Inactive Can't acces antivirus sites or microsoft.com

[sidewaysfcs07]

title says it all , I have followed the 5 steps as much as I could.

my logs





Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.26.07

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
bau bau :: SIDEWAYS-820672 [administrator]

Protection: Enabled

6/26/2012 8:09:18 PM
mbam-log-2012-06-26 (20-09-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194171
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 4
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL|CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Documents and Settings\All Users\Application Data\TheBflix (PUP.BFlix) -> Quarantined and deleted successfully.

Files Detected: 7
C:\Documents and Settings\All Users\Application Data\ADDICT-THING\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\TheBflix\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TBYKZ7F7\iopy[1].png (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\TheBflix\background.html (PUP.BFlix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\TheBflix\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\TheBflix\ggjcfhkbapgipmhcdhamijaodpaemene.crx (PUP.BFlix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\TheBflix\settings.ini (PUP.BFlix) -> Quarantined and deleted successfully.

(end)

 

[sidewaysfcs07]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-06-26 20:28:40
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 WDC_WD1600JS-00MHB0 rev.02.01C03
Running: 89ce8ixu.exe; Driver: C:\DOCUME~1\BAUBAU~1\LOCALS~1\Temp\afqyrpoc.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xF73F8E2C]
SSDT sptd.sys ZwEnumerateValueKey [0xF73F91BA]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 867D21E8
Device \Driver\atapi \Device\Ide\IdePort1 867D21E8
Device \Driver\atapi \Device\Ide\IdePort2 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 867D21E8
Device \Driver\atapi \Device\Ide\IdePort3 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 867D21E8
Device \Driver\agzr7f65 \Device\Scsi\agzr7f651 865517A0
Device \Driver\agzr7f65 \Device\Scsi\agzr7f651Port4Path0Target0Lun0 865517A0
Device \FileSystem\Ntfs \Ntfs 867D11E8

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] wffezdnah <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

 

[sidewaysfcs07]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_31
Run by bau bau at 20:30:54 on 2012-06-26
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.462 [GMT 3:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\OSCAR Editor\OscarEditor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OSCAR Editor\OscarData\Tools\MyShowMessage.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredibar.com/mb139?a=6PQyTeVRnk&I=26
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [Steam] "e:\games\steam\steam.exe" -silent
uRun: [OscarEditor] "c:\program files\oscar editor\OscarEditor.exe" Minimum
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RaidCall] c:\program files\raidcall\\raidcall.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{5434F102-709B-4C0A-922A-E38AD4B14C44} : NameServer = 213.154.124.1 193.231.252.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bau bau\application data\mozilla\firefox\profiles\ogvu9i1x.default\
FF - prefs.js: browser.startup.homepage - google.ro
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6PQyTeVRnk&&I=26&search=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQyTeVRnk&loc=IB_TB&I=26&search=
FF - user.js: extensions.incredibar_i.id - 884a0ab60000000000000013d33ad7a9
FF - user.js: extensions.incredibar_i.instlDay - 15489
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.140:23:12
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQyTeVRnk
FF - user.js: extensions.incredibar_i.upn2n - 92542970437908018
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 20%5F5
.
============= SERVICES / DRIVERS ===============
.
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-6-27 61424]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-26 654408]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-5-30 185856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-26 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-4 136176]
S2 wffezdnah;Config Time;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-4 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 113120]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-26 17:08:22 -------- d-----w- c:\documents and settings\bau bau\application data\Malwarebytes
2012-06-26 17:08:17 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-06-26 17:08:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 17:08:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-17 15:47:46 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-17 15:47:46 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-06 19:25:52 -------- d-----w- c:\documents and settings\all users\application data\Xilisoft
2012-05-29 21:24:08 -------- d-----w- c:\documents and settings\all users\application data\TheBflixUpdater
2012-05-29 21:23:26 -------- d-----w- c:\documents and settings\all users\application data\Premium
2012-05-29 21:23:20 -------- d-----w- c:\program files\Optimizer Pro
2012-05-29 21:23:08 -------- d-----w- c:\program files\Web Assistant
2012-05-29 21:22:54 -------- d-----w- c:\documents and settings\all users\application data\ADDICT-THING
2012-05-29 21:22:12 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2012-05-28 21:34:37 -------- d-----w- c:\documents and settings\bau bau\application data\Xilisoft
2012-05-28 21:33:11 -------- d-----w- c:\program files\Xilisoft
.
==================== Find3M ====================
.
2012-03-29 11:20:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-29 11:20:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 20:31:34.35 ===============

 

[sidewaysfcs07]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/3/2009 4:44:05 PM
System Uptime: 6/26/2012 8:18:36 PM (0 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7143
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 478 | 2782/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 478 | 2782/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 15 GiB total, 5.271 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 3.999 GiB free.
E: is FIXED (NTFS) - 60 GiB total, 15.661 GiB free.
F: is FIXED (NTFS) - 60 GiB total, 36.162 GiB free.
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Device
Device ID: PCI\VEN_10DE&DEV_0BE3&SUBSYS_19051462&REV_A1\4&258299F3&0&0108
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_10DE&DEV_0BE3&SUBSYS_19051462&REV_A1\4&258299F3&0&0108
Service:
.
==== System Restore Points ===================
.
RP134: 6/10/2012 2:37:11 PM - System Checkpoint
RP135: 6/11/2012 11:56:59 PM - System Checkpoint
RP136: 6/13/2012 5:21:02 PM - System Checkpoint
RP137: 6/15/2012 3:29:59 PM - System Checkpoint
RP138: 6/16/2012 4:01:12 PM - System Checkpoint
RP139: 6/18/2012 3:26:14 PM - System Checkpoint
RP140: 6/20/2012 8:38:17 PM - System Checkpoint
RP141: 6/22/2012 3:54:29 PM - System Checkpoint
RP142: 6/24/2012 11:13:55 PM - Installed Counter-Strike 1.6
RP143: 6/25/2012 1:53:31 PM - Removed Counter-Strike 1.6
RP144: 6/25/2012 2:45:25 PM - Installed Counter-Strike 1.6
RP145: 6/26/2012 4:12:21 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X
ALZip 8.51
Ares 3.1.5.3033
ASUS Enhanced Display Driver
Canon iP1800 series
Counter-Strike 1.6
CyberLink PowerDVD 8
DVDFab Platinum 3.0.3.6 Beta Ghosthunter release
Ghost Recon Online
Google Earth
Google Update Helper
Hotfix for Windows XP (KB915865)
Java Auto Updater
Java(TM) 6 Update 31
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 6.0 Parser (KB933579)
Nero 7 Ultra Edition
Nero Sipps
NVIDIA Control Panel 266.77
NVIDIA Graphics Driver 266.77
NVIDIA Install Application
NVIDIA PhysX
OSCAR Editor
RaidCall
SoundMAX
Steam
Team Fortress 2
TeamSpeak 3 Client
uTorrentBar Toolbar
Ventrilo Client
VLC
VLC media player 1.1.11
Web Assistant 2.0.0.439
WebFldrs XP
Winamp
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
WinRAR 4.01 (32-bit)
Xilisoft Audio Converter Pro
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/26/2012 8:20:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
6/24/2012 10:48:08 AM, error: Service Control Manager [7018] - Detected circular dependencies auto-starting services.
6/22/2012 7:31:19 PM, error: Service Control Manager [7023] - The Config Time service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
6/22/2012 7:29:49 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
.
==== End Of File ===========================

 

[Bobbye]

The Security Center has been disabled by the malware.
You are getting malware also because you have this set as a Start page and keyword:
mystart.incredibar.com

The other main reason is because of file sharing:
P2P or 'file sharing' Warning:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall :
µTorrent
Ares 3.1.5.3033
uTorrentBar Toolbar
for the following reasons:

• As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
• Malware writers use these program to include malicious content.
• File sharing is usually unmonitored and there is a danger that your private files might be accessed.
• The 'sharing' also includes malware that the shared system has on it.
• Files that are illegal can be spread through file sharing.

Please read the information on P2P Warningto help you better understand these dangers.
---------------------------------------------
As long as you are using the above, you will continue to get malware.
FYI: There is a potentially unwanted program (PUP) is usually associated with using a particular pirating site on the system.

Another PUP on the system was downloaded from a site deemed "unsafe."
McAfee SiteAdvisor warning

This software is probably infected with viruses. Visiting the developer's website may cause damage to your computer. McAfee SiteAdvisor report. Some references don't even publish the URL because of the risks.

=============================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------

• 
  Download Combofix from HERE or HEREand save to the desktop
  • Double click combofix.exe & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    

    The Recovery Console was successfully installed.

  • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
  • Note: No query will be made if the Recovery Console is already on the system.
• Close any open browsers.
• Before you run the Combofix scan, please disable any security software you have running.
  (If you need help with this, please see HERE)
• Click on Yes, to continue scanning for malware
• If Combofix asks you to update the program, allow
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1o not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.
==============================================
Download CKScanner and save to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
• When the cursor hourglass disappears, click Save List To File.
• A message box will verify that the file is saved.
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

===================================================
Please leave the logs in your next reply.

 

[sidewaysfcs07]

I could not download CKscanner , cannot acces that site , tried even with "save target as" in internet explorer

so only the combofix log for now


ComboFix 12-06-26.02 - bau bau 06/27/2012 9:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.436 [GMT 3:00]
Running from: c:\documents and settings\bau bau\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
c:\program files\Web Assistant\ExTEnsion32.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-26 17:08 . 2012-06-26 17:08 -------- d-----w- c:\documents and settings\bau bau\Application Data\Malwarebytes
2012-06-26 17:08 . 2012-06-26 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-26 17:08 . 2012-06-26 17:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-26 17:08 . 2012-04-04 12:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 15:47 . 2012-06-17 15:47 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-17 15:47 . 2012-06-17 15:47 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-08 14:37 . 2012-06-08 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2012-06-06 19:25 . 2012-06-06 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Xilisoft
2012-05-29 21:24 . 2012-05-29 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\TheBflixUpdater
2012-05-29 21:23 . 2012-05-29 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium
2012-05-29 21:23 . 2012-05-29 21:38 -------- d-----w- c:\program files\Optimizer Pro
2012-05-29 21:23 . 2012-05-29 21:23 453 ----a-w- C:\user.js
2012-05-29 21:23 . 2012-06-27 06:34 -------- d-----w- c:\program files\Web Assistant
2012-05-29 21:22 . 2012-05-29 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ADDICT-THING
2012-05-29 21:22 . 2012-05-29 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-05-28 21:34 . 2012-05-28 21:34 -------- d-----w- c:\documents and settings\bau bau\Application Data\Xilisoft
2012-05-28 21:33 . 2012-05-28 21:33 -------- d-----w- c:\program files\Xilisoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 11:20 . 2012-03-29 11:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-29 11:20 . 2011-11-30 10:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-17 15:47 . 2011-11-19 15:36 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 139264]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-19 880496]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"Steam"="e:\games\Steam\steam.exe" [2011-12-29 1242448]
"OscarEditor"="c:\program files\OSCAR Editor\OscarEditor.exe" [2008-07-30 2865152]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-01-04 6497592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-20 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-20 13881960]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-03-27 36352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RaidCall"="c:\program files\raidcall\\raidcall.exe" [2012-03-28 2596536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"e:\\Games\\Steam\\Steam.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4914:TCP"= 4914:TCP:ynygqwvm
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/29/2011 1:01 PM 682232]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [6/27/2008 5:50 PM 61424]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/26/2012 8:08 PM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/26/2012 8:08 PM 22344]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/29/2011 1:07 PM 47360]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/4/2011 11:15 PM 136176]
S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [5/30/2012 12:23 AM 185856]
S2 wffezdnah;Config Time;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/4/2011 11:15 PM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/4/2012 10:23 AM 113120]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wffezdnah
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-04 20:15]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-04 20:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ro/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{5434F102-709B-4C0A-922A-E38AD4B14C44}: NameServer = 213.154.124.1 193.231.252.1
FF - ProfilePath - c:\documents and settings\bau bau\Application Data\Mozilla\Firefox\Profiles\ogvu9i1x.default\
FF - prefs.js: browser.startup.homepage - google.ro
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6PQyTeVRnk&&I=26&search=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQyTeVRnk&loc=IB_TB&I=26&search=
FF - user.js: extensions.incredibar_i.id - 884a0ab60000000000000013d33ad7a9
FF - user.js: extensions.incredibar_i.instlDay - 15489
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.140:23
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQyTeVRnk
FF - user.js: extensions.incredibar_i.upn2n - 92542970437908018
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 20%5F5
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-27 09:35
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wffezdnah]
"ServiceDll"="c:\windows\system32\haqqe.dll"
.
Completion time: 2012-06-27 09:37:50
ComboFix-quarantined-files.txt 2012-06-27 06:37
.
Pre-Run: 5,322,088,448 bytes free
Post-Run: 5,723,017,216 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A6C883B0E6BE6305D2E314D098350EEC

 

[Bobbye]

The CK Scanner link is good and the program runs. Please try it again.

 

[sidewaysfcs07]

I can't , tried with both internet explorer and mozilla firefox, im getting the "this page cannot be displayed / server not found" message , wich is also what I get if I try to acces antivirus sites

 

[Bobbye]

Okay, you can run the following first:

• Download the file TDSSKiller.zip and save to the desktop.
  (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
• Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
• Double click on TDSSKiller.exe. to run the scan
• When the scan is over, the utility outputs a list of detected objects with description.
  The utility automatically selects an action (Cure or Delete) for malicious objects.
  The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
• Select the action Quarantine to quarantine detected objects.
  The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
• After clicking Next, the utility applies selected actions and outputs the result.
• A reboot is required after disinfection.

====================================
Follow with this:
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

File::
c:\program files\Web Assistant\ExtensionUpdaterService.exe
Folder::
c:\program files\Optimizer Pro
c:\program files\Web Assistant
c:\documents and settings\All Users\Application Data\ADDICT-THING
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4914:TCP"=-
 
Clearjavacache::
 
Driver::
Web Assistant Updater

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
==========================================
Please leave TDSSKiller log and new Combofix log (after running the script) in next reply

 

[Bobbye]

You can handle this when you finish with the TDSSKiller and Combofix scans:

To remove MyStart.incredibar> Sign on to the Administrative Account.
IF you use Incredimail itself: ****NOTE:Uninstall what you now have> re-downloaded. For the reinstall choose the custom installation feature and unclick the 'mystart search engine' and 'home page feature]****
-----------------
After the uninstall: > Open Firefox> type about:config in the location (Address) bar> Enter
If you get a Warning, cleck 'continue' or 'I know what I'm doing'
In the Filter box at the top of the about:config page type mystart.

Preferences that have been modified show as bold (user set).
Preferences can be reset to the default via the right-click context menu if they are user set
Preferences can be changed via the right-click context menu: Modify (String or Integer) or Toggle (Boolean)

Reset all mystart related prefs that appear bold (user set) using a right click via the right-click context menu to their default values.

Mystart.incredibar.com(http://www.Mystart.incredibar.com) is a low quality search web that acts as a web browser hijacker virus to harm computer users. No matter what you type to the search bar of Mystart.incredibar.com, you'll be redirected to a list of links which are helpless at all

 

[sidewaysfcs07]

22:23:08.0468 3012 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
22:23:08.0468 3012 ============================================================
22:23:08.0468 3012 Current date / time: 2012/06/27 22:23:08.0468
22:23:08.0468 3012 SystemInfo:
22:23:08.0468 3012
22:23:08.0468 3012 OS Version: 5.1.2600 ServicePack: 2.0
22:23:08.0468 3012 Product type: Workstation
22:23:08.0468 3012 ComputerName: SIDEWAYS-820672
22:23:08.0468 3012 UserName: bau bau
22:23:08.0468 3012 Windows directory: C:\WINDOWS
22:23:08.0468 3012 System windows directory: C:\WINDOWS
22:23:08.0468 3012 Processor architecture: Intel x86
22:23:08.0468 3012 Number of processors: 2
22:23:08.0468 3012 Page size: 0x1000
22:23:08.0468 3012 Boot type: Normal boot
22:23:08.0468 3012 ============================================================
22:23:09.0734 3012 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:23:09.0734 3012 ============================================================
22:23:09.0734 3012 \Device\Harddisk0\DR0:
22:23:09.0734 3012 MBR partitions:
22:23:09.0734 3012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D4EFFA
22:23:09.0750 3012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4F078, BlocksNum 0x1D4EFFA
22:23:09.0765 3012 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A9E0B1, BlocksNum 0x77BB588
22:23:09.0781 3012 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xB259678, BlocksNum 0x77BF449
22:23:09.0781 3012 ============================================================
22:23:09.0796 3012 C: <-> \Device\Harddisk0\DR0\Partition0
22:23:09.0890 3012 D: <-> \Device\Harddisk0\DR0\Partition1
22:23:09.0953 3012 E: <-> \Device\Harddisk0\DR0\Partition2
22:23:10.0015 3012 F: <-> \Device\Harddisk0\DR0\Partition3
22:23:10.0015 3012 ============================================================
22:23:10.0015 3012 Initialize success
22:23:10.0015 3012 ============================================================
22:23:25.0375 2888 ============================================================
22:23:25.0375 2888 Scan started
22:23:25.0375 2888 Mode: Manual;
22:23:25.0375 2888 ============================================================
22:23:26.0046 2888 Abiosdsk - ok
22:23:26.0046 2888 abp480n5 - ok
22:23:26.0093 2888 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:23:26.0109 2888 ACPI - ok
22:23:26.0125 2888 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:23:26.0125 2888 ACPIEC - ok
22:23:26.0125 2888 adpu160m - ok
22:23:26.0156 2888 aeaudio (6803453f3ff53cf353cdbef5ffaa8b7e) C:\WINDOWS\system32\drivers\aeaudio.sys
22:23:26.0156 2888 aeaudio - ok
22:23:26.0203 2888 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
22:23:26.0203 2888 aec - ok
22:23:26.0234 2888 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
22:23:26.0265 2888 AFD - ok
22:23:26.0265 2888 Aha154x - ok
22:23:26.0281 2888 aic78u2 - ok
22:23:26.0281 2888 aic78xx - ok
22:23:26.0312 2888 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
22:23:26.0328 2888 Alerter - ok
22:23:26.0343 2888 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
22:23:26.0343 2888 ALG - ok
22:23:26.0343 2888 AliIde - ok
22:23:26.0343 2888 amsint - ok
22:23:26.0390 2888 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
22:23:26.0437 2888 AppMgmt - ok
22:23:26.0437 2888 asc - ok
22:23:26.0453 2888 asc3350p - ok
22:23:26.0453 2888 asc3550 - ok
22:23:26.0531 2888 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:23:26.0546 2888 aspnet_state - ok
22:23:26.0562 2888 asuskbnt (f984f8bba45745e77ee0fc8a425bd417) C:\WINDOWS\system32\drivers\atkkbnt.sys
22:23:26.0578 2888 asuskbnt - ok
22:23:26.0593 2888 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:23:26.0593 2888 AsyncMac - ok
22:23:26.0593 2888 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:23:26.0593 2888 atapi - ok
22:23:26.0609 2888 Atdisk - ok
22:23:26.0625 2888 ATKKeyboardService (c1bed871e20b9f0dd2a7de73e94bf9cb) C:\WINDOWS\ATKKBService.exe
22:23:26.0625 2888 ATKKeyboardService - ok
22:23:26.0640 2888 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:23:26.0640 2888 Atmarpc - ok
22:23:26.0656 2888 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
22:23:26.0656 2888 AudioSrv - ok
22:23:26.0687 2888 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:23:26.0687 2888 audstub - ok
22:23:26.0718 2888 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:23:26.0718 2888 Beep - ok
22:23:26.0796 2888 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
22:23:26.0859 2888 BITS - ok
22:23:26.0875 2888 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
22:23:26.0875 2888 Browser - ok
22:23:26.0968 2888 catchme - ok
22:23:27.0000 2888 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:23:27.0000 2888 cbidf2k - ok
22:23:27.0000 2888 cd20xrnt - ok
22:23:27.0015 2888 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:23:27.0015 2888 Cdaudio - ok
22:23:27.0046 2888 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
22:23:27.0046 2888 Cdfs - ok
22:23:27.0062 2888 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:23:27.0062 2888 Cdrom - ok
22:23:27.0078 2888 Changer - ok
22:23:27.0125 2888 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
22:23:27.0125 2888 CiSvc - ok
22:23:27.0140 2888 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
22:23:27.0140 2888 ClipSrv - ok
22:23:27.0171 2888 clr_optimization_v2.0.50727_32 (234b1bc2796483e1f5c3f26649fb3388) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:23:27.0187 2888 clr_optimization_v2.0.50727_32 - ok
22:23:27.0203 2888 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:23:27.0281 2888 clr_optimization_v4.0.30319_32 - ok
22:23:27.0296 2888 CmdIde - ok
22:23:27.0296 2888 COMSysApp - ok
22:23:27.0312 2888 Cpqarray - ok
22:23:27.0328 2888 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
22:23:27.0328 2888 CryptSvc - ok
22:23:27.0343 2888 dac2w2k - ok
22:23:27.0343 2888 dac960nt - ok
22:23:27.0375 2888 DcomLaunch (5c83a4408604f737717ab96371201680) C:\WINDOWS\system32\rpcss.dll
22:23:27.0390 2888 DcomLaunch - ok
22:23:27.0406 2888 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
22:23:27.0406 2888 Dhcp - ok
22:23:27.0453 2888 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
22:23:27.0453 2888 Disk - ok
22:23:27.0453 2888 dmadmin - ok
22:23:27.0546 2888 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
22:23:27.0578 2888 dmboot - ok
22:23:27.0593 2888 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
22:23:27.0609 2888 dmio - ok
22:23:27.0609 2888 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:23:27.0609 2888 dmload - ok
22:23:27.0640 2888 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
22:23:27.0640 2888 dmserver - ok
22:23:27.0671 2888 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
22:23:27.0671 2888 DMusic - ok
22:23:27.0671 2888 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
22:23:27.0687 2888 Dnscache - ok
22:23:27.0687 2888 dpti2o - ok
22:23:27.0703 2888 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
22:23:27.0718 2888 drmkaud - ok
22:23:27.0718 2888 EIO (59d74c7b787aa3dda0948986403cea55) C:\WINDOWS\system32\drivers\EIO.sys
22:23:27.0734 2888 EIO - ok
22:23:27.0750 2888 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
22:23:27.0750 2888 ERSvc - ok
22:23:27.0765 2888 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
22:23:27.0781 2888 Eventlog - ok
22:23:27.0796 2888 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS\system32\es.dll
22:23:27.0859 2888 EventSystem - ok
22:23:27.0875 2888 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
22:23:27.0890 2888 Fastfat - ok
22:23:27.0906 2888 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
22:23:27.0921 2888 FastUserSwitchingCompatibility - ok
22:23:27.0937 2888 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:23:27.0937 2888 Fdc - ok
22:23:27.0953 2888 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
22:23:27.0953 2888 Fips - ok
22:23:27.0984 2888 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:23:28.0000 2888 Flpydisk - ok
22:23:28.0015 2888 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:23:28.0015 2888 FltMgr - ok
22:23:28.0078 2888 FontCache3.0.0.0 (993883524aa9cf1c90e1545411a9ac9c) C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:23:28.0078 2888 FontCache3.0.0.0 - ok
22:23:28.0109 2888 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:23:28.0109 2888 Fs_Rec - ok
22:23:28.0125 2888 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:23:28.0125 2888 Ftdisk - ok
22:23:28.0140 2888 GMSIPCI - ok
22:23:28.0171 2888 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:23:28.0171 2888 Gpc - ok
22:23:28.0234 2888 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:23:28.0250 2888 gupdate - ok
22:23:28.0250 2888 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:23:28.0250 2888 gupdatem - ok
22:23:28.0281 2888 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:23:28.0281 2888 helpsvc - ok
22:23:28.0296 2888 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
22:23:28.0312 2888 HidServ - ok
22:23:28.0312 2888 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:23:28.0328 2888 HidUsb - ok
22:23:28.0328 2888 hpn - ok
22:23:28.0562 2888 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
22:23:28.0578 2888 HTTP - ok
22:23:28.0593 2888 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
22:23:28.0593 2888 HTTPFilter - ok
22:23:28.0609 2888 i2omgmt - ok
22:23:28.0609 2888 i2omp - ok
22:23:28.0625 2888 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:23:28.0640 2888 i8042prt - ok
22:23:28.0656 2888 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:23:28.0671 2888 IDriverT - ok
22:23:28.0734 2888 idsvc (e7cc3aeaed9893a88876744cd439f76c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:23:28.0765 2888 idsvc - ok
22:23:28.0781 2888 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:23:28.0781 2888 Imapi - ok
22:23:28.0843 2888 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
22:23:28.0843 2888 ImapiService - ok
22:23:28.0843 2888 ini910u - ok
22:23:28.0875 2888 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:23:28.0875 2888 IntelIde - ok
22:23:28.0875 2888 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:23:28.0890 2888 intelppm - ok
22:23:28.0890 2888 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:23:28.0890 2888 Ip6Fw - ok
22:23:28.0921 2888 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:23:28.0921 2888 IpFilterDriver - ok
22:23:28.0937 2888 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:23:28.0937 2888 IpInIp - ok
22:23:28.0953 2888 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:23:28.0953 2888 IpNat - ok
22:23:28.0984 2888 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:23:28.0984 2888 IPSec - ok
22:23:29.0000 2888 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:23:29.0000 2888 IRENUM - ok
22:23:29.0109 2888 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:23:29.0109 2888 isapnp - ok
22:23:29.0187 2888 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
22:23:29.0218 2888 JavaQuickStarterService - ok
22:23:29.0234 2888 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:23:29.0234 2888 Kbdclass - ok
22:23:29.0250 2888 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:23:29.0250 2888 kbdhid - ok
22:23:29.0296 2888 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
22:23:29.0359 2888 kmixer - ok
22:23:29.0375 2888 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
22:23:29.0375 2888 KSecDD - ok
22:23:29.0406 2888 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll
22:23:29.0406 2888 lanmanserver - ok
22:23:29.0437 2888 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS\System32\wkssvc.dll
22:23:29.0453 2888 lanmanworkstation - ok
22:23:29.0468 2888 lbrtfdc - ok
22:23:29.0500 2888 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
22:23:29.0500 2888 LmHosts - ok
22:23:29.0515 2888 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
22:23:29.0531 2888 Messenger - ok
22:23:29.0562 2888 MidiSyn (8c7d037a53b495e7c250fd70b158b581) C:\WINDOWS\system32\drivers\MidiSyn.sys
22:23:29.0562 2888 MidiSyn - ok
22:23:29.0593 2888 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:23:29.0593 2888 mnmdd - ok
22:23:29.0625 2888 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
22:23:29.0625 2888 mnmsrvc - ok
22:23:29.0640 2888 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
22:23:29.0640 2888 Modem - ok
22:23:29.0656 2888 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:23:29.0656 2888 Mouclass - ok
22:23:29.0671 2888 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:23:29.0671 2888 mouhid - ok
22:23:29.0687 2888 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
22:23:29.0687 2888 MountMgr - ok
22:23:29.0734 2888 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:23:29.0734 2888 MozillaMaintenance - ok
22:23:29.0750 2888 mraid35x - ok
22:23:29.0781 2888 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:23:29.0796 2888 MRxDAV - ok
22:23:29.0843 2888 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:23:29.0890 2888 MRxSmb - ok
22:23:29.0968 2888 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
22:23:29.0968 2888 MSDTC - ok
22:23:29.0984 2888 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
22:23:29.0984 2888 Msfs - ok
22:23:29.0984 2888 MSICPL - ok
22:23:30.0000 2888 MSIServer - ok
22:23:30.0015 2888 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:23:30.0015 2888 MSKSSRV - ok
22:23:30.0031 2888 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:23:30.0031 2888 MSPCLOCK - ok
22:23:30.0031 2888 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
22:23:30.0031 2888 MSPQM - ok
22:23:30.0062 2888 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:23:30.0062 2888 mssmbios - ok
22:23:30.0078 2888 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
22:23:30.0093 2888 Mup - ok
22:23:30.0187 2888 NBService (8e2e283a8ae9fa4e616327fe9ced2ab4) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
22:23:30.0203 2888 NBService - ok
22:23:30.0218 2888 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
22:23:30.0218 2888 NDIS - ok
22:23:30.0250 2888 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:23:30.0250 2888 NdisTapi - ok
22:23:30.0265 2888 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:23:30.0265 2888 Ndisuio - ok
22:23:30.0296 2888 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:23:30.0296 2888 NdisWan - ok
22:23:30.0312 2888 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
22:23:30.0312 2888 NDProxy - ok
22:23:30.0312 2888 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:23:30.0312 2888 NetBIOS - ok
22:23:30.0343 2888 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:23:30.0359 2888 NetBT - ok
22:23:30.0375 2888 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
22:23:30.0375 2888 NetDDE - ok
22:23:30.0390 2888 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
22:23:30.0390 2888 NetDDEdsdm - ok
22:23:30.0406 2888 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:23:30.0406 2888 Netlogon - ok
22:23:30.0453 2888 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
22:23:30.0468 2888 Netman - ok
22:23:30.0531 2888 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:23:30.0546 2888 NetTcpPortSharing - ok
22:23:30.0562 2888 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS\System32\mswsock.dll
22:23:30.0578 2888 Nla - ok
22:23:30.0578 2888 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
22:23:30.0593 2888 Npfs - ok
22:23:30.0593 2888 NTACCESS - ok
22:23:30.0640 2888 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
22:23:30.0843 2888 Ntfs - ok
22:23:30.0859 2888 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:23:30.0859 2888 NtLmSsp - ok
22:23:30.0890 2888 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
22:23:30.0921 2888 NtmsSvc - ok
22:23:30.0921 2888 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:23:30.0937 2888 Null - ok
22:23:31.0515 2888 nv (5a72584c700298e82a0342dc4bb38892) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:23:31.0906 2888 nv - ok
22:23:31.0984 2888 NVSvc (ef895a872f11ac584413f6baea2ddb50) C:\WINDOWS\system32\nvsvc32.exe
22:23:32.0031 2888 NVSvc - ok
22:23:32.0062 2888 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:23:32.0062 2888 NwlnkFlt - ok
22:23:32.0062 2888 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:23:32.0078 2888 NwlnkFwd - ok
22:23:32.0109 2888 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:23:32.0109 2888 ose - ok
22:23:32.0171 2888 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
22:23:32.0187 2888 Parport - ok
22:23:32.0203 2888 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
22:23:32.0203 2888 PartMgr - ok
22:23:32.0218 2888 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:23:32.0218 2888 ParVdm - ok
22:23:32.0234 2888 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
22:23:32.0250 2888 PCI - ok
22:23:32.0250 2888 PCIDump - ok
22:23:32.0250 2888 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:23:32.0250 2888 PCIIde - ok
22:23:32.0296 2888 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:23:32.0296 2888 Pcmcia - ok
22:23:32.0328 2888 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\pcouffin.sys
22:23:32.0328 2888 pcouffin - ok
22:23:32.0343 2888 PDCOMP - ok
22:23:32.0343 2888 PDFRAME - ok
22:23:32.0359 2888 PDRELI - ok
22:23:32.0359 2888 PDRFRAME - ok
22:23:32.0359 2888 perc2 - ok
22:23:32.0375 2888 perc2hib - ok
22:23:32.0406 2888 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
22:23:32.0406 2888 PlugPlay - ok
22:23:32.0437 2888 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:23:32.0453 2888 PolicyAgent - ok
22:23:32.0468 2888 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:23:32.0468 2888 PptpMiniport - ok
22:23:32.0468 2888 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:23:32.0468 2888 ProtectedStorage - ok
22:23:32.0484 2888 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
22:23:32.0484 2888 PSched - ok
22:23:32.0484 2888 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:23:32.0484 2888 Ptilink - ok
22:23:32.0515 2888 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:23:32.0515 2888 PxHelp20 - ok
22:23:32.0515 2888 ql1080 - ok
22:23:32.0515 2888 Ql10wnt - ok
22:23:32.0531 2888 ql12160 - ok
22:23:32.0531 2888 ql1240 - ok
22:23:32.0546 2888 ql1280 - ok
22:23:32.0562 2888 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:23:32.0562 2888 RasAcd - ok
22:23:32.0578 2888 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
22:23:32.0578 2888 RasAuto - ok
22:23:32.0593 2888 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:23:32.0593 2888 Rasl2tp - ok
22:23:32.0609 2888 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
22:23:32.0640 2888 RasMan - ok
22:23:32.0656 2888 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:23:32.0656 2888 RasPppoe - ok
22:23:32.0671 2888 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:23:32.0671 2888 Raspti - ok
22:23:32.0703 2888 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:23:32.0734 2888 Rdbss - ok
22:23:32.0750 2888 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:23:32.0750 2888 RDPCDD - ok
22:23:32.0781 2888 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:23:32.0781 2888 rdpdr - ok
22:23:32.0796 2888 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
22:23:32.0843 2888 RDPWD - ok
22:23:32.0859 2888 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
22:23:32.0875 2888 RDSessMgr - ok
22:23:32.0890 2888 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:23:32.0890 2888 redbook - ok
22:23:32.0921 2888 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
22:23:32.0921 2888 RemoteAccess - ok
22:23:32.0937 2888 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
22:23:32.0953 2888 RemoteRegistry - ok
22:23:32.0968 2888 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
22:23:32.0984 2888 RpcLocator - ok
22:23:33.0015 2888 RpcSs (5c83a4408604f737717ab96371201680) C:\WINDOWS\System32\rpcss.dll
22:23:33.0015 2888 RpcSs - ok
22:23:33.0062 2888 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:23:33.0062 2888 RSVP - ok
22:23:33.0093 2888 RTL8023xp (1e11171c0b9989e1bdaa59e96b2e81c4) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
22:23:33.0093 2888 RTL8023xp - ok
22:23:33.0109 2888 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:23:33.0109 2888 SamSs - ok
22:23:33.0125 2888 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
22:23:33.0156 2888 SCardSvr - ok
22:23:33.0312 2888 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
22:23:33.0328 2888 Schedule - ok
22:23:33.0343 2888 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:23:33.0343 2888 Secdrv - ok
22:23:33.0359 2888 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
22:23:33.0359 2888 seclogon - ok
22:23:33.0406 2888 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\WINDOWS\system32\drivers\senfilt.sys
22:23:33.0421 2888 senfilt - ok
22:23:33.0453 2888 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
22:23:33.0453 2888 SENS - ok
22:23:33.0468 2888 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:23:33.0468 2888 serenum - ok
22:23:33.0484 2888 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
22:23:33.0484 2888 Serial - ok
22:23:33.0546 2888 SetupNTGLM7X - ok
22:23:33.0578 2888 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:23:33.0578 2888 Sfloppy - ok
22:23:33.0609 2888 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
22:23:33.0671 2888 SharedAccess - ok
22:23:33.0703 2888 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
22:23:33.0703 2888 ShellHWDetection - ok
22:23:33.0703 2888 Simbad - ok
22:23:33.0750 2888 smwdm (db74141bbcbe8f22acfb53215e8af0d1) C:\WINDOWS\system32\drivers\smwdm.sys
22:23:33.0750 2888 smwdm - ok
22:23:33.0812 2888 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
22:23:33.0812 2888 SoundMAX Agent Service (default) - ok
22:23:33.0828 2888 Sparrow - ok
22:23:33.0859 2888 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
22:23:33.0859 2888 splitter - ok
22:23:33.0875 2888 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
22:23:33.0875 2888 Spooler - ok
22:23:33.0921 2888 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\system32\Drivers\sptd.sys
22:23:33.0921 2888 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4f576e516cc76ec50a244586bcfa1c78
22:23:33.0921 2888 sptd ( LockedFile.Multi.Generic ) - warning
22:23:33.0921 2888 sptd - detected LockedFile.Multi.Generic (1)
22:23:33.0953 2888 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
22:23:33.0953 2888 sr - ok
22:23:33.0984 2888 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
22:23:34.0000 2888 srservice - ok
22:23:34.0031 2888 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
22:23:34.0046 2888 Srv - ok
22:23:34.0062 2888 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
22:23:34.0078 2888 SSDPSRV - ok
22:23:34.0078 2888 Steam Client Service - ok
22:23:34.0125 2888 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
22:23:34.0187 2888 stisvc - ok
22:23:34.0187 2888 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:23:34.0187 2888 swenum - ok
22:23:34.0218 2888 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
22:23:34.0218 2888 swmidi - ok
22:23:34.0234 2888 SwPrv - ok
22:23:34.0234 2888 symc810 - ok
22:23:34.0250 2888 symc8xx - ok
22:23:34.0250 2888 sym_hi - ok
22:23:34.0265 2888 sym_u3 - ok
22:23:34.0281 2888 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
22:23:34.0281 2888 sysaudio - ok
22:23:34.0312 2888 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
22:23:34.0328 2888 SysmonLog - ok
22:23:34.0343 2888 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
22:23:34.0390 2888 TapiSrv - ok
22:23:34.0437 2888 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:23:34.0484 2888 Tcpip - ok
22:23:34.0500 2888 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:23:34.0500 2888 TDPIPE - ok
22:23:34.0515 2888 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
22:23:34.0515 2888 TDTCP - ok
22:23:34.0531 2888 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:23:34.0531 2888 TermDD - ok
22:23:34.0562 2888 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
22:23:34.0578 2888 TermService - ok
22:23:34.0609 2888 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
22:23:34.0609 2888 Themes - ok
22:23:34.0640 2888 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
22:23:34.0640 2888 TlntSvr - ok
22:23:34.0640 2888 TosIde - ok
22:23:34.0671 2888 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
22:23:34.0687 2888 TrkWks - ok
22:23:34.0703 2888 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
22:23:34.0703 2888 Udfs - ok
22:23:34.0718 2888 ultra - ok
22:23:34.0734 2888 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
22:23:34.0750 2888 UMWdf - ok
22:23:34.0765 2888 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
22:23:34.0765 2888 Update - ok
22:23:34.0796 2888 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
22:23:34.0828 2888 upnphost - ok
22:23:34.0843 2888 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
22:23:34.0859 2888 UPS - ok
22:23:34.0890 2888 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:23:34.0890 2888 usbccgp - ok
22:23:34.0984 2888 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:23:35.0015 2888 usbehci - ok
22:23:35.0031 2888 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:23:35.0031 2888 usbhub - ok
22:23:35.0046 2888 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:23:35.0062 2888 usbprint - ok
22:23:35.0078 2888 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:23:35.0078 2888 USBSTOR - ok
22:23:35.0109 2888 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:23:35.0109 2888 usbuhci - ok
22:23:35.0140 2888 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
22:23:35.0140 2888 VgaSave - ok
22:23:35.0140 2888 ViaIde - ok
22:23:35.0171 2888 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
22:23:35.0171 2888 VolSnap - ok
22:23:35.0203 2888 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
22:23:35.0218 2888 VSS - ok
22:23:35.0250 2888 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
22:23:35.0281 2888 W32Time - ok
22:23:35.0296 2888 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:23:35.0312 2888 Wanarp - ok
22:23:35.0312 2888 WDICA - ok
22:23:35.0343 2888 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
22:23:35.0343 2888 wdmaud - ok
22:23:35.0390 2888 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll

 

[sidewaysfcs07]

22:23:35.0390 2888 WebClient - ok
22:23:35.0390 2888 Suspicious service (NoAccess): wffezdnah
22:23:35.0437 2888 wffezdnah (574cf0062911c8c4eca2156187b8207d) C:\WINDOWS\system32\haqqe.dll
22:23:35.0437 2888 Suspicious file (NoAccess): C:\WINDOWS\system32\haqqe.dll. md5: 574cf0062911c8c4eca2156187b8207d
22:23:35.0437 2888 wffezdnah ( LockedService.Multi.Generic ) - warning
22:23:35.0437 2888 wffezdnah - detected LockedService.Multi.Generic (1)
22:23:35.0500 2888 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:23:35.0531 2888 winmgmt - ok
22:23:35.0578 2888 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
22:23:35.0578 2888 WmdmPmSN - ok
22:23:35.0625 2888 Wmi (1aff244ca134956c54474f4e2433e4ce) C:\WINDOWS\System32\advapi32.dll
22:23:35.0640 2888 Wmi - ok
22:23:35.0671 2888 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:23:35.0703 2888 WmiApSrv - ok
22:23:35.0890 2888 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:23:35.0953 2888 WPFFontCache_v0400 - ok
22:23:35.0984 2888 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:23:36.0000 2888 WS2IFSL - ok
22:23:36.0015 2888 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
22:23:36.0015 2888 wscsvc - ok
22:23:36.0046 2888 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
22:23:36.0062 2888 wuauserv - ok
22:23:36.0109 2888 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
22:23:36.0125 2888 WZCSVC - ok
22:23:36.0156 2888 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
22:23:36.0171 2888 xmlprov - ok
22:23:36.0437 2888 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:23:36.0484 2888 YahooAUService - ok
22:23:36.0515 2888 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\CyberLink\PowerDVD8\000.fcl
22:23:36.0515 2888 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
22:23:36.0531 2888 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:23:36.0984 2888 \Device\Harddisk0\DR0 - ok
22:23:37.0000 2888 Boot (0x1200) (847e84c43dbdbab01114456015c0a792) \Device\Harddisk0\DR0\Partition0
22:23:37.0000 2888 \Device\Harddisk0\DR0\Partition0 - ok
22:23:37.0015 2888 Boot (0x1200) (314b1e3b8dc642ab55f041cd6469315e) \Device\Harddisk0\DR0\Partition1
22:23:37.0015 2888 \Device\Harddisk0\DR0\Partition1 - ok
22:23:37.0031 2888 Boot (0x1200) (4a0ee531cd47e1b89a0fa7472af9d477) \Device\Harddisk0\DR0\Partition2
22:23:37.0031 2888 \Device\Harddisk0\DR0\Partition2 - ok
22:23:37.0046 2888 Boot (0x1200) (a7c1a2f25558245d9b0f1d89ac09cb0b) \Device\Harddisk0\DR0\Partition3
22:23:37.0046 2888 \Device\Harddisk0\DR0\Partition3 - ok
22:23:37.0046 2888 ============================================================
22:23:37.0046 2888 Scan finished
22:23:37.0046 2888 ============================================================
22:23:37.0062 2836 Detected object count: 2
22:23:37.0062 2836 Actual detected object count: 2
22:24:13.0609 2836 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
22:24:13.0609 2836 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
22:24:13.0656 2836 C:\WINDOWS\system32\haqqe.dll - copied to quarantine
22:24:13.0656 2836 wffezdnah ( LockedService.Multi.Generic ) - User select action: Quarantine
22:24:52.0375 3608 ============================================================
22:24:52.0375 3608 Scan started
22:24:52.0375 3608 Mode: Manual;
22:24:52.0375 3608 ============================================================
22:24:52.0640 3608 Abiosdsk - ok
22:24:52.0656 3608 abp480n5 - ok
22:24:52.0687 3608 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:24:52.0687 3608 ACPI - ok
22:24:52.0703 3608 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:24:52.0703 3608 ACPIEC - ok
22:24:52.0718 3608 adpu160m - ok
22:24:52.0734 3608 aeaudio (6803453f3ff53cf353cdbef5ffaa8b7e) C:\WINDOWS\system32\drivers\aeaudio.sys
22:24:52.0750 3608 aeaudio - ok
22:24:52.0765 3608 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
22:24:52.0765 3608 aec - ok
22:24:52.0796 3608 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
22:24:52.0812 3608 AFD - ok
22:24:52.0812 3608 Aha154x - ok
22:24:52.0812 3608 aic78u2 - ok
22:24:52.0828 3608 aic78xx - ok
22:24:52.0859 3608 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
22:24:52.0859 3608 Alerter - ok
22:24:52.0890 3608 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
22:24:52.0890 3608 ALG - ok
22:24:52.0890 3608 AliIde - ok
22:24:52.0906 3608 amsint - ok
22:24:52.0953 3608 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
22:24:52.0953 3608 AppMgmt - ok
22:24:52.0953 3608 asc - ok
22:24:52.0968 3608 asc3350p - ok
22:24:52.0968 3608 asc3550 - ok
22:24:53.0046 3608 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:24:53.0046 3608 aspnet_state - ok
22:24:53.0078 3608 asuskbnt (f984f8bba45745e77ee0fc8a425bd417) C:\WINDOWS\system32\drivers\atkkbnt.sys
22:24:53.0078 3608 asuskbnt - ok
22:24:53.0093 3608 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:24:53.0093 3608 AsyncMac - ok
22:24:53.0109 3608 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:24:53.0109 3608 atapi - ok
22:24:53.0109 3608 Atdisk - ok
22:24:53.0140 3608 ATKKeyboardService (c1bed871e20b9f0dd2a7de73e94bf9cb) C:\WINDOWS\ATKKBService.exe
22:24:53.0140 3608 ATKKeyboardService - ok
22:24:53.0140 3608 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:24:53.0140 3608 Atmarpc - ok
22:24:53.0171 3608 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
22:24:53.0171 3608 AudioSrv - ok
22:24:53.0203 3608 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:24:53.0203 3608 audstub - ok
22:24:53.0218 3608 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:24:53.0218 3608 Beep - ok
22:24:53.0265 3608 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
22:24:53.0265 3608 BITS - ok
22:24:53.0281 3608 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
22:24:53.0281 3608 Browser - ok
22:24:53.0359 3608 catchme - ok
22:24:53.0390 3608 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:24:53.0390 3608 cbidf2k - ok
22:24:53.0390 3608 cd20xrnt - ok
22:24:53.0468 3608 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:24:53.0468 3608 Cdaudio - ok
22:24:53.0562 3608 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
22:24:53.0562 3608 Cdfs - ok
22:24:53.0593 3608 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:24:53.0593 3608 Cdrom - ok
22:24:53.0593 3608 Changer - ok
22:24:53.0625 3608 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
22:24:53.0625 3608 CiSvc - ok
22:24:53.0640 3608 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
22:24:53.0640 3608 ClipSrv - ok
22:24:53.0687 3608 clr_optimization_v2.0.50727_32 (234b1bc2796483e1f5c3f26649fb3388) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:24:53.0687 3608 clr_optimization_v2.0.50727_32 - ok
22:24:53.0718 3608 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:24:53.0718 3608 clr_optimization_v4.0.30319_32 - ok
22:24:53.0718 3608 CmdIde - ok
22:24:53.0734 3608 COMSysApp - ok
22:24:53.0750 3608 Cpqarray - ok
22:24:53.0781 3608 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
22:24:53.0781 3608 CryptSvc - ok
22:24:53.0781 3608 dac2w2k - ok
22:24:53.0781 3608 dac960nt - ok
22:24:53.0828 3608 DcomLaunch (5c83a4408604f737717ab96371201680) C:\WINDOWS\system32\rpcss.dll
22:24:53.0828 3608 DcomLaunch - ok
22:24:53.0843 3608 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
22:24:53.0843 3608 Dhcp - ok
22:24:53.0859 3608 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
22:24:53.0859 3608 Disk - ok
22:24:53.0875 3608 dmadmin - ok
22:24:53.0921 3608 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
22:24:53.0921 3608 dmboot - ok
22:24:53.0937 3608 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
22:24:53.0937 3608 dmio - ok
22:24:53.0968 3608 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:24:53.0968 3608 dmload - ok
22:24:53.0984 3608 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
22:24:53.0984 3608 dmserver - ok
22:24:54.0015 3608 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
22:24:54.0015 3608 DMusic - ok
22:24:54.0031 3608 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
22:24:54.0031 3608 Dnscache - ok
22:24:54.0031 3608 dpti2o - ok
22:24:54.0125 3608 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
22:24:54.0125 3608 drmkaud - ok
22:24:54.0140 3608 EIO (59d74c7b787aa3dda0948986403cea55) C:\WINDOWS\system32\drivers\EIO.sys
22:24:54.0140 3608 EIO - ok
22:24:54.0156 3608 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
22:24:54.0156 3608 ERSvc - ok
22:24:54.0187 3608 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
22:24:54.0187 3608 Eventlog - ok
22:24:54.0234 3608 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS\system32\es.dll
22:24:54.0234 3608 EventSystem - ok
22:24:54.0281 3608 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
22:24:54.0281 3608 Fastfat - ok
22:24:54.0312 3608 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
22:24:54.0312 3608 FastUserSwitchingCompatibility - ok
22:24:54.0343 3608 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:24:54.0343 3608 Fdc - ok
22:24:54.0375 3608 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
22:24:54.0375 3608 Fips - ok
22:24:54.0390 3608 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:24:54.0390 3608 Flpydisk - ok
22:24:54.0421 3608 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:24:54.0421 3608 FltMgr - ok
22:24:54.0500 3608 FontCache3.0.0.0 (993883524aa9cf1c90e1545411a9ac9c) C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:24:54.0500 3608 FontCache3.0.0.0 - ok
22:24:54.0531 3608 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:24:54.0531 3608 Fs_Rec - ok
22:24:54.0531 3608 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:24:54.0531 3608 Ftdisk - ok
22:24:54.0546 3608 GMSIPCI - ok
22:24:54.0578 3608 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:24:54.0578 3608 Gpc - ok
22:24:54.0640 3608 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:24:54.0640 3608 gupdate - ok
22:24:54.0656 3608 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:24:54.0656 3608 gupdatem - ok
22:24:54.0687 3608 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:24:54.0687 3608 helpsvc - ok
22:24:54.0765 3608 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
22:24:54.0765 3608 HidServ - ok
22:24:54.0812 3608 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:24:54.0812 3608 HidUsb - ok
22:24:54.0812 3608 hpn - ok
22:24:54.0875 3608 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
22:24:54.0875 3608 HTTP - ok
22:24:54.0890 3608 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
22:24:54.0890 3608 HTTPFilter - ok
22:24:54.0906 3608 i2omgmt - ok
22:24:54.0906 3608 i2omp - ok
22:24:54.0937 3608 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:24:54.0937 3608 i8042prt - ok
22:24:55.0015 3608 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:24:55.0015 3608 IDriverT - ok
22:24:55.0078 3608 idsvc (e7cc3aeaed9893a88876744cd439f76c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:24:55.0093 3608 idsvc - ok
22:24:55.0093 3608 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:24:55.0093 3608 Imapi - ok
22:24:55.0125 3608 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
22:24:55.0125 3608 ImapiService - ok
22:24:55.0140 3608 ini910u - ok
22:24:55.0156 3608 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:24:55.0156 3608 IntelIde - ok
22:24:55.0171 3608 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:24:55.0171 3608 intelppm - ok
22:24:55.0171 3608 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:24:55.0171 3608 Ip6Fw - ok
22:24:55.0203 3608 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:24:55.0203 3608 IpFilterDriver - ok
22:24:55.0203 3608 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:24:55.0203 3608 IpInIp - ok
22:24:55.0234 3608 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:24:55.0234 3608 IpNat - ok
22:24:55.0265 3608 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:24:55.0265 3608 IPSec - ok
22:24:55.0312 3608 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:24:55.0312 3608 IRENUM - ok
22:24:55.0359 3608 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:24:55.0359 3608 isapnp - ok
22:24:55.0437 3608 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
22:24:55.0437 3608 JavaQuickStarterService - ok
22:24:55.0437 3608 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:24:55.0437 3608 Kbdclass - ok
22:24:55.0468 3608 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:24:55.0468 3608 kbdhid - ok
22:24:55.0484 3608 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
22:24:55.0484 3608 kmixer - ok
22:24:55.0515 3608 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
22:24:55.0515 3608 KSecDD - ok
22:24:55.0546 3608 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll
22:24:55.0546 3608 lanmanserver - ok
22:24:55.0562 3608 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS\System32\wkssvc.dll
22:24:55.0562 3608 lanmanworkstation - ok
22:24:55.0562 3608 lbrtfdc - ok
22:24:55.0593 3608 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
22:24:55.0593 3608 LmHosts - ok
22:24:55.0609 3608 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
22:24:55.0609 3608 Messenger - ok
22:24:55.0625 3608 MidiSyn (8c7d037a53b495e7c250fd70b158b581) C:\WINDOWS\system32\drivers\MidiSyn.sys
22:24:55.0640 3608 MidiSyn - ok
22:24:55.0656 3608 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:24:55.0656 3608 mnmdd - ok
22:24:55.0671 3608 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
22:24:55.0687 3608 mnmsrvc - ok
22:24:55.0687 3608 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
22:24:55.0687 3608 Modem - ok
22:24:55.0703 3608 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:24:55.0703 3608 Mouclass - ok
22:24:55.0718 3608 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:24:55.0718 3608 mouhid - ok
22:24:55.0734 3608 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
22:24:55.0734 3608 MountMgr - ok
22:24:55.0828 3608 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:24:55.0828 3608 MozillaMaintenance - ok
22:24:55.0843 3608 mraid35x - ok
22:24:55.0859 3608 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:24:55.0859 3608 MRxDAV - ok
22:24:55.0890 3608 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:24:55.0890 3608 MRxSmb - ok
22:24:55.0921 3608 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
22:24:55.0921 3608 MSDTC - ok
22:24:55.0937 3608 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
22:24:55.0937 3608 Msfs - ok
22:24:55.0937 3608 MSICPL - ok
22:24:55.0937 3608 MSIServer - ok
22:24:55.0968 3608 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:24:55.0968 3608 MSKSSRV - ok
22:24:55.0984 3608 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:24:55.0984 3608 MSPCLOCK - ok
22:24:56.0000 3608 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
22:24:56.0000 3608 MSPQM - ok
22:24:56.0015 3608 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:24:56.0015 3608 mssmbios - ok
22:24:56.0031 3608 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
22:24:56.0031 3608 Mup - ok
22:24:56.0140 3608 NBService (8e2e283a8ae9fa4e616327fe9ced2ab4) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
22:24:56.0140 3608 NBService - ok
22:24:56.0156 3608 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
22:24:56.0156 3608 NDIS - ok
22:24:56.0171 3608 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:24:56.0171 3608 NdisTapi - ok
22:24:56.0187 3608 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:24:56.0187 3608 Ndisuio - ok
22:24:56.0359 3608 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:24:56.0359 3608 NdisWan - ok
22:24:56.0359 3608 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
22:24:56.0359 3608 NDProxy - ok
22:24:56.0375 3608 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:24:56.0375 3608 NetBIOS - ok
22:24:56.0390 3608 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:24:56.0406 3608 NetBT - ok
22:24:56.0421 3608 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
22:24:56.0421 3608 NetDDE - ok
22:24:56.0421 3608 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
22:24:56.0421 3608 NetDDEdsdm - ok
22:24:56.0484 3608 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:24:56.0484 3608 Netlogon - ok
22:24:56.0515 3608 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
22:24:56.0515 3608 Netman - ok
22:24:56.0593 3608 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:24:56.0593 3608 NetTcpPortSharing - ok
22:24:56.0640 3608 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS\System32\mswsock.dll
22:24:56.0640 3608 Nla - ok
22:24:56.0671 3608 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
22:24:56.0671 3608 Npfs - ok
22:24:56.0671 3608 NTACCESS - ok
22:24:56.0734 3608 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
22:24:56.0734 3608 Ntfs - ok
22:24:56.0734 3608 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:24:56.0734 3608 NtLmSsp - ok
22:24:56.0781 3608 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
22:24:56.0781 3608 NtmsSvc - ok
22:24:56.0796 3608 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:24:56.0796 3608 Null - ok
22:24:57.0281 3608 nv (5a72584c700298e82a0342dc4bb38892) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:24:57.0359 3608 nv - ok
22:24:57.0468 3608 NVSvc (ef895a872f11ac584413f6baea2ddb50) C:\WINDOWS\system32\nvsvc32.exe
22:24:57.0484 3608 NVSvc - ok
22:24:57.0531 3608 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:24:57.0531 3608 NwlnkFlt - ok
22:24:57.0531 3608 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:24:57.0531 3608 NwlnkFwd - ok
22:24:57.0578 3608 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:24:57.0578 3608 ose - ok
22:24:57.0687 3608 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
22:24:57.0687 3608 Parport - ok
22:24:57.0703 3608 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
22:24:57.0703 3608 PartMgr - ok
22:24:57.0718 3608 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:24:57.0718 3608 ParVdm - ok
22:24:57.0734 3608 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
22:24:57.0734 3608 PCI - ok
22:24:57.0734 3608 PCIDump - ok
22:24:57.0750 3608 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:24:57.0750 3608 PCIIde - ok
22:24:57.0765 3608 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:24:57.0765 3608 Pcmcia - ok
22:24:57.0796 3608 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\pcouffin.sys
22:24:57.0796 3608 pcouffin - ok
22:24:57.0796 3608 PDCOMP - ok
22:24:57.0812 3608 PDFRAME - ok
22:24:57.0812 3608 PDRELI - ok
22:24:57.0828 3608 PDRFRAME - ok
22:24:57.0828 3608 perc2 - ok
22:24:57.0843 3608 perc2hib - ok
22:24:57.0875 3608 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
22:24:57.0875 3608 PlugPlay - ok
22:24:57.0921 3608 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:24:57.0921 3608 PolicyAgent - ok
22:24:57.0937 3608 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:24:57.0937 3608 PptpMiniport - ok
22:24:57.0937 3608 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:24:57.0937 3608 ProtectedStorage - ok
22:24:57.0968 3608 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
22:24:57.0968 3608 PSched - ok
22:24:57.0984 3608 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:24:57.0984 3608 Ptilink - ok
22:24:58.0015 3608 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:24:58.0015 3608 PxHelp20 - ok
22:24:58.0015 3608 ql1080 - ok
22:24:58.0015 3608 Ql10wnt - ok
22:24:58.0031 3608 ql12160 - ok
22:24:58.0031 3608 ql1240 - ok
22:24:58.0046 3608 ql1280 - ok
22:24:58.0062 3608 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:24:58.0062 3608 RasAcd - ok
22:24:58.0078 3608 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
22:24:58.0078 3608 RasAuto - ok
22:24:58.0093 3608 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:24:58.0109 3608 Rasl2tp - ok
22:24:58.0125 3608 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
22:24:58.0125 3608 RasMan - ok
22:24:58.0140 3608 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:24:58.0140 3608 RasPppoe - ok
22:24:58.0156 3608 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:24:58.0156 3608 Raspti - ok
22:24:58.0187 3608 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:24:58.0187 3608 Rdbss - ok
22:24:58.0218 3608 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:24:58.0218 3608 RDPCDD - ok
22:24:58.0234 3608 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:24:58.0250 3608 rdpdr - ok
22:24:58.0265 3608 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
22:24:58.0265 3608 RDPWD - ok
22:24:58.0281 3608 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
22:24:58.0296 3608 RDSessMgr - ok
22:24:58.0312 3608 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:24:58.0312 3608 redbook - ok
22:24:58.0359 3608 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
22:24:58.0375 3608 RemoteAccess - ok
22:24:58.0390 3608 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
22:24:58.0390 3608 RemoteRegistry - ok
22:24:58.0406 3608 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
22:24:58.0406 3608 RpcLocator - ok
22:24:58.0484 3608 RpcSs (5c83a4408604f737717ab96371201680) C:\WINDOWS\System32\rpcss.dll
22:24:58.0484 3608 RpcSs - ok
22:24:58.0515 3608 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:24:58.0531 3608 RSVP - ok
22:24:58.0562 3608 RTL8023xp (1e11171c0b9989e1bdaa59e96b2e81c4) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
22:24:58.0562 3608 RTL8023xp - ok
22:24:58.0578 3608 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:24:58.0578 3608 SamSs - ok
22:24:58.0593 3608 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
22:24:58.0609 3608 SCardSvr - ok
22:24:58.0625 3608 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
22:24:58.0625 3608 Schedule - ok
22:24:58.0640 3608 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:24:58.0656 3608 Secdrv - ok
22:24:58.0671 3608 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
22:24:58.0671 3608 seclogon - ok
22:24:58.0718 3608 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\WINDOWS\system32\drivers\senfilt.sys
22:24:58.0718 3608 senfilt - ok
22:24:58.0734 3608 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
22:24:58.0734 3608 SENS - ok
22:24:58.0750 3608 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:24:58.0750 3608 serenum - ok
22:24:58.0765 3608 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
22:24:58.0765 3608 Serial - ok
22:24:58.0781 3608 SetupNTGLM7X - ok
22:24:58.0796 3608 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:24:58.0796 3608 Sfloppy - ok
22:24:58.0828 3608 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
22:24:58.0828 3608 SharedAccess - ok
22:24:58.0890 3608 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
22:24:58.0890 3608 ShellHWDetection - ok
22:24:58.0890 3608 Simbad - ok
22:24:58.0921 3608 smwdm (db74141bbcbe8f22acfb53215e8af0d1) C:\WINDOWS\system32\drivers\smwdm.sys
22:24:58.0921 3608 smwdm - ok
22:24:58.0984 3608 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
22:24:58.0984 3608 SoundMAX Agent Service (default) - ok
22:24:58.0984 3608 Sparrow - ok
22:24:59.0015 3608 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
22:24:59.0015 3608 splitter - ok
22:24:59.0031 3608 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
22:24:59.0046 3608 Spooler - ok
22:24:59.0109 3608 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\system32\Drivers\sptd.sys
22:24:59.0109 3608 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4f576e516cc76ec50a244586bcfa1c78
22:24:59.0109 3608 sptd ( LockedFile.Multi.Generic ) - warning
22:24:59.0109 3608 sptd - detected LockedFile.Multi.Generic (1)
22:24:59.0125 3608 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
22:24:59.0125 3608 sr - ok
22:24:59.0281 3608 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
22:24:59.0281 3608 srservice - ok
22:24:59.0328 3608 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
22:24:59.0328 3608 Srv - ok
22:24:59.0359 3608 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
22:24:59.0359 3608 SSDPSRV - ok
22:24:59.0406 3608 Steam Client Service - ok
22:24:59.0437 3608 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
22:24:59.0437 3608 stisvc - ok
22:24:59.0453 3608 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:24:59.0453 3608 swenum - ok
22:24:59.0515 3608 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
22:24:59.0515 3608 swmidi - ok
22:24:59.0515 3608 SwPrv - ok
22:24:59.0531 3608 symc810 - ok
22:24:59.0531 3608 symc8xx - ok
22:24:59.0546 3608 sym_hi - ok
22:24:59.0546 3608 sym_u3 - ok
22:24:59.0578 3608 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
22:24:59.0578 3608 sysaudio - ok
22:24:59.0609 3608 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
22:24:59.0609 3608 SysmonLog - ok
22:24:59.0640 3608 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
22:24:59.0640 3608 TapiSrv - ok
22:24:59.0703 3608 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:24:59.0703 3608 Tcpip - ok
22:24:59.0718 3608 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:24:59.0718 3608 TDPIPE - ok
22:24:59.0734 3608 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
22:24:59.0734 3608 TDTCP - ok
22:24:59.0765 3608 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:24:59.0765 3608 TermDD - ok
22:24:59.0796 3608 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
22:24:59.0796 3608 TermService - ok
22:24:59.0812 3608 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
22:24:59.0828 3608 Themes - ok
22:24:59.0843 3608 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
22:24:59.0843 3608 TlntSvr - ok
22:24:59.0843 3608 TosIde - ok
22:24:59.0875 3608 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
22:24:59.0875 3608 TrkWks - ok
22:24:59.0890 3608 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
22:24:59.0890 3608 Udfs - ok
22:24:59.0890 3608 ultra - ok
22:24:59.0921 3608 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
22:24:59.0921 3608 UMWdf - ok
22:24:59.0968 3608 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
22:24:59.0968 3608 Update - ok
22:24:59.0984 3608 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
22:24:59.0984 3608 upnphost - ok
22:25:00.0031 3608 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
22:25:00.0031 3608 UPS - ok
22:25:00.0062 3608 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:25:00.0062 3608 usbccgp - ok
22:25:00.0078 3608 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:25:00.0078 3608 usbehci - ok
22:25:00.0093 3608 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:25:00.0093 3608 usbhub - ok
22:25:00.0109 3608 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:25:00.0109 3608 usbprint - ok
22:25:00.0140 3608 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:25:00.0140 3608 USBSTOR - ok
22:25:00.0171 3608 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:25:00.0171 3608 usbuhci - ok
22:25:00.0171 3608 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
22:25:00.0171 3608 VgaSave - ok
22:25:00.0187 3608 ViaIde - ok
22:25:00.0203 3608 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
22:25:00.0203 3608 VolSnap - ok
22:25:00.0234 3608 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
22:25:00.0234 3608 VSS - ok
22:25:00.0265 3608 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
22:25:00.0265 3608 W32Time - ok
22:25:00.0296 3608 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:25:00.0296 3608 Wanarp - ok
22:25:00.0296 3608 WDICA - ok
22:25:00.0421 3608 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
22:25:00.0421 3608 wdmaud - ok
22:25:00.0468 3608 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
22:25:00.0468 3608 WebClient - ok
22:25:00.0468 3608 Suspicious service (NoAccess): wffezdnah
22:25:00.0500 3608 wffezdnah (574cf0062911c8c4eca2156187b8207d) C:\WINDOWS\system32\haqqe.dll
22:25:00.0500 3608 Suspicious file (NoAccess): C:\WINDOWS\system32\haqqe.dll. md5: 574cf0062911c8c4eca2156187b8207d
22:25:00.0500 3608 wffezdnah ( LockedService.Multi.Generic ) - warning
22:25:00.0500 3608 wffezdnah - detected LockedService.Multi.Generic (1)
22:25:00.0562 3608 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:25:00.0562 3608 winmgmt - ok
22:25:00.0593 3608 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
22:25:00.0593 3608 WmdmPmSN - ok
22:25:00.0656 3608 Wmi (1aff244ca134956c54474f4e2433e4ce) C:\WINDOWS\System32\advapi32.dll
22:25:00.0656 3608 Wmi - ok
22:25:00.0703 3608 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:25:00.0703 3608 WmiApSrv - ok
22:25:00.0921 3608 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:25:00.0937 3608 WPFFontCache_v0400 - ok
22:25:00.0968 3608 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:25:00.0968 3608 WS2IFSL - ok
22:25:01.0000 3608 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
22:25:01.0000 3608 wscsvc - ok
22:25:01.0031 3608 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
22:25:01.0031 3608 wuauserv - ok
22:25:01.0046 3608 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
22:25:01.0062 3608 WZCSVC - ok
22:25:01.0078 3608 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
22:25:01.0078 3608 xmlprov - ok
22:25:01.0171 3608 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:25:01.0187 3608 YahooAUService - ok
22:25:01.0265 3608 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\CyberLink\PowerDVD8\000.fcl
22:25:01.0265 3608 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
22:25:01.0281 3608 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:25:01.0703 3608 \Device\Harddisk0\DR0 - ok
22:25:01.0718 3608 Boot (0x1200) (847e84c43dbdbab01114456015c0a792) \Device\Harddisk0\DR0\Partition0
22:25:01.0734 3608 \Device\Harddisk0\DR0\Partition0 - ok
22:25:01.0750 3608 Boot (0x1200) (314b1e3b8dc642ab55f041cd6469315e) \Device\Harddisk0\DR0\Partition1
22:25:01.0765 3608 \Device\Harddisk0\DR0\Partition1 - ok
22:25:01.0781 3608 Boot (0x1200) (4a0ee531cd47e1b89a0fa7472af9d477) \Device\Harddisk0\DR0\Partition2
22:25:01.0796 3608 \Device\Harddisk0\DR0\Partition2 - ok
22:25:01.0796 3608 Boot (0x1200) (a7c1a2f25558245d9b0f1d89ac09cb0b) \Device\Harddisk0\DR0\Partition3
22:25:01.0812 3608 \Device\Harddisk0\DR0\Partition3 - ok
22:25:01.0812 3608 ============================================================
22:25:01.0812 3608 Scan finished
22:25:01.0812 3608 ============================================================
22:25:01.0812 0836 Detected object count: 2
22:25:01.0812 0836 Actual detected object count: 2
22:25:07.0828 0836 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
22:25:07.0828 0836 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
22:25:07.0859 0836 C:\WINDOWS\system32\haqqe.dll - copied to quarantine
22:25:07.0859 0836 wffezdnah ( LockedService.Multi.Generic ) - User select action: Quarantine
22:25:30.0078 2000 Deinitialize success

 

[sidewaysfcs07]

ComboFix 12-06-27.01 - bau bau 06/27/2012 22:30:59.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.611 [GMT 3:00]
Running from: c:\documents and settings\bau bau\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\bau bau\Desktop\CFScript.txt
.
FILE ::
"c:\program files\Web Assistant\ExtensionUpdaterService.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\ADDICT-THING
c:\documents and settings\All Users\Application Data\ADDICT-THING\background.html
c:\documents and settings\All Users\Application Data\ADDICT-THING\content.js
c:\documents and settings\All Users\Application Data\ADDICT-THING\gdelagicpaddbhbibmgdfbkfhhfcghbb.crx
c:\documents and settings\All Users\Application Data\ADDICT-THING\settings.ini
c:\program files\Optimizer Pro
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-26 17:08 . 2012-06-26 17:08 -------- d-----w- c:\documents and settings\bau bau\Application Data\Malwarebytes
2012-06-26 17:08 . 2012-06-26 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-17 15:47 . 2012-06-17 15:47 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-17 15:47 . 2012-06-17 15:47 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-08 14:37 . 2012-06-08 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2012-06-06 19:25 . 2012-06-06 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Xilisoft
2012-05-29 21:24 . 2012-05-29 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\TheBflixUpdater
2012-05-29 21:23 . 2012-05-29 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium
2012-05-29 21:23 . 2012-05-29 21:23 453 ----a-w- C:\user.js
2012-05-29 21:22 . 2012-05-29 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-05-28 21:34 . 2012-05-28 21:34 -------- d-----w- c:\documents and settings\bau bau\Application Data\Xilisoft
2012-05-28 21:33 . 2012-05-28 21:33 -------- d-----w- c:\program files\Xilisoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 15:47 . 2011-11-19 15:36 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 139264]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"Steam"="e:\games\Steam\steam.exe" [2011-12-29 1242448]
"OscarEditor"="c:\program files\OSCAR Editor\OscarEditor.exe" [2008-07-30 2865152]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-01-04 6497592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-20 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-20 13881960]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-03-27 36352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RaidCall"="c:\program files\raidcall\\raidcall.exe" [2012-03-28 2596536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"e:\\Games\\Steam\\Steam.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/29/2011 1:01 PM 682232]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [6/27/2008 5:50 PM 61424]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/29/2011 1:07 PM 47360]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/4/2011 11:15 PM 136176]
S2 wffezdnah;Config Time;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/4/2011 11:15 PM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/4/2012 10:23 AM 113120]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 32847900
*Deregistered* - 32847900
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wffezdnah
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-04 20:15]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-04 20:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ro/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{5434F102-709B-4C0A-922A-E38AD4B14C44}: NameServer = 213.154.124.1 193.231.252.1
FF - ProfilePath - c:\documents and settings\bau bau\Application Data\Mozilla\Firefox\Profiles\ogvu9i1x.default\
FF - prefs.js: browser.startup.homepage - google.ro
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6PQyTeVRnk&&I=26&search=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQyTeVRnk&loc=IB_TB&I=26&search=
FF - user.js: extensions.incredibar_i.id - 884a0ab60000000000000013d33ad7a9
FF - user.js: extensions.incredibar_i.instlDay - 15489
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.140:23
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQyTeVRnk
FF - user.js: extensions.incredibar_i.upn2n - 92542970437908018
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 20%5F5
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-27 22:35
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wffezdnah]
"ServiceDll"="c:\windows\system32\haqqe.dll"
.
Completion time: 2012-06-27 22:37:26
ComboFix-quarantined-files.txt 2012-06-27 19:37
ComboFix2.txt 2012-06-27 06:37
.
Pre-Run: 6,870,388,736 bytes free
Post-Run: 6,884,278,272 bytes free
.
- - End Of File - - DCC570D2BB95AA88CB85A3E7F5A8D712




I ran the tdsskiller scan twice because I was not clear if it did anything the first time .

 

[Bobbye]

It shows quarantines.
Please download SvcQuery.exe

• Double click to run the tool
• When prompted to enter a service name type wffezdnah
• When asked to confirm type Y
• A log will appear when finished> please paste that into your next reply.

=======================================
Please go to VirSCAN.org FREE on-line scan service:
If busy, you can use one of the following: ( you only need one)
VirusTotal
Jotti

• 
  [1]. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.
  
  

  c:\windows\system32\haqqe.dll

  [2]. At the upload site, click once inside the window next to Browse.
  [3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
  [4]. Click on the Upload button.
  This will perform a scan across multiple different virus scanning engines.
  Your file will possibly be entered into a queue which normally takes less than a minute to clear.
  Important: Wait for all of the scanning engines to complete.
  [5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
  [6]. Paste the contents of the Clipboard in your next reply.

====================================
Please leave the logs from the SvcQuery and Virscan in your next reply.

An entry fro uTorrent remains. Please do not use this program or any other file sharing program while I am helping you.

 

[Bobbye]

Do you plan to continue?