Solved Zbot (I think)

petka

Posts: 42   +0
I have a problem with an obvious attempt to gather details about my banking. Some pathetic page saying it doesn't recognize my computer comes up when I try to do my internet banking.

I have AdAware and Avira running, well updated, but even the avira rescue CD can't get this sucker.

So I followed your "general" suggestions.

I got past the MalwareBytes thing (no detections).

The Gmer crashes on some *.sys file with a blue screen. So no luck there.

Should I just start by posting the MalwareBytes log? Or are there any tips on getting the Gmer past this hurdle?
 
ok, I reread the 5-step thing

I haven't tried the "safe" mode, missed that tip.

Will post again when I have (or have failed to for technical reasons) moved along the steps in the instructions
 
Complete info as per "5-step-guide"

I have a swedish OS version in Sweden, so....

Gmer reports some kxtdapow.sys thing. That is what gave the blue screen last time. This time it just zipped thru the scan and that was that. Even tho it is tempting, I will simply let it sit there until I get your professional instructions.


MalwareBytes:

Malwarebytes Anti-Malware (Testversion) 1.60.1.1000
www.malwarebytes.org

Databasversion: v2012.03.25.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
petka :: PKNEW [administratör]

Skydd: Aktiverad

2012-03-25 23:07:19
mbam-log-2012-03-25 (23-07-19).txt

Skanningstyp: Snabbskanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 275565
Förfluten tid: 36 minut(er), 42 sekund(er)

Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 0
(Inga skadliga poster hittades)

Upptäckta registervärden: 0
(Inga skadliga poster hittades)

Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)

Upptäckta mappar: 0
(Inga skadliga poster hittades)

Upptäckta filer: 0
(Inga skadliga poster hittades)

(klar)


GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-25 23:56:44
Windows 5.1.2600 Service Pack 3
Running: 4b6r06uv.exe; Driver: E:\DOCUME~1\PETKA~1.PKN\LOKALA~1\Temp\kxtdapow.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 Code 8A540005
Device \Driver\atapi \Device\Ide\IdePort0 8A540000
Device \Driver\atapi \Device\Ide\IdePort1 Code 8A540005
Device \Driver\atapi \Device\Ide\IdePort1 8A540000

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by petka at 0:00:13 on 2012-03-26
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.924 [GMT 2:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
E:\Program\Lavasoft\Ad-Aware\AAWService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program\Avira\AntiVir Desktop\sched.exe
svchost.exe
E:\WINDOWS\system32\ANIWConnService.exe
E:\Program\Avira\AntiVir Desktop\avguard.exe
E:\WINDOWS\ATKKBService.exe
E:\Program\Nero\Nero 7\InCD\InCDsrv.exe
E:\Program\Java\jre6\bin\jqs.exe
E:\Program\Delade filer\LightScribe\LSSrvc.exe
E:\Program\Malwarebytes' Anti-Malware\mbamservice.exe
E:\Program\Clarus\Samsung SecretZone\MSSvc.exe
E:\Program\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
E:\WINDOWS\System32\svchost.exe -k imgsvc
E:\Program\TomTom HOME 2\TomTomHOMEService.exe
E:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
E:\WINDOWS\system32\SearchIndexer.exe
E:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
E:\Program\Avira\AntiVir Desktop\avshadow.exe
E:\WINDOWS\system32\SearchProtocolHost.exe
E:\WINDOWS\Explorer.EXE
E:\Program\Nero\Nero 7\InCD\NBHGui.exe
E:\Program\Nero\Nero 7\InCD\InCD.exe
E:\WINDOWS\system32\SxgTkBar.exe
E:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe
E:\Program\D-Link\DWA-140 revB\AirNCFG.exe
E:\Program\Voddler\service\VNetManager.exe
E:\Program\Avira\AntiVir Desktop\avgnt.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
E:\Program\Malwarebytes' Anti-Malware\mbamgui.exe
E:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program\Delade filer\LightScribe\LightScribeControlPanel.exe
E:\Program\Lavasoft\Ad-Aware\AAWTray.exe
E:\Program\Clarus\Samsung Auto Backup\ISFGuage.exe
E:\Program\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
E:\Program\Clarus\Samsung Auto Backup\ISFTimerD.exe
E:\Program\Windows Desktop Search\WindowsSearch.exe
E:\Program\OpenOffice.org 3\program\soffice.exe
E:\Program\OpenOffice.org 3\program\soffice.bin
E:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.se/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - e:\program\adawaretb\adawareDx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - e:\program\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - e:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - e:\program\adawaretb\adawareDx.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] e:\windows\system32\ctfmon.exe
uRun: [ASRock OC Tuner]
uRun: [zASRockInstantBoot]
uRun: [ASRock IES]
uRun: [ASUS SmartDoctor] c:\program files\asus\smartdoctor\SmartDoctor.exe /start
uRun: [LightScribe Control Panel] e:\program\delade filer\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [TomTomHOME.exe] "e:\program\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Steam] "e:\program\steam\Steam.exe" -silent
uRun: [GameShadow] e:\program\gameshadow\GameShadow.exe /q
uRun: [Emotum Mobile Broadband] e:\program\emotum\mobile broadband\Mobile.exe
uRun: [msnmsgr] "e:\program\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "e:\program\skype\phone\Skype.exe" /nosplash /minimized
mRun: [ASUSGamerOSD] e:\program files\asus\gamerosd\GamerOSD.exe
mRun: [NeroFilterCheck] e:\program\delade filer\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] e:\program\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] e:\program\nero\nero 7\incd\InCD.exe
mRun: [SxgTkBar] SxgTkBar.exe
mRun: [ANIWZCS2Service] e:\program\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [D-Link D-Link Wireless N DWA-140] e:\program\d-link\dwa-140 revb\AirNCFG.exe
mRun: [ATICustomerCare] "e:\program\ati\aticustomercare\ATICustomerCare.exe"
mRun: [VoddlerNet Manager] e:\program\voddler\service\VNetManager.exe
mRun: [avgnt] "e:\program\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "e:\program\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "e:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "e:\program\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "e:\program\delade filer\apple\apple application support\APSDaemon.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [StartCCC] "e:\program\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Ad-Aware Browsing Protection] "e:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [Malwarebytes' Anti-Malware] "e:\program\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "e:\program\delade filer\java\java update\jusched.exe"
dRun: [CTFMON.EXE] e:\windows\system32\CTFMON.EXE
dRunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
dRunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f
StartupFolder: e:\docume~1\petka~1.pkn\start-~1\program\autost~1\openof~1.lnk - e:\program\openoffice.org 3\program\quickstart.exe
StartupFolder: e:\docume~1\alluse~1\start-~1\program\autost~1\samsun~3.lnk - e:\program\clarus\samsung auto backup\ISFGuage.exe
StartupFolder: e:\docume~1\alluse~1\start-~1\program\autost~1\samsun~2.lnk - e:\program\clarus\samsung auto backup\ISFRealTimeD.exe
StartupFolder: e:\docume~1\alluse~1\start-~1\program\autost~1\samsun~1.lnk - e:\program\clarus\samsung auto backup\ISFTimerD.exe
StartupFolder: e:\docume~1\alluse~1\start-~1\program\autost~1\window~1.lnk - e:\program\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program\messenger\msmsgs.exe
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B6120850-2646-4333-AD87-2C0EA347C1EE} : DhcpNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - e:\program\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "e:\program\delade filer\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - e:\documents and settings\petka.pknew\application data\mozilla\firefox\profiles\vhhkse1z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: e:\program\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: e:\program\curl corporation\surge\plugins\np-curl-surge-8-0.dll
FF - plugin: e:\program\curl corporation\surge\plugins\np-curl-surge64-8-0.dll
FF - plugin: e:\program\curl corporation\surge\plugins\np-curl-surge64.dll
FF - plugin: e:\program\google\google earth\plugin\npgeplugin.dll
FF - plugin: e:\program\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: e:\program\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: e:\program\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: e:\program\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: e:\program\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: e:\program\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: e:\program\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: e:\program\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: e:\program\nos\bin\np_gp.dll
FF - plugin: e:\program\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2012-3-24 64512]
R1 avkmgr;avkmgr;e:\windows\system32\drivers\avkmgr.sys [2011-10-24 36000]
R1 mdf15;mdf15;e:\program\clarus\samsung secretzone\mdf15.sys [2011-3-26 12800]
R2 ANIWConnService;ANIWConn Service;e:\windows\system32\ANIWConnService.exe [2010-5-24 147456]
R2 AntiVirSchedulerService;Avira Scheduler;e:\program\avira\antivir desktop\sched.exe [2011-10-24 86224]
R2 AntiVirService;Avira Realtime Protection;e:\program\avira\antivir desktop\avguard.exe [2011-10-24 110032]
R2 avgntflt;avgntflt;e:\windows\system32\drivers\avgntflt.sys [2011-10-24 74640]
R2 fssfltr;FssFltr;e:\windows\system32\drivers\fssfltr_tdi.sys [2010-8-10 54760]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program\lavasoft\ad-aware\AAWService.exe [2012-3-20 2152152]
R2 MBAMService;MBAMService;e:\program\malwarebytes' anti-malware\mbamservice.exe [2012-3-25 652360]
R2 MSR Service;Virtual Disk Service Manager;e:\program\clarus\samsung secretzone\MSSvc.exe [2011-3-26 114688]
R2 TomTomHOMEService;TomTomHOMEService;e:\program\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;e:\windows\system32\drivers\AtihdXP3.sys [2012-3-4 100368]
R3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [2012-3-25 20464]
R3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver;e:\windows\system32\drivers\rt2870.sys [2010-5-24 715520]
R3 SOFTXG;YAMAHA XG SoftSynthesizer;e:\windows\system32\drivers\sxgxgwdm.sys [2009-7-3 966784]
R3 xcpip;TCP/IP Protocol Driver;e:\windows\system32\drivers\xcpip.sys --> e:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC driver;e:\windows\system32\drivers\xpsec.sys --> e:\windows\system32\drivers\xpsec.sys [?]
RUnknown mvd20;mvd20; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);e:\program\google\update\GoogleUpdate.exe [2010-6-2 136176]
S2 VoddlerNet;VoddlerNet;e:\program\voddler\service\voddler.exe [2011-8-24 2271200]
S3 80czzt43.sys;80czzt43.sys;\??\e:\windows\system32\drivers\80czzt43.sys --> e:\windows\system32\drivers\80czzt43.sys [?]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2009-6-30 1691480]
S3 AWINDIS5;AWINDIS5 Protocol Driver;e:\windows\system32\AWINDIS5.SYS [2009-6-28 16194]
S3 fsssvc;Tjänsten Windows Live Family Safety;e:\program\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Tjänsten Google Update (gupdatem);e:\program\google\update\GoogleUpdate.exe [2010-6-2 136176]
S3 hwusbfake;Huawei DataCard USB Fake;e:\windows\system32\drivers\ewusbfake.sys [2010-2-21 102656]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;e:\program\lavasoft\ad-aware\kernexplorer.sys [2012-3-20 15232]
S3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;e:\windows\system32\drivers\wg311tn5.sys --> e:\windows\system32\drivers\wg311tn5.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;e:\windows\system32\svchost.exe -k nosGetPlusHelper [2003-4-24 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-25 18:23:34 73728 ----a-w- e:\windows\system32\javacpl.cpl
2012-03-25 17:39:33 20464 ----a-w- e:\windows\system32\drivers\mbam.sys
2012-03-25 17:39:33 -------- d-----w- e:\program\Malwarebytes' Anti-Malware
2012-03-24 20:56:27 -------- d-----w- e:\documents and settings\petka.pknew\application data\Malwarebytes
2012-03-24 20:56:17 -------- d-----w- e:\documents and settings\all users\application data\Malwarebytes
2012-03-24 19:53:48 -------- d-----w- e:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2012-03-24 19:53:47 -------- d-----w- e:\program\Toolbar Cleaner
2012-03-24 19:53:36 -------- d-----w- e:\documents and settings\petka.pknew\application data\adawaretb
2012-03-24 19:53:29 -------- d-----w- e:\program\adawaretb
2012-03-24 19:53:24 64512 ----a-w- e:\windows\system32\drivers\Lbd.sys
2012-03-22 23:15:38 592824 ----a-w- e:\program\mozilla firefox\gkmedias.dll
2012-03-22 23:15:38 44472 ----a-w- e:\program\mozilla firefox\mozglue.dll
2012-03-20 20:47:04 -------- d-----w- e:\documents and settings\all users\application data\VS
2012-03-17 21:08:39 5632 ----a-w- e:\windows\system32\ptpusb.dll
2012-03-17 21:08:37 15104 -c--a-w- e:\windows\system32\dllcache\usbscan.sys
2012-03-17 21:08:37 15104 ----a-w- e:\windows\system32\drivers\usbscan.sys
2012-03-17 21:08:21 159232 ----a-w- e:\windows\system32\ptpusd.dll
2012-03-04 10:54:30 -------- d-----w- e:\program\AMD APP
2012-03-04 10:53:41 100368 ----a-w- e:\windows\system32\drivers\AtihdXP3.sys
2012-03-04 10:53:14 956160 ----a-w- e:\windows\system32\ativvamv.dll
2012-03-04 10:51:49 -------- d-----w- E:\AMD
2012-03-04 10:41:53 359016 ----a-w- e:\windows\vncutil.exe
2012-03-04 10:41:51 64616 ----a-w- e:\windows\system32\RtkCoInstIIXP.dll
2012-03-04 10:41:51 129640 ----a-w- e:\windows\RtkAudioService.exe
2012-03-04 10:41:51 11368 ----a-w- e:\windows\system32\RtkCoLDRXP.dll
2012-03-04 10:41:49 21736 ----a-w- e:\windows\system32\drivers\RTAIODAT.DAT
2012-03-04 10:16:48 -------- d-----w- e:\documents and settings\petka.pknew\application data\Easeware
.
==================== Find3M ====================
.
2012-03-25 18:23:17 472808 ----a-w- e:\windows\system32\deployJava1.dll
2012-03-25 17:18:54 94208 ----a-w- e:\windows\DUMP74e1.tmp
2012-03-24 01:47:33 196608 ----a-w- e:\windows\system32\drivers\nStandard.bin
2012-03-19 21:57:29 414368 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-19 18:34:22 444952 ----a-w- e:\windows\system32\wrap_oal.dll
2012-02-19 18:34:22 109080 ----a-w- e:\windows\system32\OpenAL32.dll
2012-02-17 13:05:58 204 ----a-w- e:\windows\system32\vcwl0fq.dll
2012-02-17 13:05:58 100 ----a-w- e:\windows\system32\prsgrc.dll
2012-02-17 13:05:57 0 ----a-w- e:\windows\system32\serauth2.dll
2012-02-17 13:05:57 0 ----a-w- e:\windows\system32\serauth1.dll
2012-02-17 13:05:57 0 ----a-w- e:\windows\system32\nsprs.dll
2012-02-17 13:05:56 1025 ----a-w- e:\windows\system32\u0b3xyo.dll
2012-02-17 13:05:56 1025 ----a-w- e:\windows\system32\grcauth2.dll
2012-02-17 13:05:56 1025 ----a-w- e:\windows\system32\grcauth1.dll
2012-02-17 13:05:54 72 ----a-w- e:\windows\system32\ssprs.dll
2012-02-17 13:05:54 1025 ----a-w- e:\windows\system32\clauth2.dll
2012-02-17 13:05:54 1025 ----a-w- e:\windows\system32\clauth1.dll
2012-02-03 09:57:40 1860096 ----a-w- e:\windows\system32\win32k.sys
2012-01-09 16:20:19 139784 ----a-w- e:\windows\system32\drivers\rdpwd.sys
2000-08-14 19:33:46 6287360 ----a-w- e:\program\IDMain.exe
2000-06-27 16:37:52 730112 ----a-w- e:\program\Config.exe
1998-06-02 04:32:48 705024 ----a-w- e:\program\3dfx.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Samsung_ rev. -> Harddisk2\DR4 -> \Device\0000008b
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys USBSTOR.SYS hal.dll usbhub.sys USBPORT.SYS usbehci.sys
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk2\DR4[0x89510AB8]
3 CLASSPNP[0xF74C7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000008d[0x89705EA0]
5 USBSTOR[0xF3209706] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\USBPDO-9[0x8A4D43A8]
7 usbhub[0xF6510596] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\USBPDO-1[0x8A38F450]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
error: Read Felaktig parameter.
.
============= FINISH: 0:01:33,79 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2009-06-28 22:48:24
System Uptime: 2012-03-25 22:46:56 (2 hours ago)
.
Motherboard: ASRock | | N61P-S
Processor: AMD Athlon(tm) 7750 Dual-Core Processor | CPUSocket | 2712/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 931 GiB total, 668,65 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 69,296 GiB free.
F: is FIXED (NTFS) - 186 GiB total, 140,893 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standardtangentbord)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&38D79619&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&38D79619&0
Service: i8042prt
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NETGEAR 108 Mbps Wireless PCI Adapter WG311T
Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_5A001385&REV_01\4&25700A26&0&4020
Manufacturer: Atheros
Name: NETGEAR 108 Mbps Wireless PCI Adapter WG311T
PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_5A001385&REV_01\4&25700A26&0&4020
Service: AR5416
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce 10/100 Mbps Ethernet
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD
.
==== System Restore Points ===================
.
RP675: 2012-01-10 23:22:28 - Systemkontrollpunkt
RP676: 2012-01-10 23:55:34 - Installed Ad-Aware
RP677: 2012-01-11 07:26:39 - Software Distribution Service 3.0
RP678: 2012-01-12 12:21:30 - Systemkontrollpunkt
RP679: 2012-01-13 15:45:51 - Systemkontrollpunkt
RP680: 2012-01-16 06:12:20 - Software Distribution Service 3.0
RP681: 2012-01-17 21:31:21 - Systemkontrollpunkt
RP682: 2012-01-19 09:08:10 - Systemkontrollpunkt
RP683: 2012-01-20 16:39:30 - Systemkontrollpunkt
RP684: 2012-01-22 12:39:28 - Systemkontrollpunkt
RP685: 2012-01-23 23:45:36 - Systemkontrollpunkt
RP686: 2012-01-25 16:23:28 - Systemkontrollpunkt
RP687: 2012-01-26 18:12:23 - Systemkontrollpunkt
RP688: 2012-01-28 14:49:20 - Systemkontrollpunkt
RP689: 2012-01-30 19:45:02 - Systemkontrollpunkt
RP690: 2012-02-02 13:01:45 - Systemkontrollpunkt
RP691: 2012-02-04 16:19:53 - Systemkontrollpunkt
RP692: 2012-02-05 17:09:49 - Systemkontrollpunkt
RP693: 2012-02-05 18:00:06 - DirectX har installerats
RP694: 2012-02-06 18:00:23 - Systemkontrollpunkt
RP695: 2012-02-08 13:17:00 - Systemkontrollpunkt
RP696: 2012-02-09 22:33:12 - Systemkontrollpunkt
RP697: 2012-02-11 14:17:36 - Systemkontrollpunkt
RP698: 2012-02-12 17:06:43 - Systemkontrollpunkt
RP699: 2012-02-15 15:17:50 - Systemkontrollpunkt
RP700: 2012-02-15 19:42:34 - Software Distribution Service 3.0
RP701: 2012-02-17 14:05:32 - Installed Curl RTE
RP702: 2012-02-18 19:46:22 - Systemkontrollpunkt
RP703: 2012-02-19 19:24:38 - Removed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
RP704: 2012-02-20 19:41:43 - Systemkontrollpunkt
RP705: 2012-02-21 20:04:08 - Systemkontrollpunkt
RP706: 2012-02-21 22:39:59 - Installed Windows XP Wdf01009.
RP707: 2012-02-22 12:11:18 - Software Distribution Service 3.0
RP708: 2012-02-23 19:26:03 - Systemkontrollpunkt
RP709: 2012-02-24 01:03:36 - Nokia Connectivity Cable Driver togs bort
RP710: 2012-02-25 17:17:35 - Systemkontrollpunkt
RP711: 2012-02-26 23:23:22 - Systemkontrollpunkt
RP712: 2012-02-28 20:31:17 - Systemkontrollpunkt
RP713: 2012-02-29 22:44:56 - Systemkontrollpunkt
RP714: 2012-03-03 14:38:18 - Systemkontrollpunkt
RP715: 2012-03-04 11:41:36 - Installerad Realtek High Definition Audio Driver
RP716: 2012-03-10 13:46:58 - Systemkontrollpunkt
RP717: 2012-03-11 15:42:12 - Systemkontrollpunkt
RP718: 2012-03-12 22:49:29 - Systemkontrollpunkt
RP719: 2012-03-13 22:44:53 - Software Distribution Service 3.0
RP720: 2012-03-14 23:15:53 - Systemkontrollpunkt
RP721: 2012-03-15 00:03:35 - Software Distribution Service 3.0
RP722: 2012-03-17 00:05:13 - Systemkontrollpunkt
RP723: 2012-03-18 00:10:39 - Systemkontrollpunkt
RP724: 2012-03-19 16:54:37 - Systemkontrollpunkt
RP725: 2012-03-20 17:27:39 - Systemkontrollpunkt
RP726: 2012-03-20 21:29:10 - Software Distribution Service 3.0
RP727: 2012-03-23 00:22:29 - Software Distribution Service 3.0
RP728: 2012-03-24 12:34:07 - Installed Ad-Aware
RP729: 2012-03-24 20:47:18 - Removed Ad-Aware
RP730: 2012-03-24 20:52:59 - Installed Ad-Aware
RP731: 2012-03-24 20:53:17 - Installed Ad-Aware
RP732: 2012-03-25 18:05:10 - Removed Java(TM) 6 Update 29
RP733: 2012-03-25 18:05:55 - Removed Java(TM) 6 Update 22
RP734: 2012-03-25 18:06:29 - Removed Java(TM) 6 Update 18
RP735: 2012-03-25 18:07:39 - Removed RuntimeLibsVC05
RP736: 2012-03-25 18:10:18 - PC Connectivity Solution togs bort
RP737: 2012-03-25 20:23:01 - Installed Java(TM) 6 Update 31
.
==== Installed Programs ======================
.
Ad-Aware
Ad-Aware Security Toolbar
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0 - Svenska
AGEIA PhysX v7.07.09
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Processor Driver
ANIO Service
ANIWZCS2 Service
Apple Application Support
Apple Software Update
ASRock IES
ASRock InstantBoot
ASRock OC Tuner
ASUS Gamer OSD
ASUS Smart Doctor
ASUS Utilities
ASUS VGA Driver
ASUS VideoSecurity Online
ATI AVIVO Codecs
ATI Catalyst Registration
ATI Parental Control & Encoder
µTorrent
Avira Free Antivirus
Battlestations Pacific
Battlestations: Pacific
Bridge Base Online
Bridge Bidding Trainer V2.0 Basic Edition
Call of Duty
Call of Duty: Modern Warfare 3 - Multiplayer
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CBLight 2009
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CIB pdf brewer 2.0.24
Command & Conquer Red Alert 2
Company of Heroes
Company of Heroes - FAKEMSI
Curl RTE 8.0.0
D-Link Wireless N DWA-140
Dead Space™
EA Download Manager
EA Download Manager UI
FLV Player 2.0 (build 25)
Google Earth
Google Update Helper
Guitar Pro 5.0
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life Deathmatch: Source
Homeworld2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2565057)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
hp deskjet 5100 series
Huawei Driver Installation
Icewind Dale
Icewind Dale II
Indeo® Software
Java(TM) 6 Update 31
Junk Mail filter update
K-Lite Mega Codec Pack 4.2.5
LightScribe 1.8.13.1
Malwarebytes Anti-Malware version 1.60.1.1000
Medal of Honor Airborne
Medal of Honor Pacific Assault(tm)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 1.1 Swedish Language Pack
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - SVE
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - SVE
Microsoft .NET Framework 3.5 Language Pack SP1 - sve
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Carioca Rummy
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Help Viewer 1.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Zoo Tycoon
Microsoft_VC100_CRT_SP1_x86
Mobile Broadband
Mozilla Firefox 11.0 (x86 sv-SE)
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 7 Essentials
neroxml
NVIDIA Drivers
OpenAL
OpenOffice.org 3.3
Python 2.7.1
QuickTime
Realtek High Definition Audio Driver
Return to Castle Wolfenstein - Platinum Edition
Samsung Auto Backup
Samsung SecretZone
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Windows Search 4 - KB963093
Segoe UI
Skype Click to Call
Skype™ 5.5
Snabbkorrigering för Windows Media Player 11 (KB939683)
Snabbkorrigering för Windows XP (KB2158563)
Snabbkorrigering för Windows XP (KB2443685)
Snabbkorrigering för Windows XP (KB2570791)
Snabbkorrigering för Windows XP (KB2633952)
Snabbkorrigering för Windows XP (KB938759)
Snabbkorrigering för Windows XP (KB942288-v3)
Snabbkorrigering för Windows XP (KB952287)
Snabbkorrigering för Windows XP (KB961118)
Snabbkorrigering för Windows XP (KB970653-v3)
Snabbkorrigering för Windows XP (KB976098-v2)
Snabbkorrigering för Windows XP (KB979306)
Snabbkorrigering för Windows XP (KB981793)
Säkerhetsuppdatering för Microsoft Windows (KB2564958)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2183461)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2360131)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2416400)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2482017)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2497640)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2510531)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2530548)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2544521)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2559049)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2586448)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2618444)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2647516)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB969897)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB971961)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB972260)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB974455)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB976325)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB978207)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB981332)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB982381)
Säkerhetsuppdatering för Windows Media Player (KB2378111)
Säkerhetsuppdatering för Windows Media Player (KB952069)
Säkerhetsuppdatering för Windows Media Player (KB954155)
Säkerhetsuppdatering för Windows Media Player (KB968816)
Säkerhetsuppdatering för Windows Media Player (KB973540)
Säkerhetsuppdatering för Windows Media Player (KB975558)
Säkerhetsuppdatering för Windows Media Player (KB978695)
Säkerhetsuppdatering för Windows Media Player 11 (KB936782)
Säkerhetsuppdatering för Windows Media Player 11 (KB954154)
Säkerhetsuppdatering för Windows XP (KB2079403)
Säkerhetsuppdatering för Windows XP (KB2115168)
Säkerhetsuppdatering för Windows XP (KB2121546)
Säkerhetsuppdatering för Windows XP (KB2160329)
Säkerhetsuppdatering för Windows XP (KB2229593)
Säkerhetsuppdatering för Windows XP (KB2259922)
Säkerhetsuppdatering för Windows XP (KB2279986)
Säkerhetsuppdatering för Windows XP (KB2286198)
Säkerhetsuppdatering för Windows XP (KB2296011)
Säkerhetsuppdatering för Windows XP (KB2296199)
Säkerhetsuppdatering för Windows XP (KB2347290)
Säkerhetsuppdatering för Windows XP (KB2360937)
Säkerhetsuppdatering för Windows XP (KB2387149)
Säkerhetsuppdatering för Windows XP (KB2393802)
Säkerhetsuppdatering för Windows XP (KB2412687)
Säkerhetsuppdatering för Windows XP (KB2419632)
Säkerhetsuppdatering för Windows XP (KB2423089)
Säkerhetsuppdatering för Windows XP (KB2436673)
Säkerhetsuppdatering för Windows XP (KB2440591)
Säkerhetsuppdatering för Windows XP (KB2443105)
Säkerhetsuppdatering för Windows XP (KB2476490)
Säkerhetsuppdatering för Windows XP (KB2476687)
Säkerhetsuppdatering för Windows XP (KB2478960)
Säkerhetsuppdatering för Windows XP (KB2478971)
Säkerhetsuppdatering för Windows XP (KB2479628)
Säkerhetsuppdatering för Windows XP (KB2479943)
Säkerhetsuppdatering för Windows XP (KB2481109)
Säkerhetsuppdatering för Windows XP (KB2483185)
Säkerhetsuppdatering för Windows XP (KB2485376)
Säkerhetsuppdatering för Windows XP (KB2485663)
Säkerhetsuppdatering för Windows XP (KB2503658)
Säkerhetsuppdatering för Windows XP (KB2503665)
Säkerhetsuppdatering för Windows XP (KB2506212)
Säkerhetsuppdatering för Windows XP (KB2506223)
Säkerhetsuppdatering för Windows XP (KB2507618)
Säkerhetsuppdatering för Windows XP (KB2507938)
Säkerhetsuppdatering för Windows XP (KB2508272)
Säkerhetsuppdatering för Windows XP (KB2508429)
Säkerhetsuppdatering för Windows XP (KB2509553)
Säkerhetsuppdatering för Windows XP (KB2511455)
Säkerhetsuppdatering för Windows XP (KB2524375)
Säkerhetsuppdatering för Windows XP (KB2535512)
Säkerhetsuppdatering för Windows XP (KB2536276-v2)
Säkerhetsuppdatering för Windows XP (KB2536276)
Säkerhetsuppdatering för Windows XP (KB2544893-v2)
Säkerhetsuppdatering för Windows XP (KB2544893)
Säkerhetsuppdatering för Windows XP (KB2555917)
Säkerhetsuppdatering för Windows XP (KB2562937)
Säkerhetsuppdatering för Windows XP (KB2566454)
Säkerhetsuppdatering för Windows XP (KB2567053)
Säkerhetsuppdatering för Windows XP (KB2567680)
Säkerhetsuppdatering för Windows XP (KB2570222)
Säkerhetsuppdatering för Windows XP (KB2570947)
Säkerhetsuppdatering för Windows XP (KB2584146)
Säkerhetsuppdatering för Windows XP (KB2585542)
Säkerhetsuppdatering för Windows XP (KB2592799)
Säkerhetsuppdatering för Windows XP (KB2598479)
Säkerhetsuppdatering för Windows XP (KB2603381)
Säkerhetsuppdatering för Windows XP (KB2618451)
Säkerhetsuppdatering för Windows XP (KB2619339)
Säkerhetsuppdatering för Windows XP (KB2620712)
Säkerhetsuppdatering för Windows XP (KB2621440)
Säkerhetsuppdatering för Windows XP (KB2624667)
Säkerhetsuppdatering för Windows XP (KB2631813)
Säkerhetsuppdatering för Windows XP (KB2633171)
Säkerhetsuppdatering för Windows XP (KB2639417)
Säkerhetsuppdatering för Windows XP (KB2641653)
Säkerhetsuppdatering för Windows XP (KB2646524)
Säkerhetsuppdatering för Windows XP (KB2647518)
Säkerhetsuppdatering för Windows XP (KB2660465)
Säkerhetsuppdatering för Windows XP (KB904706)
Säkerhetsuppdatering för Windows XP (KB923561)
Säkerhetsuppdatering för Windows XP (KB923789)
Säkerhetsuppdatering för Windows XP (KB938464-v2)
Säkerhetsuppdatering för Windows XP (KB941569)
Säkerhetsuppdatering för Windows XP (KB946648)
Säkerhetsuppdatering för Windows XP (KB950760)
Säkerhetsuppdatering för Windows XP (KB950762)
Säkerhetsuppdatering för Windows XP (KB950974)
Säkerhetsuppdatering för Windows XP (KB951066)
Säkerhetsuppdatering för Windows XP (KB951376-v2)
Säkerhetsuppdatering för Windows XP (KB951748)
Säkerhetsuppdatering för Windows XP (KB952004)
Säkerhetsuppdatering för Windows XP (KB952954)
Säkerhetsuppdatering för Windows XP (KB954459)
Säkerhetsuppdatering för Windows XP (KB954600)
Säkerhetsuppdatering för Windows XP (KB955069)
Säkerhetsuppdatering för Windows XP (KB956572)
Säkerhetsuppdatering för Windows XP (KB956744)
Säkerhetsuppdatering för Windows XP (KB956802)
Säkerhetsuppdatering för Windows XP (KB956803)
Säkerhetsuppdatering för Windows XP (KB956844)
Säkerhetsuppdatering för Windows XP (KB957097)
Säkerhetsuppdatering för Windows XP (KB958644)
Säkerhetsuppdatering för Windows XP (KB958687)
Säkerhetsuppdatering för Windows XP (KB958869)
Säkerhetsuppdatering för Windows XP (KB959426)
Säkerhetsuppdatering för Windows XP (KB960225)
Säkerhetsuppdatering för Windows XP (KB960803)
Säkerhetsuppdatering för Windows XP (KB960859)
Säkerhetsuppdatering för Windows XP (KB961371)
Säkerhetsuppdatering för Windows XP (KB961373)
Säkerhetsuppdatering för Windows XP (KB961501)
Säkerhetsuppdatering för Windows XP (KB968537)
Säkerhetsuppdatering för Windows XP (KB969059)
Säkerhetsuppdatering för Windows XP (KB969897)
Säkerhetsuppdatering för Windows XP (KB969898)
Säkerhetsuppdatering för Windows XP (KB969947)
Säkerhetsuppdatering för Windows XP (KB970238)
Säkerhetsuppdatering för Windows XP (KB970430)
Säkerhetsuppdatering för Windows XP (KB971468)
Säkerhetsuppdatering för Windows XP (KB971486)
Säkerhetsuppdatering för Windows XP (KB971557)
Säkerhetsuppdatering för Windows XP (KB971633)
Säkerhetsuppdatering för Windows XP (KB971657)
Säkerhetsuppdatering för Windows XP (KB972270)
Säkerhetsuppdatering för Windows XP (KB973346)
Säkerhetsuppdatering för Windows XP (KB973354)
Säkerhetsuppdatering för Windows XP (KB973507)
Säkerhetsuppdatering för Windows XP (KB973525)
Säkerhetsuppdatering för Windows XP (KB973869)
Säkerhetsuppdatering för Windows XP (KB973904)
Säkerhetsuppdatering för Windows XP (KB974112)
Säkerhetsuppdatering för Windows XP (KB974318)
Säkerhetsuppdatering för Windows XP (KB974392)
Säkerhetsuppdatering för Windows XP (KB974571)
Säkerhetsuppdatering för Windows XP (KB975025)
Säkerhetsuppdatering för Windows XP (KB975467)
Säkerhetsuppdatering för Windows XP (KB975560)
Säkerhetsuppdatering för Windows XP (KB975561)
Säkerhetsuppdatering för Windows XP (KB975562)
Säkerhetsuppdatering för Windows XP (KB975713)
Säkerhetsuppdatering för Windows XP (KB977165)
Säkerhetsuppdatering för Windows XP (KB977816)
Säkerhetsuppdatering för Windows XP (KB977914)
Säkerhetsuppdatering för Windows XP (KB978037)
Säkerhetsuppdatering för Windows XP (KB978251)
Säkerhetsuppdatering för Windows XP (KB978262)
Säkerhetsuppdatering för Windows XP (KB978338)
Säkerhetsuppdatering för Windows XP (KB978542)
Säkerhetsuppdatering för Windows XP (KB978601)
Säkerhetsuppdatering för Windows XP (KB978706)
Säkerhetsuppdatering för Windows XP (KB979309)
Säkerhetsuppdatering för Windows XP (KB979482)
Säkerhetsuppdatering för Windows XP (KB979559)
Säkerhetsuppdatering för Windows XP (KB979683)
Säkerhetsuppdatering för Windows XP (KB979687)
Säkerhetsuppdatering för Windows XP (KB980195)
Säkerhetsuppdatering för Windows XP (KB980218)
Säkerhetsuppdatering för Windows XP (KB980232)
Säkerhetsuppdatering för Windows XP (KB980436)
Säkerhetsuppdatering för Windows XP (KB981322)
Säkerhetsuppdatering för Windows XP (KB981852)
Säkerhetsuppdatering för Windows XP (KB981957)
Säkerhetsuppdatering för Windows XP (KB981997)
Säkerhetsuppdatering för Windows XP (KB982132)
Säkerhetsuppdatering för Windows XP (KB982214)
Säkerhetsuppdatering för Windows XP (KB982665)
Säkerhetsuppdatering för Windows XP (KB982802)
Sonic Foundry Sound Forge 6.0
SPORE™
Spotify
Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
Star Ruler
Steam
SwitchInTime
Team Fortress 2
The Lord of the Rings FREE Trial
The Rosetta Stone
TomTom HOME 2.8.1.2218
TomTom HOME Visual Studio Merge Modules
Ultima IX
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Uppdatering för Microsoft Windows (KB971513)
Uppdatering för Windows Internet Explorer 8 (KB2447568)
Uppdatering för Windows Internet Explorer 8 (KB2598845)
Uppdatering för Windows Internet Explorer 8 (KB2632503)
Uppdatering för Windows Internet Explorer 8 (KB971930)
Uppdatering för Windows Internet Explorer 8 (KB976662)
Uppdatering för Windows Internet Explorer 8 (KB976749)
Uppdatering för Windows Internet Explorer 8 (KB980182)
Uppdatering för Windows Internet Explorer 8 (KB982632)
Uppdatering för Windows Internet Explorer 8 (KB982664)
Uppdatering för Windows XP (KB2141007)
Uppdatering för Windows XP (KB2345886)
Uppdatering för Windows XP (KB2467659)
Uppdatering för Windows XP (KB2492386)
Uppdatering för Windows XP (KB2541763)
Uppdatering för Windows XP (KB2607712)
Uppdatering för Windows XP (KB2616676)
Uppdatering för Windows XP (KB2641690)
Uppdatering för Windows XP (KB951978)
Uppdatering för Windows XP (KB955759)
Uppdatering för Windows XP (KB955839)
Uppdatering för Windows XP (KB961503)
Uppdatering för Windows XP (KB967715)
Uppdatering för Windows XP (KB968389)
Uppdatering för Windows XP (KB971029)
Uppdatering för Windows XP (KB971737)
Uppdatering för Windows XP (KB973687)
Uppdatering för Windows XP (KB973815)
Warhammer 40,000: Dawn Of War - Gold Edition
Warhammer® 40,000®: Dawn of War® II – Retribution™
VC 9.0 Runtime
WebFldrs XP
Westwood Shared Internet Components
VideoLAN VLC media player 0.8.6a
Viktig uppdatering för Windows Media Player 11 (KB959772)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Voddler
Wolfenstein - Enemy Territory
World of Tanks v.0.6.5
XML Paper Specification Shared Components Language Pack 1.0
XviD MPEG-4 Video Codec
YAMAHA XG SoftSynthesizer S-YXG50
.
==== End Of File ===========================




That's it.
And of course, I'd really appreciate any help I can get.
I've checked some threads with impressive help, so thanks in advance :)
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================================================

You're running two AV programs, Lavasoft Ad-Watch Live! Anti-Virus and Avira.
One of them has to go.
I suggest Lavasoft goes.

Then...

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Results as per your instructions

Thanks a lot for the help!

Lavasoft went.
All this stuff is exciting. It's been 20+ years since I had any real knowledge of stuff like this, and the viral infections were not often stealthy or anything. So now I feel the urge to read up on rootkits and bootkits and whatever....

Here are the logs:

aswMBR:


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-26 01:07:15
-----------------------------
01:07:15.343 OS Version: Windows 5.1.2600 Service Pack 3
01:07:15.343 Number of processors: 2 586 0x203
01:07:15.343 ComputerName: PKNEW UserName: petka
01:07:17.968 Initialize success
01:11:02.109 AVAST engine defs: 12032501
01:12:12.531 Disk 0 \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path1Target1Lun0
01:12:12.546 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 476940MB BusType: 1
01:12:12.546 Device \Driver\USBSTOR -> DriverStartIo USBSTOR.SYS f320af26
01:12:12.562 Disk 2 MBR read successfully
01:12:12.562 Disk 2 MBR scan
01:12:12.906 Disk 2 Windows XP default MBR code
01:12:12.906 Disk 2 MBR hidden
01:12:12.953 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
01:12:13.046 Disk 2 scanning sectors +1953520065
01:12:13.250 Disk 2 scanning E:\WINDOWS\system32\drivers
01:12:34.359 Service scanning
01:12:56.375 Modules scanning
01:13:01.984 Disk 2 trace - called modules:
01:13:01.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys USBSTOR.SYS hal.dll usbhub.sys USBPORT.SYS usbehci.sys
01:13:01.984 1 nt!IofCallDriver -> \Device\Harddisk2\DR4[0x89510ab8]
01:13:01.984 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\0000008d[0x89705ea0]
01:13:02.000 5 USBSTOR.SYS[f3209706] -> nt!IofCallDriver -> \Device\USBPDO-9[0x8a4d43a8]
01:13:02.000 7 usbhub.sys[f6510596] -> nt!IofCallDriver -> \Device\USBPDO-1[0x8a38f450]
01:13:03.218 AVAST engine scan E:\WINDOWS
01:13:30.281 AVAST engine scan E:\WINDOWS\system32
01:18:59.843 AVAST engine scan E:\WINDOWS\system32\drivers
01:19:26.125 AVAST engine scan E:\Documents and Settings\petka.PKNEW
01:19:39.609 File: E:\Documents and Settings\petka.PKNEW\Application Data\Adobe\Flash Player\NativeCache\915E84FE7E8929AA0AF1E491D8AA8669\51a0797e\adobecp-200489-1.dll **INFECTED** Win32:Malware-gen
01:23:51.421 Disk 2 MBR has been saved successfully to "E:\Documents and Settings\petka.PKNEW\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\MBR.dat"
01:23:51.421 The log file has been saved successfully to "E:\Documents and Settings\petka.PKNEW\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\aswMBR.txt"


Bootkit remover:

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\E:
\\.\E: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Completed, waiting for reboot

I'm on my laptop in parallell.

It found and zapped something, sinowa or similar name.
Reboot was required, which I am performing now.
Log will be forthcoming.
So far this is..... *wow*

Read up on rootkits and bootkits.
Boy am I glad I adressed the problem as soon as I saw it.
I sure hope we can stomp it.
 
Log file from TDSSkiller

After reboot a number of cmd.exe windows appeared and disappeared, then windows continued as usual.

The rootkit seems to "Sinowal.b" according to the log


TDSSkiller:

01:48:29.0828 4384 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
01:48:30.0156 4384 ============================================================
01:48:30.0156 4384 Current date / time: 2012/03/26 01:48:30.0156
01:48:30.0156 4384 SystemInfo:
01:48:30.0156 4384
01:48:30.0156 4384 OS Version: 5.1.2600 ServicePack: 3.0
01:48:30.0156 4384 Product type: Workstation
01:48:30.0156 4384 ComputerName: PKNEW
01:48:30.0156 4384 UserName: petka
01:48:30.0156 4384 Windows directory: E:\WINDOWS
01:48:30.0156 4384 System windows directory: E:\WINDOWS
01:48:30.0156 4384 Processor architecture: Intel x86
01:48:30.0156 4384 Number of processors: 2
01:48:30.0156 4384 Page size: 0x1000
01:48:30.0156 4384 Boot type: Normal boot
01:48:30.0156 4384 ============================================================
01:48:33.0000 4384 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
01:48:33.0062 4384 Drive \Device\Harddisk1\DR2 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:48:33.0093 4384 Drive \Device\Harddisk2\DR4 - Size: 0xE8E0DA0000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:48:33.0109 4384 \Device\Harddisk0\DR0:
01:48:33.0109 4384 MBR used
01:48:33.0109 4384 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
01:48:33.0109 4384 \Device\Harddisk1\DR2:
01:48:33.0109 4384 MBR used
01:48:33.0109 4384 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
01:48:33.0109 4384 \Device\Harddisk2\DR4:
01:48:33.0109 4384 MBR used
01:48:33.0109 4384 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
01:48:33.0234 4384 Initialize success
01:48:33.0234 4384 ============================================================
01:48:37.0687 5300 ============================================================
01:48:37.0687 5300 Scan started
01:48:37.0687 5300 Mode: Manual;
01:48:37.0687 5300 ============================================================
01:48:39.0265 5300 80czzt43.sys - ok
01:48:39.0312 5300 Abiosdsk - ok
01:48:39.0468 5300 abp480n5 - ok
01:48:39.0796 5300 ACPI (48547e29772befe3c554ff5e4855bf51) E:\WINDOWS\system32\DRIVERS\ACPI.sys
01:48:39.0796 5300 ACPI - ok
01:48:39.0906 5300 ACPIEC (decedc736cef3c0fff6e981b31e73a61) E:\WINDOWS\system32\drivers\ACPIEC.sys
01:48:39.0953 5300 ACPIEC - ok
01:48:40.0015 5300 adpu160m - ok
01:48:40.0109 5300 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys
01:48:40.0125 5300 aec - ok
01:48:40.0171 5300 AFD (1e44bc1e83d8fd2305f8d452db109cf9) E:\WINDOWS\System32\drivers\afd.sys
01:48:40.0171 5300 AFD - ok
01:48:40.0250 5300 Aha154x - ok
01:48:40.0281 5300 aic78u2 - ok
01:48:40.0375 5300 aic78xx - ok
01:48:40.0500 5300 Alerter (7e3c83703327499d0b98ae392ff07ede) E:\WINDOWS\system32\alrsvc.dll
01:48:40.0531 5300 Alerter - ok
01:48:40.0593 5300 ALG (5df46f9ad9c1d611a38af2abb9365b5b) E:\WINDOWS\System32\alg.exe
01:48:40.0625 5300 ALG - ok
01:48:40.0656 5300 AliIde - ok
01:48:40.0781 5300 Ambfilt (267fc636801edc5ab28e14036349e3be) E:\WINDOWS\system32\drivers\Ambfilt.sys
01:48:40.0875 5300 Ambfilt - ok
01:48:40.0937 5300 AmdPPM (033448d435e65c4bd72e70521fd05c76) E:\WINDOWS\system32\DRIVERS\AmdPPM.sys
01:48:40.0953 5300 AmdPPM - ok
01:48:41.0000 5300 amsint - ok
01:48:41.0109 5300 ANIO (2953a157a783bfc06f42f99fefa5eb07) E:\WINDOWS\system32\ANIO.SYS
01:48:41.0125 5300 ANIO - ok
01:48:41.0187 5300 ANIWConnService (2d007966bb8a6c89433766e3d682bbec) E:\WINDOWS\system32\ANIWConnService.exe
01:48:41.0218 5300 ANIWConnService - ok
01:48:41.0390 5300 ANIWZCSdService (aa3d68f26b2a27f660afc46039b061a4) E:\Program\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
01:48:41.0437 5300 ANIWZCSdService - ok
01:48:41.0687 5300 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) E:\Program\Avira\AntiVir Desktop\sched.exe
01:48:41.0703 5300 AntiVirSchedulerService - ok
01:48:41.0734 5300 AntiVirService (42f88bfbb76f7a63e381829479b18518) E:\Program\Avira\AntiVir Desktop\avguard.exe
01:48:41.0734 5300 AntiVirService - ok
01:48:42.0265 5300 AppMgmt (6912d676607594c3554c2e43f4b1feee) E:\WINDOWS\System32\appmgmts.dll
01:48:42.0281 5300 AppMgmt - ok
01:48:42.0640 5300 AR5416 (00e031fe2d849be503fc4a47271f1ea5) E:\WINDOWS\system32\DRIVERS\athw.sys
01:48:43.0312 5300 AR5416 - ok
01:48:44.0375 5300 asc - ok
01:48:45.0375 5300 asc3350p - ok
01:48:46.0375 5300 asc3550 - ok
01:48:47.0156 5300 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
01:48:47.0578 5300 aspnet_state - ok
01:48:48.0796 5300 asusgsb (d320732bcf5ff856120bd06855c66867) E:\WINDOWS\system32\drivers\asusgsb.sys
01:48:48.0843 5300 asusgsb - ok
01:48:49.0265 5300 asuskbnt (b3b881eb81013aac11594a5400ada47a) E:\WINDOWS\system32\drivers\atkkbnt.sys
01:48:49.0265 5300 asuskbnt - ok
01:48:49.0359 5300 ASUSVRC (94442e3029ff6c9f08140fe6718af4fb) E:\WINDOWS\system32\DRIVERS\AsusVRC.sys
01:48:49.0359 5300 ASUSVRC - ok
01:48:49.0468 5300 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:48:49.0468 5300 AsyncMac - ok
01:48:49.0562 5300 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys
01:48:49.0562 5300 atapi - ok
01:48:49.0640 5300 Atdisk - ok
01:48:49.0859 5300 Ati HotKey Poller (944e535926628fb2fa33435eb848f94e) E:\WINDOWS\system32\Ati2evxx.exe
01:48:49.0890 5300 Ati HotKey Poller - ok
01:48:50.0062 5300 ATI Smart (b9cb37e2393fca35d0505cda5703cbdc) E:\WINDOWS\system32\ati2sgag.exe
01:48:50.0062 5300 ATI Smart - ok
01:48:51.0250 5300 ati2mtag (0997918a56a6e09ddf7bdfc0ebe8a99d) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys
01:48:52.0421 5300 ati2mtag - ok
01:48:53.0078 5300 AtiHDAudioService (bd9ca8136738040d3257363ed12be693) E:\WINDOWS\system32\drivers\AtihdXP3.sys
01:48:53.0093 5300 AtiHDAudioService - ok
01:48:53.0156 5300 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) E:\WINDOWS\system32\drivers\AtiHdmi.sys
01:48:53.0171 5300 AtiHdmiService - ok
01:48:53.0281 5300 ATKKeyboardService (df70303547e59f09dcd32983100edcd1) E:\WINDOWS\ATKKBService.exe
01:48:54.0859 5300 ATKKeyboardService - ok
01:48:55.0359 5300 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:48:55.0359 5300 Atmarpc - ok
01:48:55.0500 5300 AudioSrv (73f7604cfb13a066a93442f431c62c4a) E:\WINDOWS\System32\audiosrv.dll
01:48:55.0531 5300 AudioSrv - ok
01:48:55.0640 5300 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys
01:48:55.0640 5300 audstub - ok
01:48:55.0687 5300 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) E:\WINDOWS\system32\DRIVERS\avgntflt.sys
01:48:55.0703 5300 avgntflt - ok
01:48:55.0781 5300 avipbb (13b02b9b969dde270cd7c351203dad3c) E:\WINDOWS\system32\DRIVERS\avipbb.sys
01:48:55.0796 5300 avipbb - ok
01:48:55.0843 5300 avkmgr (271cfd1a989209b1964e24d969552bf7) E:\WINDOWS\system32\DRIVERS\avkmgr.sys
01:48:55.0843 5300 avkmgr - ok
01:48:55.0968 5300 AWINDIS5 (f62b70d3209e38a6c19a03109a25b903) E:\WINDOWS\system32\AWINDIS5.SYS
01:48:55.0968 5300 AWINDIS5 - ok
01:48:56.0046 5300 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys
01:48:56.0078 5300 Beep - ok
01:48:56.0281 5300 BITS (9741942a86e579231d3c41aa51de042f) E:\WINDOWS\system32\qmgr.dll
01:48:56.0406 5300 BITS - ok
01:48:56.0500 5300 Browser (e0d4a1cc49efb58a32b5e9d35798c9dd) E:\WINDOWS\System32\browser.dll
01:48:56.0531 5300 Browser - ok
01:48:56.0593 5300 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys
01:48:56.0593 5300 cbidf2k - ok
01:48:56.0671 5300 CCDECODE (0be5aef125be881c4f854c554f2b025c) E:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:48:56.0718 5300 CCDECODE - ok
01:48:56.0765 5300 cd20xrnt - ok
01:48:56.0828 5300 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys
01:48:56.0828 5300 Cdaudio - ok
01:48:56.0890 5300 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys
01:48:56.0906 5300 Cdfs - ok
01:48:57.0015 5300 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys
01:48:57.0015 5300 Cdrom - ok
01:48:57.0062 5300 Changer - ok
01:48:57.0156 5300 CiSvc (359c676391504438f334478585fd6465) E:\WINDOWS\system32\cisvc.exe
01:48:57.0156 5300 CiSvc - ok
01:48:57.0203 5300 ClipSrv (b8345830c5d789d3da21b91c0c94d086) E:\WINDOWS\system32\clipsrv.exe
01:48:57.0218 5300 ClipSrv - ok
01:48:57.0328 5300 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:48:57.0453 5300 clr_optimization_v2.0.50727_32 - ok
01:48:57.0593 5300 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:48:57.0734 5300 clr_optimization_v4.0.30319_32 - ok
01:48:58.0000 5300 CmdIde - ok
01:48:58.0078 5300 COMSysApp - ok
01:48:58.0140 5300 Cpqarray - ok
01:48:58.0218 5300 CryptSvc (04fd6585508a7320b2c7453ced231d6b) E:\WINDOWS\System32\cryptsvc.dll
01:48:58.0234 5300 CryptSvc - ok
01:48:58.0281 5300 dac2w2k - ok
01:48:58.0328 5300 dac960nt - ok
01:48:58.0515 5300 DcomLaunch (87dadc3f6e6cd5aaeb913e19cbff922c) E:\WINDOWS\system32\rpcss.dll
01:48:58.0531 5300 DcomLaunch - ok
01:48:58.0593 5300 Dhcp (0ce3fa1c1a6803b34022d6c47273930d) E:\WINDOWS\System32\dhcpcsvc.dll
01:48:58.0609 5300 Dhcp - ok
01:48:58.0718 5300 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys
01:48:58.0718 5300 Disk - ok
01:48:58.0750 5300 dmadmin - ok
01:48:58.0890 5300 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) E:\WINDOWS\system32\drivers\dmboot.sys
01:48:58.0906 5300 dmboot - ok
01:48:58.0937 5300 dmio (41862731f82be80f0cfba5d0da36b683) E:\WINDOWS\system32\drivers\dmio.sys
01:48:58.0984 5300 dmio - ok
01:48:59.0078 5300 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys
01:48:59.0093 5300 dmload - ok
01:48:59.0171 5300 dmserver (77db107fd2d8de42b3adc7fce084f653) E:\WINDOWS\System32\dmserver.dll
01:48:59.0171 5300 dmserver - ok
01:48:59.0281 5300 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys
01:48:59.0281 5300 DMusic - ok
01:48:59.0390 5300 Dnscache (efac4d4c80ccd725cc5bd7d3dbf18c74) E:\WINDOWS\System32\dnsrslvr.dll
01:48:59.0406 5300 Dnscache - ok
01:48:59.0468 5300 Dot3svc (c3c6cf67796acdd8329cb0e44367a1eb) E:\WINDOWS\System32\dot3svc.dll
01:48:59.0468 5300 Dot3svc - ok
01:48:59.0500 5300 dpti2o - ok
01:48:59.0578 5300 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys
01:48:59.0578 5300 drmkaud - ok
01:48:59.0718 5300 EapHost (d9cabe63af4bc951302d9e508cb5599a) E:\WINDOWS\System32\eapsvc.dll
01:48:59.0718 5300 EapHost - ok
01:48:59.0843 5300 ERSvc (bc5287dc6dc7ebb13aa825caa6482f94) E:\WINDOWS\System32\ersvc.dll
01:48:59.0859 5300 ERSvc - ok
01:48:59.0953 5300 Eventlog (8870b0c4a094c1ce80cea6f85fa38ff2) E:\WINDOWS\system32\services.exe
01:48:59.0953 5300 Eventlog - ok
01:49:00.0125 5300 EventSystem (01cec6de315f1a06ce5aa70009c6979e) E:\WINDOWS\System32\es.dll
01:49:00.0125 5300 EventSystem - ok
01:49:00.0218 5300 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys
01:49:00.0218 5300 Fastfat - ok
01:49:00.0296 5300 FastUserSwitchingCompatibility (c5684b98920f9ba98d6a33701ca816e6) E:\WINDOWS\System32\shsvcs.dll
01:49:00.0296 5300 FastUserSwitchingCompatibility - ok
01:49:00.0390 5300 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\drivers\Fdc.sys
01:49:00.0406 5300 Fdc - ok
01:49:00.0468 5300 Fips (b66ddb75642f6722468707840c67a394) E:\WINDOWS\system32\drivers\Fips.sys
01:49:00.0484 5300 Fips - ok
01:49:00.0515 5300 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\drivers\Flpydisk.sys
01:49:00.0562 5300 Flpydisk - ok
01:49:00.0625 5300 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys
01:49:00.0625 5300 FltMgr - ok
01:49:00.0796 5300 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:49:00.0875 5300 FontCache3.0.0.0 - ok
01:49:00.0984 5300 fssfltr (e0087225b137e57239ff40f8ae82059b) E:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
01:49:00.0984 5300 fssfltr - ok
01:49:01.0156 5300 fsssvc (45b52394f9624237f33a8a3d73c0b221) E:\Program\Windows Live\Family Safety\fsssvc.exe
01:49:01.0265 5300 fsssvc - ok
01:49:01.0343 5300 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys
01:49:01.0343 5300 Fs_Rec - ok
01:49:01.0406 5300 Ftdisk (45fc410cfe68ff036ad232a141e69c19) E:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:49:01.0437 5300 Ftdisk - ok
01:49:01.0531 5300 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys
01:49:01.0546 5300 Gpc - ok
01:49:01.0640 5300 gupdate (f02a533f517eb38333cb12a9e8963773) E:\Program\Google\Update\GoogleUpdate.exe
01:49:01.0640 5300 gupdate - ok
01:49:01.0656 5300 gupdatem (f02a533f517eb38333cb12a9e8963773) E:\Program\Google\Update\GoogleUpdate.exe
01:49:01.0656 5300 gupdatem - ok
01:49:01.0796 5300 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys
01:49:01.0796 5300 HDAudBus - ok
01:49:01.0875 5300 helpsvc (202c95f334c53a5a8bd0d8465512b3f4) E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:49:01.0890 5300 helpsvc - ok
01:49:01.0984 5300 HidServ (71aace06b5f93cf02d05e4e2ec479aac) E:\WINDOWS\System32\hidserv.dll
01:49:01.0984 5300 HidServ - ok
01:49:02.0093 5300 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys
01:49:02.0125 5300 HidUsb - ok
01:49:02.0265 5300 hkmsvc (98580e101404565700fd12e03f7ee056) E:\WINDOWS\System32\kmsvc.dll
01:49:02.0265 5300 hkmsvc - ok
01:49:03.0828 5300 hpdj - ok
01:49:04.0281 5300 hpn - ok
01:49:04.0390 5300 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys
01:49:04.0390 5300 HTTP - ok
01:49:04.0453 5300 HTTPFilter (f504d07cb25d62ab8d079c1f868651ae) E:\WINDOWS\System32\w3ssl.dll
01:49:04.0484 5300 HTTPFilter - ok
01:49:04.0546 5300 hwdatacard (8adf5ef39e896a65beded878494ee2b6) E:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
01:49:04.0562 5300 hwdatacard - ok
01:49:04.0593 5300 hwusbfake (9be5caeabc6b2eb98b3a4839a55d47a0) E:\WINDOWS\system32\DRIVERS\ewusbfake.sys
01:49:04.0609 5300 hwusbfake - ok
01:49:04.0625 5300 i2omgmt - ok
01:49:04.0671 5300 i2omp - ok
01:49:04.0781 5300 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) E:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:49:04.0812 5300 i8042prt - ok
01:49:04.0984 5300 IDriverT (1cf03c69b49acb70c722df92755c0c8c) E:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
01:49:05.0062 5300 IDriverT - ok
01:49:05.0265 5300 idsvc (c01ac32dc5c03076cfb852cb5da5229c) e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:49:05.0437 5300 idsvc - ok
01:49:05.0750 5300 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys
01:49:05.0765 5300 Imapi - ok
01:49:05.0859 5300 ImapiService (891b69c3de6c55a7868b3bb52bc131aa) E:\WINDOWS\System32\imapi.exe
01:49:05.0859 5300 ImapiService - ok
01:49:05.0968 5300 InCDfs (2a53addc15aa64de9514644b87cce9a2) E:\WINDOWS\system32\drivers\InCDFs.sys
01:49:05.0968 5300 InCDfs - ok
01:49:06.0062 5300 InCDPass (f9347325c191967bdc650aa111f4b20d) E:\WINDOWS\system32\drivers\InCDPass.sys
01:49:06.0078 5300 InCDPass - ok
01:49:06.0156 5300 InCDrec (fbf17b1343790ff043225ef00a265ea1) E:\WINDOWS\system32\drivers\InCDrec.sys
01:49:06.0156 5300 InCDrec - ok
01:49:06.0265 5300 incdrm (ec4fbf978ccddc7d4736467879559e43) E:\WINDOWS\system32\drivers\InCDRm.sys
01:49:06.0265 5300 incdrm - ok
01:49:06.0531 5300 InCDsrv (dd3fad2cb414ad310b21fc9efa89abc4) E:\Program\Nero\Nero 7\InCD\InCDsrv.exe
01:49:06.0546 5300 InCDsrv - ok
01:49:06.0593 5300 ini910u - ok
01:49:07.0359 5300 IntcAzAudAddService (5d138adc44c43bf37634c8e528d75b1f) E:\WINDOWS\system32\drivers\RtkHDAud.sys
01:49:07.0562 5300 IntcAzAudAddService - ok
01:49:08.0031 5300 IntelIde - ok
01:49:08.0171 5300 ip6fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys
01:49:08.0171 5300 ip6fw - ok
01:49:08.0250 5300 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:49:08.0281 5300 IpFilterDriver - ok
01:49:08.0343 5300 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys
01:49:08.0359 5300 IpInIp - ok
01:49:08.0453 5300 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys
01:49:08.0468 5300 IpNat - ok
01:49:08.0546 5300 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys
01:49:08.0562 5300 IPSec - ok
01:49:08.0625 5300 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys
01:49:08.0640 5300 IRENUM - ok
01:49:08.0718 5300 isapnp (48f97c77daf8811598cfae21368eacb6) E:\WINDOWS\system32\DRIVERS\isapnp.sys
01:49:08.0718 5300 isapnp - ok
01:49:09.0031 5300 JavaQuickStarterService (0a5709543986843d37a92290b7838340) E:\Program\Java\jre6\bin\jqs.exe
01:49:09.0078 5300 JavaQuickStarterService - ok
01:49:09.0234 5300 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) E:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:49:09.0250 5300 Kbdclass - ok
01:49:09.0343 5300 kbdhid (e1e28876fe7602b0a1d040354de35c06) E:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:49:09.0343 5300 kbdhid - ok
01:49:09.0484 5300 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys
01:49:09.0500 5300 kmixer - ok
01:49:09.0562 5300 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys
01:49:09.0562 5300 KSecDD - ok
01:49:09.0640 5300 lanmanserver (2c633a578d5adaaa821c675d65f959c5) E:\WINDOWS\System32\srvsvc.dll
01:49:09.0671 5300 lanmanserver - ok
01:49:09.0781 5300 lanmanworkstation (eaa41d225b9da1314e0977c774864430) E:\WINDOWS\System32\wkssvc.dll
01:49:09.0781 5300 lanmanworkstation - ok
01:49:09.0921 5300 Lavasoft Kernexplorer - ok
01:49:09.0968 5300 Lbd - ok
01:49:10.0031 5300 lbrtfdc - ok
01:49:10.0171 5300 LightScribeService (98d884adc0b8c0febcc9d7bee6d86f90) E:\Program\Delade filer\LightScribe\LSSrvc.exe
01:49:10.0171 5300 LightScribeService - ok
01:49:10.0250 5300 LmHosts (ee155cf65cdc8be1b4effa24a69fc924) E:\WINDOWS\System32\lmhsvc.dll
01:49:10.0281 5300 LmHosts - ok
01:49:10.0359 5300 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) E:\WINDOWS\system32\drivers\mbam.sys
01:49:10.0359 5300 MBAMProtector - ok
01:49:10.0453 5300 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) E:\Program\Malwarebytes' Anti-Malware\mbamservice.exe
01:49:10.0484 5300 MBAMService - ok
01:49:10.0562 5300 mdf15 (7ad11a5b5ea3bb3093a24c85e653ce54) E:\Program\Clarus\Samsung SecretZone\mdf15.sys
01:49:10.0578 5300 mdf15 - ok
01:49:10.0640 5300 Messenger (363e8ebae26bb8b4987c91b4d3ce0f54) E:\WINDOWS\System32\msgsvc.dll
01:49:10.0640 5300 Messenger - ok
01:49:10.0734 5300 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys
01:49:10.0734 5300 mnmdd - ok
01:49:10.0828 5300 mnmsrvc (2bc41300b822562ac0a524dcdd2da027) E:\WINDOWS\System32\mnmsrvc.exe
01:49:10.0843 5300 mnmsrvc - ok
01:49:10.0921 5300 Modem (42ce19726d9c410dff75d3ff1cc79db2) E:\WINDOWS\system32\drivers\Modem.sys
01:49:10.0921 5300 Modem - ok
01:49:11.0062 5300 Monfilt (c7d9f9717916b34c1b00dd4834af485c) E:\WINDOWS\system32\drivers\Monfilt.sys
01:49:11.0109 5300 Monfilt - ok
01:49:11.0171 5300 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) E:\WINDOWS\system32\DRIVERS\mouclass.sys
01:49:11.0171 5300 Mouclass - ok
01:49:11.0265 5300 mouhid (98e474ecf11f1db62fb072157a95ea83) E:\WINDOWS\system32\DRIVERS\mouhid.sys
01:49:11.0265 5300 mouhid - ok
01:49:11.0328 5300 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys
01:49:11.0359 5300 MountMgr - ok
01:49:11.0375 5300 mraid35x - ok
01:49:11.0531 5300 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:49:11.0546 5300 MRxDAV - ok
01:49:11.0671 5300 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:49:11.0687 5300 MRxSmb - ok
01:49:11.0765 5300 MSDTC (7a73fdeef6cf45d27edd73220eaf1c8f) E:\WINDOWS\System32\msdtc.exe
01:49:11.0765 5300 MSDTC - ok
01:49:11.0890 5300 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys
01:49:11.0890 5300 Msfs - ok
01:49:12.0000 5300 MSIServer - ok
01:49:12.0078 5300 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys
01:49:12.0078 5300 MSKSSRV - ok
01:49:12.0187 5300 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:49:12.0187 5300 MSPCLOCK - ok
01:49:12.0281 5300 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys
01:49:12.0281 5300 MSPQM - ok
01:49:12.0390 5300 MSR Service (9da8fd98e368730e38589aa1952ac37f) E:\Program\Clarus\Samsung SecretZone\MSSvc.exe
01:49:12.0390 5300 MSR Service - ok
01:49:12.0515 5300 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:49:12.0515 5300 mssmbios - ok
01:49:12.0578 5300 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) E:\WINDOWS\system32\drivers\MSTEE.sys
01:49:12.0578 5300 MSTEE - ok
01:49:12.0625 5300 Mup (de6a75f5c270e756c5508d94b6cf68f5) E:\WINDOWS\system32\drivers\Mup.sys
01:49:12.0625 5300 Mup - ok
01:49:12.0718 5300 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:49:12.0718 5300 NABTSFEC - ok
01:49:12.0765 5300 napagent (28d11a2ecdfcb280624bd7006d85c38e) E:\WINDOWS\System32\qagentrt.dll
01:49:12.0765 5300 napagent - ok
01:49:12.0828 5300 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys
01:49:12.0843 5300 NDIS - ok
01:49:12.0906 5300 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) E:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:49:12.0937 5300 NdisIP - ok
01:49:13.0000 5300 NdisTapi (0109c4f3850dfbab279542515386ae22) E:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:49:13.0000 5300 NdisTapi - ok
01:49:13.0062 5300 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:49:13.0062 5300 Ndisuio - ok
01:49:13.0125 5300 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:49:13.0125 5300 NdisWan - ok
01:49:13.0218 5300 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) E:\WINDOWS\system32\drivers\NDProxy.sys
01:49:13.0218 5300 NDProxy - ok
01:49:13.0281 5300 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys
01:49:13.0312 5300 NetBIOS - ok
01:49:13.0406 5300 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys
01:49:13.0406 5300 NetBT - ok
01:49:13.0484 5300 NetDDE (5a922c8e35bf372f3dd3ec61345634b7) E:\WINDOWS\system32\netdde.exe
01:49:13.0500 5300 NetDDE - ok
01:49:13.0500 5300 NetDDEdsdm (5a922c8e35bf372f3dd3ec61345634b7) E:\WINDOWS\system32\netdde.exe
01:49:13.0500 5300 NetDDEdsdm - ok
01:49:13.0546 5300 NETGEAR_WG311T_SERVICE - ok
01:49:13.0609 5300 Netlogon (ff1805d5daf41625af5282750d4a3700) E:\WINDOWS\System32\lsass.exe
01:49:13.0609 5300 Netlogon - ok
01:49:13.0750 5300 Netman (7f791c1c9d3fec5d3f519c9db19465d3) E:\WINDOWS\System32\netman.dll
01:49:13.0781 5300 Netman - ok
01:49:13.0968 5300 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:49:14.0031 5300 NetTcpPortSharing - ok
01:49:14.0109 5300 Nla (d080a76f42dfe1e7af0c069ae5bad8fc) E:\WINDOWS\System32\mswsock.dll
01:49:14.0109 5300 Nla - ok
01:49:14.0328 5300 NMIndexingService (060daf68493ad7adf104413e5a62afa8) E:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
01:49:14.0406 5300 NMIndexingService - ok
01:49:14.0500 5300 nosGetPlusHelper (ef7a048fe8e3f102c78c9bd7c448bb6c) E:\Program\NOS\bin\getPlus_Helper_3004.dll
01:49:14.0546 5300 nosGetPlusHelper - ok
01:49:14.0671 5300 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys
01:49:14.0671 5300 Npfs - ok
01:49:14.0812 5300 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys
01:49:14.0812 5300 Ntfs - ok
01:49:14.0921 5300 NtLmSsp (ff1805d5daf41625af5282750d4a3700) E:\WINDOWS\System32\lsass.exe
01:49:14.0921 5300 NtLmSsp - ok
01:49:14.0984 5300 NtmsSvc (5fd9f539baf23288d131f1b709a62807) E:\WINDOWS\system32\ntmssvc.dll
01:49:15.0015 5300 NtmsSvc - ok
01:49:15.0125 5300 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys
01:49:15.0125 5300 Null - ok
01:49:15.0218 5300 NVENETFD (fb571595404ffdc5006540cffcfa88e4) E:\WINDOWS\system32\DRIVERS\NVENETFD.sys
01:49:15.0234 5300 NVENETFD - ok
01:49:15.0281 5300 nvgts (a117466b0acb13288deee4f2e936e67f) E:\WINDOWS\system32\DRIVERS\nvgts.sys
01:49:15.0281 5300 nvgts - ok
01:49:15.0437 5300 nvnetbus (be8513730653384939a4d2d977c81027) E:\WINDOWS\system32\DRIVERS\nvnetbus.sys
01:49:15.0437 5300 nvnetbus - ok
01:49:15.0562 5300 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:49:15.0562 5300 NwlnkFlt - ok
01:49:15.0625 5300 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:49:15.0625 5300 NwlnkFwd - ok
01:49:15.0718 5300 Parport (19e28ed86e7244d76fda792c2810188e) E:\WINDOWS\system32\DRIVERS\parport.sys
01:49:15.0718 5300 Parport - ok
01:49:15.0765 5300 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys
01:49:15.0765 5300 PartMgr - ok
01:49:15.0843 5300 ParVdm (5cf71e14a108c492c1fb07543d579af5) E:\WINDOWS\system32\drivers\ParVdm.sys
01:49:15.0859 5300 ParVdm - ok
01:49:15.0906 5300 pccsmcfd (fd2041e9ba03db7764b2248f02475079) E:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
01:49:15.0906 5300 pccsmcfd - ok
01:49:15.0937 5300 PCI (8a185f0112cf5b42ff1aaff31b8b3091) E:\WINDOWS\system32\DRIVERS\pci.sys
01:49:15.0968 5300 PCI - ok
01:49:16.0031 5300 PCIDump - ok
01:49:16.0093 5300 PCIIde (239de4275ee40fdf9912761467025244) E:\WINDOWS\system32\DRIVERS\pciide.sys
01:49:16.0093 5300 PCIIde - ok
01:49:16.0203 5300 Pcmcia (904053aa6e251c77cf85371ce644cfd7) E:\WINDOWS\system32\drivers\Pcmcia.sys
01:49:16.0218 5300 Pcmcia - ok
01:49:16.0234 5300 PDCOMP - ok
01:49:16.0281 5300 PDFRAME - ok
01:49:16.0312 5300 PDRELI - ok
01:49:16.0390 5300 PDRFRAME - ok
01:49:16.0421 5300 perc2 - ok
01:49:16.0500 5300 perc2hib - ok
01:49:16.0593 5300 PlugPlay (8870b0c4a094c1ce80cea6f85fa38ff2) E:\WINDOWS\system32\services.exe
01:49:16.0593 5300 PlugPlay - ok
01:49:16.0781 5300 PnkBstrA (c183b7e8c4dd96af66d7ace48d2d9b05) E:\Program\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
01:49:16.0781 5300 PnkBstrA - ok
01:49:16.0843 5300 PolicyAgent (ff1805d5daf41625af5282750d4a3700) E:\WINDOWS\System32\lsass.exe
01:49:16.0859 5300 PolicyAgent - ok
01:49:16.0937 5300 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys
01:49:16.0953 5300 PptpMiniport - ok
01:49:17.0000 5300 Processor (992e4b2a91e6a2f3d21de89b9273353a) E:\WINDOWS\system32\DRIVERS\processr.sys
01:49:17.0015 5300 Processor - ok
01:49:17.0046 5300 ProtectedStorage (ff1805d5daf41625af5282750d4a3700) E:\WINDOWS\system32\lsass.exe
01:49:17.0046 5300 ProtectedStorage - ok
01:49:17.0125 5300 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys
01:49:17.0125 5300 PSched - ok
01:49:17.0171 5300 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys
01:49:17.0171 5300 Ptilink - ok
01:49:17.0187 5300 ql1080 - ok
01:49:17.0218 5300 Ql10wnt - ok
01:49:17.0250 5300 ql12160 - ok
01:49:17.0281 5300 ql1240 - ok
01:49:17.0328 5300 ql1280 - ok
01:49:17.0375 5300 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys
01:49:17.0390 5300 RasAcd - ok
01:49:17.0515 5300 RasAuto (15d787dffce46cfc4c7f567095ce8323) E:\WINDOWS\System32\rasauto.dll
01:49:17.0515 5300 RasAuto - ok
01:49:17.0593 5300 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:49:17.0609 5300 Rasl2tp - ok
01:49:17.0656 5300 RasMan (1e86de6b0df33953cf9ce449dd6e8442) E:\WINDOWS\System32\rasmans.dll
01:49:17.0656 5300 RasMan - ok
01:49:17.0734 5300 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:49:17.0750 5300 RasPppoe - ok
01:49:17.0828 5300 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys
01:49:17.0828 5300 Raspti - ok
01:49:17.0859 5300 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys
01:49:17.0875 5300 Rdbss - ok
01:49:17.0937 5300 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:49:17.0953 5300 RDPCDD - ok
01:49:18.0000 5300 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:49:18.0031 5300 rdpdr - ok
01:49:18.0125 5300 RDPWD (5b3055daa788bd688594d2f5981f2a83) E:\WINDOWS\system32\drivers\RDPWD.sys
01:49:18.0140 5300 RDPWD - ok
01:49:18.0203 5300 RDSessMgr (fe7c16fa5cbc560579c9728534fbaf6f) E:\WINDOWS\system32\sessmgr.exe
01:49:18.0218 5300 RDSessMgr - ok
01:49:18.0296 5300 redbook (97130d37842819fa39fd5f1e90a5d676) E:\WINDOWS\system32\DRIVERS\redbook.sys
01:49:18.0328 5300 redbook - ok
01:49:18.0421 5300 RemoteAccess (fcd42d82c6f5e0e1506eca01d692dde7) E:\WINDOWS\System32\mprdim.dll
01:49:18.0421 5300 RemoteAccess - ok
01:49:18.0515 5300 RemoteRegistry (66bc81fea0c86632255b696a69ba9827) E:\WINDOWS\system32\regsvc.dll
01:49:18.0515 5300 RemoteRegistry - ok
01:49:18.0609 5300 RpcLocator (2cfb81b412a5d3cbd55cefaccb5e2cee) E:\WINDOWS\System32\locator.exe
01:49:18.0609 5300 RpcLocator - ok
01:49:18.0734 5300 RpcSs (87dadc3f6e6cd5aaeb913e19cbff922c) E:\WINDOWS\system32\rpcss.dll
01:49:18.0750 5300 RpcSs - ok
01:49:18.0796 5300 RSVP (72407e48f912ed57213ae474b8a6798b) E:\WINDOWS\System32\rsvp.exe
01:49:18.0812 5300 RSVP - ok
01:49:19.0156 5300 rt2870 (a6886caf9d03dade7144171e471eca6f) E:\WINDOWS\system32\DRIVERS\rt2870.sys
01:49:19.0171 5300 rt2870 - ok
01:49:20.0109 5300 SamSs (ff1805d5daf41625af5282750d4a3700) E:\WINDOWS\system32\lsass.exe
01:49:20.0109 5300 SamSs - ok
01:49:21.0140 5300 SCardSvr (d339f34d824a7d42ff4d61f1d9d06029) E:\WINDOWS\System32\SCardSvr.exe
01:49:21.0203 5300 SCardSvr - ok
01:49:22.0265 5300 Schedule (c7dc69a9d8c9ab2fbca3238c989d598f) E:\WINDOWS\system32\schedsvc.dll
01:49:22.0328 5300 Schedule - ok
01:49:23.0593 5300 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys
01:49:23.0625 5300 Secdrv - ok
01:49:24.0671 5300 seclogon (ed70eb06f13062366b126b1c7475c127) E:\WINDOWS\System32\seclogon.dll
01:49:24.0718 5300 seclogon - ok
01:49:25.0046 5300 SENS (ea7b436a948c875dc94c6062fcbbc2d9) E:\WINDOWS\system32\sens.dll
01:49:25.0078 5300 SENS - ok
01:49:25.0125 5300 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys
01:49:25.0140 5300 serenum - ok
01:49:25.0250 5300 Serial (f7d35464062edc08909e568bcd8ae77d) E:\WINDOWS\system32\DRIVERS\serial.sys
01:49:25.0250 5300 Serial - ok
01:49:25.0375 5300 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys
01:49:25.0375 5300 Sfloppy - ok
01:49:25.0531 5300 SharedAccess (30e1a46734bdf836c8770949c86b42a4) E:\WINDOWS\System32\ipnathlp.dll
01:49:25.0531 5300 SharedAccess - ok
01:49:25.0640 5300 ShellHWDetection (c5684b98920f9ba98d6a33701ca816e6) E:\WINDOWS\System32\shsvcs.dll
01:49:25.0640 5300 ShellHWDetection - ok
01:49:25.0687 5300 Simbad - ok
01:49:25.0828 5300 SLIP (866d538ebe33709a5c9f5c62b73b7d14) E:\WINDOWS\system32\DRIVERS\SLIP.sys
01:49:25.0828 5300 SLIP - ok
01:49:25.0984 5300 SOFTXG (b958ba970b5e623cd714824bc463ed2c) E:\WINDOWS\system32\drivers\sxgxgwdm.sys
01:49:26.0015 5300 SOFTXG - ok
01:49:26.0062 5300 Sparrow - ok
01:49:26.0140 5300 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys
01:49:26.0140 5300 splitter - ok
01:49:26.0250 5300 Spooler (60784f891563fb1b767f70117fc2428f) E:\WINDOWS\system32\spoolsv.exe
01:49:26.0281 5300 Spooler - ok
01:49:26.0375 5300 sr (1193ef00869f6367367e6e7cb96be325) E:\WINDOWS\system32\DRIVERS\sr.sys
01:49:26.0375 5300 sr - ok
01:49:26.0390 5300 srescan - ok
01:49:26.0546 5300 srservice (25edb60132f9d82cb1b7961c1d0d13f2) E:\WINDOWS\System32\srsvc.dll
01:49:26.0578 5300 srservice - ok
01:49:26.0671 5300 Srv (47ddfc2f003f7f9f0592c6874962a2e7) E:\WINDOWS\system32\DRIVERS\srv.sys
01:49:26.0671 5300 Srv - ok
01:49:26.0734 5300 SSDPSRV (53ffc29dc150e0107f28f0a622ff8d1a) E:\WINDOWS\System32\ssdpsrv.dll
01:49:26.0750 5300 SSDPSRV - ok
01:49:26.0828 5300 ssmdrv (a36ee93698802cd899f98bfd553d8185) E:\WINDOWS\system32\DRIVERS\ssmdrv.sys
01:49:26.0828 5300 ssmdrv - ok
01:49:26.0937 5300 stisvc (5835d4ad35905215e1059a973b022ea1) E:\WINDOWS\system32\wiaservc.dll
01:49:26.0953 5300 stisvc - ok
01:49:27.0078 5300 streamip (77813007ba6265c4b6098187e6ed79d2) E:\WINDOWS\system32\DRIVERS\StreamIP.sys
01:49:27.0078 5300 streamip - ok
01:49:27.0187 5300 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys
01:49:27.0187 5300 swenum - ok
01:49:27.0281 5300 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys
01:49:27.0312 5300 swmidi - ok
01:49:27.0375 5300 SwPrv - ok
01:49:27.0484 5300 symc810 - ok
01:49:27.0531 5300 symc8xx - ok
01:49:27.0593 5300 sym_hi - ok
01:49:27.0625 5300 sym_u3 - ok
01:49:27.0750 5300 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys
01:49:27.0750 5300 sysaudio - ok
01:49:27.0796 5300 SysmonLog (71a08eec00a703445a2cbc0e91ef0952) E:\WINDOWS\system32\smlogsvc.exe
01:49:27.0812 5300 SysmonLog - ok
01:49:27.0953 5300 TapiSrv (18261106524f7a93ceceacdc03a5b989) E:\WINDOWS\System32\tapisrv.dll
01:49:28.0000 5300 TapiSrv - ok
01:49:28.0171 5300 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys
01:49:28.0187 5300 Tcpip - ok
01:49:28.0296 5300 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys
01:49:28.0296 5300 TDPIPE - ok
01:49:28.0375 5300 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys
01:49:28.0375 5300 TDTCP - ok
01:49:28.0453 5300 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys
01:49:28.0484 5300 TermDD - ok
01:49:28.0578 5300 TermService (f89c53d455420df4d66e45842fb3a46e) E:\WINDOWS\System32\termsrv.dll
01:49:28.0593 5300 TermService - ok
01:49:28.0703 5300 Themes (c5684b98920f9ba98d6a33701ca816e6) E:\WINDOWS\System32\shsvcs.dll
01:49:28.0703 5300 Themes - ok
01:49:28.0765 5300 TlntSvr (cc4c1aae22088304c715ac9d26f2d4c1) E:\WINDOWS\System32\tlntsvr.exe
01:49:28.0765 5300 TlntSvr - ok
01:49:28.0906 5300 TomTomHOMEService (39bd95a9fe72aaf5c675ad146be456a9) E:\Program\TomTom HOME 2\TomTomHOMEService.exe
01:49:28.0921 5300 TomTomHOMEService - ok
01:49:28.0968 5300 TosIde - ok
01:49:29.0093 5300 TrkWks (548867e040cb81a82b5df09d074f95f8) E:\WINDOWS\system32\trkwks.dll
01:49:29.0109 5300 TrkWks - ok
01:49:29.0250 5300 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys
01:49:29.0250 5300 Udfs - ok
01:49:29.0312 5300 ultra - ok
01:49:29.0484 5300 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys
01:49:29.0484 5300 Update - ok
01:49:29.0609 5300 upnphost (b1222a2302480d56a32c5343150bb16d) E:\WINDOWS\System32\upnphost.dll
01:49:29.0609 5300 upnphost - ok
01:49:29.0687 5300 UPS (7b07af3d4545ad6fee34b5f2eb247c8f) E:\WINDOWS\System32\ups.exe
01:49:29.0687 5300 UPS - ok
01:49:29.0765 5300 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:49:29.0781 5300 usbccgp - ok
01:49:29.0828 5300 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys
01:49:29.0859 5300 usbehci - ok
01:49:29.0906 5300 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys
01:49:29.0921 5300 usbhub - ok
01:49:29.0984 5300 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys
01:49:29.0984 5300 usbohci - ok
01:49:30.0078 5300 usbprint (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys
01:49:30.0093 5300 usbprint - ok
01:49:30.0234 5300 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys
01:49:30.0250 5300 usbscan - ok
01:49:30.0343 5300 usbser (1c888b000c2f9492f4b15b5b6b84873e) E:\WINDOWS\system32\drivers\usbser.sys
01:49:30.0343 5300 usbser - ok
01:49:30.0421 5300 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:49:30.0421 5300 USBSTOR - ok
01:49:30.0531 5300 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys
01:49:30.0531 5300 VgaSave - ok
01:49:30.0609 5300 ViaIde - ok
01:49:30.0687 5300 Video3D (8643da4a6c83da6c10fcab1e5ab6632d) E:\WINDOWS\system32\Drivers\Video3D32.sys
01:49:30.0718 5300 Video3D - ok
01:49:30.0718 5300 VMnetAdapter - ok
01:49:30.0906 5300 VoddlerNet (b32804cc718da696d570c0181b376557) E:\Program\Voddler\service\voddler.exe
01:49:31.0046 5300 VoddlerNet - ok
01:49:31.0125 5300 VolSnap (57187ec04878147e1f4f2d9224b12205) E:\WINDOWS\system32\drivers\VolSnap.sys
01:49:31.0125 5300 VolSnap - ok
01:49:31.0250 5300 VSS (940950dc9e34b05986bbbb1d1a33b74f) E:\WINDOWS\System32\vssvc.exe
01:49:31.0296 5300 VSS - ok
01:49:31.0406 5300 W32Time (4bf06a1dcd6a91c482e79340fee527ca) E:\WINDOWS\System32\w32time.dll
01:49:31.0406 5300 W32Time - ok
01:49:31.0484 5300 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys
01:49:31.0515 5300 Wanarp - ok
01:49:31.0640 5300 Wdf01000 (d918617b46457b9ac28027722e30f647) E:\WINDOWS\system32\Drivers\wdf01000.sys
01:49:31.0640 5300 Wdf01000 - ok
01:49:31.0703 5300 WDICA - ok
01:49:31.0765 5300 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys
01:49:31.0765 5300 wdmaud - ok
01:49:31.0781 5300 WebClient (e6dfcadf5089a68ecd288e9a803a892c) E:\WINDOWS\System32\webclnt.dll
01:49:31.0796 5300 WebClient - ok
01:49:31.0859 5300 winmgmt (cf4e2a27495f7ea6b3128d9a731b3716) E:\WINDOWS\system32\wbem\WMIsvc.dll
01:49:31.0859 5300 winmgmt - ok
01:49:32.0265 5300 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) E:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:49:32.0375 5300 wlidsvc - ok
01:49:32.0453 5300 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) E:\WINDOWS\system32\MsPMSNSv.dll
01:49:32.0453 5300 WmdmPmSN - ok
01:49:32.0562 5300 Wmi (b5ff0001533be01dfbd995d7a60a7daa) E:\WINDOWS\System32\advapi32.dll
01:49:32.0578 5300 Wmi - ok
01:49:32.0656 5300 WmiApSrv (9bfadc02a9e27bfdff59e61302f92517) E:\WINDOWS\System32\wbem\wmiapsrv.exe
01:49:32.0703 5300 WmiApSrv - ok
01:49:32.0968 5300 WMPNetworkSvc (de188dd69ca74b1512adc5a7639523b2) E:\Program\Windows Media Player\WMPNetwk.exe
01:49:33.0234 5300 WMPNetworkSvc - ok
01:49:33.0328 5300 WpdUsb (cf4def1bf66f06964dc0d91844239104) E:\WINDOWS\system32\DRIVERS\wpdusb.sys
01:49:33.0328 5300 WpdUsb - ok
01:49:33.0718 5300 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:49:33.0859 5300 WPFFontCache_v0400 - ok
01:49:33.0937 5300 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) E:\WINDOWS\System32\drivers\ws2ifsl.sys
01:49:33.0937 5300 WS2IFSL - ok
01:49:34.0031 5300 wscsvc (4ac32513fa47c8219448269bf895fc34) E:\WINDOWS\system32\wscsvc.dll
01:49:34.0062 5300 wscsvc - ok
01:49:34.0093 5300 WSearch - ok
01:49:34.0203 5300 WSTCODEC (c98b39829c2bbd34e454150633c62c78) E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
01:49:34.0203 5300 WSTCODEC - ok
01:49:34.0312 5300 wuauserv (4ceaf29d35c2608c6463e80574ddca10) E:\WINDOWS\system32\wuauserv.dll
01:49:34.0343 5300 wuauserv - ok
01:49:34.0390 5300 WudfPf (f15feafffbb3644ccc80c5da584e6311) E:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:49:34.0390 5300 WudfPf - ok
01:49:34.0453 5300 WudfRd (28b524262bce6de1f7ef9f510ba3985b) E:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:49:34.0468 5300 WudfRd - ok
01:49:34.0500 5300 WudfSvc (05231c04253c5bc30b26cbaae680ed89) E:\WINDOWS\System32\WUDFSvc.dll
01:49:34.0515 5300 WudfSvc - ok
01:49:34.0625 5300 WZCSVC (5ec7d7f83640a921b5c616d9650520fd) E:\WINDOWS\System32\wzcsvc.dll
01:49:34.0640 5300 WZCSVC - ok
01:49:34.0703 5300 xcpip - ok
01:49:34.0765 5300 xmlprov (5b3d475aa8629320686fbffbe67ab492) E:\WINDOWS\System32\xmlprov.dll
01:49:34.0859 5300 xmlprov - ok
01:49:34.0890 5300 xpsec - ok
01:49:34.0937 5300 MBR (0x1B8) (1a1a07f7cddc8d30368f560f9b3a227e) \Device\Harddisk0\DR0
01:49:34.0937 5300 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
01:49:34.0937 5300 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
01:49:34.0953 5300 MBR (0x1B8) (c8919ae61419c5625f9ef0aef12523a8) \Device\Harddisk1\DR2
01:49:34.0953 5300 \Device\Harddisk1\DR2 - ok
01:49:34.0968 5300 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4
01:49:34.0984 5300 \Device\Harddisk2\DR4 - ok
01:49:35.0015 5300 Boot (0x1200) (459b544dd41d5c286fd11d62163c15fc) \Device\Harddisk0\DR0\Partition0
01:49:35.0015 5300 \Device\Harddisk0\DR0\Partition0 - ok
01:49:35.0031 5300 Boot (0x1200) (9ee207bcf579e831343bbcf18dd03124) \Device\Harddisk1\DR2\Partition0
01:49:35.0031 5300 \Device\Harddisk1\DR2\Partition0 - ok
01:49:35.0031 5300 Boot (0x1200) (b7587347c39f1f68275a88760e1599e3) \Device\Harddisk2\DR4\Partition0
01:49:35.0031 5300 \Device\Harddisk2\DR4\Partition0 - ok
01:49:35.0031 5300 ============================================================
01:49:35.0031 5300 Scan finished
01:49:35.0031 5300 ============================================================
01:49:35.0046 0720 Detected object count: 1
01:49:35.0046 0720 Actual detected object count: 1
01:49:54.0515 0720 \Device\Harddisk0\DR0\# - copied to quarantine
01:49:54.0515 0720 \Device\Harddisk0\DR0 - copied to quarantine
01:49:54.0562 0720 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
01:49:54.0593 0720 \Device\Harddisk0\DR0 - ok
01:49:54.0593 0720 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
01:50:02.0437 5448 Deinitialize success
 
Will do!

Here we go....

TDSSkiller:

02:24:34.0281 4220 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
02:24:34.0406 4220 ============================================================
02:24:34.0406 4220 Current date / time: 2012/03/26 02:24:34.0406
02:24:34.0406 4220 SystemInfo:
02:24:34.0406 4220
02:24:34.0406 4220 OS Version: 5.1.2600 ServicePack: 3.0
02:24:34.0406 4220 Product type: Workstation
02:24:34.0406 4220 ComputerName: PKNEW
02:24:34.0406 4220 UserName: petka
02:24:34.0406 4220 Windows directory: E:\WINDOWS
02:24:34.0406 4220 System windows directory: E:\WINDOWS
02:24:34.0406 4220 Processor architecture: Intel x86
02:24:34.0406 4220 Number of processors: 2
02:24:34.0406 4220 Page size: 0x1000
02:24:34.0406 4220 Boot type: Normal boot
02:24:34.0406 4220 ============================================================
02:24:35.0875 4220 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
02:24:35.0875 4220 Drive \Device\Harddisk1\DR2 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:24:35.0875 4220 Drive \Device\Harddisk2\DR4 - Size: 0xE8E0DA0000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:24:35.0890 4220 \Device\Harddisk0\DR0:
02:24:35.0890 4220 MBR used
02:24:35.0890 4220 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
02:24:35.0890 4220 \Device\Harddisk1\DR2:
02:24:35.0890 4220 MBR used
02:24:35.0890 4220 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
02:24:35.0890 4220 \Device\Harddisk2\DR4:
02:24:35.0890 4220 MBR used
02:24:35.0890 4220 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
02:24:36.0015 4220 Initialize success
02:24:36.0015 4220 ============================================================
02:24:45.0796 5836 ============================================================
02:24:45.0796 5836 Scan started
02:24:45.0796 5836 Mode: Manual;
02:24:45.0796 5836 ============================================================
02:24:46.0578 5836 80czzt43.sys - ok
02:24:46.0578 5836 Abiosdsk - ok
02:24:46.0625 5836 abp480n5 - ok
02:24:46.0671 5836 ACPI (48547e29772befe3c554ff5e4855bf51) E:\WINDOWS\system32\DRIVERS\ACPI.sys
02:24:46.0671 5836 ACPI - ok
02:24:46.0718 5836 ACPIEC (decedc736cef3c0fff6e981b31e73a61) E:\WINDOWS\system32\drivers\ACPIEC.sys
02:24:46.0718 5836 ACPIEC - ok
02:24:46.0750 5836 adpu160m - ok
02:24:46.0765 5836 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys
02:24:46.0765 5836 aec - ok
02:24:46.0812 5836 AFD (1e44bc1e83d8fd2305f8d452db109cf9) E:\WINDOWS\System32\drivers\afd.sys
02:24:46.0812 5836 AFD - ok
02:24:46.0828 5836 Aha154x - ok
02:24:46.0828 5836 aic78u2 - ok
02:24:46.0843 5836 aic78xx - ok
02:24:46.0875 5836 Alerter (7e3c83703327499d0b98ae392ff07ede) E:\WINDOWS\system32\alrsvc.dll
02:24:46.0890 5836 Alerter - ok
02:24:46.0921 5836 ALG (5df46f9ad9c1d611a38af2abb9365b5b) E:\WINDOWS\System32\alg.exe
02:24:46.0921 5836 ALG - ok
02:24:46.0937 5836 AliIde - ok
02:24:47.0015 5836 Ambfilt (267fc636801edc5ab28e14036349e3be) E:\WINDOWS\system32\drivers\Ambfilt.sys
02:24:47.0203 5836 Ambfilt - ok
02:24:47.0359 5836 AmdPPM (033448d435e65c4bd72e70521fd05c76) E:\WINDOWS\system32\DRIVERS\AmdPPM.sys
02:24:47.0359 5836 AmdPPM - ok
02:24:47.0375 5836 amsint - ok
02:24:47.0437 5836 ANIO (2953a157a783bfc06f42f99fefa5eb07) E:\WINDOWS\system32\ANIO.SYS
02:24:47.0453 5836 ANIO - ok
02:24:47.0500 5836 ANIWConnService (2d007966bb8a6c89433766e3d682bbec) E:\WINDOWS\system32\ANIWConnService.exe
02:24:47.0515 5836 ANIWConnService - ok
02:24:47.0640 5836 ANIWZCSdService (aa3d68f26b2a27f660afc46039b061a4) E:\Program\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
02:24:47.0640 5836 ANIWZCSdService - ok
02:24:47.0812 5836 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) E:\Program\Avira\AntiVir Desktop\sched.exe
02:24:47.0812 5836 AntiVirSchedulerService - ok
02:24:47.0828 5836 AntiVirService (42f88bfbb76f7a63e381829479b18518) E:\Program\Avira\AntiVir Desktop\avguard.exe
02:24:47.0828 5836 AntiVirService - ok
02:24:47.0875 5836 AppMgmt (6912d676607594c3554c2e43f4b1feee) E:\WINDOWS\System32\appmgmts.dll
02:24:47.0890 5836 AppMgmt - ok
02:24:47.0984 5836 AR5416 (00e031fe2d849be503fc4a47271f1ea5) E:\WINDOWS\system32\DRIVERS\athw.sys
02:24:48.0015 5836 AR5416 - ok
02:24:48.0046 5836 asc - ok
02:24:48.0281 5836 asc3350p - ok
02:24:48.0296 5836 asc3550 - ok
02:24:48.0437 5836 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
02:24:48.0468 5836 aspnet_state - ok
02:24:48.0500 5836 asusgsb (d320732bcf5ff856120bd06855c66867) E:\WINDOWS\system32\drivers\asusgsb.sys
02:24:48.0500 5836 asusgsb - ok
02:24:48.0515 5836 asuskbnt (b3b881eb81013aac11594a5400ada47a) E:\WINDOWS\system32\drivers\atkkbnt.sys
02:24:48.0531 5836 asuskbnt - ok
02:24:48.0546 5836 ASUSVRC (94442e3029ff6c9f08140fe6718af4fb) E:\WINDOWS\system32\DRIVERS\AsusVRC.sys
02:24:48.0546 5836 ASUSVRC - ok
02:24:48.0578 5836 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:24:48.0578 5836 AsyncMac - ok
02:24:48.0609 5836 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys
02:24:48.0609 5836 atapi - ok
02:24:48.0625 5836 Atdisk - ok
02:24:48.0734 5836 Ati HotKey Poller (944e535926628fb2fa33435eb848f94e) E:\WINDOWS\system32\Ati2evxx.exe
02:24:48.0765 5836 Ati HotKey Poller - ok
02:24:48.0828 5836 ATI Smart (b9cb37e2393fca35d0505cda5703cbdc) E:\WINDOWS\system32\ati2sgag.exe
02:24:48.0828 5836 ATI Smart - ok
02:24:49.0140 5836 ati2mtag (0997918a56a6e09ddf7bdfc0ebe8a99d) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys
02:24:49.0250 5836 ati2mtag - ok
02:24:49.0578 5836 AtiHDAudioService (bd9ca8136738040d3257363ed12be693) E:\WINDOWS\system32\drivers\AtihdXP3.sys
02:24:49.0578 5836 AtiHDAudioService - ok
02:24:49.0625 5836 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) E:\WINDOWS\system32\drivers\AtiHdmi.sys
02:24:49.0625 5836 AtiHdmiService - ok
02:24:49.0687 5836 ATKKeyboardService (df70303547e59f09dcd32983100edcd1) E:\WINDOWS\ATKKBService.exe
02:24:50.0765 5836 ATKKeyboardService - ok
02:24:51.0109 5836 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:24:51.0140 5836 Atmarpc - ok
02:24:51.0187 5836 AudioSrv (73f7604cfb13a066a93442f431c62c4a) E:\WINDOWS\System32\audiosrv.dll
02:24:51.0218 5836 AudioSrv - ok
02:24:51.0296 5836 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys
02:24:51.0296 5836 audstub - ok
02:24:51.0359 5836 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) E:\WINDOWS\system32\DRIVERS\avgntflt.sys
02:24:51.0359 5836 avgntflt - ok
02:24:51.0406 5836 avipbb (13b02b9b969dde270cd7c351203dad3c) E:\WINDOWS\system32\DRIVERS\avipbb.sys
02:24:51.0406 5836 avipbb - ok
02:24:51.0468 5836 avkmgr (271cfd1a989209b1964e24d969552bf7) E:\WINDOWS\system32\DRIVERS\avkmgr.sys
02:24:51.0468 5836 avkmgr - ok
02:24:51.0546 5836 AWINDIS5 (f62b70d3209e38a6c19a03109a25b903) E:\WINDOWS\system32\AWINDIS5.SYS
02:24:51.0546 5836 AWINDIS5 - ok
02:24:51.0593 5836 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys
02:24:51.0593 5836 Beep - ok
02:24:51.0625 5836 BITS (9741942a86e579231d3c41aa51de042f) E:\WINDOWS\system32\qmgr.dll
02:24:51.0765 5836 BITS - ok
02:24:51.0843 5836 Browser (e0d4a1cc49efb58a32b5e9d35798c9dd) E:\WINDOWS\System32\browser.dll
02:24:51.0843 5836 Browser - ok
02:24:51.0875 5836 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys
02:24:51.0906 5836 cbidf2k - ok
02:24:51.0968 5836 CCDECODE (0be5aef125be881c4f854c554f2b025c) E:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:24:51.0968 5836 CCDECODE - ok
02:24:52.0000 5836 cd20xrnt - ok
02:24:52.0015 5836 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys
02:24:52.0031 5836 Cdaudio - ok
02:24:52.0046 5836 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys
02:24:52.0062 5836 Cdfs - ok
02:24:52.0109 5836 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys
02:24:52.0109 5836 Cdrom - ok
02:24:52.0109 5836 Changer - ok
02:24:52.0203 5836 CiSvc (359c676391504438f334478585fd6465) E:\WINDOWS\system32\cisvc.exe
02:24:52.0218 5836 CiSvc - ok
02:24:52.0250 5836 ClipSrv (b8345830c5d789d3da21b91c0c94d086) E:\WINDOWS\system32\clipsrv.exe
02:24:52.0265 5836 ClipSrv - ok
02:24:52.0359 5836 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:24:52.0375 5836 clr_optimization_v2.0.50727_32 - ok
02:24:52.0437 5836 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:24:52.0500 5836 clr_optimization_v4.0.30319_32 - ok
02:24:52.0531 5836 CmdIde - ok
02:24:52.0562 5836 COMSysApp - ok
02:24:52.0578 5836 Cpqarray - ok
02:24:52.0609 5836 CryptSvc (04fd6585508a7320b2c7453ced231d6b) E:\WINDOWS\System32\cryptsvc.dll
02:24:52.0609 5836 CryptSvc - ok
02:24:52.0609 5836 dac2w2k - ok
02:24:52.0640 5836 dac960nt - ok
02:24:52.0671 5836 DcomLaunch (87dadc3f6e6cd5aaeb913e19cbff922c) E:\WINDOWS\system32\rpcss.dll
02:24:52.0687 5836 DcomLaunch - ok
02:24:52.0703 5836 Dhcp (0ce3fa1c1a6803b34022d6c47273930d) E:\WINDOWS\System32\dhcpcsvc.dll
02:24:52.0703 5836 Dhcp - ok
02:24:52.0718 5836 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys
02:24:52.0750 5836 Disk - ok
02:24:52.0765 5836 dmadmin - ok
02:24:52.0828 5836 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) E:\WINDOWS\system32\drivers\dmboot.sys
02:24:52.0890 5836 dmboot - ok
02:24:52.0906 5836 dmio (41862731f82be80f0cfba5d0da36b683) E:\WINDOWS\system32\drivers\dmio.sys
02:24:52.0921 5836 dmio - ok
02:24:52.0953 5836 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys
02:24:52.0968 5836 dmload - ok
02:24:53.0000 5836 dmserver (77db107fd2d8de42b3adc7fce084f653) E:\WINDOWS\System32\dmserver.dll
02:24:53.0000 5836 dmserver - ok
02:24:53.0046 5836 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys
02:24:53.0046 5836 DMusic - ok
02:24:53.0078 5836 Dnscache (efac4d4c80ccd725cc5bd7d3dbf18c74) E:\WINDOWS\System32\dnsrslvr.dll
02:24:53.0078 5836 Dnscache - ok
02:24:53.0125 5836 Dot3svc (c3c6cf67796acdd8329cb0e44367a1eb) E:\WINDOWS\System32\dot3svc.dll
02:24:53.0140 5836 Dot3svc - ok
02:24:53.0156 5836 dpti2o - ok
02:24:53.0171 5836 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys
02:24:53.0171 5836 drmkaud - ok
02:24:53.0203 5836 EapHost (d9cabe63af4bc951302d9e508cb5599a) E:\WINDOWS\System32\eapsvc.dll
02:24:53.0234 5836 EapHost - ok
02:24:53.0234 5836 ERSvc (bc5287dc6dc7ebb13aa825caa6482f94) E:\WINDOWS\System32\ersvc.dll
02:24:53.0250 5836 ERSvc - ok
02:24:53.0296 5836 Eventlog (8870b0c4a094c1ce80cea6f85fa38ff2) E:\WINDOWS\system32\services.exe
02:24:53.0296 5836 Eventlog - ok
02:24:53.0359 5836 EventSystem (01cec6de315f1a06ce5aa70009c6979e) E:\WINDOWS\System32\es.dll
02:24:53.0359 5836 EventSystem - ok
02:24:53.0406 5836 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys
02:24:53.0421 5836 Fastfat - ok
02:24:53.0484 5836 FastUserSwitchingCompatibility (c5684b98920f9ba98d6a33701ca816e6) E:\WINDOWS\System32\shsvcs.dll
02:24:53.0484 5836 FastUserSwitchingCompatibility - ok
02:24:53.0531 5836 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\drivers\Fdc.sys
02:24:53.0531 5836 Fdc - ok
02:24:53.0578 5836 Fips (b66ddb75642f6722468707840c67a394) E:\WINDOWS\system32\drivers\Fips.sys
02:24:53.0578 5836 Fips - ok
02:24:53.0609 5836 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\drivers\Flpydisk.sys
02:24:53.0609 5836 Flpydisk - ok
02:24:53.0656 5836 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys
02:24:53.0671 5836 FltMgr - ok
02:24:53.0812 5836 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:24:53.0843 5836 FontCache3.0.0.0 - ok
02:24:53.0875 5836 fssfltr (e0087225b137e57239ff40f8ae82059b) E:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
02:24:53.0875 5836 fssfltr - ok
02:24:54.0187 5836 fsssvc (45b52394f9624237f33a8a3d73c0b221) E:\Program\Windows Live\Family Safety\fsssvc.exe
02:24:54.0500 5836 fsssvc - ok
02:24:55.0062 5836 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys
02:24:55.0078 5836 Fs_Rec - ok
02:24:55.0578 5836 Ftdisk (45fc410cfe68ff036ad232a141e69c19) E:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:24:55.0687 5836 Ftdisk - ok
02:24:56.0812 5836 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys
02:24:56.0843 5836 Gpc - ok
02:24:57.0250 5836 gupdate (f02a533f517eb38333cb12a9e8963773) E:\Program\Google\Update\GoogleUpdate.exe
02:24:57.0359 5836 gupdate - ok
02:24:57.0437 5836 gupdatem (f02a533f517eb38333cb12a9e8963773) E:\Program\Google\Update\GoogleUpdate.exe
02:24:57.0437 5836 gupdatem - ok
02:24:58.0343 5836 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:24:58.0359 5836 HDAudBus - ok
02:24:58.0437 5836 helpsvc (202c95f334c53a5a8bd0d8465512b3f4) E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:24:58.0437 5836 helpsvc - ok
02:24:58.0484 5836 HidServ (71aace06b5f93cf02d05e4e2ec479aac) E:\WINDOWS\System32\hidserv.dll
02:24:58.0500 5836 HidServ - ok
02:24:58.0562 5836 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys
02:24:58.0562 5836 HidUsb - ok
02:24:58.0625 5836 hkmsvc (98580e101404565700fd12e03f7ee056) E:\WINDOWS\System32\kmsvc.dll
02:24:58.0640 5836 hkmsvc - ok
02:24:59.0671 5836 hpdj - ok
02:24:59.0968 5836 hpn - ok
02:25:00.0031 5836 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys
02:25:00.0031 5836 HTTP - ok
02:25:00.0078 5836 HTTPFilter (f504d07cb25d62ab8d079c1f868651ae) E:\WINDOWS\System32\w3ssl.dll
02:25:00.0109 5836 HTTPFilter - ok
02:25:00.0187 5836 hwdatacard (8adf5ef39e896a65beded878494ee2b6) E:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
02:25:00.0218 5836 hwdatacard - ok
02:25:00.0281 5836 hwusbfake (9be5caeabc6b2eb98b3a4839a55d47a0) E:\WINDOWS\system32\DRIVERS\ewusbfake.sys
02:25:00.0312 5836 hwusbfake - ok
02:25:00.0328 5836 i2omgmt - ok
02:25:00.0359 5836 i2omp - ok
02:25:00.0437 5836 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) E:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:25:00.0437 5836 i8042prt - ok
02:25:00.0531 5836 IDriverT (1cf03c69b49acb70c722df92755c0c8c) E:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:25:00.0546 5836 IDriverT - ok
02:25:00.0687 5836 idsvc (c01ac32dc5c03076cfb852cb5da5229c) e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:25:00.0750 5836 idsvc - ok
02:25:00.0781 5836 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys
02:25:00.0781 5836 Imapi - ok
02:25:00.0812 5836 ImapiService (891b69c3de6c55a7868b3bb52bc131aa) E:\WINDOWS\System32\imapi.exe
02:25:00.0812 5836 ImapiService - ok
02:25:00.0890 5836 InCDfs (2a53addc15aa64de9514644b87cce9a2) E:\WINDOWS\system32\drivers\InCDFs.sys
02:25:00.0890 5836 InCDfs - ok
02:25:00.0937 5836 InCDPass (f9347325c191967bdc650aa111f4b20d) E:\WINDOWS\system32\drivers\InCDPass.sys
02:25:00.0937 5836 InCDPass - ok
02:25:00.0953 5836 InCDrec (fbf17b1343790ff043225ef00a265ea1) E:\WINDOWS\system32\drivers\InCDrec.sys
02:25:00.0968 5836 InCDrec - ok
02:25:01.0000 5836 incdrm (ec4fbf978ccddc7d4736467879559e43) E:\WINDOWS\system32\drivers\InCDRm.sys
02:25:01.0000 5836 incdrm - ok
02:25:01.0125 5836 InCDsrv (dd3fad2cb414ad310b21fc9efa89abc4) E:\Program\Nero\Nero 7\InCD\InCDsrv.exe
02:25:01.0140 5836 InCDsrv - ok
02:25:01.0156 5836 ini910u - ok
02:25:01.0359 5836 IntcAzAudAddService (5d138adc44c43bf37634c8e528d75b1f) E:\WINDOWS\system32\drivers\RtkHDAud.sys
02:25:01.0453 5836 IntcAzAudAddService - ok
02:25:01.0484 5836 IntelIde - ok
02:25:01.0531 5836 ip6fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys
02:25:01.0546 5836 ip6fw - ok
02:25:01.0609 5836 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:25:01.0609 5836 IpFilterDriver - ok
02:25:01.0656 5836 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys
02:25:01.0687 5836 IpInIp - ok
02:25:01.0734 5836 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys
02:25:01.0750 5836 IpNat - ok
02:25:01.0765 5836 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys
02:25:01.0765 5836 IPSec - ok
02:25:01.0828 5836 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys
02:25:01.0843 5836 IRENUM - ok
02:25:01.0906 5836 isapnp (48f97c77daf8811598cfae21368eacb6) E:\WINDOWS\system32\DRIVERS\isapnp.sys
02:25:01.0921 5836 isapnp - ok
02:25:02.0078 5836 JavaQuickStarterService (0a5709543986843d37a92290b7838340) E:\Program\Java\jre6\bin\jqs.exe
02:25:02.0093 5836 JavaQuickStarterService - ok
02:25:02.0125 5836 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) E:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:25:02.0125 5836 Kbdclass - ok
02:25:02.0171 5836 kbdhid (e1e28876fe7602b0a1d040354de35c06) E:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:25:02.0171 5836 kbdhid - ok
02:25:02.0203 5836 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys
02:25:02.0203 5836 kmixer - ok
02:25:02.0265 5836 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys
02:25:02.0265 5836 KSecDD - ok
02:25:02.0312 5836 lanmanserver (2c633a578d5adaaa821c675d65f959c5) E:\WINDOWS\System32\srvsvc.dll
02:25:02.0312 5836 lanmanserver - ok
02:25:02.0375 5836 lanmanworkstation (eaa41d225b9da1314e0977c774864430) E:\WINDOWS\System32\wkssvc.dll
02:25:02.0375 5836 lanmanworkstation - ok
02:25:02.0437 5836 Lavasoft Kernexplorer - ok
02:25:02.0468 5836 Lbd - ok
02:25:02.0484 5836 lbrtfdc - ok
02:25:02.0609 5836 LightScribeService (98d884adc0b8c0febcc9d7bee6d86f90) E:\Program\Delade filer\LightScribe\LSSrvc.exe
02:25:02.0609 5836 LightScribeService - ok
02:25:02.0656 5836 LmHosts (ee155cf65cdc8be1b4effa24a69fc924) E:\WINDOWS\System32\lmhsvc.dll
02:25:02.0656 5836 LmHosts - ok
02:25:02.0703 5836 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) E:\WINDOWS\system32\drivers\mbam.sys
02:25:02.0703 5836 MBAMProtector - ok
02:25:02.0750 5836 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) E:\Program\Malwarebytes' Anti-Malware\mbamservice.exe
02:25:02.0750 5836 MBAMService - ok
02:25:02.0812 5836 mdf15 (7ad11a5b5ea3bb3093a24c85e653ce54) E:\Program\Clarus\Samsung SecretZone\mdf15.sys
02:25:02.0812 5836 mdf15 - ok
02:25:02.0828 5836 Messenger (363e8ebae26bb8b4987c91b4d3ce0f54) E:\WINDOWS\System32\msgsvc.dll
02:25:02.0859 5836 Messenger - ok
02:25:02.0906 5836 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys
02:25:02.0906 5836 mnmdd - ok
02:25:02.0968 5836 mnmsrvc (2bc41300b822562ac0a524dcdd2da027) E:\WINDOWS\System32\mnmsrvc.exe
02:25:02.0984 5836 mnmsrvc - ok
02:25:03.0031 5836 Modem (42ce19726d9c410dff75d3ff1cc79db2) E:\WINDOWS\system32\drivers\Modem.sys
02:25:03.0046 5836 Modem - ok
02:25:03.0125 5836 Monfilt (c7d9f9717916b34c1b00dd4834af485c) E:\WINDOWS\system32\drivers\Monfilt.sys
02:25:03.0156 5836 Monfilt - ok
02:25:03.0187 5836 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) E:\WINDOWS\system32\DRIVERS\mouclass.sys
02:25:03.0187 5836 Mouclass - ok
02:25:03.0250 5836 mouhid (98e474ecf11f1db62fb072157a95ea83) E:\WINDOWS\system32\DRIVERS\mouhid.sys
02:25:03.0250 5836 mouhid - ok
02:25:03.0250 5836 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys
02:25:03.0265 5836 MountMgr - ok
02:25:03.0265 5836 mraid35x - ok
02:25:03.0281 5836 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:25:03.0281 5836 MRxDAV - ok
02:25:03.0343 5836 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:25:03.0343 5836 MRxSmb - ok
02:25:03.0359 5836 MSDTC (7a73fdeef6cf45d27edd73220eaf1c8f) E:\WINDOWS\System32\msdtc.exe
02:25:03.0375 5836 MSDTC - ok
02:25:03.0406 5836 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys
02:25:03.0406 5836 Msfs - ok
02:25:03.0437 5836 MSIServer - ok
02:25:03.0468 5836 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys
02:25:03.0468 5836 MSKSSRV - ok
02:25:03.0484 5836 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:25:03.0500 5836 MSPCLOCK - ok
02:25:03.0546 5836 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys
02:25:03.0546 5836 MSPQM - ok
02:25:03.0656 5836 MSR Service (9da8fd98e368730e38589aa1952ac37f) E:\Program\Clarus\Samsung SecretZone\MSSvc.exe
02:25:03.0656 5836 MSR Service - ok
02:25:03.0703 5836 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:25:03.0703 5836 mssmbios - ok
02:25:03.0734 5836 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) E:\WINDOWS\system32\drivers\MSTEE.sys
02:25:03.0750 5836 MSTEE - ok
02:25:03.0796 5836 Mup (de6a75f5c270e756c5508d94b6cf68f5) E:\WINDOWS\system32\drivers\Mup.sys
02:25:03.0796 5836 Mup - ok
02:25:03.0812 5836 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:25:03.0843 5836 NABTSFEC - ok
02:25:03.0890 5836 napagent (28d11a2ecdfcb280624bd7006d85c38e) E:\WINDOWS\System32\qagentrt.dll
02:25:03.0921 5836 napagent - ok
02:25:03.0984 5836 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys
02:25:04.0015 5836 NDIS - ok
02:25:04.0062 5836 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) E:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:25:04.0078 5836 NdisIP - ok
02:25:04.0125 5836 NdisTapi (0109c4f3850dfbab279542515386ae22) E:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:25:04.0125 5836 NdisTapi - ok
02:25:04.0171 5836 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:25:04.0171 5836 Ndisuio - ok
02:25:04.0187 5836 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:25:04.0187 5836 NdisWan - ok
02:25:04.0234 5836 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) E:\WINDOWS\system32\drivers\NDProxy.sys
02:25:04.0234 5836 NDProxy - ok
02:25:04.0265 5836 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys
02:25:04.0265 5836 NetBIOS - ok
02:25:04.0281 5836 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys
02:25:04.0281 5836 NetBT - ok
02:25:04.0343 5836 NetDDE (5a922c8e35bf372f3dd3ec61345634b7) E:\WINDOWS\system32\netdde.exe
02:25:04.0343 5836 NetDDE - ok
02:25:04.0359 5836 NetDDEdsdm (5a922c8e35bf372f3dd3ec61345634b7) E:\WINDOWS\system32\netdde.exe
02:25:04.0359 5836 NetDDEdsdm - ok
02:25:04.0359 5836 NETGEAR_WG311T_SERVICE - ok
02:25:04.0421 5836 Netlogon (ff1805d5daf41625af5282750d4a3700) E:\WINDOWS\System32\lsass.exe
02:25:04.0421 5836 Netlogon - ok
02:25:04.0453 5836 Netman (7f791c1c9d3fec5d3f519c9db19465d3) E:\WINDOWS\System32\netman.dll
02:25:04.0468 5836 Netman - ok
02:25:04.0609 5836 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:25:04.0640 5836 NetTcpPortSharing - ok
02:25:04.0703 5836 Nla (d080a76f42dfe1e7af0c069ae5bad8fc) E:\WINDOWS\System32\mswsock.dll
02:25:04.0718 5836 Nla - ok
02:25:04.0859 5836 NMIndexingService (060daf68493ad7adf104413e5a62afa8) E:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
02:25:04.0890 5836 NMIndexingService - ok
02:25:04.0953 5836 nosGetPlusHelper (ef7a048fe8e3f102c78c9bd7c448bb6c) E:\Program\NOS\bin\getPlus_Helper_3004.dll
02:25:04.0953 5836 nosGetPlusHelper - ok
02:25:04.0984 5836 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys
02:25:05.0000 5836 Npfs - ok
02:25:05.0046 5836 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys
02:25:05.0093 5836 Ntfs - ok
02:25:05.0140 5836 NtLmSsp (ff1805d5daf41625af5282750d4a3700) E:\WINDOWS\System32\lsass.exe
02:25:05.0140 5836 NtLmSsp - ok
02:25:05.0203 5836 NtmsSvc (5fd9f539baf23288d131f1b709a62807) E:\WINDOWS\system32\ntmssvc.dll
02:25:05.0234 5836 NtmsSvc - ok
02:25:05.0296 5836 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys
02:25:05.0312 5836 Null - ok
02:25:05.0359 5836 NVENETFD (fb571595404ffdc5006540cffcfa88e4) E:\WINDOWS\system32\DRIVERS\NVENETFD.sys
02:25:05.0359 5836 NVENETFD - ok
02:25:05.0406 5836 nvgts (a117466b0acb13288deee4f2e936e67f) E:\WINDOWS\system32\DRIVERS\nvgts.sys
02:25:05.0421 5836 nvgts - ok
02:25:05.0453 5836 nvnetbus (be8513730653384939a4d2d977c81027) E:\WINDOWS\system32\DRIVERS\nvnetbus.sys
02:25:05.0453 5836 nvnetbus - ok
02:25:05.0500 5836 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:25:05.0531 5836 NwlnkFlt - ok
02:25:05.0562 5836 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:25:05.0562 5836 NwlnkFwd - ok
02:25:05.0625 5836 Parport (19e28ed86e7244d76fda792c2810188e) E:\WINDOWS\system32\DRIVERS\parport.sys
02:25:05.0625 5836 Parport - ok
02:25:05.0640 5836 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys
02:25:05.0671 5836 PartMgr - ok
02:25:05.0718 5836 ParVdm (5cf71e14a108c492c1fb07543d579af5) E:\WINDOWS\system32\drivers\ParVdm.sys
02:25:05.0718 5836 ParVdm - ok
02:25:05.0750 5836 pccsmcfd (fd2041e9ba03db7764b2248f02475079) E:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
02:25:05.0765 5836 pccsmcfd - ok
02:25:05.0781 5836 PCI (8a185f0112cf5b42ff1aaff31b8b3091) E:\WINDOWS\system32\DRIVERS\pci.sys
02:25:05.0812 5836 PCI - ok
02:25:05.0828 5836 PCIDump - ok
02:25:05.0890 5836 PCIIde (239de4275ee40fdf9912761467025244) E:\WINDOWS\system32\DRIVERS\pciide.sys
02:25:05.0890 5836 PCIIde - ok
02:25:05.0937 5836 Pcmcia (904053aa6e251c77cf85371ce644cfd7) E:\WINDOWS\system32\drivers\Pcmcia.sys
02:25:05.0968 5836 Pcmcia - ok
02:25:06.0000 5836 PDCOMP - ok
02:25:06.0031 5836 PDFRAME - ok
02:25:06.0046 5836 PDRELI - ok
02:25:06.0046 5836 PDRFRAME - ok
02:25:06.0062 5836 perc2 - ok
02:25:06.0062 5836 perc2hib - ok
02:25:06.0125 5836 PlugPlay (8870b0c4a094c1ce80cea6f85fa38ff2) E:\WINDOWS\system32\services.exe
02:25:06.0125 5836 PlugPlay - ok
02:25:06.0265 5836 PnkBstrA (c183b7e8c4dd96af66d7ace48d2d9b05) E:\Program\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
02:25:06.0265 5836 PnkBstrA - ok
02:25:06.0296 5836 PolicyAgent (ff1805d5daf41625af5282750d4a3700) E:\WINDOWS\System32\lsass.exe
02:25:06.0296 5836 PolicyAgent - ok
02:25:06.0343 5836 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys
02:25:06.0343 5836 PptpMiniport - ok
02:25:06.0390 5836 Processor (992e4b2a91e6a2f3d21de89b9273353a) E:\WINDOWS\system32\DRIVERS\processr.sys
02:25:06.0390 5836 Processor - ok
02:25:06.0406 5836 ProtectedStorage (ff1805d5daf41625af5282750d4a3700) E:\WINDOWS\system32\lsass.exe
02:25:06.0406 5836 ProtectedStorage - ok
02:25:06.0421 5836 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys
02:25:06.0421 5836 PSched - ok
02:25:06.0468 5836 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys
02:25:06.0468 5836 Ptilink - ok
02:25:06.0484 5836 ql1080 - ok
02:25:06.0500 5836 Ql10wnt - ok
02:25:06.0500 5836 ql12160 - ok
02:25:06.0515 5836 ql1240 - ok
02:25:06.0515 5836 ql1280 - ok
02:25:06.0546 5836 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys
02:25:06.0546 5836 RasAcd - ok
02:25:06.0593 5836 RasAuto (15d787dffce46cfc4c7f567095ce8323) E:\WINDOWS\System32\rasauto.dll
02:25:06.0609 5836 RasAuto - ok
02:25:06.0656 5836 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:25:06.0656 5836 Rasl2tp - ok
02:25:06.0734 5836 RasMan (1e86de6b0df33953cf9ce449dd6e8442) E:\WINDOWS\System32\rasmans.dll
02:25:06.0734 5836 RasMan - ok
02:25:06.0750 5836 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:25:06.0750 5836 RasPppoe - ok
02:25:06.0750 5836 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys
02:25:06.0765 5836 Raspti - ok
02:25:06.0781 5836 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys
02:25:06.0781 5836 Rdbss - ok
02:25:06.0796 5836 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:25:06.0796 5836 RDPCDD - ok
02:25:06.0796 5836 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:25:06.0812 5836 rdpdr - ok
02:25:06.0859 5836 RDPWD (5b3055daa788bd688594d2f5981f2a83) E:\WINDOWS\system32\drivers\RDPWD.sys
02:25:06.0859 5836 RDPWD - ok
02:25:06.0890 5836 RDSessMgr (fe7c16fa5cbc560579c9728534fbaf6f) E:\WINDOWS\system32\sessmgr.exe
02:25:06.0906 5836 RDSessMgr - ok
02:25:06.0921 5836 redbook (97130d37842819fa39fd5f1e90a5d676) E:\WINDOWS\system32\DRIVERS\redbook.sys
02:25:06.0921 5836 redbook - ok
02:25:06.0953 5836 RemoteAccess (fcd42d82c6f5e0e1506eca01d692dde7) E:\WINDOWS\System32\mprdim.dll
02:25:06.0968 5836 RemoteAccess - ok
02:25:07.0000 5836 RemoteRegistry (66bc81fea0c86632255b696a69ba9827) E:\WINDOWS\system32\regsvc.dll
02:25:07.0000 5836 RemoteRegistry - ok
02:25:07.0015 5836 RpcLocator (2cfb81b412a5d3cbd55cefaccb5e2cee) E:\WINDOWS\System32\locator.exe
02:25:07.0031 5836 RpcLocator - ok
02:25:07.0093 5836 RpcSs (87dadc3f6e6cd5aaeb913e19cbff922c) E:\WINDOWS\system32\rpcss.dll
02:25:07.0093 5836 RpcSs - ok
02:25:07.0125 5836 RSVP (72407e48f912ed57213ae474b8a6798b) E:\WINDOWS\System32\rsvp.exe
02:25:07.0156 5836 RSVP - ok
02:25:07.0218 5836 rt2870 (a6886caf9d03dade7144171e471eca6f) E:\WINDOWS\system32\DRIVERS\rt2870.sys
02:25:07.0234 5836 rt2870 - ok
02:25:07.0250 5836 SamSs (ff1805d5daf41625af5282750d4a3700) E:\WINDOWS\system32\lsass.exe
02:25:07.0250 5836 SamSs - ok
02:25:07.0265 5836 SCardSvr (d339f34d824a7d42ff4d61f1d9d06029) E:\WINDOWS\System32\SCardSvr.exe
02:25:07.0281 5836 SCardSvr - ok
02:25:07.0343 5836 Schedule (c7dc69a9d8c9ab2fbca3238c989d598f) E:\WINDOWS\system32\schedsvc.dll
02:25:07.0343 5836 Schedule - ok
02:25:07.0390 5836 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys
02:25:07.0406 5836 Secdrv - ok
02:25:07.0453 5836 seclogon (ed70eb06f13062366b126b1c7475c127) E:\WINDOWS\System32\seclogon.dll
02:25:07.0453 5836 seclogon - ok
02:25:07.0500 5836 SENS (ea7b436a948c875dc94c6062fcbbc2d9) E:\WINDOWS\system32\sens.dll
02:25:07.0500 5836 SENS - ok
02:25:07.0531 5836 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys
02:25:07.0531 5836 serenum - ok
02:25:07.0562 5836 Serial (f7d35464062edc08909e568bcd8ae77d) E:\WINDOWS\system32\DRIVERS\serial.sys
02:25:07.0562 5836 Serial - ok
02:25:07.0593 5836 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys
02:25:07.0593 5836 Sfloppy - ok
02:25:07.0609 5836 SharedAccess (30e1a46734bdf836c8770949c86b42a4) E:\WINDOWS\System32\ipnathlp.dll
02:25:07.0625 5836 SharedAccess - ok
02:25:07.0671 5836 ShellHWDetection (c5684b98920f9ba98d6a33701ca816e6) E:\WINDOWS\System32\shsvcs.dll
02:25:07.0671 5836 ShellHWDetection - ok
02:25:07.0687 5836 Simbad - ok
02:25:07.0703 5836 SLIP (866d538ebe33709a5c9f5c62b73b7d14) E:\WINDOWS\system32\DRIVERS\SLIP.sys
02:25:07.0718 5836 SLIP - ok
02:25:07.0781 5836 SOFTXG (b958ba970b5e623cd714824bc463ed2c) E:\WINDOWS\system32\drivers\sxgxgwdm.sys
02:25:07.0796 5836 SOFTXG - ok
02:25:07.0796 5836 Sparrow - ok
02:25:07.0828 5836 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys
02:25:07.0828 5836 splitter - ok
02:25:07.0859 5836 Spooler (60784f891563fb1b767f70117fc2428f) E:\WINDOWS\system32\spoolsv.exe
02:25:07.0859 5836 Spooler - ok
02:25:07.0937 5836 sr (1193ef00869f6367367e6e7cb96be325) E:\WINDOWS\system32\DRIVERS\sr.sys
02:25:07.0968 5836 sr - ok
02:25:07.0968 5836 srescan - ok
02:25:07.0984 5836 srservice (25edb60132f9d82cb1b7961c1d0d13f2) E:\WINDOWS\System32\srsvc.dll
02:25:07.0984 5836 srservice - ok
02:25:08.0031 5836 Srv (47ddfc2f003f7f9f0592c6874962a2e7) E:\WINDOWS\system32\DRIVERS\srv.sys
02:25:08.0046 5836 Srv - ok
02:25:08.0078 5836 SSDPSRV (53ffc29dc150e0107f28f0a622ff8d1a) E:\WINDOWS\System32\ssdpsrv.dll
02:25:08.0078 5836 SSDPSRV - ok
02:25:08.0109 5836 ssmdrv (a36ee93698802cd899f98bfd553d8185) E:\WINDOWS\system32\DRIVERS\ssmdrv.sys
02:25:08.0109 5836 ssmdrv - ok
02:25:08.0140 5836 stisvc (5835d4ad35905215e1059a973b022ea1) E:\WINDOWS\system32\wiaservc.dll
02:25:08.0140 5836 stisvc - ok
02:25:08.0171 5836 streamip (77813007ba6265c4b6098187e6ed79d2) E:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:25:08.0171 5836 streamip - ok
02:25:08.0203 5836 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys
02:25:08.0203 5836 swenum - ok
02:25:08.0218 5836 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys
02:25:08.0218 5836 swmidi - ok
02:25:08.0218 5836 SwPrv - ok
02:25:08.0234 5836 symc810 - ok
02:25:08.0250 5836 symc8xx - ok
02:25:08.0250 5836 sym_hi - ok
02:25:08.0265 5836 sym_u3 - ok
02:25:08.0281 5836 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys
02:25:08.0281 5836 sysaudio - ok
02:25:08.0343 5836 SysmonLog (71a08eec00a703445a2cbc0e91ef0952) E:\WINDOWS\system32\smlogsvc.exe
02:25:08.0343 5836 SysmonLog - ok
02:25:08.0406 5836 TapiSrv (18261106524f7a93ceceacdc03a5b989) E:\WINDOWS\System32\tapisrv.dll
02:25:08.0421 5836 TapiSrv - ok
02:25:08.0484 5836 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys
02:25:08.0484 5836 Tcpip - ok
02:25:08.0531 5836 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys
02:25:08.0531 5836 TDPIPE - ok
02:25:08.0562 5836 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys
02:25:08.0562 5836 TDTCP - ok
02:25:08.0593 5836 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys
02:25:08.0609 5836 TermDD - ok
02:25:08.0640 5836 TermService (f89c53d455420df4d66e45842fb3a46e) E:\WINDOWS\System32\termsrv.dll
02:25:08.0640 5836 TermService - ok
02:25:08.0687 5836 Themes (c5684b98920f9ba98d6a33701ca816e6) E:\WINDOWS\System32\shsvcs.dll
02:25:08.0703 5836 Themes - ok
02:25:08.0734 5836 TlntSvr (cc4c1aae22088304c715ac9d26f2d4c1) E:\WINDOWS\System32\tlntsvr.exe
02:25:08.0750 5836 TlntSvr - ok
02:25:08.0875 5836 TomTomHOMEService (39bd95a9fe72aaf5c675ad146be456a9) E:\Program\TomTom HOME 2\TomTomHOMEService.exe
02:25:08.0875 5836 TomTomHOMEService - ok
02:25:08.0890 5836 TosIde - ok
02:25:08.0968 5836 TrkWks (548867e040cb81a82b5df09d074f95f8) E:\WINDOWS\system32\trkwks.dll
02:25:08.0968 5836 TrkWks - ok
02:25:09.0015 5836 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys
02:25:09.0015 5836 Udfs - ok
02:25:09.0031 5836 ultra - ok
02:25:09.0046 5836 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys
02:25:09.0046 5836 Update - ok
02:25:09.0078 5836 upnphost (b1222a2302480d56a32c5343150bb16d) E:\WINDOWS\System32\upnphost.dll
02:25:09.0078 5836 upnphost - ok
02:25:09.0093 5836 UPS (7b07af3d4545ad6fee34b5f2eb247c8f) E:\WINDOWS\System32\ups.exe
02:25:09.0109 5836 UPS - ok
02:25:09.0125 5836 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:25:09.0125 5836 usbccgp - ok
02:25:09.0171 5836 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys
02:25:09.0171 5836 usbehci - ok
02:25:09.0171 5836 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys
02:25:09.0171 5836 usbhub - ok
02:25:09.0187 5836 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys
02:25:09.0187 5836 usbohci - ok
02:25:09.0203 5836 usbprint (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys
02:25:09.0203 5836 usbprint - ok
02:25:09.0250 5836 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys
02:25:09.0265 5836 usbscan - ok
02:25:09.0312 5836 usbser (1c888b000c2f9492f4b15b5b6b84873e) E:\WINDOWS\system32\drivers\usbser.sys
02:25:09.0328 5836 usbser - ok
02:25:09.0359 5836 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:25:09.0359 5836 USBSTOR - ok
02:25:09.0406 5836 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys
02:25:09.0421 5836 VgaSave - ok
02:25:09.0437 5836 ViaIde - ok
02:25:09.0515 5836 Video3D (8643da4a6c83da6c10fcab1e5ab6632d) E:\WINDOWS\system32\Drivers\Video3D32.sys
02:25:09.0515 5836 Video3D - ok
02:25:09.0515 5836 VMnetAdapter - ok
02:25:09.0703 5836 VoddlerNet (b32804cc718da696d570c0181b376557) E:\Program\Voddler\service\voddler.exe
02:25:09.0734 5836 VoddlerNet - ok
02:25:09.0828 5836 VolSnap (57187ec04878147e1f4f2d9224b12205) E:\WINDOWS\system32\drivers\VolSnap.sys
02:25:09.0828 5836 VolSnap - ok
02:25:09.0875 5836 VSS (940950dc9e34b05986bbbb1d1a33b74f) E:\WINDOWS\System32\vssvc.exe
02:25:09.0890 5836 VSS - ok
02:25:09.0937 5836 W32Time (4bf06a1dcd6a91c482e79340fee527ca) E:\WINDOWS\System32\w32time.dll
02:25:09.0937 5836 W32Time - ok
02:25:10.0000 5836 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys
02:25:10.0000 5836 Wanarp - ok
02:25:10.0062 5836 Wdf01000 (d918617b46457b9ac28027722e30f647) E:\WINDOWS\system32\Drivers\wdf01000.sys
02:25:10.0109 5836 Wdf01000 - ok
02:25:10.0125 5836 WDICA - ok
02:25:10.0171 5836 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys
02:25:10.0171 5836 wdmaud - ok
02:25:10.0203 5836 WebClient (e6dfcadf5089a68ecd288e9a803a892c) E:\WINDOWS\System32\webclnt.dll
02:25:10.0203 5836 WebClient - ok
02:25:10.0265 5836 winmgmt (cf4e2a27495f7ea6b3128d9a731b3716) E:\WINDOWS\system32\wbem\WMIsvc.dll
02:25:10.0265 5836 winmgmt - ok
02:25:10.0453 5836 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) E:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:25:10.0484 5836 wlidsvc - ok
02:25:10.0531 5836 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) E:\WINDOWS\system32\MsPMSNSv.dll
02:25:10.0546 5836 WmdmPmSN - ok
02:25:10.0625 5836 Wmi (b5ff0001533be01dfbd995d7a60a7daa) E:\WINDOWS\System32\advapi32.dll
02:25:10.0640 5836 Wmi - ok
02:25:10.0687 5836 WmiApSrv (9bfadc02a9e27bfdff59e61302f92517) E:\WINDOWS\System32\wbem\wmiapsrv.exe
02:25:10.0718 5836 WmiApSrv - ok
02:25:10.0875 5836 WMPNetworkSvc (de188dd69ca74b1512adc5a7639523b2) E:\Program\Windows Media Player\WMPNetwk.exe
02:25:10.0953 5836 WMPNetworkSvc - ok
02:25:10.0984 5836 WpdUsb (cf4def1bf66f06964dc0d91844239104) E:\WINDOWS\system32\DRIVERS\wpdusb.sys
02:25:11.0015 5836 WpdUsb - ok
02:25:11.0187 5836 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:25:11.0218 5836 WPFFontCache_v0400 - ok
02:25:11.0281 5836 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) E:\WINDOWS\System32\drivers\ws2ifsl.sys
02:25:11.0296 5836 WS2IFSL - ok
02:25:11.0375 5836 wscsvc (4ac32513fa47c8219448269bf895fc34) E:\WINDOWS\system32\wscsvc.dll
02:25:11.0390 5836 wscsvc - ok
02:25:11.0421 5836 WSearch - ok
02:25:11.0484 5836 WSTCODEC (c98b39829c2bbd34e454150633c62c78) E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:25:11.0500 5836 WSTCODEC - ok
02:25:11.0546 5836 wuauserv (4ceaf29d35c2608c6463e80574ddca10) E:\WINDOWS\system32\wuauserv.dll
02:25:11.0546 5836 wuauserv - ok
02:25:11.0609 5836 WudfPf (f15feafffbb3644ccc80c5da584e6311) E:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:25:11.0625 5836 WudfPf - ok
02:25:11.0640 5836 WudfRd (28b524262bce6de1f7ef9f510ba3985b) E:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:25:11.0671 5836 WudfRd - ok
02:25:11.0703 5836 WudfSvc (05231c04253c5bc30b26cbaae680ed89) E:\WINDOWS\System32\WUDFSvc.dll
02:25:11.0734 5836 WudfSvc - ok
02:25:11.0781 5836 WZCSVC (5ec7d7f83640a921b5c616d9650520fd) E:\WINDOWS\System32\wzcsvc.dll
02:25:11.0796 5836 WZCSVC - ok
02:25:11.0796 5836 xcpip - ok
02:25:11.0843 5836 xmlprov (5b3d475aa8629320686fbffbe67ab492) E:\WINDOWS\System32\xmlprov.dll
02:25:11.0921 5836 xmlprov - ok
02:25:11.0921 5836 xpsec - ok
02:25:11.0968 5836 MBR (0x1B8) (c8919ae61419c5625f9ef0aef12523a8) \Device\Harddisk0\DR0
02:25:12.0156 5836 \Device\Harddisk0\DR0 - ok
02:25:12.0156 5836 MBR (0x1B8) (c8919ae61419c5625f9ef0aef12523a8) \Device\Harddisk1\DR2
02:25:12.0156 5836 \Device\Harddisk1\DR2 - ok
02:25:12.0171 5836 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4
02:25:12.0187 5836 \Device\Harddisk2\DR4 - ok
02:25:12.0203 5836 Boot (0x1200) (459b544dd41d5c286fd11d62163c15fc) \Device\Harddisk0\DR0\Partition0
02:25:12.0203 5836 \Device\Harddisk0\DR0\Partition0 - ok
02:25:12.0203 5836 Boot (0x1200) (9ee207bcf579e831343bbcf18dd03124) \Device\Harddisk1\DR2\Partition0
02:25:12.0203 5836 \Device\Harddisk1\DR2\Partition0 - ok
02:25:12.0218 5836 Boot (0x1200) (b7587347c39f1f68275a88760e1599e3) \Device\Harddisk2\DR4\Partition0
02:25:12.0218 5836 \Device\Harddisk2\DR4\Partition0 - ok
02:25:12.0218 5836 ============================================================
02:25:12.0218 5836 Scan finished
02:25:12.0218 5836 ============================================================
02:25:12.0218 5420 Detected object count: 0
02:25:12.0218 5420 Actual detected object count: 0


hey presto!
that looks promising
 
Tomorrow

I must go sleep.

If there is anything I need to do, or not do, until I can continue in approximately 20 hrs (it is 2.45 AM here) pls tell me if you feel that you have time at the moment.


Thanks a lot!
 
Good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ok

So, I'll shut down now.
I'll leave everything as is and immediately follow your instructions after booting tomorrow.


'nite!
 
done that

The txt file I found resided in e:\combofix\
e: is my boot drive.


combofix:

ComboFix 12-03-27.02 - petka 2012-03-27 14:13:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1187 [GMT 2:00]
Körs från: E:\Documents and Settings\petka.PKNEW\Skrivbord\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}


((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))


C:\setup.exe
E:\Documents and Settings\petka.PKNEW\WINDOWS
E:\WINDOWS\system32\NEW1B8.tmp
E:\WINDOWS\system32\nsprs.dll
E:\WINDOWS\system32\prsgrc.dll
E:\WINDOWS\system32\serauth1.dll
E:\WINDOWS\system32\serauth2.dll
E:\WINDOWS\system32\ssprs.dll
E:\WINDOWS\system32\vcwl0fq.dll


((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_xcpip


(((((((((((((((((((((((( Filer skapade från 2012-02-27 till 2012-03-27 ))))))))))))))))))))))))))))))
 
sideline

BTW:

can I run the Malwarebytes thing in parallell with Avira, or should I turn it off?
 
hmm

I checked some other threads, and their combofix logs are much longer than mine.

Also, I found the logfile under e:\combofix\, not directly under e:\


Should I retry or something?
 
Yes, that log is incomplete.
Please re-run Combofix.

To answer your question MBAM runs fine along any AV program.
 
Interesting observation?

I am on my laptop now, while the Combofix is running.
An interesting observation is that my internet connection is reported to be running (I have the windows connection icon in the lower right hand area of the desktop saying it is connected, but the connection icon that is usually there from the wireless company is gone) but with zero traffic (the sent and received packets are stable)

I dare not do anything special, just thought I'd tell you since your info says Combofix turns off the internet connection.


Also: thx for the info on MBAM. I'll keep it on when not running Combofix or something.
 
update

now 2 packets were sent, and 4 received.

It completed step 50 and NOW the only thing on the desktop that is alive is Combofix which has done some deletions and says it is preparing a log. Everything else but the background is gone.
 
here is the log

ComboFix 12-03-27.02 - petka 2012-03-28 2:03.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1118 [GMT 2:00]
Körs från: e:\documents and settings\petka.PKNEW\Skrivbord\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Skapade en ny återställningspunkt
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\program\config.exe
e:\windows\system32\dllcache\dlimport.exe
e:\windows\system32\dllcache\wmpvis.dll
.
---- Föregående körning -------
.
C:\setup.exe
e:\windows\system32\NEW1B8.tmp
e:\windows\system32\nsprs.dll
e:\windows\system32\prsgrc.dll
e:\windows\system32\serauth1.dll
e:\windows\system32\serauth2.dll
e:\windows\system32\ssprs.dll
e:\windows\system32\vcwl0fq.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
(((((((((((((((((((((((( Filer skapade från 2012-02-28 till 2012-03-28 ))))))))))))))))))))))))))))))
.
.
2012-03-27 12:45 . 2012-03-27 12:45 9310 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-03-27 12:45 . 2012-03-27 12:45 8646 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-03-27 12:45 . 2012-03-27 12:45 6429 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-03-27 12:45 . 2012-03-27 12:45 63115 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-03-27 12:45 . 2012-03-27 12:45 5927 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-03-27 12:45 . 2012-03-27 12:45 4599 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-03-27 12:45 . 2012-03-27 12:45 8613 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-03-27 12:45 . 2012-03-27 12:45 6910 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-03-27 12:45 . 2012-03-27 12:45 1651 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-03-27 12:45 . 2012-03-27 12:45 8288 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-03-27 12:45 . 2012-03-27 12:45 6208 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-03-27 12:45 . 2012-03-27 12:45 18541 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-03-27 12:44 . 2012-03-27 12:44 8782 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-03-27 12:44 . 2012-03-27 12:44 7271 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-03-27 12:44 . 2012-03-27 12:44 51852 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-03-27 12:44 . 2012-03-27 12:44 23327 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-03-27 12:44 . 2012-03-27 12:44 20719 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-03-25 23:49 . 2012-03-25 23:49 -------- d-----w- E:\TDSSKiller_Quarantine
2012-03-25 18:23 . 2012-03-25 18:23 -------- d-----w- e:\program\Delade filer\Java
2012-03-25 18:23 . 2012-03-25 18:23 73728 ----a-w- e:\windows\system32\javacpl.cpl
2012-03-25 17:39 . 2012-03-25 17:39 -------- d-----w- e:\program\Malwarebytes' Anti-Malware
2012-03-25 17:39 . 2011-12-10 13:24 20464 ----a-w- e:\windows\system32\drivers\mbam.sys
2012-03-24 20:56 . 2012-03-24 20:56 -------- d-----w- e:\documents and settings\petka.PKNEW\Application Data\Malwarebytes
2012-03-24 20:56 . 2012-03-24 20:56 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-24 19:53 . 2012-03-24 19:53 -------- d-----w- e:\program\Toolbar Cleaner
2012-03-24 14:59 . 2012-03-24 14:59 -------- d-----r- e:\documents and settings\LocalService\Favoriter
2012-03-22 23:15 . 2012-03-22 23:15 592824 ----a-w- e:\program\Mozilla Firefox\gkmedias.dll
2012-03-22 23:15 . 2012-03-22 23:15 44472 ----a-w- e:\program\Mozilla Firefox\mozglue.dll
2012-03-20 20:47 . 2012-03-20 20:47 -------- d-----w- e:\documents and settings\All Users\Application Data\VS
2012-03-17 21:08 . 2001-09-06 19:33 5632 ----a-w- e:\windows\system32\ptpusb.dll
2012-03-17 21:08 . 2008-04-13 19:45 15104 -c--a-w- e:\windows\system32\dllcache\usbscan.sys
2012-03-17 21:08 . 2008-04-13 19:45 15104 ----a-w- e:\windows\system32\drivers\usbscan.sys
2012-03-17 21:08 . 2008-04-14 17:04 159232 ----a-w- e:\windows\system32\ptpusd.dll
2012-03-04 10:59 . 2012-03-04 10:59 -------- d-----w- e:\documents and settings\All Users\Application Data\ATI
2012-03-04 10:54 . 2012-03-04 10:54 -------- d-----w- e:\program\AMD APP
2012-03-04 10:53 . 2011-12-20 07:39 100368 ----a-w- e:\windows\system32\drivers\AtihdXP3.sys
2012-03-04 10:53 . 2011-12-06 02:39 956160 ----a-w- e:\windows\system32\ativvamv.dll
2012-03-04 10:51 . 2012-03-04 10:51 -------- d-----w- E:\AMD
2012-03-04 10:41 . 2010-11-03 17:15 359016 ----a-w- e:\windows\vncutil.exe
2012-03-04 10:41 . 2011-12-12 16:20 64616 ----a-w- e:\windows\system32\RtkCoInstIIXP.dll
2012-03-04 10:41 . 2011-11-22 15:28 11368 ----a-w- e:\windows\system32\RtkCoLDRXP.dll
2012-03-04 10:41 . 2010-11-03 17:14 129640 ----a-w- e:\windows\RtkAudioService.exe
2012-03-04 10:41 . 2011-11-24 10:37 21736 ----a-w- e:\windows\system32\drivers\RTAIODAT.DAT
2012-03-04 10:24 . 2012-03-04 10:24 -------- d-----w- e:\documents and settings\NetworkService\Application Data\Xfire
2012-03-04 10:16 . 2012-03-04 10:16 -------- d-----w- e:\documents and settings\petka.PKNEW\Application Data\Easeware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-26 00:53 . 2009-06-28 22:34 196608 ----a-w- e:\windows\system32\drivers\nStandard.bin
2012-03-25 18:23 . 2010-04-24 22:23 472808 ----a-w- e:\windows\system32\deployJava1.dll
2012-03-25 17:18 . 2009-06-28 22:35 94208 ----a-w- e:\windows\DUMP74e1.tmp
2012-03-22 23:27 . 2010-05-20 22:15 112832 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-03-19 21:57 . 2011-05-21 09:20 414368 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-19 18:34 . 2012-02-18 19:04 444952 ----a-w- e:\windows\system32\wrap_oal.dll
2012-02-19 18:34 . 2012-02-18 19:04 109080 ----a-w- e:\windows\system32\OpenAL32.dll
2012-02-15 12:11 . 2011-10-24 08:52 137416 ----a-w- e:\windows\system32\drivers\avipbb.sys
2012-02-03 09:57 . 2003-04-24 12:00 1860096 ----a-w- e:\windows\system32\win32k.sys
2012-01-09 16:20 . 2009-06-28 20:45 139784 ----a-w- e:\windows\system32\drivers\rdpwd.sys
2000-08-14 19:33 . 2011-07-14 20:37 6287360 ----a-w- e:\program\IDMain.exe
1998-06-02 04:32 . 2011-07-14 20:38 705024 ----a-w- e:\program\3dfx.dll
2012-03-22 23:15 . 2011-05-11 21:42 97208 ----a-w- e:\program\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="e:\program\Delade filer\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"TomTomHOME.exe"="e:\program\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"Steam"="e:\program\Steam\Steam.exe" [2011-08-07 1242448]
"Emotum Mobile Broadband"="e:\program\Emotum\Mobile Broadband\Mobile.exe" [2009-07-09 348968]
"Skype"="e:\program\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="e:\program\Delade filer\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="e:\program\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-01 1629744]
"InCD"="e:\program\Nero\Nero 7\InCD\InCD.exe" [2007-06-01 1057328]
"SxgTkBar"="SxgTkBar.exe" [2002-07-22 53248]
"ANIWZCS2Service"="e:\program\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-05-07 98304]
"D-Link D-Link Wireless N DWA-140"="e:\program\D-Link\DWA-140 revB\AirNCFG.exe" [2009-05-07 1683456]
"ATICustomerCare"="e:\program\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"VoddlerNet Manager"="e:\program\Voddler\service\VNetManager.exe" [2011-08-24 50784]
"avgnt"="e:\program\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Adobe Reader Speed Launcher"="e:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="e:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"QuickTime Task"="e:\program\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="e:\program\Delade filer\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"StartCCC"="e:\program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 98304]
"Malwarebytes' Anti-Malware"="e:\program\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="e:\program\Delade filer\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adawarebp"="reg.exe delete HKCU\Software\AppDataLow\Software\adawarebp" [X]
"adawarebp_XP"="reg.exe delete HKCU\Software\adawarebp" [X]
.
e:\documents and settings\sofia\Start-meny\Program\Autostart\
OpenOffice.org 3.1.lnk - e:\program\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - e:\program\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
e:\documents and settings\petka.PKNEW\Start-meny\Program\Autostart\
OpenOffice.org 3.3.lnk - e:\program\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
e:\documents and settings\All Users\Start-meny\Program\Autostart\
Samsung Auto Backup Guage.lnk - e:\program\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-3-26 888832]
Samsung Auto Backup Real-Time Daemon.lnk - e:\program\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-3-26 77824]
Samsung Auto Backup Scheduler.lnk - e:\program\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-3-26 94208]
Windows Search.lnk - e:\program\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "e:\program\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\f:\0autocheck autochk /p \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"e:\\Program\\Spotify\\spotify.exe"=
"e:\\Program\\Messenger\\msmsgs.exe"=
"e:\\Program\\Steam\\Steam.exe"=
"e:\\Program\\THQ\\Company of Heroes\\RelicCOH.exe"=
"e:\\Program\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"e:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"e:\\Program\\uTorrent\\uTorrent.exe"=
"e:\\Program\\Voddler\\service\\voddler.exe"=
"e:\\Games\\World_of_Tanks\\WOTLauncher.exe"=
"e:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"e:\\Program\\Skype\\Phone\\Skype.exe"=
"e:\\Program\\Steam\\steamapps\\common\\dawn of war ii - retribution\\DOW2.exe"=
"e:\\Program\\Delade filer\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"e:\\Program\\Steam\\steamapps\\common\\call of duty modern warfare 3\\iw5mp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 mdf15;mdf15;e:\program\Clarus\Samsung SecretZone\mdf15.sys [2011-03-26 12800]
R2 ANIWConnService;ANIWConn Service;e:\windows\system32\ANIWConnService.exe [2010-05-24 147456]
R2 AntiVirSchedulerService;Avira Scheduler;e:\program\Avira\AntiVir Desktop\sched.exe [2011-10-24 86224]
R2 MBAMService;MBAMService;e:\program\Malwarebytes' Anti-Malware\mbamservice.exe [2012-03-25 652360]
R2 TomTomHOMEService;TomTomHOMEService;e:\program\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;e:\windows\system32\drivers\AtihdXP3.sys [2012-03-04 100368]
R3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [2012-03-25 20464]
R3 SOFTXG;YAMAHA XG SoftSynthesizer;e:\windows\system32\drivers\sxgxgwdm.sys [2009-07-03 966784]
S0 Lbd;Lbd;e:\windows\system32\DRIVERS\Lbd.sys --> e:\windows\system32\DRIVERS\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate);e:\program\Google\Update\GoogleUpdate.exe [2010-06-02 136176]
S2 MSR Service;Virtual Disk Service Manager;e:\program\Clarus\Samsung SecretZone\MSSvc.exe [2011-03-26 114688]
S3 80czzt43.sys;80czzt43.sys;\??\e:\windows\system32\drivers\80czzt43.sys --> e:\windows\system32\drivers\80czzt43.sys [?]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2009-06-30 1691480]
S3 AWINDIS5;AWINDIS5 Protocol Driver;e:\windows\system32\AWINDIS5.SYS [2009-06-28 16194]
S3 gupdatem;Tjänsten Google Update (gupdatem);e:\program\Google\Update\GoogleUpdate.exe [2010-06-02 136176]
S3 hwusbfake;Huawei DataCard USB Fake;e:\windows\system32\drivers\ewusbfake.sys [2010-02-21 102656]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\e:\program\Lavasoft\Ad-Aware\KernExplorer.sys --> e:\program\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;e:\windows\system32\DRIVERS\wg311tn5.sys --> e:\windows\system32\DRIVERS\wg311tn5.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;e:\windows\System32\svchost.exe -k nosGetPlusHelper [2003-04-24 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 xpsec;IPSEC driver;e:\windows\system32\drivers\xpsec.sys --> e:\windows\system32\drivers\xpsec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- e:\program\Delade filer\LightScribe\LSRunOnce.exe
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-03-15 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-03-27 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program\Google\Update\GoogleUpdate.exe [2010-06-01 22:47]
.
2012-03-27 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program\Google\Update\GoogleUpdate.exe [2010-06-01 22:47]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.se/
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - e:\documents and settings\petka.PKNEW\Application Data\Mozilla\Firefox\Profiles\vhhkse1z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
URLSearchHooks-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
HKCU-Run-ASRock OC Tuner - (no file)
HKCU-Run-zASRockInstantBoot - (no file)
HKCU-Run-ASRock IES - (no file)
HKCU-Run-ASUS SmartDoctor - c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
HKCU-Run-GameShadow - e:\program\GameShadow\GameShadow.exe
HKLM-Run-ASUSGamerOSD - e:\program files\ASUS\GamerOSD\GamerOSD.exe
AddRemove-Battlestations Pacific - e:\program\Eidos\Battlestations Pacific\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-28 02:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Samsung_ rev. -> Harddisk2\DR4 -> \Device\00000085
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
error: Read Felaktig parameter.
.
**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_USERS\S-1-5-21-1292428093-261478967-839522115-1006\Software\SecuROM\License information*]
"datasecu"=hex:a0,ab,ad,f8,20,e7,6b,fb,54,2e,e5,a6,e5,2d,cf,f9,fa,dc,40,15,89,
42,e6,5f,54,1f,3c,1f,ee,d0,ae,16,60,cc,24,07,ac,2e,67,72,bc,8c,dc,f5,1a,a9,\
"rkeysecu"=hex:9d,85,06,89,db,86,0d,97,8d,1b,91,81,ad,62,08,76
.
--------------------- DLL'er som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
e:\windows\system32\Ati2evxx.dll
e:\windows\system32\atiadlxx.dll
.
Sluttid: 2012-03-28 02:14:22
ComboFix-quarantined-files.txt 2012-03-28 00:14
.
Före genomsökningen: 85*658*042*368 byte ledigt
Efter genomsökningen: 85*618*167*808 byte ledigt
.
- - End Of File - - A63D5F62B0EC826044E38C28134C35E6


I'd like to add this:

* failed attempt at inserting cool icons depicting worship of broni and blasted virus *
 
Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- e:\windows\system32\drivers\xpsec.sys
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
 
Did you?
Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
 
yes.

"show hidden files and folders" is checked

"hide operating system files (recommended)" is unchecked

Of course, that is in swedish on my OS :)

The are no files beginning with any higher letter than "w"
 
Back