Jump to content

Google Redirect, My Secruity Shield, Malcious Websites, & DDS log


Recommended Posts

I was searching on Google yesterday when I started experience the Google Redirect Virus, I was able to pinpoint that it was Google when I went directly to the links that I wanted to go to in my URL bar instead of clicking on the link from Google. Shortly after that I had a pop-up for My Secruity Shield and my Internet Explorer displayed that the webpage (Google) was under a virus attack. I had never experienced either of these virus so I just clicked the X on the My Secruity Shield pop-up, intending to do a scan afterwards. Big mistake. My Secruity Shield infected my computer and made Windows Secruity Essentials unusable with Error code: 0x80070424. (Which as you probably know is the code for hijackware.) I hard-reset the computer and upon reboot My Secruity Shield was still active. I hard-reset again and this time I logged onto my other user. The other user appeared unaffected by My Security Shield except that Windows Secruity Essentials was still down. I then did some searching on the problem and followed the instructions at

http://www.bleepingcomputer.com/virus-removal/remove-my-security-shield

I did not do Step 20 as I had to get up for work in 6 hours and didn't have the time to sit up doing another download and then a scan. Also, I am still running RKill every time when I log onto my user that I was infected on.

Now My Secruity Shield seems to be gone and Malwarebytes is detecting (and blocking) malcious websites. The following is a list of the websites detected so far. All of them are in IP format.

78.41.203.125

206.161.121.3

64.34.127.185

195.80.148.5

There was also a 77.something that I was unable to screen cap in time.

I followed the instructions on the matter which were given by user BornSlippy at

http://forums.malwarebytes.org/index.php?showtopic=111851

who directed towards

http://forums.malwarebytes.org/index.php?showtopic=9573

I followed the directions and ran DDS, now I am posting my logs as instructed by Admin AdvancedSetup. (I also read somewhere not to attach the files because if any real-time interaction happened between my computer and any of yours, it would be possible that my computer would infect any computers that interacted with mine.

Below this point are the pasted logs.

LOGS TO BE POSTED AS NOTEPAD WON'T OPEN UNTIL I REBOOT.

Link to post
Share on other sites

  • Replies 56
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Hello screen317,

Thank you for the fast reply. At first I only clicked Run for the first time I used DDS and it did produce the two logs. Would you like that log from the first scan or just the scan from where I download DDS and save it? By the way what do you mean by "download DDS by sUBs"? I'm not familar with sUBs. Also, all websites are detected as "outgoing". I will now update MBAM, run the Quick Scan, and post the log.

Link to post
Share on other sites

Oh, "by" as in "created by". For some reason I thought you meant "by" as in "via". I have now updated MBAM from v2012.07.08.06 to v2012.07.08.07. MBAM has also detected more websites:

173.236.89.195

195.80.148.5

212.117.165.20

77.78.212.250 (I believe this one is the 77.something I was unable to screen cap earlier.)

MBAM Quick Scan is still scanning.

Also, I forgot to mention that My Secruity Essentials still suffers from that same error code even though My Secruity Shield seems to be removed and I also have a question. Should I continue to launch RKill every time I boot my computer or would it be interfering with the cleaning process? As of now, I am continuing to launch it upon start-up in an effort to stop any malcious processes from launching. (If there are any still attempting to launch, which I believe there is.)

Link to post
Share on other sites

Here's the MBAM Quick Scan log. Beginning DDS scan.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.08.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Nick :: RMPCOMPUTER [administrator]

Protection: Enabled

7/8/2012 7:01:54 PM

mbam-log-2012-07-08 (20-19-06).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 305581

Time elapsed: 1 hour(s), 16 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 1

C:\Program Files\Retrogamer_4w\bar\1.bin\4wSrcAs.dll (PUP.MyWebSearch) -> No action taken.

Registry Keys Detected: 17

HKCR\CLSID\{4cff1016-c2e2-4fdd-9c67-e32200c25ff9} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4CFF1016-C2E2-4FDD-9C67-E32200C25FF9} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4CFF1016-C2E2-4FDD-9C67-E32200C25FF9} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{d757dbfc-1494-4647-a8b3-abd654988dd8} (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D757DBFC-1494-4647-A8B3-ABD654988DD8} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D757DBFC-1494-4647-A8B3-ABD654988DD8} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D757DBFC-1494-4647-A8B3-ABD654988DD8} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{5fdf0490-af67-495b-921d-2257a38ed9fe} (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{dbaff658-ddd6-44bc-a78d-8d2d4dea210c} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{BC2B63F7-B977-4A42-B633-799390097080} (PUP.MyWebSearch) -> No action taken.

HKLM\SYSTEM\CurrentControlSet\Services\Retrogamer_4wService (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{03123bb6-a811-407e-b323-66cf0be510b1} (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03123BB6-A811-407E-B323-66CF0BE510B1} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{03123BB6-A811-407E-B323-66CF0BE510B1} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{03123BB6-A811-407E-B323-66CF0BE510B1} (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Retrogamer_4wbar Uninstall (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> No action taken.

Registry Values Detected: 4

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Retrogamer_4w Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\RETROG~2\bar\1.bin\4wbrmon.exe -> No action taken.

HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{4CFF1016-C2E2-4FDD-9C67-E32200C25FF9} (PUP.MyWebSearch) -> Data: -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Retrogamer Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\RETROG~2\bar\1.bin\4wsrchmn.exe" /m=2 /w /h -> No action taken.

HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\Nick\Local Settings\Application Data\{baebeb56-d64c-3f43-ac11-15634174457b}\n. -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 10

C:\Program Files\Retrogamer_4w\bar\1.bin\4wbrstub.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\Retrogamer_4w\bar\1.bin\4wbrmon.exe (PUP.MyWebSearch) -> No action taken.

C:\Program Files\Retrogamer_4w\bar\1.bin\4wauxstb.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\Retrogamer_4w\bar\1.bin\4wSrcAs.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\Retrogamer_4w\bar\1.bin\4wdlghk.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\Retrogamer_4w\bar\1.bin\4wieovr.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\Retrogamer_4w\bar\1.bin\4wSrchMn.exe (PUP.MyWebSearch) -> No action taken.

C:\Program Files\Retrogamer_4w\bar\1.bin\4wbarsvc.exe (PUP.MyWebSearch) -> No action taken.

C:\Program Files\Retrogamer_4w\bar\1.bin\4wbar.dll (PUP.MyWebSearch) -> No action taken.

C:\WINDOWS\assembly\GAC\Desktop.ini (Trojan.0access) -> No action taken.

(end)

Link to post
Share on other sites

DDS.txt from the saved to Desktop scan.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Nick at 20:21:44 on 2012-07-08

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.476 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\bgsvcgen.exe

C:\WINDOWS\system32\dldtcoms.exe

C:\Program Files\Common Files\Nuance\dgnsvc.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\DellTPad\Apoint.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Dell V305\dldtmon.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\PROGRA~1\RETROG~2\bar\1.bin\4wbrmon.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\PhotoStudio Expressions\PMMonitor.exe

C:\Program Files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Dell V305\dldtMsdMon.exe

C:\Program Files\DellTPad\Apntex.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

"C:\WINDOWS\System32\svchost.exe" -k LocalServiceDns

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

uURLSearchHooks: N/A: {4cff1016-c2e2-4fdd-9c67-e32200c25ff9} - c:\program files\retrogamer_4w\bar\1.bin\4wSrcAs.dll

mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Toolbar BHO: {03123bb6-a811-407e-b323-66cf0be510b1} - c:\progra~1\retrog~2\bar\1.bin\4wbar.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Search Assistant BHO: {d757dbfc-1494-4647-a8b3-abd654988dd8} - c:\program files\retrogamer_4w\bar\1.bin\4wSrcAs.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: RefresherBand Class: {b24ba06e-fb7b-4757-95c2-dc01125f750e} - c:\progra~1\yrefre~1\YREFRE~1.DLL

TB: Retrogamer: {3392cfec-56f8-41ee-bdb4-4e301efd2c93} - c:\program files\retrogamer_4w\bar\1.bin\4wbar.dll

TB: {00000000-0000-0000-0000-000000000000} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [dldtmon.exe] "c:\program files\dell v305\dldtmon.exe"

mRun: [dldtamon] "c:\program files\dell v305\dldtamon.exe"

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking11\Ereg.ini

mRun: [uSBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe

mRun: [uSB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [Retrogamer Search Scope Monitor] "c:\progra~1\retrog~2\bar\1.bin\4wsrchmn.exe" /m=2 /w /h

mRun: [Retrogamer_4w Browser Plugin Loader] c:\progra~1\retrog~2\bar\1.bin\4wbrmon.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\photostudio expressions\PMMonitor.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\videoc~1.lnk - c:\program files\panasonic\videocam suite 2\VideoCamSuiteAutoStart.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: mswsock.dll

Trusted Zone: vizzed.com\www

DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{2763F8DE-346C-4667-98D2-3993111B1FA6} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]

R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-7 654408]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-5-9 105984]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-7 22344]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-8 40776]

S1 coqicavp;coqicavp;\??\c:\windows\system32\drivers\coqicavp.sys --> c:\windows\system32\drivers\coqicavp.sys [?]

S1 eaquwnwq;eaquwnwq;\??\c:\windows\system32\drivers\eaquwnwq.sys --> c:\windows\system32\drivers\eaquwnwq.sys [?]

S1 fdjdopff;fdjdopff;\??\c:\windows\system32\drivers\fdjdopff.sys --> c:\windows\system32\drivers\fdjdopff.sys [?]

S1 gxxbvgwq;gxxbvgwq;\??\c:\windows\system32\drivers\gxxbvgwq.sys --> c:\windows\system32\drivers\gxxbvgwq.sys [?]

S1 hfciwqcu;hfciwqcu;\??\c:\windows\system32\drivers\hfciwqcu.sys --> c:\windows\system32\drivers\hfciwqcu.sys [?]

S1 ieakgnib;ieakgnib;\??\c:\windows\system32\drivers\ieakgnib.sys --> c:\windows\system32\drivers\ieakgnib.sys [?]

S1 nqjuhdju;nqjuhdju;\??\c:\windows\system32\drivers\nqjuhdju.sys --> c:\windows\system32\drivers\nqjuhdju.sys [?]

S1 otvwtogq;otvwtogq;\??\c:\windows\system32\drivers\otvwtogq.sys --> c:\windows\system32\drivers\otvwtogq.sys [?]

S1 pljvprgz;pljvprgz;\??\c:\windows\system32\drivers\pljvprgz.sys --> c:\windows\system32\drivers\pljvprgz.sys [?]

S1 qlsgyfda;qlsgyfda;\??\c:\windows\system32\drivers\qlsgyfda.sys --> c:\windows\system32\drivers\qlsgyfda.sys [?]

S1 qvikqtje;qvikqtje;\??\c:\windows\system32\drivers\qvikqtje.sys --> c:\windows\system32\drivers\qvikqtje.sys [?]

S1 skkbnvwa;skkbnvwa;\??\c:\windows\system32\drivers\skkbnvwa.sys --> c:\windows\system32\drivers\skkbnvwa.sys [?]

S1 zbuqofzb;zbuqofzb;\??\c:\windows\system32\drivers\zbuqofzb.sys --> c:\windows\system32\drivers\zbuqofzb.sys [?]

S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2009-6-8 99568]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]

S2 Retrogamer_4wService;RetrogamerService;c:\progra~1\retrog~2\bar\1.bin\4wbarsvc.exe [2011-12-19 42504]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-17 253088]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]

.

=============== Created Last 30 ================

.

2012-07-08 22:59:25 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-07-08 03:34:26 -------- d-----w- c:\documents and settings\nick\application data\Malwarebytes

2012-07-08 00:24:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-07-08 00:24:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-08 00:24:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-07 00:15:20 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d1a3555e-3809-41f6-963b-fa134658127b}\mpengine.dll

2012-07-05 18:53:19 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

.

==================== Find3M ====================

.

2012-05-16 01:55:53 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-05-16 01:55:52 476960 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-05-16 01:55:52 472864 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-02 17:59:00 1409 ----a-w- c:\windows\QTFont.for

2012-04-17 13:44:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-17 13:44:38 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

============= FINISH: 20:24:05.93 ===============

Link to post
Share on other sites

  • Staff

Hi,

I recommend uninstalling all of the following:

Yahoo! Toolbar

Ask Toolbar (anything ASK related)

Retrogamer Bar

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Ask, Retrogamer and Yahoo! toolbars were all uninstalled via Add or Remove Programs under Control Panel. Currently MBAM is blocking a malcious process from launching on every startup. If you need any logs and/or the message MBAM is giving me let me know. I successfully downloaded ComboFix and then began following the guide at the link you gave me. When I went to disable Windows Firewall I got the following message from Windows Firewall saying "Due to an unidentified problem, Windows cannot display Windows Firewall settings." The only button is "OK". I am unable to access the settings required to disable Windows Firewall in order to take the "preventative measures so that there are no conflicts with other programs when running ComboFix."

Link to post
Share on other sites

  • Staff

Hi,

Post the exact message from MBAM.

Ignore the Windows Firewall warning for now.

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall

See if it will run successfully now. Stop it after half an hour of no activity.

Link to post
Share on other sites

You're welcome. After all, it is important to keep the person helping me well updated. I am now back on the infected computer. The following is the exact message I am getting from MBAM on every startup.

Malwarebytes Anti-Malware has detected a malicious process attempting to

start and has blocked the execution attempt. Please select an option below.

C:\DOCUMENTS AND SETTINGS\NICK\LOCAL SETTINGS\APPLICATION

DATA\{BAEBEB56-D64C-3F43-AC11-15634174457B}\U\80000000.@

TROJAN.SIREFEF

Disable Protection Ignore Quarantine

I have always been selecting Quarantine on every startup of course.

As I am typing this, MBAM has just auto-updated from v2012.07.10.06 to v2012.07.13.06.

I am now beginning the uninstall of ComboFix in order to reinstall it as sega.com.

Link to post
Share on other sites

My wording of that last sentence was poor. Originally I thought that Combofix.exe would be in Add or Remove Programs. It was not, and then I remembered your wording of "delete" instead of "uninstall", which lead me to right click on ComboFix.exe and select Delete.

I am now beginning the download of ComboFix under the name of sega.com.

Link to post
Share on other sites

When I went to boot from Safe Mode, the computer began the boot process. However, when the screen displayed the following:

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\pci.sys

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\isapnp.sys

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\compbatt.sys

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\BATTC.SYS

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\pciide.sys

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\MountMyr.sys

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\ftdisk.sys

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\PartMgr.sys

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\VolSnap.sys

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\atapi.sys

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\drivers\iaStor.sys

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\disk.sys

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\drivers\fltmgr.sys

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\sr.sys

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\MpFilter.sys

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\PxHelp20.sys

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\KSecDD.sys

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\Ntfs.sys

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\NDIS.sys

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\ohci1394.sys

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\1394BUS.SYS

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\Mup.sys

The screen froze for a few seconds and then displayed the "blue screen of death" with the following message:

A problem has been detected and Windows has been shut down to prevent damage

to your computer.

If this is the first time you've seen this Stop error screen,

restart your computer. If this screen appears again, follow

these steps:

Check to be sure you have adequate disk space, If a driver is

identified in the Stop message, disable the driver or check

with the manufacturer for driver updates. Try changing video

adapters.

Check with your hardware vendor for any BIOS updates. Disable

BIOS memory options such as caching or shadowing. If you need

to use Safe Mode to remove or disable components, restart your

computer, press F8 to select Advanced Startup Options, and then

select Safe Mode.

Technical information:

*** STOP: 0x0000007E (0xX0000005, 0xF7898160, 0xF78DE864, 0xF78DE560)

*** kdcom.dll - Address F7898160 base at F7897000, DateStamp 4f8f0f42

I restarted the computer and tried Safe Mode again with the same exact response from the computer. I even restarted from the user select screen and then tried Safe Mode. The same thing happened.

When I booted normally to type this message, MBAM displayed the same message as always, blocking the malcious process. However, this time when I clicked Quarantine it displayed the following message:

Malwarebytes Anti-Malware has detected a malicious process attempting to start and has blocked the execution attempt. Please select an option below.

C:\DOCUMENTS AND SETTINGS\NICK\LOCAL SETTINGS\APPLICATION

DATA\{BAEBEB56-D64C-3F43-AC11-15634174457B}\U\00000004.@

ROOTKIT.0ACCESS

Link to post
Share on other sites

When I booted normally to type this message, MBAM displayed the same message as always, blocking the malcious process. However, this time when I clicked Quarantine it displayed the following message:

Malwarebytes Anti-Malware has detected a malicious process attempting to start and has blocked the execution attempt. Please select an option below.

C:\DOCUMENTS AND SETTINGS\NICK\LOCAL SETTINGS\APPLICATION

DATA\{BAEBEB56-D64C-3F43-AC11-15634174457B}\U\00000004.@

ROOTKIT.0ACCESS

Of course I clicked "Quarantine" for that message as well.

Some information I forgot to mention:

The download of ComboFix as sega.com was successful. This time, instead of the the Thundercats logo, it displays the the "blank white window" logo.

Also, MBAM is asking to download and install the latest version, despite that it just did an auto-update. As of now, I have taken no action towards it.

Link to post
Share on other sites

sega.com prompted me with an update which I clicked "No." because I have no idea if the download link you gave me was the exact version I should use or if I should update it. It seemed to install correctly and the blue screen for Command Prompt came up. However it did not display "Please wait. ComboFix is preparing to run." It just stayed blank and I attempted to stop it after 30 minutes of no activity. The X button did nothing and Task Manager wouldn't launch either. So I just ended up having to hold the power button.

Upon reboot, my firewall is now turned off. Before I couldn't get to the settings to do so, but now it's off.

Should I have updated ComboFix? (sega.com)

Link to post
Share on other sites

Windows Firefall is off, I turned MBAM off as Bleeping Computer's guide instructs and again I launched sega.com via that command you gave me, this time accepting the update, ComboFix extracted/installed and then launched. It never displayed "Please wait. ComboFix is preparing to run." It backed up the Windows Registry before launching Command Prompt and when it did launch Command Prompt, it displayed the same blue screen as it's supposed to have. Once again, it did not display any more text nor disconnect my computer from the internet when it was supposed to. After 30 minutes of no activity I attempted to close it. The X button didn't work and I could not launch Task Manager so I held the power button, same as before.

Link to post
Share on other sites

  • Staff

Okay we will skip that for now.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time)
  • Please post the contents of that log in your next reply.

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Link to post
Share on other sites

Something I just noticed before the TDSSKiller scan is that MBAM was no longer displaying the two messages on start-up anymore. If I'm remembering correctly, it stopped displaying those messages on start-up 2 days ago. However, I specifically noticed that they were no longer being displayed after the reboot with TDSSKiller.

As the log probably tells you, TDSSKiller took the action of "Cure" when it encountered Rootkit.Boot.Pihar.c and it quarantined 15 other objects. Rootkit was the only threat detected.

TDSSKiller only processed 354 objects (which seems about right for a scan duration of 1 minute and 16 seconds.) Is processing only 354 objects normal?

The following is the TDSSKiller log.

Link to post
Share on other sites

Oops, I mistakenly clicked "Post" before pasting the log. Sorry about that.

18:03:50.0609 3880 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11

18:03:51.0000 3880 ============================================================

18:03:51.0000 3880 Current date / time: 2012/07/19 18:03:51.0000

18:03:51.0000 3880 SystemInfo:

18:03:51.0000 3880

18:03:51.0000 3880 OS Version: 5.1.2600 ServicePack: 3.0

18:03:51.0000 3880 Product type: Workstation

18:03:51.0000 3880 ComputerName: RMPCOMPUTER

18:03:51.0000 3880 UserName: Nick

18:03:51.0000 3880 Windows directory: C:\WINDOWS

18:03:51.0000 3880 System windows directory: C:\WINDOWS

18:03:51.0000 3880 Processor architecture: Intel x86

18:03:51.0000 3880 Number of processors: 1

18:03:51.0000 3880 Page size: 0x1000

18:03:51.0000 3880 Boot type: Normal boot

18:03:51.0000 3880 ============================================================

18:03:51.0609 3880 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

18:03:51.0609 3880 ============================================================

18:03:51.0609 3880 \Device\Harddisk0\DR0:

18:03:51.0609 3880 MBR partitions:

18:03:51.0609 3880 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0xD3DB104

18:03:51.0625 3880 ============================================================

18:03:51.0687 3880 C: <-> \Device\Harddisk0\DR0\Partition0

18:03:51.0687 3880 ============================================================

18:03:51.0687 3880 Initialize success

18:03:51.0687 3880 ============================================================

18:03:53.0578 0800 ============================================================

18:03:53.0578 0800 Scan started

18:03:53.0578 0800 Mode: Manual;

18:03:53.0578 0800 ============================================================

18:03:54.0343 0800 Abiosdsk - ok

18:03:54.0453 0800 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

18:03:54.0453 0800 abp480n5 - ok

18:03:54.0531 0800 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

18:03:54.0531 0800 ac97intc - ok

18:03:54.0593 0800 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:03:54.0593 0800 ACPI - ok

18:03:54.0656 0800 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

18:03:54.0656 0800 ACPIEC - ok

18:03:54.0750 0800 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

18:03:54.0750 0800 AdobeFlashPlayerUpdateSvc - ok

18:03:54.0796 0800 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

18:03:54.0796 0800 adpu160m - ok

18:03:54.0843 0800 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:03:54.0843 0800 aec - ok

18:03:54.0906 0800 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys

18:03:54.0906 0800 Afc - ok

18:03:54.0953 0800 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

18:03:54.0953 0800 AFD - ok

18:03:55.0031 0800 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

18:03:55.0031 0800 agp440 - ok

18:03:55.0078 0800 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

18:03:55.0078 0800 agpCPQ - ok

18:03:55.0171 0800 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

18:03:55.0171 0800 Aha154x - ok

18:03:55.0234 0800 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

18:03:55.0234 0800 aic78u2 - ok

18:03:55.0296 0800 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

18:03:55.0296 0800 aic78xx - ok

18:03:55.0390 0800 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

18:03:55.0390 0800 Alerter - ok

18:03:55.0453 0800 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

18:03:55.0453 0800 ALG - ok

18:03:55.0484 0800 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

18:03:55.0484 0800 AliIde - ok

18:03:55.0515 0800 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

18:03:55.0515 0800 alim1541 - ok

18:03:55.0546 0800 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

18:03:55.0546 0800 amdagp - ok

18:03:55.0578 0800 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

18:03:55.0578 0800 amsint - ok

18:03:55.0640 0800 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

18:03:55.0640 0800 ApfiltrService - ok

18:03:55.0703 0800 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

18:03:55.0718 0800 APPDRV - ok

18:03:55.0718 0800 AppMgmt - ok

18:03:55.0781 0800 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

18:03:55.0781 0800 Arp1394 - ok

18:03:55.0828 0800 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

18:03:55.0828 0800 asc - ok

18:03:55.0859 0800 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

18:03:55.0859 0800 asc3350p - ok

18:03:55.0921 0800 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

18:03:55.0921 0800 asc3550 - ok

18:03:56.0046 0800 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

18:03:56.0062 0800 aspnet_state - ok

18:03:56.0109 0800 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:03:56.0109 0800 AsyncMac - ok

18:03:56.0156 0800 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:03:56.0156 0800 atapi - ok

18:03:56.0171 0800 Atdisk - ok

18:03:56.0250 0800 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:03:56.0250 0800 Atmarpc - ok

18:03:56.0312 0800 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

18:03:56.0312 0800 AudioSrv - ok

18:03:56.0375 0800 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:03:56.0375 0800 audstub - ok

18:03:56.0562 0800 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

18:03:56.0593 0800 BCM43XX - ok

18:03:56.0687 0800 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:03:56.0687 0800 Beep - ok

18:03:56.0750 0800 bgsvcgen (acc9c8c560c567fad6f79c977ab2ea09) C:\WINDOWS\system32\bgsvcgen.exe

18:03:56.0750 0800 bgsvcgen - ok

18:03:56.0796 0800 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

18:03:56.0796 0800 BITS - ok

18:03:56.0843 0800 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

18:03:56.0843 0800 Browser - ok

18:03:56.0984 0800 catchme - ok

18:03:57.0031 0800 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

18:03:57.0031 0800 cbidf - ok

18:03:57.0046 0800 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:03:57.0046 0800 cbidf2k - ok

18:03:57.0125 0800 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

18:03:57.0125 0800 CCDECODE - ok

18:03:57.0187 0800 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

18:03:57.0187 0800 cd20xrnt - ok

18:03:57.0250 0800 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:03:57.0250 0800 Cdaudio - ok

18:03:57.0265 0800 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:03:57.0281 0800 Cdfs - ok

18:03:57.0296 0800 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys

18:03:57.0296 0800 cdrbsdrv - ok

18:03:57.0312 0800 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:03:57.0312 0800 Cdrom - ok

18:03:57.0328 0800 Changer - ok

18:03:57.0375 0800 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

18:03:57.0375 0800 CiSvc - ok

18:03:57.0406 0800 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

18:03:57.0406 0800 ClipSrv - ok

18:03:57.0531 0800 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:03:57.0578 0800 clr_optimization_v2.0.50727_32 - ok

18:03:57.0593 0800 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

18:03:57.0593 0800 CmBatt - ok

18:03:57.0625 0800 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

18:03:57.0625 0800 CmdIde - ok

18:03:57.0671 0800 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

18:03:57.0671 0800 Compbatt - ok

18:03:57.0687 0800 COMSysApp - ok

18:03:57.0703 0800 coqicavp - ok

18:03:57.0750 0800 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

18:03:57.0750 0800 Cpqarray - ok

18:03:57.0812 0800 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

18:03:57.0812 0800 CryptSvc - ok

18:03:58.0062 0800 da6c4568 - ok

18:03:58.0218 0800 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

18:03:58.0218 0800 dac2w2k - ok

18:03:58.0250 0800 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

18:03:58.0250 0800 dac960nt - ok

18:03:58.0312 0800 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys

18:03:58.0312 0800 DCamUSBEMPIA - ok

18:03:58.0390 0800 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

18:03:58.0390 0800 DcomLaunch - ok

18:03:58.0437 0800 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

18:03:58.0437 0800 Dhcp - ok

18:03:58.0484 0800 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:03:58.0484 0800 Disk - ok

18:03:58.0640 0800 dldtCATSCustConnectService (65478ed59558e70cafc766734616a7d7) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe

18:03:58.0640 0800 dldtCATSCustConnectService - ok

18:03:58.0640 0800 dldt_device - ok

18:03:58.0656 0800 dmadmin - ok

18:03:58.0734 0800 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

18:03:58.0750 0800 dmboot - ok

18:03:58.0781 0800 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

18:03:58.0796 0800 dmio - ok

18:03:58.0828 0800 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:03:58.0828 0800 dmload - ok

18:03:58.0906 0800 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

18:03:58.0906 0800 dmserver - ok

18:03:58.0937 0800 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:03:58.0937 0800 DMusic - ok

18:03:58.0984 0800 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

18:03:58.0984 0800 Dnscache - ok

18:03:59.0046 0800 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

18:03:59.0046 0800 Dot3svc - ok

18:03:59.0078 0800 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

18:03:59.0078 0800 dpti2o - ok

18:03:59.0187 0800 DragonSvc (bb45013a0e6ec0f39be4ef663ff2e993) C:\Program Files\Common Files\Nuance\dgnsvc.exe

18:03:59.0187 0800 DragonSvc - ok

18:03:59.0250 0800 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:03:59.0250 0800 drmkaud - ok

18:03:59.0296 0800 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

18:03:59.0296 0800 E100B - ok

18:03:59.0328 0800 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

18:03:59.0328 0800 EapHost - ok

18:03:59.0328 0800 eaquwnwq - ok

18:03:59.0390 0800 emAudio (200da4f1964c11b3c19a07f937394624) C:\WINDOWS\system32\drivers\emAudio.sys

18:03:59.0390 0800 emAudio - ok

18:03:59.0437 0800 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

18:03:59.0437 0800 ERSvc - ok

18:03:59.0515 0800 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

18:03:59.0515 0800 Eventlog - ok

18:03:59.0593 0800 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

18:03:59.0593 0800 EventSystem - ok

18:03:59.0718 0800 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:03:59.0718 0800 Fastfat - ok

18:03:59.0796 0800 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:03:59.0796 0800 FastUserSwitchingCompatibility - ok

18:03:59.0859 0800 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

18:03:59.0859 0800 Fax - ok

18:03:59.0906 0800 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

18:03:59.0906 0800 Fdc - ok

18:03:59.0921 0800 fdjdopff - ok

18:03:59.0968 0800 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys

18:03:59.0968 0800 FiltUSBEMPIA - ok

18:04:00.0031 0800 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

18:04:00.0031 0800 Fips - ok

18:04:00.0046 0800 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

18:04:00.0046 0800 Flpydisk - ok

18:04:00.0078 0800 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

18:04:00.0078 0800 FltMgr - ok

18:04:00.0312 0800 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

18:04:00.0328 0800 FontCache3.0.0.0 - ok

18:04:00.0375 0800 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:04:00.0390 0800 Fs_Rec - ok

18:04:00.0406 0800 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:04:00.0406 0800 Ftdisk - ok

18:04:00.0546 0800 GameConsoleService (bc4d691a2f3339fe89726d4959c79996) C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe

18:04:00.0546 0800 GameConsoleService - ok

18:04:00.0609 0800 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

18:04:00.0609 0800 GoToAssist - ok

18:04:00.0734 0800 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:04:00.0734 0800 Gpc - ok

18:04:01.0078 0800 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

18:04:01.0078 0800 gupdate - ok

18:04:01.0078 0800 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

18:04:01.0093 0800 gupdatem - ok

18:04:01.0093 0800 gxxbvgwq - ok

18:04:01.0203 0800 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys

18:04:01.0203 0800 hamachi - ok

18:04:01.0250 0800 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

18:04:01.0265 0800 HDAudBus - ok

18:04:01.0562 0800 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

18:04:01.0562 0800 helpsvc - ok

18:04:01.0578 0800 hfciwqcu - ok

18:04:01.0578 0800 HidServ - ok

18:04:01.0656 0800 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:04:01.0656 0800 HidUsb - ok

18:04:01.0890 0800 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

18:04:01.0890 0800 hkmsvc - ok

18:04:02.0078 0800 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

18:04:02.0078 0800 hpn - ok

18:04:02.0375 0800 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

18:04:02.0390 0800 hpqcxs08 - ok

18:04:02.0531 0800 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

18:04:02.0531 0800 hpqddsvc - ok

18:04:02.0609 0800 HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

18:04:02.0609 0800 HPSLPSVC - ok

18:04:02.0671 0800 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

18:04:02.0671 0800 HPZid412 - ok

18:04:02.0718 0800 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

18:04:02.0718 0800 HPZipr12 - ok

18:04:02.0765 0800 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

18:04:02.0765 0800 HPZius12 - ok

18:04:02.0859 0800 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

18:04:02.0859 0800 HSFHWAZL - ok

18:04:03.0343 0800 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

18:04:03.0359 0800 HSF_DPV - ok

18:04:03.0421 0800 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:04:03.0421 0800 HTTP - ok

18:04:03.0515 0800 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

18:04:03.0515 0800 HTTPFilter - ok

18:04:03.0593 0800 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

18:04:03.0625 0800 i2omgmt - ok

18:04:03.0734 0800 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

18:04:03.0750 0800 i2omp - ok

18:04:03.0953 0800 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:04:03.0953 0800 i8042prt - ok

18:04:05.0218 0800 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

18:04:05.0734 0800 ialm - ok

18:04:06.0140 0800 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\drivers\iaStor.sys

18:04:06.0140 0800 iaStor - ok

18:04:06.0890 0800 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

18:04:07.0125 0800 idsvc - ok

18:04:07.0140 0800 ieakgnib - ok

18:04:07.0406 0800 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:04:07.0421 0800 Imapi - ok

18:04:07.0625 0800 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

18:04:07.0625 0800 ImapiService - ok

18:04:07.0750 0800 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

18:04:07.0750 0800 ini910u - ok

18:04:08.0062 0800 IntcHdmiAddService (99d47d1cf700982b37cce16b068449f0) C:\WINDOWS\system32\drivers\IntcHdmi.sys

18:04:08.0062 0800 IntcHdmiAddService - ok

18:04:08.0093 0800 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

18:04:08.0093 0800 IntelIde - ok

18:04:08.0203 0800 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:04:08.0203 0800 intelppm - ok

18:04:08.0296 0800 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

18:04:08.0296 0800 Ip6Fw - ok

18:04:08.0437 0800 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:04:08.0453 0800 IpFilterDriver - ok

18:04:08.0609 0800 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:04:08.0609 0800 IpInIp - ok

18:04:09.0015 0800 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:04:09.0015 0800 IpNat - ok

18:04:09.0125 0800 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:04:09.0125 0800 IPSec - ok

18:04:09.0187 0800 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:04:09.0187 0800 IRENUM - ok

18:04:09.0328 0800 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:04:09.0328 0800 isapnp - ok

18:04:09.0500 0800 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe

18:04:09.0500 0800 JavaQuickStarterService - ok

18:04:09.0625 0800 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:04:09.0625 0800 Kbdclass - ok

18:04:10.0031 0800 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:04:10.0031 0800 kmixer - ok

18:04:10.0500 0800 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:04:10.0500 0800 KSecDD - ok

18:04:10.0734 0800 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

18:04:10.0734 0800 lanmanserver - ok

18:04:10.0828 0800 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

18:04:10.0828 0800 lanmanworkstation - ok

18:04:10.0843 0800 lbrtfdc - ok

18:04:10.0906 0800 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

18:04:10.0906 0800 LmHosts - ok

18:04:11.0015 0800 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys

18:04:11.0015 0800 ManyCam - ok

18:04:12.0140 0800 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys

18:04:12.0140 0800 MarvinBus - ok

18:04:12.0187 0800 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

18:04:12.0187 0800 MBAMProtector - ok

18:04:12.0265 0800 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

18:04:12.0281 0800 MBAMService - ok

18:04:12.0437 0800 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

18:04:12.0437 0800 mdmxsdk - ok

18:04:12.0515 0800 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

18:04:12.0515 0800 Messenger - ok

18:04:12.0593 0800 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:04:12.0625 0800 mnmdd - ok

18:04:12.0890 0800 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

18:04:12.0890 0800 mnmsrvc - ok

18:04:13.0390 0800 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

18:04:13.0390 0800 Modem - ok

18:04:13.0453 0800 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:04:13.0453 0800 Mouclass - ok

18:04:13.0578 0800 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:04:13.0578 0800 MountMgr - ok

18:04:13.0734 0800 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

18:04:13.0750 0800 MPE - ok

18:04:13.0890 0800 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

18:04:13.0890 0800 MpFilter - ok

18:04:13.0937 0800 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

18:04:13.0953 0800 mraid35x - ok

18:04:14.0000 0800 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:04:14.0031 0800 MRxDAV - ok

18:04:14.0203 0800 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:04:14.0218 0800 MRxSmb - ok

18:04:14.0343 0800 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

18:04:14.0343 0800 MSDTC - ok

18:04:14.0359 0800 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:04:14.0359 0800 Msfs - ok

18:04:14.0375 0800 MSIServer - ok

18:04:14.0437 0800 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:04:14.0437 0800 MSKSSRV - ok

18:04:14.0500 0800 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:04:14.0500 0800 MSPCLOCK - ok

18:04:14.0546 0800 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:04:14.0546 0800 MSPQM - ok

18:04:14.0671 0800 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:04:14.0671 0800 mssmbios - ok

18:04:14.0796 0800 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

18:04:14.0796 0800 MSTEE - ok

18:04:15.0093 0800 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

18:04:15.0125 0800 Mup - ok

18:04:15.0453 0800 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

18:04:15.0484 0800 NABTSFEC - ok

18:04:16.0328 0800 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

18:04:16.0453 0800 napagent - ok

18:04:16.0656 0800 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:04:16.0703 0800 NDIS - ok

18:04:16.0781 0800 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

18:04:16.0781 0800 NdisIP - ok

18:04:16.0953 0800 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:04:16.0953 0800 NdisTapi - ok

18:04:16.0968 0800 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:04:16.0968 0800 Ndisuio - ok

18:04:17.0000 0800 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:04:17.0000 0800 NdisWan - ok

18:04:17.0218 0800 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

18:04:17.0218 0800 NDProxy - ok

18:04:17.0468 0800 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll

18:04:17.0468 0800 Net Driver HPZ12 - ok

18:04:17.0687 0800 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:04:17.0687 0800 NetBIOS - ok

18:04:18.0125 0800 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:04:18.0328 0800 NetBT - ok

18:04:18.0562 0800 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

18:04:18.0562 0800 NetDDE - ok

18:04:18.0562 0800 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

18:04:18.0578 0800 NetDDEdsdm - ok

18:04:18.0781 0800 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:04:18.0796 0800 Netlogon - ok

18:04:19.0000 0800 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

18:04:19.0000 0800 Netman - ok

18:04:19.0296 0800 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:04:19.0312 0800 NetTcpPortSharing - ok

18:04:19.0765 0800 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

18:04:19.0812 0800 NIC1394 - ok

18:04:20.0500 0800 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

18:04:20.0500 0800 Nla - ok

18:04:22.0265 0800 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

18:04:22.0500 0800 nmservice - ok

18:04:22.0734 0800 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:04:22.0750 0800 Npfs - ok

18:04:22.0750 0800 nqjuhdju - ok

18:04:22.0812 0800 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:04:22.0828 0800 Ntfs - ok

18:04:22.0984 0800 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:04:22.0984 0800 NtLmSsp - ok

18:04:23.0218 0800 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

18:04:23.0265 0800 NtmsSvc - ok

18:04:23.0328 0800 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:04:23.0343 0800 Null - ok

18:04:24.0109 0800 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

18:04:24.0265 0800 nv - ok

18:04:24.0406 0800 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:04:24.0421 0800 NwlnkFlt - ok

18:04:24.0484 0800 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:04:24.0484 0800 NwlnkFwd - ok

18:04:25.0203 0800 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

18:04:25.0218 0800 odserv - ok

18:04:25.0265 0800 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

18:04:25.0265 0800 ohci1394 - ok

18:04:25.0328 0800 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:04:25.0343 0800 ose - ok

18:04:25.0343 0800 otvwtogq - ok

18:04:25.0406 0800 ovt519 (4cdadec3dc1300ee1d313ea5494e6472) C:\WINDOWS\system32\Drivers\ov519vid.sys

18:04:25.0406 0800 ovt519 - ok

18:04:25.0468 0800 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

18:04:25.0468 0800 Parport - ok

18:04:25.0468 0800 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:04:25.0484 0800 PartMgr - ok

18:04:25.0546 0800 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

18:04:25.0546 0800 ParVdm - ok

18:04:25.0640 0800 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

18:04:25.0640 0800 PCI - ok

18:04:25.0656 0800 PCIDump - ok

18:04:25.0843 0800 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:04:25.0843 0800 PCIIde - ok

18:04:26.0031 0800 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

18:04:26.0031 0800 Pcmcia - ok

18:04:26.0046 0800 PDCOMP - ok

18:04:26.0062 0800 PDFRAME - ok

18:04:26.0062 0800 PDRELI - ok

18:04:26.0078 0800 PDRFRAME - ok

18:04:26.0109 0800 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

18:04:26.0109 0800 perc2 - ok

18:04:26.0140 0800 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

18:04:26.0140 0800 perc2hib - ok

18:04:26.0171 0800 pljvprgz - ok

18:04:26.0265 0800 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

18:04:26.0265 0800 PlugPlay - ok

18:04:26.0312 0800 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll

18:04:26.0328 0800 Pml Driver HPZ12 - ok

18:04:26.0359 0800 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys

18:04:26.0359 0800 pnarp - ok

18:04:26.0375 0800 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:04:26.0375 0800 PolicyAgent - ok

18:04:26.0421 0800 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:04:26.0421 0800 PptpMiniport - ok

18:04:26.0437 0800 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:04:26.0437 0800 ProtectedStorage - ok

18:04:26.0437 0800 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:04:26.0453 0800 PSched - ok

18:04:26.0484 0800 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:04:26.0484 0800 Ptilink - ok

18:04:26.0500 0800 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys

18:04:26.0500 0800 purendis - ok

18:04:26.0546 0800 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys

18:04:26.0562 0800 PxHelp20 - ok

18:04:26.0609 0800 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

18:04:26.0671 0800 ql1080 - ok

18:04:27.0031 0800 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

18:04:27.0078 0800 Ql10wnt - ok

18:04:27.0296 0800 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

18:04:27.0312 0800 ql12160 - ok

18:04:27.0453 0800 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

18:04:27.0453 0800 ql1240 - ok

18:04:27.0500 0800 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

18:04:27.0500 0800 ql1280 - ok

18:04:27.0515 0800 qlsgyfda - ok

18:04:27.0515 0800 qvikqtje - ok

18:04:27.0578 0800 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:04:27.0578 0800 RasAcd - ok

18:04:27.0859 0800 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

18:04:27.0953 0800 RasAuto - ok

18:04:28.0312 0800 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:04:28.0312 0800 Rasl2tp - ok

18:04:28.0562 0800 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

18:04:28.0562 0800 RasMan - ok

18:04:28.0578 0800 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:04:28.0578 0800 RasPppoe - ok

18:04:28.0593 0800 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:04:28.0593 0800 Raspti - ok

18:04:29.0046 0800 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:04:29.0062 0800 Rdbss - ok

18:04:29.0109 0800 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:04:29.0140 0800 RDPCDD - ok

18:04:29.0281 0800 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:04:29.0281 0800 rdpdr - ok

18:04:29.0515 0800 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

18:04:29.0531 0800 RDPWD - ok

18:04:29.0734 0800 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

18:04:29.0734 0800 RDSessMgr - ok

18:04:29.0921 0800 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:04:29.0921 0800 redbook - ok

18:04:30.0093 0800 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

18:04:30.0093 0800 RemoteAccess - ok

18:04:30.0265 0800 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

18:04:30.0265 0800 rimmptsk - ok

18:04:30.0296 0800 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

18:04:30.0296 0800 rimsptsk - ok

18:04:30.0359 0800 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

18:04:30.0359 0800 rismxdp - ok

18:04:30.0468 0800 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

18:04:30.0484 0800 RpcLocator - ok

18:04:30.0859 0800 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

18:04:30.0859 0800 RpcSs - ok

18:04:30.0953 0800 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

18:04:30.0984 0800 RSVP - ok

18:04:31.0093 0800 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:04:31.0093 0800 SamSs - ok

18:04:31.0203 0800 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys

18:04:31.0203 0800 ScanUSBEMPIA - ok

18:04:31.0312 0800 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

18:04:31.0328 0800 SCardSvr - ok

18:04:31.0562 0800 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

18:04:31.0562 0800 Schedule - ok

18:04:31.0796 0800 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

18:04:31.0921 0800 sdbus - ok

18:04:32.0015 0800 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:04:32.0078 0800 Secdrv - ok

18:04:32.0109 0800 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

18:04:32.0109 0800 seclogon - ok

18:04:32.0140 0800 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

18:04:32.0140 0800 SENS - ok

18:04:32.0328 0800 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

18:04:32.0328 0800 serenum - ok

18:04:32.0468 0800 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

18:04:32.0468 0800 Serial - ok

18:04:32.0531 0800 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

18:04:32.0531 0800 sffdisk - ok

18:04:32.0562 0800 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

18:04:32.0562 0800 sffp_sd - ok

18:04:32.0656 0800 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:04:32.0671 0800 Sfloppy - ok

18:04:33.0015 0800 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:04:33.0015 0800 ShellHWDetection - ok

18:04:33.0031 0800 Simbad - ok

18:04:33.0218 0800 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

18:04:33.0218 0800 sisagp - ok

18:04:33.0234 0800 skkbnvwa - ok

18:04:33.0375 0800 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

18:04:33.0390 0800 SLIP - ok

18:04:33.0562 0800 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

18:04:33.0562 0800 Sparrow - ok

18:04:33.0593 0800 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:04:33.0593 0800 splitter - ok

18:04:33.0750 0800 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

18:04:33.0750 0800 Spooler - ok

18:04:33.0796 0800 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

18:04:33.0796 0800 sr - ok

18:04:34.0093 0800 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

18:04:34.0140 0800 srservice - ok

18:04:34.0390 0800 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

18:04:34.0437 0800 Srv - ok

18:04:34.0546 0800 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

18:04:34.0546 0800 SSDPSRV - ok

18:04:34.0843 0800 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\WINDOWS\system32\STacSV.exe

18:04:34.0859 0800 STacSV - ok

18:04:35.0140 0800 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys

18:04:35.0140 0800 STHDA - ok

18:04:35.0421 0800 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

18:04:35.0578 0800 stisvc - ok

18:04:36.0046 0800 stllssvr (7489520e98a119b5a9a00857f4f87d16) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

18:04:36.0062 0800 stllssvr - ok

18:04:36.0328 0800 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

18:04:36.0328 0800 streamip - ok

18:04:36.0390 0800 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:04:36.0390 0800 swenum - ok

18:04:36.0421 0800 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:04:36.0421 0800 swmidi - ok

18:04:36.0421 0800 SwPrv - ok

18:04:36.0500 0800 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

18:04:36.0500 0800 symc810 - ok

18:04:36.0546 0800 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

18:04:36.0546 0800 symc8xx - ok

18:04:36.0562 0800 SymIM - ok

18:04:36.0578 0800 SymIMMP - ok

18:04:36.0656 0800 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

18:04:36.0671 0800 sym_hi - ok

18:04:36.0703 0800 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

18:04:36.0703 0800 sym_u3 - ok

18:04:36.0859 0800 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:04:36.0859 0800 sysaudio - ok

18:04:36.0921 0800 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

18:04:36.0921 0800 SysmonLog - ok

18:04:37.0109 0800 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

18:04:37.0109 0800 TapiSrv - ok

18:04:37.0218 0800 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:04:37.0218 0800 Tcpip - ok

18:04:37.0281 0800 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:04:37.0281 0800 TDPIPE - ok

18:04:37.0359 0800 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:04:37.0359 0800 TDTCP - ok

18:04:37.0375 0800 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:04:37.0375 0800 TermDD - ok

18:04:37.0781 0800 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

18:04:37.0812 0800 TermService - ok

18:04:38.0062 0800 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:04:38.0062 0800 Themes - ok

18:04:38.0140 0800 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

18:04:38.0140 0800 TosIde - ok

18:04:38.0312 0800 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

18:04:38.0328 0800 TrkWks - ok

18:04:38.0531 0800 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:04:38.0609 0800 Udfs - ok

18:04:38.0890 0800 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

18:04:38.0890 0800 ultra - ok

18:04:39.0000 0800 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:04:39.0015 0800 Update - ok

18:04:39.0093 0800 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

18:04:39.0093 0800 upnphost - ok

18:04:39.0140 0800 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

18:04:39.0140 0800 UPS - ok

18:04:39.0250 0800 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

18:04:39.0265 0800 usbaudio - ok

18:04:39.0343 0800 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:04:39.0343 0800 usbccgp - ok

18:04:39.0484 0800 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:04:39.0484 0800 usbehci - ok

18:04:39.0562 0800 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:04:39.0578 0800 usbhub - ok

18:04:39.0718 0800 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

18:04:39.0718 0800 usbprint - ok

18:04:39.0812 0800 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:04:39.0812 0800 usbscan - ok

18:04:39.0828 0800 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:04:39.0828 0800 USBSTOR - ok

18:04:39.0968 0800 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:04:39.0968 0800 usbuhci - ok

18:04:40.0250 0800 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:04:40.0250 0800 VgaSave - ok

18:04:40.0312 0800 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

18:04:40.0312 0800 viaagp - ok

18:04:40.0390 0800 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

18:04:40.0437 0800 ViaIde - ok

18:04:40.0593 0800 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

18:04:40.0593 0800 VolSnap - ok

18:04:40.0796 0800 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

18:04:40.0812 0800 VSS - ok

18:04:40.0859 0800 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

18:04:40.0875 0800 w32time - ok

18:04:40.0968 0800 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:04:40.0968 0800 Wanarp - ok

18:04:41.0109 0800 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

18:04:41.0109 0800 wanatw - ok

18:04:41.0265 0800 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

18:04:41.0265 0800 Wdf01000 - ok

18:04:41.0281 0800 WDICA - ok

18:04:41.0562 0800 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:04:41.0562 0800 wdmaud - ok

18:04:41.0859 0800 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

18:04:42.0000 0800 WebClient - ok

18:04:42.0265 0800 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

18:04:42.0281 0800 winachsf - ok

18:04:42.0390 0800 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

18:04:42.0390 0800 winmgmt - ok

18:04:42.0406 0800 wltrysvc - ok

18:04:42.0546 0800 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

18:04:42.0562 0800 WmdmPmSN - ok

18:04:42.0609 0800 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

18:04:42.0609 0800 WmiAcpi - ok

18:04:43.0093 0800 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

18:04:43.0093 0800 WmiApSrv - ok

18:04:43.0359 0800 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

18:04:43.0375 0800 WMPNetworkSvc - ok

18:04:43.0437 0800 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

18:04:43.0437 0800 WS2IFSL - ok

18:04:43.0546 0800 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

18:04:43.0562 0800 wscsvc - ok

18:04:43.0687 0800 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

18:04:43.0703 0800 WSTCODEC - ok

18:04:43.0765 0800 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

18:04:43.0765 0800 wuauserv - ok

18:04:43.0843 0800 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

18:04:43.0843 0800 WudfPf - ok

18:04:43.0906 0800 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

18:04:43.0906 0800 WudfRd - ok

18:04:44.0015 0800 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

18:04:44.0031 0800 WudfSvc - ok

18:04:44.0125 0800 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

18:04:44.0140 0800 WZCSVC - ok

18:04:44.0203 0800 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

18:04:44.0218 0800 xmlprov - ok

18:04:44.0281 0800 yukonwxp (67331fd053f97a874a60374be6b59523) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

18:04:44.0296 0800 yukonwxp - ok

18:04:44.0312 0800 zbuqofzb - ok

18:04:44.0359 0800 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0

18:04:44.0390 0800 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

18:04:44.0390 0800 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

18:04:44.0437 0800 Boot (0x1200) (3d29cc69c87f8d467699318942ce0f3f) \Device\Harddisk0\DR0\Partition0

18:04:44.0437 0800 \Device\Harddisk0\DR0\Partition0 - ok

18:04:44.0453 0800 ============================================================

18:04:44.0453 0800 Scan finished

18:04:44.0453 0800 ============================================================

18:04:44.0468 2268 Detected object count: 1

18:04:44.0468 2268 Actual detected object count: 1

18:05:09.0765 2268 \Device\Harddisk0\DR0\# - copied to quarantine

18:05:09.0765 2268 \Device\Harddisk0\DR0 - copied to quarantine

18:05:09.0812 2268 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

18:05:09.0859 2268 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

18:05:09.0859 2268 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

18:05:09.0859 2268 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

18:05:09.0875 2268 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

18:05:09.0890 2268 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

18:05:09.0890 2268 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

18:05:09.0890 2268 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

18:05:09.0890 2268 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

18:05:09.0890 2268 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

18:05:09.0906 2268 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

18:05:09.0906 2268 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

18:05:09.0921 2268 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

18:05:10.0000 2268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

18:05:10.0015 2268 \Device\Harddisk0\DR0 - ok

18:05:10.0015 2268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

18:06:07.0687 2052 Deinitialize success

Link to post
Share on other sites

aswMBR said that it could use Avast! Free Antivirus for better detection results and then asked me if I would like to download the lastest Avast! virus definitions. Would I have to download Avast! first and then download it's definitions by clicking on the "Yes" button, or does "definitions" mean downloading the program?

Also, I know that sometimes antivirus programs "fight" each other. Would downloading Avast! interfere with MBAM or any other processes that we are using? Rather, should I download Avast! before running aswMBR?

Sorry if any of these questions seem dumb, I just don't want to mess anything up.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.