Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech - Register now for FREE

A community of volunteers who share their knowledge, and answer your tech questions. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message, and all ads will be removed once you have signed in.

Create an Account Login to Account


Photo

Rootkit.TDSS.v3 infection-recycler infection [Solved]


  • This topic is locked This topic is locked
30 replies to this topic

#1 Armor7

Armor7

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 12 April 2012 - 08:28 PM

Dear Tech Experts, Recently my PC Tools antivirus detected the high risk virus: Rootkit.TDSS.v3; whenever I click on clean though, it claims to have cleaned but it requires a reboot to finish removing the infection. Upon rebooting, it does a short scan and states that no infections were found. However, when I redo a full scan, the virus is detected again. So far, I have not experienced the symptoms associated with the virus except for slowing down of the system, so I find it very strange. Before this, my computer was infected by a virus known as the recycler which makes folders on flash drives shortcut folders while taking the information therein; I had hell removing and even quarantining this virus and after following some online guides I had assumed it gone seeing that my flash drive no longer became infected. I suspect though that it is still present and may have led to further infection of my netbook. At the moment, my external western digital harddrive is still infected by it; I have no access to my folders therein since attempts to open them are stopped by PC TOOLS which detects this name: TROJAN.GEN. I would really like to have my pc and external harddrive clean again once and for all. I had to already redo my OS at one point in time. I thank you in advance for your assistance :) Respectfully, Tony

Advertisement


#2 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 5,042 posts
  • Interests:LFC, music, more LFC, more music

Posted 13 April 2012 - 04:03 AM

Hello Armor7 and welcome to the WTT forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:
  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT RUN ANY TEMPORARY FILE CLEANERS
Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Run DDS

Please download DDS by sUBs from one of the following links and save it to your desktop.

DDS.scr
DDS.pif

• disable any script blocking protection (How to Disable your Security Programs)
• double click DDS icon to run the tool (may take up to 3 minutes to run)
• when done, DDS.txt will open.
• after a few moments, attach.txt will open in a second window.
• save both reports to your desktop.
Post the contents of the DDS.txt and Attach.txt reports in your next reply
===================================================

Run aswMBR
  • download aswMBR.exe to your desktop.
  • double click aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply
Logs to include with next post:

DDS.txt
Attach.txt
aswMBR log


Thanks

Satchfan

#3 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 5,042 posts
  • Interests:LFC, music, more LFC, more music

Posted 15 April 2012 - 03:04 AM

It has been a couple of days since I sent instructions to help with your computer problems. Please let me know if you still need help Satchfan

#4 Armor7

Armor7

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 15 April 2012 - 09:09 AM

Greeting Satchfan, I apologize for the late post but thank you for your prompt reply. I do hope that this post is the right way of replying to yours; since the instructions said to not reply to your own posts I was wondering if I have to write a whole new topic each time I was posting or am I doing the right thing by replying directly to you? Also, in my problem description, I mentioned my external hard drive: should I have it plugged in for the scan or should I not? In addition, my computer, by automatic updates, wants to finish updating by restarting; should I allow it? (I know one of the instructions is to not install any programs or so; I just want to be sure you don't mean updates or so. Lastly, I do not know how change the DDS.txt to a zip file; is it possible to give me some instructions on that as well? I am very thankful for your kind assistance. Respectfully Tony

#5 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 5,042 posts
  • Interests:LFC, music, more LFC, more music

Posted 15 April 2012 - 10:21 AM

Hi Tony

I do hope that this post is the right way of replying to yours

That is the correct way - you just click the "Reply" button at type in your reply. This is also where you copy and paste the logs that you get from the programs you are asked to run.

my computer, by automatic updates, wants to finish updating by restarting

You can allow the Windows updates to finish by restarting.

I mentioned my external hard drive: should I have it plugged in for the scan

Don't worry about the external hard drive at the moment.


With DDS and the other logs, you don't have to zip them. You will see logs on your desktop when you have finished running the program. With DDS they will be called DDS.txt and Attach.txt. Open them up one at a time by double-clicking on them. When you open one, highlight the whole log then copy it and paste it in your reply.

Repeat this for aswMBR also.

If you are still unsure, let me know and we'll do one log at a time.

Satchfan.

#6 Armor7

Armor7

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 15 April 2012 - 01:34 PM

Hey Satchfan,

I thank you again for your prompt reply; here are the results of the scans:

From the DDS.txt file:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by The GRACE of GOD at 20:02:21 on 2012-04-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.27 [GMT -4:00]
.
AV: PC Tools Internet Security Anti-Virus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: PC Tools Internet Security Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
svchost.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\PC Tools Security\TFEngine\TFService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Documents and Settings\The GRACE of GOD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\The GRACE of GOD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\The GRACE of GOD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\The GRACE of GOD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\The GRACE of GOD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\TSTT\Blink Access Manager\Blink Access Manager.exe
C:\Documents and Settings\The GRACE of GOD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\The GRACE of GOD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\The GRACE of GOD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{8EE80A0A-5594-4AF1-8C62-9406D2E484BF} : NameServer = 196.3.132.153 196.3.132.154
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pctBTFix;PC Tools Boot Fix Driver;c:\windows\system32\drivers\pctBTFix.sys [2011-12-6 17848]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-12-6 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-12-6 341656]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-12-6 660992]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-12-6 54328]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-12-6 574424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-12-6 253096]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-12-5 185560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-12-6 546768]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-12-6 162584]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-12-6 402336]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-12-6 1117624]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-11-10 113664]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2010-1-30 318976]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2010-1-30 51456]
R3 DIFMBUS;Franklin EVDO USB Modem Composite Device Driver;c:\windows\system32\drivers\DIFMBUS.sys [2012-4-11 56408]
R3 DIFMCVsp;Franklin EVDO USB Modem CM Port;c:\windows\system32\drivers\DIFMCVsp.sys [2012-4-11 164568]
R3 DIFMMdm;Franklin EVDO USB Modem;c:\windows\system32\drivers\DIFMMdm.sys [2012-4-11 164568]
R3 DIFMNET;Franklin EVDO USB Modem Network Adapter;c:\windows\system32\drivers\DIFMNET.sys [2012-4-11 112728]
R3 DIFMNVsp;Franklin EVDO USB Modem NMEA Port Serial Port;c:\windows\system32\drivers\DIFMNVsp.sys [2012-4-11 164568]
R3 DIFMVsp;Franklin EVDO USB Modem Diagnostics Port;c:\windows\system32\drivers\DIFMVsp.sys [2012-4-11 164568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-31 39424]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2011-12-6 56840]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-12-6 91136]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-12-6 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2011-12-6 125888]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-12-6 70536]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-12-6 35264]
R3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 DIFMCDF;Franklin EVDO USB Modem Installation CD;c:\windows\system32\drivers\DIFMCDF.sys [2012-4-11 29400]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-12-6 57536]
.
=============== Created Last 30 ================
.
2012-04-12 03:02:28 29400 ----a-w- c:\windows\system32\drivers\DIFMCDF.sys
2012-04-12 03:02:27 164568 ----a-w- c:\windows\system32\drivers\DIFMVsp.sys
2012-04-12 03:02:25 21080 ----a-w- c:\windows\system32\DIFMCIT.DLL
2012-04-12 03:02:25 112728 ----a-w- c:\windows\system32\drivers\DIFMNET.sys
2012-04-12 03:02:24 164568 ----a-w- c:\windows\system32\drivers\DIFMNVsp.sys
2012-04-12 03:02:22 164568 ----a-w- c:\windows\system32\drivers\DIFMCVsp.sys
2012-04-12 03:02:21 164568 ----a-w- c:\windows\system32\drivers\DIFMMdm.sys
2012-04-12 03:02:19 56408 ----a-w- c:\windows\system32\drivers\DIFMBUS.sys
2012-04-12 03:02:19 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-04-12 03:00:43 -------- d-----w- c:\program files\TSTT
2012-04-12 02:47:21 -------- d-sh--w- C:\found.000
2012-04-11 20:15:14 -------- d-----w- c:\program files\Unit Conversion Tool
2012-04-07 13:29:08 73 ----a-w- c:\windows\system32\ssprs.dll
2012-04-07 13:29:08 205 ----a-w- c:\windows\system32\lsprst7.dll
2012-04-07 13:29:08 1025 ----a-w- c:\windows\system32\sysprs7.dll
2012-04-07 13:29:08 1025 ----a-w- c:\windows\system32\clauth2.dll
2012-04-07 13:29:08 1025 ----a-w- c:\windows\system32\clauth1.dll
2012-04-07 13:27:00 -------- d-----w- c:\program files\Rainbow Technologies
2012-04-07 13:27:00 -------- d-----w- c:\program files\Hyprotech
2012-04-07 13:27:00 -------- d-----w- c:\program files\common files\Hyprotech
2012-04-06 06:04:36 -------- d-----w- c:\program files\Franklin
2012-04-03 08:46:09 -------- d-----w- c:\documents and settings\the grace of god\local settings\application data\Identities
2012-03-30 06:20:24 -------- d-----w- c:\program files\CBR Reader
2012-03-21 17:09:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
==================== Find3M ====================
.
2012-03-21 17:09:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-14 16:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:26:17 1869184 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:06:29.51 ===============
:yeah:



From the attach.txt file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/10/2011 4:22:43 PM
System Uptime: 4/12/2012 8:47:39 PM (24 hours ago)
.
Motherboard: Hewlett-Packard | | 308F
Processor: Intel® Atom™ CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 5.304 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 2/8/2012 10:12:45 PM - System Checkpoint
RP2: 2/9/2012 5:12:01 PM - PC Tools Internet Security: Cleaning Threats
RP3: 2/10/2012 6:00:26 PM - System Checkpoint
RP4: 2/13/2012 4:43:37 PM - System Checkpoint
RP5: 2/17/2012 12:32:36 PM - Removed VIPRE Antivirus Premium.
RP6: 2/18/2012 6:06:39 PM - Software Distribution Service 3.0
RP7: 3/3/2012 12:41:21 PM - Removed VIPRE Antivirus Premium.
RP8: 2/27/2012 9:08:43 AM - PC Tools Internet Security: Cleaning Threats
RP9: 2/28/2012 9:23:46 AM - System Checkpoint
RP10: 3/3/2012 12:40:11 PM - Software Distribution Service 3.0
RP11: 3/15/2012 8:41:11 AM - Removed VIPRE Antivirus Premium.
RP12: 3/13/2012 2:52:33 PM - System Checkpoint
RP13: 3/15/2012 8:39:39 AM - Software Distribution Service 3.0
RP14: 3/21/2012 1:07:58 PM - Removed Java™ 6 Update 29
RP15: 4/4/2012 2:00:24 PM - System Checkpoint
RP16: 4/5/2012 8:15:28 PM - Removed Blink Access Manager
RP17: 4/6/2012 1:38:14 AM - Removed VIPRE Antivirus Premium.
RP18: 4/6/2012 1:40:11 AM - Removed VIPRE Antivirus Premium.
RP19: 4/6/2012 2:02:11 AM - Installed Blink Access Manager
RP20: 4/7/2012 9:26:43 AM - Installed HYSYS 3.2
RP21: 4/7/2005 2:01:55 PM - Removed HYSYS 3.2
RP22: 4/8/2012 11:05:03 AM - System Checkpoint
RP23: 4/10/2012 3:33:24 AM - System Checkpoint
RP24: 4/11/2012 4:36:23 AM - System Checkpoint
RP25: 4/11/2012 10:27:40 PM - Removed Blink Access Manager
RP26: 4/11/2012 11:00:36 PM - Installed Blink Access Manager
RP27: 4/11/2012 11:13:28 PM - Software Distribution Service 3.0
RP28: 4/12/2012 10:48:06 PM - PC Tools Internet Security: Cleaning Threats
.
==== Installed Programs ======================
.
µTorrent
Adobe Reader X (10.1.3)
Alien Stars
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Auslogics BoostSpeed
Blink Access Manager
Broadcom 802.11 Wireless LAN Adapter
Browser Defender 4.0
CBR Reader
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup
e-Sword
EndNote X4
Franklin EVDO USB Modem
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
HP Wireless Assistant
HYSYS 3.2
IDT Audio
Java Auto Updater
Java™ 6 Update 31
Mario Forever 3.0
MATLAB R2009b
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Software Update for Web Folders (English) 14
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Outlook 2010 Toolbar
PC Tools Internet Security 9.0
PowerISO
RAR Password Recovery Magic v6.1.1.195
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
ResearchSoft Direct Export Helper
Rosetta Stone Version 3
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2653956)
Skype™ 5.5
Super Mario Kart
Surround MP4 Tool 3.4.2
Unit Conversion Tool Evaluation Version 5.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.1.11
WebFldrs XP
Windows Internet Explorer 8
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
4/9/2012 5:45:01 PM, error: PCTCore [280] - The item store is corrupted: @5512.
4/7/2012 12:24:54 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
4/6/2012 1:44:19 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
4/6/2012 1:22:11 AM, error: Service Control Manager [7000] - The sbapifs service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================


Finally, from the aswMBR.txt file:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-15 15:12:27
-----------------------------
15:12:27.989 OS Version: Windows 5.1.2600 Service Pack 3
15:12:27.989 Number of processors: 2 586 0x1C02
15:12:27.989 ComputerName: LEI-LI UserName:
15:12:41.287 Initialize success
15:24:00.706 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:24:00.722 Disk 0 Vendor: SAMSUNG_HM160HI HH100-15 Size: 152627MB BusType: 3
15:24:00.800 Disk 0 MBR read successfully
15:24:00.800 Disk 0 MBR scan
15:24:00.816 Disk 0 Windows XP default MBR code
15:24:00.847 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
15:24:00.863 Disk 0 scanning sectors +312560640
15:24:01.019 Disk 0 scanning C:\WINDOWS\system32\drivers
15:24:09.410 Service scanning
15:24:19.708 Service WudfPf C:\WINDOWS\C:\WINDOWS\system32\WudfPf.sys **LOCKED** 123
15:24:19.740 Service WudfRd C:\WINDOWS\C:\WINDOWS\system32\wudfrd.sys **LOCKED** 123
15:24:20.677 Modules scanning
15:24:31.288 Disk 0 trace - called modules:
15:24:31.319 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
15:24:31.694 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d07ab8]
15:24:31.694 3 CLASSPNP.SYS[f7508fd7] -> nt!IofCallDriver -> [0x86d78d58]
15:24:31.710 5 PCTCore.sys[f72b9407] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d7ad98]
15:24:31.710 Scan finished successfully
15:25:32.810 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\The GRACE of GOD\Desktop\MBR.dat"
15:25:32.826 The log file has been saved successfully to "C:\Documents and Settings\The GRACE of GOD\Desktop\aswMBR.txt"

Thank you again. :thumbup:

#7 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 5,042 posts
  • Interests:LFC, music, more LFC, more music

Posted 15 April 2012 - 04:53 PM

Hi Tony

I received your logs but as it is nearly midnight here in the UK I won't be able to check and reply immediately as I have an early start in the morning.

Apologies for the delay.

One thing to be mentioned though:

P2P - I see you have P2P software, (uTorrent), installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infection. If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing.

I would strongly recommend that you uninstall it now. You can do so via Start, Settings, Control Panel, Add or Remove Programs

Should you decide to keep it, please don’t use it until we have finished up here.

Regards

Satchfan

#8 Armor7

Armor7

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 15 April 2012 - 05:51 PM

Dear Satchfan, I'll gladly take your advice and remove the P2P software...thank you again for the advice. I patiently await your other suggestions and recommendations. Respectfully and thankfully Tony

#9 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 5,042 posts
  • Interests:LFC, music, more LFC, more music

Posted 16 April 2012 - 09:45 AM

Hi Tony

This tool will protect both the flash drive and the PC by disabling the autorun feature. Disabling autorun won't prevent infected files from getting into your removable drive but it does prevent these files from launching automatically. Without getting launched, these infected files lie dormant on the drive, and are pretty much harmless unless you double click on them.

Run this tool on all usb drives and computers:

Please download Flash_Disinfector.exe by sUBs from here
and save it to your desktop.
  • double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • the utility may ask you to insert your flash drive and/or other removable drives: please do so and allow the utility to clean up those drives as well
  • hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present
  • wait until it has finished scanning and then exit the program
  • reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

======================================================

Unhide the files on your external drives
  • if not still inserted, insert the flash drive into an empty USB slot. Take note the drive letter for the device – my example is drive F
  • press Windows + R, and type cmd and then click on OK.
  • type this in taking care to notice where the spaces are:

attrib -s -h -r f:/*.* /s /d

  • press Enter and wait for the command to execute.
  • open the thumb drive
You should see the files that were hidden by the virus.

======================================================

Run TDSSKiller

Please download TDSSKiller.zip
  • extract it to your desktop
  • double click TDSSKiller.exe
  • press Start Scan
    • only if Malicious objects are found then ensure Cure is selected. Do not change it to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.
    • then click Continue > Reboot now
  • copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\) called TDSSKiller_*** (*** denotes version & date)
======================================================

Download and run ComboFix

Download ComboFix from the following location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • see this Link for programs that need to be disabled and instruction on how to disable them.
  • remember to re-enable them when we're done.
  • double click on ComboFix.exe & follow the prompts.
  • as part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

    Posted Image


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.
Note: Do not mouse-click combofix's window while it is running. That may cause it to stall.

When finished, it will produce a log. Please include the ComboFix.txt in your next reply. It can be found at C:\ComboFix.txt

Please also remember to include the TDSSKiller log

Thanks

Satchfan

#10 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 5,042 posts
  • Interests:LFC, music, more LFC, more music

Posted 19 April 2012 - 04:50 PM

Hello Tony It has been several days since I posted instructions to help with your computer problem. Please let me know if you are having problems and still need help. Thanks Satchfan

Advertisement


#11 Armor7

Armor7

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 19 April 2012 - 10:45 PM

Dear Satchfan,

Please forgive me again; I will do better to reply more promptly in the future;here are the results of the scans:

First of all I would like to say that the folders on the external harddrive have reappeared like normal after finishing the scan with combo fix, and they are opening like normal again; however, the shortcut folder version is still on the drive along with them; what must I do to get rid of the shortcuts and the virus altogether?

Here is the TDSSKiller log:


21:06:14.0953 2240 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
21:06:16.0968 2240 ============================================================
21:06:16.0968 2240 Current date / time: 2012/04/19 21:06:16.0968
21:06:16.0968 2240 SystemInfo:
21:06:16.0968 2240
21:06:16.0968 2240 OS Version: 5.1.2600 ServicePack: 3.0
21:06:16.0968 2240 Product type: Workstation
21:06:16.0968 2240 ComputerName: LEI-LI
21:06:16.0968 2240 UserName: The GRACE of GOD
21:06:16.0968 2240 Windows directory: C:\WINDOWS
21:06:16.0968 2240 System windows directory: C:\WINDOWS
21:06:16.0968 2240 Processor architecture: Intel x86
21:06:16.0968 2240 Number of processors: 2
21:06:16.0968 2240 Page size: 0x1000
21:06:16.0968 2240 Boot type: Normal boot
21:06:16.0968 2240 ============================================================
21:06:36.0875 2240 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:06:36.0875 2240 Drive \Device\Harddisk1\DR2 - Size: 0x1DE800000 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:06:36.0875 2240 Drive \Device\Harddisk2\DR3 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:06:36.0906 2240 Drive \Device\Harddisk3\DR5 - Size: 0x1E6600000 (7.60 Gb), SectorSize: 0x200, Cylinders: 0x3E0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:06:36.0921 2240 \Device\Harddisk0\DR0:
21:06:36.0921 2240 MBR partitions:
21:06:36.0921 2240 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
21:06:36.0921 2240 \Device\Harddisk1\DR2:
21:06:36.0921 2240 MBR partitions:
21:06:36.0921 2240 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0xEF2080
21:06:36.0921 2240 \Device\Harddisk2\DR3:
21:06:36.0953 2240 MBR partitions:
21:06:36.0953 2240 \Device\Harddisk2\DR3\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x2542D682
21:06:36.0953 2240 \Device\Harddisk3\DR5:
21:06:36.0953 2240 MBR partitions:
21:06:36.0953 2240 \Device\Harddisk3\DR5\Partition0: MBR, Type 0x6, StartLBA 0x2000, BlocksNum 0xF30DFF
21:06:36.0984 2240 C: <-> \Device\Harddisk0\DR0\Partition0
21:06:37.0015 2240 E: <-> \Device\Harddisk2\DR3\Partition0
21:06:37.0015 2240 Initialize success
21:06:37.0015 2240 ============================================================
21:07:01.0859 0476 ============================================================
21:07:01.0859 0476 Scan started
21:07:01.0859 0476 Mode: Manual;
21:07:01.0859 0476 ============================================================
21:07:02.0593 0476 Abiosdsk - ok
21:07:02.0609 0476 abp480n5 - ok
21:07:02.0671 0476 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:07:02.0671 0476 ACPI - ok
21:07:02.0718 0476 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:07:02.0718 0476 ACPIEC - ok
21:07:02.0734 0476 adpu160m - ok
21:07:02.0796 0476 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:07:02.0796 0476 aec - ok
21:07:02.0812 0476 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
21:07:02.0828 0476 AESTAud - ok
21:07:02.0875 0476 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
21:07:02.0875 0476 AFD - ok
21:07:02.0890 0476 Aha154x - ok
21:07:02.0906 0476 aic78u2 - ok
21:07:02.0921 0476 aic78xx - ok
21:07:02.0968 0476 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:07:02.0968 0476 Alerter - ok
21:07:03.0000 0476 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:07:03.0000 0476 ALG - ok
21:07:03.0031 0476 AliIde - ok
21:07:03.0046 0476 amsint - ok
21:07:03.0078 0476 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:07:03.0078 0476 AppMgmt - ok
21:07:03.0093 0476 asc - ok
21:07:03.0109 0476 asc3350p - ok
21:07:03.0140 0476 asc3550 - ok
21:07:03.0265 0476 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:07:03.0265 0476 aspnet_state - ok
21:07:03.0296 0476 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:07:03.0296 0476 AsyncMac - ok
21:07:03.0343 0476 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:07:03.0343 0476 atapi - ok
21:07:03.0375 0476 Atdisk - ok
21:07:03.0406 0476 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:07:03.0406 0476 Atmarpc - ok
21:07:03.0453 0476 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:07:03.0453 0476 AudioSrv - ok
21:07:03.0484 0476 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:07:03.0484 0476 audstub - ok
21:07:03.0562 0476 bcm (26c6598ccc4e16d40d6b1ec789e55395) C:\WINDOWS\system32\DRIVERS\drxvi314.sys
21:07:03.0578 0476 bcm - ok
21:07:03.0718 0476 BCM43XX (181153dd2c704bf17981f5ae190ba7e8) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:07:03.0781 0476 BCM43XX - ok
21:07:03.0828 0476 bcmbusctr (7c7d66ebc5a8aa6c81d4da88c1c02d28) C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys
21:07:03.0828 0476 bcmbusctr - ok
21:07:03.0859 0476 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:07:03.0859 0476 Beep - ok
21:07:03.0921 0476 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:07:03.0937 0476 BITS - ok
21:07:03.0984 0476 Browser (7e39a3edc13b076e70fdb9a6f6d7a4b4) C:\WINDOWS\System32\browser.dll
21:07:03.0984 0476 Browser - ok
21:07:04.0093 0476 Browser Defender Update Service (8ffafd696f94ec213bc6ad47008127ea) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
21:07:04.0093 0476 Browser Defender Update Service - ok
21:07:04.0140 0476 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:07:04.0140 0476 cbidf2k - ok
21:07:04.0187 0476 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:07:04.0187 0476 CCDECODE - ok
21:07:04.0203 0476 cd20xrnt - ok
21:07:04.0234 0476 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:07:04.0234 0476 Cdaudio - ok
21:07:04.0265 0476 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:07:04.0265 0476 Cdfs - ok
21:07:04.0328 0476 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:07:04.0328 0476 Cdrom - ok
21:07:04.0343 0476 Changer - ok
21:07:04.0390 0476 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:07:04.0390 0476 CiSvc - ok
21:07:04.0421 0476 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:07:04.0421 0476 ClipSrv - ok
21:07:04.0484 0476 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:07:04.0500 0476 clr_optimization_v2.0.50727_32 - ok
21:07:04.0546 0476 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:07:04.0546 0476 CmBatt - ok
21:07:04.0562 0476 CmdIde - ok
21:07:04.0578 0476 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:07:04.0578 0476 Compbatt - ok
21:07:04.0593 0476 COMSysApp - ok
21:07:04.0609 0476 Cpqarray - ok
21:07:04.0640 0476 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:07:04.0640 0476 CryptSvc - ok
21:07:04.0656 0476 dac2w2k - ok
21:07:04.0656 0476 dac960nt - ok
21:07:04.0718 0476 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:07:04.0734 0476 DcomLaunch - ok
21:07:04.0781 0476 Dhcp (c51de19619d50cbd03708647aca10e70) C:\WINDOWS\System32\dhcpcsvc.dll
21:07:04.0796 0476 Dhcp - ok
21:07:04.0875 0476 DIFMBUS (93989bb907bbe247bff9279a54e156bd) C:\WINDOWS\system32\DRIVERS\DIFMBUS.sys
21:07:04.0890 0476 DIFMBUS - ok
21:07:04.0953 0476 DIFMCDF (1ebfa90aa4fd6d1f91fe46daf255e5ef) C:\WINDOWS\system32\DRIVERS\DIFMCDF.sys
21:07:04.0968 0476 DIFMCDF - ok
21:07:05.0046 0476 DIFMCVsp (5cae58d3b52f67cb5945eb65acb09b1b) C:\WINDOWS\system32\DRIVERS\DIFMCVsp.sys
21:07:05.0062 0476 DIFMCVsp - ok
21:07:05.0109 0476 DIFMMdm (875040ad9d5dc54cb1b1f078443f1ef5) C:\WINDOWS\system32\DRIVERS\DIFMMdm.sys
21:07:05.0125 0476 DIFMMdm - ok
21:07:05.0171 0476 DIFMNET (56cb7cc0ff7d180a05d83ef72f852858) C:\WINDOWS\system32\DRIVERS\DIFMNET.sys
21:07:05.0187 0476 DIFMNET - ok
21:07:05.0203 0476 DIFMNVsp (0b8c398be73b7aac7f6c9e9d998328ae) C:\WINDOWS\system32\DRIVERS\DIFMNVsp.sys
21:07:05.0203 0476 DIFMNVsp - ok
21:07:05.0234 0476 DIFMVsp (40cc4502848a174647d09e6226870125) C:\WINDOWS\system32\DRIVERS\DIFMVsp.sys
21:07:05.0234 0476 DIFMVsp - ok
21:07:05.0265 0476 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
21:07:05.0265 0476 Disk - ok
21:07:05.0281 0476 dmadmin - ok
21:07:05.0359 0476 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:07:05.0390 0476 dmboot - ok
21:07:05.0406 0476 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:07:05.0406 0476 dmio - ok
21:07:05.0421 0476 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:07:05.0421 0476 dmload - ok
21:07:05.0453 0476 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:07:05.0453 0476 dmserver - ok
21:07:05.0500 0476 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:07:05.0500 0476 DMusic - ok
21:07:05.0546 0476 Dnscache (d977659ae4d8ece5286d99d1ed34614d) C:\WINDOWS\System32\dnsrslvr.dll
21:07:05.0546 0476 Dnscache - ok
21:07:05.0593 0476 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:07:05.0593 0476 Dot3svc - ok
21:07:05.0609 0476 dpti2o - ok
21:07:05.0625 0476 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:07:05.0625 0476 drmkaud - ok
21:07:05.0671 0476 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:07:05.0671 0476 EapHost - ok
21:07:05.0718 0476 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:07:05.0718 0476 ERSvc - ok
21:07:05.0781 0476 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:07:05.0781 0476 Eventlog - ok
21:07:05.0828 0476 EventSystem (f17f6226bdc0cd5f0bef0daf84d29bec) C:\WINDOWS\system32\es.dll
21:07:05.0843 0476 EventSystem - ok
21:07:05.0890 0476 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:07:05.0906 0476 Fastfat - ok
21:07:05.0953 0476 FastUserSwitchingCompatibility (888cd7b39c37e13a2419becfaaf0a28c) C:\WINDOWS\System32\shsvcs.dll
21:07:05.0953 0476 FastUserSwitchingCompatibility - ok
21:07:05.0968 0476 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:07:05.0984 0476 Fdc - ok
21:07:06.0015 0476 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:07:06.0015 0476 Fips - ok
21:07:06.0140 0476 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:07:06.0156 0476 FLEXnet Licensing Service - ok
21:07:06.0171 0476 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:07:06.0171 0476 Flpydisk - ok
21:07:06.0234 0476 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:07:06.0234 0476 FltMgr - ok
21:07:06.0312 0476 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:07:06.0312 0476 FontCache3.0.0.0 - ok
21:07:06.0328 0476 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:07:06.0343 0476 Fs_Rec - ok
21:07:06.0359 0476 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:07:06.0359 0476 Ftdisk - ok
21:07:06.0390 0476 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:07:06.0390 0476 Gpc - ok
21:07:06.0437 0476 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:07:06.0437 0476 HDAudBus - ok
21:07:06.0484 0476 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:07:06.0484 0476 helpsvc - ok
21:07:06.0500 0476 HidServ - ok
21:07:06.0531 0476 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:07:06.0546 0476 hkmsvc - ok
21:07:06.0562 0476 hpn - ok
21:07:06.0671 0476 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
21:07:06.0687 0476 hpqwmiex - ok
21:07:06.0734 0476 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:07:06.0750 0476 HTTP - ok
21:07:06.0812 0476 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:07:06.0828 0476 HTTPFilter - ok
21:07:06.0843 0476 i2omgmt - ok
21:07:06.0859 0476 i2omp - ok
21:07:06.0906 0476 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:07:06.0921 0476 i8042prt - ok
21:07:07.0171 0476 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:07:07.0328 0476 ialm - ok
21:07:07.0484 0476 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:07:07.0515 0476 idsvc - ok
21:07:07.0578 0476 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:07:07.0578 0476 Imapi - ok
21:07:07.0625 0476 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:07:07.0625 0476 ImapiService - ok
21:07:07.0640 0476 ini910u - ok
21:07:07.0671 0476 IntelIde - ok
21:07:07.0718 0476 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:07:07.0718 0476 intelppm - ok
21:07:07.0750 0476 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:07:07.0750 0476 Ip6Fw - ok
21:07:07.0796 0476 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:07:07.0796 0476 IpFilterDriver - ok
21:07:07.0812 0476 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:07:07.0812 0476 IpInIp - ok
21:07:07.0859 0476 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:07:07.0859 0476 IpNat - ok
21:07:07.0875 0476 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:07:07.0890 0476 IPSec - ok
21:07:07.0921 0476 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:07:07.0921 0476 IRENUM - ok
21:07:07.0968 0476 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:07:07.0984 0476 isapnp - ok
21:07:08.0062 0476 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
21:07:08.0062 0476 JavaQuickStarterService - ok
21:07:08.0125 0476 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:07:08.0125 0476 Kbdclass - ok
21:07:08.0171 0476 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:07:08.0171 0476 kmixer - ok
21:07:08.0203 0476 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
21:07:08.0218 0476 KSecDD - ok
21:07:08.0250 0476 L1c (140f9b777fa84e2f5eeea5cadc112e53) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
21:07:08.0250 0476 L1c - ok
21:07:08.0312 0476 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:07:08.0312 0476 LanmanServer - ok
21:07:08.0359 0476 lanmanworkstation (3b9324d60dd321bab7bf6f77931d3fd1) C:\WINDOWS\System32\wkssvc.dll
21:07:08.0375 0476 lanmanworkstation - ok
21:07:08.0390 0476 lbrtfdc - ok
21:07:08.0453 0476 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:07:08.0453 0476 LmHosts - ok
21:07:08.0484 0476 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:07:08.0484 0476 Messenger - ok
21:07:08.0531 0476 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:07:08.0546 0476 mnmdd - ok
21:07:08.0578 0476 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:07:08.0593 0476 mnmsrvc - ok
21:07:08.0609 0476 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:07:08.0609 0476 Modem - ok
21:07:08.0656 0476 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:07:08.0671 0476 Mouclass - ok
21:07:08.0687 0476 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:07:08.0703 0476 MountMgr - ok
21:07:08.0718 0476 mraid35x - ok
21:07:08.0734 0476 MRxDAV (0a25b866933d126d1e831fd025a278c2) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:07:08.0750 0476 MRxDAV - ok
21:07:08.0812 0476 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:07:08.0859 0476 MRxSmb - ok
21:07:08.0890 0476 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:07:08.0890 0476 MSDTC - ok
21:07:08.0937 0476 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:07:08.0937 0476 Msfs - ok
21:07:08.0953 0476 MSIServer - ok
21:07:09.0000 0476 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:07:09.0000 0476 MSKSSRV - ok
21:07:09.0031 0476 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:07:09.0046 0476 MSPCLOCK - ok
21:07:09.0093 0476 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:07:09.0109 0476 MSPQM - ok
21:07:09.0156 0476 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:07:09.0156 0476 mssmbios - ok
21:07:09.0203 0476 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:07:09.0203 0476 MSTEE - ok
21:07:09.0234 0476 Mup (f7b1ad991491f02af6da70b00b8bf114) C:\WINDOWS\system32\drivers\Mup.sys
21:07:09.0234 0476 Mup - ok
21:07:09.0281 0476 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:07:09.0281 0476 NABTSFEC - ok
21:07:09.0328 0476 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:07:09.0328 0476 napagent - ok
21:07:09.0406 0476 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys
21:07:09.0421 0476 NDIS - ok
21:07:09.0453 0476 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:07:09.0453 0476 NdisIP - ok
21:07:09.0500 0476 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:07:09.0500 0476 NdisTapi - ok
21:07:09.0546 0476 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:07:09.0546 0476 Ndisuio - ok
21:07:09.0578 0476 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:07:09.0578 0476 NdisWan - ok
21:07:09.0625 0476 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:07:09.0625 0476 NDProxy - ok
21:07:09.0656 0476 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:07:09.0656 0476 NetBIOS - ok
21:07:09.0687 0476 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:07:09.0687 0476 NetBT - ok
21:07:09.0734 0476 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:07:09.0750 0476 NetDDE - ok
21:07:09.0765 0476 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:07:09.0781 0476 NetDDEdsdm - ok
21:07:09.0812 0476 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:07:09.0812 0476 Netlogon - ok
21:07:09.0859 0476 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:07:09.0875 0476 Netman - ok
21:07:09.0953 0476 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:07:09.0953 0476 NetTcpPortSharing - ok
21:07:10.0000 0476 Nla (290c1a30defc723bbe10910ac2d6f6d0) C:\WINDOWS\System32\mswsock.dll
21:07:10.0015 0476 Nla - ok
21:07:10.0046 0476 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:07:10.0046 0476 Npfs - ok
21:07:10.0093 0476 Ntfs (a0857c97770034fd2af17dc4014b5abd) C:\WINDOWS\system32\drivers\Ntfs.sys
21:07:10.0125 0476 Ntfs - ok
21:07:10.0140 0476 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:07:10.0156 0476 NtLmSsp - ok
21:07:10.0203 0476 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:07:10.0218 0476 NtmsSvc - ok
21:07:10.0250 0476 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:07:10.0250 0476 Null - ok
21:07:10.0312 0476 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:07:10.0312 0476 NwlnkFlt - ok
21:07:10.0343 0476 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:07:10.0343 0476 NwlnkFwd - ok
21:07:10.0453 0476 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:07:10.0468 0476 odserv - ok
21:07:10.0515 0476 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:07:10.0531 0476 ose - ok
21:07:10.0796 0476 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:07:10.0968 0476 osppsvc - ok
21:07:11.0046 0476 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:07:11.0062 0476 Parport - ok
21:07:11.0109 0476 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:07:11.0109 0476 PartMgr - ok
21:07:11.0140 0476 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:07:11.0156 0476 ParVdm - ok
21:07:11.0187 0476 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:07:11.0187 0476 PCI - ok
21:07:11.0265 0476 PCIDump - ok
21:07:11.0437 0476 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:07:11.0484 0476 PCIIde - ok
21:07:11.0578 0476 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:07:11.0578 0476 Pcmcia - ok
21:07:11.0625 0476 PCTAppEvent (4bb87c2afb75f8ab3c24f2af59e3b172) C:\WINDOWS\system32\drivers\PCTAppEvent.sys
21:07:11.0625 0476 PCTAppEvent - ok
21:07:11.0656 0476 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys
21:07:11.0671 0476 PCTBD - ok
21:07:11.0718 0476 pctBTFix (7a88a2ebf975103be7fdf5b288ecfdcd) C:\WINDOWS\system32\Drivers\pctBTFix.sys
21:07:11.0718 0476 pctBTFix - ok
21:07:11.0750 0476 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys
21:07:11.0750 0476 PCTCore - ok
21:07:11.0796 0476 pctDS (af08ec0f2093867ab955e24121ee7002) C:\WINDOWS\system32\drivers\pctDS.sys
21:07:11.0812 0476 pctDS - ok
21:07:11.0875 0476 pctEFA (4b1b0cd45a047c0941f6b6151f6fb3c1) C:\WINDOWS\system32\drivers\pctEFA.sys
21:07:11.0875 0476 pctEFA - ok
21:07:11.0921 0476 PCTFW-PacketFilter (da67f33614e36aef1b8fdcc80699aae0) C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
21:07:11.0921 0476 PCTFW-PacketFilter - ok
21:07:11.0968 0476 pctgntdi (44fd6a1042c766df69bc6ba55780019d) C:\WINDOWS\system32\drivers\pctgntdi.sys
21:07:11.0968 0476 pctgntdi - ok
21:07:12.0015 0476 pctNdis (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
21:07:12.0031 0476 pctNdis - ok
21:07:12.0031 0476 pctNdisMP (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
21:07:12.0031 0476 pctNdisMP - ok
21:07:12.0062 0476 pctplfw (0f78a1ed5f36fb317ba5914d6082f1f9) C:\WINDOWS\system32\drivers\pctplfw.sys
21:07:12.0062 0476 pctplfw - ok
21:07:12.0093 0476 pctplsg (b5d22f79943e156bf8fabf1e4888820c) C:\WINDOWS\system32\drivers\pctplsg.sys
21:07:12.0093 0476 pctplsg - ok
21:07:12.0109 0476 PCTSD (86b9af53e46d0618d230608aed82622f) C:\WINDOWS\system32\Drivers\PCTSD.sys
21:07:12.0125 0476 PCTSD - ok
21:07:12.0125 0476 PDCOMP - ok
21:07:12.0156 0476 PDFRAME - ok
21:07:12.0171 0476 PDRELI - ok
21:07:12.0187 0476 PDRFRAME - ok
21:07:12.0203 0476 perc2 - ok
21:07:12.0234 0476 perc2hib - ok
21:07:12.0296 0476 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:07:12.0312 0476 PlugPlay - ok
21:07:12.0359 0476 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:07:12.0359 0476 PolicyAgent - ok
21:07:12.0390 0476 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:07:12.0390 0476 PptpMiniport - ok
21:07:12.0406 0476 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:07:12.0406 0476 ProtectedStorage - ok
21:07:12.0437 0476 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:07:12.0437 0476 PSched - ok
21:07:12.0484 0476 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:07:12.0484 0476 Ptilink - ok
21:07:12.0531 0476 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:07:12.0531 0476 PxHelp20 - ok
21:07:12.0546 0476 ql1080 - ok
21:07:12.0562 0476 Ql10wnt - ok
21:07:12.0578 0476 ql12160 - ok
21:07:12.0593 0476 ql1240 - ok
21:07:12.0609 0476 ql1280 - ok
21:07:12.0656 0476 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:07:12.0656 0476 RasAcd - ok
21:07:12.0703 0476 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:07:12.0703 0476 RasAuto - ok
21:07:12.0734 0476 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:07:12.0750 0476 Rasl2tp - ok
21:07:12.0765 0476 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:07:12.0781 0476 RasMan - ok
21:07:12.0796 0476 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:07:12.0796 0476 RasPppoe - ok
21:07:12.0812 0476 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:07:12.0828 0476 Raspti - ok
21:07:12.0859 0476 Rdbss (9629383f70db691cb6aa5bbd828cd9a9) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:07:12.0859 0476 Rdbss - ok
21:07:12.0890 0476 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:07:12.0890 0476 RDPCDD - ok
21:07:12.0937 0476 rdpdr (3a99642ed25a2fad5b0ba55f09ba2f93) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:07:12.0937 0476 rdpdr - ok
21:07:13.0000 0476 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:07:13.0000 0476 RDPWD - ok
21:07:13.0046 0476 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:07:13.0062 0476 RDSessMgr - ok
21:07:13.0125 0476 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:07:13.0125 0476 redbook - ok
21:07:13.0171 0476 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:07:13.0171 0476 RemoteAccess - ok
21:07:13.0218 0476 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:07:13.0234 0476 RemoteRegistry - ok
21:07:13.0265 0476 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:07:13.0281 0476 RpcLocator - ok
21:07:13.0343 0476 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:07:13.0343 0476 RpcSs - ok
21:07:13.0390 0476 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
21:07:13.0390 0476 rspndr - ok
21:07:13.0437 0476 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:07:13.0453 0476 RSVP - ok
21:07:13.0500 0476 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:07:13.0500 0476 SamSs - ok
21:07:13.0515 0476 SBRE - ok
21:07:13.0578 0476 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:07:13.0578 0476 SCardSvr - ok
21:07:13.0625 0476 SCDEmu (9feb2026a460916d1a1198b460632630) C:\WINDOWS\system32\drivers\SCDEmu.sys
21:07:13.0625 0476 SCDEmu - ok
21:07:13.0671 0476 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:07:13.0687 0476 Schedule - ok
21:07:13.0796 0476 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools Security\pctsAuxs.exe
21:07:13.0796 0476 sdAuxService - ok
21:07:13.0890 0476 sdCoreService (1840a94e5d0aa9c27ad6528872a001ca) C:\Program Files\PC Tools Security\pctsSvc.exe
21:07:13.0906 0476 sdCoreService - ok
21:07:13.0984 0476 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:07:14.0000 0476 Secdrv - ok
21:07:14.0078 0476 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:07:14.0078 0476 seclogon - ok
21:07:14.0125 0476 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:07:14.0156 0476 SENS - ok
21:07:14.0218 0476 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:07:14.0218 0476 Serial - ok
21:07:14.0281 0476 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:07:14.0281 0476 Sfloppy - ok
21:07:14.0343 0476 SharedAccess (4f10a2fa76b5bd54cd68afa94e8adb39) C:\WINDOWS\System32\ipnathlp.dll
21:07:14.0359 0476 SharedAccess - ok
21:07:14.0406 0476 ShellHWDetection (888cd7b39c37e13a2419becfaaf0a28c) C:\WINDOWS\System32\shsvcs.dll
21:07:14.0421 0476 ShellHWDetection - ok
21:07:14.0437 0476 Simbad - ok
21:07:14.0468 0476 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:07:14.0468 0476 SLIP - ok
21:07:14.0500 0476 Sparrow - ok
21:07:14.0546 0476 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:07:14.0562 0476 splitter - ok
21:07:14.0609 0476 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:07:14.0625 0476 Spooler - ok
21:07:14.0671 0476 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:07:14.0671 0476 sr - ok
21:07:14.0703 0476 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:07:14.0718 0476 srservice - ok
21:07:14.0750 0476 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:07:14.0765 0476 Srv - ok
21:07:14.0796 0476 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:07:14.0812 0476 SSDPSRV - ok
21:07:14.0906 0476 STacSV (bf8b7e3c4af6e29025519a70469061a6) c:\program files\idt\wdm\STacSV.exe
21:07:14.0906 0476 STacSV - ok
21:07:14.0984 0476 STHDA (54570bac06c8d64c01b38285de92c464) C:\WINDOWS\system32\drivers\sthda.sys
21:07:15.0031 0476 STHDA - ok
21:07:15.0078 0476 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:07:15.0093 0476 stisvc - ok
21:07:15.0140 0476 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:07:15.0140 0476 streamip - ok
21:07:15.0187 0476 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:07:15.0187 0476 swenum - ok
21:07:15.0234 0476 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:07:15.0234 0476 swmidi - ok
21:07:15.0250 0476 SwPrv - ok
21:07:15.0265 0476 symc810 - ok
21:07:15.0296 0476 symc8xx - ok
21:07:15.0312 0476 sym_hi - ok
21:07:15.0328 0476 sym_u3 - ok
21:07:15.0359 0476 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:07:15.0359 0476 sysaudio - ok
21:07:15.0390 0476 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:07:15.0406 0476 SysmonLog - ok
21:07:15.0437 0476 TapiSrv (e2b32b10acc5d97623275aafb67e5f03) C:\WINDOWS\System32\tapisrv.dll
21:07:15.0453 0476 TapiSrv - ok
21:07:15.0484 0476 Tcpip (367de8e5f638c091f49273144274f629) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:07:15.0500 0476 Tcpip - ok
21:07:15.0562 0476 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:07:15.0562 0476 TDPIPE - ok
21:07:15.0609 0476 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:07:15.0609 0476 TDTCP - ok
21:07:15.0640 0476 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:07:15.0640 0476 TermDD - ok
21:07:15.0687 0476 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:07:15.0703 0476 TermService - ok
21:07:15.0734 0476 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\WINDOWS\system32\drivers\TfFsMon.sys
21:07:15.0750 0476 TfFsMon - ok
21:07:15.0765 0476 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\WINDOWS\system32\drivers\TfNetMon.sys
21:07:15.0765 0476 TfNetMon - ok
21:07:15.0828 0476 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\WINDOWS\system32\drivers\TfSysMon.sys
21:07:15.0843 0476 TFSysMon - ok
21:07:15.0890 0476 Themes (888cd7b39c37e13a2419becfaaf0a28c) C:\WINDOWS\System32\shsvcs.dll
21:07:15.0890 0476 Themes - ok
21:07:15.0968 0476 ThreatFire - ok
21:07:16.0031 0476 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:07:16.0031 0476 TlntSvr - ok
21:07:16.0046 0476 TosIde - ok
21:07:16.0109 0476 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:07:16.0125 0476 TrkWks - ok
21:07:16.0156 0476 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:07:16.0156 0476 Udfs - ok
21:07:16.0171 0476 ultra - ok
21:07:16.0250 0476 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:07:16.0265 0476 Update - ok
21:07:16.0296 0476 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:07:16.0312 0476 upnphost - ok
21:07:16.0328 0476 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:07:16.0328 0476 UPS - ok
21:07:16.0375 0476 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:07:16.0375 0476 usbccgp - ok
21:07:16.0406 0476 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:07:16.0421 0476 usbehci - ok
21:07:16.0453 0476 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:07:16.0453 0476 usbhub - ok
21:07:16.0500 0476 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:07:16.0500 0476 usbstor - ok
21:07:16.0515 0476 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:07:16.0515 0476 usbuhci - ok
21:07:16.0609 0476 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:07:16.0656 0476 usbvideo - ok
21:07:16.0953 0476 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
21:07:16.0953 0476 usb_rndisx - ok
21:07:17.0000 0476 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:07:17.0000 0476 VgaSave - ok
21:07:17.0015 0476 ViaIde - ok
21:07:17.0046 0476 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:07:17.0046 0476 VolSnap - ok
21:07:17.0093 0476 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:07:17.0109 0476 VSS - ok
21:07:17.0140 0476 W32Time (9f8a0d0cbb2fa265a754516128c00e22) C:\WINDOWS\system32\w32time.dll
21:07:17.0156 0476 W32Time - ok
21:07:17.0187 0476 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:07:17.0187 0476 Wanarp - ok
21:07:17.0203 0476 WDICA - ok
21:07:17.0250 0476 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:07:17.0250 0476 wdmaud - ok
21:07:17.0281 0476 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:07:17.0281 0476 WebClient - ok
21:07:17.0343 0476 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:07:17.0359 0476 winmgmt - ok
21:07:17.0421 0476 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:07:17.0437 0476 WmdmPmSN - ok
21:07:17.0500 0476 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:07:17.0515 0476 Wmi - ok
21:07:17.0578 0476 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:07:17.0578 0476 WmiAcpi - ok
21:07:17.0609 0476 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:07:17.0609 0476 WmiApSrv - ok
21:07:17.0750 0476 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:07:17.0781 0476 WMPNetworkSvc - ok
21:07:17.0890 0476 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:07:17.0890 0476 WS2IFSL - ok
21:07:17.0937 0476 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:07:17.0953 0476 wscsvc - ok
21:07:18.0031 0476 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:07:18.0031 0476 WSTCODEC - ok
21:07:18.0093 0476 wuauserv (e53ae6443f6319d7ec22672cd473eadb) C:\WINDOWS\system32\wuauserv.dll
21:07:18.0109 0476 wuauserv - ok
21:07:18.0109 0476 WudfPf - ok
21:07:18.0140 0476 WudfRd - ok
21:07:18.0156 0476 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:07:18.0171 0476 WudfSvc - ok
21:07:18.0218 0476 WZCSVC (349b8d2bb755e8c3b0e3e82a87663e55) C:\WINDOWS\System32\wzcsvc.dll
21:07:18.0250 0476 WZCSVC - ok
21:07:18.0265 0476 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:07:18.0281 0476 xmlprov - ok
21:07:18.0375 0476 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:07:18.0687 0476 \Device\Harddisk0\DR0 - ok
21:07:18.0703 0476 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR2
21:07:21.0031 0476 \Device\Harddisk1\DR2 - ok
21:07:21.0062 0476 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk2\DR3
21:07:21.0078 0476 \Device\Harddisk2\DR3 - ok
21:07:21.0093 0476 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR5
21:07:21.0218 0476 \Device\Harddisk3\DR5 - ok
21:07:21.0250 0476 Boot (0x1200) (54165b1764b7d48d923f70786e7fc2f2) \Device\Harddisk0\DR0\Partition0
21:07:21.0250 0476 \Device\Harddisk0\DR0\Partition0 - ok
21:07:21.0265 0476 Boot (0x1200) (ff81cead661046f25a1a34c5889197e2) \Device\Harddisk1\DR2\Partition0
21:07:21.0265 0476 \Device\Harddisk1\DR2\Partition0 - ok
21:07:21.0281 0476 Boot (0x1200) (65490157489ab96b432499e176347c98) \Device\Harddisk2\DR3\Partition0
21:07:21.0281 0476 \Device\Harddisk2\DR3\Partition0 - ok
21:07:21.0296 0476 Boot (0x1200) (806f8b1bdff9eec1a8ffe5710712a84a) \Device\Harddisk3\DR5\Partition0
21:07:21.0296 0476 \Device\Harddisk3\DR5\Partition0 - ok
21:07:21.0296 0476 ============================================================
21:07:21.0296 0476 Scan finished
21:07:21.0296 0476 ============================================================
21:07:21.0328 3404 Detected object count: 0
21:07:21.0328 3404 Actual detected object count: 0
21:08:16.0515 2312 ============================================================
21:08:16.0515 2312 Scan started
21:08:16.0515 2312 Mode: Manual;
21:08:16.0515 2312 ============================================================
21:08:17.0218 2312 Abiosdsk - ok
21:08:17.0234 2312 abp480n5 - ok
21:08:17.0296 2312 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:08:17.0296 2312 ACPI - ok
21:08:17.0328 2312 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:08:17.0328 2312 ACPIEC - ok
21:08:17.0343 2312 adpu160m - ok
21:08:17.0406 2312 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:08:17.0406 2312 aec - ok
21:08:17.0437 2312 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
21:08:17.0437 2312 AESTAud - ok
21:08:17.0500 2312 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
21:08:17.0500 2312 AFD - ok
21:08:17.0515 2312 Aha154x - ok
21:08:17.0531 2312 aic78u2 - ok
21:08:17.0546 2312 aic78xx - ok
21:08:17.0578 2312 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:08:17.0578 2312 Alerter - ok
21:08:17.0625 2312 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:08:17.0625 2312 ALG - ok
21:08:17.0640 2312 AliIde - ok
21:08:17.0656 2312 amsint - ok
21:08:17.0687 2312 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:08:17.0703 2312 AppMgmt - ok
21:08:17.0703 2312 asc - ok
21:08:17.0718 2312 asc3350p - ok
21:08:17.0750 2312 asc3550 - ok
21:08:17.0828 2312 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:08:17.0828 2312 aspnet_state - ok
21:08:17.0859 2312 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:08:17.0859 2312 AsyncMac - ok
21:08:17.0906 2312 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:08:17.0906 2312 atapi - ok
21:08:17.0921 2312 Atdisk - ok
21:08:17.0953 2312 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:08:17.0953 2312 Atmarpc - ok
21:08:17.0984 2312 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:08:17.0984 2312 AudioSrv - ok
21:08:18.0046 2312 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:08:18.0046 2312 audstub - ok
21:08:18.0109 2312 bcm (26c6598ccc4e16d40d6b1ec789e55395) C:\WINDOWS\system32\DRIVERS\drxvi314.sys
21:08:18.0125 2312 bcm - ok
21:08:18.0250 2312 BCM43XX (181153dd2c704bf17981f5ae190ba7e8) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:08:18.0312 2312 BCM43XX - ok
21:08:18.0359 2312 bcmbusctr (7c7d66ebc5a8aa6c81d4da88c1c02d28) C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys
21:08:18.0359 2312 bcmbusctr - ok
21:08:18.0390 2312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:08:18.0390 2312 Beep - ok
21:08:18.0453 2312 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:08:18.0453 2312 BITS - ok
21:08:18.0500 2312 Browser (7e39a3edc13b076e70fdb9a6f6d7a4b4) C:\WINDOWS\System32\browser.dll
21:08:18.0500 2312 Browser - ok
21:08:18.0625 2312 Browser Defender Update Service (8ffafd696f94ec213bc6ad47008127ea) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
21:08:18.0625 2312 Browser Defender Update Service - ok
21:08:18.0671 2312 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:08:18.0671 2312 cbidf2k - ok
21:08:18.0734 2312 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:08:18.0734 2312 CCDECODE - ok
21:08:18.0750 2312 cd20xrnt - ok
21:08:18.0765 2312 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:08:18.0765 2312 Cdaudio - ok
21:08:18.0796 2312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:08:18.0796 2312 Cdfs - ok
21:08:18.0843 2312 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:08:18.0843 2312 Cdrom - ok
21:08:18.0859 2312 Changer - ok
21:08:18.0937 2312 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:08:18.0937 2312 CiSvc - ok
21:08:18.0984 2312 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:08:18.0984 2312 ClipSrv - ok
21:08:19.0062 2312 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:08:19.0062 2312 clr_optimization_v2.0.50727_32 - ok
21:08:19.0125 2312 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:08:19.0125 2312 CmBatt - ok
21:08:19.0140 2312 CmdIde - ok
21:08:19.0156 2312 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:08:19.0171 2312 Compbatt - ok
21:08:19.0171 2312 COMSysApp - ok
21:08:19.0203 2312 Cpqarray - ok
21:08:19.0234 2312 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:08:19.0234 2312 CryptSvc - ok
21:08:19.0250 2312 dac2w2k - ok
21:08:19.0265 2312 dac960nt - ok
21:08:19.0312 2312 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:08:19.0328 2312 DcomLaunch - ok
21:08:19.0375 2312 Dhcp (c51de19619d50cbd03708647aca10e70) C:\WINDOWS\System32\dhcpcsvc.dll
21:08:19.0390 2312 Dhcp - ok
21:08:19.0453 2312 DIFMBUS (93989bb907bbe247bff9279a54e156bd) C:\WINDOWS\system32\DRIVERS\DIFMBUS.sys
21:08:19.0453 2312 DIFMBUS - ok
21:08:19.0515 2312 DIFMCDF (1ebfa90aa4fd6d1f91fe46daf255e5ef) C:\WINDOWS\system32\DRIVERS\DIFMCDF.sys
21:08:19.0515 2312 DIFMCDF - ok
21:08:19.0593 2312 DIFMCVsp (5cae58d3b52f67cb5945eb65acb09b1b) C:\WINDOWS\system32\DRIVERS\DIFMCVsp.sys
21:08:19.0593 2312 DIFMCVsp - ok
21:08:19.0625 2312 DIFMMdm (875040ad9d5dc54cb1b1f078443f1ef5) C:\WINDOWS\system32\DRIVERS\DIFMMdm.sys
21:08:19.0625 2312 DIFMMdm - ok
21:08:19.0687 2312 DIFMNET (56cb7cc0ff7d180a05d83ef72f852858) C:\WINDOWS\system32\DRIVERS\DIFMNET.sys
21:08:19.0687 2312 DIFMNET - ok
21:08:19.0703 2312 DIFMNVsp (0b8c398be73b7aac7f6c9e9d998328ae) C:\WINDOWS\system32\DRIVERS\DIFMNVsp.sys
21:08:19.0703 2312 DIFMNVsp - ok
21:08:19.0718 2312 DIFMVsp (40cc4502848a174647d09e6226870125) C:\WINDOWS\system32\DRIVERS\DIFMVsp.sys
21:08:19.0734 2312 DIFMVsp - ok
21:08:19.0781 2312 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
21:08:19.0781 2312 Disk - ok
21:08:19.0796 2312 dmadmin - ok
21:08:19.0875 2312 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:08:19.0890 2312 dmboot - ok
21:08:19.0921 2312 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:08:19.0921 2312 dmio - ok
21:08:19.0953 2312 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:08:19.0953 2312 dmload - ok
21:08:19.0984 2312 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:08:19.0984 2312 dmserver - ok
21:08:20.0031 2312 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:08:20.0031 2312 DMusic - ok
21:08:20.0078 2312 Dnscache (d977659ae4d8ece5286d99d1ed34614d) C:\WINDOWS\System32\dnsrslvr.dll
21:08:20.0078 2312 Dnscache - ok
21:08:20.0125 2312 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:08:20.0125 2312 Dot3svc - ok
21:08:20.0140 2312 dpti2o - ok
21:08:20.0156 2312 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:08:20.0171 2312 drmkaud - ok
21:08:20.0203 2312 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:08:20.0203 2312 EapHost - ok
21:08:20.0250 2312 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:08:20.0250 2312 ERSvc - ok
21:08:20.0296 2312 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:08:20.0312 2312 Eventlog - ok
21:08:20.0343 2312 EventSystem (f17f6226bdc0cd5f0bef0daf84d29bec) C:\WINDOWS\system32\es.dll
21:08:20.0359 2312 EventSystem - ok
21:08:20.0375 2312 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:08:20.0375 2312 Fastfat - ok
21:08:20.0437 2312 FastUserSwitchingCompatibility (888cd7b39c37e13a2419becfaaf0a28c) C:\WINDOWS\System32\shsvcs.dll
21:08:20.0437 2312 FastUserSwitchingCompatibility - ok
21:08:20.0484 2312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:08:20.0484 2312 Fdc - ok
21:08:20.0531 2312 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:08:20.0531 2312 Fips - ok
21:08:20.0656 2312 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:08:20.0656 2312 FLEXnet Licensing Service - ok
21:08:20.0671 2312 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:08:20.0671 2312 Flpydisk - ok
21:08:20.0734 2312 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:08:20.0734 2312 FltMgr - ok
21:08:20.0796 2312 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:08:20.0796 2312 FontCache3.0.0.0 - ok
21:08:20.0828 2312 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:08:20.0828 2312 Fs_Rec - ok
21:08:20.0843 2312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:08:20.0859 2312 Ftdisk - ok
21:08:20.0906 2312 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:08:20.0906 2312 Gpc - ok
21:08:20.0968 2312 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:08:20.0968 2312 HDAudBus - ok
21:08:21.0031 2312 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:08:21.0031 2312 helpsvc - ok
21:08:21.0046 2312 HidServ - ok
21:08:21.0093 2312 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:08:21.0109 2312 hkmsvc - ok
21:08:21.0125 2312 hpn - ok
21:08:21.0218 2312 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
21:08:21.0234 2312 hpqwmiex - ok
21:08:21.0296 2312 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:08:21.0312 2312 HTTP - ok
21:08:21.0359 2312 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:08:21.0375 2312 HTTPFilter - ok
21:08:21.0390 2312 i2omgmt - ok
21:08:21.0406 2312 i2omp - ok
21:08:21.0453 2312 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:08:21.0468 2312 i8042prt - ok
21:08:21.0765 2312 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:08:21.0875 2312 ialm - ok
21:08:22.0031 2312 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:08:22.0031 2312 idsvc - ok
21:08:22.0093 2312 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:08:22.0093 2312 Imapi - ok
21:08:22.0140 2312 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:08:22.0140 2312 ImapiService - ok
21:08:22.0156 2312 ini910u - ok
21:08:22.0187 2312 IntelIde - ok
21:08:22.0218 2312 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:08:22.0218 2312 intelppm - ok
21:08:22.0265 2312 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:08:22.0265 2312 Ip6Fw - ok
21:08:22.0312 2312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:08:22.0312 2312 IpFilterDriver - ok
21:08:22.0328 2312 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:08:22.0328 2312 IpInIp - ok
21:08:22.0375 2312 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:08:22.0375 2312 IpNat - ok
21:08:22.0406 2312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:08:22.0406 2312 IPSec - ok
21:08:22.0437 2312 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:08:22.0437 2312 IRENUM - ok
21:08:22.0484 2312 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:08:22.0500 2312 isapnp - ok
21:08:22.0578 2312 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
21:08:22.0578 2312 JavaQuickStarterService - ok
21:08:22.0609 2312 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:08:22.0609 2312 Kbdclass - ok
21:08:22.0640 2312 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:08:22.0656 2312 kmixer - ok
21:08:22.0687 2312 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
21:08:22.0687 2312 KSecDD - ok
21:08:22.0718 2312 L1c (140f9b777fa84e2f5eeea5cadc112e53) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
21:08:22.0718 2312 L1c - ok
21:08:22.0781 2312 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:08:22.0781 2312 LanmanServer - ok
21:08:22.0843 2312 lanmanworkstation (3b9324d60dd321bab7bf6f77931d3fd1) C:\WINDOWS\System32\wkssvc.dll
21:08:22.0843 2312 lanmanworkstation - ok
21:08:22.0859 2312 lbrtfdc - ok
21:08:22.0921 2312 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:08:22.0937 2312 LmHosts - ok
21:08:22.0968 2312 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:08:22.0968 2312 Messenger - ok
21:08:23.0015 2312 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:08:23.0015 2312 mnmdd - ok
21:08:23.0062 2312 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:08:23.0078 2312 mnmsrvc - ok
21:08:23.0093 2312 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:08:23.0109 2312 Modem - ok
21:08:23.0140 2312 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:08:23.0140 2312 Mouclass - ok
21:08:23.0171 2312 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:08:23.0171 2312 MountMgr - ok
21:08:23.0187 2312 mraid35x - ok
21:08:23.0218 2312 MRxDAV (0a25b866933d126d1e831fd025a278c2) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:08:23.0234 2312 MRxDAV - ok
21:08:23.0296 2312 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:08:23.0312 2312 MRxSmb - ok
21:08:23.0343 2312 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:08:23.0359 2312 MSDTC - ok
21:08:23.0375 2312 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:08:23.0375 2312 Msfs - ok
21:08:23.0406 2312 MSIServer - ok
21:08:23.0437 2312 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:08:23.0437 2312 MSKSSRV - ok
21:08:23.0468 2312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:08:23.0484 2312 MSPCLOCK - ok
21:08:23.0531 2312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:08:23.0531 2312 MSPQM - ok
21:08:23.0578 2312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:08:23.0578 2312 mssmbios - ok
21:08:23.0609 2312 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:08:23.0609 2312 MSTEE - ok
21:08:23.0640 2312 Mup (f7b1ad991491f02af6da70b00b8bf114) C:\WINDOWS\system32\drivers\Mup.sys
21:08:23.0656 2312 Mup - ok
21:08:23.0687 2312 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:08:23.0687 2312 NABTSFEC - ok
21:08:23.0718 2312 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:08:23.0734 2312 napagent - ok
21:08:23.0765 2312 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys
21:08:23.0765 2312 NDIS - ok
21:08:23.0796 2312 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:08:23.0796 2312 NdisIP - ok
21:08:23.0843 2312 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:08:23.0843 2312 NdisTapi - ok
21:08:23.0875 2312 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:08:23.0875 2312 Ndisuio - ok
21:08:23.0921 2312 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:08:23.0921 2312 NdisWan - ok
21:08:23.0968 2312 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:08:23.0968 2312 NDProxy - ok
21:08:23.0984 2312 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:08:24.0000 2312 NetBIOS - ok
21:08:24.0031 2312 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:08:24.0031 2312 NetBT - ok
21:08:24.0078 2312 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:08:24.0093 2312 NetDDE - ok
21:08:24.0109 2312 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:08:24.0109 2312 NetDDEdsdm - ok
21:08:24.0171 2312 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:08:24.0171 2312 Netlogon - ok
21:08:24.0203 2312 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:08:24.0218 2312 Netman - ok
21:08:24.0281 2312 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:08:24.0296 2312 NetTcpPortSharing - ok
21:08:24.0328 2312 Nla (290c1a30defc723bbe10910ac2d6f6d0) C:\WINDOWS\System32\mswsock.dll
21:08:24.0328 2312 Nla - ok
21:08:24.0343 2312 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:08:24.0343 2312 Npfs - ok
21:08:24.0390 2312 Ntfs (a0857c97770034fd2af17dc4014b5abd) C:\WINDOWS\system32\drivers\Ntfs.sys
21:08:24.0406 2312 Ntfs - ok
21:08:24.0421 2312 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:08:24.0421 2312 NtLmSsp - ok
21:08:24.0468 2312 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:08:24.0484 2312 NtmsSvc - ok
21:08:24.0500 2312 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:08:24.0500 2312 Null - ok
21:08:24.0546 2312 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:08:24.0546 2312 NwlnkFlt - ok
21:08:24.0562 2312 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:08:24.0562 2312 NwlnkFwd - ok
21:08:24.0656 2312 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:08:24.0671 2312 odserv - ok
21:08:24.0718 2312 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:08:24.0718 2312 ose - ok
21:08:24.0968 2312 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:08:25.0031 2312 osppsvc - ok
21:08:25.0125 2312 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:08:25.0125 2312 Parport - ok
21:08:25.0140 2312 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:08:25.0140 2312 PartMgr - ok
21:08:25.0171 2312 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:08:25.0171 2312 ParVdm - ok
21:08:25.0218 2312 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:08:25.0218 2312 PCI - ok
21:08:25.0234 2312 PCIDump - ok
21:08:25.0265 2312 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:08:25.0265 2312 PCIIde - ok
21:08:25.0312 2312 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:08:25.0312 2312 Pcmcia - ok
21:08:25.0359 2312 PCTAppEvent (4bb87c2afb75f8ab3c24f2af59e3b172) C:\WINDOWS\system32\drivers\PCTAppEvent.sys
21:08:25.0375 2312 PCTAppEvent - ok
21:08:25.0421 2312 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys
21:08:25.0421 2312 PCTBD - ok
21:08:25.0484 2312 pctBTFix (7a88a2ebf975103be7fdf5b288ecfdcd) C:\WINDOWS\system32\Drivers\pctBTFix.sys
21:08:25.0484 2312 pctBTFix - ok
21:08:25.0500 2312 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys
21:08:25.0515 2312 PCTCore - ok
21:08:25.0546 2312 pctDS (af08ec0f2093867ab955e24121ee7002) C:\WINDOWS\system32\drivers\pctDS.sys
21:08:25.0562 2312 pctDS - ok
21:08:25.0593 2312 pctEFA (4b1b0cd45a047c0941f6b6151f6fb3c1) C:\WINDOWS\system32\drivers\pctEFA.sys
21:08:25.0609 2312 pctEFA - ok
21:08:25.0640 2312 PCTFW-PacketFilter (da67f33614e36aef1b8fdcc80699aae0) C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
21:08:25.0656 2312 PCTFW-PacketFilter - ok
21:08:25.0687 2312 pctgntdi (44fd6a1042c766df69bc6ba55780019d) C:\WINDOWS\system32\drivers\pctgntdi.sys
21:08:25.0687 2312 pctgntdi - ok
21:08:25.0734 2312 pctNdis (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
21:08:25.0750 2312 pctNdis - ok
21:08:25.0765 2312 pctNdisMP (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
21:08:25.0765 2312 pctNdisMP - ok
21:08:25.0812 2312 pctplfw (0f78a1ed5f36fb317ba5914d6082f1f9) C:\WINDOWS\system32\drivers\pctplfw.sys
21:08:25.0812 2312 pctplfw - ok
21:08:25.0843 2312 pctplsg (b5d22f79943e156bf8fabf1e4888820c) C:\WINDOWS\system32\drivers\pctplsg.sys
21:08:25.0843 2312 pctplsg - ok
21:08:25.0890 2312 PCTSD (86b9af53e46d0618d230608aed82622f) C:\WINDOWS\system32\Drivers\PCTSD.sys
21:08:25.0890 2312 PCTSD - ok
21:08:25.0906 2312 PDCOMP - ok
21:08:25.0921 2312 PDFRAME - ok
21:08:25.0937 2312 PDRELI - ok
21:08:25.0953 2312 PDRFRAME - ok
21:08:25.0968 2312 perc2 - ok
21:08:26.0000 2312 perc2hib - ok
21:08:26.0062 2312 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:08:26.0078 2312 PlugPlay - ok
21:08:26.0125 2312 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:08:26.0125 2312 PolicyAgent - ok
21:08:26.0156 2312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:08:26.0156 2312 PptpMiniport - ok
21:08:26.0171 2312 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:08:26.0171 2312 ProtectedStorage - ok
21:08:26.0203 2312 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:08:26.0203 2312 PSched - ok
21:08:26.0218 2312 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:08:26.0218 2312 Ptilink - ok
21:08:26.0265 2312 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:08:26.0265 2312 PxHelp20 - ok
21:08:26.0281 2312 ql1080 - ok
21:08:26.0312 2312 Ql10wnt - ok
21:08:26.0328 2312 ql12160 - ok
21:08:26.0343 2312 ql1240 - ok
21:08:26.0359 2312 ql1280 - ok
21:08:26.0390 2312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:08:26.0390 2312 RasAcd - ok
21:08:26.0421 2312 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:08:26.0437 2312 RasAuto - ok
21:08:26.0453 2312 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:08:26.0468 2312 Rasl2tp - ok
21:08:26.0484 2312 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:08:26.0500 2312 RasMan - ok
21:08:26.0515 2312 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:08:26.0515 2312 RasPppoe - ok
21:08:26.0546 2312 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:08:26.0546 2312 Raspti - ok
21:08:26.0578 2312 Rdbss (9629383f70db691cb6aa5bbd828cd9a9) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:08:26.0578 2312 Rdbss - ok
21:08:26.0593 2312 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:08:26.0593 2312 RDPCDD - ok
21:08:26.0656 2312 rdpdr (3a99642ed25a2fad5b0ba55f09ba2f93) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:08:26.0656 2312 rdpdr - ok
21:08:26.0718 2312 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:08:26.0718 2312 RDPWD - ok
21:08:26.0734 2312 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:08:26.0750 2312 RDSessMgr - ok
21:08:26.0812 2312 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:08:26.0812 2312 redbook - ok
21:08:26.0859 2312 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:08:26.0859 2312 RemoteAccess - ok
21:08:26.0906 2312 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:08:26.0921 2312 RemoteRegistry - ok
21:08:26.0953 2312 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:08:26.0953 2312 RpcLocator - ok
21:08:27.0031 2312 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:08:27.0031 2312 RpcSs - ok
21:08:27.0093 2312 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
21:08:27.0093 2312 rspndr - ok
21:08:27.0140 2312 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:08:27.0156 2312 RSVP - ok
21:08:27.0171 2312 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:08:27.0187 2312 SamSs - ok
21:08:27.0187 2312 SBRE - ok
21:08:27.0234 2312 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:08:27.0250 2312 SCardSvr - ok
21:08:27.0296 2312 SCDEmu (9feb2026a460916d1a1198b460632630) C:\WINDOWS\system32\drivers\SCDEmu.sys
21:08:27.0296 2312 SCDEmu - ok
21:08:27.0359 2312 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:08:27.0375 2312 Schedule - ok
21:08:27.0484 2312 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools Security\pctsAuxs.exe
21:08:27.0484 2312 sdAuxService - ok
21:08:27.0562 2312 sdCoreService (1840a94e5d0aa9c27ad6528872a001ca) C:\Program Files\PC Tools Security\pctsSvc.exe
21:08:27.0593 2312 sdCoreService - ok
21:08:27.0640 2312 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:08:27.0640 2312 Secdrv - ok
21:08:27.0703 2312 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:08:27.0703 2312 seclogon - ok
21:08:27.0734 2312 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:08:27.0750 2312 SENS - ok
21:08:27.0781 2312 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:08:27.0781 2312 Serial - ok
21:08:27.0812 2312 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:08:27.0828 2312 Sfloppy - ok
21:08:27.0875 2312 SharedAccess (4f10a2fa76b5bd54cd68afa94e8adb39) C:\WINDOWS\System32\ipnathlp.dll
21:08:27.0890 2312 SharedAccess - ok
21:08:27.0937 2312 ShellHWDetection (888cd7b39c37e13a2419becfaaf0a28c) C:\WINDOWS\System32\shsvcs.dll
21:08:27.0953 2312 ShellHWDetection - ok
21:08:27.0968 2312 Simbad - ok
21:08:28.0015 2312 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:08:28.0015 2312 SLIP - ok
21:08:28.0031 2312 Sparrow - ok
21:08:28.0078 2312 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:08:28.0093 2312 splitter - ok
21:08:28.0140 2312 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:08:28.0140 2312 Spooler - ok
21:08:28.0187 2312 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:08:28.0203 2312 sr - ok
21:08:28.0234 2312 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:08:28.0234 2312 srservice - ok
21:08:28.0265 2312 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:08:28.0281 2312 Srv - ok
21:08:28.0296 2312 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:08:28.0312 2312 SSDPSRV - ok
21:08:28.0390 2312 STacSV (bf8b7e3c4af6e29025519a70469061a6) c:\program files\idt\wdm\STacSV.exe
21:08:28.0390 2312 STacSV - ok
21:08:28.0484 2312 STHDA (54570bac06c8d64c01b38285de92c464) C:\WINDOWS\system32\drivers\sthda.sys
21:08:28.0500 2312 STHDA - ok
21:08:28.0546 2312 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:08:28.0562 2312 stisvc - ok
21:08:28.0609 2312 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:08:28.0609 2312 streamip - ok
21:08:28.0656 2312 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:08:28.0656 2312 swenum - ok
21:08:28.0687 2312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:08:28.0687 2312 swmidi - ok
21:08:28.0703 2312 SwPrv - ok
21:08:28.0718 2312 symc810 - ok
21:08:28.0734 2312 symc8xx - ok
21:08:28.0750 2312 sym_hi - ok
21:08:28.0781 2312 sym_u3 - ok
21:08:28.0828 2312 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:08:28.0828 2312 sysaudio - ok
21:08:28.0859 2312 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:08:28.0859 2312 SysmonLog - ok
21:08:28.0906 2312 TapiSrv (e2b32b10acc5d97623275aafb67e5f03) C:\WINDOWS\System32\tapisrv.dll
21:08:28.0921 2312 TapiSrv - ok
21:08:28.0984 2312 Tcpip (367de8e5f638c091f49273144274f629) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:08:28.0984 2312 Tcpip - ok
21:08:29.0031 2312 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:08:29.0031 2312 TDPIPE - ok
21:08:29.0078 2312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:08:29.0078 2312 TDTCP - ok
21:08:29.0109 2312 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:08:29.0109 2312 TermDD - ok
21:08:29.0250 2312 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:08:29.0265 2312 TermService - ok
21:08:29.0500 2312 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\WINDOWS\system32\drivers\TfFsMon.sys
21:08:29.0515 2312 TfFsMon - ok
21:08:29.0578 2312 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\WINDOWS\system32\drivers\TfNetMon.sys
21:08:29.0593 2312 TfNetMon - ok
21:08:29.0640 2312 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\WINDOWS\system32\drivers\TfSysMon.sys
21:08:29.0640 2312 TFSysMon - ok
21:08:29.0687 2312 Themes (888cd7b39c37e13a2419becfaaf0a28c) C:\WINDOWS\System32\shsvcs.dll
21:08:29.0703 2312 Themes - ok
21:08:29.0781 2312 ThreatFire - ok
21:08:29.0828 2312 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:08:29.0843 2312 TlntSvr - ok
21:08:29.0859 2312 TosIde - ok
21:08:29.0906 2312 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:08:29.0906 2312 TrkWks - ok
21:08:29.0953 2312 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:08:29.0953 2312 Udfs - ok
21:08:29.0968 2312 ultra - ok
21:08:30.0031 2312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:08:30.0046 2312 Update - ok
21:08:30.0078 2312 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:08:30.0078 2312 upnphost - ok
21:08:30.0125 2312 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:08:30.0125 2312 UPS - ok
21:08:30.0171 2312 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:08:30.0171 2312 usbccgp - ok
21:08:30.0218 2312 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:08:30.0218 2312 usbehci - ok
21:08:30.0250 2312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:08:30.0250 2312 usbhub - ok
21:08:30.0281 2312 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:08:30.0281 2312 usbstor - ok
21:08:30.0312 2312 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:08:30.0312 2312 usbuhci - ok
21:08:30.0375 2312 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:08:30.0375 2312 usbvideo - ok
21:08:30.0421 2312 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
21:08:30.0421 2312 usb_rndisx - ok
21:08:30.0468 2312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:08:30.0484 2312 VgaSave - ok
21:08:30.0500 2312 ViaIde - ok
21:08:30.0531 2312 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:08:30.0531 2312 VolSnap - ok
21:08:30.0578 2312 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:08:30.0593 2312 VSS - ok
21:08:30.0625 2312 W32Time (9f8a0d0cbb2fa265a754516128c00e22) C:\WINDOWS\system32\w32time.dll
21:08:30.0625 2312 W32Time - ok
21:08:30.0671 2312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:08:30.0671 2312 Wanarp - ok
21:08:30.0687 2312 WDICA - ok
21:08:30.0734 2312 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:08:30.0750 2312 wdmaud - ok
21:08:30.0781 2312 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:08:30.0796 2312 WebClient - ok
21:08:30.0890 2312 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:08:30.0890 2312 winmgmt - ok
21:08:30.0968 2312 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:08:30.0984 2312 WmdmPmSN - ok
21:08:31.0046 2312 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:08:31.0062 2312 Wmi - ok
21:08:31.0109 2312 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:08:31.0125 2312 WmiAcpi - ok
21:08:31.0156 2312 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:08:31.0171 2312 WmiApSrv - ok
21:08:31.0312 2312 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:08:31.0328 2312 WMPNetworkSvc - ok
21:08:31.0390 2312 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:08:31.0390 2312 WS2IFSL - ok
21:08:31.0437 2312 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:08:31.0453 2312 wscsvc - ok
21:08:31.0500 2312 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:08:31.0515 2312 WSTCODEC - ok
21:08:31.0562 2312 wuauserv (e53ae6443f6319d7ec22672cd473eadb) C:\WINDOWS\system32\wuauserv.dll
21:08:31.0578 2312 wuauserv - ok
21:08:31.0593 2312 WudfPf - ok
21:08:31.0609 2312 WudfRd - ok
21:08:31.0656 2312 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:08:31.0656 2312 WudfSvc - ok
21:08:31.0703 2312 WZCSVC (349b8d2bb755e8c3b0e3e82a87663e55) C:\WINDOWS\System32\wzcsvc.dll
21:08:31.0734 2312 WZCSVC - ok
21:08:31.0765 2312 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:08:31.0781 2312 xmlprov - ok
21:08:31.0875 2312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:08:32.0171 2312 \Device\Harddisk0\DR0 - ok
21:08:32.0187 2312 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR2
21:08:34.0390 2312 \Device\Harddisk1\DR2 - ok
21:08:34.0421 2312 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk2\DR3
21:08:34.0437 2312 \Device\Harddisk2\DR3 - ok
21:08:34.0453 2312 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR5
21:08:34.0609 2312 \Device\Harddisk3\DR5 - ok
21:08:34.0671 2312 Boot (0x1200) (54165b1764b7d48d923f70786e7fc2f2) \Device\Harddisk0\DR0\Partition0
21:08:34.0718 2312 \Device\Harddisk0\DR0\Partition0 - ok
21:08:34.0718 2312 Boot (0x1200) (ff81cead661046f25a1a34c5889197e2) \Device\Harddisk1\DR2\Partition0
21:08:34.0734 2312 \Device\Harddisk1\DR2\Partition0 - ok
21:08:34.0734 2312 Boot (0x1200) (65490157489ab96b432499e176347c98) \Device\Harddisk2\DR3\Partition0
21:08:34.0750 2312 \Device\Harddisk2\DR3\Partition0 - ok
21:08:34.0765 2312 Boot (0x1200) (806f8b1bdff9eec1a8ffe5710712a84a) \Device\Harddisk3\DR5\Partition0
21:08:34.0765 2312 \Device\Harddisk3\DR5\Partition0 - ok
21:08:34.0765 2312 ============================================================
21:08:34.0765 2312 Scan finished
21:08:34.0765 2312 ============================================================
21:08:34.0796 4076 Detected object count: 0
21:08:34.0796 4076 Actual detected object count: 0
21:08:38.0312 3768 Deinitialize success


Here is the Combofix log which opened after the scan:


ComboFix 12-04-19.02 - The GRACE of GOD 04/19/2012 21:40:01.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.325 [GMT -4:00]
Running from: c:\documents and settings\The GRACE of GOD\Desktop\ComboFix.exe
AV: PC Tools Internet Security Anti-Virus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: PC Tools Internet Security Firewall *Disabled* {2BF21FEC-A5BE-424D-BDD7-3229CC84ED22}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\07BF512B.TMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\The GRACE of GOD\Application Data\36F.exe
c:\documents and settings\The GRACE of GOD\My Documents\~WRL2109.tmp
c:\windows\EventSystem.log
c:\windows\system\WINSPOOL.DRV
E:\New folder.lnk
E:\pictures.lnk
E:\setup.exe
.
c:\windows\system32\msgsvc.dll . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
.
.
2012-04-16 16:53 . 2012-04-16 16:53 -------- d-----w- c:\documents and settings\The GRACE of GOD\Local Settings\Application Data\PCHealth
2012-04-12 03:02 . 2010-02-25 17:04 29400 ----a-w- c:\windows\system32\drivers\DIFMCDF.sys
2012-04-12 03:02 . 2010-02-26 02:12 164568 ----a-w- c:\windows\system32\drivers\DIFMVsp.sys
2012-04-12 03:02 . 2010-02-25 17:05 21080 ----a-w- c:\windows\system32\DIFMCIT.DLL
2012-04-12 03:02 . 2010-02-25 17:04 112728 ----a-w- c:\windows\system32\drivers\DIFMNET.sys
2012-04-12 03:02 . 2010-02-26 02:12 164568 ----a-w- c:\windows\system32\drivers\DIFMNVsp.sys
2012-04-12 03:02 . 2010-02-25 17:04 164568 ----a-w- c:\windows\system32\drivers\DIFMCVsp.sys
2012-04-12 03:02 . 2010-02-25 17:04 164568 ----a-w- c:\windows\system32\drivers\DIFMMdm.sys
2012-04-12 03:02 . 2010-02-25 17:04 56408 ----a-w- c:\windows\system32\drivers\DIFMBUS.sys
2012-04-12 03:02 . 2010-02-25 16:59 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-04-12 03:00 . 2012-04-12 03:00 -------- d-----w- c:\program files\TSTT
2012-04-12 02:47 . 2012-04-12 02:47 -------- d-----w- C:\found.000
2012-04-11 20:15 . 2012-04-12 02:58 -------- d-----w- c:\program files\Unit Conversion Tool
2012-04-07 13:29 . 2012-04-07 13:29 1025 ----a-w- c:\windows\system32\sysprs7.dll
2012-04-07 13:29 . 2012-04-07 13:29 1025 ----a-w- c:\windows\system32\clauth2.dll
2012-04-07 13:29 . 2012-04-07 13:29 1025 ----a-w- c:\windows\system32\clauth1.dll
2012-04-07 13:29 . 2005-04-08 03:57 73 ----a-w- c:\windows\system32\ssprs.dll
2012-04-07 13:29 . 2005-04-08 03:57 205 ----a-w- c:\windows\system32\lsprst7.dll
2012-04-07 13:27 . 2012-04-07 13:27 -------- d-----w- c:\program files\Hyprotech
2012-04-07 13:27 . 2005-04-17 20:04 -------- d-----w- c:\program files\Common Files\Hyprotech
2012-04-07 13:25 . 2012-04-07 13:25 -------- d-----w- c:\program files\Common Files\InstallShield
2012-04-06 06:04 . 2012-04-06 06:04 -------- d-----w- c:\program files\Franklin
2012-04-03 08:46 . 2012-04-03 08:46 -------- d-----w- c:\documents and settings\The GRACE of GOD\Local Settings\Application Data\Identities
2012-03-30 06:20 . 2012-03-30 06:20 -------- d-----w- c:\program files\CBR Reader
2012-03-21 17:10 . 2012-03-21 17:10 -------- d-----w- c:\program files\Common Files\Java
2012-03-21 17:09 . 2012-03-21 17:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-21 17:09 . 2012-03-21 17:09 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 17:09 . 2011-11-11 11:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 11:01 . 2001-08-23 09:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2001-08-23 09:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2001-08-23 09:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2001-08-23 09:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2001-08-23 09:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2001-08-23 09:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:26 . 2001-08-23 09:00 1869184 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-01-06 296056]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-02-26 495708]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-08-12 753664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 pctBTFix;PC Tools Boot Fix Driver;c:\windows\system32\drivers\pctBTFix.sys [12/6/2011 7:47 AM 17848]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12/6/2011 6:37 AM 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [12/6/2011 6:37 AM 341656]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [12/6/2011 6:37 AM 660992]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [12/6/2011 7:47 AM 54328]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [12/6/2011 7:47 AM 574424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [12/6/2011 6:37 AM 253096]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [12/5/2011 8:03 AM 185560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [12/6/2011 7:04 AM 546768]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [12/6/2011 6:37 AM 162584]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/10/2011 7:31 PM 113664]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [1/30/2010 7:08 PM 318976]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [1/30/2010 3:08 PM 51456]
R3 DIFMBUS;Franklin EVDO USB Modem Composite Device Driver;c:\windows\system32\drivers\DIFMBUS.sys [4/11/2012 11:02 PM 56408]
R3 DIFMCVsp;Franklin EVDO USB Modem CM Port;c:\windows\system32\drivers\DIFMCVsp.sys [4/11/2012 11:02 PM 164568]
R3 DIFMMdm;Franklin EVDO USB Modem;c:\windows\system32\drivers\DIFMMdm.sys [4/11/2012 11:02 PM 164568]
R3 DIFMNET;Franklin EVDO USB Modem Network Adapter;c:\windows\system32\drivers\DIFMNET.sys [4/11/2012 11:02 PM 112728]
R3 DIFMNVsp;Franklin EVDO USB Modem NMEA Port Serial Port;c:\windows\system32\drivers\DIFMNVsp.sys [4/11/2012 11:02 PM 164568]
R3 DIFMVsp;Franklin EVDO USB Modem Diagnostics Port;c:\windows\system32\drivers\DIFMVsp.sys [4/11/2012 11:02 PM 164568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/31/2009 4:11 PM 39424]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [12/6/2011 7:48 AM 56840]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [12/6/2011 6:36 AM 57536]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 DIFMCDF;Franklin EVDO USB Modem Installation CD;c:\windows\system32\drivers\DIFMCDF.sys [4/11/2012 11:02 PM 29400]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/10/2010 1:37 AM 4640000]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [12/6/2011 6:36 AM 91136]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [12/6/2011 6:36 AM 57536]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [12/6/2011 6:36 AM 125888]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [12/6/2011 6:36 AM 70536]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [12/6/2011 7:46 AM 402336]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [12/6/2011 7:47 AM 35264]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-20 c:\windows\Tasks\Auslogics BoostSpeed Integrator Start On The GRACE of GOD Logon.job
- c:\program files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe [2011-11-15 17:25]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2052111302-527237240-1003Core.job
- c:\documents and settings\The GRACE of GOD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-11 00:07]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2052111302-527237240-1003UA.job
- c:\documents and settings\The GRACE of GOD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-11 00:07]
.
2012-04-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-2052111302-527237240-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 19:02]
.
2012-04-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-2052111302-527237240-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 19:02]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 192.168.224.5:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: Interfaces\{8EE80A0A-5594-4AF1-8C62-9406D2E484BF}: NameServer = 196.3.132.153 196.3.132.154
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-20 00:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1648)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(2980)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\idt\wdm\STacSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Microsoft ActiveSync\WCESMgr.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
.
**************************************************************************
.
Completion time: 2012-04-20 00:25:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-20 04:25
.
Pre-Run: 5,301,510,144 bytes free
Post-Run: 5,722,181,632 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FB96755232A2BA19CAD05F39F61E8034


Thank you again Satchfan :thumbup:

Respectfully yours

Tony

#12 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 5,042 posts
  • Interests:LFC, music, more LFC, more music

Posted 20 April 2012 - 03:19 AM

It’s good news that you have your programs back. If they are indeed all back, just delete the shortcuts.

Your logs are coming back clean so it may be that PC Tools got whatever was on your system. There is no sign of TDSS which is good but we’ll run a couple more scans to be sure there is nothing else lurking.


Open ComboFix

Please do the following:
  • close any open browsers.
  • close/disable all anti virus and anti malware programs so that they do not interfere with the running of ComboFix.
  • open notepad and copy/paste the text in the codebox below into it:
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it produces a log at C:\ComboFix.txt. Post the contents of Combofix.txt in your next reply.

=========================================

Download Malwarebytes-Anti-Malware

Click here
  • double-click mbam-setup.exe and follow the prompts to install the program.
  • at the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
  • if an update is found, it will download and install the latest version.
  • once the program has loaded, select Perform quick scan, then click Scan.
  • when the scan is complete, click OK, then Show Results to view the results.
  • be sure that everything is checked, and click Remove Selected.
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.
NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Satchfan

#13 Armor7

Armor7

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 20 April 2012 - 12:25 PM

Good day Satchfan,

A hearty thanks to you again. I would have replied earlier but I had a few issues with the computer freezing for a few hours during the comboFix scan; so I had to restart and do it over again.

Here are the logs:

1) From ComboFix:


ComboFix 12-04-19.02 - The GRACE of GOD 04/20/2012 10:58:10.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.616 [GMT -4:00]
Running from: c:\documents and settings\The GRACE of GOD\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\The GRACE of GOD\Desktop\CFScript.txt
AV: PC Tools Internet Security Anti-Virus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: PC Tools Internet Security Firewall *Disabled* {2BF21FEC-A5BE-424D-BDD7-3229CC84ED22}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
.
.
2012-04-16 16:53 . 2012-04-16 16:53 -------- d-----w- c:\documents and settings\The GRACE of GOD\Local Settings\Application Data\PCHealth
2012-04-12 03:02 . 2010-02-25 17:04 29400 ----a-w- c:\windows\system32\drivers\DIFMCDF.sys
2012-04-12 03:02 . 2010-02-26 02:12 164568 ----a-w- c:\windows\system32\drivers\DIFMVsp.sys
2012-04-12 03:02 . 2010-02-25 17:05 21080 ----a-w- c:\windows\system32\DIFMCIT.DLL
2012-04-12 03:02 . 2010-02-25 17:04 112728 ----a-w- c:\windows\system32\drivers\DIFMNET.sys
2012-04-12 03:02 . 2010-02-26 02:12 164568 ----a-w- c:\windows\system32\drivers\DIFMNVsp.sys
2012-04-12 03:02 . 2010-02-25 17:04 164568 ----a-w- c:\windows\system32\drivers\DIFMCVsp.sys
2012-04-12 03:02 . 2010-02-25 17:04 164568 ----a-w- c:\windows\system32\drivers\DIFMMdm.sys
2012-04-12 03:02 . 2010-02-25 17:04 56408 ----a-w- c:\windows\system32\drivers\DIFMBUS.sys
2012-04-12 03:02 . 2010-02-25 16:59 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-04-12 03:00 . 2012-04-12 03:00 -------- d-----w- c:\program files\TSTT
2012-04-12 02:47 . 2012-04-12 02:47 -------- d-----w- C:\found.000
2012-04-11 20:15 . 2012-04-12 02:58 -------- d-----w- c:\program files\Unit Conversion Tool
2012-04-07 13:29 . 2012-04-07 13:29 1025 ----a-w- c:\windows\system32\sysprs7.dll
2012-04-07 13:29 . 2012-04-07 13:29 1025 ----a-w- c:\windows\system32\clauth2.dll
2012-04-07 13:29 . 2012-04-07 13:29 1025 ----a-w- c:\windows\system32\clauth1.dll
2012-04-07 13:29 . 2005-04-08 03:57 73 ----a-w- c:\windows\system32\ssprs.dll
2012-04-07 13:29 . 2005-04-08 03:57 205 ----a-w- c:\windows\system32\lsprst7.dll
2012-04-07 13:27 . 2012-04-07 13:27 -------- d-----w- c:\program files\Hyprotech
2012-04-07 13:27 . 2005-04-17 20:04 -------- d-----w- c:\program files\Common Files\Hyprotech
2012-04-07 13:25 . 2012-04-07 13:25 -------- d-----w- c:\program files\Common Files\InstallShield
2012-04-06 06:04 . 2012-04-06 06:04 -------- d-----w- c:\program files\Franklin
2012-04-03 08:46 . 2012-04-03 08:46 -------- d-----w- c:\documents and settings\The GRACE of GOD\Local Settings\Application Data\Identities
2012-03-30 06:20 . 2012-03-30 06:20 -------- d-----w- c:\program files\CBR Reader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 17:09 . 2012-03-21 17:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-21 17:09 . 2011-11-11 11:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 11:01 . 2001-08-23 09:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2001-08-23 09:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2001-08-23 09:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2001-08-23 09:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2001-08-23 09:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2001-08-23 09:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:26 . 2001-08-23 09:00 1869184 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-20_04.18.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 09:00 . 2012-04-20 04:18 69004 c:\windows\system32\perfc009.dat
+ 2001-08-23 09:00 . 2012-04-20 17:44 69004 c:\windows\system32\perfc009.dat
- 2011-11-11 07:00 . 2012-04-15 14:53 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-11-11 07:00 . 2012-04-20 14:50 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-11-11 07:00 . 2012-04-20 14:50 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
- 2011-11-11 07:00 . 2012-04-15 14:53 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
+ 2011-11-11 07:00 . 2012-04-20 14:50 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-11-11 07:00 . 2012-04-15 14:53 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
- 2001-08-23 09:00 . 2012-04-20 04:18 436274 c:\windows\system32\perfh009.dat
+ 2001-08-23 09:00 . 2012-04-20 17:44 436274 c:\windows\system32\perfh009.dat
- 2011-11-11 07:00 . 2012-04-15 14:53 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-11-11 07:00 . 2012-04-20 14:50 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-11-11 07:00 . 2012-04-20 14:50 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
- 2011-11-11 07:00 . 2012-04-15 14:53 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
- 2011-11-11 07:00 . 2012-04-15 14:53 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
+ 2011-11-11 07:00 . 2012-04-20 14:50 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
- 2011-11-11 07:00 . 2012-04-15 14:53 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-11-11 07:00 . 2012-04-20 14:50 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
- 2011-11-11 07:00 . 2012-04-15 14:53 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-11-11 07:00 . 2012-04-20 14:50 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-11-11 07:00 . 2012-04-15 14:53 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-11-11 07:00 . 2012-04-20 14:50 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-11-16 04:40 . 2012-04-15 14:53 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
+ 2011-11-16 04:40 . 2012-04-20 14:50 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
- 2011-11-11 07:00 . 2012-04-15 14:53 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-11-11 07:00 . 2012-04-20 14:50 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
- 2011-11-11 07:00 . 2012-04-15 14:53 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-11-11 07:00 . 2012-04-20 14:50 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-01-06 296056]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-02-26 495708]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-08-12 753664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 pctBTFix;PC Tools Boot Fix Driver;c:\windows\system32\drivers\pctBTFix.sys [12/6/2011 7:47 AM 17848]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12/6/2011 6:37 AM 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [12/6/2011 6:37 AM 341656]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [12/6/2011 6:37 AM 660992]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [12/6/2011 7:47 AM 54328]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [12/6/2011 7:47 AM 574424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [12/6/2011 6:37 AM 253096]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [12/5/2011 8:03 AM 185560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [12/6/2011 7:04 AM 546768]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [12/6/2011 6:37 AM 162584]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/10/2011 7:31 PM 113664]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [1/30/2010 7:08 PM 318976]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [1/30/2010 3:08 PM 51456]
R3 DIFMBUS;Franklin EVDO USB Modem Composite Device Driver;c:\windows\system32\drivers\DIFMBUS.sys [4/11/2012 11:02 PM 56408]
R3 DIFMCVsp;Franklin EVDO USB Modem CM Port;c:\windows\system32\drivers\DIFMCVsp.sys [4/11/2012 11:02 PM 164568]
R3 DIFMMdm;Franklin EVDO USB Modem;c:\windows\system32\drivers\DIFMMdm.sys [4/11/2012 11:02 PM 164568]
R3 DIFMNET;Franklin EVDO USB Modem Network Adapter;c:\windows\system32\drivers\DIFMNET.sys [4/11/2012 11:02 PM 112728]
R3 DIFMNVsp;Franklin EVDO USB Modem NMEA Port Serial Port;c:\windows\system32\drivers\DIFMNVsp.sys [4/11/2012 11:02 PM 164568]
R3 DIFMVsp;Franklin EVDO USB Modem Diagnostics Port;c:\windows\system32\drivers\DIFMVsp.sys [4/11/2012 11:02 PM 164568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/31/2009 4:11 PM 39424]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [12/6/2011 7:48 AM 56840]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [12/6/2011 6:36 AM 57536]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 DIFMCDF;Franklin EVDO USB Modem Installation CD;c:\windows\system32\drivers\DIFMCDF.sys [4/11/2012 11:02 PM 29400]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/10/2010 1:37 AM 4640000]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [12/6/2011 6:36 AM 91136]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [12/6/2011 6:36 AM 57536]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [12/6/2011 6:36 AM 125888]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [12/6/2011 6:36 AM 70536]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [12/6/2011 7:46 AM 402336]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [12/6/2011 7:47 AM 35264]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-20 c:\windows\Tasks\Auslogics BoostSpeed Integrator Start On The GRACE of GOD Logon.job
- c:\program files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe [2011-11-15 17:25]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2052111302-527237240-1003Core.job
- c:\documents and settings\The GRACE of GOD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-11 00:07]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2052111302-527237240-1003UA.job
- c:\documents and settings\The GRACE of GOD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-11 00:07]
.
2012-04-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-2052111302-527237240-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 19:02]
.
2012-04-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-2052111302-527237240-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 19:02]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 192.168.224.5:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-20 13:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(252)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(2012)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2012-04-20 13:49:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-20 17:49
ComboFix2.txt 2012-04-20 04:26
.
Pre-Run: 5,559,840,768 bytes free
Post-Run: 5,559,353,344 bytes free
.
- - End Of File - - 31F08D40BE1127F2F0BF355F26658AA6

2) From mbam:


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.20.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
The GRACE of GOD :: LEI-LI [administrator]

Protection: Enabled

4/20/2012 2:03:12 PM
mbam-log-2012-04-20 (14-03-12).txt


Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219500
Time elapsed: 6 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I am very happy that the problem seems to have gone now.

I am very thankful and grateful indeed :thumbup:

Respectfully

Tony

#14 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 5,042 posts
  • Interests:LFC, music, more LFC, more music

Posted 21 April 2012 - 01:16 AM

That’s good news.

Your logs are clean so one more scan to be certain there is nothing left and then we can clean up.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan 1. Click the Eset online Scanner button.
2. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
• Double click on the Eset installer icon on your desktop.

3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Accept any security warnings from your browser.
6. Check Scan archives
7. Push the Start button.
8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
9. When the scan completes, push List of found threats
10. Push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - when ESET doesn't find any threats, no report will be created.
11. Push the back button.
12. Push Finish
If a log has been produced post it in your next reply.

Thanks

Satchfan

#15 Armor7

Armor7

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 23 April 2012 - 10:04 AM

Hi there Satchfan, I haven't replied yet because I have been having trouble getting the ESET online database downloaded. I am working on it right now still; I seek to respond in a few hours if all goes well. Respectfully, Tony

Advertisement




Similar Topics: Rootkit.TDSS.v3 infection-recycler infection [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users