Zbot (I think)

Solved
By petka
Mar 25, 2012
  1. I have a problem with an obvious attempt to gather details about my banking. Some pathetic page saying it doesn't recognize my computer comes up when I try to do my internet banking.

    I have AdAware and Avira running, well updated, but even the avira rescue CD can't get this sucker.

    So I followed your "general" suggestions.

    I got past the MalwareBytes thing (no detections).

    The Gmer crashes on some *.sys file with a blue screen. So no luck there.

    Should I just start by posting the MalwareBytes log? Or are there any tips on getting the Gmer past this hurdle?
  2. petka

    petka Newcomer, in training Topic Starter Posts: 42

    ok, I reread the 5-step thing

    I haven't tried the "safe" mode, missed that tip.

    Will post again when I have (or have failed to for technical reasons) moved along the steps in the instructions
  3. petka

    petka Newcomer, in training Topic Starter Posts: 42

    Complete info as per "5-step-guide"

    I have a swedish OS version in Sweden, so....

    Gmer reports some kxtdapow.sys thing. That is what gave the blue screen last time. This time it just zipped thru the scan and that was that. Even tho it is tempting, I will simply let it sit there until I get your professional instructions.


    MalwareBytes:

    Malwarebytes Anti-Malware (Testversion) 1.60.1.1000
    www.malwarebytes.org

    Databasversion: v2012.03.25.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    petka :: PKNEW [administratör]

    Skydd: Aktiverad

    2012-03-25 23:07:19
    mbam-log-2012-03-25 (23-07-19).txt

    Skanningstyp: Snabbskanning
    Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
    Inaktiverade skanningsalternativ: P2P
    Antal skannade objekt: 275565
    Förfluten tid: 36 minut(er), 42 sekund(er)

    Upptäckta minnesprocesser: 0
    (Inga skadliga poster hittades)

    Upptäckta minnesmoduler: 0
    (Inga skadliga poster hittades)

    Upptäckta registernycklar: 0
    (Inga skadliga poster hittades)

    Upptäckta registervärden: 0
    (Inga skadliga poster hittades)

    Upptäckta registerdataposter: 0
    (Inga skadliga poster hittades)

    Upptäckta mappar: 0
    (Inga skadliga poster hittades)

    Upptäckta filer: 0
    (Inga skadliga poster hittades)

    (klar)


    GMER:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-25 23:56:44
    Windows 5.1.2600 Service Pack 3
    Running: 4b6r06uv.exe; Driver: E:\DOCUME~1\PETKA~1.PKN\LOKALA~1\Temp\kxtdapow.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdePort0 Code 8A540005
    Device \Driver\atapi \Device\Ide\IdePort0 8A540000
    Device \Driver\atapi \Device\Ide\IdePort1 Code 8A540005
    Device \Driver\atapi \Device\Ide\IdePort1 8A540000

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)
    AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----


    DDS:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by petka at 0:00:13 on 2012-03-26
    Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.924 [GMT 2:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    E:\WINDOWS\system32\Ati2evxx.exe
    E:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    E:\WINDOWS\System32\svchost.exe -k netsvcs
    E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    E:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    E:\Program\Lavasoft\Ad-Aware\AAWService.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    E:\WINDOWS\system32\ANIWConnService.exe
    E:\Program\Avira\AntiVir Desktop\avguard.exe
    E:\WINDOWS\ATKKBService.exe
    E:\Program\Nero\Nero 7\InCD\InCDsrv.exe
    E:\Program\Java\jre6\bin\jqs.exe
    E:\Program\Delade filer\LightScribe\LSSrvc.exe
    E:\Program\Malwarebytes' Anti-Malware\mbamservice.exe
    E:\Program\Clarus\Samsung SecretZone\MSSvc.exe
    E:\Program\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
    E:\WINDOWS\System32\svchost.exe -k imgsvc
    E:\Program\TomTom HOME 2\TomTomHOMEService.exe
    E:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
    E:\WINDOWS\system32\SearchIndexer.exe
    E:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
    E:\Program\Avira\AntiVir Desktop\avshadow.exe
    E:\WINDOWS\system32\SearchProtocolHost.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program\Nero\Nero 7\InCD\NBHGui.exe
    E:\Program\Nero\Nero 7\InCD\InCD.exe
    E:\WINDOWS\system32\SxgTkBar.exe
    E:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    E:\Program\D-Link\DWA-140 revB\AirNCFG.exe
    E:\Program\Voddler\service\VNetManager.exe
    E:\Program\Avira\AntiVir Desktop\avgnt.exe
    E:\WINDOWS\RTHDCPL.EXE
    E:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
    E:\Program\Malwarebytes' Anti-Malware\mbamgui.exe
    E:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program\Delade filer\LightScribe\LightScribeControlPanel.exe
    E:\Program\Lavasoft\Ad-Aware\AAWTray.exe
    E:\Program\Clarus\Samsung Auto Backup\ISFGuage.exe
    E:\Program\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
    E:\Program\Clarus\Samsung Auto Backup\ISFTimerD.exe
    E:\Program\Windows Desktop Search\WindowsSearch.exe
    E:\Program\OpenOffice.org 3\program\soffice.exe
    E:\Program\OpenOffice.org 3\program\soffice.bin
    E:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.se/
    uInternet Connection Wizard,ShellNext = iexplore
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - e:\program\adawaretb\adawareDx.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - e:\program\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - e:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - e:\program\adawaretb\adawareDx.dll
    TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    TB: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [CTFMON.EXE] e:\windows\system32\ctfmon.exe
    uRun: [ASRock OC Tuner]
    uRun: [zASRockInstantBoot]
    uRun: [ASRock IES]
    uRun: [ASUS SmartDoctor] c:\program files\asus\smartdoctor\SmartDoctor.exe /start
    uRun: [LightScribe Control Panel] e:\program\delade filer\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [TomTomHOME.exe] "e:\program\tomtom home 2\TomTomHOMERunner.exe"
    uRun: [Steam] "e:\program\steam\Steam.exe" -silent
    uRun: [GameShadow] e:\program\gameshadow\GameShadow.exe /q
    uRun: [Emotum Mobile Broadband] e:\program\emotum\mobile broadband\Mobile.exe
    uRun: [msnmsgr] "e:\program\windows live\messenger\msnmsgr.exe" /background
    uRun: [Skype] "e:\program\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [ASUSGamerOSD] e:\program files\asus\gamerosd\GamerOSD.exe
    mRun: [NeroFilterCheck] e:\program\delade filer\ahead\lib\NeroCheck.exe
    mRun: [SecurDisc] e:\program\nero\nero 7\incd\NBHGui.exe
    mRun: [InCD] e:\program\nero\nero 7\incd\InCD.exe
    mRun: [SxgTkBar] SxgTkBar.exe
    mRun: [ANIWZCS2Service] e:\program\ani\aniwzcs2 service\WZCSLDR2.exe
    mRun: [D-Link D-Link Wireless N DWA-140] e:\program\d-link\dwa-140 revb\AirNCFG.exe
    mRun: [ATICustomerCare] "e:\program\ati\aticustomercare\ATICustomerCare.exe"
    mRun: [VoddlerNet Manager] e:\program\voddler\service\VNetManager.exe
    mRun: [avgnt] "e:\program\avira\antivir desktop\avgnt.exe" /min
    mRun: [Adobe Reader Speed Launcher] "e:\program\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "e:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "e:\program\quicktime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "e:\program\delade filer\apple\apple application support\APSDaemon.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [StartCCC] "e:\program\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [Ad-Aware Browsing Protection] "e:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
    mRun: [Malwarebytes' Anti-Malware] "e:\program\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [SunJavaUpdateSched] "e:\program\delade filer\java\java update\jusched.exe"
    dRun: [CTFMON.EXE] e:\windows\system32\CTFMON.EXE
    dRunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
    dRunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f
    StartupFolder: e:\docume~1\petka~1.pkn\start-~1\program\autost~1\openof~1.lnk - e:\program\openoffice.org 3\program\quickstart.exe
    StartupFolder: e:\docume~1\alluse~1\start-~1\program\autost~1\samsun~3.lnk - e:\program\clarus\samsung auto backup\ISFGuage.exe
    StartupFolder: e:\docume~1\alluse~1\start-~1\program\autost~1\samsun~2.lnk - e:\program\clarus\samsung auto backup\ISFRealTimeD.exe
    StartupFolder: e:\docume~1\alluse~1\start-~1\program\autost~1\samsun~1.lnk - e:\program\clarus\samsung auto backup\ISFTimerD.exe
    StartupFolder: e:\docume~1\alluse~1\start-~1\program\autost~1\window~1.lnk - e:\program\windows desktop search\WindowsSearch.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program\messenger\msmsgs.exe
    DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{B6120850-2646-4333-AD87-2C0EA347C1EE} : DhcpNameServer = 192.168.1.1
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - e:\program\windows desktop search\MSNLNamespaceMgr.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "e:\program\delade filer\lightscribe\LSRunOnce.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - e:\documents and settings\petka.pknew\application data\mozilla\firefox\profiles\vhhkse1z.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
    FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - plugin: e:\program\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: e:\program\curl corporation\surge\plugins\np-curl-surge-8-0.dll
    FF - plugin: e:\program\curl corporation\surge\plugins\np-curl-surge64-8-0.dll
    FF - plugin: e:\program\curl corporation\surge\plugins\np-curl-surge64.dll
    FF - plugin: e:\program\google\google earth\plugin\npgeplugin.dll
    FF - plugin: e:\program\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: e:\program\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: e:\program\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: e:\program\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: e:\program\k-lite codec pack\real\browser\plugins\nppl3260.dll
    FF - plugin: e:\program\k-lite codec pack\real\browser\plugins\nprpjplug.dll
    FF - plugin: e:\program\microsoft silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: e:\program\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: e:\program\nos\bin\np_gp.dll
    FF - plugin: e:\program\windows live\photo gallery\NPWLPG.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: google.toolbar.linkdoctor.enabled - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2012-3-24 64512]
    R1 avkmgr;avkmgr;e:\windows\system32\drivers\avkmgr.sys [2011-10-24 36000]
    R1 mdf15;mdf15;e:\program\clarus\samsung secretzone\mdf15.sys [2011-3-26 12800]
    R2 ANIWConnService;ANIWConn Service;e:\windows\system32\ANIWConnService.exe [2010-5-24 147456]
    R2 AntiVirSchedulerService;Avira Scheduler;e:\program\avira\antivir desktop\sched.exe [2011-10-24 86224]
    R2 AntiVirService;Avira Realtime Protection;e:\program\avira\antivir desktop\avguard.exe [2011-10-24 110032]
    R2 avgntflt;avgntflt;e:\windows\system32\drivers\avgntflt.sys [2011-10-24 74640]
    R2 fssfltr;FssFltr;e:\windows\system32\drivers\fssfltr_tdi.sys [2010-8-10 54760]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program\lavasoft\ad-aware\AAWService.exe [2012-3-20 2152152]
    R2 MBAMService;MBAMService;e:\program\malwarebytes' anti-malware\mbamservice.exe [2012-3-25 652360]
    R2 MSR Service;Virtual Disk Service Manager;e:\program\clarus\samsung secretzone\MSSvc.exe [2011-3-26 114688]
    R2 TomTomHOMEService;TomTomHOMEService;e:\program\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;e:\windows\system32\drivers\AtihdXP3.sys [2012-3-4 100368]
    R3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [2012-3-25 20464]
    R3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver;e:\windows\system32\drivers\rt2870.sys [2010-5-24 715520]
    R3 SOFTXG;YAMAHA XG SoftSynthesizer;e:\windows\system32\drivers\sxgxgwdm.sys [2009-7-3 966784]
    R3 xcpip;TCP/IP Protocol Driver;e:\windows\system32\drivers\xcpip.sys --> e:\windows\system32\drivers\xcpip.sys [?]
    R3 xpsec;IPSEC driver;e:\windows\system32\drivers\xpsec.sys --> e:\windows\system32\drivers\xpsec.sys [?]
    RUnknown mvd20;mvd20; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);e:\program\google\update\GoogleUpdate.exe [2010-6-2 136176]
    S2 VoddlerNet;VoddlerNet;e:\program\voddler\service\voddler.exe [2011-8-24 2271200]
    S3 80czzt43.sys;80czzt43.sys;\??\e:\windows\system32\drivers\80czzt43.sys --> e:\windows\system32\drivers\80czzt43.sys [?]
    S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2009-6-30 1691480]
    S3 AWINDIS5;AWINDIS5 Protocol Driver;e:\windows\system32\AWINDIS5.SYS [2009-6-28 16194]
    S3 fsssvc;Tjänsten Windows Live Family Safety;e:\program\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 gupdatem;Tjänsten Google Update (gupdatem);e:\program\google\update\GoogleUpdate.exe [2010-6-2 136176]
    S3 hwusbfake;Huawei DataCard USB Fake;e:\windows\system32\drivers\ewusbfake.sys [2010-2-21 102656]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;e:\program\lavasoft\ad-aware\kernexplorer.sys [2012-3-20 15232]
    S3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;e:\windows\system32\drivers\wg311tn5.sys --> e:\windows\system32\drivers\wg311tn5.sys [?]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;e:\windows\system32\svchost.exe -k nosGetPlusHelper [2003-4-24 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-03-25 18:23:34 73728 ----a-w- e:\windows\system32\javacpl.cpl
    2012-03-25 17:39:33 20464 ----a-w- e:\windows\system32\drivers\mbam.sys
    2012-03-25 17:39:33 -------- d-----w- e:\program\Malwarebytes' Anti-Malware
    2012-03-24 20:56:27 -------- d-----w- e:\documents and settings\petka.pknew\application data\Malwarebytes
    2012-03-24 20:56:17 -------- d-----w- e:\documents and settings\all users\application data\Malwarebytes
    2012-03-24 19:53:48 -------- d-----w- e:\documents and settings\all users\application data\Ad-Aware Browsing Protection
    2012-03-24 19:53:47 -------- d-----w- e:\program\Toolbar Cleaner
    2012-03-24 19:53:36 -------- d-----w- e:\documents and settings\petka.pknew\application data\adawaretb
    2012-03-24 19:53:29 -------- d-----w- e:\program\adawaretb
    2012-03-24 19:53:24 64512 ----a-w- e:\windows\system32\drivers\Lbd.sys
    2012-03-22 23:15:38 592824 ----a-w- e:\program\mozilla firefox\gkmedias.dll
    2012-03-22 23:15:38 44472 ----a-w- e:\program\mozilla firefox\mozglue.dll
    2012-03-20 20:47:04 -------- d-----w- e:\documents and settings\all users\application data\VS
    2012-03-17 21:08:39 5632 ----a-w- e:\windows\system32\ptpusb.dll
    2012-03-17 21:08:37 15104 -c--a-w- e:\windows\system32\dllcache\usbscan.sys
    2012-03-17 21:08:37 15104 ----a-w- e:\windows\system32\drivers\usbscan.sys
    2012-03-17 21:08:21 159232 ----a-w- e:\windows\system32\ptpusd.dll
    2012-03-04 10:54:30 -------- d-----w- e:\program\AMD APP
    2012-03-04 10:53:41 100368 ----a-w- e:\windows\system32\drivers\AtihdXP3.sys
    2012-03-04 10:53:14 956160 ----a-w- e:\windows\system32\ativvamv.dll
    2012-03-04 10:51:49 -------- d-----w- E:\AMD
    2012-03-04 10:41:53 359016 ----a-w- e:\windows\vncutil.exe
    2012-03-04 10:41:51 64616 ----a-w- e:\windows\system32\RtkCoInstIIXP.dll
    2012-03-04 10:41:51 129640 ----a-w- e:\windows\RtkAudioService.exe
    2012-03-04 10:41:51 11368 ----a-w- e:\windows\system32\RtkCoLDRXP.dll
    2012-03-04 10:41:49 21736 ----a-w- e:\windows\system32\drivers\RTAIODAT.DAT
    2012-03-04 10:16:48 -------- d-----w- e:\documents and settings\petka.pknew\application data\Easeware
    .
    ==================== Find3M ====================
    .
    2012-03-25 18:23:17 472808 ----a-w- e:\windows\system32\deployJava1.dll
    2012-03-25 17:18:54 94208 ----a-w- e:\windows\DUMP74e1.tmp
    2012-03-24 01:47:33 196608 ----a-w- e:\windows\system32\drivers\nStandard.bin
    2012-03-19 21:57:29 414368 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-19 18:34:22 444952 ----a-w- e:\windows\system32\wrap_oal.dll
    2012-02-19 18:34:22 109080 ----a-w- e:\windows\system32\OpenAL32.dll
    2012-02-17 13:05:58 204 ----a-w- e:\windows\system32\vcwl0fq.dll
    2012-02-17 13:05:58 100 ----a-w- e:\windows\system32\prsgrc.dll
    2012-02-17 13:05:57 0 ----a-w- e:\windows\system32\serauth2.dll
    2012-02-17 13:05:57 0 ----a-w- e:\windows\system32\serauth1.dll
    2012-02-17 13:05:57 0 ----a-w- e:\windows\system32\nsprs.dll
    2012-02-17 13:05:56 1025 ----a-w- e:\windows\system32\u0b3xyo.dll
    2012-02-17 13:05:56 1025 ----a-w- e:\windows\system32\grcauth2.dll
    2012-02-17 13:05:56 1025 ----a-w- e:\windows\system32\grcauth1.dll
    2012-02-17 13:05:54 72 ----a-w- e:\windows\system32\ssprs.dll
    2012-02-17 13:05:54 1025 ----a-w- e:\windows\system32\clauth2.dll
    2012-02-17 13:05:54 1025 ----a-w- e:\windows\system32\clauth1.dll
    2012-02-03 09:57:40 1860096 ----a-w- e:\windows\system32\win32k.sys
    2012-01-09 16:20:19 139784 ----a-w- e:\windows\system32\drivers\rdpwd.sys
    2000-08-14 19:33:46 6287360 ----a-w- e:\program\IDMain.exe
    2000-06-27 16:37:52 730112 ----a-w- e:\program\Config.exe
    1998-06-02 04:32:48 705024 ----a-w- e:\program\3dfx.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: Samsung_ rev. -> Harddisk2\DR4 -> \Device\0000008b
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys USBSTOR.SYS hal.dll usbhub.sys USBPORT.SYS usbehci.sys
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk2\DR4[0x89510AB8]
    3 CLASSPNP[0xF74C7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000008d[0x89705EA0]
    5 USBSTOR[0xF3209706] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\USBPDO-9[0x8A4D43A8]
    7 usbhub[0xF6510596] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\USBPDO-1[0x8A38F450]
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    user != kernel MBR !!!
    error: Read Felaktig parameter.
    .
    ============= FINISH: 0:01:33,79 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2009-06-28 22:48:24
    System Uptime: 2012-03-25 22:46:56 (2 hours ago)
    .
    Motherboard: ASRock | | N61P-S
    Processor: AMD Athlon(tm) 7750 Dual-Core Processor | CPUSocket | 2712/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (FAT32) - 931 GiB total, 668,65 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 466 GiB total, 69,296 GiB free.
    F: is FIXED (NTFS) - 186 GiB total, 140,893 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
    Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&38D79619&0
    Manufacturer: (Standardtangentbord)
    Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&38D79619&0
    Service: i8042prt
    .
    Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&38D79619&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&38D79619&0
    Service: i8042prt
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: NETGEAR 108 Mbps Wireless PCI Adapter WG311T
    Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_5A001385&REV_01\4&25700A26&0&4020
    Manufacturer: Atheros
    Name: NETGEAR 108 Mbps Wireless PCI Adapter WG311T
    PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_5A001385&REV_01\4&25700A26&0&4020
    Service: AR5416
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: NVIDIA nForce Networking Controller
    Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
    Manufacturer: NVIDIA
    Name: NVIDIA nForce 10/100 Mbps Ethernet
    PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
    Service: NVENETFD
    .
    ==== System Restore Points ===================
    .
    RP675: 2012-01-10 23:22:28 - Systemkontrollpunkt
    RP676: 2012-01-10 23:55:34 - Installed Ad-Aware
    RP677: 2012-01-11 07:26:39 - Software Distribution Service 3.0
    RP678: 2012-01-12 12:21:30 - Systemkontrollpunkt
    RP679: 2012-01-13 15:45:51 - Systemkontrollpunkt
    RP680: 2012-01-16 06:12:20 - Software Distribution Service 3.0
    RP681: 2012-01-17 21:31:21 - Systemkontrollpunkt
    RP682: 2012-01-19 09:08:10 - Systemkontrollpunkt
    RP683: 2012-01-20 16:39:30 - Systemkontrollpunkt
    RP684: 2012-01-22 12:39:28 - Systemkontrollpunkt
    RP685: 2012-01-23 23:45:36 - Systemkontrollpunkt
    RP686: 2012-01-25 16:23:28 - Systemkontrollpunkt
    RP687: 2012-01-26 18:12:23 - Systemkontrollpunkt
    RP688: 2012-01-28 14:49:20 - Systemkontrollpunkt
    RP689: 2012-01-30 19:45:02 - Systemkontrollpunkt
    RP690: 2012-02-02 13:01:45 - Systemkontrollpunkt
    RP691: 2012-02-04 16:19:53 - Systemkontrollpunkt
    RP692: 2012-02-05 17:09:49 - Systemkontrollpunkt
    RP693: 2012-02-05 18:00:06 - DirectX har installerats
    RP694: 2012-02-06 18:00:23 - Systemkontrollpunkt
    RP695: 2012-02-08 13:17:00 - Systemkontrollpunkt
    RP696: 2012-02-09 22:33:12 - Systemkontrollpunkt
    RP697: 2012-02-11 14:17:36 - Systemkontrollpunkt
    RP698: 2012-02-12 17:06:43 - Systemkontrollpunkt
    RP699: 2012-02-15 15:17:50 - Systemkontrollpunkt
    RP700: 2012-02-15 19:42:34 - Software Distribution Service 3.0
    RP701: 2012-02-17 14:05:32 - Installed Curl RTE
    RP702: 2012-02-18 19:46:22 - Systemkontrollpunkt
    RP703: 2012-02-19 19:24:38 - Removed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    RP704: 2012-02-20 19:41:43 - Systemkontrollpunkt
    RP705: 2012-02-21 20:04:08 - Systemkontrollpunkt
    RP706: 2012-02-21 22:39:59 - Installed Windows XP Wdf01009.
    RP707: 2012-02-22 12:11:18 - Software Distribution Service 3.0
    RP708: 2012-02-23 19:26:03 - Systemkontrollpunkt
    RP709: 2012-02-24 01:03:36 - Nokia Connectivity Cable Driver togs bort
    RP710: 2012-02-25 17:17:35 - Systemkontrollpunkt
    RP711: 2012-02-26 23:23:22 - Systemkontrollpunkt
    RP712: 2012-02-28 20:31:17 - Systemkontrollpunkt
    RP713: 2012-02-29 22:44:56 - Systemkontrollpunkt
    RP714: 2012-03-03 14:38:18 - Systemkontrollpunkt
    RP715: 2012-03-04 11:41:36 - Installerad Realtek High Definition Audio Driver
    RP716: 2012-03-10 13:46:58 - Systemkontrollpunkt
    RP717: 2012-03-11 15:42:12 - Systemkontrollpunkt
    RP718: 2012-03-12 22:49:29 - Systemkontrollpunkt
    RP719: 2012-03-13 22:44:53 - Software Distribution Service 3.0
    RP720: 2012-03-14 23:15:53 - Systemkontrollpunkt
    RP721: 2012-03-15 00:03:35 - Software Distribution Service 3.0
    RP722: 2012-03-17 00:05:13 - Systemkontrollpunkt
    RP723: 2012-03-18 00:10:39 - Systemkontrollpunkt
    RP724: 2012-03-19 16:54:37 - Systemkontrollpunkt
    RP725: 2012-03-20 17:27:39 - Systemkontrollpunkt
    RP726: 2012-03-20 21:29:10 - Software Distribution Service 3.0
    RP727: 2012-03-23 00:22:29 - Software Distribution Service 3.0
    RP728: 2012-03-24 12:34:07 - Installed Ad-Aware
    RP729: 2012-03-24 20:47:18 - Removed Ad-Aware
    RP730: 2012-03-24 20:52:59 - Installed Ad-Aware
    RP731: 2012-03-24 20:53:17 - Installed Ad-Aware
    RP732: 2012-03-25 18:05:10 - Removed Java(TM) 6 Update 29
    RP733: 2012-03-25 18:05:55 - Removed Java(TM) 6 Update 22
    RP734: 2012-03-25 18:06:29 - Removed Java(TM) 6 Update 18
    RP735: 2012-03-25 18:07:39 - Removed RuntimeLibsVC05
    RP736: 2012-03-25 18:10:18 - PC Connectivity Solution togs bort
    RP737: 2012-03-25 20:23:01 - Installed Java(TM) 6 Update 31
    .
    ==== Installed Programs ======================
    .
    Ad-Aware
    Ad-Aware Security Toolbar
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.0 - Svenska
    AGEIA PhysX v7.07.09
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Processor Driver
    ANIO Service
    ANIWZCS2 Service
    Apple Application Support
    Apple Software Update
    ASRock IES
    ASRock InstantBoot
    ASRock OC Tuner
    ASUS Gamer OSD
    ASUS Smart Doctor
    ASUS Utilities
    ASUS VGA Driver
    ASUS VideoSecurity Online
    ATI AVIVO Codecs
    ATI Catalyst Registration
    ATI Parental Control & Encoder
    µTorrent
    Avira Free Antivirus
    Battlestations Pacific
    Battlestations: Pacific
    Bridge Base Online
    Bridge Bidding Trainer V2.0 Basic Edition
    Call of Duty
    Call of Duty: Modern Warfare 3 - Multiplayer
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CBLight 2009
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CIB pdf brewer 2.0.24
    Command & Conquer Red Alert 2
    Company of Heroes
    Company of Heroes - FAKEMSI
    Curl RTE 8.0.0
    D-Link Wireless N DWA-140
    Dead Space™
    EA Download Manager
    EA Download Manager UI
    FLV Player 2.0 (build 25)
    Google Earth
    Google Update Helper
    Guitar Pro 5.0
    Half-Life 2
    Half-Life 2: Deathmatch
    Half-Life 2: Episode One
    Half-Life 2: Episode Two
    Half-Life 2: Lost Coast
    Half-Life Deathmatch: Source
    Homeworld2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2565057)
    Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB958655-v2)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
    hp deskjet 5100 series
    Huawei Driver Installation
    Icewind Dale
    Icewind Dale II
    Indeo® Software
    Java(TM) 6 Update 31
    Junk Mail filter update
    K-Lite Mega Codec Pack 4.2.5
    LightScribe 1.8.13.1
    Malwarebytes Anti-Malware version 1.60.1.1000
    Medal of Honor Airborne
    Medal of Honor Pacific Assault(tm)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 1.1 Swedish Language Pack
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - SVE
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - SVE
    Microsoft .NET Framework 3.5 Language Pack SP1 - sve
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Carioca Rummy
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Help Viewer 1.1
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 Express - ENU
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    Microsoft Zoo Tycoon
    Microsoft_VC100_CRT_SP1_x86
    Mobile Broadband
    Mozilla Firefox 11.0 (x86 sv-SE)
    MSVC80_x86_v2
    MSVC90_x86
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Nero 7 Essentials
    neroxml
    NVIDIA Drivers
    OpenAL
    OpenOffice.org 3.3
    Python 2.7.1
    QuickTime
    Realtek High Definition Audio Driver
    Return to Castle Wolfenstein - Platinum Edition
    Samsung Auto Backup
    Samsung SecretZone
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Windows Search 4 - KB963093
    Segoe UI
    Skype Click to Call
    Skype™ 5.5
    Snabbkorrigering för Windows Media Player 11 (KB939683)
    Snabbkorrigering för Windows XP (KB2158563)
    Snabbkorrigering för Windows XP (KB2443685)
    Snabbkorrigering för Windows XP (KB2570791)
    Snabbkorrigering för Windows XP (KB2633952)
    Snabbkorrigering för Windows XP (KB938759)
    Snabbkorrigering för Windows XP (KB942288-v3)
    Snabbkorrigering för Windows XP (KB952287)
    Snabbkorrigering för Windows XP (KB961118)
    Snabbkorrigering för Windows XP (KB970653-v3)
    Snabbkorrigering för Windows XP (KB976098-v2)
    Snabbkorrigering för Windows XP (KB979306)
    Snabbkorrigering för Windows XP (KB981793)
    Säkerhetsuppdatering för Microsoft Windows (KB2564958)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2183461)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2360131)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2416400)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2482017)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2497640)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2510531)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2530548)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2544521)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2559049)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2586448)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2618444)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2647516)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB969897)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB971961)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB972260)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB974455)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB976325)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB978207)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB981332)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB982381)
    Säkerhetsuppdatering för Windows Media Player (KB2378111)
    Säkerhetsuppdatering för Windows Media Player (KB952069)
    Säkerhetsuppdatering för Windows Media Player (KB954155)
    Säkerhetsuppdatering för Windows Media Player (KB968816)
    Säkerhetsuppdatering för Windows Media Player (KB973540)
    Säkerhetsuppdatering för Windows Media Player (KB975558)
    Säkerhetsuppdatering för Windows Media Player (KB978695)
    Säkerhetsuppdatering för Windows Media Player 11 (KB936782)
    Säkerhetsuppdatering för Windows Media Player 11 (KB954154)
    Säkerhetsuppdatering för Windows XP (KB2079403)
    Säkerhetsuppdatering för Windows XP (KB2115168)
    Säkerhetsuppdatering för Windows XP (KB2121546)
    Säkerhetsuppdatering för Windows XP (KB2160329)
    Säkerhetsuppdatering för Windows XP (KB2229593)
    Säkerhetsuppdatering för Windows XP (KB2259922)
    Säkerhetsuppdatering för Windows XP (KB2279986)
    Säkerhetsuppdatering för Windows XP (KB2286198)
    Säkerhetsuppdatering för Windows XP (KB2296011)
    Säkerhetsuppdatering för Windows XP (KB2296199)
    Säkerhetsuppdatering för Windows XP (KB2347290)
    Säkerhetsuppdatering för Windows XP (KB2360937)
    Säkerhetsuppdatering för Windows XP (KB2387149)
    Säkerhetsuppdatering för Windows XP (KB2393802)
    Säkerhetsuppdatering för Windows XP (KB2412687)
    Säkerhetsuppdatering för Windows XP (KB2419632)
    Säkerhetsuppdatering för Windows XP (KB2423089)
    Säkerhetsuppdatering för Windows XP (KB2436673)
    Säkerhetsuppdatering för Windows XP (KB2440591)
    Säkerhetsuppdatering för Windows XP (KB2443105)
    Säkerhetsuppdatering för Windows XP (KB2476490)
    Säkerhetsuppdatering för Windows XP (KB2476687)
    Säkerhetsuppdatering för Windows XP (KB2478960)
    Säkerhetsuppdatering för Windows XP (KB2478971)
    Säkerhetsuppdatering för Windows XP (KB2479628)
    Säkerhetsuppdatering för Windows XP (KB2479943)
    Säkerhetsuppdatering för Windows XP (KB2481109)
    Säkerhetsuppdatering för Windows XP (KB2483185)
    Säkerhetsuppdatering för Windows XP (KB2485376)
    Säkerhetsuppdatering för Windows XP (KB2485663)
    Säkerhetsuppdatering för Windows XP (KB2503658)
    Säkerhetsuppdatering för Windows XP (KB2503665)
    Säkerhetsuppdatering för Windows XP (KB2506212)
    Säkerhetsuppdatering för Windows XP (KB2506223)
    Säkerhetsuppdatering för Windows XP (KB2507618)
    Säkerhetsuppdatering för Windows XP (KB2507938)
    Säkerhetsuppdatering för Windows XP (KB2508272)
    Säkerhetsuppdatering för Windows XP (KB2508429)
    Säkerhetsuppdatering för Windows XP (KB2509553)
    Säkerhetsuppdatering för Windows XP (KB2511455)
    Säkerhetsuppdatering för Windows XP (KB2524375)
    Säkerhetsuppdatering för Windows XP (KB2535512)
    Säkerhetsuppdatering för Windows XP (KB2536276-v2)
    Säkerhetsuppdatering för Windows XP (KB2536276)
    Säkerhetsuppdatering för Windows XP (KB2544893-v2)
    Säkerhetsuppdatering för Windows XP (KB2544893)
    Säkerhetsuppdatering för Windows XP (KB2555917)
    Säkerhetsuppdatering för Windows XP (KB2562937)
    Säkerhetsuppdatering för Windows XP (KB2566454)
    Säkerhetsuppdatering för Windows XP (KB2567053)
    Säkerhetsuppdatering för Windows XP (KB2567680)
    Säkerhetsuppdatering för Windows XP (KB2570222)
    Säkerhetsuppdatering för Windows XP (KB2570947)
    Säkerhetsuppdatering för Windows XP (KB2584146)
    Säkerhetsuppdatering för Windows XP (KB2585542)
    Säkerhetsuppdatering för Windows XP (KB2592799)
    Säkerhetsuppdatering för Windows XP (KB2598479)
    Säkerhetsuppdatering för Windows XP (KB2603381)
    Säkerhetsuppdatering för Windows XP (KB2618451)
    Säkerhetsuppdatering för Windows XP (KB2619339)
    Säkerhetsuppdatering för Windows XP (KB2620712)
    Säkerhetsuppdatering för Windows XP (KB2621440)
    Säkerhetsuppdatering för Windows XP (KB2624667)
    Säkerhetsuppdatering för Windows XP (KB2631813)
    Säkerhetsuppdatering för Windows XP (KB2633171)
    Säkerhetsuppdatering för Windows XP (KB2639417)
    Säkerhetsuppdatering för Windows XP (KB2641653)
    Säkerhetsuppdatering för Windows XP (KB2646524)
    Säkerhetsuppdatering för Windows XP (KB2647518)
    Säkerhetsuppdatering för Windows XP (KB2660465)
    Säkerhetsuppdatering för Windows XP (KB904706)
    Säkerhetsuppdatering för Windows XP (KB923561)
    Säkerhetsuppdatering för Windows XP (KB923789)
    Säkerhetsuppdatering för Windows XP (KB938464-v2)
    Säkerhetsuppdatering för Windows XP (KB941569)
    Säkerhetsuppdatering för Windows XP (KB946648)
    Säkerhetsuppdatering för Windows XP (KB950760)
    Säkerhetsuppdatering för Windows XP (KB950762)
    Säkerhetsuppdatering för Windows XP (KB950974)
    Säkerhetsuppdatering för Windows XP (KB951066)
    Säkerhetsuppdatering för Windows XP (KB951376-v2)
    Säkerhetsuppdatering för Windows XP (KB951748)
    Säkerhetsuppdatering för Windows XP (KB952004)
    Säkerhetsuppdatering för Windows XP (KB952954)
    Säkerhetsuppdatering för Windows XP (KB954459)
    Säkerhetsuppdatering för Windows XP (KB954600)
    Säkerhetsuppdatering för Windows XP (KB955069)
    Säkerhetsuppdatering för Windows XP (KB956572)
    Säkerhetsuppdatering för Windows XP (KB956744)
    Säkerhetsuppdatering för Windows XP (KB956802)
    Säkerhetsuppdatering för Windows XP (KB956803)
    Säkerhetsuppdatering för Windows XP (KB956844)
    Säkerhetsuppdatering för Windows XP (KB957097)
    Säkerhetsuppdatering för Windows XP (KB958644)
    Säkerhetsuppdatering för Windows XP (KB958687)
    Säkerhetsuppdatering för Windows XP (KB958869)
    Säkerhetsuppdatering för Windows XP (KB959426)
    Säkerhetsuppdatering för Windows XP (KB960225)
    Säkerhetsuppdatering för Windows XP (KB960803)
    Säkerhetsuppdatering för Windows XP (KB960859)
    Säkerhetsuppdatering för Windows XP (KB961371)
    Säkerhetsuppdatering för Windows XP (KB961373)
    Säkerhetsuppdatering för Windows XP (KB961501)
    Säkerhetsuppdatering för Windows XP (KB968537)
    Säkerhetsuppdatering för Windows XP (KB969059)
    Säkerhetsuppdatering för Windows XP (KB969897)
    Säkerhetsuppdatering för Windows XP (KB969898)
    Säkerhetsuppdatering för Windows XP (KB969947)
    Säkerhetsuppdatering för Windows XP (KB970238)
    Säkerhetsuppdatering för Windows XP (KB970430)
    Säkerhetsuppdatering för Windows XP (KB971468)
    Säkerhetsuppdatering för Windows XP (KB971486)
    Säkerhetsuppdatering för Windows XP (KB971557)
    Säkerhetsuppdatering för Windows XP (KB971633)
    Säkerhetsuppdatering för Windows XP (KB971657)
    Säkerhetsuppdatering för Windows XP (KB972270)
    Säkerhetsuppdatering för Windows XP (KB973346)
    Säkerhetsuppdatering för Windows XP (KB973354)
    Säkerhetsuppdatering för Windows XP (KB973507)
    Säkerhetsuppdatering för Windows XP (KB973525)
    Säkerhetsuppdatering för Windows XP (KB973869)
    Säkerhetsuppdatering för Windows XP (KB973904)
    Säkerhetsuppdatering för Windows XP (KB974112)
    Säkerhetsuppdatering för Windows XP (KB974318)
    Säkerhetsuppdatering för Windows XP (KB974392)
    Säkerhetsuppdatering för Windows XP (KB974571)
    Säkerhetsuppdatering för Windows XP (KB975025)
    Säkerhetsuppdatering för Windows XP (KB975467)
    Säkerhetsuppdatering för Windows XP (KB975560)
    Säkerhetsuppdatering för Windows XP (KB975561)
    Säkerhetsuppdatering för Windows XP (KB975562)
    Säkerhetsuppdatering för Windows XP (KB975713)
    Säkerhetsuppdatering för Windows XP (KB977165)
    Säkerhetsuppdatering för Windows XP (KB977816)
    Säkerhetsuppdatering för Windows XP (KB977914)
    Säkerhetsuppdatering för Windows XP (KB978037)
    Säkerhetsuppdatering för Windows XP (KB978251)
    Säkerhetsuppdatering för Windows XP (KB978262)
    Säkerhetsuppdatering för Windows XP (KB978338)
    Säkerhetsuppdatering för Windows XP (KB978542)
    Säkerhetsuppdatering för Windows XP (KB978601)
    Säkerhetsuppdatering för Windows XP (KB978706)
    Säkerhetsuppdatering för Windows XP (KB979309)
    Säkerhetsuppdatering för Windows XP (KB979482)
    Säkerhetsuppdatering för Windows XP (KB979559)
    Säkerhetsuppdatering för Windows XP (KB979683)
    Säkerhetsuppdatering för Windows XP (KB979687)
    Säkerhetsuppdatering för Windows XP (KB980195)
    Säkerhetsuppdatering för Windows XP (KB980218)
    Säkerhetsuppdatering för Windows XP (KB980232)
    Säkerhetsuppdatering för Windows XP (KB980436)
    Säkerhetsuppdatering för Windows XP (KB981322)
    Säkerhetsuppdatering för Windows XP (KB981852)
    Säkerhetsuppdatering för Windows XP (KB981957)
    Säkerhetsuppdatering för Windows XP (KB981997)
    Säkerhetsuppdatering för Windows XP (KB982132)
    Säkerhetsuppdatering för Windows XP (KB982214)
    Säkerhetsuppdatering för Windows XP (KB982665)
    Säkerhetsuppdatering för Windows XP (KB982802)
    Sonic Foundry Sound Forge 6.0
    SPORE™
    Spotify
    Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
    Star Ruler
    Steam
    SwitchInTime
    Team Fortress 2
    The Lord of the Rings FREE Trial
    The Rosetta Stone
    TomTom HOME 2.8.1.2218
    TomTom HOME Visual Studio Merge Modules
    Ultima IX
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Uppdatering för Microsoft Windows (KB971513)
    Uppdatering för Windows Internet Explorer 8 (KB2447568)
    Uppdatering för Windows Internet Explorer 8 (KB2598845)
    Uppdatering för Windows Internet Explorer 8 (KB2632503)
    Uppdatering för Windows Internet Explorer 8 (KB971930)
    Uppdatering för Windows Internet Explorer 8 (KB976662)
    Uppdatering för Windows Internet Explorer 8 (KB976749)
    Uppdatering för Windows Internet Explorer 8 (KB980182)
    Uppdatering för Windows Internet Explorer 8 (KB982632)
    Uppdatering för Windows Internet Explorer 8 (KB982664)
    Uppdatering för Windows XP (KB2141007)
    Uppdatering för Windows XP (KB2345886)
    Uppdatering för Windows XP (KB2467659)
    Uppdatering för Windows XP (KB2492386)
    Uppdatering för Windows XP (KB2541763)
    Uppdatering för Windows XP (KB2607712)
    Uppdatering för Windows XP (KB2616676)
    Uppdatering för Windows XP (KB2641690)
    Uppdatering för Windows XP (KB951978)
    Uppdatering för Windows XP (KB955759)
    Uppdatering för Windows XP (KB955839)
    Uppdatering för Windows XP (KB961503)
    Uppdatering för Windows XP (KB967715)
    Uppdatering för Windows XP (KB968389)
    Uppdatering för Windows XP (KB971029)
    Uppdatering för Windows XP (KB971737)
    Uppdatering för Windows XP (KB973687)
    Uppdatering för Windows XP (KB973815)
    Warhammer 40,000: Dawn Of War - Gold Edition
    Warhammer® 40,000®: Dawn of War® II – Retribution™
    VC 9.0 Runtime
    WebFldrs XP
    Westwood Shared Internet Components
    VideoLAN VLC media player 0.8.6a
    Viktig uppdatering för Windows Media Player 11 (KB959772)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3
    WinRAR archiver
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Voddler
    Wolfenstein - Enemy Territory
    World of Tanks v.0.6.5
    XML Paper Specification Shared Components Language Pack 1.0
    XviD MPEG-4 Video Codec
    YAMAHA XG SoftSynthesizer S-YXG50
    .
    ==== End Of File ===========================




    That's it.
    And of course, I'd really appreciate any help I can get.
    I've checked some threads with impressive help, so thanks in advance :)
  4. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    You're running two AV programs, Lavasoft Ad-Watch Live! Anti-Virus and Avira.
    One of them has to go.
    I suggest Lavasoft goes.

    Then...

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  5. petka

    petka Newcomer, in training Topic Starter Posts: 42

    Results as per your instructions

    Thanks a lot for the help!

    Lavasoft went.
    All this stuff is exciting. It's been 20+ years since I had any real knowledge of stuff like this, and the viral infections were not often stealthy or anything. So now I feel the urge to read up on rootkits and bootkits and whatever....

    Here are the logs:

    aswMBR:


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-26 01:07:15
    -----------------------------
    01:07:15.343 OS Version: Windows 5.1.2600 Service Pack 3
    01:07:15.343 Number of processors: 2 586 0x203
    01:07:15.343 ComputerName: PKNEW UserName: petka
    01:07:17.968 Initialize success
    01:11:02.109 AVAST engine defs: 12032501
    01:12:12.531 Disk 0 \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path1Target1Lun0
    01:12:12.546 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 476940MB BusType: 1
    01:12:12.546 Device \Driver\USBSTOR -> DriverStartIo USBSTOR.SYS f320af26
    01:12:12.562 Disk 2 MBR read successfully
    01:12:12.562 Disk 2 MBR scan
    01:12:12.906 Disk 2 Windows XP default MBR code
    01:12:12.906 Disk 2 MBR hidden
    01:12:12.953 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
    01:12:13.046 Disk 2 scanning sectors +1953520065
    01:12:13.250 Disk 2 scanning E:\WINDOWS\system32\drivers
    01:12:34.359 Service scanning
    01:12:56.375 Modules scanning
    01:13:01.984 Disk 2 trace - called modules:
    01:13:01.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys USBSTOR.SYS hal.dll usbhub.sys USBPORT.SYS usbehci.sys
    01:13:01.984 1 nt!IofCallDriver -> \Device\Harddisk2\DR4[0x89510ab8]
    01:13:01.984 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\0000008d[0x89705ea0]
    01:13:02.000 5 USBSTOR.SYS[f3209706] -> nt!IofCallDriver -> \Device\USBPDO-9[0x8a4d43a8]
    01:13:02.000 7 usbhub.sys[f6510596] -> nt!IofCallDriver -> \Device\USBPDO-1[0x8a38f450]
    01:13:03.218 AVAST engine scan E:\WINDOWS
    01:13:30.281 AVAST engine scan E:\WINDOWS\system32
    01:18:59.843 AVAST engine scan E:\WINDOWS\system32\drivers
    01:19:26.125 AVAST engine scan E:\Documents and Settings\petka.PKNEW
    01:19:39.609 File: E:\Documents and Settings\petka.PKNEW\Application Data\Adobe\Flash Player\NativeCache\915E84FE7E8929AA0AF1E491D8AA8669\51a0797e\adobecp-200489-1.dll **INFECTED** Win32:Malware-gen
    01:23:51.421 Disk 2 MBR has been saved successfully to "E:\Documents and Settings\petka.PKNEW\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\MBR.dat"
    01:23:51.421 The log file has been saved successfully to "E:\Documents and Settings\petka.PKNEW\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\aswMBR.txt"


    Bootkit remover:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\E:
    \\.\E: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    ATA_Read(): DeviceIoControl() ERROR 1

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
  6. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  7. petka

    petka Newcomer, in training Topic Starter Posts: 42

    Completed, waiting for reboot

    I'm on my laptop in parallell.

    It found and zapped something, sinowa or similar name.
    Reboot was required, which I am performing now.
    Log will be forthcoming.
    So far this is..... *wow*

    Read up on rootkits and bootkits.
    Boy am I glad I adressed the problem as soon as I saw it.
    I sure hope we can stomp it.
  8. petka

    petka Newcomer, in training Topic Starter Posts: 42

    Log file from TDSSkiller

    After reboot a number of cmd.exe windows appeared and disappeared, then windows continued as usual.

    The rootkit seems to "Sinowal.b" according to the log


    TDSSkiller:

    01:48:29.0828 4384 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
    01:48:30.0156 4384 ============================================================
    01:48:30.0156 4384 Current date / time: 2012/03/26 01:48:30.0156
    01:48:30.0156 4384 SystemInfo:
    01:48:30.0156 4384
    01:48:30.0156 4384 OS Version: 5.1.2600 ServicePack: 3.0
    01:48:30.0156 4384 Product type: Workstation
    01:48:30.0156 4384 ComputerName: PKNEW
    01:48:30.0156 4384 UserName: petka
    01:48:30.0156 4384 Windows directory: E:\WINDOWS
    01:48:30.0156 4384 System windows directory: E:\WINDOWS
    01:48:30.0156 4384 Processor architecture: Intel x86
    01:48:30.0156 4384 Number of processors: 2
    01:48:30.0156 4384 Page size: 0x1000
    01:48:30.0156 4384 Boot type: Normal boot
    01:48:30.0156 4384 ============================================================
    01:48:33.0000 4384 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
    01:48:33.0062 4384 Drive \Device\Harddisk1\DR2 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    01:48:33.0093 4384 Drive \Device\Harddisk2\DR4 - Size: 0xE8E0DA0000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    01:48:33.0109 4384 \Device\Harddisk0\DR0:
    01:48:33.0109 4384 MBR used
    01:48:33.0109 4384 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
    01:48:33.0109 4384 \Device\Harddisk1\DR2:
    01:48:33.0109 4384 MBR used
    01:48:33.0109 4384 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
    01:48:33.0109 4384 \Device\Harddisk2\DR4:
    01:48:33.0109 4384 MBR used
    01:48:33.0109 4384 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
    01:48:33.0234 4384 Initialize success
    01:48:33.0234 4384 ============================================================
    01:48:37.0687 5300 ============================================================
    01:48:37.0687 5300 Scan started
    01:48:37.0687 5300 Mode: Manual;
    01:48:37.0687 5300 ============================================================
    01:48:39.0265 5300 80czzt43.sys - ok
    01:48:39.0312 5300 Abiosdsk - ok
    01:48:39.0468 5300 abp480n5 - ok
    01:48:39.0796 5300 ACPI (48547e29772befe3c554ff5e4855bf51) E:\WINDOWS\system32\DRIVERS\ACPI.sys
    01:48:39.0796 5300 ACPI - ok
    01:48:39.0906 5300 ACPIEC (decedc736cef3c0fff6e981b31e73a61) E:\WINDOWS\system32\drivers\ACPIEC.sys
    01:48:39.0953 5300 ACPIEC - ok
    01:48:40.0015 5300 adpu160m - ok
    01:48:40.0109 5300 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys
    01:48:40.0125 5300 aec - ok
    01:48:40.0171 5300 AFD (1e44bc1e83d8fd2305f8d452db109cf9) E:\WINDOWS\System32\drivers\afd.sys
    01:48:40.0171 5300 AFD - ok
    01:48:40.0250 5300 Aha154x - ok
    01:48:40.0281 5300 aic78u2 - ok
    01:48:40.0375 5300 aic78xx - ok
    01:48:40.0500 5300 Alerter (7e3c83703327499d0b98ae392ff07ede) E:\WINDOWS\system32\alrsvc.dll
    01:48:40.0531 5300 Alerter - ok
    01:48:40.0593 5300 ALG (5df46f9ad9c1d611a38af2abb9365b5b) E:\WINDOWS\System32\alg.exe
    01:48:40.0625 5300 ALG - ok
    01:48:40.0656 5300 AliIde - ok
    01:48:40.0781 5300 Ambfilt (267fc636801edc5ab28e14036349e3be) E:\WINDOWS\system32\drivers\Ambfilt.sys
    01:48:40.0875 5300 Ambfilt - ok
    01:48:40.0937 5300 AmdPPM (033448d435e65c4bd72e70521fd05c76) E:\WINDOWS\system32\DRIVERS\AmdPPM.sys
    01:48:40.0953 5300 AmdPPM - ok
    01:48:41.0000 5300 amsint - ok
    01:48:41.0109 5300 ANIO (2953a157a783bfc06f42f99fefa5eb07) E:\WINDOWS\system32\ANIO.SYS
    01:48:41.0125 5300 ANIO - ok
    01:48:41.0187 5300 ANIWConnService (2d007966bb8a6c89433766e3d682bbec) E:\WINDOWS\system32\ANIWConnService.exe
    01:48:41.0218 5300 ANIWConnService - ok
    01:48:41.0390 5300 ANIWZCSdService (aa3d68f26b2a27f660afc46039b061a4) E:\Program\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    01:48:41.0437 5300 ANIWZCSdService - ok
    01:48:41.0687 5300 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) E:\Program\Avira\AntiVir Desktop\sched.exe
    01:48:41.0703 5300 AntiVirSchedulerService - ok
    01:48:41.0734 5300 AntiVirService (42f88bfbb76f7a63e381829479b18518) E:\Program\Avira\AntiVir Desktop\avguard.exe
    01:48:41.0734 5300 AntiVirService - ok
    01:48:42.0265 5300 AppMgmt (6912d676607594c3554c2e43f4b1feee) E:\WINDOWS\System32\appmgmts.dll
    01:48:42.0281 5300 AppMgmt - ok
    01:48:42.0640 5300 AR5416 (00e031fe2d849be503fc4a47271f1ea5) E:\WINDOWS\system32\DRIVERS\athw.sys
    01:48:43.0312 5300 AR5416 - ok
    01:48:44.0375 5300 asc - ok
    01:48:45.0375 5300 asc3350p - ok
    01:48:46.0375 5300 asc3550 - ok
    01:48:47.0156 5300 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    01:48:47.0578 5300 aspnet_state - ok
    01:48:48.0796 5300 asusgsb (d320732bcf5ff856120bd06855c66867) E:\WINDOWS\system32\drivers\asusgsb.sys
    01:48:48.0843 5300 asusgsb - ok
    01:48:49.0265 5300 asuskbnt (b3b881eb81013aac11594a5400ada47a) E:\WINDOWS\system32\drivers\atkkbnt.sys
    01:48:49.0265 5300 asuskbnt - ok
    01:48:49.0359 5300 ASUSVRC (94442e3029ff6c9f08140fe6718af4fb) E:\WINDOWS\system32\DRIVERS\AsusVRC.sys
    01:48:49.0359 5300 ASUSVRC - ok
    01:48:49.0468 5300 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys
    01:48:49.0468 5300 AsyncMac - ok
    01:48:49.0562 5300 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys
    01:48:49.0562 5300 atapi - ok
    01:48:49.0640 5300 Atdisk - ok
    01:48:49.0859 5300 Ati HotKey Poller (944e535926628fb2fa33435eb848f94e) E:\WINDOWS\system32\Ati2evxx.exe
    01:48:49.0890 5300 Ati HotKey Poller - ok
    01:48:50.0062 5300 ATI Smart (b9cb37e2393fca35d0505cda5703cbdc) E:\WINDOWS\system32\ati2sgag.exe
    01:48:50.0062 5300 ATI Smart - ok
    01:48:51.0250 5300 ati2mtag (0997918a56a6e09ddf7bdfc0ebe8a99d) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    01:48:52.0421 5300 ati2mtag - ok
    01:48:53.0078 5300 AtiHDAudioService (bd9ca8136738040d3257363ed12be693) E:\WINDOWS\system32\drivers\AtihdXP3.sys
    01:48:53.0093 5300 AtiHDAudioService - ok
    01:48:53.0156 5300 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) E:\WINDOWS\system32\drivers\AtiHdmi.sys
    01:48:53.0171 5300 AtiHdmiService - ok
    01:48:53.0281 5300 ATKKeyboardService (df70303547e59f09dcd32983100edcd1) E:\WINDOWS\ATKKBService.exe
    01:48:54.0859 5300 ATKKeyboardService - ok
    01:48:55.0359 5300 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys
    01:48:55.0359 5300 Atmarpc - ok
    01:48:55.0500 5300 AudioSrv (73f7604cfb13a066a93442f431c62c4a) E:\WINDOWS\System32\audiosrv.dll
    01:48:55.0531 5300 AudioSrv - ok
    01:48:55.0640 5300 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys
    01:48:55.0640 5300 audstub - ok
    01:48:55.0687 5300 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) E:\WINDOWS\system32\DRIVERS\avgntflt.sys
    01:48:55.0703 5300 avgntflt - ok
    01:48:55.0781 5300 avipbb (13b02b9b969dde270cd7c351203dad3c) E:\WINDOWS\system32\DRIVERS\avipbb.sys
    01:48:55.0796 5300 avipbb - ok
    01:48:55.0843 5300 avkmgr (271cfd1a989209b1964e24d969552bf7) E:\WINDOWS\system32\DRIVERS\avkmgr.sys
    01:48:55.0843 5300 avkmgr - ok
    01:48:55.0968 5300 AWINDIS5 (f62b70d3209e38a6c19a03109a25b903) E:\WINDOWS\system32\AWINDIS5.SYS
    01:48:55.0968 5300 AWINDIS5 - ok
    01:48:56.0046 5300 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys
    01:48:56.0078 5300 Beep - ok
    01:48:56.0281 5300 BITS (9741942a86e579231d3c41aa51de042f) E:\WINDOWS\system32\qmgr.dll
    01:48:56.0406 5300 BITS - ok
    01:48:56.0500 5300 Browser (e0d4a1cc49efb58a32b5e9d35798c9dd) E:\WINDOWS\System32\browser.dll
    01:48:56.0531 5300 Browser - ok
    01:48:56.0593 5300 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys
    01:48:56.0593 5300 cbidf2k - ok
    01:48:56.0671 5300 CCDECODE (0be5aef125be881c4f854c554f2b025c) E:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    01:48:56.0718 5300 CCDECODE - ok
    01:48:56.0765 5300 cd20xrnt - ok
    01:48:56.0828 5300 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys
    01:48:56.0828 5300 Cdaudio - ok
    01:48:56.0890 5300 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys
    01:48:56.0906 5300 Cdfs - ok
    01:48:57.0015 5300 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys
    01:48:57.0015 5300 Cdrom - ok
    01:48:57.0062 5300 Changer - ok
    01:48:57.0156 5300 CiSvc (359c676391504438f334478585fd6465) E:\WINDOWS\system32\cisvc.exe
    01:48:57.0156 5300 CiSvc - ok
    01:48:57.0203 5300 ClipSrv (b8345830c5d789d3da21b91c0c94d086) E:\WINDOWS\system32\clipsrv.exe
    01:48:57.0218 5300 ClipSrv - ok
    01:48:57.0328 5300 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    01:48:57.0453 5300 clr_optimization_v2.0.50727_32 - ok
    01:48:57.0593 5300 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    01:48:57.0734 5300 clr_optimization_v4.0.30319_32 - ok
    01:48:58.0000 5300 CmdIde - ok
    01:48:58.0078 5300 COMSysApp - ok
    01:48:58.0140 5300 Cpqarray - ok
    01:48:58.0218 5300 CryptSvc (04fd6585508a7320b2c7453ced231d6b) E:\WINDOWS\System32\cryptsvc.dll
    01:48:58.0234 5300 CryptSvc - ok
    01:48:58.0281 5300 dac2w2k - ok
    01:48:58.0328 5300 dac960nt - ok
    01:48:58.0515 5300 DcomLaunch (87dadc3f6e6cd5aaeb913e19cbff922c) E:\WINDOWS\system32\rpcss.dll
    01:48:58.0531 5300 DcomLaunch - ok
    01:48:58.0593 5300 Dhcp (0ce3fa1c1a6803b34022d6c47273930d) E:\WINDOWS\System32\dhcpcsvc.dll
    01:48:58.0609 5300 Dhcp - ok
    01:48:58.0718 5300 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys
    01:48:58.0718 5300 Disk - ok
    01:48:58.0750 5300 dmadmin - ok
    01:48:58.0890 5300 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) E:\WINDOWS\system32\drivers\dmboot.sys
    01:48:58.0906 5300 dmboot - ok
    01:48:58.0937 5300 dmio (41862731f82be80f0cfba5d0da36b683) E:\WINDOWS\system32\drivers\dmio.sys
    01:48:58.0984 5300 dmio - ok
    01:48:59.0078 5300 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys
    01:48:59.0093 5300 dmload - ok
    01:48:59.0171 5300 dmserver (77db107fd2d8de42b3adc7fce084f653) E:\WINDOWS\System32\dmserver.dll
    01:48:59.0171 5300 dmserver - ok
    01:48:59.0281 5300 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys
    01:48:59.0281 5300 DMusic - ok
    01:48:59.0390 5300 Dnscache (efac4d4c80ccd725cc5bd7d3dbf18c74) E:\WINDOWS\System32\dnsrslvr.dll
    01:48:59.0406 5300 Dnscache - ok
    01:48:59.0468 5300 Dot3svc (c3c6cf67796acdd8329cb0e44367a1eb) E:\WINDOWS\System32\dot3svc.dll
    01:48:59.0468 5300 Dot3svc - ok
    01:48:59.0500 5300 dpti2o - ok
    01:48:59.0578 5300 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys
    01:48:59.0578 5300 drmkaud - ok
    01:48:59.0718 5300 EapHost (d9cabe63af4bc951302d9e508cb5599a) E:\WINDOWS\System32\eapsvc.dll
    01:48:59.0718 5300 EapHost - ok
    01:48:59.0843 5300 ERSvc (bc5287dc6dc7ebb13aa825caa6482f94) E:\WINDOWS\System32\ersvc.dll
    01:48:59.0859 5300 ERSvc - ok
    01:48:59.0953 5300 Eventlog (8870b0c4a094c1ce80cea6f85fa38ff2) E:\WINDOWS\system32\services.exe
    01:48:59.0953 5300 Eventlog - ok
    01:49:00.0125 5300 EventSystem (01cec6de315f1a06ce5aa70009c6979e) E:\WINDOWS\System32\es.dll
    01:49:00.0125 5300 EventSystem - ok
    01:49:00.0218 5300 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys
    01:49:00.0218 5300 Fastfat - ok
    01:49:00.0296 5300 FastUserSwitchingCompatibility (c5684b98920f9ba98d6a33701ca816e6) E:\WINDOWS\System32\shsvcs.dll
    01:49:00.0296 5300 FastUserSwitchingCompatibility - ok
    01:49:00.0390 5300 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\drivers\Fdc.sys
    01:49:00.0406 5300 Fdc - ok
    01:49:00.0468 5300 Fips (b66ddb75642f6722468707840c67a394) E:\WINDOWS\system32\drivers\Fips.sys
    01:49:00.0484 5300 Fips - ok
    01:49:00.0515 5300 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\drivers\Flpydisk.sys
    01:49:00.0562 5300 Flpydisk - ok
    01:49:00.0625 5300 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys
    01:49:00.0625 5300 FltMgr - ok
    01:49:00.0796 5300 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    01:49:00.0875 5300 FontCache3.0.0.0 - ok
    01:49:00.0984 5300 fssfltr (e0087225b137e57239ff40f8ae82059b) E:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
    01:49:00.0984 5300 fssfltr - ok
    01:49:01.0156 5300 fsssvc (45b52394f9624237f33a8a3d73c0b221) E:\Program\Windows Live\Family Safety\fsssvc.exe
    01:49:01.0265 5300 fsssvc - ok
    01:49:01.0343 5300 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys
    01:49:01.0343 5300 Fs_Rec - ok
    01:49:01.0406 5300 Ftdisk (45fc410cfe68ff036ad232a141e69c19) E:\WINDOWS\system32\DRIVERS\ftdisk.sys
    01:49:01.0437 5300 Ftdisk - ok
    01:49:01.0531 5300 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys
    01:49:01.0546 5300 Gpc - ok
    01:49:01.0640 5300 gupdate (f02a533f517eb38333cb12a9e8963773) E:\Program\Google\Update\GoogleUpdate.exe
    01:49:01.0640 5300 gupdate - ok
    01:49:01.0656 5300 gupdatem (f02a533f517eb38333cb12a9e8963773) E:\Program\Google\Update\GoogleUpdate.exe
    01:49:01.0656 5300 gupdatem - ok
    01:49:01.0796 5300 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    01:49:01.0796 5300 HDAudBus - ok
    01:49:01.0875 5300 helpsvc (202c95f334c53a5a8bd0d8465512b3f4) E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    01:49:01.0890 5300 helpsvc - ok
    01:49:01.0984 5300 HidServ (71aace06b5f93cf02d05e4e2ec479aac) E:\WINDOWS\System32\hidserv.dll
    01:49:01.0984 5300 HidServ - ok
    01:49:02.0093 5300 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys
    01:49:02.0125 5300 HidUsb - ok
    01:49:02.0265 5300 hkmsvc (98580e101404565700fd12e03f7ee056) E:\WINDOWS\System32\kmsvc.dll
    01:49:02.0265 5300 hkmsvc - ok
    01:49:03.0828 5300 hpdj - ok
    01:49:04.0281 5300 hpn - ok
    01:49:04.0390 5300 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys
    01:49:04.0390 5300 HTTP - ok
    01:49:04.0453 5300 HTTPFilter (f504d07cb25d62ab8d079c1f868651ae) E:\WINDOWS\System32\w3ssl.dll
    01:49:04.0484 5300 HTTPFilter - ok
    01:49:04.0546 5300 hwdatacard (8adf5ef39e896a65beded878494ee2b6) E:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
    01:49:04.0562 5300 hwdatacard - ok
    01:49:04.0593 5300 hwusbfake (9be5caeabc6b2eb98b3a4839a55d47a0) E:\WINDOWS\system32\DRIVERS\ewusbfake.sys
    01:49:04.0609 5300 hwusbfake - ok
    01:49:04.0625 5300 i2omgmt - ok
    01:49:04.0671 5300 i2omp - ok
    01:49:04.0781 5300 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) E:\WINDOWS\system32\DRIVERS\i8042prt.sys
    01:49:04.0812 5300 i8042prt - ok
    01:49:04.0984 5300 IDriverT (1cf03c69b49acb70c722df92755c0c8c) E:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
    01:49:05.0062 5300 IDriverT - ok
    01:49:05.0265 5300 idsvc (c01ac32dc5c03076cfb852cb5da5229c) e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    01:49:05.0437 5300 idsvc - ok
    01:49:05.0750 5300 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys
    01:49:05.0765 5300 Imapi - ok
    01:49:05.0859 5300 ImapiService (891b69c3de6c55a7868b3bb52bc131aa) E:\WINDOWS\System32\imapi.exe
    01:49:05.0859 5300 ImapiService - ok
    01:49:05.0968 5300 InCDfs (2a53addc15aa64de9514644b87cce9a2) E:\WINDOWS\system32\drivers\InCDFs.sys
    01:49:05.0968 5300 InCDfs - ok
    01:49:06.0062 5300 InCDPass (f9347325c191967bdc650aa111f4b20d) E:\WINDOWS\system32\drivers\InCDPass.sys
    01:49:06.0078 5300 InCDPass - ok
    01:49:06.0156 5300 InCDrec (fbf17b1343790ff043225ef00a265ea1) E:\WINDOWS\system32\drivers\InCDrec.sys
    01:49:06.0156 5300 InCDrec - ok
    01:49:06.0265 5300 incdrm (ec4fbf978ccddc7d4736467879559e43) E:\WINDOWS\system32\drivers\InCDRm.sys
    01:49:06.0265 5300 incdrm - ok
    01:49:06.0531 5300 InCDsrv (dd3fad2cb414ad310b21fc9efa89abc4) E:\Program\Nero\Nero 7\InCD\InCDsrv.exe
    01:49:06.0546 5300 InCDsrv - ok
    01:49:06.0593 5300 ini910u - ok
    01:49:07.0359 5300 IntcAzAudAddService (5d138adc44c43bf37634c8e528d75b1f) E:\WINDOWS\system32\drivers\RtkHDAud.sys
    01:49:07.0562 5300 IntcAzAudAddService - ok
    01:49:08.0031 5300 IntelIde - ok
    01:49:08.0171 5300 ip6fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys
    01:49:08.0171 5300 ip6fw - ok
    01:49:08.0250 5300 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    01:49:08.0281 5300 IpFilterDriver - ok
    01:49:08.0343 5300 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys
    01:49:08.0359 5300 IpInIp - ok
    01:49:08.0453 5300 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys
    01:49:08.0468 5300 IpNat - ok
    01:49:08.0546 5300 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys
    01:49:08.0562 5300 IPSec - ok
    01:49:08.0625 5300 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys
    01:49:08.0640 5300 IRENUM - ok
    01:49:08.0718 5300 isapnp (48f97c77daf8811598cfae21368eacb6) E:\WINDOWS\system32\DRIVERS\isapnp.sys
    01:49:08.0718 5300 isapnp - ok
    01:49:09.0031 5300 JavaQuickStarterService (0a5709543986843d37a92290b7838340) E:\Program\Java\jre6\bin\jqs.exe
    01:49:09.0078 5300 JavaQuickStarterService - ok
    01:49:09.0234 5300 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) E:\WINDOWS\system32\DRIVERS\kbdclass.sys
    01:49:09.0250 5300 Kbdclass - ok
    01:49:09.0343 5300 kbdhid (e1e28876fe7602b0a1d040354de35c06) E:\WINDOWS\system32\DRIVERS\kbdhid.sys
    01:49:09.0343 5300 kbdhid - ok
    01:49:09.0484 5300 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys
    01:49:09.0500 5300 kmixer - ok
    01:49:09.0562 5300 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys
    01:49:09.0562 5300 KSecDD - ok
    01:49:09.0640 5300 lanmanserver (2c633a578d5adaaa821c675d65f959c5) E:\WINDOWS\System32\srvsvc.dll
    01:49:09.0671 5300 lanmanserver - ok
    01:49:09.0781 5300 lanmanworkstation (eaa41d225b9da1314e0977c774864430) E:\WINDOWS\System32\wkssvc.dll
    01:49:09.0781 5300 lanmanworkstation - ok
    01:49:09.0921 5300 Lavasoft Kernexplorer - ok
    01:49:09.0968 5300 Lbd - ok
    01:49:10.0031 5300 lbrtfdc - ok
    01:49:10.0171 5300 LightScribeService (98d884adc0b8c0febcc9d7bee6d86f90) E:\Program\Delade filer\LightScribe\LSSrvc.exe
    01:49:10.0171 5300 LightScribeService - ok
    01:49:10.0250 5300 LmHosts (ee155cf65cdc8be1b4effa24a69fc924) E:\WINDOWS\System32\lmhsvc.dll
    01:49:10.0281 5300 LmHosts - ok
    01:49:10.0359 5300 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) E:\WINDOWS\system32\drivers\mbam.sys
    01:49:10.0359 5300 MBAMProtector - ok
    01:49:10.0453 5300 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) E:\Program\Malwarebytes' Anti-Malware\mbamservice.exe
    01:49:10.0484 5300 MBAMService - ok
    01:49:10.0562 5300 mdf15 (7ad11a5b5ea3bb3093a24c85e653ce54) E:\Program\Clarus\Samsung SecretZone\mdf15.sys
    01:49:10.0578 5300 mdf15 - ok
    01:49:10.0640 5300 Messenger (363e8ebae26bb8b4987c91b4d3ce0f54) E:\WINDOWS\System32\msgsvc.dll
    01:49:10.0640 5300 Messenger - ok
    01:49:10.0734 5300 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys
    01:49:10.0734 5300 mnmdd - ok
    01:49:10.0828 5300 mnmsrvc (2bc41300b822562ac0a524dcdd2da027) E:\WINDOWS\System32\mnmsrvc.exe
    01:49:10.0843 5300 mnmsrvc - ok
    01:49:10.0921 5300 Modem (42ce19726d9c410dff75d3ff1cc79db2) E:\WINDOWS\system32\drivers\Modem.sys
    01:49:10.0921 5300 Modem - ok
    01:49:11.0062 5300 Monfilt (c7d9f9717916b34c1b00dd4834af485c) E:\WINDOWS\system32\drivers\Monfilt.sys
    01:49:11.0109 5300 Monfilt - ok
    01:49:11.0171 5300 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) E:\WINDOWS\system32\DRIVERS\mouclass.sys
    01:49:11.0171 5300 Mouclass - ok
    01:49:11.0265 5300 mouhid (98e474ecf11f1db62fb072157a95ea83) E:\WINDOWS\system32\DRIVERS\mouhid.sys
    01:49:11.0265 5300 mouhid - ok
    01:49:11.0328 5300 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys
    01:49:11.0359 5300 MountMgr - ok
    01:49:11.0375 5300 mraid35x - ok
    01:49:11.0531 5300 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys
    01:49:11.0546 5300 MRxDAV - ok
    01:49:11.0671 5300 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    01:49:11.0687 5300 MRxSmb - ok
    01:49:11.0765 5300 MSDTC (7a73fdeef6cf45d27edd73220eaf1c8f) E:\WINDOWS\System32\msdtc.exe
    01:49:11.0765 5300 MSDTC - ok
    01:49:11.0890 5300 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys
    01:49:11.0890 5300 Msfs - ok
    01:49:12.0000 5300 MSIServer - ok
    01:49:12.0078 5300 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys
    01:49:12.0078 5300 MSKSSRV - ok
    01:49:12.0187 5300 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys
    01:49:12.0187 5300 MSPCLOCK - ok
    01:49:12.0281 5300 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys
    01:49:12.0281 5300 MSPQM - ok
    01:49:12.0390 5300 MSR Service (9da8fd98e368730e38589aa1952ac37f) E:\Program\Clarus\Samsung SecretZone\MSSvc.exe
    01:49:12.0390 5300 MSR Service - ok
    01:49:12.0515 5300 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys
    01:49:12.0515 5300 mssmbios - ok
    01:49:12.0578 5300 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) E:\WINDOWS\system32\drivers\MSTEE.sys
    01:49:12.0578 5300 MSTEE - ok
    01:49:12.0625 5300 Mup (de6a75f5c270e756c5508d94b6cf68f5) E:\WINDOWS\system32\drivers\Mup.sys
    01:49:12.0625 5300 Mup - ok
    01:49:12.0718 5300 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    01:49:12.0718 5300 NABTSFEC - ok
    01:49:12.0765 5300 napagent (28d11a2ecdfcb280624bd7006d85c38e) E:\WINDOWS\System32\qagentrt.dll
    01:49:12.0765 5300 napagent - ok
    01:49:12.0828 5300 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys
    01:49:12.0843 5300 NDIS - ok
    01:49:12.0906 5300 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) E:\WINDOWS\system32\DRIVERS\NdisIP.sys
    01:49:12.0937 5300 NdisIP - ok
    01:49:13.0000 5300 NdisTapi (0109c4f3850dfbab279542515386ae22) E:\WINDOWS\system32\DRIVERS\ndistapi.sys
    01:49:13.0000 5300 NdisTapi - ok
    01:49:13.0062 5300 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys
    01:49:13.0062 5300 Ndisuio - ok
    01:49:13.0125 5300 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys
    01:49:13.0125 5300 NdisWan - ok
    01:49:13.0218 5300 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) E:\WINDOWS\system32\drivers\NDProxy.sys
    01:49:13.0218 5300 NDProxy - ok
    01:49:13.0281 5300 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys
    01:49:13.0312 5300 NetBIOS - ok
    01:49:13.0406 5300 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys
    01:49:13.0406 5300 NetBT - ok
    01:49:13.0484 5300 NetDDE (5a922c8e35bf372f3dd3ec61345634b7) E:\WINDOWS\system32\netdde.exe
    01:49:13.0500 5300 NetDDE - ok
    01:49:13.0500 5300 NetDDEdsdm (5a922c8e35bf372f3dd3ec61345634b7) E:\WINDOWS\system32\netdde.exe
    01:49:13.0500 5300 NetDDEdsdm - ok
    01:49:13.0546 5300 NETGEAR_WG311T_SERVICE - ok
    01:49:13.0609 5300 Netlogon (ff1805d5daf41625af5282750d4a3700) E:\WINDOWS\System32\lsass.exe
    01:49:13.0609 5300 Netlogon - ok
    01:49:13.0750 5300 Netman (7f791c1c9d3fec5d3f519c9db19465d3) E:\WINDOWS\System32\netman.dll
    01:49:13.0781 5300 Netman - ok
    01:49:13.0968 5300 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    01:49:14.0031 5300 NetTcpPortSharing - ok
    01:49:14.0109 5300 Nla (d080a76f42dfe1e7af0c069ae5bad8fc) E:\WINDOWS\System32\mswsock.dll
    01:49:14.0109 5300 Nla - ok
    01:49:14.0328 5300 NMIndexingService (060daf68493ad7adf104413e5a62afa8) E:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
    01:49:14.0406 5300 NMIndexingService - ok
    01:49:14.0500 5300 nosGetPlusHelper (ef7a048fe8e3f102c78c9bd7c448bb6c) E:\Program\NOS\bin\getPlus_Helper_3004.dll
    01:49:14.0546 5300 nosGetPlusHelper - ok
    01:49:14.0671 5300 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys
    01:49:14.0671 5300 Npfs - ok
    01:49:14.0812 5300 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys
    01:49:14.0812 5300 Ntfs - ok
    01:49:14.0921 5300 NtLmSsp (ff1805d5daf41625af5282750d4a3700) E:\WINDOWS\System32\lsass.exe
    01:49:14.0921 5300 NtLmSsp - ok
    01:49:14.0984 5300 NtmsSvc (5fd9f539baf23288d131f1b709a62807) E:\WINDOWS\system32\ntmssvc.dll
    01:49:15.0015 5300 NtmsSvc - ok
    01:49:15.0125 5300 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys
    01:49:15.0125 5300 Null - ok
    01:49:15.0218 5300 NVENETFD (fb571595404ffdc5006540cffcfa88e4) E:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    01:49:15.0234 5300 NVENETFD - ok
    01:49:15.0281 5300 nvgts (a117466b0acb13288deee4f2e936e67f) E:\WINDOWS\system32\DRIVERS\nvgts.sys
    01:49:15.0281 5300 nvgts - ok
    01:49:15.0437 5300 nvnetbus (be8513730653384939a4d2d977c81027) E:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    01:49:15.0437 5300 nvnetbus - ok
    01:49:15.0562 5300 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    01:49:15.0562 5300 NwlnkFlt - ok
    01:49:15.0625 5300 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    01:49:15.0625 5300 NwlnkFwd - ok
    01:49:15.0718 5300 Parport (19e28ed86e7244d76fda792c2810188e) E:\WINDOWS\system32\DRIVERS\parport.sys
    01:49:15.0718 5300 Parport - ok
    01:49:15.0765 5300 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys
    01:49:15.0765 5300 PartMgr - ok
    01:49:15.0843 5300 ParVdm (5cf71e14a108c492c1fb07543d579af5) E:\WINDOWS\system32\drivers\ParVdm.sys
    01:49:15.0859 5300 ParVdm - ok
    01:49:15.0906 5300 pccsmcfd (fd2041e9ba03db7764b2248f02475079) E:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
    01:49:15.0906 5300 pccsmcfd - ok
    01:49:15.0937 5300 PCI (8a185f0112cf5b42ff1aaff31b8b3091) E:\WINDOWS\system32\DRIVERS\pci.sys
    01:49:15.0968 5300 PCI - ok
    01:49:16.0031 5300 PCIDump - ok
    01:49:16.0093 5300 PCIIde (239de4275ee40fdf9912761467025244) E:\WINDOWS\system32\DRIVERS\pciide.sys
    01:49:16.0093 5300 PCIIde - ok
    01:49:16.0203 5300 Pcmcia (904053aa6e251c77cf85371ce644cfd7) E:\WINDOWS\system32\drivers\Pcmcia.sys
    01:49:16.0218 5300 Pcmcia - ok
    01:49:16.0234 5300 PDCOMP - ok
    01:49:16.0281 5300 PDFRAME - ok
    01:49:16.0312 5300 PDRELI - ok
    01:49:16.0390 5300 PDRFRAME - ok
    01:49:16.0421 5300 perc2 - ok
    01:49:16.0500 5300 perc2hib - ok
    01:49:16.0593 5300 PlugPlay (8870b0c4a094c1ce80cea6f85fa38ff2) E:\WINDOWS\system32\services.exe
    01:49:16.0593 5300 PlugPlay - ok
    01:49:16.0781 5300 PnkBstrA (c183b7e8c4dd96af66d7ace48d2d9b05) E:\Program\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
    01:49:16.0781 5300 PnkBstrA - ok
    01:49:16.0843 5300 PolicyAgent (ff1805d5daf41625af5282750d4a3700) E:\WINDOWS\System32\lsass.exe
    01:49:16.0859 5300 PolicyAgent - ok
    01:49:16.0937 5300 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys
    01:49:16.0953 5300 PptpMiniport - ok
    01:49:17.0000 5300 Processor (992e4b2a91e6a2f3d21de89b9273353a) E:\WINDOWS\system32\DRIVERS\processr.sys
    01:49:17.0015 5300 Processor - ok
    01:49:17.0046 5300 ProtectedStorage (ff1805d5daf41625af5282750d4a3700) E:\WINDOWS\system32\lsass.exe
    01:49:17.0046 5300 ProtectedStorage - ok
    01:49:17.0125 5300 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys
    01:49:17.0125 5300 PSched - ok
    01:49:17.0171 5300 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys
    01:49:17.0171 5300 Ptilink - ok
    01:49:17.0187 5300 ql1080 - ok
    01:49:17.0218 5300 Ql10wnt - ok
    01:49:17.0250 5300 ql12160 - ok
    01:49:17.0281 5300 ql1240 - ok
    01:49:17.0328 5300 ql1280 - ok
    01:49:17.0375 5300 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys
    01:49:17.0390 5300 RasAcd - ok
    01:49:17.0515 5300 RasAuto (15d787dffce46cfc4c7f567095ce8323) E:\WINDOWS\System32\rasauto.dll
    01:49:17.0515 5300 RasAuto - ok
    01:49:17.0593 5300 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    01:49:17.0609 5300 Rasl2tp - ok
    01:49:17.0656 5300 RasMan (1e86de6b0df33953cf9ce449dd6e8442) E:\WINDOWS\System32\rasmans.dll
    01:49:17.0656 5300 RasMan - ok
    01:49:17.0734 5300 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys
    01:49:17.0750 5300 RasPppoe - ok
    01:49:17.0828 5300 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys
    01:49:17.0828 5300 Raspti - ok
    01:49:17.0859 5300 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys
    01:49:17.0875 5300 Rdbss - ok
    01:49:17.0937 5300 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    01:49:17.0953 5300 RDPCDD - ok
    01:49:18.0000 5300 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys
    01:49:18.0031 5300 rdpdr - ok
    01:49:18.0125 5300 RDPWD (5b3055daa788bd688594d2f5981f2a83) E:\WINDOWS\system32\drivers\RDPWD.sys
    01:49:18.0140 5300 RDPWD - ok
    01:49:18.0203 5300 RDSessMgr (fe7c16fa5cbc560579c9728534fbaf6f) E:\WINDOWS\system32\sessmgr.exe
    01:49:18.0218 5300 RDSessMgr - ok
    01:49:18.0296 5300 redbook (97130d37842819fa39fd5f1e90a5d676) E:\WINDOWS\system32\DRIVERS\redbook.sys
    01:49:18.0328 5300 redbook - ok
    01:49:18.0421 5300 RemoteAccess (fcd42d82c6f5e0e1506eca01d692dde7) E:\WINDOWS\System32\mprdim.dll
    01:49:18.0421 5300 RemoteAccess - ok
    01:49:18.0515 5300 RemoteRegistry (66bc81fea0c86632255b696a69ba9827) E:\WINDOWS\system32\regsvc.dll
    01:49:18.0515 5300 RemoteRegistry - ok
    01:49:18.0609 5300 RpcLocator (2cfb81b412a5d3cbd55cefaccb5e2cee) E:\WINDOWS\System32\locator.exe
    01:49:18.0609 5300 RpcLocator - ok
    01:49:18.0734 5300 RpcSs (87dadc3f6e6cd5aaeb913e19cbff922c) E:\WINDOWS\system32\rpcss.dll
    01:49:18.0750 5300 RpcSs - ok
    01:49:18.0796 5300 RSVP (72407e48f912ed57213ae474b8a6798b) E:\WINDOWS\System32\rsvp.exe
    01:49:18.0812 5300 RSVP - ok
    01:49:19.0156 5300 rt2870 (a6886caf9d03dade7144171e471eca6f) E:\WINDOWS\system32\DRIVERS\rt2870.sys
    01:49:19.0171 5300 rt2870 - ok
    01:49:20.0109 5300 SamSs (ff1805d5daf41625af5282750d4a3700) E:\WINDOWS\system32\lsass.exe
    01:49:20.0109 5300 SamSs - ok
    01:49:21.0140 5300 SCardSvr (d339f34d824a7d42ff4d61f1d9d06029) E:\WINDOWS\System32\SCardSvr.exe
    01:49:21.0203 5300 SCardSvr - ok
    01:49:22.0265 5300 Schedule (c7dc69a9d8c9ab2fbca3238c989d598f) E:\WINDOWS\system32\schedsvc.dll
    01:49:22.0328 5300 Schedule - ok
    01:49:23.0593 5300 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys
    01:49:23.0625 5300 Secdrv - ok
    01:49:24.0671 5300 seclogon (ed70eb06f13062366b126b1c7475c127) E:\WINDOWS\System32\seclogon.dll
    01:49:24.0718 5300 seclogon - ok
    01:49:25.0046 5300 SENS (ea7b436a948c875dc94c6062fcbbc2d9) E:\WINDOWS\system32\sens.dll
    01:49:25.0078 5300 SENS - ok
    01:49:25.0125 5300 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys
    01:49:25.0140 5300 serenum - ok
    01:49:25.0250 5300 Serial (f7d35464062edc08909e568bcd8ae77d) E:\WINDOWS\system32\DRIVERS\serial.sys
    01:49:25.0250 5300 Serial - ok
    01:49:25.0375 5300 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys
    01:49:25.0375 5300 Sfloppy - ok
    01:49:25.0531 5300 SharedAccess (30e1a46734bdf836c8770949c86b42a4) E:\WINDOWS\System32\ipnathlp.dll
    01:49:25.0531 5300 SharedAccess - ok
    01:49:25.0640 5300 ShellHWDetection (c5684b98920f9ba98d6a33701ca816e6) E:\WINDOWS\System32\shsvcs.dll
    01:49:25.0640 5300 ShellHWDetection - ok
    01:49:25.0687 5300 Simbad - ok
    01:49:25.0828 5300 SLIP (866d538ebe33709a5c9f5c62b73b7d14) E:\WINDOWS\system32\DRIVERS\SLIP.sys
    01:49:25.0828 5300 SLIP - ok
    01:49:25.0984 5300 SOFTXG (b958ba970b5e623cd714824bc463ed2c) E:\WINDOWS\system32\drivers\sxgxgwdm.sys
    01:49:26.0015 5300 SOFTXG - ok
    01:49:26.0062 5300 Sparrow - ok
    01:49:26.0140 5300 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys
    01:49:26.0140 5300 splitter - ok
    01:49:26.0250 5300 Spooler (60784f891563fb1b767f70117fc2428f) E:\WINDOWS\system32\spoolsv.exe
    01:49:26.0281 5300 Spooler - ok
    01:49:26.0375 5300 sr (1193ef00869f6367367e6e7cb96be325) E:\WINDOWS\system32\DRIVERS\sr.sys
    01:49:26.0375 5300 sr - ok
    01:49:26.0390 5300 srescan - ok
    01:49:26.0546 5300 srservice (25edb60132f9d82cb1b7961c1d0d13f2) E:\WINDOWS\System32\srsvc.dll
    01:49:26.0578 5300 srservice - ok
    01:49:26.0671 5300 Srv (47ddfc2f003f7f9f0592c6874962a2e7) E:\WINDOWS\system32\DRIVERS\srv.sys
    01:49:26.0671 5300 Srv - ok
    01:49:26.0734 5300 SSDPSRV (53ffc29dc150e0107f28f0a622ff8d1a) E:\WINDOWS\System32\ssdpsrv.dll
    01:49:26.0750 5300 SSDPSRV - ok
    01:49:26.0828 5300 ssmdrv (a36ee93698802cd899f98bfd553d8185) E:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    01:49:26.0828 5300 ssmdrv - ok
    01:49:26.0937 5300 stisvc (5835d4ad35905215e1059a973b022ea1) E:\WINDOWS\system32\wiaservc.dll
    01:49:26.0953 5300 stisvc - ok
    01:49:27.0078 5300 streamip (77813007ba6265c4b6098187e6ed79d2) E:\WINDOWS\system32\DRIVERS\StreamIP.sys
    01:49:27.0078 5300 streamip - ok
    01:49:27.0187 5300 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys
    01:49:27.0187 5300 swenum - ok
    01:49:27.0281 5300 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys
    01:49:27.0312 5300 swmidi - ok
    01:49:27.0375 5300 SwPrv - ok
    01:49:27.0484 5300 symc810 - ok
    01:49:27.0531 5300 symc8xx - ok
    01:49:27.0593 5300 sym_hi - ok
    01:49:27.0625 5300 sym_u3 - ok
    01:49:27.0750 5300 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys
    01:49:27.0750 5300 sysaudio - ok
    01:49:27.0796 5300 SysmonLog (71a08eec00a703445a2cbc0e91ef0952) E:\WINDOWS\system32\smlogsvc.exe
    01:49:27.0812 5300 SysmonLog - ok
    01:49:27.0953 5300 TapiSrv (18261106524f7a93ceceacdc03a5b989) E:\WINDOWS\System32\tapisrv.dll
    01:49:28.0000 5300 TapiSrv - ok
    01:49:28.0171 5300 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys
    01:49:28.0187 5300 Tcpip - ok
    01:49:28.0296 5300 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys
    01:49:28.0296 5300 TDPIPE - ok
    01:49:28.0375 5300 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys
    01:49:28.0375 5300 TDTCP - ok
    01:49:28.0453 5300 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys
    01:49:28.0484 5300 TermDD - ok
    01:49:28.0578 5300 TermService (f89c53d455420df4d66e45842fb3a46e) E:\WINDOWS\System32\termsrv.dll
    01:49:28.0593 5300 TermService - ok
    01:49:28.0703 5300 Themes (c5684b98920f9ba98d6a33701ca816e6) E:\WINDOWS\System32\shsvcs.dll
    01:49:28.0703 5300 Themes - ok
    01:49:28.0765 5300 TlntSvr (cc4c1aae22088304c715ac9d26f2d4c1) E:\WINDOWS\System32\tlntsvr.exe
    01:49:28.0765 5300 TlntSvr - ok
    01:49:28.0906 5300 TomTomHOMEService (39bd95a9fe72aaf5c675ad146be456a9) E:\Program\TomTom HOME 2\TomTomHOMEService.exe
    01:49:28.0921 5300 TomTomHOMEService - ok
    01:49:28.0968 5300 TosIde - ok
    01:49:29.0093 5300 TrkWks (548867e040cb81a82b5df09d074f95f8) E:\WINDOWS\system32\trkwks.dll
    01:49:29.0109 5300 TrkWks - ok
    01:49:29.0250 5300 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys
    01:49:29.0250 5300 Udfs - ok
    01:49:29.0312 5300 ultra - ok
    01:49:29.0484 5300 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys
    01:49:29.0484 5300 Update - ok
    01:49:29.0609 5300 upnphost (b1222a2302480d56a32c5343150bb16d) E:\WINDOWS\System32\upnphost.dll
    01:49:29.0609 5300 upnphost - ok
    01:49:29.0687 5300 UPS (7b07af3d4545ad6fee34b5f2eb247c8f) E:\WINDOWS\System32\ups.exe
    01:49:29.0687 5300 UPS - ok
    01:49:29.0765 5300 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys
    01:49:29.0781 5300 usbccgp - ok
    01:49:29.0828 5300 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys
    01:49:29.0859 5300 usbehci - ok
    01:49:29.0906 5300 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys
    01:49:29.0921 5300 usbhub - ok
    01:49:29.0984 5300 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys
    01:49:29.0984 5300 usbohci - ok
    01:49:30.0078 5300 usbprint (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys
    01:49:30.0093 5300 usbprint - ok
    01:49:30.0234 5300 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys
    01:49:30.0250 5300 usbscan - ok
    01:49:30.0343 5300 usbser (1c888b000c2f9492f4b15b5b6b84873e) E:\WINDOWS\system32\drivers\usbser.sys
    01:49:30.0343 5300 usbser - ok
    01:49:30.0421 5300 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    01:49:30.0421 5300 USBSTOR - ok
    01:49:30.0531 5300 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys
    01:49:30.0531 5300 VgaSave - ok
    01:49:30.0609 5300 ViaIde - ok
    01:49:30.0687 5300 Video3D (8643da4a6c83da6c10fcab1e5ab6632d) E:\WINDOWS\system32\Drivers\Video3D32.sys
    01:49:30.0718 5300 Video3D - ok
    01:49:30.0718 5300 VMnetAdapter - ok
    01:49:30.0906 5300 VoddlerNet (b32804cc718da696d570c0181b376557) E:\Program\Voddler\service\voddler.exe
    01:49:31.0046 5300 VoddlerNet - ok
    01:49:31.0125 5300 VolSnap (57187ec04878147e1f4f2d9224b12205) E:\WINDOWS\system32\drivers\VolSnap.sys
    01:49:31.0125 5300 VolSnap - ok
    01:49:31.0250 5300 VSS (940950dc9e34b05986bbbb1d1a33b74f) E:\WINDOWS\System32\vssvc.exe
    01:49:31.0296 5300 VSS - ok
    01:49:31.0406 5300 W32Time (4bf06a1dcd6a91c482e79340fee527ca) E:\WINDOWS\System32\w32time.dll
    01:49:31.0406 5300 W32Time - ok
    01:49:31.0484 5300 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys
    01:49:31.0515 5300 Wanarp - ok
    01:49:31.0640 5300 Wdf01000 (d918617b46457b9ac28027722e30f647) E:\WINDOWS\system32\Drivers\wdf01000.sys
    01:49:31.0640 5300 Wdf01000 - ok
    01:49:31.0703 5300 WDICA - ok
    01:49:31.0765 5300 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys
    01:49:31.0765 5300 wdmaud - ok
    01:49:31.0781 5300 WebClient (e6dfcadf5089a68ecd288e9a803a892c) E:\WINDOWS\System32\webclnt.dll
    01:49:31.0796 5300 WebClient - ok
    01:49:31.0859 5300 winmgmt (cf4e2a27495f7ea6b3128d9a731b3716) E:\WINDOWS\system32\wbem\WMIsvc.dll
    01:49:31.0859 5300 winmgmt - ok
    01:49:32.0265 5300 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) E:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
    01:49:32.0375 5300 wlidsvc - ok
    01:49:32.0453 5300 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) E:\WINDOWS\system32\MsPMSNSv.dll
    01:49:32.0453 5300 WmdmPmSN - ok
    01:49:32.0562 5300 Wmi (b5ff0001533be01dfbd995d7a60a7daa) E:\WINDOWS\System32\advapi32.dll
    01:49:32.0578 5300 Wmi - ok
    01:49:32.0656 5300 WmiApSrv (9bfadc02a9e27bfdff59e61302f92517) E:\WINDOWS\System32\wbem\wmiapsrv.exe
    01:49:32.0703 5300 WmiApSrv - ok
    01:49:32.0968 5300 WMPNetworkSvc (de188dd69ca74b1512adc5a7639523b2) E:\Program\Windows Media Player\WMPNetwk.exe
    01:49:33.0234 5300 WMPNetworkSvc - ok
    01:49:33.0328 5300 WpdUsb (cf4def1bf66f06964dc0d91844239104) E:\WINDOWS\system32\DRIVERS\wpdusb.sys
    01:49:33.0328 5300 WpdUsb - ok
    01:49:33.0718 5300 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    01:49:33.0859 5300 WPFFontCache_v0400 - ok
    01:49:33.0937 5300 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) E:\WINDOWS\System32\drivers\ws2ifsl.sys
    01:49:33.0937 5300 WS2IFSL - ok
    01:49:34.0031 5300 wscsvc (4ac32513fa47c8219448269bf895fc34) E:\WINDOWS\system32\wscsvc.dll
    01:49:34.0062 5300 wscsvc - ok
    01:49:34.0093 5300 WSearch - ok
    01:49:34.0203 5300 WSTCODEC (c98b39829c2bbd34e454150633c62c78) E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    01:49:34.0203 5300 WSTCODEC - ok
    01:49:34.0312 5300 wuauserv (4ceaf29d35c2608c6463e80574ddca10) E:\WINDOWS\system32\wuauserv.dll
    01:49:34.0343 5300 wuauserv - ok
    01:49:34.0390 5300 WudfPf (f15feafffbb3644ccc80c5da584e6311) E:\WINDOWS\system32\DRIVERS\WudfPf.sys
    01:49:34.0390 5300 WudfPf - ok
    01:49:34.0453 5300 WudfRd (28b524262bce6de1f7ef9f510ba3985b) E:\WINDOWS\system32\DRIVERS\wudfrd.sys
    01:49:34.0468 5300 WudfRd - ok
    01:49:34.0500 5300 WudfSvc (05231c04253c5bc30b26cbaae680ed89) E:\WINDOWS\System32\WUDFSvc.dll
    01:49:34.0515 5300 WudfSvc - ok
    01:49:34.0625 5300 WZCSVC (5ec7d7f83640a921b5c616d9650520fd) E:\WINDOWS\System32\wzcsvc.dll
    01:49:34.0640 5300 WZCSVC - ok
    01:49:34.0703 5300 xcpip - ok
    01:49:34.0765 5300 xmlprov (5b3d475aa8629320686fbffbe67ab492) E:\WINDOWS\System32\xmlprov.dll
    01:49:34.0859 5300 xmlprov - ok
    01:49:34.0890 5300 xpsec - ok
    01:49:34.0937 5300 MBR (0x1B8) (1a1a07f7cddc8d30368f560f9b3a227e) \Device\Harddisk0\DR0
    01:49:34.0937 5300 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
    01:49:34.0937 5300 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
    01:49:34.0953 5300 MBR (0x1B8) (c8919ae61419c5625f9ef0aef12523a8) \Device\Harddisk1\DR2
    01:49:34.0953 5300 \Device\Harddisk1\DR2 - ok
    01:49:34.0968 5300 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4
    01:49:34.0984 5300 \Device\Harddisk2\DR4 - ok
    01:49:35.0015 5300 Boot (0x1200) (459b544dd41d5c286fd11d62163c15fc) \Device\Harddisk0\DR0\Partition0
    01:49:35.0015 5300 \Device\Harddisk0\DR0\Partition0 - ok
    01:49:35.0031 5300 Boot (0x1200) (9ee207bcf579e831343bbcf18dd03124) \Device\Harddisk1\DR2\Partition0
    01:49:35.0031 5300 \Device\Harddisk1\DR2\Partition0 - ok
    01:49:35.0031 5300 Boot (0x1200) (b7587347c39f1f68275a88760e1599e3) \Device\Harddisk2\DR4\Partition0
    01:49:35.0031 5300 \Device\Harddisk2\DR4\Partition0 - ok
    01:49:35.0031 5300 ============================================================
    01:49:35.0031 5300 Scan finished
    01:49:35.0031 5300 ============================================================
    01:49:35.0046 0720 Detected object count: 1
    01:49:35.0046 0720 Actual detected object count: 1
    01:49:54.0515 0720 \Device\Harddisk0\DR0\# - copied to quarantine
    01:49:54.0515 0720 \Device\Harddisk0\DR0 - copied to quarantine
    01:49:54.0562 0720 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
    01:49:54.0593 0720 \Device\Harddisk0\DR0 - ok
    01:49:54.0593 0720 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
    01:50:02.0437 5448 Deinitialize success
  9. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Very well :)

    Re-run TDSSKiller one more time.
  10. petka

    petka Newcomer, in training Topic Starter Posts: 42

    Will do!

    Here we go....

    TDSSkiller:

    02:24:34.0281 4220 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
    02:24:34.0406 4220 ============================================================
    02:24:34.0406 4220 Current date / time: 2012/03/26 02:24:34.0406
    02:24:34.0406 4220 SystemInfo:
    02:24:34.0406 4220
    02:24:34.0406 4220 OS Version: 5.1.2600 ServicePack: 3.0
    02:24:34.0406 4220 Product type: Workstation
    02:24:34.0406 4220 ComputerName: PKNEW
    02:24:34.0406 4220 UserName: petka
    02:24:34.0406 4220 Windows directory: E:\WINDOWS
    02:24:34.0406 4220 System windows directory: E:\WINDOWS
    02:24:34.0406 4220 Processor architecture: Intel x86
    02:24:34.0406 4220 Number of processors: 2
    02:24:34.0406 4220 Page size: 0x1000
    02:24:34.0406 4220 Boot type: Normal boot
    02:24:34.0406 4220 ============================================================
    02:24:35.0875 4220 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
    02:24:35.0875 4220 Drive \Device\Harddisk1\DR2 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    02:24:35.0875 4220 Drive \Device\Harddisk2\DR4 - Size: 0xE8E0DA0000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    02:24:35.0890 4220 \Device\Harddisk0\DR0:
    02:24:35.0890 4220 MBR used
    02:24:35.0890 4220 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
    02:24:35.0890 4220 \Device\Harddisk1\DR2:
    02:24:35.0890 4220 MBR used
    02:24:35.0890 4220 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
    02:24:35.0890 4220 \Device\Harddisk2\DR4:
    02:24:35.0890 4220 MBR used
    02:24:35.0890 4220 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
    02:24:36.0015 4220 Initialize success
    02:24:36.0015 4220 ============================================================
    02:24:45.0796 5836 ============================================================
    02:24:45.0796 5836 Scan started
    02:24:45.0796 5836 Mode: Manual;
    02:24:45.0796 5836 ============================================================
    02:24:46.0578 5836 80czzt43.sys - ok
    02:24:46.0578 5836 Abiosdsk - ok
    02:24:46.0625 5836 abp480n5 - ok
    02:24:46.0671 5836 ACPI (48547e29772befe3c554ff5e4855bf51) E:\WINDOWS\system32\DRIVERS\ACPI.sys
    02:24:46.0671 5836 ACPI - ok
    02:24:46.0718 5836 ACPIEC (decedc736cef3c0fff6e981b31e73a61) E:\WINDOWS\system32\drivers\ACPIEC.sys
    02:24:46.0718 5836 ACPIEC - ok
    02:24:46.0750 5836 adpu160m - ok
    02:24:46.0765 5836 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys
    02:24:46.0765 5836 aec - ok
    02:24:46.0812 5836 AFD (1e44bc1e83d8fd2305f8d452db109cf9) E:\WINDOWS\System32\drivers\afd.sys
    02:24:46.0812 5836 AFD - ok
    02:24:46.0828 5836 Aha154x - ok
    02:24:46.0828 5836 aic78u2 - ok
    02:24:46.0843 5836 aic78xx - ok
    02:24:46.0875 5836 Alerter (7e3c83703327499d0b98ae392ff07ede) E:\WINDOWS\system32\alrsvc.dll
    02:24:46.0890 5836 Alerter - ok
    02:24:46.0921 5836 ALG (5df46f9ad9c1d611a38af2abb9365b5b) E:\WINDOWS\System32\alg.exe
    02:24:46.0921 5836 ALG - ok
    02:24:46.0937 5836 AliIde - ok
    02:24:47.0015 5836 Ambfilt (267fc636801edc5ab28e14036349e3be) E:\WINDOWS\system32\drivers\Ambfilt.sys
    02:24:47.0203 5836 Ambfilt - ok
    02:24:47.0359 5836 AmdPPM (033448d435e65c4bd72e70521fd05c76) E:\WINDOWS\system32\DRIVERS\AmdPPM.sys
    02:24:47.0359 5836 AmdPPM - ok
    02:24:47.0375 5836 amsint - ok
    02:24:47.0437 5836 ANIO (2953a157a783bfc06f42f99fefa5eb07) E:\WINDOWS\system32\ANIO.SYS
    02:24:47.0453 5836 ANIO - ok
    02:24:47.0500 5836 ANIWConnService (2d007966bb8a6c89433766e3d682bbec) E:\WINDOWS\system32\ANIWConnService.exe
    02:24:47.0515 5836 ANIWConnService - ok
    02:24:47.0640 5836 ANIWZCSdService (aa3d68f26b2a27f660afc46039b061a4) E:\Program\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    02:24:47.0640 5836 ANIWZCSdService - ok
    02:24:47.0812 5836 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) E:\Program\Avira\AntiVir Desktop\sched.exe
    02:24:47.0812 5836 AntiVirSchedulerService - ok
    02:24:47.0828 5836 AntiVirService (42f88bfbb76f7a63e381829479b18518) E:\Program\Avira\AntiVir Desktop\avguard.exe
    02:24:47.0828 5836 AntiVirService - ok
    02:24:47.0875 5836 AppMgmt (6912d676607594c3554c2e43f4b1feee) E:\WINDOWS\System32\appmgmts.dll
    02:24:47.0890 5836 AppMgmt - ok
    02:24:47.0984 5836 AR5416 (00e031fe2d849be503fc4a47271f1ea5) E:\WINDOWS\system32\DRIVERS\athw.sys
    02:24:48.0015 5836 AR5416 - ok
    02:24:48.0046 5836 asc - ok
    02:24:48.0281 5836 asc3350p - ok
    02:24:48.0296 5836 asc3550 - ok
    02:24:48.0437 5836 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    02:24:48.0468 5836 aspnet_state - ok
    02:24:48.0500 5836 asusgsb (d320732bcf5ff856120bd06855c66867) E:\WINDOWS\system32\drivers\asusgsb.sys
    02:24:48.0500 5836 asusgsb - ok
    02:24:48.0515 5836 asuskbnt (b3b881eb81013aac11594a5400ada47a) E:\WINDOWS\system32\drivers\atkkbnt.sys
    02:24:48.0531 5836 asuskbnt - ok
    02:24:48.0546 5836 ASUSVRC (94442e3029ff6c9f08140fe6718af4fb) E:\WINDOWS\system32\DRIVERS\AsusVRC.sys
    02:24:48.0546 5836 ASUSVRC - ok
    02:24:48.0578 5836 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys
    02:24:48.0578 5836 AsyncMac - ok
    02:24:48.0609 5836 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys
    02:24:48.0609 5836 atapi - ok
    02:24:48.0625 5836 Atdisk - ok
    02:24:48.0734 5836 Ati HotKey Poller (944e535926628fb2fa33435eb848f94e) E:\WINDOWS\system32\Ati2evxx.exe
    02:24:48.0765 5836 Ati HotKey Poller - ok
    02:24:48.0828 5836 ATI Smart (b9cb37e2393fca35d0505cda5703cbdc) E:\WINDOWS\system32\ati2sgag.exe
    02:24:48.0828 5836 ATI Smart - ok
    02:24:49.0140 5836 ati2mtag (0997918a56a6e09ddf7bdfc0ebe8a99d) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    02:24:49.0250 5836 ati2mtag - ok
    02:24:49.0578 5836 AtiHDAudioService (bd9ca8136738040d3257363ed12be693) E:\WINDOWS\system32\drivers\AtihdXP3.sys
    02:24:49.0578 5836 AtiHDAudioService - ok
    02:24:49.0625 5836 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) E:\WINDOWS\system32\drivers\AtiHdmi.sys
    02:24:49.0625 5836 AtiHdmiService - ok
    02:24:49.0687 5836 ATKKeyboardService (df70303547e59f09dcd32983100edcd1) E:\WINDOWS\ATKKBService.exe
    02:24:50.0765 5836 ATKKeyboardService - ok
    02:24:51.0109 5836 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys
    02:24:51.0140 5836 Atmarpc - ok
    02:24:51.0187 5836 AudioSrv (73f7604cfb13a066a93442f431c62c4a) E:\WINDOWS\System32\audiosrv.dll
    02:24:51.0218 5836 AudioSrv - ok
    02:24:51.0296 5836 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys
    02:24:51.0296 5836 audstub - ok
    02:24:51.0359 5836 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) E:\WINDOWS\system32\DRIVERS\avgntflt.sys
    02:24:51.0359 5836 avgntflt - ok
    02:24:51.0406 5836 avipbb (13b02b9b969dde270cd7c351203dad3c) E:\WINDOWS\system32\DRIVERS\avipbb.sys
    02:24:51.0406 5836 avipbb - ok
    02:24:51.0468 5836 avkmgr (271cfd1a989209b1964e24d969552bf7) E:\WINDOWS\system32\DRIVERS\avkmgr.sys
    02:24:51.0468 5836 avkmgr - ok
    02:24:51.0546 5836 AWINDIS5 (f62b70d3209e38a6c19a03109a25b903) E:\WINDOWS\system32\AWINDIS5.SYS
    02:24:51.0546 5836 AWINDIS5 - ok
    02:24:51.0593 5836 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys
    02:24:51.0593 5836 Beep - ok
    02:24:51.0625 5836 BITS (9741942a86e579231d3c41aa51de042f) E:\WINDOWS\system32\qmgr.dll
    02:24:51.0765 5836 BITS - ok
    02:24:51.0843 5836 Browser (e0d4a1cc49efb58a32b5e9d35798c9dd) E:\WINDOWS\System32\browser.dll
    02:24:51.0843 5836 Browser - ok
    02:24:51.0875 5836 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys
    02:24:51.0906 5836 cbidf2k - ok
    02:24:51.0968 5836 CCDECODE (0be5aef125be881c4f854c554f2b025c) E:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    02:24:51.0968 5836 CCDECODE - ok
    02:24:52.0000 5836 cd20xrnt - ok
    02:24:52.0015 5836 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys
    02:24:52.0031 5836 Cdaudio - ok
    02:24:52.0046 5836 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys
    02:24:52.0062 5836 Cdfs - ok
    02:24:52.0109 5836 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys
    02:24:52.0109 5836 Cdrom - ok
    02:24:52.0109 5836 Changer - ok
    02:24:52.0203 5836 CiSvc (359c676391504438f334478585fd6465) E:\WINDOWS\system32\cisvc.exe
    02:24:52.0218 5836 CiSvc - ok
    02:24:52.0250 5836 ClipSrv (b8345830c5d789d3da21b91c0c94d086) E:\WINDOWS\system32\clipsrv.exe
    02:24:52.0265 5836 ClipSrv - ok
    02:24:52.0359 5836 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    02:24:52.0375 5836 clr_optimization_v2.0.50727_32 - ok
    02:24:52.0437 5836 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    02:24:52.0500 5836 clr_optimization_v4.0.30319_32 - ok
    02:24:52.0531 5836 CmdIde - ok
    02:24:52.0562 5836 COMSysApp - ok
    02:24:52.0578 5836 Cpqarray - ok
    02:24:52.0609 5836 CryptSvc (04fd6585508a7320b2c7453ced231d6b) E:\WINDOWS\System32\cryptsvc.dll
    02:24:52.0609 5836 CryptSvc - ok
    02:24:52.0609 5836 dac2w2k - ok
    02:24:52.0640 5836 dac960nt - ok
    02:24:52.0671 5836 DcomLaunch (87dadc3f6e6cd5aaeb913e19cbff922c) E:\WINDOWS\system32\rpcss.dll
    02:24:52.0687 5836 DcomLaunch - ok
    02:24:52.0703 5836 Dhcp (0ce3fa1c1a6803b34022d6c47273930d) E:\WINDOWS\System32\dhcpcsvc.dll
    02:24:52.0703 5836 Dhcp - ok
    02:24:52.0718 5836 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys
    02:24:52.0750 5836 Disk - ok
    02:24:52.0765 5836 dmadmin - ok
    02:24:52.0828 5836 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) E:\WINDOWS\system32\drivers\dmboot.sys
    02:24:52.0890 5836 dmboot - ok
    02:24:52.0906 5836 dmio (41862731f82be80f0cfba5d0da36b683) E:\WINDOWS\system32\drivers\dmio.sys
    02:24:52.0921 5836 dmio - ok
    02:24:52.0953 5836 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys
    02:24:52.0968 5836 dmload - ok
    02:24:53.0000 5836 dmserver (77db107fd2d8de42b3adc7fce084f653) E:\WINDOWS\System32\dmserver.dll
    02:24:53.0000 5836 dmserver - ok
    02:24:53.0046 5836 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys
    02:24:53.0046 5836 DMusic - ok
    02:24:53.0078 5836 Dnscache (efac4d4c80ccd725cc5bd7d3dbf18c74) E:\WINDOWS\System32\dnsrslvr.dll
    02:24:53.0078 5836 Dnscache - ok
    02:24:53.0125 5836 Dot3svc (c3c6cf67796acdd8329cb0e44367a1eb) E:\WINDOWS\System32\dot3svc.dll
    02:24:53.0140 5836 Dot3svc - ok
    02:24:53.0156 5836 dpti2o - ok
    02:24:53.0171 5836 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys
    02:24:53.0171 5836 drmkaud - ok
    02:24:53.0203 5836 EapHost (d9cabe63af4bc951302d9e508cb5599a) E:\WINDOWS\System32\eapsvc.dll
    02:24:53.0234 5836 EapHost - ok
    02:24:53.0234 5836 ERSvc (bc5287dc6dc7ebb13aa825caa6482f94) E:\WINDOWS\System32\ersvc.dll
    02:24:53.0250 5836 ERSvc - ok
    02:24:53.0296 5836 Eventlog (8870b0c4a094c1ce80cea6f85fa38ff2) E:\WINDOWS\system32\services.exe
    02:24:53.0296 5836 Eventlog - ok
    02:24:53.0359 5836 EventSystem (01cec6de315f1a06ce5aa70009c6979e) E:\WINDOWS\System32\es.dll
    02:24:53.0359 5836 EventSystem - ok
    02:24:53.0406 5836 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys
    02:24:53.0421 5836 Fastfat - ok
    02:24:53.0484 5836 FastUserSwitchingCompatibility (c5684b98920f9ba98d6a33701ca816e6) E:\WINDOWS\System32\shsvcs.dll
    02:24:53.0484 5836 FastUserSwitchingCompatibility - ok
    02:24:53.0531 5836 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\drivers\Fdc.sys
    02:24:53.0531 5836 Fdc - ok
    02:24:53.0578 5836 Fips (b66ddb75642f6722468707840c67a394) E:\WINDOWS\system32\drivers\Fips.sys
    02:24:53.0578 5836 Fips - ok
    02:24:53.0609 5836 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\drivers\Flpydisk.sys
    02:24:53.0609 5836 Flpydisk - ok
    02:24:53.0656 5836 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys
    02:24:53.0671 5836 FltMgr - ok
    02:24:53.0812 5836 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    02:24:53.0843 5836 FontCache3.0.0.0 - ok
    02:24:53.0875 5836 fssfltr (e0087225b137e57239ff40f8ae82059b) E:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
    02:24:53.0875 5836 fssfltr - ok
    02:24:54.0187 5836 fsssvc (45b52394f9624237f33a8a3d73c0b221) E:\Program\Windows Live\Family Safety\fsssvc.exe
    02:24:54.0500 5836 fsssvc - ok
    02:24:55.0062 5836 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys
    02:24:55.0078 5836 Fs_Rec - ok
    02:24:55.0578 5836 Ftdisk (45fc410cfe68ff036ad232a141e69c19) E:\WINDOWS\system32\DRIVERS\ftdisk.sys
    02:24:55.0687 5836 Ftdisk - ok
    02:24:56.0812 5836 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys
    02:24:56.0843 5836 Gpc - ok
    02:24:57.0250 5836 gupdate (f02a533f517eb38333cb12a9e8963773) E:\Program\Google\Update\GoogleUpdate.exe
    02:24:57.0359 5836 gupdate - ok
    02:24:57.0437 5836 gupdatem (f02a533f517eb38333cb12a9e8963773) E:\Program\Google\Update\GoogleUpdate.exe
    02:24:57.0437 5836 gupdatem - ok
    02:24:58.0343 5836 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    02:24:58.0359 5836 HDAudBus - ok
    02:24:58.0437 5836 helpsvc (202c95f334c53a5a8bd0d8465512b3f4) E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    02:24:58.0437 5836 helpsvc - ok
    02:24:58.0484 5836 HidServ (71aace06b5f93cf02d05e4e2ec479aac) E:\WINDOWS\System32\hidserv.dll
    02:24:58.0500 5836 HidServ - ok
    02:24:58.0562 5836 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys
    02:24:58.0562 5836 HidUsb - ok
    02:24:58.0625 5836 hkmsvc (98580e101404565700fd12e03f7ee056) E:\WINDOWS\System32\kmsvc.dll
    02:24:58.0640 5836 hkmsvc - ok
    02:24:59.0671 5836 hpdj - ok
    02:24:59.0968 5836 hpn - ok
    02:25:00.0031 5836 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys
    02:25:00.0031 5836 HTTP - ok
    02:25:00.0078 5836 HTTPFilter (f504d07cb25d62ab8d079c1f868651ae) E:\WINDOWS\System32\w3ssl.dll
    02:25:00.0109 5836 HTTPFilter - ok
    02:25:00.0187 5836 hwdatacard (8adf5ef39e896a65beded878494ee2b6) E:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
    02:25:00.0218 5836 hwdatacard - ok
    02:25:00.0281 5836 hwusbfake (9be5caeabc6b2eb98b3a4839a55d47a0) E:\WINDOWS\system32\DRIVERS\ewusbfake.sys
    02:25:00.0312 5836 hwusbfake - ok
    02:25:00.0328 5836 i2omgmt - ok
    02:25:00.0359 5836 i2omp - ok
    02:25:00.0437 5836 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) E:\WINDOWS\system32\DRIVERS\i8042prt.sys
    02:25:00.0437 5836 i8042prt - ok
    02:25:00.0531 5836 IDriverT (1cf03c69b49acb70c722df92755c0c8c) E:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
    02:25:00.0546 5836 IDriverT - ok
    02:25:00.0687 5836 idsvc (c01ac32dc5c03076cfb852cb5da5229c) e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    02:25:00.0750 5836 idsvc - ok
    02:25:00.0781 5836 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys
    02:25:00.0781 5836 Imapi - ok
    02:25:00.0812 5836 ImapiService (891b69c3de6c55a7868b3bb52bc131aa) E:\WINDOWS\System32\imapi.exe
    02:25:00.0812 5836 ImapiService - ok
    02:25:00.0890 5836 InCDfs (2a53addc15aa64de9514644b87cce9a2) E:\WINDOWS\system32\drivers\InCDFs.sys
    02:25:00.0890 5836 InCDfs - ok
    02:25:00.0937 5836 InCDPass (f9347325c191967bdc650aa111f4b20d) E:\WINDOWS\system32\drivers\InCDPass.sys
    02:25:00.0937 5836 InCDPass - ok
    02:25:00.0953 5836 InCDrec (fbf17b1343790ff043225ef00a265ea1) E:\WINDOWS\system32\drivers\InCDrec.sys
    02:25:00.0968 5836 InCDrec - ok
    02:25:01.0000 5836 incdrm (ec4fbf978ccddc7d4736467879559e43) E:\WINDOWS\system32\drivers\InCDRm.sys
    02:25:01.0000 5836 incdrm - ok
    02:25:01.0125 5836 InCDsrv (dd3fad2cb414ad310b21fc9efa89abc4) E:\Program\Nero\Nero 7\InCD\InCDsrv.exe
    02:25:01.0140 5836 InCDsrv - ok
    02:25:01.0156 5836 ini910u - ok
    02:25:01.0359 5836 IntcAzAudAddService (5d138adc44c43bf37634c8e528d75b1f) E:\WINDOWS\system32\drivers\RtkHDAud.sys
    02:25:01.0453 5836 IntcAzAudAddService - ok
    02:25:01.0484 5836 IntelIde - ok
    02:25:01.0531 5836 ip6fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys
    02:25:01.0546 5836 ip6fw - ok
    02:25:01.0609 5836 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    02:25:01.0609 5836 IpFilterDriver - ok
    02:25:01.0656 5836 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys
    02:25:01.0687 5836 IpInIp - ok
    02:25:01.0734 5836 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys
    02:25:01.0750 5836 IpNat - ok
    02:25:01.0765 5836 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys
    02:25:01.0765 5836 IPSec - ok
    02:25:01.0828 5836 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys
    02:25:01.0843 5836 IRENUM - ok
    02:25:01.0906 5836 isapnp (48f97c77daf8811598cfae21368eacb6) E:\WINDOWS\system32\DRIVERS\isapnp.sys
    02:25:01.0921 5836 isapnp - ok
    02:25:02.0078 5836 JavaQuickStarterService (0a5709543986843d37a92290b7838340) E:\Program\Java\jre6\bin\jqs.exe
    02:25:02.0093 5836 JavaQuickStarterService - ok
    02:25:02.0125 5836 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) E:\WINDOWS\system32\DRIVERS\kbdclass.sys
    02:25:02.0125 5836 Kbdclass - ok
    02:25:02.0171 5836 kbdhid (e1e28876fe7602b0a1d040354de35c06) E:\WINDOWS\system32\DRIVERS\kbdhid.sys
    02:25:02.0171 5836 kbdhid - ok
    02:25:02.0203 5836 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys
    02:25:02.0203 5836 kmixer - ok
    02:25:02.0265 5836 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys
    02:25:02.0265 5836 KSecDD - ok
    02:25:02.0312 5836 lanmanserver (2c633a578d5adaaa821c675d65f959c5) E:\WINDOWS\System32\srvsvc.dll
    02:25:02.0312 5836 lanmanserver - ok
    02:25:02.0375 5836 lanmanworkstation (eaa41d225b9da1314e0977c774864430) E:\WINDOWS\System32\wkssvc.dll
    02:25:02.0375 5836 lanmanworkstation - ok
    02:25:02.0437 5836 Lavasoft Kernexplorer - ok
    02:25:02.0468 5836 Lbd - ok
    02:25:02.0484 5836 lbrtfdc - ok
    02:25:02.0609 5836 LightScribeService (98d884adc0b8c0febcc9d7bee6d86f90) E:\Program\Delade filer\LightScribe\LSSrvc.exe
    02:25:02.0609 5836 LightScribeService - ok
    02:25:02.0656 5836 LmHosts (ee155cf65cdc8be1b4effa24a69fc924) E:\WINDOWS\System32\lmhsvc.dll
    02:25:02.0656 5836 LmHosts - ok
    02:25:02.0703 5836 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) E:\WINDOWS\system32\drivers\mbam.sys
    02:25:02.0703 5836 MBAMProtector - ok
    02:25:02.0750 5836 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) E:\Program\Malwarebytes' Anti-Malware\mbamservice.exe
    02:25:02.0750 5836 MBAMService - ok
    02:25:02.0812 5836 mdf15 (7ad11a5b5ea3bb3093a24c85e653ce54) E:\Program\Clarus\Samsung SecretZone\mdf15.sys
    02:25:02.0812 5836 mdf15 - ok
    02:25:02.0828 5836 Messenger (363e8ebae26bb8b4987c91b4d3ce0f54) E:\WINDOWS\System32\msgsvc.dll
    02:25:02.0859 5836 Messenger - ok
    02:25:02.0906 5836 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys
    02:25:02.0906 5836 mnmdd - ok
    02:25:02.0968 5836 mnmsrvc (2bc41300b822562ac0a524dcdd2da027) E:\WINDOWS\System32\mnmsrvc.exe
    02:25:02.0984 5836 mnmsrvc - ok
    02:25:03.0031 5836 Modem (42ce19726d9c410dff75d3ff1cc79db2) E:\WINDOWS\system32\drivers\Modem.sys
    02:25:03.0046 5836 Modem - ok
    02:25:03.0125 5836 Monfilt (c7d9f9717916b34c1b00dd4834af485c) E:\WINDOWS\system32\drivers\Monfilt.sys
    02:25:03.0156 5836 Monfilt - ok
    02:25:03.0187 5836 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) E:\WINDOWS\system32\DRIVERS\mouclass.sys
    02:25:03.0187 5836 Mouclass - ok
    02:25:03.0250 5836 mouhid (98e474ecf11f1db62fb072157a95ea83) E:\WINDOWS\system32\DRIVERS\mouhid.sys
    02:25:03.0250 5836 mouhid - ok
    02:25:03.0250 5836 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys
    02:25:03.0265 5836 MountMgr - ok
    02:25:03.0265 5836 mraid35x - ok
    02:25:03.0281 5836 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys
    02:25:03.0281 5836 MRxDAV - ok
    02:25:03.0343 5836 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    02:25:03.0343 5836 MRxSmb - ok
    02:25:03.0359 5836 MSDTC (7a73fdeef6cf45d27edd73220eaf1c8f) E:\WINDOWS\System32\msdtc.exe
    02:25:03.0375 5836 MSDTC - ok
    02:25:03.0406 5836 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys
    02:25:03.0406 5836 Msfs - ok
    02:25:03.0437 5836 MSIServer - ok
    02:25:03.0468 5836 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys
    02:25:03.0468 5836 MSKSSRV - ok
    02:25:03.0484 5836 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys
    02:25:03.0500 5836 MSPCLOCK - ok
    02:25:03.0546 5836 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys
    02:25:03.0546 5836 MSPQM - ok
    02:25:03.0656 5836 MSR Service (9da8fd98e368730e38589aa1952ac37f) E:\Program\Clarus\Samsung SecretZone\MSSvc.exe
    02:25:03.0656 5836 MSR Service - ok
    02:25:03.0703 5836 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys
    02:25:03.0703 5836 mssmbios - ok
    02:25:03.0734 5836 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) E:\WINDOWS\system32\drivers\MSTEE.sys
    02:25:03.0750 5836 MSTEE - ok
    02:25:03.0796 5836 Mup (de6a75f5c270e756c5508d94b6cf68f5) E:\WINDOWS\system32\drivers\Mup.sys
    02:25:03.0796 5836 Mup - ok
    02:25:03.0812 5836 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    02:25:03.0843 5836 NABTSFEC - ok
    02:25:03.0890 5836 napagent (28d11a2ecdfcb280624bd7006d85c38e) E:\WINDOWS\System32\qagentrt.dll
    02:25:03.0921 5836 napagent - ok
    02:25:03.0984 5836 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys
    02:25:04.0015 5836 NDIS - ok
    02:25:04.0062 5836 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) E:\WINDOWS\system32\DRIVERS\NdisIP.sys
    02:25:04.0078 5836 NdisIP - ok
    02:25:04.0125 5836 NdisTapi (0109c4f3850dfbab279542515386ae22) E:\WINDOWS\system32\DRIVERS\ndistapi.sys
    02:25:04.0125 5836 NdisTapi - ok
    02:25:04.0171 5836 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys
    02:25:04.0171 5836 Ndisuio - ok
    02:25:04.0187 5836 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys
    02:25:04.0187 5836 NdisWan - ok
    02:25:04.0234 5836 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) E:\WINDOWS\system32\drivers\NDProxy.sys
    02:25:04.0234 5836 NDProxy - ok
    02:25:04.0265 5836 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys
    02:25:04.0265 5836 NetBIOS - ok
    02:25:04.0281 5836 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys
    02:25:04.0281 5836 NetBT - ok
    02:25:04.0343 5836 NetDDE (5a922c8e35bf372f3dd3ec61345634b7) E:\WINDOWS\system32\netdde.exe
    02:25:04.0343 5836 NetDDE - ok
    02:25:04.0359 5836 NetDDEdsdm (5a922c8e35bf372f3dd3ec61345634b7) E:\WINDOWS\system32\netdde.exe
    02:25:04.0359 5836 NetDDEdsdm - ok
    02:25:04.0359 5836 NETGEAR_WG311T_SERVICE - ok
    02:25:04.0421 5836 Netlogon (ff1805d5daf41625af5282750d4a3700) E:\WINDOWS\System32\lsass.exe
    02:25:04.0421 5836 Netlogon - ok
    02:25:04.0453 5836 Netman (7f791c1c9d3fec5d3f519c9db19465d3) E:\WINDOWS\System32\netman.dll
    02:25:04.0468 5836 Netman - ok
    02:25:04.0609 5836 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    02:25:04.0640 5836 NetTcpPortSharing - ok
    02:25:04.0703 5836 Nla (d080a76f42dfe1e7af0c069ae5bad8fc) E:\WINDOWS\System32\mswsock.dll
    02:25:04.0718 5836 Nla - ok
    02:25:04.0859 5836 NMIndexingService (060daf68493ad7adf104413e5a62afa8) E:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
    02:25:04.0890 5836 NMIndexingService - ok
    02:25:04.0953 5836 nosGetPlusHelper (ef7a048fe8e3f102c78c9bd7c448bb6c) E:\Program\NOS\bin\getPlus_Helper_3004.dll
    02:25:04.0953 5836 nosGetPlusHelper - ok
    02:25:04.0984 5836 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys
    02:25:05.0000 5836 Npfs - ok
    02:25:05.0046 5836 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys
    02:25:05.0093 5836 Ntfs - ok
    02:25:05.0140 5836 NtLmSsp (ff1805d5daf41625af5282750d4a3700) E:\WINDOWS\System32\lsass.exe
    02:25:05.0140 5836 NtLmSsp - ok
    02:25:05.0203 5836 NtmsSvc (5fd9f539baf23288d131f1b709a62807) E:\WINDOWS\system32\ntmssvc.dll
    02:25:05.0234 5836 NtmsSvc - ok
    02:25:05.0296 5836 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys
    02:25:05.0312 5836 Null - ok
    02:25:05.0359 5836 NVENETFD (fb571595404ffdc5006540cffcfa88e4) E:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    02:25:05.0359 5836 NVENETFD - ok
    02:25:05.0406 5836 nvgts (a117466b0acb13288deee4f2e936e67f) E:\WINDOWS\system32\DRIVERS\nvgts.sys
    02:25:05.0421 5836 nvgts - ok
    02:25:05.0453 5836 nvnetbus (be8513730653384939a4d2d977c81027) E:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    02:25:05.0453 5836 nvnetbus - ok
    02:25:05.0500 5836 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    02:25:05.0531 5836 NwlnkFlt - ok
    02:25:05.0562 5836 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    02:25:05.0562 5836 NwlnkFwd - ok
    02:25:05.0625 5836 Parport (19e28ed86e7244d76fda792c2810188e) E:\WINDOWS\system32\DRIVERS\parport.sys
    02:25:05.0625 5836 Parport - ok
    02:25:05.0640 5836 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys
    02:25:05.0671 5836 PartMgr - ok
    02:25:05.0718 5836 ParVdm (5cf71e14a108c492c1fb07543d579af5) E:\WINDOWS\system32\drivers\ParVdm.sys
    02:25:05.0718 5836 ParVdm - ok
    02:25:05.0750 5836 pccsmcfd (fd2041e9ba03db7764b2248f02475079) E:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
    02:25:05.0765 5836 pccsmcfd - ok
    02:25:05.0781 5836 PCI (8a185f0112cf5b42ff1aaff31b8b3091) E:\WINDOWS\system32\DRIVERS\pci.sys
    02:25:05.0812 5836 PCI - ok
    02:25:05.0828 5836 PCIDump - ok
    02:25:05.0890 5836 PCIIde (239de4275ee40fdf9912761467025244) E:\WINDOWS\system32\DRIVERS\pciide.sys
    02:25:05.0890 5836 PCIIde - ok
    02:25:05.0937 5836 Pcmcia (904053aa6e251c77cf85371ce644cfd7) E:\WINDOWS\system32\drivers\Pcmcia.sys
    02:25:05.0968 5836 Pcmcia - ok
    02:25:06.0000 5836 PDCOMP - ok
    02:25:06.0031 5836 PDFRAME - ok
    02:25:06.0046 5836 PDRELI - ok
    02:25:06.0046 5836 PDRFRAME - ok
    02:25:06.0062 5836 perc2 - ok
    02:25:06.0062 5836 perc2hib - ok
    02:25:06.0125 5836 PlugPlay (8870b0c4a094c1ce80cea6f85fa38ff2) E:\WINDOWS\system32\services.exe
    02:25:06.0125 5836 PlugPlay - ok
    02:25:06.0265 5836 PnkBstrA (c183b7e8c4dd96af66d7ace48d2d9b05) E:\Program\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
    02:25:06.0265 5836 PnkBstrA - ok
    02:25:06.0296 5836 PolicyAgent (ff1805d5daf41625af5282750d4a3700) E:\WINDOWS\System32\lsass.exe
    02:25:06.0296 5836 PolicyAgent - ok
    02:25:06.0343 5836 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys
    02:25:06.0343 5836 PptpMiniport - ok
    02:25:06.0390 5836 Processor (992e4b2a91e6a2f3d21de89b9273353a) E:\WINDOWS\system32\DRIVERS\processr.sys
    02:25:06.0390 5836 Processor - ok
    02:25:06.0406 5836 ProtectedStorage (ff1805d5daf41625af5282750d4a3700) E:\WINDOWS\system32\lsass.exe
    02:25:06.0406 5836 ProtectedStorage - ok
    02:25:06.0421 5836 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys
    02:25:06.0421 5836 PSched - ok
    02:25:06.0468 5836 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys
    02:25:06.0468 5836 Ptilink - ok
    02:25:06.0484 5836 ql1080 - ok
    02:25:06.0500 5836 Ql10wnt - ok
    02:25:06.0500 5836 ql12160 - ok
    02:25:06.0515 5836 ql1240 - ok
    02:25:06.0515 5836 ql1280 - ok
    02:25:06.0546 5836 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys
    02:25:06.0546 5836 RasAcd - ok
    02:25:06.0593 5836 RasAuto (15d787dffce46cfc4c7f567095ce8323) E:\WINDOWS\System32\rasauto.dll
    02:25:06.0609 5836 RasAuto - ok
    02:25:06.0656 5836 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    02:25:06.0656 5836 Rasl2tp - ok
    02:25:06.0734 5836 RasMan (1e86de6b0df33953cf9ce449dd6e8442) E:\WINDOWS\System32\rasmans.dll
    02:25:06.0734 5836 RasMan - ok
    02:25:06.0750 5836 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys
    02:25:06.0750 5836 RasPppoe - ok
    02:25:06.0750 5836 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys
    02:25:06.0765 5836 Raspti - ok
    02:25:06.0781 5836 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys
    02:25:06.0781 5836 Rdbss - ok
    02:25:06.0796 5836 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    02:25:06.0796 5836 RDPCDD - ok
    02:25:06.0796 5836 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys
    02:25:06.0812 5836 rdpdr - ok
    02:25:06.0859 5836 RDPWD (5b3055daa788bd688594d2f5981f2a83) E:\WINDOWS\system32\drivers\RDPWD.sys
    02:25:06.0859 5836 RDPWD - ok
    02:25:06.0890 5836 RDSessMgr (fe7c16fa5cbc560579c9728534fbaf6f) E:\WINDOWS\system32\sessmgr.exe
    02:25:06.0906 5836 RDSessMgr - ok
    02:25:06.0921 5836 redbook (97130d37842819fa39fd5f1e90a5d676) E:\WINDOWS\system32\DRIVERS\redbook.sys
    02:25:06.0921 5836 redbook - ok
    02:25:06.0953 5836 RemoteAccess (fcd42d82c6f5e0e1506eca01d692dde7) E:\WINDOWS\System32\mprdim.dll
    02:25:06.0968 5836 RemoteAccess - ok
    02:25:07.0000 5836 RemoteRegistry (66bc81fea0c86632255b696a69ba9827) E:\WINDOWS\system32\regsvc.dll
    02:25:07.0000 5836 RemoteRegistry - ok
    02:25:07.0015 5836 RpcLocator (2cfb81b412a5d3cbd55cefaccb5e2cee) E:\WINDOWS\System32\locator.exe
    02:25:07.0031 5836 RpcLocator - ok
    02:25:07.0093 5836 RpcSs (87dadc3f6e6cd5aaeb913e19cbff922c) E:\WINDOWS\system32\rpcss.dll
    02:25:07.0093 5836 RpcSs - ok
    02:25:07.0125 5836 RSVP (72407e48f912ed57213ae474b8a6798b) E:\WINDOWS\System32\rsvp.exe
    02:25:07.0156 5836 RSVP - ok
    02:25:07.0218 5836 rt2870 (a6886caf9d03dade7144171e471eca6f) E:\WINDOWS\system32\DRIVERS\rt2870.sys
    02:25:07.0234 5836 rt2870 - ok
    02:25:07.0250 5836 SamSs (ff1805d5daf41625af5282750d4a3700) E:\WINDOWS\system32\lsass.exe
    02:25:07.0250 5836 SamSs - ok
    02:25:07.0265 5836 SCardSvr (d339f34d824a7d42ff4d61f1d9d06029) E:\WINDOWS\System32\SCardSvr.exe
    02:25:07.0281 5836 SCardSvr - ok
    02:25:07.0343 5836 Schedule (c7dc69a9d8c9ab2fbca3238c989d598f) E:\WINDOWS\system32\schedsvc.dll
    02:25:07.0343 5836 Schedule - ok
    02:25:07.0390 5836 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys
    02:25:07.0406 5836 Secdrv - ok
    02:25:07.0453 5836 seclogon (ed70eb06f13062366b126b1c7475c127) E:\WINDOWS\System32\seclogon.dll
    02:25:07.0453 5836 seclogon - ok
    02:25:07.0500 5836 SENS (ea7b436a948c875dc94c6062fcbbc2d9) E:\WINDOWS\system32\sens.dll
    02:25:07.0500 5836 SENS - ok
    02:25:07.0531 5836 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys
    02:25:07.0531 5836 serenum - ok
    02:25:07.0562 5836 Serial (f7d35464062edc08909e568bcd8ae77d) E:\WINDOWS\system32\DRIVERS\serial.sys
    02:25:07.0562 5836 Serial - ok
    02:25:07.0593 5836 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys
    02:25:07.0593 5836 Sfloppy - ok
    02:25:07.0609 5836 SharedAccess (30e1a46734bdf836c8770949c86b42a4) E:\WINDOWS\System32\ipnathlp.dll
    02:25:07.0625 5836 SharedAccess - ok
    02:25:07.0671 5836 ShellHWDetection (c5684b98920f9ba98d6a33701ca816e6) E:\WINDOWS\System32\shsvcs.dll
    02:25:07.0671 5836 ShellHWDetection - ok
    02:25:07.0687 5836 Simbad - ok
    02:25:07.0703 5836 SLIP (866d538ebe33709a5c9f5c62b73b7d14) E:\WINDOWS\system32\DRIVERS\SLIP.sys
    02:25:07.0718 5836 SLIP - ok
    02:25:07.0781 5836 SOFTXG (b958ba970b5e623cd714824bc463ed2c) E:\WINDOWS\system32\drivers\sxgxgwdm.sys
    02:25:07.0796 5836 SOFTXG - ok
    02:25:07.0796 5836 Sparrow - ok
    02:25:07.0828 5836 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys
    02:25:07.0828 5836 splitter - ok
    02:25:07.0859 5836 Spooler (60784f891563fb1b767f70117fc2428f) E:\WINDOWS\system32\spoolsv.exe
    02:25:07.0859 5836 Spooler - ok
    02:25:07.0937 5836 sr (1193ef00869f6367367e6e7cb96be325) E:\WINDOWS\system32\DRIVERS\sr.sys
    02:25:07.0968 5836 sr - ok
    02:25:07.0968 5836 srescan - ok
    02:25:07.0984 5836 srservice (25edb60132f9d82cb1b7961c1d0d13f2) E:\WINDOWS\System32\srsvc.dll
    02:25:07.0984 5836 srservice - ok
    02:25:08.0031 5836 Srv (47ddfc2f003f7f9f0592c6874962a2e7) E:\WINDOWS\system32\DRIVERS\srv.sys
    02:25:08.0046 5836 Srv - ok
    02:25:08.0078 5836 SSDPSRV (53ffc29dc150e0107f28f0a622ff8d1a) E:\WINDOWS\System32\ssdpsrv.dll
    02:25:08.0078 5836 SSDPSRV - ok
    02:25:08.0109 5836 ssmdrv (a36ee93698802cd899f98bfd553d8185) E:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    02:25:08.0109 5836 ssmdrv - ok
    02:25:08.0140 5836 stisvc (5835d4ad35905215e1059a973b022ea1) E:\WINDOWS\system32\wiaservc.dll
    02:25:08.0140 5836 stisvc - ok
    02:25:08.0171 5836 streamip (77813007ba6265c4b6098187e6ed79d2) E:\WINDOWS\system32\DRIVERS\StreamIP.sys
    02:25:08.0171 5836 streamip - ok
    02:25:08.0203 5836 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys
    02:25:08.0203 5836 swenum - ok
    02:25:08.0218 5836 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys
    02:25:08.0218 5836 swmidi - ok
    02:25:08.0218 5836 SwPrv - ok
    02:25:08.0234 5836 symc810 - ok
    02:25:08.0250 5836 symc8xx - ok
    02:25:08.0250 5836 sym_hi - ok
    02:25:08.0265 5836 sym_u3 - ok
    02:25:08.0281 5836 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys
    02:25:08.0281 5836 sysaudio - ok
    02:25:08.0343 5836 SysmonLog (71a08eec00a703445a2cbc0e91ef0952) E:\WINDOWS\system32\smlogsvc.exe
    02:25:08.0343 5836 SysmonLog - ok
    02:25:08.0406 5836 TapiSrv (18261106524f7a93ceceacdc03a5b989) E:\WINDOWS\System32\tapisrv.dll
    02:25:08.0421 5836 TapiSrv - ok
    02:25:08.0484 5836 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys
    02:25:08.0484 5836 Tcpip - ok
    02:25:08.0531 5836 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys
    02:25:08.0531 5836 TDPIPE - ok
    02:25:08.0562 5836 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys
    02:25:08.0562 5836 TDTCP - ok
    02:25:08.0593 5836 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys
    02:25:08.0609 5836 TermDD - ok
    02:25:08.0640 5836 TermService (f89c53d455420df4d66e45842fb3a46e) E:\WINDOWS\System32\termsrv.dll
    02:25:08.0640 5836 TermService - ok
    02:25:08.0687 5836 Themes (c5684b98920f9ba98d6a33701ca816e6) E:\WINDOWS\System32\shsvcs.dll
    02:25:08.0703 5836 Themes - ok
    02:25:08.0734 5836 TlntSvr (cc4c1aae22088304c715ac9d26f2d4c1) E:\WINDOWS\System32\tlntsvr.exe
    02:25:08.0750 5836 TlntSvr - ok
    02:25:08.0875 5836 TomTomHOMEService (39bd95a9fe72aaf5c675ad146be456a9) E:\Program\TomTom HOME 2\TomTomHOMEService.exe
    02:25:08.0875 5836 TomTomHOMEService - ok
    02:25:08.0890 5836 TosIde - ok
    02:25:08.0968 5836 TrkWks (548867e040cb81a82b5df09d074f95f8) E:\WINDOWS\system32\trkwks.dll
    02:25:08.0968 5836 TrkWks - ok
    02:25:09.0015 5836 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys
    02:25:09.0015 5836 Udfs - ok
    02:25:09.0031 5836 ultra - ok
    02:25:09.0046 5836 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys
    02:25:09.0046 5836 Update - ok
    02:25:09.0078 5836 upnphost (b1222a2302480d56a32c5343150bb16d) E:\WINDOWS\System32\upnphost.dll
    02:25:09.0078 5836 upnphost - ok
    02:25:09.0093 5836 UPS (7b07af3d4545ad6fee34b5f2eb247c8f) E:\WINDOWS\System32\ups.exe
    02:25:09.0109 5836 UPS - ok
    02:25:09.0125 5836 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys
    02:25:09.0125 5836 usbccgp - ok
    02:25:09.0171 5836 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys
    02:25:09.0171 5836 usbehci - ok
    02:25:09.0171 5836 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys
    02:25:09.0171 5836 usbhub - ok
    02:25:09.0187 5836 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys
    02:25:09.0187 5836 usbohci - ok
    02:25:09.0203 5836 usbprint (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys
    02:25:09.0203 5836 usbprint - ok
    02:25:09.0250 5836 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys
    02:25:09.0265 5836 usbscan - ok
    02:25:09.0312 5836 usbser (1c888b000c2f9492f4b15b5b6b84873e) E:\WINDOWS\system32\drivers\usbser.sys
    02:25:09.0328 5836 usbser - ok
    02:25:09.0359 5836 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    02:25:09.0359 5836 USBSTOR - ok
    02:25:09.0406 5836 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys
    02:25:09.0421 5836 VgaSave - ok
    02:25:09.0437 5836 ViaIde - ok
    02:25:09.0515 5836 Video3D (8643da4a6c83da6c10fcab1e5ab6632d) E:\WINDOWS\system32\Drivers\Video3D32.sys
    02:25:09.0515 5836 Video3D - ok
    02:25:09.0515 5836 VMnetAdapter - ok
    02:25:09.0703 5836 VoddlerNet (b32804cc718da696d570c0181b376557) E:\Program\Voddler\service\voddler.exe
    02:25:09.0734 5836 VoddlerNet - ok
    02:25:09.0828 5836 VolSnap (57187ec04878147e1f4f2d9224b12205) E:\WINDOWS\system32\drivers\VolSnap.sys
    02:25:09.0828 5836 VolSnap - ok
    02:25:09.0875 5836 VSS (940950dc9e34b05986bbbb1d1a33b74f) E:\WINDOWS\System32\vssvc.exe
    02:25:09.0890 5836 VSS - ok
    02:25:09.0937 5836 W32Time (4bf06a1dcd6a91c482e79340fee527ca) E:\WINDOWS\System32\w32time.dll
    02:25:09.0937 5836 W32Time - ok
    02:25:10.0000 5836 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys
    02:25:10.0000 5836 Wanarp - ok
    02:25:10.0062 5836 Wdf01000 (d918617b46457b9ac28027722e30f647) E:\WINDOWS\system32\Drivers\wdf01000.sys
    02:25:10.0109 5836 Wdf01000 - ok
    02:25:10.0125 5836 WDICA - ok
    02:25:10.0171 5836 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys
    02:25:10.0171 5836 wdmaud - ok
    02:25:10.0203 5836 WebClient (e6dfcadf5089a68ecd288e9a803a892c) E:\WINDOWS\System32\webclnt.dll
    02:25:10.0203 5836 WebClient - ok
    02:25:10.0265 5836 winmgmt (cf4e2a27495f7ea6b3128d9a731b3716) E:\WINDOWS\system32\wbem\WMIsvc.dll
    02:25:10.0265 5836 winmgmt - ok
    02:25:10.0453 5836 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) E:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
    02:25:10.0484 5836 wlidsvc - ok
    02:25:10.0531 5836 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) E:\WINDOWS\system32\MsPMSNSv.dll
    02:25:10.0546 5836 WmdmPmSN - ok
    02:25:10.0625 5836 Wmi (b5ff0001533be01dfbd995d7a60a7daa) E:\WINDOWS\System32\advapi32.dll
    02:25:10.0640 5836 Wmi - ok
    02:25:10.0687 5836 WmiApSrv (9bfadc02a9e27bfdff59e61302f92517) E:\WINDOWS\System32\wbem\wmiapsrv.exe
    02:25:10.0718 5836 WmiApSrv - ok
    02:25:10.0875 5836 WMPNetworkSvc (de188dd69ca74b1512adc5a7639523b2) E:\Program\Windows Media Player\WMPNetwk.exe
    02:25:10.0953 5836 WMPNetworkSvc - ok
    02:25:10.0984 5836 WpdUsb (cf4def1bf66f06964dc0d91844239104) E:\WINDOWS\system32\DRIVERS\wpdusb.sys
    02:25:11.0015 5836 WpdUsb - ok
    02:25:11.0187 5836 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    02:25:11.0218 5836 WPFFontCache_v0400 - ok
    02:25:11.0281 5836 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) E:\WINDOWS\System32\drivers\ws2ifsl.sys
    02:25:11.0296 5836 WS2IFSL - ok
    02:25:11.0375 5836 wscsvc (4ac32513fa47c8219448269bf895fc34) E:\WINDOWS\system32\wscsvc.dll
    02:25:11.0390 5836 wscsvc - ok
    02:25:11.0421 5836 WSearch - ok
    02:25:11.0484 5836 WSTCODEC (c98b39829c2bbd34e454150633c62c78) E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    02:25:11.0500 5836 WSTCODEC - ok
    02:25:11.0546 5836 wuauserv (4ceaf29d35c2608c6463e80574ddca10) E:\WINDOWS\system32\wuauserv.dll
    02:25:11.0546 5836 wuauserv - ok
    02:25:11.0609 5836 WudfPf (f15feafffbb3644ccc80c5da584e6311) E:\WINDOWS\system32\DRIVERS\WudfPf.sys
    02:25:11.0625 5836 WudfPf - ok
    02:25:11.0640 5836 WudfRd (28b524262bce6de1f7ef9f510ba3985b) E:\WINDOWS\system32\DRIVERS\wudfrd.sys
    02:25:11.0671 5836 WudfRd - ok
    02:25:11.0703 5836 WudfSvc (05231c04253c5bc30b26cbaae680ed89) E:\WINDOWS\System32\WUDFSvc.dll
    02:25:11.0734 5836 WudfSvc - ok
    02:25:11.0781 5836 WZCSVC (5ec7d7f83640a921b5c616d9650520fd) E:\WINDOWS\System32\wzcsvc.dll
    02:25:11.0796 5836 WZCSVC - ok
    02:25:11.0796 5836 xcpip - ok
    02:25:11.0843 5836 xmlprov (5b3d475aa8629320686fbffbe67ab492) E:\WINDOWS\System32\xmlprov.dll
    02:25:11.0921 5836 xmlprov - ok
    02:25:11.0921 5836 xpsec - ok
    02:25:11.0968 5836 MBR (0x1B8) (c8919ae61419c5625f9ef0aef12523a8) \Device\Harddisk0\DR0
    02:25:12.0156 5836 \Device\Harddisk0\DR0 - ok
    02:25:12.0156 5836 MBR (0x1B8) (c8919ae61419c5625f9ef0aef12523a8) \Device\Harddisk1\DR2
    02:25:12.0156 5836 \Device\Harddisk1\DR2 - ok
    02:25:12.0171 5836 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4
    02:25:12.0187 5836 \Device\Harddisk2\DR4 - ok
    02:25:12.0203 5836 Boot (0x1200) (459b544dd41d5c286fd11d62163c15fc) \Device\Harddisk0\DR0\Partition0
    02:25:12.0203 5836 \Device\Harddisk0\DR0\Partition0 - ok
    02:25:12.0203 5836 Boot (0x1200) (9ee207bcf579e831343bbcf18dd03124) \Device\Harddisk1\DR2\Partition0
    02:25:12.0203 5836 \Device\Harddisk1\DR2\Partition0 - ok
    02:25:12.0218 5836 Boot (0x1200) (b7587347c39f1f68275a88760e1599e3) \Device\Harddisk2\DR4\Partition0
    02:25:12.0218 5836 \Device\Harddisk2\DR4\Partition0 - ok
    02:25:12.0218 5836 ============================================================
    02:25:12.0218 5836 Scan finished
    02:25:12.0218 5836 ============================================================
    02:25:12.0218 5420 Detected object count: 0
    02:25:12.0218 5420 Actual detected object count: 0


    hey presto!
    that looks promising
  11. petka

    petka Newcomer, in training Topic Starter Posts: 42

    PC speed

    I might add that my 'puter is noticeably faster.

    A good sign I suppose.
  12. petka

    petka Newcomer, in training Topic Starter Posts: 42

    Tomorrow

    I must go sleep.

    If there is anything I need to do, or not do, until I can continue in approximately 20 hrs (it is 2.45 AM here) pls tell me if you feel that you have time at the moment.


    Thanks a lot!
  13. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  14. petka

    petka Newcomer, in training Topic Starter Posts: 42

    ok

    So, I'll shut down now.
    I'll leave everything as is and immediately follow your instructions after booting tomorrow.


    'nite!
  15. petka

    petka Newcomer, in training Topic Starter Posts: 42

    done that

    The txt file I found resided in e:\combofix\
    e: is my boot drive.


    combofix:

    ComboFix 12-03-27.02 - petka 2012-03-27 14:13:46.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1187 [GMT 2:00]
    Körs från: E:\Documents and Settings\petka.PKNEW\Skrivbord\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}


    ((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))


    C:\setup.exe
    E:\Documents and Settings\petka.PKNEW\WINDOWS
    E:\WINDOWS\system32\NEW1B8.tmp
    E:\WINDOWS\system32\nsprs.dll
    E:\WINDOWS\system32\prsgrc.dll
    E:\WINDOWS\system32\serauth1.dll
    E:\WINDOWS\system32\serauth2.dll
    E:\WINDOWS\system32\ssprs.dll
    E:\WINDOWS\system32\vcwl0fq.dll


    ((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_xcpip


    (((((((((((((((((((((((( Filer skapade från 2012-02-27 till 2012-03-27 ))))))))))))))))))))))))))))))
  16. petka

    petka Newcomer, in training Topic Starter Posts: 42

    sideline

    BTW:

    can I run the Malwarebytes thing in parallell with Avira, or should I turn it off?
  17. petka

    petka Newcomer, in training Topic Starter Posts: 42

    hmm

    I checked some other threads, and their combofix logs are much longer than mine.

    Also, I found the logfile under e:\combofix\, not directly under e:\


    Should I retry or something?
  18. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Yes, that log is incomplete.
    Please re-run Combofix.

    To answer your question MBAM runs fine along any AV program.
  19. petka

    petka Newcomer, in training Topic Starter Posts: 42

    Interesting observation?

    I am on my laptop now, while the Combofix is running.
    An interesting observation is that my internet connection is reported to be running (I have the windows connection icon in the lower right hand area of the desktop saying it is connected, but the connection icon that is usually there from the wireless company is gone) but with zero traffic (the sent and received packets are stable)

    I dare not do anything special, just thought I'd tell you since your info says Combofix turns off the internet connection.


    Also: thx for the info on MBAM. I'll keep it on when not running Combofix or something.
  20. petka

    petka Newcomer, in training Topic Starter Posts: 42

    update

    now 2 packets were sent, and 4 received.

    It completed step 50 and NOW the only thing on the desktop that is alive is Combofix which has done some deletions and says it is preparing a log. Everything else but the background is gone.
  21. petka

    petka Newcomer, in training Topic Starter Posts: 42

    here is the log

    ComboFix 12-03-27.02 - petka 2012-03-28 2:03.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1118 [GMT 2:00]
    Körs från: e:\documents and settings\petka.PKNEW\Skrivbord\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    * Skapade en ny återställningspunkt
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    e:\program\config.exe
    e:\windows\system32\dllcache\dlimport.exe
    e:\windows\system32\dllcache\wmpvis.dll
    .
    ---- Föregående körning -------
    .
    C:\setup.exe
    e:\windows\system32\NEW1B8.tmp
    e:\windows\system32\nsprs.dll
    e:\windows\system32\prsgrc.dll
    e:\windows\system32\serauth1.dll
    e:\windows\system32\serauth2.dll
    e:\windows\system32\ssprs.dll
    e:\windows\system32\vcwl0fq.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_xcpip
    .
    .
    (((((((((((((((((((((((( Filer skapade från 2012-02-28 till 2012-03-28 ))))))))))))))))))))))))))))))
    .
    .
    2012-03-27 12:45 . 2012-03-27 12:45 9310 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
    2012-03-27 12:45 . 2012-03-27 12:45 8646 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
    2012-03-27 12:45 . 2012-03-27 12:45 6429 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
    2012-03-27 12:45 . 2012-03-27 12:45 63115 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
    2012-03-27 12:45 . 2012-03-27 12:45 5927 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
    2012-03-27 12:45 . 2012-03-27 12:45 4599 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
    2012-03-27 12:45 . 2012-03-27 12:45 8613 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
    2012-03-27 12:45 . 2012-03-27 12:45 6910 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
    2012-03-27 12:45 . 2012-03-27 12:45 1651 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
    2012-03-27 12:45 . 2012-03-27 12:45 8288 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
    2012-03-27 12:45 . 2012-03-27 12:45 6208 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
    2012-03-27 12:45 . 2012-03-27 12:45 18541 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
    2012-03-27 12:44 . 2012-03-27 12:44 8782 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
    2012-03-27 12:44 . 2012-03-27 12:44 7271 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
    2012-03-27 12:44 . 2012-03-27 12:44 51852 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
    2012-03-27 12:44 . 2012-03-27 12:44 23327 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
    2012-03-27 12:44 . 2012-03-27 12:44 20719 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
    2012-03-25 23:49 . 2012-03-25 23:49 -------- d-----w- E:\TDSSKiller_Quarantine
    2012-03-25 18:23 . 2012-03-25 18:23 -------- d-----w- e:\program\Delade filer\Java
    2012-03-25 18:23 . 2012-03-25 18:23 73728 ----a-w- e:\windows\system32\javacpl.cpl
    2012-03-25 17:39 . 2012-03-25 17:39 -------- d-----w- e:\program\Malwarebytes' Anti-Malware
    2012-03-25 17:39 . 2011-12-10 13:24 20464 ----a-w- e:\windows\system32\drivers\mbam.sys
    2012-03-24 20:56 . 2012-03-24 20:56 -------- d-----w- e:\documents and settings\petka.PKNEW\Application Data\Malwarebytes
    2012-03-24 20:56 . 2012-03-24 20:56 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes
    2012-03-24 19:53 . 2012-03-24 19:53 -------- d-----w- e:\program\Toolbar Cleaner
    2012-03-24 14:59 . 2012-03-24 14:59 -------- d-----r- e:\documents and settings\LocalService\Favoriter
    2012-03-22 23:15 . 2012-03-22 23:15 592824 ----a-w- e:\program\Mozilla Firefox\gkmedias.dll
    2012-03-22 23:15 . 2012-03-22 23:15 44472 ----a-w- e:\program\Mozilla Firefox\mozglue.dll
    2012-03-20 20:47 . 2012-03-20 20:47 -------- d-----w- e:\documents and settings\All Users\Application Data\VS
    2012-03-17 21:08 . 2001-09-06 19:33 5632 ----a-w- e:\windows\system32\ptpusb.dll
    2012-03-17 21:08 . 2008-04-13 19:45 15104 -c--a-w- e:\windows\system32\dllcache\usbscan.sys
    2012-03-17 21:08 . 2008-04-13 19:45 15104 ----a-w- e:\windows\system32\drivers\usbscan.sys
    2012-03-17 21:08 . 2008-04-14 17:04 159232 ----a-w- e:\windows\system32\ptpusd.dll
    2012-03-04 10:59 . 2012-03-04 10:59 -------- d-----w- e:\documents and settings\All Users\Application Data\ATI
    2012-03-04 10:54 . 2012-03-04 10:54 -------- d-----w- e:\program\AMD APP
    2012-03-04 10:53 . 2011-12-20 07:39 100368 ----a-w- e:\windows\system32\drivers\AtihdXP3.sys
    2012-03-04 10:53 . 2011-12-06 02:39 956160 ----a-w- e:\windows\system32\ativvamv.dll
    2012-03-04 10:51 . 2012-03-04 10:51 -------- d-----w- E:\AMD
    2012-03-04 10:41 . 2010-11-03 17:15 359016 ----a-w- e:\windows\vncutil.exe
    2012-03-04 10:41 . 2011-12-12 16:20 64616 ----a-w- e:\windows\system32\RtkCoInstIIXP.dll
    2012-03-04 10:41 . 2011-11-22 15:28 11368 ----a-w- e:\windows\system32\RtkCoLDRXP.dll
    2012-03-04 10:41 . 2010-11-03 17:14 129640 ----a-w- e:\windows\RtkAudioService.exe
    2012-03-04 10:41 . 2011-11-24 10:37 21736 ----a-w- e:\windows\system32\drivers\RTAIODAT.DAT
    2012-03-04 10:24 . 2012-03-04 10:24 -------- d-----w- e:\documents and settings\NetworkService\Application Data\Xfire
    2012-03-04 10:16 . 2012-03-04 10:16 -------- d-----w- e:\documents and settings\petka.PKNEW\Application Data\Easeware
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-26 00:53 . 2009-06-28 22:34 196608 ----a-w- e:\windows\system32\drivers\nStandard.bin
    2012-03-25 18:23 . 2010-04-24 22:23 472808 ----a-w- e:\windows\system32\deployJava1.dll
    2012-03-25 17:18 . 2009-06-28 22:35 94208 ----a-w- e:\windows\DUMP74e1.tmp
    2012-03-22 23:27 . 2010-05-20 22:15 112832 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
    2012-03-19 21:57 . 2011-05-21 09:20 414368 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-19 18:34 . 2012-02-18 19:04 444952 ----a-w- e:\windows\system32\wrap_oal.dll
    2012-02-19 18:34 . 2012-02-18 19:04 109080 ----a-w- e:\windows\system32\OpenAL32.dll
    2012-02-15 12:11 . 2011-10-24 08:52 137416 ----a-w- e:\windows\system32\drivers\avipbb.sys
    2012-02-03 09:57 . 2003-04-24 12:00 1860096 ----a-w- e:\windows\system32\win32k.sys
    2012-01-09 16:20 . 2009-06-28 20:45 139784 ----a-w- e:\windows\system32\drivers\rdpwd.sys
    2000-08-14 19:33 . 2011-07-14 20:37 6287360 ----a-w- e:\program\IDMain.exe
    1998-06-02 04:32 . 2011-07-14 20:38 705024 ----a-w- e:\program\3dfx.dll
    2012-03-22 23:15 . 2011-05-11 21:42 97208 ----a-w- e:\program\mozilla firefox\components\browsercomps.dll
    .
    .
    (((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Not* tomma poster & legitima standardposter visas inte.
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="e:\program\Delade filer\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
    "TomTomHOME.exe"="e:\program\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
    "Steam"="e:\program\Steam\Steam.exe" [2011-08-07 1242448]
    "Emotum Mobile Broadband"="e:\program\Emotum\Mobile Broadband\Mobile.exe" [2009-07-09 348968]
    "Skype"="e:\program\Skype\Phone\Skype.exe" [2011-10-13 17351304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="e:\program\Delade filer\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "SecurDisc"="e:\program\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-01 1629744]
    "InCD"="e:\program\Nero\Nero 7\InCD\InCD.exe" [2007-06-01 1057328]
    "SxgTkBar"="SxgTkBar.exe" [2002-07-22 53248]
    "ANIWZCS2Service"="e:\program\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-05-07 98304]
    "D-Link D-Link Wireless N DWA-140"="e:\program\D-Link\DWA-140 revB\AirNCFG.exe" [2009-05-07 1683456]
    "ATICustomerCare"="e:\program\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "VoddlerNet Manager"="e:\program\Voddler\service\VNetManager.exe" [2011-08-24 50784]
    "avgnt"="e:\program\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
    "Adobe Reader Speed Launcher"="e:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
    "Adobe ARM"="e:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "QuickTime Task"="e:\program\QuickTime\QTTask.exe" [2011-10-24 421888]
    "APSDaemon"="e:\program\Delade filer\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
    "StartCCC"="e:\program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 98304]
    "Malwarebytes' Anti-Malware"="e:\program\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "SunJavaUpdateSched"="e:\program\Delade filer\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "adawarebp"="reg.exe delete HKCU\Software\AppDataLow\Software\adawarebp" [X]
    "adawarebp_XP"="reg.exe delete HKCU\Software\adawarebp" [X]
    .
    e:\documents and settings\sofia\Start-meny\Program\Autostart\
    OpenOffice.org 3.1.lnk - e:\program\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    OpenOffice.org 3.3.lnk - e:\program\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    e:\documents and settings\petka.PKNEW\Start-meny\Program\Autostart\
    OpenOffice.org 3.3.lnk - e:\program\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    e:\documents and settings\All Users\Start-meny\Program\Autostart\
    Samsung Auto Backup Guage.lnk - e:\program\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-3-26 888832]
    Samsung Auto Backup Real-Time Daemon.lnk - e:\program\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-3-26 77824]
    Samsung Auto Backup Scheduler.lnk - e:\program\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-3-26 94208]
    Windows Search.lnk - e:\program\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "e:\program\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /p \??\f:\0autocheck autochk /p \??\C:\0autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "e:\\Program\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
    "e:\\Program\\Spotify\\spotify.exe"=
    "e:\\Program\\Messenger\\msmsgs.exe"=
    "e:\\Program\\Steam\\Steam.exe"=
    "e:\\Program\\THQ\\Company of Heroes\\RelicCOH.exe"=
    "e:\\Program\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
    "e:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
    "e:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "e:\\Program\\uTorrent\\uTorrent.exe"=
    "e:\\Program\\Voddler\\service\\voddler.exe"=
    "e:\\Games\\World_of_Tanks\\WOTLauncher.exe"=
    "e:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
    "e:\\Program\\Skype\\Phone\\Skype.exe"=
    "e:\\Program\\Steam\\steamapps\\common\\dawn of war ii - retribution\\DOW2.exe"=
    "e:\\Program\\Delade filer\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "e:\\Program\\Steam\\steamapps\\common\\call of duty modern warfare 3\\iw5mp.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:Remote Desktop
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    .
    R1 mdf15;mdf15;e:\program\Clarus\Samsung SecretZone\mdf15.sys [2011-03-26 12800]
    R2 ANIWConnService;ANIWConn Service;e:\windows\system32\ANIWConnService.exe [2010-05-24 147456]
    R2 AntiVirSchedulerService;Avira Scheduler;e:\program\Avira\AntiVir Desktop\sched.exe [2011-10-24 86224]
    R2 MBAMService;MBAMService;e:\program\Malwarebytes' Anti-Malware\mbamservice.exe [2012-03-25 652360]
    R2 TomTomHOMEService;TomTomHOMEService;e:\program\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;e:\windows\system32\drivers\AtihdXP3.sys [2012-03-04 100368]
    R3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [2012-03-25 20464]
    R3 SOFTXG;YAMAHA XG SoftSynthesizer;e:\windows\system32\drivers\sxgxgwdm.sys [2009-07-03 966784]
    S0 Lbd;Lbd;e:\windows\system32\DRIVERS\Lbd.sys --> e:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S2 gupdate;Google Update Service (gupdate);e:\program\Google\Update\GoogleUpdate.exe [2010-06-02 136176]
    S2 MSR Service;Virtual Disk Service Manager;e:\program\Clarus\Samsung SecretZone\MSSvc.exe [2011-03-26 114688]
    S3 80czzt43.sys;80czzt43.sys;\??\e:\windows\system32\drivers\80czzt43.sys --> e:\windows\system32\drivers\80czzt43.sys [?]
    S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2009-06-30 1691480]
    S3 AWINDIS5;AWINDIS5 Protocol Driver;e:\windows\system32\AWINDIS5.SYS [2009-06-28 16194]
    S3 gupdatem;Tjänsten Google Update (gupdatem);e:\program\Google\Update\GoogleUpdate.exe [2010-06-02 136176]
    S3 hwusbfake;Huawei DataCard USB Fake;e:\windows\system32\drivers\ewusbfake.sys [2010-02-21 102656]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\e:\program\Lavasoft\Ad-Aware\KernExplorer.sys --> e:\program\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;e:\windows\system32\DRIVERS\wg311tn5.sys --> e:\windows\system32\DRIVERS\wg311tn5.sys [?]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;e:\windows\System32\svchost.exe -k nosGetPlusHelper [2003-04-24 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S3 xpsec;IPSEC driver;e:\windows\system32\drivers\xpsec.sys --> e:\windows\system32\drivers\xpsec.sys [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-06-20 10:47 451872 ----a-w- e:\program\Delade filer\LightScribe\LSRunOnce.exe
    .
    Innehåll i mappen 'Schemalagda aktiviteter':
    .
    2012-03-15 e:\windows\Tasks\AppleSoftwareUpdate.job
    - e:\program\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
    .
    2012-03-27 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - e:\program\Google\Update\GoogleUpdate.exe [2010-06-01 22:47]
    .
    2012-03-27 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - e:\program\Google\Update\GoogleUpdate.exe [2010-06-01 22:47]
    .
    .
    ------- Extra genomsökning -------
    .
    uStart Page = hxxp://www.google.se/
    uInternet Connection Wizard,ShellNext = iexplore
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - e:\documents and settings\petka.PKNEW\Application Data\Mozilla\Firefox\Profiles\vhhkse1z.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
    FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
    FF - prefs.js: browser.startup.homepage - about:blank
    .
    - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
    .
    URLSearchHooks-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - (no file)
    WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
    HKCU-Run-ASRock OC Tuner - (no file)
    HKCU-Run-zASRockInstantBoot - (no file)
    HKCU-Run-ASRock IES - (no file)
    HKCU-Run-ASUS SmartDoctor - c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
    HKCU-Run-GameShadow - e:\program\GameShadow\GameShadow.exe
    HKLM-Run-ASUSGamerOSD - e:\program files\ASUS\GamerOSD\GamerOSD.exe
    AddRemove-Battlestations Pacific - e:\program\Eidos\Battlestations Pacific\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-28 02:12
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: Samsung_ rev. -> Harddisk2\DR4 -> \Device\00000085
    .
    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user != kernel MBR !!!
    error: Read Felaktig parameter.
    .
    **************************************************************************
    .
    --------------------- LÅSTA REGISTERNYCKLAR ---------------------
    .
    [HKEY_USERS\S-1-5-21-1292428093-261478967-839522115-1006\Software\SecuROM\License information*]
    "datasecu"=hex:a0,ab,ad,f8,20,e7,6b,fb,54,2e,e5,a6,e5,2d,cf,f9,fa,dc,40,15,89,
    42,e6,5f,54,1f,3c,1f,ee,d0,ae,16,60,cc,24,07,ac,2e,67,72,bc,8c,dc,f5,1a,a9,\
    "rkeysecu"=hex:9d,85,06,89,db,86,0d,97,8d,1b,91,81,ad,62,08,76
    .
    --------------------- DLL'er som "laddats" under processer som körs ---------------------
    .
    - - - - - - - > 'winlogon.exe'(712)
    e:\windows\system32\Ati2evxx.dll
    e:\windows\system32\atiadlxx.dll
    .
    Sluttid: 2012-03-28 02:14:22
    ComboFix-quarantined-files.txt 2012-03-28 00:14
    .
    Före genomsökningen: 85*658*042*368 byte ledigt
    Efter genomsökningen: 85*618*167*808 byte ledigt
    .
    - - End Of File - - A63D5F62B0EC826044E38C28134C35E6


    I'd like to add this:

    * failed attempt at inserting cool icons depicting worship of broni and blasted virus *
  22. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
    NOTE. Make sure to reverse the above changes, when done with this step.
    Upload following files to http://www.virustotal.com/ for security check:
    - e:\windows\system32\drivers\xpsec.sys
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
  23. petka

    petka Newcomer, in training Topic Starter Posts: 42

    doesn't exist

    That file does not exist.
    Well, at least I can't see it.
  24. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Did you?
    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
  25. petka

    petka Newcomer, in training Topic Starter Posts: 42

    yes.

    "show hidden files and folders" is checked

    "hide operating system files (recommended)" is unchecked

    Of course, that is in swedish on my OS :)

    The are no files beginning with any higher letter than "w"


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.