29:27.218 Modules scanning

14:29:39.265 Disk 0 trace - called modules:

14:29:39.296 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

14:29:39.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3a4ab8]

14:29:39.296 3 CLASSPNP.SYS[b811905b] -> nt!IofCallDriver -> [0x8a3a5bb8]

14:29:39.296 5 PCTCore.sys[b7eb6099] -> nt!IofCallDriver -> \Device\00000088[0x8a353900]

14:29:39.296 7 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a412940]

14:29:39.796 AVAST engine scan C:\WINDOWS

14:29:52.359 AVAST engine scan C:\WINDOWS\system32

14:32:39.250 AVAST engine scan C:\WINDOWS\system32\drivers

14:32:56.078 AVAST engine scan C:\Documents and Settings\Kitten

14:42:57.093 AVAST engine scan C:\Documents and Settings\All Users

14:43:47.750 Scan finished successfully

15:57:56.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kitten\桌面\MBR.dat"

15:57:56.140 The log file has been saved successfully to "C:\Documents and Settings\Kitten\桌面\aswMBR.txt"

Report: (TDSSKiller)

00:24:11.0250 2180 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

00:24:11.0640 2180 ============================================================

00:24:11.0640 2180 Current date / time: 2012/06/07 00:24:11.0640

00:24:11.0640 2180 SystemInfo:

00:24:11.0640 2180

00:24:11.0640 2180 OS Version: 5.1.2600 ServicePack: 2.0

00:24:11.0640 2180 Product type: Workstation

00:24:11.0640 2180 ComputerName: 6BA456D39547489

00:24:11.0640 2180 UserName: Kitten

00:24:11.0640 2180 Windows directory: C:\WINDOWS

00:24:11.0640 2180 System windows directory: C:\WINDOWS

00:24:11.0640 2180 Processor architecture: Intel x86

00:24:11.0640 2180 Number of processors: 1

00:24:11.0640 2180 Page size: 0x1000

00:24:11.0640 2180 Boot type: Normal boot

00:24:11.0640 2180 ============================================================

00:24:13.0921 2180 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

00:24:13.0921 2180 Drive \Device\Harddisk2\DR7 - Size: 0x3A38B2DE00 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

00:24:16.0343 2180 ============================================================

00:24:16.0343 2180 \Device\Harddisk0\DR0:

00:24:16.0343 2180 MBR partitions:

00:24:16.0343 2180 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x950A60, BlocksNum 0x1BF1F20

00:24:16.0359 2180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x25429BF, BlocksNum 0x128DABC

00:24:16.0390 2180 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37D04BA, BlocksNum 0x12B0F85

00:24:16.0390 2180 \Device\Harddisk2\DR7:

00:24:16.0390 2180 MBR partitions:

00:24:16.0390 2180 \Device\Harddisk2\DR7\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C5930

00:24:16.0390 2180 ============================================================

00:24:16.0437 2180 C: <-> \Device\Harddisk0\DR0\Partition0

00:24:16.0531 2180 D: <-> \Device\Harddisk0\DR0\Partition1

00:24:16.0750 2180 E: <-> \Device\Harddisk0\DR0\Partition2

00:24:16.0984 2180 H: <-> \Device\Harddisk2\DR7\Partition0

00:24:16.0984 2180 ============================================================

00:24:16.0984 2180 Initialize success

00:24:16.0984 2180 ============================================================

00:24:22.0359 4084 ============================================================

00:24:22.0359 4084 Scan started

00:24:22.0359 4084 Mode: Manual;

00:24:22.0359 4084 ============================================================

00:24:22.0906 4084 Abiosdsk - ok

00:24:22.0921 4084 abp480n5 - ok

00:24:22.0984 4084 ACPI (5ecd0c75cf5ebd2c2847ec93b2021322) C:\WINDOWS\system32\DRIVERS\ACPI.sys

00:24:22.0984 4084 ACPI - ok

00:24:23.0031 4084 ACPIEC (28046b6867800b3f12c652ce2c9ea340) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

00:24:23.0031 4084 ACPIEC - ok

00:24:23.0046 4084 adpu160m - ok

00:24:23.0093 4084 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

00:24:23.0093 4084 aec - ok

00:24:23.0140 4084 AegisP (f498fd605c08404b20a48954c722ff74) C:\WINDOWS\system32\DRIVERS\AegisP.sys

00:24:23.0140 4084 AegisP - ok

00:24:23.0203 4084 AFD (885b2f107a071eebfc87d4cb16e2a6c3) C:\WINDOWS\System32\drivers\afd.sys

00:24:23.0218 4084 AFD - ok

00:24:23.0234 4084 Aha154x - ok

00:24:23.0234 4084 aic78u2 - ok

00:24:23.0250 4084 aic78xx - ok

00:24:23.0296 4084 Alerter (d3b55cadbe9bdc57e0c8601842e43066) C:\WINDOWS\system32\alrsvc.dll

00:24:23.0296 4084 Alerter - ok

00:24:23.0328 4084 ALG (a9de20df2c89b6b2ffda0e6cd52a8599) C:\WINDOWS\System32\alg.exe

00:24:23.0343 4084 ALG - ok

00:24:23.0343 4084 AliIde - ok

00:24:23.0546 4084 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

00:24:23.0625 4084 Ambfilt - ok

00:24:23.0890 4084 amsint - ok

00:24:23.0921 4084 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

00:24:23.0937 4084 ApfiltrService - ok

00:24:23.0968 4084 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

00:24:23.0984 4084 Arp1394 - ok

00:24:24.0000 4084 asc - ok

00:24:24.0000 4084 asc3350p - ok

00:24:24.0015 4084 asc3550 - ok

00:24:24.0046 4084 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

00:24:24.0046 4084 AsyncMac - ok

00:24:24.0093 4084 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

00:24:24.0093 4084 atapi - ok

00:24:24.0109 4084 Atdisk - ok

00:24:24.0140 4084 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

00:24:24.0187 4084 Atmarpc - ok

00:24:24.0234 4084 AudioSrv (bb9c41f8af9593a0ba0faabf28051bc4) C:\WINDOWS\System32\audiosrv.dll

00:24:24.0234 4084 AudioSrv - ok

00:24:24.0281 4084 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

00:24:24.0281 4084 audstub - ok

00:24:24.0328 4084 BC (c3066df6477438f57a1d7f38c117c08f) C:\WINDOWS\system32\Drivers\BC.sys

00:24:24.0328 4084 BC - ok

00:24:24.0359 4084 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

00:24:24.0359 4084 Beep - ok

00:24:24.0421 4084 BITS (cdc7027806a38968592c54ea2555c147) C:\WINDOWS\system32\qmgr.dll

00:24:24.0468 4084 BITS - ok

00:24:24.0515 4084 Browser (7f0b098e0ea857f40c155785cc9a7239) C:\WINDOWS\System32\browser.dll

00:24:24.0515 4084 Browser - ok

00:24:24.0718 4084 Browser Defender Update Service (703a815f29fbd618d1a516bf5335bc1a) D:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

00:24:24.0718 4084 Browser Defender Update Service - ok

00:24:24.0765 4084 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

00:24:24.0781 4084 BthEnum - ok

00:24:24.0812 4084 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys

00:24:24.0812 4084 BthPan - ok

00:24:24.0875 4084 BTHPORT (81ae863f2aff07505b68c4678dc12566) C:\WINDOWS\system32\Drivers\BTHport.sys

00:24:24.0890 4084 BTHPORT - ok

00:24:24.0937 4084 BthServ (e1b1cc3129e56f69dcab36492030e77c) C:\WINDOWS\System32\bthserv.dll

00:24:24.0937 4084 BthServ - ok

00:24:24.0953 4084 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys

00:24:24.0953 4084 BTHUSB - ok

00:24:25.0000 4084 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

00:24:25.0000 4084 cbidf2k - ok

00:24:25.0015 4084 cd20xrnt - ok

00:24:25.0046 4084 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

00:24:25.0046 4084 Cdaudio - ok

00:24:25.0078 4084 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

00:24:25.0078 4084 Cdfs - ok

00:24:25.0156 4084 Cdrom (882b4257e5a5adfb6b5c03e8a02d4bf1) C:\WINDOWS\system32\DRIVERS\cdrom.sys

00:24:25.0156 4084 Cdrom - ok

00:24:25.0187 4084 Changer - ok

00:24:25.0203 4084 CiSvc (ea4078ba0794994ad10d0371ce2070f9) C:\WINDOWS\system32\cisvc.exe

00:24:25.0218 4084 CiSvc - ok

00:24:25.0234 4084 ClipSrv (95d48a471e45a78e145ce3e8a2e6f61b) C:\WINDOWS\system32\clipsrv.exe

00:24:25.0234 4084 ClipSrv - ok

00:24:25.0265 4084 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

00:24:25.0281 4084 CmBatt - ok

00:24:25.0281 4084 CmdIde - ok

00:24:25.0296 4084 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

00:24:25.0296 4084 Compbatt - ok

00:24:25.0296 4084 COMSysApp - ok

00:24:25.0312 4084 Cpqarray - ok

00:24:25.0343 4084 CryptSvc (c78fbd718a49039ecd024605d855ba5a) C:\WINDOWS\System32\cryptsvc.dll

00:24:25.0343 4084 CryptSvc - ok

00:24:25.0359 4084 dac2w2k - ok

00:24:25.0359 4084 dac960nt - ok

00:24:25.0421 4084 DcomLaunch (917403736238a3aca3365e163c2e6d2d) C:\WINDOWS\system32\rpcss.dll

00:24:25.0421 4084 DcomLaunch - ok

00:24:25.0468 4084 Dhcp (306683ed71b00d297cd73bade50a8bd5) C:\WINDOWS\System32\dhcpcsvc.dll

00:24:25.0484 4084 Dhcp - ok

00:24:25.0515 4084 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

00:24:25.0515 4084 Disk - ok

00:24:25.0531 4084 dmadmin - ok

00:24:25.0578 4084 dmboot (1fa081387f3229721793da65aad8e9ca) C:\WINDOWS\system32\drivers\dmboot.sys

00:24:25.0593 4084 dmboot - ok

00:24:25.0625 4084 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys

00:24:25.0625 4084 DMICall - ok

00:24:25.0671 4084 dmio (124b0140d377cc4e44cf513dbb019c2f) C:\WINDOWS\system32\drivers\dmio.sys

00:24:25.0671 4084 dmio - ok

00:24:25.0703 4084 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

00:24:25.0703 4084 dmload - ok

00:24:25.0718 4084 dmserver (9c690c012ff38710ea3fee2984f43006) C:\WINDOWS\System32\dmserver.dll

00:24:25.0734 4084 dmserver - ok

00:24:25.0750 4084 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

00:24:25.0765 4084 DMusic - ok

00:24:25.0812 4084 Dnscache (72d05a51461f31e59ad6edff27c46aa9) C:\WINDOWS\System32\dnsrslvr.dll

00:24:25.0812 4084 Dnscache - ok

00:24:25.0828 4084 dpti2o - ok

00:24:25.0828 4084 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

00:24:25.0828 4084 drmkaud - ok

00:24:25.0875 4084 E100B (5182244c0bb338a7545306cb6ca1daba) C:\WINDOWS\system32\DRIVERS\e100b325.sys

00:24:25.0890 4084 E100B - ok

00:24:25.0921 4084 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys

00:24:25.0937 4084 eamon - ok

00:24:25.0968 4084 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys

00:24:25.0984 4084 ehdrv - ok

00:24:26.0265 4084 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET Smart Security\ekrn.exe

00:24:26.0281 4084 ekrn - ok

00:24:26.0328 4084 epfw (5ba193ca0ae31209aaa39939ce6736b2) C:\WINDOWS\system32\DRIVERS\epfw.sys

00:24:26.0343 4084 epfw - ok

00:24:26.0375 4084 Epfwndis (75d3bcd3e0eded0ab0f96d9a10ff01c9) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys

00:24:26.0375 4084 Epfwndis - ok

00:24:26.0390 4084 epfwtdi (dc64f26f35e32c9472bbf8acd84060d3) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys

00:24:26.0406 4084 epfwtdi - ok

00:24:26.0453 4084 ERSvc (8b8064d31bacb4f8371a1da3f0daf97e) C:\WINDOWS\System32\ersvc.dll

00:24:26.0453 4084 ERSvc - ok

00:24:26.0515 4084 Eventlog (2c7d9a00bc34aa9fb60ea8660ed9f9c3) C:\WINDOWS\system32\services.exe

00:24:26.0531 4084 Eventlog - ok

00:24:26.0593 4084 EventSystem (73b841941ab7a9dbf9dd7d63448cd3b9) C:\WINDOWS\system32\es.dll

00:24:26.0593 4084 EventSystem - ok

00:24:26.0687 4084 EvtEng (b0c6b8df9f20f84bdc9183dd520a8275) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

00:24:26.0703 4084 EvtEng - ok

00:24:26.0750 4084 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

00:24:26.0765 4084 Fastfat - ok

00:24:26.0843 4084 FastUserSwitchingCompatibility (a084032ec0ed343118c6c38d04a4a4a4) C:\WINDOWS\System32\shsvcs.dll

00:24:26.0843 4084 FastUserSwitchingCompatibility - ok

00:24:26.0906 4084 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

00:24:26.0906 4084 Fdc - ok

00:24:26.0953 4084 Fips (fffc25ccbe40efb0609bd249721aae83) C:\WINDOWS\system32\drivers\Fips.sys

00:24:26.0968 4084 Fips - ok

00:24:26.0984 4084 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

00:24:26.0984 4084 Flpydisk - ok

00:24:27.0031 4084 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

00:24:27.0031 4084 FltMgr - ok

00:24:27.0078 4084 FsVga (ab4983120e4e4527ae9ffe4177ecd6e7) C:\WINDOWS\system32\DRIVERS\fsvga.sys

00:24:27.0078 4084 FsVga - ok

00:24:27.0093 4084 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

00:24:27.0093 4084 Fs_Rec - ok

00:24:27.0125 4084 Ftdisk (38375a4d9582a08c14c928cc099b8836) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

00:24:27.0125 4084 Ftdisk - ok

00:24:27.0171 4084 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys

00:24:27.0171 4084 giveio - ok

00:24:27.0203 4084 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

00:24:27.0218 4084 Gpc - ok

00:24:27.0281 4084 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

00:24:27.0312 4084 HDAudBus - ok

00:24:27.0375 4084 helpsvc (a37732a722edeb76522e8c826abd87e5) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

00:24:27.0375 4084 helpsvc - ok

00:24:27.0390 4084 HidServ - ok

00:24:27.0437 4084 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

00:24:27.0437 4084 HidUsb - ok

00:24:27.0453 4084 hpn - ok

00:24:27.0515 4084 HSFHWAZL (7290fb97535c317a237d4c73149c7e2c) C:\WINDOWS\system32\DRIVERS\HSF_HWAZL.sys

00:24:27.0531 4084 HSFHWAZL - ok

00:24:27.0640 4084 HSF_DP (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

00:24:27.0671 4084 HSF_DP - ok

00:24:27.0703 4084 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

00:24:27.0718 4084 HSF_DPV - ok

00:24:27.0781 4084 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

00:24:27.0796 4084 HTTP - ok

00:24:27.0828 4084 HTTPFilter (c377bb41180c4def6481c691aa962917) C:\WINDOWS\System32\w3ssl.dll

00:24:27.0828 4084 HTTPFilter - ok

00:24:27.0843 4084 i2omgmt - ok

00:24:27.0859 4084 i2omp - ok

00:24:27.0906 4084 i8042prt (2a802d189fce734903c46cd5d8f5e3ec) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

00:24:27.0906 4084 i8042prt - ok

00:24:28.0031 4084 ialm (0c7b8efc2b1ac4cd62f4e7eafc864b95) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

00:24:28.0062 4084 ialm - ok

00:24:28.0109 4084 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

00:24:28.0109 4084 Imapi - ok

00:24:28.0140 4084 ImapiService (100781d36ae5ffbf0a96fc8ce57c31a7) C:\WINDOWS\system32\imapi.exe

00:24:28.0156 4084 ImapiService - ok

00:24:28.0171 4084 ini910u - ok

00:24:28.0437 4084 IntcAzAudAddService (51eb28d8602a9df0926cbbbd9997cbb9) C:\WINDOWS\system32\drivers\RtkHDAud.sys

00:24:28.0468 4084 IntcAzAudAddService - ok

00:24:28.0734 4084 IntelIde (064d4c00e64fd690965cc4d612ce03d6) C:\WINDOWS\system32\DRIVERS\intelide.sys

00:24:28.0734 4084 IntelIde - ok

00:24:28.0781 4084 intelppm (73a0033b129741374e6c90fa50dd0a1c) C:\WINDOWS\system32\DRIVERS\intelppm.sys

00:24:28.0781 4084 intelppm - ok

00:24:28.0828 4084 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

00:24:28.0828 4084 Ip6Fw - ok

00:24:28.0859 4084 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

00:24:28.0859 4084 IpFilterDriver - ok

00:24:28.0875 4084 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

00:24:28.0875 4084 IpInIp - ok

00:24:28.0921 4084 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

00:24:28.0921 4084 IpNat - ok

00:24:28.0968 4084 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

00:24:28.0968 4084 IPSec - ok

00:24:29.0015 4084 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

00:24:29.0031 4084 IRENUM - ok

00:24:29.0078 4084 isapnp (d81587ada44fed322419fc833e734441) C:\WINDOWS\system32\DRIVERS\isapnp.sys

00:24:29.0078 4084 isapnp - ok

00:24:29.0203 4084 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

00:24:29.0218 4084 JavaQuickStarterService - ok

00:24:29.0265 4084 Kbdclass (f7699fb067024b82e9ca8ffb86936923) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

00:24:29.0265 4084 Kbdclass - ok

00:24:29.0406 4084 Kingsoft Rescue Service (4b8641b890acd9496ae476e827f54580) D:\Program Files\kingsoft\KSM\ksmsvc.exe

00:24:29.0421 4084 Kingsoft Rescue Service - ok

00:24:29.0468 4084 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

00:24:29.0484 4084 kmixer - ok

00:24:29.0546 4084 ksapi (ee311b2fafb0d6cc52142dc48ec3983e) C:\WINDOWS\system32\drivers\ksapi.sys

00:24:29.0546 4084 ksapi - ok

00:24:29.0593 4084 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

00:24:29.0593 4084 KSecDD - ok

00:24:29.0656 4084 lanmanserver (98de81f0d34cad9569400b1510921d2f) C:\WINDOWS\System32\srvsvc.dll

00:24:29.0656 4084 lanmanserver - ok

00:24:29.0718 4084 lanmanworkstation (7dc92c2ac19b4888fd6c7733236f4505) C:\WINDOWS\System32\wkssvc.dll

00:24:29.0718 4084 lanmanworkstation - ok

00:24:29.0734 4084 lbrtfdc - ok

00:24:29.0781 4084 LmHosts (7b8a110aae74605fa301b1b249c4f561) C:\WINDOWS\System32\lmhsvc.dll

00:24:29.0796 4084 LmHosts - ok

00:24:29.0859 4084 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

00:24:29.0859 4084 MBAMProtector - ok

00:24:30.0078 4084 MBAMService (ba400ed640bca1eae5c727ae17c10207) H:\Malwarebytes' Anti-Malware\mbamservice.exe

00:24:30.0093 4084 MBAMService - ok

00:24:30.0296 4084 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

00:24:30.0312 4084 MDM - ok

00:24:30.0343 4084 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

00:24:30.0359 4084 mdmxsdk - ok

00:24:30.0375 4084 Messenger (682805e6394d20e2f2a3402a329f1ace) C:\WINDOWS\System32\msgsvc.dll

00:24:30.0390 4084 Messenger - ok

00:24:30.0421 4084 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

00:24:30.0421 4084 mnmdd - ok

00:24:30.0453 4084 mnmsrvc (d9972601d1bdc3f15275a6d0202b1e61) C:\WINDOWS\system32\mnmsrvc.exe

00:24:30.0468 4084 mnmsrvc - ok

00:24:30.0515 4084 Modem (f351113fd77b61b81bf7accada735789) C:\WINDOWS\system32\drivers\Modem.sys

00:24:30.0515 4084 Modem - ok

00:24:30.0687 4084 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

00:24:30.0718 4084 Monfilt - ok

00:24:30.0765 4084 Mouclass (f171bdcedaee9797a5bf47613f5456ac) C:\WINDOWS\system32\DRIVERS\mouclass.sys

00:24:30.0781 4084 Mouclass - ok

00:24:30.0812 4084 mouhid (692910b446d0b751b2462f3624c7b1a7) C:\WINDOWS\system32\DRIVERS\mouhid.sys

00:24:30.0812 4084 mouhid - ok

00:24:30.0859 4084 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

00:24:30.0859 4084 MountMgr - ok

00:24:30.0937 4084 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

00:24:30.0937 4084 MozillaMaintenance - ok

00:24:30.0953 4084 mraid35x - ok

00:24:31.0015 4084 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

00:24:31.0031 4084 MRxDAV - ok

00:24:31.0109 4084 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

00:24:31.0125 4084 MRxSmb - ok

00:24:31.0234 4084 MSCSPTISRV (7419d631c390c558a5a87484567babd5) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

00:24:31.0250 4084 MSCSPTISRV - ok

00:24:31.0265 4084 MSDTC (8461b089f14a35411b32b2fb4602bc11) C:\WINDOWS\system32\msdtc.exe

00:24:31.0281 4084 MSDTC - ok

00:24:31.0312 4084 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

00:24:31.0328 4084 Msfs - ok

00:24:31.0328 4084 MSIServer - ok

00:24:31.0375 4084 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

00:24:31.0390 4084 MSKSSRV - ok

00:24:31.0406 4084 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

00:24:31.0406 4084 MSPCLOCK - ok

00:24:31.0406 4084 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

00:24:31.0421 4084 MSPQM - ok

00:24:31.0468 4084 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

00:24:31.0468 4084 mssmbios - ok

00:24:31.0531 4084 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

00:24:31.0531 4084 Mup - ok

00:24:31.0593 4084 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

00:24:31.0593 4084 NDIS - ok

00:24:31.0640 4084 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

00:24:31.0640 4084 NdisTapi - ok

00:24:31.0656 4084 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

00:24:31.0671 4084 Ndisuio - ok

00:24:31.0687 4084 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

00:24:31.0687 4084 NdisWan - ok

00:24:31.0703 4084 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

00:24:31.0718 4084 NDProxy - ok

00:24:31.0734 4084 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

00:24:31.0734 4084 NetBIOS - ok

00:24:31.0781 4084 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

00:24:31.0781 4084 NetBT - ok

00:24:31.0812 4084 NetDDE (c8b34df15e22bc172e784d36d8210602) C:\WINDOWS\system32\netdde.exe

00:24:31.0828 4084 NetDDE - ok

00:24:31.0843 4084 NetDDEdsdm (c8b34df15e22bc172e784d36d8210602) C:\WINDOWS\system32\netdde.exe

00:24:31.0843 4084 NetDDEdsdm - ok

00:24:31.0875 4084 Netlogon (891600e79c38249028f1bacc1c6cc5d2) C:\WINDOWS\system32\lsass.exe

00:24:31.0890 4084 Netlogon - ok

00:24:31.0953 4084 Netman (d4ed3f567e04d99e3206a000211d1916) C:\WINDOWS\System32\netman.dll

00:24:31.0953 4084 Netman - ok

00:24:32.0000 4084 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

00:24:32.0015 4084 NIC1394 - ok

00:24:32.0093 4084 Nla (23794840ef8d25fda393debc22bc004f) C:\WINDOWS\System32\mswsock.dll

00:24:32.0093 4084 Nla - ok

00:24:32.0109 4084 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

00:24:32.0109 4084 Npfs - ok

00:24:32.0203 4084 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

00:24:32.0234 4084 Ntfs - ok

00:24:32.0234 4084 NtLmSsp (891600e79c38249028f1bacc1c6cc5d2) C:\WINDOWS\system32\lsass.exe

00:24:32.0250 4084 NtLmSsp - ok

00:24:32.0312 4084 NtmsSvc (d1c443e3fd1491d459bad3c29caa1cde) C:\WINDOWS\system32\ntmssvc.dll

00:24:32.0343 4084 NtmsSvc - ok

00:24:32.0375 4084 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

00:24:32.0390 4084 Null - ok

00:24:33.0375 4084 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

00:24:33.0906 4084 nv - ok

00:24:34.0125 4084 NVSvc (a8c1e6ff53fb0628a302843ea5fa5ab6) C:\WINDOWS\system32\nvsvc32.exe

00:24:34.0140 4084 NVSvc - ok

00:24:34.0187 4084 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

00:24:34.0187 4084 NwlnkFlt - ok

00:24:34.0203 4084 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

00:24:34.0203 4084 NwlnkFwd - ok

00:24:34.0234 4084 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

00:24:34.0234 4084 ohci1394 - ok

00:24:34.0312 4084 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

00:24:34.0312 4084 ose - ok

00:24:34.0421 4084 PACSPTISVR (778c309121067d83b8a48cdb658b4c17) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

00:24:34.0421 4084 PACSPTISVR - ok

00:24:34.0468 4084 Parport (f54a2e5de40b71317a5c2054439615a6) C:\WINDOWS\system32\drivers\Parport.sys

00:24:34.0468 4084 Parport - ok

00:24:34.0515 4084 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

00:24:34.0515 4084 PartMgr - ok

00:24:34.0562 4084 ParVdm (4f3fc4954972da46284641091deee02e) C:\WINDOWS\system32\drivers\ParVdm.sys

00:24:34.0562 4084 ParVdm - ok

00:24:34.0593 4084 PCI (2fe168cfccae0d8961f25ee611d301d4) C:\WINDOWS\system32\DRIVERS\pci.sys

00:24:34.0609 4084 PCI - ok

00:24:34.0625 4084 PCIDump - ok

00:24:34.0640 4084 PCIIde (a4d41f0279f405d6f5c19465aad82834) C:\WINDOWS\system32\DRIVERS\pciide.sys

00:24:34.0640 4084 PCIIde - ok

00:24:34.0671 4084 Pcmcia (837b61827a34845fc87e21cfb9aacd72) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

00:24:34.0687 4084 Pcmcia - ok

00:24:34.0734 4084 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\WINDOWS\system32\drivers\PCTCore.sys

00:24:34.0750 4084 PCTCore - ok

00:24:34.0796 4084 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys

00:24:34.0812 4084 pctDS - ok

00:24:34.0890 4084 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys

00:24:34.0921 4084 pctEFA - ok

00:24:34.0984 4084 pctgntdi (b76c829f00b9b534405b4ed5f58b8f52) C:\WINDOWS\system32\drivers\pctgntdi.sys

00:24:34.0984 4084 pctgntdi - ok

00:24:35.0046 4084 pctplsg (c5c488e6232b29f5744b8f7988a20730) C:\WINDOWS\system32\drivers\pctplsg.sys

00:24:35.0046 4084 pctplsg - ok

00:24:35.0062 4084 PDCOMP - ok

00:24:35.0078 4084 PDFRAME - ok

00:24:35.0093 4084 PDRELI - ok

00:24:35.0109 4084 PDRFRAME - ok

00:24:35.0125 4084 perc2 - ok

00:24:35.0140 4084 perc2hib - ok

00:24:35.0218 4084 PlugPlay (2c7d9a00bc34aa9fb60ea8660ed9f9c3) C:\WINDOWS\system32\services.exe

00:24:35.0218 4084 PlugPlay - ok

00:24:35.0250 4084 PolicyAgent (891600e79c38249028f1bacc1c6cc5d2) C:\WINDOWS\system32\lsass.exe

00:24:35.0250 4084 PolicyAgent - ok

00:24:35.0296 4084 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

00:24:35.0312 4084 PptpMiniport - ok

00:24:35.0328 4084 ProtectedStorage (891600e79c38249028f1bacc1c6cc5d2) C:\WINDOWS\system32\lsass.exe

00:24:35.0328 4084 ProtectedStorage - ok

00:24:35.0343 4084 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

00:24:35.0343 4084 PSched - ok

00:24:35.0390 4084 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

00:24:35.0390 4084 Ptilink - ok

00:24:35.0406 4084 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys

00:24:35.0406 4084 PxHelp20 - ok

00:24:35.0421 4084 ql1080 - ok

00:24:35.0437 4084 Ql10wnt - ok

00:24:35.0453 4084 ql12160 - ok

00:24:35.0468 4084 ql1240 - ok

00:24:35.0484 4084 ql1280 - ok

00:24:35.0515 4084 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

00:24:35.0531 4084 RasAcd - ok

00:24:35.0562 4084 RasAuto (73f57631d090770afda31dae9b84aa5c) C:\WINDOWS\System32\rasauto.dll

00:24:35.0562 4084 RasAuto - ok

00:24:35.0609 4084 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

00:24:35.0609 4084 Rasl2tp - ok

00:24:35.0640 4084 RasMan (a4e7d142f6a794563565836053a8491c) C:\WINDOWS\System32\rasmans.dll

00:24:35.0656 4084 RasMan - ok

00:24:35.0671 4084 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

00:24:35.0671 4084 RasPppoe - ok

00:24:35.0687 4084 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

00:24:35.0687 4084 Raspti - ok

00:24:35.0718 4084 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

00:24:35.0718 4084 Rdbss - ok

00:24:35.0750 4084 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

00:24:35.0750 4084 RDPCDD - ok

00:24:35.0796 4084 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

00:24:35.0796 4084 RDPWD - ok

00:24:35.0859 4084 RDSessMgr (f28de50c35113ac6f813121105c17552) C:\WINDOWS\system32\sessmgr.exe

00:24:35.0859 4084 RDSessMgr - ok

00:24:35.0890 4084 redbook (f720de7bfe7ae26846e7ebe9caf3f49a) C:\WINDOWS\system32\DRIVERS\redbook.sys

00:24:35.0906 4084 redbook - ok

00:24:35.0984 4084 RegSrvc (b44b1bf0107c55707494f5e83a17d35b) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

00:24:35.0984 4084 RegSrvc - ok

00:24:36.0031 4084 RemoteAccess (761dceac6eccef5aa38974d0cd53dee8) C:\WINDOWS\System32\mprdim.dll

00:24:36.0046 4084 RemoteAccess - ok

00:24:36.0078 4084 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

00:24:36.0078 4084 RFCOMM - ok

00:24:36.0125 4084 RpcLocator (cf55d680db483883fd0765449e2e1a53) C:\WINDOWS\system32\locator.exe

00:24:36.0125 4084 RpcLocator - ok

00:24:36.0203 4084 RpcSs (917403736238a3aca3365e163c2e6d2d) C:\WINDOWS\system32\rpcss.dll

00:24:36.0203 4084 RpcSs - ok

00:24:36.0250 4084 RSVP (53a79336f917ca1ff120043dcb74def8) C:\WINDOWS\system32\rsvp.exe

00:24:36.0265 4084 RSVP - ok

00:24:36.0312 4084 S24EventMonitor (2f7a8be42103918bbd4a30f62eda6931) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

00:24:36.0328 4084 S24EventMonitor - ok

00:24:36.0343 4084 s24trans (85a26a3bb748dfd3170cdbf45b0dd7fd) C:\WINDOWS\system32\DRIVERS\s24trans.sys

00:24:36.0343 4084 s24trans - ok

00:24:36.0359 4084 SamSs (891600e79c38249028f1bacc1c6cc5d2) C:\WINDOWS\system32\lsass.exe

00:24:36.0359 4084 SamSs - ok

00:24:36.0406 4084 SCardSvr (ea08e7fecd0d3b87299219a695ba6044) C:\WINDOWS\System32\SCardSvr.exe

00:24:36.0406 4084 SCardSvr - ok

00:24:36.0468 4084 Schedule (64d0e7a615a59670c61e7f3de9cc9b39) C:\WINDOWS\system32\schedsvc.dll

00:24:36.0468 4084 Schedule - ok

00:24:36.0546 4084 sdAuxService (a1089ac7683826e6c7c9fab9723dd80f) D:\Program Files\PC Tools Security\pctsAuxs.exe

00:24:36.0562 4084 sdAuxService - ok

00:24:36.0687 4084 sdCoreService (ed6c2efeb47524bff4d5e5109fb1a2bb) D:\Program Files\PC Tools Security\pctsSvc.exe

00:24:36.0718 4084 sdCoreService - ok

00:24:36.0781 4084 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

00:24:36.0781 4084 Secdrv - ok

00:24:36.0828 4084 seclogon (2027dd427d91a3b7488912ff75cffb2d) C:\WINDOWS\System32\seclogon.dll

00:24:36.0843 4084 seclogon - ok

00:24:36.0859 4084 SENS (da59bb205b7032312ea7725d3d4cbdd7) C:\WINDOWS\system32\sens.dll

00:24:36.0859 4084 SENS - ok

00:24:36.0906 4084 Serial (de0aa3fcae95d2339628f0caf013dfe1) C:\WINDOWS\system32\drivers\Serial.sys

00:24:36.0921 4084 Serial - ok

00:24:36.0953 4084 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

00:24:36.0953 4084 Sfloppy - ok

00:24:37.0031 4084 SharedAccess (1cc32420529b85d64a551b61ae9a17ab) C:\WINDOWS\System32\ipnathlp.dll

00:24:37.0046 4084 SharedAccess - ok

00:24:37.0125 4084 ShellHWDetection (a084032ec0ed343118c6c38d04a4a4a4) C:\WINDOWS\System32\shsvcs.dll

00:24:37.0125 4084 ShellHWDetection - ok

00:24:37.0140 4084 Simbad - ok

00:24:37.0203 4084 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys

00:24:37.0203 4084 SNC - ok

00:24:37.0218 4084 Sparrow - ok

00:24:37.0265 4084 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys

00:24:37.0281 4084 speedfan - ok

00:24:37.0312 4084 SPI (ad9436c46c10222b8f03405628a8cd86) C:\WINDOWS\system32\DRIVERS\SonyPI.sys

00:24:37.0312 4084 SPI - ok

00:24:37.0359 4084 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

00:24:37.0359 4084 splitter - ok

00:24:37.0390 4084 Spooler (38ebfab700f1b22ae84fdd87be6d1548) C:\WINDOWS\system32\spoolsv.exe

00:24:37.0390 4084 Spooler - ok

00:24:37.0546 4084 SPTISRV (9cab0a38deebd30f3c8fe9d9826f43b1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

00:24:37.0546 4084 SPTISRV - ok

00:24:37.0593 4084 sr (386b3576ec9959bde0331fb5fc648dba) C:\WINDOWS\system32\DRIVERS\sr.sys

00:24:37.0609 4084 sr - ok

00:24:37.0640 4084 srservice (dda0bc29483f867468a1f500c07e09f0) C:\WINDOWS\system32\srsvc.dll

00:24:37.0656 4084 srservice - ok

00:24:37.0718 4084 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

00:24:37.0734 4084 Srv - ok

00:24:37.0765 4084 SSDPSRV (516bb4c1fdeec32792faa09008416a9b) C:\WINDOWS\System32\ssdpsrv.dll

00:24:37.0781 4084 SSDPSRV - ok

00:24:37.0875 4084 SSScsiSV (45b83808bf5c9968c3259a48898c7dd5) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

00:24:37.0875 4084 SSScsiSV - ok

00:24:37.0953 4084 stisvc (dc750a7adc5ecb85a12729285fb72653) C:\WINDOWS\system32\wiaservc.dll

00:24:37.0968 4084 stisvc - ok

00:24:38.0015 4084 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

00:24:38.0015 4084 swenum - ok

00:24:38.0062 4084 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

00:24:38.0062 4084 swmidi - ok

00:24:38.0062 4084 SwPrv - ok

00:24:38.0078 4084 symc810 - ok

00:24:38.0078 4084 symc8xx - ok

00:24:38.0093 4084 sym_hi - ok

00:24:38.0109 4084 sym_u3 - ok

00:24:38.0125 4084 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

00:24:38.0125 4084 sysaudio - ok

00:24:38.0171 4084 SysmonLog (b7022b3616ca3f632c18426837ddf6de) C:\WINDOWS\system32\smlogsvc.exe

00:24:38.0171 4084 SysmonLog - ok

00:24:38.0203 4084 TapiSrv (5844738f1362b399e99bfe04f688b3be) C:\WINDOWS\System32\tapisrv.dll

00:24:38.0218 4084 TapiSrv - ok

00:24:38.0281 4084 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

00:24:38.0281 4084 Tcpip - ok

00:24:38.0328 4084 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

00:24:38.0328 4084 TDPIPE - ok

00:24:38.0359 4084 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

00:24:38.0359 4084 TDTCP - ok

00:24:38.0359 4084 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

00:24:38.0375 4084 TermDD - ok

00:24:38.0437 4084 TermService (ab5b2ac7ffb870673d6806e974bf2f52) C:\WINDOWS\System32\termsrv.dll

00:24:38.0437 4084 TermService - ok

00:24:38.0484 4084 TfFsMon (18d09508877e3f697866b39e9d0e6dcf) C:\WINDOWS\system32\drivers\TfFsMon.sys

00:24:38.0484 4084 TfFsMon - ok

00:24:38.0531 4084 TfNetMon (c657f352613d8e592efb54cc35f21f5e) C:\WINDOWS\system32\drivers\TfNetMon.sys

00:24:38.0531 4084 TfNetMon - ok

00:24:38.0546 4084 TFSysMon (71e3073419cfda8d60813c1502acc420) C:\WINDOWS\system32\drivers\TfSysMon.sys

00:24:38.0562 4084 TFSysMon - ok

00:24:38.0609 4084 Themes (a084032ec0ed343118c6c38d04a4a4a4) C:\WINDOWS\System32\shsvcs.dll

00:24:38.0609 4084 Themes - ok

00:24:38.0656 4084 ThreatFire - ok

00:24:38.0703 4084 tifmsony (fb481e8cd426d0e5f96a838a47390c94) C:\WINDOWS\system32\drivers\tifmsony.sys

00:24:38.0703 4084 tifmsony - ok

00:24:38.0718 4084 TosIde - ok

00:24:38.0765 4084 TrkWks (91bef237caaa97abf07ff235a7f2da7f) C:\WINDOWS\system32\trkwks.dll

00:24:38.0781 4084 TrkWks - ok

00:24:38.0859 4084 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

00:24:38.0859 4084 Udfs - ok

00:24:38.0875 4084 ultra - ok

00:24:38.0906 4084 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe

00:24:38.0906 4084 UMWdf - ok

00:24:38.0984 4084 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

00:24:38.0984 4084 Update - ok

00:24:39.0046 4084 upnphost (878d59d1e7415f799b06ab22fcbbaf06) C:\WINDOWS\System32\upnphost.dll

00:24:39.0062 4084 upnphost - ok

00:24:39.0093 4084 UPS (9cf73b37823794e0b30dd71137dcff1a) C:\WINDOWS\System32\ups.exe

00:24:39.0093 4084 UPS - ok

00:24:39.0125 4084 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

00:24:39.0140 4084 usbccgp - ok

00:24:39.0171 4084 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

00:24:39.0171 4084 usbehci - ok

00:24:39.0218 4084 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

00:24:39.0218 4084 usbhub - ok

00:24:39.0265 4084 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

00:24:39.0265 4084 USBSTOR - ok

00:24:39.0296 4084 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

00:24:39.0296 4084 usbuhci - ok

00:24:39.0484 4084 VAIO Entertainment TV Device Arbitration Service (82e39b3232baee4b6b943092fb042206) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

00:24:39.0484 4084 VAIO Entertainment TV Device Arbitration Service - ok

00:24:39.0593 4084 VAIO Event Service (66c78dc68c0c418c5d5e62745e9fd764) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

00:24:39.0609 4084 VAIO Event Service - ok

00:24:39.0625 4084 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

00:24:39.0625 4084 VgaSave - ok

00:24:39.0640 4084 ViaIde - ok

00:24:39.0687 4084 VolSnap (4594bda728648447ec10c49190bd37a7) C:\WINDOWS\system32\drivers\VolSnap.sys

00:24:39.0703 4084 VolSnap - ok

00:24:39.0765 4084 VSS (1ef0ef50df1679052b6fa1859dbb9662) C:\WINDOWS\System32\vssvc.exe

00:24:39.0781 4084 VSS - ok

00:24:39.0875 4084 VzCdbSvc (d8e244d4b3721170179f324603f460f0) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

00:24:39.0890 4084 VzCdbSvc - ok

00:24:39.0921 4084 VzFw (48b4ad23f8c37c5c525d01db9541d45b) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

00:24:39.0921 4084 VzFw - ok

00:24:40.0234 4084 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys

00:24:40.0375 4084 w29n51 - ok

00:24:40.0437 4084 W32Time (f8559534a2e23a44f0a03d53e3022519) C:\WINDOWS\system32\w32time.dll

00:24:40.0437 4084 W32Time - ok

00:24:40.0531 4084 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

00:24:40.0531 4084 Wanarp - ok

00:24:40.0546 4084 WDICA - ok

00:24:40.0593 4084 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

00:24:40.0593 4084 wdmaud - ok

00:24:40.0640 4084 WebClient (e806963a35cac59a355191957d0156fd) C:\WINDOWS\System32\webclnt.dll

00:24:40.0640 4084 WebClient - ok

00:24:40.0750 4084 winachsf (115946a53b62a6b171fd0ed197c71d52) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

00:24:40.0765 4084 winachsf - ok

00:24:40.0843 4084 winmgmt (ec735ce05be04b9e685479f59c7c4159) C:\WINDOWS\system32\wbem\WMIsvc.dll

00:24:40.0843 4084 winmgmt - ok

00:24:40.0937 4084 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll

00:24:40.0937 4084 WmdmPmSN - ok

00:24:41.0000 4084 WmiApSrv (5c23ddc43ba370a788eeb8c9aeb8b2db) C:\WINDOWS\system32\wbem\wmiapsrv.exe

00:24:41.0015 4084 WmiApSrv - ok

00:24:41.0062 4084 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

00:24:41.0062 4084 WS2IFSL - ok

00:24:41.0093 4084 wscsvc (89a37acd0ef00571a28c4e63d54b402f) C:\WINDOWS\system32\wscsvc.dll

00:24:41.0109 4084 wscsvc - ok

00:24:41.0187 4084 WZCSVC (5b5cfccae9c690432707014627ff3b36) C:\WINDOWS\System32\wzcsvc.dll

00:24:41.0234 4084 WZCSVC - ok

00:24:41.0265 4084 xmlprov (e581208b0b84caaeebe56a51b1bf9d6d) C:\WINDOWS\System32\xmlprov.dll

00:24:41.0265 4084 xmlprov - ok

00:24:41.0328 4084 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

00:24:41.0859 4084 \Device\Harddisk0\DR0 - ok

00:24:42.0156 4084 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk2\DR7

00:24:42.0812 4084 \Device\Harddisk2\DR7 - ok

00:24:42.0828 4084 Boot (0x1200) (c77b0489ff8851aa58d737bc9b960edb) \Device\Harddisk0\DR0\Partition0

00:24:42.0828 4084 \Device\Harddisk0\DR0\Partition0 - ok

00:24:42.0843 4084 Boot (0x1200) (6f700b46b70c8d210e0c006e1eebdc2c) \Device\Harddisk0\DR0\Partition1

00:24:42.0843 4084 \Device\Harddisk0\DR0\Partition1 - ok

00:24:42.0875 4084 Boot (0x1200) (c6c2f3459a575a4d29ab4fde7768fdb6) \Device\Harddisk0\DR0\Partition2

00:24:42.0875 4084 \Device\Harddisk0\DR0\Partition2 - ok

00:24:42.0875 4084 Boot (0x1200) (36c46a244181c2179b6d9e3a3831675f) \Device\Harddisk2\DR7\Partition0

00:24:42.0875 4084 \Device\Harddisk2\DR7\Partition0 - ok

00:24:42.0890 4084 ============================================================

00:24:42.0890 4084 Scan finished

00:24:42.0890 4084 ============================================================

00:24:42.0890 3416 Detected object count: 0

00:24:42.0890 3416 Actual detected object count: 0

Another file is attached.

Thank you very much for your help! :wub:

MBR.rar

Link to post
Share on other sites

Sorry I was away for a few days! I should have told you, sorry!

No worries. :)

What do you mean by "opt-out of the optional Avast scan"?

aswMBR includes a built-in Avast Antivirus scan... it's not necessary, so you can set aswMBR to not perform this scan if you don't wish to. ;)

The Kaspersky Rescue Disk is a bootable CD based version of Kaspersky Antivirus.

The download is in ISO format.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Download the Kaspersky Rescue Disk:

http://rescuedisk.ka...disk/updatable/ .

  • Burn the Kaspersky Rescue Disk ISO image to CD.
  • Insert the Kaspersky Rescue Disk CD into your CD/DVD drive and boot the computer (you may need to change the boot sequence in your system's BIOS to boot from the CD/DVD drive).
  • Follow the instructions in the initial text screen to press Enter to start Kaspersky AntiVirus.
  • Select your language (or wait a few seconds for the default English to load).
  • Your screen may go blank for several minutes while the program loads.
  • After the Kaspersky Rescue Disk loads, the database will be updated (if you have network connectivity)
    • Click the Update tab to view the update progress.
    • When the update has completed, click the Scan tab.

    [*]Place a checkmark in all the available drives to scan the entire system.

    [*]Click the "Security level" option, and select options.

    • Make sure "All Files" is selected
    • Under "Scan of compound files" ensure all options are selected and click the OK button.

    [*]Click the "On threat detection" option

    • Select "Do not prompt", "Disinfect", and "Delete if disinfection fails".

    [*]Click the "Start scan" button.

    [*]When the scan has completed, click the Reports button.

    • Click the Save button, and select your System drive (normally your C: drive)
    • In the "File name" box, name the file krd-log and click the Save button.
    • Click Close to close the Reports window.

    [*]Click the Exit button to close the Rescue Disk program and confirm.

    In the lower left of the screen, left-click the red K button, select Logout, and confirm.

    [*]The computer will shut down.

    [*]Restart the computer and reboot normally.

    [*]Please post the log (krd-log.txt) in your next reply.

Link to post
Share on other sites

Hi DFB,

Something not good, I have tried to run the scan in that disk many times, but it always stop in the middle, about 30%

Then it came up with a DOS window, it said"not enough room in the device", but I have room...

so 3 things got deleted but I can not go further

I will try again with another mode now and see what happens...

Sorry for the complication!

Link to post
Share on other sites

No worries. If you still have trouble with those steps, just go ahead with the following ;):

Please download to the Desktop RogueKiller (by tigzy).

  • Please quit all programs.
  • Start RogueKiller.exe.
  • Wait until Prescan has finished.
  • Click on Scan.
  • Click on Report and copy/paste the contents of the report in your next reply.

Link to post
Share on other sites

Finally, I managed to scan the computer with the kaspersky disk.

It just needs upgrading and I did not connect it to the internet to begin with, but now it's ok.

Here are the logs:

Objects Scan: malfunction (events: 5, objects: 0, time: Unknown)

6/12/12 3:48 PM Untreated: Worm.Win32.QQPass.s sda1/PegeFile.pif/UPX Postponed

6/12/12 3:48 PM Detected: Worm.Win32.QQPass.s sda1/PegeFile.pif/UPX

6/12/12 3:48 PM Untreated: Worm.Win32.AutoRun.hv sda1/autorun.inf Postponed

6/12/12 3:48 PM Detected: Worm.Win32.AutoRun.hv sda1/autorun.inf

6/12/12 3:48 PM Task started

Objects Scan: malfunction (events: 1, objects: 0, time: Unknown)

6/12/12 4:17 PM Task started

Objects Scan: completed 9 minutes ago (events: 73, objects: 604187, time: 02:35:21)

6/12/12 5:50 PM Task started

6/12/12 6:14 PM Detected: Rootkit.Boot.SST.a sda2/TDSSKiller_Quarantine/31.05.2012_13.55.51/mbr0000/mbr0000/tsk0001.dta/mbr

6/12/12 6:14 PM Detected: Rootkit.Boot.SST.a sda2/TDSSKiller_Quarantine/31.05.2012_13.55.51/mbr0000/mbr0000/tsk0000.dta

6/12/12 6:14 PM Untreated: Rootkit.Boot.SST.a sda2/TDSSKiller_Quarantine/31.05.2012_13.55.51/mbr0000/mbr0000/tsk0001.dta/mbr Write not supported

6/12/12 6:14 PM Untreated: Rootkit.Boot.SST.a sda2/TDSSKiller_Quarantine/31.05.2012_13.55.51/mbr0000/mbr0000/tsk0000.dta Cannot be disinfected

6/12/12 6:14 PM Deleted: Rootkit.Boot.SST.a sda2/TDSSKiller_Quarantine/31.05.2012_13.55.51/mbr0000/mbr0000/tsk0000.dta

6/12/12 6:14 PM Detected: Trojan.Win32.Tdss.ifoa sda2/TDSSKiller_Quarantine/31.05.2012_13.55.51/mbr0000/tdlfs0000/tsk0007.dta

6/12/12 6:14 PM Deleted: Trojan.Win32.Tdss.ifoa sda2/TDSSKiller_Quarantine/31.05.2012_13.55.51/mbr0000/tdlfs0000/tsk0007.dta

6/12/12 7:15 PM Processing error sda6/Tencent/QQ/Misc/LoginPanel/LoginPanel_LoginButton_background_background.bmp Read error

6/12/12 7:15 PM Processing error sda6/Tencent/QQ/Misc/LoginPanel/Button_restore_pushedBackground.bmp Read error

6/12/12 7:18 PM Processing error sda6/手机照片/DSC01435.JPG Read error

6/12/12 7:48 PM Detected: Trojan.Win32.Agent.dsyp sdb1/NOAHSARK/Backup Set 2010-11-19 231452/Backup Files 2010-11-19 231452/Backup files 6.zip/C/Users/rollsroyce rb211/AppData/Local/VirtualStore/Windows/System32/ngts.vao

6/12/12 7:48 PM Untreated: Trojan.Win32.Agent.dsyp sdb1/NOAHSARK/Backup Set 2010-11-19 231452/Backup Files 2010-11-19 231452/Backup files 6.zip/C/Users/rollsroyce rb211/AppData/Local/VirtualStore/Windows/System32/ngts.vao Write not supported

6/12/12 7:48 PM Detected: Trojan.Win32.Oficla.cxo sdb1/NOAHSARK/Backup Set 2010-11-19 231452/Backup Files 2010-11-19 231452/Backup files 6.zip/C/Users/rollsroyce rb211/AppData/Local/VirtualStore/Windows/System32/qvuo.sbo

6/12/12 7:48 PM Untreated: Trojan.Win32.Oficla.cxo sdb1/NOAHSARK/Backup Set 2010-11-19 231452/Backup Files 2010-11-19 231452/Backup files 6.zip/C/Users/rollsroyce rb211/AppData/Local/VirtualStore/Windows/System32/qvuo.sbo Write not supported

6/12/12 7:55 PM Processing error sdb1/仙剑3外传/仙剑3外传问情篇安装.rar Read error

6/12/12 8:03 PM Processing error sdb1/download/[仙剑奇侠传3中文完美版.新加入仙剑功略和地图~].setup.EXE Read error

6/12/12 8:03 PM Processing error sdb1/download/swd3/SWD3_Setup.exe Read error

6/12/12 8:03 PM Processing error sdb1/download/swd4/SWD4_Setup.exe Read error

6/12/12 8:09 PM Processing error sdb1/download/[幻想三国志2续缘篇].huanxiangsgz2.rar/huanxiangsgz2/FS2SP.dll Read error

6/12/12 8:09 PM Processing error sdb1/gujian/updates/TEMP/launcher.exe.gz Read error

6/12/12 8:09 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/extensions/DeviceCentral2LP-ja_JP/Assets/_22_680cfc26a268fbb626dab9237c737437 Read error

6/12/12 8:09 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/extensions/DeviceCentral2LP-ko_KR/Assets/_22_f8e64c938896842cde2bc00aff8b0047 Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/extensions/DeviceCentral2LP-zh_TW/Assets/_22_09d598a7fee7528162cb99f361e97a03 Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeAIR1.0/Adobe AIR/Versions/1.0/Adobe AIR Application Installer.swf Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeAIR1.0/Adobe AIR/Versions/1.0/Resources/NPSWF32.dll Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeAIR1.0/Adobe AIR/Versions/1.0/Resources/setup.swf Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeAIR1.0/setup.swf Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeALMAnchorService2-mul/AdobeALMAnchorService2-mul.msi/AdobeCustomActions.E35C3ECB_5FDA_49E1_AB1F_D472B7CB9017 Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeALMAnchorService2-mul/AdobeALMAnchorService2-mul.msi Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeAMP-mul/Adobe AIR/Versions/1.0/Adobe AIR Application Installer.swf Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeAMP-mul/Adobe AIR/Versions/1.0/Resources/NPSWF32.dll Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeAMP-mul/Adobe AIR/Versions/1.0/Resources/setup.swf Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeAMP-mul/adobe_media_player.air/AMP.swf Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeAMP-mul/setup.swf Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeAUM6.0All/AdobeAUM6.0All.msi/AdobeCustomActions.E35C3ECB_5FDA_49E1_AB1F_D472B7CB9017 Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeAUM6.0All/AdobeAUM6.0All.msi Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeAUM6.0All/AdobeAUM6.0All1.cab Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeBridge3All/AdobeBridge3All.msi/AdobeCustomActions.E35C3ECB_5FDA_49E1_AB1F_D472B7CB9017 Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeBridge3All/AdobeBridge3All.msi Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeBridge3All/AdobeBridge3All1.cab Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeCameraRaw5.0All/AdobeCameraRaw5.0All.msi/AdobeCustomActions.E35C3ECB_5FDA_49E1_AB1F_D472B7CB9017 Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeCameraRaw5.0All/AdobeCameraRaw5.0All.msi Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeCMaps2-mul/AdobeCMaps2-mul.msi/AdobeCustomActions.E35C3ECB_5FDA_49E1_AB1F_D472B7CB9017 Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeCMaps2-mul/AdobeCMaps2-mul.msi Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeConnect-mul/AdobeConnect-mul.msi/AdobeCustomActions.E35C3ECB_5FDA_49E1_AB1F_D472B7CB9017 Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeConnect-mul/AdobeConnect-mul.msi Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeConnect-mul/AdobeConnect-mul1.cab/_1_213597bb6533f286e91f0c208ba942c8 Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeConnect-mul/AdobeConnect-mul1.cab Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeCSIAll/AdobeCSIAll.msi/AdobeCustomActions.E35C3ECB_5FDA_49E1_AB1F_D472B7CB9017 Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeCSIAll/AdobeCSIAll.msi Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeCSIAll/AdobeCSIAll1.cab Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeCSIx64All/AdobeCSIx64All.msi/AdobeCustomActions.E35C3ECB_5FDA_49E1_AB1F_D472B7CB9017 Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeCSIx64All/AdobeCSIx64All.msi Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeCSIx64All/AdobeCSIx64All1.cab Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeDefaultLanguage2-mul/AdobeDefaultLanguage2-mul.msi/AdobeCustomActions.E35C3ECB_5FDA_49E1_AB1F_D472B7CB9017 Read error

6/12/12 8:10 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeDefaultLanguage2-mul/AdobeDefaultLanguage2-mul.msi Read error

6/12/12 8:11 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeDeviceCentral2-mul/AdobeDeviceCentral2-mul.msi/AdobeCustomActions.E35C3ECB_5FDA_49E1_AB1F_D472B7CB9017 Read error

6/12/12 8:11 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeDeviceCentral2-mul/AdobeDeviceCentral2-mul.msi Read error

6/12/12 8:11 PM Processing error sdb1/MiniPE/BJ2008.XPM.GZ Read error

6/12/12 8:11 PM Processing error sdb1/MiniPE/muifont.gz Read error

6/12/12 8:11 PM Processing error sdb1/MiniPE/WINPE.IS_ Read error

6/12/12 8:11 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeDreamweaver10-mul/AdobeDreamweaver10-mul.msi/AdobeCustomActions.E35C3ECB_5FDA_49E1_AB1F_D472B7CB9017 Read error

6/12/12 8:11 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar/Adobe CS4/Dreamweaver/Adobe CS4/payloads/AdobeDreamweaver10-mul/AdobeDreamweaver10-mul.msi Read error

6/12/12 8:12 PM Processing error sdb1/download/[奥多比网页製作工具].Adobe.Dreamweaver.CS4.v10.0.Multilingual.Incl.Keymaker-CORE.rar Read error

6/12/12 8:13 PM Processing error sdb1/download/[幻想三国志2续缘篇].huanxiangsgz2.rar Read error

6/12/12 8:19 PM Processing error sdb1/download/[bTpig]轩辕剑叁云和山的彼端v1.03繁体中文修正硬盘版.rar Read error

6/12/12 8:20 PM Processing error sdb1/download/[bTpig]轩辕剑外传苍之涛v1.04a简体中文硬盘版.rar Read error

6/12/12 8:21 PM Processing error sdb1/download/[bTpig]轩辕剑肆黑龙舞兮云飞扬v1.04b繁体中文硬盘版.rar Read error

6/12/12 8:24 PM Processing error sdb1/download/天河传说/[bTpig]天河传说v1.0简繁双语中文硬盘版.rar Read error

6/12/12 8:24 PM Processing error sdb1/download/轩辕剑5/[bTpig]轩辕剑5一剑凌云山海情v1.03简体中文硬盘版.rar Read error

6/12/12 8:25 PM Processing error sdb1/download/Premiere/[Adobe.Premiere.Pro.v2.0.WinXP.Incl.Keygen-SSG].ssgap2.rar Read error

6/12/12 8:26 PM Task completed

and this:

tatus: Detected (events: 3)

6/12/12 6:14 PM Detected Trojan program Rootkit.Boot.SST.a sda2/TDSSKiller_Quarantine/31.05.2012_13.55.51/mbr0000/mbr0000/tsk0001.dta//mbr High

6/12/12 7:48 PM Detected Trojan program Trojan.Win32.Agent.dsyp sdb1/NOAHSARK/Backup Set 2010-11-19 231452/Backup Files 2010-11-19 231452/Backup files 6.zip//C/Users/rollsroyce rb211/AppData/Local/VirtualStore/Windows/System32/ngts.vao High

6/12/12 7:48 PM Detected Trojan program Trojan.Win32.Oficla.cxo sdb1/NOAHSARK/Backup Set 2010-11-19 231452/Backup Files 2010-11-19 231452/Backup files 6.zip//C/Users/rollsroyce rb211/AppData/Local/VirtualStore/Windows/System32/qvuo.sbo High

(these 3 seems unable to clean, and the system did not suggest me to delete, so I left them as they are.)

Do I still need to download the RogueKiller?

Thanks!

Link to post
Share on other sites

RogueKiller Report: (because my computer said the system can not find the default folder, I have to type it manually) Do you know how to solve this? :unsure:

Registry: FOUND HJ HKLM SOFTWARE\Microsoft\Windows\c... 20D04... 1 HJ

Hosts:

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

[...]

MBR:

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HTS541040G9SA00 +++++

--- User ---

[MBR] 9f1f74d69b908e1aae36490ec2c6f8d2

[bSP] 8d846a3cb8f78dabc201c916d5682b31 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4769 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 9767520 | Size: 14307 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 39070080 | Size: 19069 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: Seagate FreeAgent GoFlex USB Device +++++

--- User ---

[MBR] 8599bb93a52b27c0b40a1217890ba2cf

[bSP] c0b40d974082ac477effec311dde9043 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238475 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

The rest (files and driver) please look at the attached pictures, Thanks! :wub:

post-112710-0-76687800-1339618207.jpg

post-112710-0-69359900-1339619805.png

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.