Chanta153 #1 Posted July 31, 2012 .DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 8.0.6001.18702Run by colton at 22:07:34 on 2012-07-30.============== Running Processes ===============..============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uInternet Settings,ProxyOverride = *.localuURLSearchHooks: H - No FileuURLSearchHooks: H - No FileuURLSearchHooks: H - No FileuURLSearchHooks: H - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No FileBHO: {687578b9-7132-4a7a-80e4-30ee31099e03} - No FileBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - c:\progra~1\winzip~1\wzwmcie.dllBHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Ask Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - Ask ToolbarBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: SMTTB2009: {fcbccb87-9224-4b8d-b117-f56d924beb18} - SMTTB2009 ClassTB: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No FileTB: Hyperionics DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} -TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -TB: {687578b9-7132-4a7a-80e4-30ee31099e03} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [Google Update] "c:\documents and settings\colton\local settings\application data\google\update\GoogleUpdate.exe" /cmRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -loginmRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquietmRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -hmRun: [iTunesHelper] "d:\games\iTunesHelper.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraydRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tIE: Free YouTube to iPod Converter - c:\documents and settings\colton\application data\dvdvideosoftiehelpers\freeyoutubetoipodconverter.htmIE: Free YouTube to MP3 Converter - c:\documents and settings\colton\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htmIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllLSP: mswsock.dllDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341537885859DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cabDPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cabDPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cabTCP: DhcpNameServer = 192.168.2.1TCP: Interfaces\{0DF223A0-5DC9-408B-99EA-52921A497DDD} : DhcpNameServer = 192.168.2.1Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLAppInit_DLLs: c:\windows\system32\guard32.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.============= SERVICES / DRIVERS ===============..=============== Created Last 30 ================.2012-07-31 04:48:06 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4889875b-f10e-4a6b-8922-e76a4a2b821a}\offreg.dll2012-07-31 04:48:06 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4889875b-f10e-4a6b-8922-e76a4a2b821a}\MpKsl111059d0.sys2012-07-31 04:20:56 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4889875b-f10e-4a6b-8922-e76a4a2b821a}\mpengine.dll2012-07-31 00:44:19 -------- d-----w- c:\documents and settings\colton\application data\Malwarebytes2012-07-31 00:44:04 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2012-07-31 00:44:02 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-07-31 00:44:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-07-30 02:18:28 -------- d-----w- c:\program files\TeamSpeak 3 Client2012-07-30 00:16:30 6891424 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll2012-07-18 20:30:19 -------- d-----w- c:\program files\EndlessOnline2012-07-17 00:05:05 -------- d-----w- c:\documents and settings\colton\application data\GetRightToGo2012-07-12 02:15:37 -------- d-----w- c:\program files\Microsoft Security Client2012-07-11 06:06:40 653745 ----a-w- c:\windows\system32\drivers\sfi.dat2012-07-11 06:02:33 -------- d-----w- c:\documents and settings\all users\application data\CPA_VA2012-07-11 05:59:55 348160 ----a-w- c:\windows\system32\msvcr71.dll2012-07-11 05:59:55 1700352 ----a-w- c:\windows\system32\gdiplus.dll2012-07-11 05:59:55 1060864 ----a-w- c:\windows\system32\mfc71.dll2012-07-11 05:46:09 -------- d-----w- c:\documents and settings\all users\application data\MFAData2012-07-06 21:53:48 -------- d-----w- c:\documents and settings\colton\local settings\application data\Skyrim2012-07-01 20:23:39 -------- d-----w- c:\program files\ATITool2012-07-01 20:10:35 -------- d-----w- c:\program files\IObit2012-07-01 20:10:35 -------- d-----w- c:\documents and settings\all users\application data\IObit.==================== Find3M ====================.2012-07-30 00:52:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-07-30 00:52:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-07-13 00:13:40 405144 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll2012-07-05 18:38:13 138992 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys2012-07-05 18:38:02 281288 ----a-w- c:\windows\system32\PnkBstrB.xtr2012-07-05 18:38:02 281288 ----a-w- c:\windows\system32\PnkBstrB.exe2012-07-05 08:14:29 281288 ----a-w- c:\windows\system32\PnkBstrB.ex02012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll2012-06-05 00:35:26 222448 ----a-w- c:\windows\system32\muweb.dll2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui2012-06-02 20:40:17 138904 ----a-w- c:\documents and settings\colton\application data\PnkBstrK.sys2012-06-02 20:39:57 76888 ----a-w- c:\windows\system32\PnkBstrA.exe2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll2012-05-26 14:49:58 21840 ----atw- c:\windows\system32\SIntfNT.dll2012-05-26 14:49:58 17212 ----atw- c:\windows\system32\SIntf32.dll2012-05-26 14:49:58 12067 ----atw- c:\windows\system32\SIntf16.dll2012-05-23 22:28:07 319488 ----a-w- c:\windows\HideWin.exe2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys2008-03-09 14:25:10 236 ----a-w- c:\program files\common files\dx.reg.============= FINISH: 22:09:12.23 ===============attach.zip Share this post Link to post Share on other sites
Maniac #2 Posted July 31, 2012 Hello Chanta153! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.BACKDOOR WARNINGOne or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:Help: I Got Hacked. Now What Do I Do?Help: I Got Hacked. Now What Do I Do? Part IIHow Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.Step 1Please uninstall the following applications:µTorrentAsk ToolbarStep 2Download the latest version of TDSSKiller from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.Click the Start Scan button.If a suspicious object is detected, the default action will be Skip, click on Continue.If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.Step 3Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.In your next reply, post the following log files:TDSSKiller logMalwarebytes' Anti-Malware log Share this post Link to post Share on other sites
Chanta153 #3 Posted July 31, 2012 Thanks for the reply maniac, i appriecate the help. i unistalled utorrent and Ask toolbar, used the TDSS Killer... One more thing ive been noticing is that my firewall (Comodo firewall) has been randomly say a message reading Opps! you found an error and comodo Firewall needs to close... but it never closes and i cant accually send the report.... And malwarebytes Anti-Malware has been blocking randon ip's from website claiming there malicous is this normal? (Here are the logs)(TTDS First)------------------------------------------------------------12:34:50.0718 2928 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:3212:34:51.0015 2928 ============================================================12:34:51.0015 2928 Current date / time: 2012/07/31 12:34:51.001512:34:51.0015 2928 SystemInfo:12:34:51.0015 2928 12:34:51.0015 2928 OS Version: 5.1.2600 ServicePack: 3.012:34:51.0015 2928 Product type: Workstation12:34:51.0015 2928 ComputerName: COLTON-68A0AE4912:34:51.0015 2928 UserName: colton12:34:51.0015 2928 Windows directory: C:\WINDOWS12:34:51.0015 2928 System windows directory: C:\WINDOWS12:34:51.0015 2928 Processor architecture: Intel x8612:34:51.0015 2928 Number of processors: 212:34:51.0015 2928 Page size: 0x100012:34:51.0015 2928 Boot type: Normal boot12:34:51.0015 2928 ============================================================12:34:52.0218 2928 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005812:34:52.0296 2928 Drive \Device\Harddisk1\DR3 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'12:34:52.0296 2928 ============================================================12:34:52.0296 2928 \Device\Harddisk0\DR0:12:34:52.0296 2928 MBR partitions:12:34:52.0296 2928 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC7FF53F12:34:52.0312 2928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC7FF5BD, BlocksNum 0x109C4FC412:34:52.0312 2928 \Device\Harddisk1\DR3:12:34:52.0312 2928 MBR partitions:12:34:52.0312 2928 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x12A18A8212:34:52.0312 2928 ============================================================12:34:52.0312 2928 F: <-> \Device\Harddisk1\DR3\Partition012:34:52.0343 2928 C: <-> \Device\Harddisk0\DR0\Partition012:34:52.0390 2928 L: <-> \Device\Harddisk0\DR0\Partition112:34:52.0390 2928 ============================================================12:34:52.0390 2928 Initialize success12:34:52.0390 2928 ============================================================12:35:05.0468 2596 ============================================================12:35:05.0468 2596 Scan started12:35:05.0468 2596 Mode: Manual;12:35:05.0468 2596 ============================================================12:35:05.0593 2596 Abiosdsk - ok12:35:05.0593 2596 abp480n5 - ok12:35:05.0640 2596 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys12:35:05.0640 2596 ACPI - ok12:35:05.0671 2596 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys12:35:05.0671 2596 ACPIEC - ok12:35:05.0734 2596 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe12:35:05.0734 2596 AdobeFlashPlayerUpdateSvc - ok12:35:05.0750 2596 adpu160m - ok12:35:05.0781 2596 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys12:35:05.0781 2596 aec - ok12:35:05.0812 2596 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys12:35:05.0812 2596 AFD - ok12:35:05.0828 2596 Aha154x - ok12:35:05.0828 2596 aic78u2 - ok12:35:05.0828 2596 aic78xx - ok12:35:05.0859 2596 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll12:35:05.0859 2596 Alerter - ok12:35:05.0875 2596 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe12:35:05.0875 2596 ALG - ok12:35:05.0875 2596 AliIde - ok12:35:05.0968 2596 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys12:35:06.0015 2596 Ambfilt - ok12:35:06.0078 2596 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys12:35:06.0078 2596 AmdPPM - ok12:35:06.0078 2596 amsint - ok12:35:06.0140 2596 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe12:35:06.0156 2596 Apple Mobile Device - ok12:35:06.0187 2596 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll12:35:06.0187 2596 AppMgmt - ok12:35:06.0187 2596 asc - ok12:35:06.0187 2596 asc3350p - ok12:35:06.0187 2596 asc3550 - ok12:35:06.0218 2596 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\WINDOWS\system32\drivers\AsIO.sys12:35:06.0218 2596 AsIO - ok12:35:06.0328 2596 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe12:35:06.0359 2596 aspnet_state - ok12:35:06.0375 2596 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys12:35:06.0375 2596 AsyncMac - ok12:35:06.0406 2596 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys12:35:06.0406 2596 atapi - ok12:35:06.0406 2596 Atdisk - ok12:35:06.0421 2596 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\WINDOWS\system32\DRIVERS\ATITool.sys12:35:06.0421 2596 ATITool - ok12:35:06.0437 2596 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys12:35:06.0437 2596 Atmarpc - ok12:35:06.0468 2596 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll12:35:06.0468 2596 AudioSrv - ok12:35:06.0515 2596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys12:35:06.0515 2596 audstub - ok12:35:06.0546 2596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys12:35:06.0546 2596 Beep - ok12:35:06.0562 2596 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys12:35:06.0578 2596 BIOS - ok12:35:06.0656 2596 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll12:35:06.0687 2596 BITS - ok12:35:06.0750 2596 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe12:35:06.0750 2596 Bonjour Service - ok12:35:06.0796 2596 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys12:35:06.0796 2596 Bridge - ok12:35:06.0796 2596 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys12:35:06.0796 2596 BridgeMP - ok12:35:06.0828 2596 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll12:35:06.0828 2596 Browser - ok12:35:06.0859 2596 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys12:35:06.0859 2596 BrScnUsb - ok12:35:06.0890 2596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys12:35:06.0890 2596 cbidf2k - ok12:35:06.0906 2596 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys12:35:06.0906 2596 CCDECODE - ok12:35:06.0906 2596 cd20xrnt - ok12:35:06.0937 2596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys12:35:06.0937 2596 Cdaudio - ok12:35:06.0953 2596 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys12:35:06.0953 2596 Cdfs - ok12:35:06.0953 2596 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys12:35:06.0953 2596 Cdrom - ok12:35:06.0953 2596 Changer - ok12:35:07.0000 2596 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe12:35:07.0000 2596 CiSvc - ok12:35:07.0015 2596 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe12:35:07.0015 2596 ClipSrv - ok12:35:07.0109 2596 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe12:35:07.0156 2596 clr_optimization_v2.0.50727_32 - ok12:35:07.0234 2596 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe12:35:07.0234 2596 clr_optimization_v4.0.30319_32 - ok12:35:07.0406 2596 cmdAgent (907324001ae25ac5959c91eaa34cabae) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe12:35:07.0406 2596 cmdAgent - ok12:35:07.0515 2596 cmdGuard (bee235831f8e3f0baaca18b39d285cf5) C:\WINDOWS\system32\DRIVERS\cmdguard.sys12:35:07.0593 2596 cmdGuard - ok12:35:07.0640 2596 cmdHlp (de548946f36cab62fec2e6aa0149a619) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys12:35:07.0671 2596 cmdHlp - ok12:35:07.0671 2596 CmdIde - ok12:35:07.0687 2596 COMSysApp - ok12:35:07.0687 2596 Cpqarray - ok12:35:07.0718 2596 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll12:35:07.0718 2596 CryptSvc - ok12:35:07.0718 2596 dac2w2k - ok12:35:07.0734 2596 dac960nt - ok12:35:07.0781 2596 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll12:35:07.0781 2596 DcomLaunch - ok12:35:07.0812 2596 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll12:35:07.0828 2596 Dhcp - ok12:35:07.0828 2596 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys12:35:07.0828 2596 Disk - ok12:35:07.0828 2596 dmadmin - ok12:35:07.0875 2596 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys12:35:07.0890 2596 dmboot - ok12:35:07.0906 2596 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys12:35:07.0906 2596 dmio - ok12:35:07.0921 2596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys12:35:07.0921 2596 dmload - ok12:35:07.0953 2596 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll12:35:07.0953 2596 dmserver - ok12:35:07.0953 2596 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys12:35:07.0953 2596 DMusic - ok12:35:08.0000 2596 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll12:35:08.0000 2596 Dnscache - ok12:35:08.0031 2596 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll12:35:08.0031 2596 Dot3svc - ok12:35:08.0031 2596 dpti2o - ok12:35:08.0062 2596 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys12:35:08.0062 2596 drmkaud - ok12:35:08.0062 2596 EagleNT - ok12:35:08.0078 2596 EagleXNt - ok12:35:08.0093 2596 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll12:35:08.0093 2596 EapHost - ok12:35:08.0125 2596 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll12:35:08.0125 2596 ERSvc - ok12:35:08.0156 2596 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe12:35:08.0156 2596 Eventlog - ok12:35:08.0203 2596 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll12:35:08.0203 2596 EventSystem - ok12:35:08.0218 2596 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys12:35:08.0218 2596 Fastfat - ok12:35:08.0265 2596 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll12:35:08.0265 2596 FastUserSwitchingCompatibility - ok12:35:08.0281 2596 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys12:35:08.0281 2596 Fdc - ok12:35:08.0312 2596 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys12:35:08.0312 2596 Fips - ok12:35:08.0312 2596 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys12:35:08.0312 2596 Flpydisk - ok12:35:08.0328 2596 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys12:35:08.0328 2596 FltMgr - ok12:35:08.0437 2596 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe12:35:08.0437 2596 FontCache3.0.0.0 - ok12:35:08.0468 2596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys12:35:08.0468 2596 Fs_Rec - ok12:35:08.0468 2596 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys12:35:08.0484 2596 Ftdisk - ok12:35:08.0515 2596 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys12:35:08.0515 2596 GEARAspiWDM - ok12:35:08.0546 2596 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys12:35:08.0546 2596 Gpc - ok12:35:08.0578 2596 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys12:35:08.0578 2596 HDAudBus - ok12:35:08.0656 2596 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll12:35:08.0656 2596 helpsvc - ok12:35:08.0671 2596 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll12:35:08.0671 2596 HidServ - ok12:35:08.0703 2596 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys12:35:08.0703 2596 hidusb - ok12:35:08.0734 2596 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll12:35:08.0734 2596 hkmsvc - ok12:35:08.0734 2596 hpn - ok12:35:08.0765 2596 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys12:35:08.0781 2596 HTTP - ok12:35:08.0796 2596 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll12:35:08.0812 2596 HTTPFilter - ok12:35:08.0812 2596 i2omgmt - ok12:35:08.0812 2596 i2omp - ok12:35:08.0843 2596 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys12:35:08.0843 2596 i8042prt - ok12:35:08.0906 2596 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe12:35:08.0921 2596 IDriverT - ok12:35:08.0984 2596 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe12:35:09.0031 2596 idsvc - ok12:35:09.0046 2596 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys12:35:09.0046 2596 Imapi - ok12:35:09.0078 2596 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe12:35:09.0078 2596 ImapiService - ok12:35:09.0078 2596 ini910u - ok12:35:09.0125 2596 Inspect (f89849cf13805ef49da64a8a63193af7) C:\WINDOWS\system32\DRIVERS\inspect.sys12:35:09.0187 2596 Inspect - ok12:35:09.0406 2596 IntcAzAudAddService (a799e941c3d19bcf6f93cbe12b55bc17) C:\WINDOWS\system32\drivers\RtkHDAud.sys12:35:09.0421 2596 IntcAzAudAddService - ok12:35:09.0484 2596 IntelIde - ok12:35:09.0515 2596 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys12:35:09.0515 2596 Ip6Fw - ok12:35:09.0531 2596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys12:35:09.0531 2596 IpFilterDriver - ok12:35:09.0546 2596 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys12:35:09.0546 2596 IpInIp - ok12:35:09.0578 2596 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys12:35:09.0578 2596 IpNat - ok12:35:09.0703 2596 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe12:35:09.0718 2596 iPod Service - ok12:35:09.0734 2596 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys12:35:09.0734 2596 IPSec - ok12:35:09.0750 2596 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys12:35:09.0750 2596 IRENUM - ok12:35:09.0781 2596 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys12:35:09.0781 2596 isapnp - ok12:35:09.0828 2596 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe12:35:09.0828 2596 JavaQuickStarterService - ok12:35:09.0875 2596 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys12:35:09.0875 2596 Kbdclass - ok12:35:09.0875 2596 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys12:35:09.0875 2596 kbdhid - ok12:35:09.0890 2596 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys12:35:09.0890 2596 kmixer - ok12:35:09.0937 2596 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys12:35:09.0937 2596 KMWDFILTER - ok12:35:09.0968 2596 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys12:35:09.0968 2596 KSecDD - ok12:35:10.0000 2596 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll12:35:10.0000 2596 lanmanserver - ok12:35:10.0046 2596 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll12:35:10.0046 2596 lanmanworkstation - ok12:35:10.0046 2596 lbrtfdc - ok12:35:10.0093 2596 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll12:35:10.0093 2596 LmHosts - ok12:35:10.0125 2596 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys12:35:10.0125 2596 MBAMProtector - ok12:35:10.0171 2596 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe12:35:10.0171 2596 MBAMService - ok12:35:10.0187 2596 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll12:35:10.0187 2596 Messenger - ok12:35:10.0218 2596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys12:35:10.0218 2596 mnmdd - ok12:35:10.0250 2596 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe12:35:10.0265 2596 mnmsrvc - ok12:35:10.0281 2596 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys12:35:10.0281 2596 Modem - ok12:35:10.0343 2596 monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\monfilt.sys12:35:10.0375 2596 monfilt - ok12:35:10.0390 2596 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys12:35:10.0390 2596 Mouclass - ok12:35:10.0421 2596 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys12:35:10.0421 2596 mouhid - ok12:35:10.0453 2596 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys12:35:10.0453 2596 MountMgr - ok12:35:10.0484 2596 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys12:35:10.0500 2596 MpFilter - ok12:35:10.0562 2596 MpKslf6cb42fe (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9203D9E2-B2B7-48C5-91EF-65217EECE86E}\MpKslf6cb42fe.sys12:35:10.0562 2596 MpKslf6cb42fe - ok12:35:10.0578 2596 mraid35x - ok12:35:10.0593 2596 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys12:35:10.0593 2596 MRxDAV - ok12:35:10.0640 2596 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys12:35:10.0640 2596 MRxSmb - ok12:35:10.0687 2596 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe12:35:10.0687 2596 MSDTC - ok12:35:10.0703 2596 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys12:35:10.0703 2596 Msfs - ok12:35:10.0703 2596 MSIServer - ok12:35:10.0718 2596 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys12:35:10.0718 2596 MSKSSRV - ok12:35:10.0796 2596 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe12:35:10.0796 2596 MsMpSvc - ok12:35:10.0796 2596 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys12:35:10.0796 2596 MSPCLOCK - ok12:35:10.0812 2596 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys12:35:10.0812 2596 MSPQM - ok12:35:10.0812 2596 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys12:35:10.0812 2596 mssmbios - ok12:35:10.0843 2596 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys12:35:10.0843 2596 MSTEE - ok12:35:10.0890 2596 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys12:35:10.0890 2596 MTsensor - ok12:35:10.0921 2596 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys12:35:10.0921 2596 Mup - ok12:35:10.0953 2596 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys12:35:10.0953 2596 NABTSFEC - ok12:35:11.0000 2596 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll12:35:11.0000 2596 napagent - ok12:35:11.0031 2596 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys12:35:11.0031 2596 NDIS - ok12:35:11.0062 2596 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys12:35:11.0062 2596 NdisIP - ok12:35:11.0093 2596 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys12:35:11.0093 2596 NdisTapi - ok12:35:11.0109 2596 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys12:35:11.0109 2596 Ndisuio - ok12:35:11.0109 2596 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys12:35:11.0109 2596 NdisWan - ok12:35:11.0156 2596 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys12:35:11.0156 2596 NDProxy - ok12:35:11.0171 2596 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys12:35:11.0171 2596 NetBIOS - ok12:35:11.0171 2596 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys12:35:11.0187 2596 NetBT - ok12:35:11.0203 2596 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe12:35:11.0218 2596 NetDDE - ok12:35:11.0218 2596 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe12:35:11.0218 2596 NetDDEdsdm - ok12:35:11.0218 2596 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe12:35:11.0218 2596 Netlogon - ok12:35:11.0250 2596 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll12:35:11.0250 2596 Netman - ok12:35:11.0328 2596 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe12:35:11.0328 2596 NetTcpPortSharing - ok12:35:11.0375 2596 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll12:35:11.0375 2596 Nla - ok12:35:11.0406 2596 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys12:35:11.0406 2596 Npfs - ok12:35:11.0437 2596 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys12:35:11.0453 2596 Ntfs - ok12:35:11.0453 2596 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe12:35:11.0453 2596 NtLmSsp - ok12:35:11.0500 2596 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll12:35:11.0500 2596 NtmsSvc - ok12:35:11.0531 2596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys12:35:11.0531 2596 Null - ok12:35:12.0125 2596 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys12:35:12.0281 2596 nv - ok12:35:12.0359 2596 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys12:35:12.0359 2596 NVENETFD - ok12:35:12.0375 2596 nvgts (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys12:35:12.0375 2596 nvgts - ok12:35:12.0390 2596 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys12:35:12.0390 2596 nvnetbus - ok12:35:12.0421 2596 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe12:35:12.0421 2596 NVSvc - ok12:35:12.0593 2596 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe12:35:12.0625 2596 nvUpdatusService - ok12:35:12.0703 2596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys12:35:12.0718 2596 NwlnkFlt - ok12:35:12.0718 2596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys12:35:12.0718 2596 NwlnkFwd - ok12:35:12.0750 2596 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys12:35:12.0750 2596 NwlnkIpx - ok12:35:12.0750 2596 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys12:35:12.0750 2596 NwlnkNb - ok12:35:12.0750 2596 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys12:35:12.0765 2596 NwlnkSpx - ok12:35:12.0765 2596 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys12:35:12.0765 2596 Parport - ok12:35:12.0781 2596 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys12:35:12.0781 2596 PartMgr - ok12:35:12.0812 2596 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys12:35:12.0812 2596 ParVdm - ok12:35:12.0843 2596 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys12:35:12.0843 2596 PCI - ok12:35:12.0843 2596 PCIDump - ok12:35:12.0859 2596 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys12:35:12.0859 2596 PCIIde - ok12:35:12.0890 2596 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys12:35:12.0890 2596 Pcmcia - ok12:35:12.0890 2596 PDCOMP - ok12:35:12.0906 2596 PDFRAME - ok12:35:12.0906 2596 PDRELI - ok12:35:12.0906 2596 PDRFRAME - ok12:35:12.0906 2596 perc2 - ok12:35:12.0921 2596 perc2hib - ok12:35:12.0953 2596 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe12:35:12.0953 2596 PlugPlay - ok12:35:13.0000 2596 PnkBstrA (3a2e85f7d90d15460c337ce80c2e3b29) C:\WINDOWS\system32\PnkBstrA.exe12:35:13.0000 2596 PnkBstrA - ok12:35:13.0031 2596 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe12:35:13.0031 2596 PolicyAgent - ok12:35:13.0062 2596 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys12:35:13.0062 2596 PptpMiniport - ok12:35:13.0078 2596 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys12:35:13.0078 2596 Processor - ok12:35:13.0078 2596 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe12:35:13.0093 2596 ProtectedStorage - ok12:35:13.0093 2596 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys12:35:13.0093 2596 PSched - ok12:35:13.0109 2596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys12:35:13.0109 2596 Ptilink - ok12:35:13.0109 2596 ql1080 - ok12:35:13.0125 2596 Ql10wnt - ok12:35:13.0125 2596 ql12160 - ok12:35:13.0125 2596 ql1240 - ok12:35:13.0125 2596 ql1280 - ok12:35:13.0156 2596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys12:35:13.0156 2596 RasAcd - ok12:35:13.0171 2596 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll12:35:13.0187 2596 RasAuto - ok12:35:13.0203 2596 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys12:35:13.0203 2596 Rasl2tp - ok12:35:13.0234 2596 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll12:35:13.0234 2596 RasMan - ok12:35:13.0234 2596 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys12:35:13.0234 2596 RasPppoe - ok12:35:13.0250 2596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys12:35:13.0250 2596 Raspti - ok12:35:13.0265 2596 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys12:35:13.0265 2596 Rdbss - ok12:35:13.0281 2596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys12:35:13.0281 2596 RDPCDD - ok12:35:13.0296 2596 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys12:35:13.0296 2596 rdpdr - ok12:35:13.0328 2596 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys12:35:13.0328 2596 RDPWD - ok12:35:13.0359 2596 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe12:35:13.0359 2596 RDSessMgr - ok12:35:13.0406 2596 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys12:35:13.0406 2596 redbook - ok12:35:13.0437 2596 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll12:35:13.0437 2596 RemoteAccess - ok12:35:13.0468 2596 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll12:35:13.0468 2596 RemoteRegistry - ok12:35:13.0484 2596 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe12:35:13.0500 2596 RpcLocator - ok12:35:13.0546 2596 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll12:35:13.0546 2596 RpcSs - ok12:35:13.0593 2596 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe12:35:13.0593 2596 RSVP - ok12:35:13.0640 2596 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys12:35:13.0640 2596 RT61 - ok12:35:13.0671 2596 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe12:35:13.0671 2596 SamSs - ok12:35:13.0718 2596 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe12:35:13.0718 2596 SCardSvr - ok12:35:13.0734 2596 SCDEmu (9feb2026a460916d1a1198b460632630) C:\WINDOWS\system32\drivers\SCDEmu.sys12:35:13.0796 2596 SCDEmu - ok12:35:13.0843 2596 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll12:35:13.0859 2596 Schedule - ok12:35:13.0875 2596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys12:35:13.0875 2596 Secdrv - ok12:35:13.0906 2596 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll12:35:13.0906 2596 seclogon - ok12:35:13.0906 2596 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll12:35:13.0921 2596 SENS - ok12:35:13.0921 2596 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys12:35:13.0921 2596 Serenum - ok12:35:13.0921 2596 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys12:35:13.0937 2596 Serial - ok12:35:13.0968 2596 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys12:35:14.0000 2596 sfdrv01 - ok12:35:14.0000 2596 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys12:35:14.0000 2596 sfhlp02 - ok12:35:14.0078 2596 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys12:35:14.0093 2596 Sfloppy - ok12:35:14.0109 2596 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys12:35:14.0140 2596 sfvfs02 - ok12:35:14.0171 2596 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll12:35:14.0171 2596 ShellHWDetection - ok12:35:14.0171 2596 Simbad - ok12:35:14.0250 2596 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe12:35:14.0265 2596 SkypeUpdate - ok12:35:14.0281 2596 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys12:35:14.0296 2596 SLIP - ok12:35:14.0296 2596 Sparrow - ok12:35:14.0328 2596 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys12:35:14.0328 2596 splitter - ok12:35:14.0375 2596 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe12:35:14.0375 2596 Spooler - ok12:35:14.0390 2596 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys12:35:14.0390 2596 sr - ok12:35:14.0406 2596 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll12:35:14.0406 2596 srservice - ok12:35:14.0453 2596 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys12:35:14.0453 2596 Srv - ok12:35:14.0468 2596 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll12:35:14.0468 2596 SSDPSRV - ok12:35:14.0500 2596 Steam Client Service - ok12:35:14.0531 2596 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll12:35:14.0546 2596 stisvc - ok12:35:14.0562 2596 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys12:35:14.0562 2596 streamip - ok12:35:14.0593 2596 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys12:35:14.0593 2596 swenum - ok12:35:14.0593 2596 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys12:35:14.0593 2596 swmidi - ok12:35:14.0609 2596 SwPrv - ok12:35:14.0609 2596 symc810 - ok12:35:14.0609 2596 symc8xx - ok12:35:14.0609 2596 sym_hi - ok12:35:14.0625 2596 sym_u3 - ok12:35:14.0625 2596 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys12:35:14.0625 2596 sysaudio - ok12:35:14.0656 2596 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe12:35:14.0656 2596 SysmonLog - ok12:35:14.0687 2596 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll12:35:14.0687 2596 TapiSrv - ok12:35:14.0750 2596 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys12:35:14.0750 2596 Tcpip - ok12:35:14.0781 2596 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys12:35:14.0781 2596 TDPIPE - ok12:35:14.0796 2596 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys12:35:14.0796 2596 TDTCP - ok12:35:14.0812 2596 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys12:35:14.0812 2596 TermDD - ok12:35:14.0843 2596 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll12:35:14.0843 2596 TermService - ok12:35:14.0875 2596 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll12:35:14.0875 2596 Themes - ok12:35:14.0906 2596 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe12:35:14.0906 2596 TlntSvr - ok12:35:14.0921 2596 TosIde - ok12:35:14.0953 2596 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll12:35:14.0953 2596 TrkWks - ok12:35:14.0984 2596 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys12:35:14.0984 2596 Udfs - ok12:35:14.0984 2596 ultra - ok12:35:15.0031 2596 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys12:35:15.0046 2596 Update - ok12:35:15.0078 2596 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll12:35:15.0078 2596 upnphost - ok12:35:15.0093 2596 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe12:35:15.0093 2596 UPS - ok12:35:15.0109 2596 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys12:35:15.0125 2596 USBAAPL - ok12:35:15.0140 2596 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys12:35:15.0140 2596 usbaudio - ok12:35:15.0171 2596 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys12:35:15.0171 2596 usbccgp - ok12:35:15.0171 2596 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys12:35:15.0171 2596 usbehci - ok12:35:15.0218 2596 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys12:35:15.0218 2596 usbhub - ok12:35:15.0218 2596 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys12:35:15.0218 2596 usbohci - ok12:35:15.0250 2596 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys12:35:15.0250 2596 usbprint - ok12:35:15.0281 2596 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys12:35:15.0281 2596 usbscan - ok12:35:15.0281 2596 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS12:35:15.0281 2596 USBSTOR - ok12:35:15.0312 2596 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys12:35:15.0312 2596 usbvideo - ok12:35:15.0312 2596 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys12:35:15.0312 2596 VgaSave - ok12:35:15.0390 2596 VIAHdAudAddService (1c43d4c8818dcbd8814e7c260744bcc4) C:\WINDOWS\system32\drivers\viahduaa.sys12:35:15.0406 2596 VIAHdAudAddService - ok12:35:15.0421 2596 ViaIde - ok12:35:15.0453 2596 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys12:35:15.0453 2596 VolSnap - ok12:35:15.0500 2596 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe12:35:15.0500 2596 VSS - ok12:35:15.0515 2596 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll12:35:15.0515 2596 W32Time - ok12:35:15.0546 2596 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys12:35:15.0562 2596 Wanarp - ok12:35:15.0562 2596 WDICA - ok12:35:15.0562 2596 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys12:35:15.0562 2596 wdmaud - ok12:35:15.0609 2596 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll12:35:15.0609 2596 WebClient - ok12:35:15.0687 2596 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll12:35:15.0687 2596 winmgmt - ok12:35:15.0796 2596 WinRing0_1_2_0 (845af1ba23c8d5e64def61bcc441604c) C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys12:35:15.0812 2596 WinRing0_1_2_0 - ok12:35:15.0875 2596 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll12:35:15.0921 2596 WinRM - ok12:35:16.0031 2596 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE12:35:16.0062 2596 wlidsvc - ok12:35:16.0156 2596 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll12:35:16.0156 2596 WmdmPmSN - ok12:35:16.0218 2596 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll12:35:16.0218 2596 Wmi - ok12:35:16.0250 2596 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe12:35:16.0265 2596 WmiApSrv - ok12:35:16.0390 2596 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe12:35:16.0437 2596 WMPNetworkSvc - ok12:35:16.0578 2596 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe12:35:16.0593 2596 WPFFontCache_v0400 - ok12:35:16.0687 2596 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys12:35:16.0687 2596 WS2IFSL - ok12:35:16.0703 2596 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS12:35:16.0703 2596 WSTCODEC - ok12:35:16.0750 2596 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll12:35:16.0750 2596 wuauserv - ok12:35:16.0781 2596 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys12:35:16.0781 2596 WudfPf - ok12:35:16.0796 2596 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys12:35:16.0796 2596 WudfRd - ok12:35:16.0812 2596 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll12:35:16.0843 2596 WudfSvc - ok12:35:16.0890 2596 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll12:35:16.0906 2596 WZCSVC - ok12:35:16.0906 2596 XDva390 - ok12:35:16.0984 2596 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll12:35:17.0015 2596 xmlprov - ok12:35:17.0031 2596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR012:35:17.0062 2596 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected12:35:17.0062 2596 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)12:35:17.0062 2596 MBR (0x1B8) (aac4f0d2ae484abe318cbd52270c0a6e) \Device\Harddisk1\DR312:35:17.0218 2596 \Device\Harddisk1\DR3 - ok12:35:17.0218 2596 Boot (0x1200) (3e11779a10b8db3758f3ba4dc4d2d48a) \Device\Harddisk0\DR0\Partition012:35:17.0218 2596 \Device\Harddisk0\DR0\Partition0 - ok12:35:17.0234 2596 Boot (0x1200) (c163deef373f0bef5442a54abc7f7e2b) \Device\Harddisk0\DR0\Partition112:35:17.0234 2596 \Device\Harddisk0\DR0\Partition1 - ok12:35:17.0234 2596 Boot (0x1200) (685b48152fe5b6ce026342d5af742671) \Device\Harddisk1\DR3\Partition012:35:17.0250 2596 \Device\Harddisk1\DR3\Partition0 - ok12:35:17.0250 2596 ============================================================12:35:17.0250 2596 Scan finished12:35:17.0250 2596 ============================================================12:35:17.0250 1932 Detected object count: 112:35:17.0250 1932 Actual detected object count: 112:35:43.0265 1932 \Device\Harddisk0\DR0\# - copied to quarantine12:35:43.0265 1932 \Device\Harddisk0\DR0 - copied to quarantine12:35:43.0328 1932 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine12:35:43.0343 1932 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine12:35:43.0406 1932 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine12:35:43.0421 1932 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine12:35:43.0453 1932 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine12:35:43.0500 1932 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine12:35:43.0562 1932 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine12:35:43.0625 1932 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine12:35:43.0640 1932 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine12:35:43.0640 1932 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine12:35:43.0843 1932 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine12:35:43.0875 1932 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine12:35:43.0890 1932 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine12:35:43.0890 1932 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine12:35:43.0953 1932 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot12:35:43.0953 1932 \Device\Harddisk0\DR0 - ok12:35:43.0953 1932 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure12:35:50.0156 3864 Deinitialize success-------------------------------------------------------------------------------------Malwarebytes Anti-Malware (Trial) 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.07.31.10Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702colton :: COLTON-68A0AE49 [administrator]Protection: Enabled7/31/2012 12:43:38 PMmbam-log-2012-07-31 (12-43-38).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 237865Time elapsed: 12 minute(s), 40 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Share this post Link to post Share on other sites
Maniac #4 Posted August 2, 2012 This is the due to the rootkit which your system is infected with. Now:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please post the C:\ComboFix.txt in your next reply for further review.Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Share this post Link to post Share on other sites
Chanta153 #5 Posted August 2, 2012 no problems runing combofix (heres the log)-------------------------------------------------------ComboFix 12-07-31.03 - colton 08/02/2012 12:48:01.1.2 - x86Running from: c:\documents and settings\colton\Desktop\ComboFix.exe * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\TEMPc:\documents and settings\colton\Application Data\384bfcdc:\documents and settings\colton\Application Data\40ad97ec:\documents and settings\colton\Application Data\8f490aa6c:\documents and settings\colton\Application Data\8fe1b1c3c:\documents and settings\colton\Application Data\99f60910c:\documents and settings\colton\Application Data\9a7b710ec:\documents and settings\colton\Application Data\bdafb9f2c:\documents and settings\colton\Application Data\be5ba6b0c:\documents and settings\colton\Application Data\c3136afdc:\documents and settings\colton\Application Data\c38c1e5ac:\documents and settings\colton\Application Data\c41b62fcc:\documents and settings\colton\Application Data\c46b1c5bc:\documents and settings\colton\Application Data\d18b3bc6c:\documents and settings\colton\Application Data\d20473b5c:\documents and settings\colton\Application Data\d3d49827c:\documents and settings\colton\Application Data\d82852a0c:\documents and settings\colton\Application Data\d8c77d55c:\documents and settings\colton\Application Data\d957f491c:\documents and settings\colton\Application Data\da0a08a9c:\documents and settings\colton\Application Data\da93da8fc:\documents and settings\colton\Application Data\PriceGongc:\documents and settings\colton\Application Data\PriceGong\Data\1.txtc:\documents and settings\colton\Application Data\PriceGong\Data\2229.txtc:\documents and settings\colton\Application Data\PriceGong\Data\4489.txtc:\documents and settings\colton\Application Data\PriceGong\Data\450.txtc:\documents and settings\colton\Application Data\PriceGong\Data\946.txtc:\documents and settings\colton\Application Data\PriceGong\Data\a.txtc:\documents and settings\colton\Application Data\PriceGong\Data\b.txtc:\documents and settings\colton\Application Data\PriceGong\Data\c.txtc:\documents and settings\colton\Application Data\PriceGong\Data\d.txtc:\documents and settings\colton\Application Data\PriceGong\Data\e.txtc:\documents and settings\colton\Application Data\PriceGong\Data\f.txtc:\documents and settings\colton\Application Data\PriceGong\Data\g.txtc:\documents and settings\colton\Application Data\PriceGong\Data\h.txtc:\documents and settings\colton\Application Data\PriceGong\Data\i.txtc:\documents and settings\colton\Application Data\PriceGong\Data\j.txtc:\documents and settings\colton\Application Data\PriceGong\Data\k.txtc:\documents and settings\colton\Application Data\PriceGong\Data\l.txtc:\documents and settings\colton\Application Data\PriceGong\Data\m.txtc:\documents and settings\colton\Application Data\PriceGong\Data\mru.xmlc:\documents and settings\colton\Application Data\PriceGong\Data\n.txtc:\documents and settings\colton\Application Data\PriceGong\Data\o.txtc:\documents and settings\colton\Application Data\PriceGong\Data\p.txtc:\documents and settings\colton\Application Data\PriceGong\Data\q.txtc:\documents and settings\colton\Application Data\PriceGong\Data\r.txtc:\documents and settings\colton\Application Data\PriceGong\Data\s.txtc:\documents and settings\colton\Application Data\PriceGong\Data\t.txtc:\documents and settings\colton\Application Data\PriceGong\Data\u.txtc:\documents and settings\colton\Application Data\PriceGong\Data\v.txtc:\documents and settings\colton\Application Data\PriceGong\Data\w.txtc:\documents and settings\colton\Application Data\PriceGong\Data\wlu.txtc:\documents and settings\colton\Application Data\PriceGong\Data\x.txtc:\documents and settings\colton\Application Data\PriceGong\Data\y.txtc:\documents and settings\colton\Application Data\PriceGong\Data\z.txtc:\documents and settings\colton\Application Data\Toolbar4c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\0a4f35b626016d8cd6d5731fa5e2aad7c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\0b64ffa009d9e3d1236fb2b575bd953dc:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\0d53f0a9a42a5167b78657f1fc9488f1c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\1df1df47b49e8b3090bc211048795c5ac:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\27c746d432b7a753a0af8d7c033b46fec:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2b4ad282984708f7b89800e17a257476c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2f51f062108c7f20a67770bbdf546004c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\31dca3ca44f44956ffde9959067d1093c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\521788680d3595d05d274f3713057765c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\593abe4ad021a7ca3002ccb2dca1969dc:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\757a20d7a75ae93435ac64a6095eab39c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\7afabe4e3af1a66103f629a38d90558ac:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9956734e872eec3ea3e17f52e84dc6ccc:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9d810aab3f7bcbacb07c241f8d726714c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9fc2051aee76f9ef060973477300788dc:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c48c9e27c16419ab995d48b077a802ffc:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\d1a2c0b23b2d4e91acf26940533c64f0c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\dcd16c0f4842bc19d648b261e3cf263dc:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\1e6d0a92883b25f29523edfaccfcde3bc:\documents and settings\colton\Local Settings\Application Data\Minibarc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\background.htmlc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\cached_http_request.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\extension_info.jsonc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\icons\icon128.pngc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\icons\icon19.pngc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\icons\icon32.pngc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\icons\icon48.pngc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\includes\content.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\includes\content_kango.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\includes\content_messaging.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\includes\content_userscript.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango-ui\button.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango-ui\ui.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\browser.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\console.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\event_listener.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\initialize.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\io.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\jsonstorage.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\kango.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\lang.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\messaging.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\userscript_engine.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\xhr.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\main.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\manifest.jsonc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\minibar\actions.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\minibar\cachedxhr.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\minibar\config.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\minibar\macros.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\minibar\minibar.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\popup.htmlc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\popup.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\tab.htmlc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\tab.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome_installer.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\common.jsc:\documents and settings\colton\Local Settings\Application Data\Minibar\install.jsonc:\documents and settings\colton\Local Settings\Application Data\Minibar\minibar.crxc:\documents and settings\colton\Local Settings\Application Data\Minibar\sqlite3.exec:\documents and settings\colton\Local Settings\Application Data\Minibar\Uninstall.exec:\windows\system32\NEW16.tmpc:\windows\system32\NEWC.tmpc:\windows\system32\tmp103.tmpc:\windows\system32\tmp104.tmpc:\windows\system32\tmp188.tmpc:\windows\system32\tmp189.tmpc:\windows\system32\tmpBD.tmpc:\windows\system32\tmpBE.tmpc:\windows\system32\URTTempc:\windows\system32\URTTemp\fusion.dllc:\windows\system32\URTTemp\mscoree.dllc:\windows\system32\URTTemp\mscoree.dll.localc:\windows\system32\URTTemp\mscorsn.dllc:\windows\system32\URTTemp\mscorwks.dllc:\windows\system32\URTTemp\msvcr71.dllc:\windows\system32\URTTemp\regtlib.exeF:\install.exe..((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))..2012-08-02 19:43 . 2012-08-02 19:43 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4432710-3A41-4AF9-AD7B-417638D150FC}\MpKslc5b82ed1.sys2012-08-02 19:41 . 2012-08-02 19:41 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4432710-3A41-4AF9-AD7B-417638D150FC}\offreg.dll2012-08-01 20:18 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4432710-3A41-4AF9-AD7B-417638D150FC}\mpengine.dll2012-07-31 19:35 . 2012-07-31 19:35 -------- d-----w- C:\TDSSKiller_Quarantine2012-07-31 08:35 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-07-31 06:54 . 2012-07-31 07:05 -------- d-----w- C:\i3862012-07-31 00:44 . 2012-07-31 00:44 -------- d-----w- c:\documents and settings\colton\Application Data\Malwarebytes2012-07-31 00:44 . 2012-07-31 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2012-07-31 00:44 . 2012-07-31 00:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-07-31 00:44 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-07-30 02:18 . 2012-07-30 02:18 -------- d-----w- c:\program files\TeamSpeak 3 Client2012-07-18 20:30 . 2012-07-19 20:08 -------- d-----w- c:\program files\EndlessOnline2012-07-17 00:05 . 2012-07-17 00:06 -------- d-----w- c:\documents and settings\colton\Application Data\GetRightToGo2012-07-12 02:15 . 2012-07-12 02:16 -------- d-----w- c:\program files\Microsoft Security Client2012-07-11 23:11 . 2012-07-11 23:22 -------- d-----w- c:\documents and settings\Administrator2012-07-11 06:06 . 2012-07-12 02:11 653745 ----a-w- c:\windows\system32\drivers\sfi.dat2012-07-11 06:02 . 2012-07-11 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA2012-07-11 05:59 . 2012-07-11 05:59 1060864 ----a-w- c:\windows\system32\mfc71.dll2012-07-11 05:59 . 2012-07-11 05:59 348160 ----a-w- c:\windows\system32\msvcr71.dll2012-07-11 05:59 . 2012-07-11 05:59 1700352 ----a-w- c:\windows\system32\gdiplus.dll2012-07-11 05:46 . 2012-07-11 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData2012-07-11 04:33 . 2012-07-11 04:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache2012-07-06 21:53 . 2012-07-06 21:53 -------- d-----w- c:\documents and settings\colton\Local Settings\Application Data\Skyrim...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-07-30 00:52 . 2012-04-05 03:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-07-30 00:52 . 2011-07-04 06:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-07-13 00:13 . 2012-05-10 23:06 405144 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll2012-07-05 18:38 . 2011-07-05 01:50 138992 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys2012-07-05 18:38 . 2011-08-11 03:29 281288 ----a-w- c:\windows\system32\PnkBstrB.xtr2012-07-05 18:38 . 2011-07-05 01:50 281288 ----a-w- c:\windows\system32\PnkBstrB.exe2012-07-05 08:14 . 2011-07-05 01:50 281288 ----a-w- c:\windows\system32\PnkBstrB.ex02012-06-25 03:28 . 2012-06-25 03:28 3584 ----a-r- c:\documents and settings\colton\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe2012-06-13 13:19 . 2006-03-15 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll2012-06-05 15:50 . 2006-03-15 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll2012-06-05 00:35 . 2011-07-04 23:33 222448 ----a-w- c:\windows\system32\muweb.dll2012-06-04 04:32 . 2006-03-15 12:00 152576 ----a-w- c:\windows\system32\schannel.dll2012-06-02 22:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui2012-06-02 22:19 . 2011-07-03 05:22 329240 ----a-w- c:\windows\system32\wucltui.dll2012-06-02 22:19 . 2011-07-03 05:22 210968 ----a-w- c:\windows\system32\wuweb.dll2012-06-02 22:19 . 2011-07-03 05:22 219160 ----a-w- c:\windows\system32\wuaucpl.cpl2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui2012-06-02 22:19 . 2011-07-03 05:22 53784 ----a-w- c:\windows\system32\wuauclt.exe2012-06-02 22:19 . 2011-07-03 05:22 35864 ----a-w- c:\windows\system32\wups.dll2012-06-02 22:19 . 2009-08-07 02:24 45080 ----a-w- c:\windows\system32\wups2.dll2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui2012-06-02 22:19 . 2006-03-15 12:00 97304 ----a-w- c:\windows\system32\cdm.dll2012-06-02 22:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui2012-06-02 22:19 . 2011-07-03 05:22 577048 ----a-w- c:\windows\system32\wuapi.dll2012-06-02 22:19 . 2011-07-03 05:22 1933848 ----a-w- c:\windows\system32\wuaueng.dll2012-06-02 22:18 . 2011-07-04 23:33 275696 ----a-w- c:\windows\system32\mucltui.dll2012-06-02 22:18 . 2011-07-04 23:33 17136 ----a-w- c:\windows\system32\mucltui.dll.mui2012-06-02 20:40 . 2011-07-05 01:50 138904 ----a-w- c:\documents and settings\colton\Application Data\PnkBstrK.sys2012-06-02 20:39 . 2011-07-05 01:50 76888 ----a-w- c:\windows\system32\PnkBstrA.exe2012-05-31 19:25 . 2011-07-04 06:06 237072 ------w- c:\windows\system32\MpSigStub.exe2012-05-31 13:22 . 2006-03-15 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll2012-05-26 14:49 . 2012-05-26 04:00 21840 ----atw- c:\windows\system32\SIntfNT.dll2012-05-26 14:49 . 2012-05-26 04:00 17212 ----atw- c:\windows\system32\SIntf32.dll2012-05-26 14:49 . 2012-05-26 04:00 12067 ----atw- c:\windows\system32\SIntf16.dll2012-05-23 22:28 . 2012-05-23 22:28 319488 ----a-w- c:\windows\HideWin.exe2012-05-16 15:08 . 2006-03-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll2012-05-11 14:42 . 2006-03-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll2012-05-11 14:42 . 2006-03-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2012-05-11 11:38 . 2006-03-15 12:00 385024 ------w- c:\windows\system32\html.iec2008-03-09 14:25 . 2011-07-20 20:52 236 ----a-w- c:\program files\Common Files\dx.reg..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]"RTHDCPL"="RTHDCPL.EXE" [2007-05-11 16342528]"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-18 53248]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-12 6749512]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\windows\system32\guard32.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnkbackup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]2012-02-29 15:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"RemoteRegistry"=2 (0x2)"RasAuto"=3 (0x3)"FastUserSwitchingCompatibility"=3 (0x3)"RDSessMgr"=3 (0x3)"RasMan"=3 (0x3)"Steam Client Service"=3 (0x3)"MsMpSvc"=2 (0x2)"iPod Service"=3 (0x3)"Apple Mobile Device"=2 (0x2)"wlidsvc"=2 (0x2)"WZCSVC"=2 (0x2)"helpsvc"=2 (0x2)"CLPSLS"=2 (0x2)"SkypeUpdate"=2 (0x2)"sdCoreService"=3 (0x3)"sdAuxService"=3 (0x3)"JavaQuickStarterService"=2 (0x2).[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe".R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [x]R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [x]S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]S1 MpKslc5b82ed1;MpKslc5b82ed1;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4432710-3A41-4AF9-AD7B-417638D150FC}\MpKslc5b82ed1.sys [x]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MPKSLC5B82ED1.Contents of the 'Scheduled Tasks' folder.2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 00:52].2012-07-21 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57].2012-07-15 c:\windows\Tasks\Crysis Wars® Updates.job- c:\windows\Installer\Crysis Wars® Updates for All Users.lnk [2011-07-05 02:38].2012-08-02 c:\windows\Tasks\Game_Booster_AutoUpdate.job- c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-07-01 00:57].2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1220945662-725345543-1003Core.job- c:\documents and settings\colton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-27 02:09].2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1220945662-725345543-1003UA.job- c:\documents and settings\colton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-27 02:09].2012-08-02 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uInternet Settings,ProxyOverride = *.localIE: Free YouTube to iPod Converter - c:\documents and settings\colton\Application Data\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htmIE: Free YouTube to MP3 Converter - c:\documents and settings\colton\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htmTCP: DhcpNameServer = 192.168.2.1.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)BHO-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)BHO-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)Toolbar-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)Toolbar-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)HKLM-Run-iTunesHelper - d:\games\iTunesHelper.exeMSConfigStartUp-Comrade - c:\program files\GameSpy\Comrade\Comrade.exeAddRemove-APB Reloaded - j:\games\APB\APB Reloaded\Uninstall.exeAddRemove-Dark Age of Camelot - j:\games\Electronic Arts\Dark Age of Camelot\uninstDAOC.exeAddRemove-Halo - j:\games\Halo\UNINSTAL.EXEAddRemove-JDiskReport 1.4.0 - j:\games\Comp ideas\JDisk Report\uninstall.exeAddRemove-uTorrent - f:\games\Utorrent\uTorrent.exeAddRemove-{5EC86106-2B0A-4595-B03C-15E2241C1AC5}_is1 - j:\games\Neverwinter Nights\unins000.exeAddRemove-A Handful Of Audiosurf Addons - j:\games\Audiosurf\Uninstall.exeAddRemove-{87686C21-8A15-4b4d-A3F1-11141D9BE094} - c:\program files\EA Games\Battlefield Play4Free\uninstaller.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-08-02 12:56Windows 5.1.2600 Service Pack 3 NTFS.detected NTDLL code modification:ZwClose.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-343818398-1220945662-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).[HKEY_USERS\S-1-5-21-343818398-1220945662-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:b5,45,24,39,f4,8b,f6,aa,72,f8,b2,24,7b,d6,f5,03,32,06,94,30,6a,5c,1d, f6,1f,b5,41,8c,04,9a,17,82,7a,23,2b,f3,de,c5,32,a3,20,16,a5,56,f0,bb,ed,b1,\"??"=hex:00,0c,dd,3a,a7,06,65,85,5d,61,22,27,2c,0a,1c,94.[HKEY_USERS\S-1-5-21-343818398-1220945662-725345543-1003\Software\SecuROM\License information*]"datasecu"=hex:d3,b1,4c,f1,b1,d8,de,da,54,6f,a2,1c,df,c0,43,93,dd,26,fd,98,f1, 52,fb,cb,a2,19,f5,7b,de,a7,80,4c,31,14,ad,3a,6e,17,65,79,68,2d,d2,3c,2a,5d,\"rkeysecu"=hex:25,dc,c0,6c,15,00,b9,91,ad,5e,71,35,a0,2b,57,d6.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(936)c:\windows\system32\guard32.dll.- - - - - - - > 'lsass.exe'(992)c:\windows\system32\guard32.dll.Completion time: 2012-08-02 12:58:37ComboFix-quarantined-files.txt 2012-08-02 19:58.Pre-Run: 50,446,012,416 bytes freePost-Run: 51,611,865,088 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer.- - End Of File - - 0039CBB81EEC19A9E22E7D4CC3F7740F Share this post Link to post Share on other sites
Maniac #6 Posted August 3, 2012 Good! Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Share this post Link to post Share on other sites
Chanta153 #7 Posted August 4, 2012 ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=bbef6fd4e2103346b3a3e7275f8dd09f# end=finished# remove_checked=true# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2012-08-04 02:26:34# local_time=2012-08-03 07:26:34 (-0800, Pacific Daylight Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=2560 16777215 100 0 0 0 0 0# compatibility_mode=3073 16777213 80 71 1052272 18769868 0 0# compatibility_mode=5891 16776533 42 93 0 10811198 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=239549# found=12# cleaned=12# scan_time=12963C:\Documents and Settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\colton\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadhdagcdfgcgcdedadjdhdgdegededg\background.html Win32/BHO.OEI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{F627A58D-F9C4-4287-AB5C-9ED46C74F98F}\RP354\A0212357.dll Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{F627A58D-F9C4-4287-AB5C-9ED46C74F98F}\RP451\A0255369.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{F627A58D-F9C4-4287-AB5C-9ED46C74F98F}\RP464\A0274842.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{F627A58D-F9C4-4287-AB5C-9ED46C74F98F}\RP470\A0276299.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\TDSSKiller_Quarantine\31.07.2012_12.34.51\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\TDSSKiller_Quarantine\31.07.2012_12.34.51\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\TDSSKiller_Quarantine\31.07.2012_12.34.51\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\TDSSKiller_Quarantine\31.07.2012_12.34.51\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CF:\Games\APB\APB_Reloaded_Installer.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CF:\System Volume Information\_restore{F627A58D-F9C4-4287-AB5C-9ED46C74F98F}\RP470\A0276300.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Share this post Link to post Share on other sites
Maniac #8 Posted August 4, 2012 How are things now? Share this post Link to post Share on other sites
Chanta153 #9 Posted August 5, 2012 there a little better, but i still got like.. one blacked outgoing connection to a "malicous website" Share this post Link to post Share on other sites
Maniac #10 Posted August 5, 2012 Please give me the IP. Share this post Link to post Share on other sites
Chanta153 #11 Posted August 5, 2012 I will as soon as i see it again Share this post Link to post Share on other sites
Chanta153 #13 Posted August 7, 2012 i havent seen it again so i believe it is gone thanks for the help Maniac! Share this post Link to post Share on other sites
Maniac #14 Posted August 7, 2012 Glad I could help! Please uninstall ComboFix:www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstallNext, uninstall ESET Online Scanner and then manually delete DDS and TDSSKiller.Some malware prevention tips:http://forums.malwarebytes.org/index.php?showtopic=104379Safe surfing! Share this post Link to post Share on other sites
Maurice Naggar #15 Posted August 9, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Share this post Link to post Share on other sites