Solved The virus revealed itself

harveydf · Apr 10, 2012

Broni,
I'm sorry for the delay, I was out of town for Easter. Here are the remaining steps form reply #18. I ran TFC and Eset online scanner with archives checked. Eset did not find any issues. the computer is running good.

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
ESET Online Scanner v3
Microsoft Security Essentials
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
PC Tools Spyware Doctor 9.0
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 31
Adobe Flash Player 11.1.102.63
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

Farbar Service Scanner Version: 01-03-2012
Ran by Harveydf (administrator) on 05-04-2012 at 16:44:42
Running from "C:\Users\Harveydf\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Minimal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
The start type of Nsi service is OK.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.
Checking LEGACY_Nsi: Attention! Unable to open LEGACY_Nsi\0000 registry key. The key does not exist.

nsiproxy Service is not running. Checking service configuration:
The start type of nsiproxy service is OK.
The ImagePath of nsiproxy service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

Connection Status:
==============
Localhost is blocked.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: Attention! Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-08 14:24] - [2011-09-20 14:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Broni · Apr 10, 2012

You have several registry keys missing.
Is your internet connection working OK?

harveydf · Apr 10, 2012

Yes, the internet connection is fine.

Broni · Apr 10, 2012

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

We have to fix couple of issues...

Go Start and in "Start search: type in:
services.msc
Press Enter.
Services window will open.
Find "DNS Client" service, right click on it, click "Properties" and under "Startup type" select "Automatic" from drop-down menu.

=======================================================================

Download PsExec.exe to your desktop (IMPORTANT!)
Hold Windows logo key and press "R" to open "Run" command window.
Copy and paste following command into "Run" command line:

"%userprofile%\desktop\psexec" -i -d -s c:\windows\regedit.exe

Click OK.
Registry Editor will open.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Click Advanced.
Under Owner tab select the entry starting with you user name, example: Farbar(Farbar-PC\Farbar)
Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.

Download Vista.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip downloaded file.
You'll find several files inside.
Double-click legacy_bits.reg and confirm the prompt.
Double-click legacy_wscsvc.reg and confirm the prompt.
Double-click legacy_bfe and confirm the prompt.

Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.

Restart computer.
Post new FSS log.

harveydf · Apr 11, 2012

I can not create a restore point. I tried several time, but it give me the message "Can not create a file when that file already exists". Error 0X800700B7. I checked the used Shadow Copy Storage Space and it is 14.954GB, allocated shadow copy storage is 17.157GB and maximum shadow copy storage space is 68.209GB's. How should I proceed?

harveydf · Apr 11, 2012

I turned DNS services on to automatic. The link to PsExec.zip sends me to the smartcomputing web site and generates this message, ([#10850.3] An internal error occurred. Please contact an administrator. I downloaded the vista.zip successfully.

Broni · Apr 11, 2012

I'm sorry for bad link.
I edited my post so the link should work now.

Skip creating restore point.

harveydf · Apr 11, 2012

I downloaded PsExec to my desktop, copy and pasted the command into run. Then it ask for permission, I said yes, it blinked the black command prompt window momentarily and that was it. Regedit was not open. Should open regedit and complete your instructions?

harveydf · Apr 11, 2012

So, I went ahead and opened regedit. Navigated to the key you instructed. Then when I put the check mark next to Replace owner on subcontainers and objects, I got this message: Registry Editor could not set owner on the key currently selected, or some of its subkeys. I'll keep the Advanced Security Settings for Root dialog box open until I hear from you.

Broni · Apr 11, 2012

Make sure PsExec.exe is located on your desktop.
Then when you execute listed command look at your taskbar. Possibly registry editor opens minimized.

harveydf · Apr 11, 2012

PsExec.exe is located squarely in the center of my desktop. I opened the run command window and pasted in the command. It blinks the black command prompt window momentarily and that's it. Regedit is not in the taskbar. I checked Windows Task Manager there are no other applications running. I have tried this several times now and in safe mode with networking. Regedit does not open and when I go to regedit and put the check mark next to "Replace owner on subcontainers and objects" the message: "Registry Editor could not set owner on the key currently selected, or some of its subkeys." I don't know what I could be doing wrong.

Broni · Apr 11, 2012

Try this...
Go Start and in "Start search" type in:
cmd
Hold CTRL and SHIFT keys and press Enter.

Command prompt window will open.
Paste same command:
"%userprofile%\desktop\psexec" -i -d -s c:\windows\regedit.exe
Press Enter.

harveydf · Apr 11, 2012

Ha, were in! Under permissions for root, Owner tab, Current owner: Administrator (harveydf-PC\Administrator). Then under change owner to: I have two options, Administrator (harveydf-PC\Administrator) and System. Do I select the Administrator (harveydf-PC\Administrator) then check the box labeled "replace owner on subcontainers and objects" and then finish your instructions. I apologize for being timid here, I just don't want to make an error.

harveydf · Apr 11, 2012

What I was trying to say is there is no entry starting with my user name in "Change owner to".

Broni · Apr 11, 2012

Administrator (harveydf-PC\Administrator) should be fine.

harveydf · Apr 11, 2012

Here is the new FSS log.

Farbar Service Scanner Version: 01-03-2012
Ran by Harveydf (administrator) on 11-04-2012 at 17:03:22
Running from "C:\Users\Harveydf\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-08 14:24] - [2011-09-20 14:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Broni · Apr 11, 2012

Perfect!
Good job

Make sure Windows firewall is on.

Then...

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

harveydf · Apr 12, 2012

Broni,

Yesterday afternoon, when the Mr. Clean symbol jumped off your page, I was very happy, and relieved. Relieved that I could finally start my taxes and put this behind me. I thought you did a great job, and I glided through running OTL, and then Windows Updates (I need eight of them). I added the Web of Trust to Firefox and then closed everything down to run MBAM. I installed FileHippo Update Checker, and updated CCleaner. I downloaded and installed Secunia Personal Software Inspector (PSI), there I saw there was a update for my old HP printer that has been so good to me. I installed it and it ran perfectly. I updated Java and Silverlight, not to mention MSE and PC Tools.
Then I decided to plug in a usb drive and scan it using PC Tools. PC Tools found ZeroAccess malware, and it slowed to a crawl. The machine locked up, and I had to rebooted. I knew what had happened, but just could believe this "thing" could just walk over me. I booted into safe mode and hit the TFC. The machine locked up again- I rebooted to a black screen with a mouse- I rebooted to a BSOD- I rebooted to Check Disk with /f- I rebooted to repair, and the computer reported that I was locked out.
Now I'm getting out my boot disks. I tried two new boot/repair disks (ones I have made within the last month) and no access. Then I tried an old Hirens 5, and it loaded, and asked if I wanted to launch Vista? I said yes and it did...........This machine is hooked and rooted to the max.
Now I am embarrassed to ask for more help, but if your willing to instruct me again, I'll work quickly and not open any other portable drives until I can find or buy a tool, that can stop this malware. I am stunned that just scanning a container that has this malware on it or in it can infect a system that is totally up to date. I used TDSS killer and Rkill (there were no logs) just so I could run Gmer and DDTs.
Here are the logs.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.0

Run by Harveydf at 8:19:37 on 2012-04-12

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.1942 [GMT -7:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Secunia\PSI\PSIA.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Secunia\PSI\psi_tray.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Windows\Explorer.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://att.my.yahoo.com/?_bc=1

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe

uPolicies-explorer: NoInstrumentation = 1

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{193FD7B8-6ED3-43A3-9D42-499D673FB086} : DhcpNameServer = 192.168.1.254

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\harveydf\appdata\roaming\mozilla\firefox\profiles\lppj4d9t.default\

FF - prefs.js: browser.search.selectedEngine - WOT Safe Search

FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: c:\users\harveydf\appdata\local\google\google earth\plugin\npgeplugin.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-3-14 331880]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-3-14 342168]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-3-15 54328]

R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-3-15 574424]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-3-14 253352]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-3-14 185560]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-6-14 21992]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-3-15 793048]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-13 994360]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-2-14 9182208]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-2-14 264704]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-12-5 83472]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-3-15 35264]

S1 6594252drv;6594252drv;c:\windows\system32\drivers\6594252drv.sys [2011-8-15 489048]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]

S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2012-3-14 70536]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2012-3-16 24416]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-3-14 402336]

S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-3-14 1117624]

S3 silabenm;Junsi USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2012-3-11 47176]

S3 silabser;Junsi USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2012-3-11 58496]

S3 ThreatFire;ThreatFire;c:\program files\pc tools\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools\pc tools security\tfengine\TFService.exe service [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-2-14 163328]

S4 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-17 21504]

.

=============== Created Last 30 ================

.

2012-04-12 15:07:50 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a6528cb4-aba5-4ff5-a9e4-058b09dae1ae}\mpengine.dll

2012-04-12 06:44:42 -------- d-sh--w- C:\found.000

2012-04-12 02:58:40 -------- d-----w- c:\users\harveydf\appdata\roaming\HpUpdate

2012-04-12 02:58:04 -------- d-----w- c:\windows\Hewlett-Packard

2012-04-12 02:37:28 -------- d-----w- c:\users\harveydf\appdata\local\Secunia PSI

2012-04-12 02:37:19 -------- d-----w- c:\program files\Secunia

2012-04-12 02:22:39 637848 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-04-12 01:57:54 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 01:57:54 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 01:57:54 157696 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 01:57:54 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 01:57:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-12 01:57:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-12 01:51:55 -------- d-----w- C:\d281be23de28856800c08d

2012-04-12 01:48:55 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2012-04-10 20:36:10 2322184 ----a-w- c:\users\harveydf\esetsmartinstaller_enu.exe

2012-04-06 07:58:16 -------- d-----w- c:\users\harveydf\DoctorWeb

2012-04-03 21:44:09 -------- d-----w- c:\users\harveydf\appdata\local\temp

2012-04-03 21:41:49 -------- d-sh--w- C:\$RECYCLE.BIN

2012-04-03 21:35:04 16896 ----a-w- c:\windows\system32\grpconv.exe

2012-04-01 20:58:10 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-26 11:53:19 -------- d-----w- c:\windows\ERDNT2

2012-03-26 11:52:11 -------- d-----w- c:\program files\ERUNT2

2012-03-24 15:43:42 -------- d-----w- C:\AMD

2012-03-23 17:01:03 -------- d-----w- c:\programdata\Microsoft Symbols for Visual Studio and Process Explorer

2012-03-23 16:58:59 -------- d-----w- c:\users\harveydf\Microsoft Symbols for Visual Studio and Process Explorer

2012-03-23 10:54:56 -------- d-----w- c:\program files\BenchMark Tools

2012-03-23 09:08:30 -------- d-----w- c:\program files\CrystalDiskInfo

2012-03-22 17:55:02 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2012-03-22 17:52:47 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2012-03-21 15:32:51 -------- d-----w- c:\users\harveydf\appdata\roaming\GlarySoft

2012-03-21 15:32:50 -------- d-----w- c:\program files\Glary Undelete

2012-03-18 20:39:56 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-03-17 17:42:42 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5f54698d-55cd-4254-9766-493841d8d863}\gapaengine.dll

2012-03-17 17:13:22 -------- d-----w- c:\program files\Microsoft Security Client

2012-03-17 17:12:50 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2012-03-17 08:34:47 -------- d-----w- C:\.Trash-0

2012-03-17 00:40:53 -------- d-----w- c:\users\harveydf\appdata\roaming\GetRightToGo

2012-03-17 00:04:50 14664 ----a-w- c:\windows\stinger.sys

2012-03-17 00:04:18 -------- d-----w- c:\program files\stinger

2012-03-16 19:02:00 -------- d-----w- C:\BackSys

2012-03-16 15:22:38 24416 ----a-w- c:\windows\system32\drivers\regguard.sys

2012-03-16 15:11:06 39184 ----a-w- c:\windows\system32\Partizan.exe

2012-03-16 15:11:06 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys

2012-03-16 15:10:55 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys

2012-03-16 10:26:59 -------- d-----w- c:\users\harveydf\appdata\roaming\VSRevoGroup

2012-03-16 09:06:55 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-03-16 09:06:55 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll

2012-03-15 13:22:16 -------- d-----w- c:\users\harveydf\appdata\roaming\Registry Mechanic

2012-03-15 12:54:22 880640 ----a-w- c:\windows\system32\UniBox10.ocx

2012-03-15 12:54:22 512472 ----a-w- c:\windows\system32\msxml.dll

2012-03-15 12:54:22 37336 ----a-w- c:\windows\system32\CleanMFT32.exe

2012-03-15 12:54:22 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx

2012-03-15 12:54:22 1101824 ----a-w- c:\windows\system32\UniBox210.ocx

2012-03-15 12:50:58 -------- d-----w- c:\users\harveydf\appdata\roaming\Product_RM

2012-03-15 11:59:07 -------- d-----w- c:\users\harveydf\appdata\roaming\PCTools

2012-03-15 08:38:31 574424 --s-a-w- c:\windows\system32\drivers\TfSysMon.sys

2012-03-15 08:38:30 54328 --s-a-w- c:\windows\system32\drivers\TfFsMon.sys

2012-03-15 08:38:30 35264 --s-a-w- c:\windows\system32\drivers\TfNetMon.sys

2012-03-15 01:59:41 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2012-03-15 01:59:41 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys

2012-03-15 01:59:39 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys

2012-03-15 01:59:37 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2012-03-15 01:59:32 -------- d-----w- c:\program files\PC Tools

2012-03-15 01:12:24 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2012-03-15 01:12:24 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys

2012-03-15 01:12:24 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2012-03-15 01:12:24 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2012-03-15 01:12:23 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-03-15 01:12:23 -------- d-----w- c:\program files\common files\PC Tools

2012-03-15 01:07:19 -------- d-----w- c:\users\harveydf\appdata\roaming\TestApp

2012-03-15 01:07:19 -------- d-----w- c:\programdata\PC Tools

2012-03-13 23:40:21 2044416 ----a-w- c:\windows\system32\win32k.sys

2012-03-13 23:40:15 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-03-13 23:40:15 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-03-13 23:40:15 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-03-13 23:40:15 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-03-13 23:40:15 1068544 ----a-w- c:\windows\system32\DWrite.dll

2012-03-13 21:39:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-13 21:39:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-13 20:04:26 613376 ----a-w- c:\windows\system32\rdpencom.dll

2012-03-13 20:04:26 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

==================== Find3M ====================

.

2012-04-12 02:22:19 567696 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-16 09:14:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-15 03:47:12 9182208 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-02-15 03:18:56 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-02-15 03:18:40 791040 ----a-w- c:\windows\system32\aticfx32.dll

2012-02-15 03:13:56 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-02-15 03:13:20 405504 ----a-w- c:\windows\system32\atieclxx.exe

2012-02-15 03:12:48 163328 ----a-w- c:\windows\system32\atiesrxx.exe

2012-02-15 03:11:34 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2012-02-15 03:10:58 20992 ----a-w- c:\windows\system32\atimuixx.dll

2012-02-15 03:10:48 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2012-02-15 03:07:44 6200320 ----a-w- c:\windows\system32\atidxx32.dll

2012-02-15 02:58:56 19392000 ----a-w- c:\windows\system32\atioglxx.dll

2012-02-15 02:40:54 1828864 ----a-w- c:\windows\system32\atiumdmv.dll

2012-02-15 02:34:54 46080 ----a-w- c:\windows\system32\aticalrt.dll

2012-02-15 02:34:44 44032 ----a-w- c:\windows\system32\aticalcl.dll

2012-02-15 02:34:36 5954048 ----a-w- c:\windows\system32\atiumdag.dll

2012-02-15 02:29:52 5062656 ----a-w- c:\windows\system32\atiumdva.dll

2012-02-15 02:29:50 11561984 ----a-w- c:\windows\system32\aticaldd.dll

2012-02-15 02:16:34 51200 ----a-w- c:\windows\system32\coinst.dll

2012-02-15 02:13:48 356352 ----a-w- c:\windows\system32\atiadlxx.dll

2012-02-15 02:13:32 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2012-02-15 02:13:20 33280 ----a-w- c:\windows\system32\atigktxx.dll

2012-02-15 02:12:48 264704 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-02-15 02:12:14 33280 ----a-w- c:\windows\system32\atiuxpag.dll

2012-02-15 02:12:00 30208 ----a-w- c:\windows\system32\atiu9pag.dll

2012-02-15 02:11:36 37376 ----a-w- c:\windows\system32\atitmpxx.dll

2012-02-15 02:11:22 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-02-15 02:11:10 53760 ----a-w- c:\windows\system32\atimpc32.dll

2012-02-15 02:11:10 53760 ----a-w- c:\windows\system32\amdpcom32.dll

2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 8:20:05.20 ===============

harveydf · Apr 12, 2012

Page 2
.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 11/23/2007 3:55:52 PM

System Uptime: 4/12/2012 7:08:29 AM (1 hours ago)

.

Motherboard: ECS | | MCP61PM-GM

Processor: AMD Phenom(tm) 9500 Quad-Core Processor | Socket AM2 | 2200/235mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 324 GiB total, 209.791 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 4.159 GiB free.

E: is CDROM (CDFS)

F: is Removable

G: is Removable

H: is Removable

I: is Removable

K: is FIXED (NTFS) - 24 GiB total, 24.324 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

1500

1500_Help

1500Trb

32 Bit HP CIO Components Installer

7-Zip 9.20

Acrobat.com

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.5.0 - CPSID_83708

Adobe AIR

Adobe Anchor Service CS4

Adobe Asset Services CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe Creative Suite 4 Design Premium

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Dreamweaver CS4

Adobe Drive CS4

Adobe Dynamiclink Support

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Fireworks CS4

Adobe Flash CS4

Adobe Flash CS4 Extension - Flash Lite STI en

Adobe Flash CS4 STI-en

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Illustrator CS4

Adobe InDesign CS4

Adobe InDesign CS4 Application Feature Set Files (Roman)

Adobe InDesign CS4 Common Base Files

Adobe InDesign CS4 Icon Handler

Adobe Linguistics CS4

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Reader for Palm OS, 3.05

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe SGM CS4

Adobe Shockwave Player 11.6

Adobe SING CS4

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe Version Cue CS4 Server

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

AIO_CDB_ProductContext

AIO_CDB_Software

AIO_Scan

AMD Catalyst Install Manager

AnswerWorks 4.0 Runtime - English

AnswerWorks 5.0 English Runtime

Apple Mobile Device Support

Apple Software Update

Application Verifier

Astrolog32 2.02

AT&T Self Support Tool

AT&T Yahoo! Applications

Audacity 1.3.13 (Unicode)

Avery Wizard 3.1

Bonjour

BufferChm

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-static

ccc-utility

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Compatibility Pack for the 2007 Office system

Connect

Copy

Core Temp version 0.99.8

CPUID CPU-Z 1.57.1

Debugging Tools for Windows (x86)

Destinations

Dev-C++ 5 beta 9 release (4.9.9.2)

DeviceManagementQFolder

Digital Media Reader

DocProc

DocProcQFolder

ERUNT 1.1j

eSupportQFolder

EVEREST Home Edition v2.20

Fax

FFmpeg v0.6.2 for Audacity

FormatFactory 2.20

Free Window Registry Repair

FreeMind

Gateway Connect

Gateway Games

Gateway Recovery Center Installer

Glary Undelete 1.8.0.468

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GPSMaster 2.13.5

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB2635973)

HP Imaging Device Functions 8.0

HP OCR Software 8.0

HP Photosmart Essential

HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B

HP Product Assistant

HP Solution Center 8.0

HP Update

HPProductAssistant

ISO Recorder

iTunes

Java Auto Updater

Java(TM) 7 Update 3

Junior Jyotish 1.10v

kuler

LabelPrint

LADSPA_plugins-win-0.4.15

LAME v3.98.3 for Audacity

Malwarebytes Anti-Malware version 1.61.0.1400

Maxtor*MaxBlast

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Help Viewer 1.1

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server System CLR Types

Microsoft Sync Framework 2.0 Core Components (x86) ENU

Microsoft Sync Framework 2.0 Provider Services (x86) ENU

Microsoft Visual Basic 2010 Express - ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Service Pack 1

Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

Microsoft Windows Performance Toolkit

Microsoft Windows SDK .NET Framework Tools (30514)

Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools

Microsoft Windows SDK for Windows 7 (7.1)

Microsoft Windows SDK for Windows 7 Common Utilities (30514)

Microsoft Windows SDK Intellisense and Reference Assemblies (30514)

Microsoft Windows SDK MSHelp (30514)

Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)

Microsoft Works

Microsoft WSE 2.0 SP3 Runtime

Mobipocket Creator 4.2

Mobipocket Reader 6.2

Mozilla Firefox 11.0 (x86 en-US)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyPhoneExplorer

NVIDIA Drivers

OGA Notifier 2.0.0048.0

OpenSSL 1.0.0e (32-bit)

Palm Desktop

PC Tools Registry Mechanic 11.0

PC Tools Spyware Doctor 9.0

PDF Settings CS4

Photoshop Camera Raw

Pixel Bender Toolkit

Power2Go 5.0

PS2 Multimedia Keyboard Driver

QuickTime

Realtek High Definition Audio Driver

Revo Uninstaller 1.93

Scan

Secunia PSI (2.0.0.4003)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Send To Toys v2.61

Skins

Soft Data Fax Modem with SmartCP

SolutionCenter

Status

Suite Shared Configuration CS4

swMSM

SyncToy 2.1 (x86)

The Proxomitron Ver. Naoko-4.5

The Rosetta Stone

TI Connect 1.6

TI StudyCards Creator

Toolbox

TrayApp

TurboTax 2008

TurboTax 2008 wcaiper

TurboTax 2008 WinPerFedFormset

TurboTax 2008 WinPerProgramHelp

TurboTax 2008 WinPerReleaseEngine

TurboTax 2008 WinPerTaxSupport

TurboTax 2008 WinPerUserEducation

TurboTax 2008 wrapper

TurboTax 2009

TurboTax 2009 wcaiper

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 wcaiper

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

TurboTax Deluxe 2007

Tweaking.com - Simple Performance Boost

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

WebReg

Windows Automated Installation Kit

Windows Media Player Firefox Plugin

Windows SDK IntellisenseNFX

WinRAR archiver

XMind

.

==== Event Viewer Messages From Past Week ========

.

6594252drv i8042prt MpFilter PCTSD spldr TfFsMon TFSysMon Wanarpv6

6594252drv i8042prt MpFilter PCTSD spldr TfFsMon TFSysMon Wanarpv6

6594252drv i8042prt MpFilter PCTSD spldr TfFsMon TFSysMon Wanarpv6

6594252drv i8042prt MpFilter PCTSD spldr TfFsMon TFSysMon Wanarpv6

6594252drv i8042prt MpFilter PCTSD spldr TfFsMon TFSysMon Wanarpv6

6594252drv i8042prt MpFilter PCTSD spldr TfFsMon TFSysMon Wanarpv6

6594252drv i8042prt

6594252drv i8042prt

6594252drv i8042prt

6594252drv i8042prt

6594252drv i8042prt

6594252drv i8042prt

6594252drv i8042prt

6594252drv i8042prt

6594252drv i8042prt

6594252drv i8042prt

6594252drv i8042prt

6594252drv i8042prt

6594252drv i8042prt

6594252drv i8042prt

6594252drv i8042prt

6594252drv i8042prt

6594252drv i8042prt

6594252drv i8042prt

6594252drv i8042prt

6594252drv i8042prt

6594252drv AFD DfsC i8042prt MpFilter NetBIOS netbt nsiproxy pctgntdi PCTSD PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6 ws2ifsl

6594252drv AFD DfsC i8042prt MpFilter NetBIOS netbt nsiproxy pctgntdi PCTSD PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6 ws2ifsl

4/7/2012 8:36:11 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/7/2012 2:24:37 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/7/2012 12:42:39 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/7/2012 10:14:05 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

4/7/2012 10:14:05 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/7/2012 10:14:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/6/2012 12:32:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/6/2012 12:18:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/6/2012 12:18:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

4/6/2012 11:57:48 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/6/2012 11:25:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/6/2012 10:29:25 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/5/2012 7:40:18 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/5/2012 4:58:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/5/2012 4:56:08 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/5/2012 4:50:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/5/2012 11:36:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

4/5/2012 10:25:54 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/5/2012 10:25:54 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

4/5/2012 10:25:54 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

4/5/2012 10:25:54 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/5/2012 10:25:54 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

4/5/2012 10:25:54 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

4/5/2012 10:25:54 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/5/2012 10:25:54 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/5/2012 10:25:54 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

4/5/2012 10:25:54 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/5/2012 10:25:54 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

4/5/2012 10:25:54 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/5/2012 10:25:54 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/5/2012 10:25:54 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

4/5/2012 10:24:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

4/12/2012 8:07:08 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/12/2012 7:11:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

4/12/2012 7:11:47 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/12/2012 7:11:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

4/12/2012 7:09:34 AM, Error: PCTCore [280] - The item store is corrupted: @5512.

4/12/2012 7:09:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

4/12/2012 7:09:08 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:

4/12/2012 7:09:08 AM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/12/2012 7:09:08 AM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/12/2012 6:35:12 AM, Error: Microsoft-Windows-WLAN-AutoConfig [4002] - WLAN AutoConfig service has failed to start. Error Code: 2147746132

4/12/2012 6:35:11 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {1BE1F766-5536-11D1-B726-00C04FB926AF} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

4/12/2012 6:35:07 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.

4/11/2012 9:14:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/11/2012 7:04:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/11/2012 6:19:05 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/11/2012 6:10:31 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/11/2012 4:57:01 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/11/2012 3:28:50 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/11/2012 11:24:57 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

4/11/2012 11:21:53 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

4/11/2012 10:59:58 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

4/11/2012 10:59:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/11/2012 10:56:56 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

.

==== End Of File ===========================

harveydf · Apr 12, 2012

Gmer Log
GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-04-12 07:52:23

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000061 WDC_WD50 rev.12.0

Running: ssb8kw6s.exe; Driver: C:\Users\Harveydf\AppData\Local\Temp\uxlcykob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8B26DC0C]

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8B26DED4]

SSDT \SystemRoot\system32\drivers\TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0x8B2CC930]

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8B26E1D0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 209 826B498C 8 Bytes [0C, DC, 26, 8B, D4, DE, 26, ...]

.text ntkrnlpa.exe!KeSetEvent + 621 826B4DA4 4 Bytes [30, C9, 2C, 8B] {XOR CL, CL; SUB AL, 0x8b}

.text ntkrnlpa.exe!KeSetEvent + 6E5 826B4E68 4 Bytes [D0, E1, 26, 8B]

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F605000, 0x3C9EA5, 0xE8000020]

? \ArcName\multi(0)disk(0)rdisk(0)partition(2)\Windows\system32\drivers\PctWfpFilter.sys The system cannot find the path specified. !

? system32\drivers\86648901.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtLoadDriver 77BC48D4 3 Bytes [FF, 25, 1E]

.text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtLoadDriver + 4 77BC48D8 2 Bytes [29, 71]

.text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtSuspendProcess 77BC5324 3 Bytes [FF, 25, 1E]

.text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtSuspendProcess + 4 77BC5328 2 Bytes [44, 71]

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!TerminateProcess 774618EF 6 Bytes JMP 71A0000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!CreateProcessW 77461BF3 6 Bytes JMP 7184000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!CreateProcessA 77461C28 6 Bytes JMP 7187000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!WriteProcessMemory 77461CB8 6 Bytes JMP 719D000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!VirtualProtect 77461DC3 6 Bytes JMP 70D9000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!MoveFileW 7746A2F2 6 Bytes JMP 7030000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!CopyFileExW 77470221 6 Bytes JMP 708E000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!CopyFileW 774702A9 6 Bytes JMP 70A2000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!DeleteFileW 7747F54E 6 Bytes JMP 7046000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!DeleteFileA 7747F66A 6 Bytes JMP 7049000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!MoveFileExW 77481160 6 Bytes JMP 702A000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!OpenMutexA 7748348F 6 Bytes JMP 705E000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!DeviceIoControl 774850FF 6 Bytes JMP 707F000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!LoadLibraryExW + 173 774893EF 4 Bytes JMP 71AB000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!LoadLibraryW 77489400 6 Bytes JMP 7195000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!CreateMutexA 774894D1 6 Bytes JMP 7064000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!LoadLibraryA 7748957C 6 Bytes JMP 7199000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!GetVolumeInformationW 7748D876 6 Bytes JMP 7115000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!VirtualProtectEx 7748DC52 6 Bytes JMP 712D000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!TerminateThread 774A4413 6 Bytes JMP 7142000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!LoadResource 774A6CFB 6 Bytes JMP 70AB000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!OpenProcess 774A7487 6 Bytes JMP 7027000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!GetProcAddress 774A925B 6 Bytes JMP 711B000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!WriteFile 774AABE1 6 Bytes JMP 7076000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!OpenMutexW 774AACA5 6 Bytes JMP 705B000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!VirtualAlloc 774AAF75 6 Bytes JMP 70DC000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!CreateFileW 774AB0EB 6 Bytes JMP 70E8000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!CreateThread 774ACB2E 6 Bytes JMP 70DF000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!CreateRemoteThread 774ACB55 3 Bytes [FF, 25, 1E]

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!CreateRemoteThread + 4 774ACB59 2 Bytes [AD, 71]

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!WideCharToMultiByte 774ACE18 6 Bytes JMP 7036000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!MultiByteToWideChar 774ACEFB 6 Bytes JMP 7058000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!CreateFileA 774AD07F 6 Bytes JMP 70E5000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!CreateDirectoryW 774AD386 6 Bytes JMP 7079000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!CreateMutexW 774AD775 6 Bytes JMP 7061000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!MoveFileExA 774B112A 6 Bytes JMP 702D000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!GetVolumeInformationA 774B14B7 6 Bytes JMP 7118000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!CopyFileA 774B2653 6 Bytes JMP 70A5000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!CreateToolhelp32Snapshot 774B68C7 6 Bytes JMP 70E2000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!CreateDirectoryA 774B7314 6 Bytes JMP 707C000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!DebugActiveProcess 774E9BC1 6 Bytes JMP 713C000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!MoveFileA 774EF7A1 6 Bytes JMP 7033000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!CopyFileExA 774F1B59 6 Bytes JMP 7091000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!WinExec 774F60CF 6 Bytes JMP 714B000A

.text C:\Windows\system32\svchost.exe[816] kernel32.dll!SetThreadContext 774F7E27 6 Bytes JMP 7073000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!RegDeleteKeyA 764E1C8C 6 Bytes JMP 7043000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!OpenSCManagerA 764E2D93 6 Bytes JMP 70D6000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!RegQueryValueA 764E30C8 6 Bytes JMP 70F4000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!RegDeleteKeyW 764E38CD 6 Bytes JMP 7040000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!RegCreateKeyExA 764E39AB 6 Bytes JMP 7112000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!RegCreateKeyA 764E3BA9 6 Bytes JMP 710C000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!RegSetValueExA 764E3BEC 6 Bytes JMP 70FA000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!OpenSCManagerW 764E7137 6 Bytes JMP 70D1000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!RegOpenKeyA 764E89C7 6 Bytes JMP 7106000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!AdjustTokenPrivileges 764E99CD 6 Bytes JMP 7067000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!RegQueryValueW 764F32D4 6 Bytes JMP 70F1000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!LookupPrivilegeValueW 764F36FF 6 Bytes JMP 706A000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!RegCreateKeyW 764F391E 6 Bytes JMP 7109000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!LookupPrivilegeValueA 764F3A0F 6 Bytes JMP 706D000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!RegSetValueExW 764F3D5A 6 Bytes JMP 70F7000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!RegCreateKeyExW 764F41F1 6 Bytes JMP 710F000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!RegQueryValueExA 764F7A9D 6 Bytes JMP 70EE000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!RegOpenKeyExA 764F7C42 6 Bytes JMP 7100000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!RegOpenKeyW 764FE2B5 6 Bytes JMP 7103000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!RegQueryValueExW 7650765E 6 Bytes JMP 70EB000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!RegOpenKeyExW 76507BA1 6 Bytes JMP 70FD000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!OpenProcessToken 76507DDC 6 Bytes JMP 7070000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!CreateServiceW 76509EB4 6 Bytes JMP 7124000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!LsaRemoveAccountRights 7652B569 6 Bytes JMP 71A7000A

.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!CreateServiceA 765472A1 6 Bytes JMP 7127000A

.text C:\Windows\system32\svchost.exe[816] USER32.dll!RegisterRawInputDevices 777E6161 3 Bytes [FF, 25, 1E]

.text C:\Windows\system32\svchost.exe[816] USER32.dll!RegisterRawInputDevices + 4 777E6165 2 Bytes [1D, 71]

.text C:\Windows\system32\svchost.exe[816] USER32.dll!SetWindowsHookExA 777E6322 6 Bytes JMP 718D000A

.text C:\Windows\system32\svchost.exe[816] USER32.dll!GetAsyncKeyState 777E863C 6 Bytes JMP 7136000A

.text C:\Windows\system32\svchost.exe[816] USER32.dll!SetWindowsHookExW 777E87AD 6 Bytes JMP 718A000A

.text C:\Windows\system32\svchost.exe[816] USER32.dll!SetWinEventHook 777E9F3A 6 Bytes JMP 7121000A

.text C:\Windows\system32\svchost.exe[816] USER32.dll!GetKeyboardState 777EBD7D 3 Bytes [FF, 25, 1E]

.text C:\Windows\system32\svchost.exe[816] USER32.dll!GetKeyboardState + 4 777EBD81 2 Bytes [32, 71]

.text C:\Windows\system32\svchost.exe[816] USER32.dll!ShowWindow 777ECA10 3 Bytes [FF, 25, 1E]

.text C:\Windows\system32\svchost.exe[816] USER32.dll!ShowWindow + 4 777ECA14 2 Bytes [AD, 70]

.text C:\Windows\system32\svchost.exe[816] USER32.dll!CreateWindowExA 777EDC2A 6 Bytes JMP 704F000A

.text C:\Windows\system32\svchost.exe[816] USER32.dll!GetWindowTextA 777EF63C 6 Bytes JMP 70C3000A

.text C:\Windows\system32\svchost.exe[816] USER32.dll!CreateWindowExW 777F1305 6 Bytes JMP 704C000A

.text C:\Windows\system32\svchost.exe[816] USER32.dll!GetWindowTextW 777F2069 6 Bytes JMP 70C0000A

.text C:\Windows\system32\svchost.exe[816] USER32.dll!GetKeyState 777F8CB1 6 Bytes JMP 7139000A

.text C:\Windows\system32\svchost.exe[816] USER32.dll!DrawTextExW 777F91CE 6 Bytes JMP 7082000A

.text C:\Windows\system32\svchost.exe[816] USER32.dll!DrawTextW 777F97D3 6 Bytes JMP 7052000A

.text C:\Windows\system32\svchost.exe[816] USER32.dll!SetWindowTextW 777F9815 6 Bytes JMP 703A000A

.text C:\Windows\system32\svchost.exe[816] USER32.dll!DrawTextA 7780558D 6 Bytes JMP 7055000A

.text C:\Windows\system32\svchost.exe[816] USER32.dll!DrawTextExA 778055C4 6 Bytes JMP 7085000A

.text C:\Windows\system32\svchost.exe[816] USER32.dll!SetWindowTextA 7780A4E6 6 Bytes JMP 703D000A

.text C:\Windows\system32\svchost.exe[816] USER32.dll!DdeConnect 77829A1F 6 Bytes JMP 7130000A

.text C:\Windows\system32\svchost.exe[816] USER32.dll!EndTask 7782AD32 6 Bytes JMP 7148000A

.text C:\Windows\system32\svchost.exe[816] SHELL32.dll!ShellExecuteW 768C9725 6 Bytes JMP 7159000A

.text C:\Windows\system32\svchost.exe[816] SHELL32.dll!Shell_NotifyIconW 76908642 6 Bytes JMP 7088000A

.text C:\Windows\system32\svchost.exe[816] SHELL32.dll!ShellExecuteExW 7691C155 6 Bytes JMP 714E000A

.text C:\Windows\system32\svchost.exe[816] SHELL32.dll!ShellExecuteEx 76ACA292 6 Bytes JMP 7151000A

.text C:\Windows\system32\svchost.exe[816] SHELL32.dll!ShellExecuteA 76ACA32D 6 Bytes JMP 717A000A

.text C:\Windows\system32\svchost.exe[816] SHELL32.dll!Shell_NotifyIcon 76ACBAED 6 Bytes JMP 708B000A

.text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtLoadDriver 77BC48D4 3 Bytes [FF, 25, 1E]

.text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtLoadDriver + 4 77BC48D8 2 Bytes [5C, 71]

.text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtSuspendProcess 77BC5324 3 Bytes [FF, 25, 1E]

.text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtSuspendProcess + 4 77BC5328 2 Bytes [74, 71] {JZ 0x73}

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!TerminateProcess 774618EF 6 Bytes JMP 719F000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateProcessW 77461BF3 6 Bytes JMP 718A000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateProcessA 77461C28 6 Bytes JMP 718D000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!WriteProcessMemory 77461CB8 6 Bytes JMP 719C000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!VirtualProtect 77461DC3 6 Bytes JMP 710C000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!MoveFileW 7746A2F2 6 Bytes JMP 708B000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CopyFileExW 77470221 6 Bytes JMP 70EE000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CopyFileW 774702A9 6 Bytes JMP 70F4000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!DeleteFileW 7747F54E 6 Bytes JMP 70A0000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!DeleteFileA 7747F66A 6 Bytes JMP 70A3000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!MoveFileExW 77481160 6 Bytes JMP 7085000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!OpenMutexA 7748348F 6 Bytes JMP 70B8000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!DeviceIoControl 774850FF 6 Bytes JMP 70DF000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryExW + 173 774893EF 4 Bytes JMP 71AB000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryW 77489400 6 Bytes JMP 7196000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateMutexA 774894D1 6 Bytes JMP 70BE000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryA 7748957C 6 Bytes JMP 7199000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!GetVolumeInformationW 7748D876 6 Bytes JMP 7148000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!VirtualProtectEx 7748DC52 6 Bytes JMP 7160000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!TerminateThread 774A4413 6 Bytes JMP 7172000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadResource 774A6CFB 6 Bytes JMP 70FA000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!OpenProcess 774A7487 6 Bytes JMP 7082000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!GetProcAddress 774A925B 6 Bytes JMP 714E000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!WriteFile 774AABE1 6 Bytes JMP 70D0000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!OpenMutexW 774AACA5 6 Bytes JMP 70B5000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!VirtualAlloc 774AAF75 6 Bytes JMP 710F000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateFileW 774AB0EB 6 Bytes JMP 711B000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateThread 774ACB2E 6 Bytes JMP 7112000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateRemoteThread 774ACB55 3 Bytes [FF, 25, 1E]

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateRemoteThread + 4 774ACB59 2 Bytes [AD, 71]

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!WideCharToMultiByte 774ACE18 6 Bytes JMP 7091000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!MultiByteToWideChar 774ACEFB 6 Bytes JMP 70B2000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateFileA 774AD07F 6 Bytes JMP 7118000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateDirectoryW 774AD386 6 Bytes JMP 70D3000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateMutexW 774AD775 6 Bytes JMP 70BB000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!MoveFileExA 774B112A 6 Bytes JMP 7088000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!GetVolumeInformationA 774B14B7 6 Bytes JMP 714B000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CopyFileA 774B2653 6 Bytes JMP 70F7000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateToolhelp32Snapshot 774B68C7 6 Bytes JMP 7115000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateDirectoryA 774B7314 6 Bytes JMP 70D6000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!DebugActiveProcess 774E9BC1 6 Bytes JMP 716F000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!MoveFileA 774EF7A1 6 Bytes JMP 708E000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CopyFileExA 774F1B59 6 Bytes JMP 70F1000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!WinExec 774F60CF 6 Bytes JMP 717B000A

.text C:\Windows\system32\svchost.exe[1708] kernel32.dll!SetThreadContext 774F7E27 6 Bytes JMP 70CD000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegDeleteKeyA 764E1C8C 6 Bytes JMP 709D000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!OpenSCManagerA 764E2D93 6 Bytes JMP 7109000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegQueryValueA 764E30C8 6 Bytes JMP 7127000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegDeleteKeyW 764E38CD 6 Bytes JMP 709A000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyExA 764E39AB 6 Bytes JMP 7145000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyA 764E3BA9 6 Bytes JMP 713F000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegSetValueExA 764E3BEC 6 Bytes JMP 712D000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!OpenSCManagerW 764E7137 6 Bytes JMP 7106000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyA 764E89C7 6 Bytes JMP 7139000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!AdjustTokenPrivileges 764E99CD 6 Bytes JMP 70C1000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegQueryValueW 764F32D4 6 Bytes JMP 7124000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!LookupPrivilegeValueW 764F36FF 6 Bytes JMP 70C4000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyW 764F391E 6 Bytes JMP 713C000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!LookupPrivilegeValueA 764F3A0F 6 Bytes JMP 70C7000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegSetValueExW 764F3D5A 6 Bytes JMP 712A000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyExW 764F41F1 6 Bytes JMP 7142000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegQueryValueExA 764F7A9D 6 Bytes JMP 7121000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyExA 764F7C42 6 Bytes JMP 7133000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyW 764FE2B5 6 Bytes JMP 7136000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegQueryValueExW 7650765E 6 Bytes JMP 711E000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyExW 76507BA1 6 Bytes JMP 7130000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!OpenProcessToken 76507DDC 6 Bytes JMP 70CA000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!CreateServiceW 76509EB4 6 Bytes JMP 7157000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!LsaRemoveAccountRights 7652B569 6 Bytes JMP 71A2000A

.text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!CreateServiceA 765472A1 6 Bytes JMP 715A000A

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!RegisterRawInputDevices 777E6161 3 Bytes [FF, 25, 1E]

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!RegisterRawInputDevices + 4 777E6165 2 Bytes [50, 71]

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!SetWindowsHookExA 777E6322 6 Bytes JMP 7193000A

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!GetAsyncKeyState 777E863C 6 Bytes JMP 7169000A

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!SetWindowsHookExW 777E87AD 6 Bytes JMP 7190000A

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!SetWinEventHook 777E9F3A 6 Bytes JMP 7154000A

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!GetKeyboardState 777EBD7D 3 Bytes [FF, 25, 1E]

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!GetKeyboardState + 4 777EBD81 2 Bytes [65, 71]

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!ShowWindow 777ECA10 3 Bytes [FF, 25, 1E]

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!ShowWindow + 4 777ECA14 2 Bytes [FC, 70]

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!CreateWindowExA 777EDC2A 6 Bytes JMP 70A9000A

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!GetWindowTextA 777EF63C 6 Bytes JMP 7103000A

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!CreateWindowExW 777F1305 6 Bytes JMP 70A6000A

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!GetWindowTextW 777F2069 6 Bytes JMP 7100000A

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!GetKeyState 777F8CB1 6 Bytes JMP 716C000A

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!DrawTextExW 777F91CE 6 Bytes JMP 70E2000A

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!DrawTextW 777F97D3 6 Bytes JMP 70AC000A

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!SetWindowTextW 777F9815 6 Bytes JMP 7094000A

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!DrawTextA 7780558D 6 Bytes JMP 70AF000A

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!DrawTextExA 778055C4 6 Bytes JMP 70E5000A

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!SetWindowTextA 7780A4E6 6 Bytes JMP 7097000A

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!DdeConnect 77829A1F 6 Bytes JMP 7163000A

.text C:\Windows\system32\svchost.exe[1708] USER32.dll!EndTask 7782AD32 6 Bytes JMP 7178000A

.text C:\Windows\system32\svchost.exe[1708] WININET.dll!InternetOpenUrlA 7756E296 6 Bytes JMP 70DC000A

.text C:\Windows\system32\svchost.exe[1708] WININET.dll!InternetOpenUrlW 775CD9BA 6 Bytes JMP 70D9000A

.text C:\Windows\system32\svchost.exe[1708] shell32.dll!ShellExecuteW 768C9725 6 Bytes JMP 7184000A

.text C:\Windows\system32\svchost.exe[1708] shell32.dll!Shell_NotifyIconW 76908642 6 Bytes JMP 70E8000A

.text C:\Windows\system32\svchost.exe[1708] shell32.dll!ShellExecuteExW 7691C155 6 Bytes JMP 717E000A

.text C:\Windows\system32\svchost.exe[1708] shell32.dll!ShellExecuteEx 76ACA292 6 Bytes JMP 7181000A

.text C:\Windows\system32\svchost.exe[1708] shell32.dll!ShellExecuteA 76ACA32D 6 Bytes JMP 7187000A

.text C:\Windows\system32\svchost.exe[1708] shell32.dll!Shell_NotifyIcon 76ACBAED 6 Bytes JMP 70EB000A

.text C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe[2500] kernel32.dll!CreateThread + 1A 774ACB48 4 Bytes CALL 0044C4B9 C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools Security Component/PC Tools)

.text C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe[3224] kernel32.dll!LoadLibraryExW 7748927C 6 Bytes JMP 71A30F5A

.text C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe[3224] kernel32.dll!LoadLibraryExW + 173 774893EF 4 Bytes JMP 03C3000A

.text C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe[3224] kernel32.dll!LoadLibraryW 77489400 6 Bytes JMP 71A90F5A

.text C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe[3224] kernel32.dll!LoadLibraryExA 77489554 6 Bytes JMP 71A60F5A

.text C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe[3224] kernel32.dll!LoadLibraryA 7748957C 6 Bytes JMP 71AF0F5A

.text C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe[3224] kernel32.dll!GetProcAddress 774A925B 6 Bytes JMP 71A00F5A

.text C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe[3224] kernel32.dll!CreateRemoteThread + 175 774ACCCA 4 Bytes JMP 719D0000

.text C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe[3804] kernel32.dll!CreateThread + 1A 774ACB48 4 Bytes CALL 0044CD69 C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools Security Component/PC Tools)

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] ntdll.dll!NtLoadDriver 77BC48D4 3 Bytes [FF, 25, 1E]

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] ntdll.dll!NtLoadDriver + 4 77BC48D8 2 Bytes [65, 71]

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] ntdll.dll!NtSuspendProcess 77BC5324 3 Bytes [FF, 25, 1E]

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] ntdll.dll!NtSuspendProcess + 4 77BC5328 2 Bytes [7A, 71] {JP 0x73}

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] kernel32.dll!TerminateProcess 774618EF 6 Bytes JMP 71A5000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] kernel32.dll!CreateProcessW 77461BF3 6 Bytes JMP 7190000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] kernel32.dll!CreateProcessA 77461C28 6 Bytes JMP 7193000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] kernel32.dll!WriteProcessMemory 77461CB8 6 Bytes JMP 71A2000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] kernel32.dll!LoadLibraryExW + 173 774893EF 4 Bytes JMP 71AC000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] kernel32.dll!LoadLibraryW 77489400 6 Bytes JMP 719C000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] kernel32.dll!LoadLibraryA 7748957C 6 Bytes JMP 719F000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] kernel32.dll!TerminateThread 774A4413 6 Bytes JMP 7178000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] kernel32.dll!GetProcAddress 774A925B 6 Bytes JMP 7157000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] kernel32.dll!CreateRemoteThread 774ACB55 3 Bytes [FF, 25, 1E]

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] kernel32.dll!CreateRemoteThread + 4 774ACB59 2 Bytes [AE, 71]

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] kernel32.dll!DebugActiveProcess 774E9BC1 6 Bytes JMP 7175000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] kernel32.dll!WinExec 774F60CF 6 Bytes JMP 7181000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] ADVAPI32.dll!CreateServiceW 76509EB4 6 Bytes JMP 7160000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] ADVAPI32.dll!LsaRemoveAccountRights 7652B569 6 Bytes JMP 71A8000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] ADVAPI32.dll!CreateServiceA 765472A1 6 Bytes JMP 7163000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] USER32.dll!RegisterRawInputDevices 777E6161 3 Bytes [FF, 25, 1E]

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] USER32.dll!RegisterRawInputDevices + 4 777E6165 2 Bytes [59, 71]

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] USER32.dll!SetWindowsHookExA 777E6322 6 Bytes JMP 7199000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] USER32.dll!GetAsyncKeyState 777E863C 6 Bytes JMP 716F000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] USER32.dll!SetWindowsHookExW 777E87AD 6 Bytes JMP 7196000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] USER32.dll!SetWinEventHook 777E9F3A 6 Bytes JMP 715D000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] USER32.dll!GetKeyboardState 777EBD7D 3 Bytes [FF, 25, 1E]

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] USER32.dll!GetKeyboardState + 4 777EBD81 2 Bytes [6B, 71]

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] USER32.dll!GetKeyState 777F8CB1 6 Bytes JMP 7172000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] USER32.dll!DdeConnect 77829A1F 6 Bytes JMP 7169000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] USER32.dll!EndTask 7782AD32 6 Bytes JMP 717E000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] SHELL32.dll!ShellExecuteW 768C9725 6 Bytes JMP 718A000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] SHELL32.dll!ShellExecuteExW 7691C155 6 Bytes JMP 7184000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] SHELL32.dll!ShellExecuteEx 76ACA292 6 Bytes JMP 7187000A

.text C:\Users\Harveydf\Desktop\ssb8kw6s.exe[5280] SHELL32.dll!ShellExecuteA 76ACA32D 6 Bytes JMP 718D000A

---- User IAT/EAT - GMER 1.0.15 ----

harveydf · Apr 12, 2012

Gmer page 2
IAT C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe[2500] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044C610] C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools Security Component/PC Tools)

IAT C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe[2500] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044C610] C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools Security Component/PC Tools)

IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73DA7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73DFA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73DABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73D9F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73DA75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73D9E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73DD8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73DADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73D9FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73D9FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73D971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73E2CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73DCC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73D9D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73D96853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73D9687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73DA2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe[3804] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044CEC0] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools Security Component/PC Tools)

IAT C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe[3804] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044CEC0] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools Security Component/PC Tools)

IAT C:\Windows\Explorer.exe[4072] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [73DA7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[4072] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [73DFA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[4072] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73DABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[4072] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73D9F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[4072] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [73DA75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[4072] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73D9E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[4072] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73DD8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[4072] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73DADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[4072] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [73D9FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[4072] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [73D9FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[4072] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [73D971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[4072] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [73E2CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[4072] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [73DCC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[4072] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73D9D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[4072] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [73D96853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[4072] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [73D9687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[4072] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73DA2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[4072] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [6B4BF3FB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

AttachedDevice \Driver\tdx \Device\Udp pctgntdi.sys

AttachedDevice \Driver\tdx \Device\RawIp pctgntdi.sys

Device \Driver\86380245 \Device\KLMD16012012_207010 86648901.sys

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

---- EOF - GMER 1.0.15 ----

Broni · Apr 12, 2012

I don't see much there.

Where exactly did PC Doctor find that infection?

Did TDSSKIller find anything?
Can you post its log?

harveydf · Apr 13, 2012

I turned the power on to an external USB Harddrive 60GB's. I right clicked the drive to scan with PC Tools, it seems to be a much stronger tool than MSE. It started fine, but then quickly reported 40 case of ZeroAccess.Trogen. It got slower and slower until the computer crashed. It just got worse from that point on. TDSSKiller did not report any findings. Since it had taken me so long just to get back to the desktop, I hastily closed TDSSKiller and launched Rkill. My logic was time was important if I was going to get DDS and Gmer to run and produce a log.
I was stunned. All that work by you and me, just to get clobbered when I was completely updated. Well, I ran TDSSKiller again just before this post, maybe it will show a clue. Here is the log.
21:16:37.0068 2580 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
21:16:37.0083 2580 ============================================================
21:16:37.0083 2580 Current date / time: 2012/04/12 21:16:37.0083
21:16:37.0083 2580 SystemInfo:
21:16:37.0083 2580
21:16:37.0083 2580 OS Version: 6.0.6002 ServicePack: 2.0
21:16:37.0083 2580 Product type: Workstation
21:16:37.0083 2580 ComputerName: HARVEYDF-PC
21:16:37.0083 2580 UserName: Harveydf
21:16:37.0083 2580 Windows directory: C:\Windows
21:16:37.0083 2580 System windows directory: C:\Windows
21:16:37.0083 2580 Processor architecture: Intel x86
21:16:37.0083 2580 Number of processors: 4
21:16:37.0083 2580 Page size: 0x1000
21:16:37.0083 2580 Boot type: Normal boot
21:16:37.0083 2580 ============================================================
21:16:37.0411 2580 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:16:37.0427 2580 Drive \Device\Harddisk1\DR1 - Size: 0x79280000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:16:37.0427 2580 \Device\Harddisk0\DR0:
21:16:37.0427 2580 MBR used
21:16:37.0427 2580 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x160FD61
21:16:37.0427 2580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x160FDA0, BlocksNum 0x28884A88
21:16:37.0427 2580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x29EC6386, BlocksNum 0x30D3CB3
21:16:37.0458 2580 \Device\Harddisk1\DR1:
21:16:37.0458 2580 MBR used
21:16:37.0458 2580 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3C93C1
21:16:37.0567 2580 Initialize success
21:16:37.0567 2580 ============================================================
21:16:39.0938 2816 ============================================================
21:16:39.0938 2816 Scan started
21:16:39.0938 2816 Mode: Manual;
21:16:39.0938 2816 ============================================================
21:16:40.0328 2816 6594252drv (d45d320418ad6c36cefb59c34540257a) C:\Windows\system32\DRIVERS\6594252drv.sys
21:16:40.0328 2816 6594252drv - ok
21:16:40.0422 2816 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
21:16:40.0422 2816 ac97intc - ok
21:16:40.0515 2816 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:16:40.0515 2816 ACPI - ok
21:16:40.0640 2816 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys
21:16:40.0640 2816 adfs - ok
21:16:40.0827 2816 Adobe Version Cue CS4 (9444a3530c2e88b7ed96a566ff9ccc13) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
21:16:40.0827 2816 Adobe Version Cue CS4 - ok
21:16:40.0874 2816 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:16:40.0874 2816 adp94xx - ok
21:16:40.0905 2816 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:16:40.0905 2816 adpahci - ok
21:16:40.0921 2816 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:16:40.0921 2816 adpu160m - ok
21:16:40.0952 2816 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:16:40.0952 2816 adpu320 - ok
21:16:41.0077 2816 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:16:41.0077 2816 AeLookupSvc - ok
21:16:41.0217 2816 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:16:41.0217 2816 AFD - ok
21:16:41.0249 2816 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
21:16:41.0249 2816 agp440 - ok
21:16:41.0264 2816 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:16:41.0264 2816 aic78xx - ok
21:16:41.0295 2816 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:16:41.0295 2816 ALG - ok
21:16:41.0358 2816 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
21:16:41.0358 2816 aliide - ok
21:16:41.0405 2816 ALSysIO - ok
21:16:41.0529 2816 AMD External Events Utility (cde41d99db840ff9454fc981ebd0ec50) C:\Windows\system32\atiesrxx.exe
21:16:41.0529 2816 AMD External Events Utility - ok
21:16:41.0607 2816 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
21:16:41.0607 2816 amdagp - ok
21:16:41.0685 2816 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
21:16:41.0685 2816 amdide - ok
21:16:41.0732 2816 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:16:41.0732 2816 AmdK7 - ok
21:16:41.0779 2816 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:16:41.0779 2816 AmdK8 - ok
21:16:43.0074 2816 amdkmdag (ffd082f1f1d4ff5c87f66df62486bcfa) C:\Windows\system32\DRIVERS\atikmdag.sys
21:16:43.0136 2816 amdkmdag - ok
21:16:43.0386 2816 amdkmdap (c541da5b72fa638469e8dc1e66079330) C:\Windows\system32\DRIVERS\atikmpag.sys
21:16:43.0386 2816 amdkmdap - ok
21:16:43.0417 2816 AOL ACS - ok
21:16:43.0433 2816 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:16:43.0433 2816 Appinfo - ok
21:16:43.0464 2816 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:16:43.0464 2816 arc - ok
21:16:43.0479 2816 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:16:43.0479 2816 arcsas - ok
21:16:43.0604 2816 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:16:43.0604 2816 aspnet_state - ok
21:16:43.0682 2816 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:16:43.0682 2816 AsyncMac - ok
21:16:43.0713 2816 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:16:43.0713 2816 atapi - ok
21:16:43.0776 2816 AtiHDAudioService (9f7ccf1d6faf646f71f029a30ded2dc7) C:\Windows\system32\drivers\AtihdLH3.sys
21:16:43.0776 2816 AtiHDAudioService - ok
21:16:45.0258 2816 atikmdag (ffd082f1f1d4ff5c87f66df62486bcfa) C:\Windows\system32\DRIVERS\atikmdag.sys
21:16:45.0320 2816 atikmdag - ok
21:16:45.0414 2816 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:16:45.0429 2816 AudioEndpointBuilder - ok
21:16:45.0429 2816 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:16:45.0445 2816 Audiosrv - ok
21:16:45.0492 2816 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
21:16:45.0492 2816 bcm4sbxp - ok
21:16:45.0585 2816 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:16:45.0585 2816 Beep - ok
21:16:45.0695 2816 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
21:16:45.0695 2816 BFE - ok
21:16:45.0757 2816 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
21:16:45.0757 2816 BITS - ok
21:16:45.0773 2816 blbdrive - ok
21:16:45.0866 2816 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
21:16:45.0866 2816 Bonjour Service - ok
21:16:45.0944 2816 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:16:45.0944 2816 bowser - ok
21:16:46.0038 2816 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:16:46.0038 2816 BrFiltLo - ok
21:16:46.0116 2816 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:16:46.0116 2816 BrFiltUp - ok
21:16:46.0225 2816 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:16:46.0225 2816 Browser - ok
21:16:46.0256 2816 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:16:46.0256 2816 Brserid - ok
21:16:46.0272 2816 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:16:46.0272 2816 BrSerWdm - ok
21:16:46.0287 2816 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:16:46.0287 2816 BrUsbMdm - ok
21:16:46.0350 2816 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:16:46.0350 2816 BrUsbSer - ok
21:16:46.0412 2816 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:16:46.0412 2816 BTHMODEM - ok
21:16:46.0428 2816 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:16:46.0428 2816 cdfs - ok
21:16:46.0459 2816 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:16:46.0459 2816 cdrom - ok
21:16:46.0553 2816 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:16:46.0553 2816 CertPropSvc - ok
21:16:46.0631 2816 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:16:46.0646 2816 circlass - ok
21:16:46.0755 2816 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:16:46.0755 2816 CLFS - ok
21:16:46.0818 2816 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:16:46.0818 2816 clr_optimization_v2.0.50727_32 - ok
21:16:46.0958 2816 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:16:46.0958 2816 clr_optimization_v4.0.30319_32 - ok
21:16:47.0021 2816 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
21:16:47.0021 2816 CmBatt - ok
21:16:47.0083 2816 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
21:16:47.0083 2816 cmdide - ok
21:16:47.0177 2816 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:16:47.0177 2816 Compbatt - ok
21:16:47.0208 2816 COMSysApp - ok
21:16:47.0286 2816 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
21:16:47.0286 2816 cpuz135 - ok
21:16:47.0364 2816 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:16:47.0364 2816 crcdisk - ok
21:16:47.0426 2816 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:16:47.0426 2816 Crusoe - ok
21:16:47.0457 2816 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
21:16:47.0457 2816 CryptSvc - ok
21:16:47.0520 2816 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:16:47.0520 2816 DcomLaunch - ok
21:16:47.0567 2816 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:16:47.0567 2816 DfsC - ok
21:16:48.0159 2816 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
21:16:48.0191 2816 DFSR - ok
21:16:48.0237 2816 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
21:16:48.0237 2816 Dhcp - ok
21:16:48.0253 2816 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:16:48.0269 2816 disk - ok
21:16:48.0300 2816 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
21:16:48.0300 2816 Dnscache - ok
21:16:48.0331 2816 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
21:16:48.0331 2816 dot3svc - ok
21:16:48.0440 2816 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
21:16:48.0440 2816 Dot4 - ok
21:16:48.0471 2816 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:16:48.0471 2816 Dot4Print - ok
21:16:48.0503 2816 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
21:16:48.0503 2816 dot4usb - ok
21:16:48.0612 2816 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:16:48.0612 2816 DPS - ok
21:16:48.0721 2816 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:16:48.0721 2816 drmkaud - ok
21:16:48.0783 2816 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:16:48.0799 2816 DXGKrnl - ok
21:16:48.0830 2816 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:16:48.0830 2816 E1G60 - ok
21:16:48.0861 2816 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:16:48.0861 2816 EapHost - ok
21:16:48.0893 2816 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:16:48.0893 2816 Ecache - ok
21:16:48.0955 2816 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
21:16:48.0955 2816 ehRecvr - ok
21:16:49.0002 2816 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
21:16:49.0002 2816 ehSched - ok
21:16:49.0033 2816 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
21:16:49.0033 2816 ehstart - ok
21:16:49.0064 2816 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:16:49.0064 2816 elxstor - ok
21:16:49.0111 2816 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
21:16:49.0111 2816 EMDMgmt - ok
21:16:49.0142 2816 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
21:16:49.0142 2816 EventSystem - ok
21:16:49.0220 2816 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:16:49.0220 2816 exfat - ok
21:16:49.0251 2816 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:16:49.0251 2816 fastfat - ok
21:16:49.0267 2816 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:16:49.0267 2816 fdc - ok
21:16:49.0329 2816 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:16:49.0345 2816 fdPHost - ok
21:16:49.0439 2816 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:16:49.0454 2816 FDResPub - ok
21:16:49.0470 2816 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:16:49.0470 2816 FileInfo - ok
21:16:49.0501 2816 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:16:49.0501 2816 Filetrace - ok
21:16:49.0595 2816 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:16:49.0595 2816 FLEXnet Licensing Service - ok
21:16:49.0626 2816 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:16:49.0626 2816 flpydisk - ok
21:16:49.0657 2816 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:16:49.0657 2816 FltMgr - ok
21:16:49.0704 2816 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
21:16:49.0719 2816 FontCache - ok
21:16:49.0782 2816 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:16:49.0782 2816 FontCache3.0.0.0 - ok
21:16:49.0797 2816 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
21:16:49.0797 2816 Fs_Rec - ok
21:16:49.0829 2816 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:16:49.0829 2816 gagp30kx - ok
21:16:49.0891 2816 GameConsoleService (18d33bf4e02a6c243613357d1719d913) C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
21:16:49.0891 2816 GameConsoleService - ok
21:16:49.0922 2816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:16:49.0922 2816 GEARAspiWDM - ok
21:16:49.0969 2816 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
21:16:49.0985 2816 gpsvc - ok

harveydf · Apr 13, 2012

Page 2
21:16:50.0031 2816 gupdate - ok
21:16:50.0031 2816 gupdatem - ok
21:16:50.0078 2816 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:16:50.0078 2816 gusvc - ok
21:16:50.0141 2816 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
21:16:50.0141 2816 HdAudAddService - ok
21:16:50.0172 2816 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:16:50.0172 2816 HDAudBus - ok
21:16:50.0203 2816 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:16:50.0203 2816 HidBth - ok
21:16:50.0219 2816 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:16:50.0234 2816 HidIr - ok
21:16:50.0265 2816 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
21:16:50.0265 2816 hidserv - ok
21:16:50.0281 2816 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:16:50.0281 2816 HidUsb - ok
21:16:50.0312 2816 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:16:50.0328 2816 hkmsvc - ok
21:16:50.0359 2816 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:16:50.0359 2816 HpCISSs - ok
21:16:50.0390 2816 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:16:50.0406 2816 HSF_DPV - ok
21:16:50.0437 2816 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
21:16:50.0437 2816 HSXHWBS2 - ok
21:16:50.0468 2816 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:16:50.0468 2816 HTTP - ok
21:16:50.0499 2816 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:16:50.0499 2816 i2omp - ok
21:16:50.0515 2816 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:16:50.0531 2816 i8042prt - ok
21:16:50.0562 2816 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
21:16:50.0593 2816 ialm - ok
21:16:50.0609 2816 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:16:50.0609 2816 iaStorV - ok
21:16:50.0671 2816 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:16:50.0687 2816 idsvc - ok
21:16:50.0702 2816 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:16:50.0702 2816 iirsp - ok
21:16:50.0749 2816 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
21:16:50.0749 2816 IKEEXT - ok
21:16:50.0905 2816 IntcAzAudAddService (d4394a481b845cc1df361a85751c071a) C:\Windows\system32\drivers\RTKVHDA.sys
21:16:50.0921 2816 IntcAzAudAddService - ok
21:16:51.0108 2816 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
21:16:51.0108 2816 intelide - ok
21:16:51.0155 2816 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
21:16:51.0155 2816 intelppm - ok
21:16:51.0233 2816 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
21:16:51.0233 2816 IntuitUpdateService - ok
21:16:51.0264 2816 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:16:51.0264 2816 IPBusEnum - ok
21:16:51.0295 2816 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:16:51.0295 2816 IpFilterDriver - ok
21:16:51.0326 2816 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
21:16:51.0326 2816 iphlpsvc - ok
21:16:51.0342 2816 IpInIp - ok
21:16:51.0357 2816 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:16:51.0357 2816 IPMIDRV - ok
21:16:51.0389 2816 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:16:51.0389 2816 IPNAT - ok
21:16:51.0389 2816 iPod Service - ok
21:16:51.0420 2816 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:16:51.0420 2816 IRENUM - ok
21:16:51.0435 2816 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
21:16:51.0435 2816 isapnp - ok
21:16:51.0467 2816 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:16:51.0467 2816 iScsiPrt - ok
21:16:51.0482 2816 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:16:51.0482 2816 iteatapi - ok
21:16:51.0498 2816 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:16:51.0498 2816 iteraid - ok
21:16:51.0529 2816 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:16:51.0529 2816 kbdclass - ok
21:16:51.0623 2816 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:16:51.0623 2816 kbdhid - ok
21:16:51.0685 2816 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:16:51.0685 2816 KeyIso - ok
21:16:51.0763 2816 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:16:51.0763 2816 KSecDD - ok
21:16:51.0872 2816 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:16:51.0888 2816 KtmRm - ok
21:16:51.0950 2816 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
21:16:51.0950 2816 LanmanServer - ok
21:16:51.0997 2816 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
21:16:51.0997 2816 LanmanWorkstation - ok
21:16:52.0044 2816 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:16:52.0044 2816 lltdio - ok
21:16:52.0075 2816 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:16:52.0075 2816 lltdsvc - ok
21:16:52.0106 2816 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:16:52.0106 2816 lmhosts - ok
21:16:52.0137 2816 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:16:52.0137 2816 LSI_FC - ok
21:16:52.0153 2816 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:16:52.0153 2816 LSI_SAS - ok
21:16:52.0169 2816 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:16:52.0169 2816 LSI_SCSI - ok
21:16:52.0200 2816 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:16:52.0200 2816 luafv - ok
21:16:52.0247 2816 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\Windows\system32\Drivers\LUsbFilt.Sys
21:16:52.0247 2816 LUsbFilt - ok
21:16:52.0293 2816 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
21:16:52.0293 2816 Mcx2Svc - ok
21:16:52.0387 2816 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
21:16:52.0387 2816 MDM - ok
21:16:52.0496 2816 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:16:52.0496 2816 mdmxsdk - ok
21:16:52.0512 2816 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:16:52.0512 2816 megasas - ok
21:16:52.0559 2816 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:16:52.0574 2816 MMCSS - ok
21:16:52.0590 2816 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:16:52.0590 2816 Modem - ok
21:16:52.0668 2816 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:16:52.0668 2816 monitor - ok
21:16:52.0746 2816 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:16:52.0746 2816 mouclass - ok
21:16:52.0839 2816 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:16:52.0839 2816 mouhid - ok
21:16:52.0980 2816 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:16:52.0980 2816 MountMgr - ok
21:16:53.0058 2816 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
21:16:53.0058 2816 MpFilter - ok
21:16:53.0073 2816 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:16:53.0073 2816 mpio - ok
21:16:53.0089 2816 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:16:53.0105 2816 MpNWMon - ok
21:16:53.0151 2816 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:16:53.0151 2816 mpsdrv - ok
21:16:53.0167 2816 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
21:16:53.0183 2816 MpsSvc - ok
21:16:53.0214 2816 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:16:53.0214 2816 Mraid35x - ok
21:16:53.0261 2816 MREMP50a64 - ok
21:16:53.0307 2816 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:16:53.0307 2816 MRxDAV - ok
21:16:53.0354 2816 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:16:53.0370 2816 mrxsmb - ok
21:16:53.0432 2816 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:16:53.0432 2816 mrxsmb10 - ok
21:16:53.0463 2816 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:16:53.0463 2816 mrxsmb20 - ok
21:16:53.0510 2816 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
21:16:53.0510 2816 msahci - ok
21:16:53.0526 2816 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:16:53.0526 2816 msdsm - ok
21:16:53.0557 2816 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:16:53.0557 2816 MSDTC - ok
21:16:53.0588 2816 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:16:53.0588 2816 Msfs - ok
21:16:53.0604 2816 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:16:53.0604 2816 msisadrv - ok
21:16:53.0651 2816 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:16:53.0666 2816 MSiSCSI - ok
21:16:53.0697 2816 msiserver - ok
21:16:53.0729 2816 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:16:53.0729 2816 MSKSSRV - ok
21:16:53.0775 2816 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
21:16:53.0775 2816 MsMpSvc - ok
21:16:53.0822 2816 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:16:53.0838 2816 MSPCLOCK - ok
21:16:53.0869 2816 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:16:53.0869 2816 MSPQM - ok
21:16:53.0885 2816 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:16:53.0900 2816 MsRPC - ok
21:16:53.0916 2816 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:16:53.0916 2816 mssmbios - ok
21:16:53.0916 2816 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:16:53.0916 2816 MSTEE - ok
21:16:53.0947 2816 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:16:53.0947 2816 Mup - ok
21:16:54.0056 2816 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
21:16:54.0056 2816 napagent - ok
21:16:54.0119 2816 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:16:54.0119 2816 NativeWifiP - ok
21:16:54.0150 2816 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:16:54.0150 2816 NDIS - ok
21:16:54.0165 2816 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:16:54.0165 2816 NdisTapi - ok
21:16:54.0212 2816 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:16:54.0212 2816 Ndisuio - ok
21:16:54.0228 2816 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:16:54.0243 2816 NdisWan - ok
21:16:54.0259 2816 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:16:54.0259 2816 NDProxy - ok
21:16:54.0290 2816 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:16:54.0290 2816 NetBIOS - ok
21:16:54.0321 2816 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:16:54.0321 2816 netbt - ok
21:16:54.0353 2816 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:16:54.0353 2816 Netlogon - ok
21:16:54.0384 2816 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:16:54.0384 2816 Netman - ok
21:16:54.0446 2816 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:16:54.0446 2816 NetMsmqActivator - ok
21:16:54.0446 2816 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:16:54.0446 2816 NetPipeActivator - ok
21:16:54.0477 2816 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:16:54.0477 2816 netprofm - ok
21:16:54.0493 2816 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:16:54.0493 2816 NetTcpActivator - ok
21:16:54.0493 2816 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:16:54.0493 2816 NetTcpPortSharing - ok
21:16:54.0571 2816 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
21:16:54.0633 2816 NETw2v32 - ok
21:16:54.0649 2816 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:16:54.0649 2816 nfrd960 - ok
21:16:54.0680 2816 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:16:54.0680 2816 NisDrv - ok
21:16:54.0758 2816 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
21:16:54.0758 2816 NisSrv - ok
21:16:54.0789 2816 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:16:54.0805 2816 NlaSvc - ok
21:16:54.0821 2816 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:16:54.0836 2816 Npfs - ok
21:16:54.0852 2816 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:16:54.0852 2816 nsi - ok
21:16:54.0867 2816 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:16:54.0883 2816 nsiproxy - ok
21:16:54.0930 2816 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:16:54.0930 2816 Ntfs - ok
21:16:54.0961 2816 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:16:54.0961 2816 ntrigdigi - ok
21:16:54.0977 2816 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:16:54.0977 2816 Null - ok
21:16:55.0023 2816 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
21:16:55.0023 2816 NVENETFD - ok
21:16:55.0055 2816 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
21:16:55.0055 2816 NVNET - ok
21:16:55.0070 2816 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:16:55.0070 2816 nvraid - ok
21:16:55.0101 2816 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:16:55.0101 2816 nvstor - ok
21:16:55.0117 2816 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
21:16:55.0117 2816 nvstor32 - ok
21:16:55.0133 2816 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
21:16:55.0133 2816 nv_agp - ok
21:16:55.0148 2816 NwlnkFlt - ok
21:16:55.0148 2816 NwlnkFwd - ok
21:16:55.0226 2816 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:16:55.0242 2816 odserv - ok
21:16:55.0257 2816 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
21:16:55.0257 2816 ohci1394 - ok
21:16:55.0289 2816 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:16:55.0289 2816 ose - ok
21:16:55.0320 2816 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:16:55.0320 2816 p2pimsvc - ok
21:16:55.0351 2816 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:16:55.0351 2816 p2psvc - ok
21:16:55.0382 2816 PalmUSBD (803cf09c795290825607505d37819135) C:\Windows\system32\drivers\PalmUSBD.sys
21:16:55.0382 2816 PalmUSBD - ok
21:16:55.0398 2816 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:16:55.0398 2816 Parport - ok
21:16:55.0429 2816 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\Windows\system32\drivers\Partizan.sys
21:16:55.0429 2816 Partizan - ok
21:16:55.0460 2816 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:16:55.0460 2816 partmgr - ok
21:16:55.0476 2816 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:16:55.0476 2816 Parvdm - ok
21:16:55.0491 2816 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:16:55.0491 2816 PcaSvc - ok
21:16:55.0523 2816 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:16:55.0523 2816 pci - ok
21:16:55.0538 2816 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:16:55.0538 2816 pciide - ok
21:16:55.0554 2816 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
21:16:55.0569 2816 pcmcia - ok
21:16:55.0601 2816 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\Windows\system32\drivers\PCTCore.sys
21:16:55.0601 2816 PCTCore - ok
21:16:55.0632 2816 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\Windows\system32\drivers\pctDS.sys
21:16:55.0632 2816 pctDS - ok
21:16:55.0663 2816 pctgntdi (cee55a1df92cb30f87280b6a04aadce8) C:\Windows\System32\drivers\pctgntdi.sys
21:16:55.0663 2816 pctgntdi - ok
21:16:55.0725 2816 PCToolsSSDMonitorSvc (a0937771070bf59468b4939dd0ae59fd) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
21:16:55.0725 2816 PCToolsSSDMonitorSvc - ok
21:16:55.0772 2816 pctplsg (061b86fd64a61ad187efc788d6c408b0) C:\Windows\System32\drivers\pctplsg.sys
21:16:55.0772 2816 pctplsg - ok
21:16:55.0788 2816 PCTSD (eb98f7514dcf1b922b318e6182d836b1) C:\Windows\system32\Drivers\PCTSD.sys
21:16:55.0788 2816 PCTSD - ok
21:16:55.0819 2816 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:16:55.0819 2816 PEAUTH - ok
21:16:55.0881 2816 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:16:55.0897 2816 pla - ok
21:16:55.0928 2816 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
21:16:55.0928 2816 PlugPlay - ok
21:16:55.0975 2816 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:16:55.0975 2816 PNRPAutoReg - ok
21:16:55.0991 2816 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:16:56.0006 2816 PNRPsvc - ok
21:16:56.0037 2816 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
21:16:56.0037 2816 PolicyAgent - ok
21:16:56.0115 2816 PORTMON - ok
21:16:56.0131 2816 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:16:56.0131 2816 PptpMiniport - ok
21:16:56.0162 2816 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
21:16:56.0162 2816 Processor - ok
21:16:56.0209 2816 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
21:16:56.0209 2816 ProfSvc - ok
21:16:56.0240 2816 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:16:56.0240 2816 ProtectedStorage - ok
21:16:56.0271 2816 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:16:56.0271 2816 PSched - ok
21:16:56.0303 2816 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
21:16:56.0303 2816 PSI - ok
21:16:56.0349 2816 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:16:56.0349 2816 ql2300 - ok
21:16:56.0365 2816 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:16:56.0365 2816 ql40xx - ok
21:16:56.0412 2816 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:16:56.0412 2816 QWAVE - ok
21:16:56.0427 2816 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:16:56.0427 2816 QWAVEdrv - ok
21:16:56.0459 2816 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:16:56.0459 2816 RasAcd - ok
21:16:56.0490 2816 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:16:56.0490 2816 RasAuto - ok
21:16:56.0490 2816 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:16:56.0505 2816 Rasl2tp - ok
21:16:56.0521 2816 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
21:16:56.0537 2816 RasMan - ok
21:16:56.0552 2816 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:16:56.0552 2816 RasPppoe - ok
21:16:56.0583 2816 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:16:56.0583 2816 RasSstp - ok
21:16:56.0615 2816 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:16:56.0615 2816 rdbss - ok
21:16:56.0646 2816 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:16:56.0646 2816 RDPCDD - ok
21:16:56.0677 2816 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
21:16:56.0677 2816 rdpdr - ok
21:16:56.0693 2816 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:16:56.0693 2816 RDPENCDD - ok
21:16:56.0739 2816 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
21:16:56.0755 2816 RDPWD - ok
21:16:56.0786 2816 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\Windows\system32\Drivers\regguard.sys
21:16:56.0786 2816 RegGuard - ok
21:16:56.0802 2816 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:16:56.0802 2816 RemoteAccess - ok
21:16:56.0833 2816 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
21:16:56.0833 2816 RemoteRegistry - ok
21:16:56.0864 2816 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:16:56.0864 2816 RpcLocator - ok
21:16:56.0880 2816 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
21:16:56.0895 2816 RpcSs - ok
21:16:56.0927 2816 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:16:56.0927 2816 rspndr - ok
21:16:56.0942 2816 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:16:56.0942 2816 SamSs - ok
21:16:56.0973 2816 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:16:56.0973 2816 sbp2port - ok
21:16:56.0989 2816 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
21:16:56.0989 2816 SCardSvr - ok
21:16:57.0036 2816 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
21:16:57.0036 2816 Schedule - ok
21:16:57.0067 2816 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:16:57.0067 2816 SCPolicySvc - ok
21:16:57.0129 2816 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
21:16:57.0129 2816 sdAuxService - ok
21:16:57.0145 2816 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
21:16:57.0145 2816 sdbus - ok
21:16:57.0192 2816 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
21:16:57.0192 2816 sdCoreService - ok
21:16:57.0223 2816 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:16:57.0223 2816 SDRSVC - ok
21:16:57.0254 2816 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:16:57.0254 2816 secdrv - ok
21:16:57.0285 2816 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:16:57.0285 2816 seclogon - ok
21:16:57.0395 2816 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files\Secunia\PSI\PSIA.exe
21:16:57.0395 2816 Secunia PSI Agent - ok
21:16:57.0410 2816 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
21:16:57.0410 2816 SENS - ok
21:16:57.0426 2816 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:16:57.0426 2816 Serenum - ok
21:16:57.0457 2816 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:16:57.0457 2816 Serial - ok
21:16:57.0473 2816 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:16:57.0488 2816 sermouse - ok
21:16:57.0504 2816 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:16:57.0519 2816 SessionEnv - ok
21:16:57.0535 2816 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
21:16:57.0535 2816 sffdisk - ok
21:16:57.0535 2816 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
21:16:57.0535 2816 sffp_mmc - ok
21:16:57.0566 2816 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
21:16:57.0566 2816 sffp_sd - ok
21:16:57.0582 2816 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:16:57.0582 2816 sfloppy - ok
21:16:57.0629 2816 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
21:16:57.0644 2816 SharedAccess - ok
21:16:57.0660 2816 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
21:16:57.0675 2816 ShellHWDetection - ok
21:16:57.0707 2816 silabenm (3ead8e1668ce42a0afe41d56e7157bcf) C:\Windows\system32\DRIVERS\silabenm.sys
21:16:57.0707 2816 silabenm - ok
21:16:57.0738 2816 silabser (177d3ebf3e236a272d769c14f73ecc3e) C:\Windows\system32\DRIVERS\silabser.sys
21:16:57.0738 2816 silabser - ok
21:16:57.0753 2816 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
21:16:57.0753 2816 sisagp - ok
21:16:57.0769 2816 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:16:57.0769 2816 SiSRaid2 - ok
21:16:57.0785 2816 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:16:57.0785 2816 SiSRaid4 - ok
21:16:57.0878 2816 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
21:16:57.0894 2816 slsvc - ok
21:16:57.0941 2816 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
21:16:57.0941 2816 SLUINotify - ok
21:16:57.0972 2816 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:16:57.0972 2816 Smb - ok
21:16:58.0003 2816 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\Windows\system32\DRIVERS\snapman.sys
21:16:58.0003 2816 snapman - ok
21:16:58.0034 2816 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:16:58.0034 2816 SNMPTRAP - ok
21:16:58.0050 2816 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:16:58.0050 2816 spldr - ok
21:16:58.0081 2816 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
21:16:58.0081 2816 Spooler - ok
21:16:58.0112 2816 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:16:58.0112 2816 srv - ok
21:16:58.0128 2816 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:16:58.0128 2816 srv2 - ok
21:16:58.0159 2816 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:16:58.0159 2816 srvnet - ok
21:16:58.0175 2816 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:16:58.0175 2816 SSDPSRV - ok
21:16:58.0206 2816 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:16:58.0206 2816 SstpSvc - ok
21:16:58.0237 2816 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
21:16:58.0253 2816 stisvc - ok
21:16:58.0284 2816 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:16:58.0284 2816 swenum - ok
21:16:58.0299 2816 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
21:16:58.0315 2816 swprv - ok
21:16:58.0331 2816 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:16:58.0331 2816 Symc8xx - ok
21:16:58.0346 2816 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:16:58.0346 2816 Sym_hi - ok
21:16:58.0362 2816 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:16:58.0362 2816 Sym_u3 - ok
21:16:58.0409 2816 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
21:16:58.0409 2816 SysMain - ok
21:16:58.0424 2816 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:16:58.0424 2816 TabletInputService - ok
21:16:58.0455 2816 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
21:16:58.0455 2816 TapiSrv - ok
21:16:58.0487 2816 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:16:58.0487 2816 TBS - ok
21:16:58.0533 2816 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
21:16:58.0533 2816 Tcpip - ok
21:16:58.0565 2816 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
21:16:58.0565 2816 Tcpip6 - ok
21:16:58.0580 2816 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
21:16:58.0580 2816 tcpipreg - ok
21:16:58.0611 2816 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:16:58.0611 2816 TDPIPE - ok
21:16:58.0643 2816 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\Windows\system32\DRIVERS\tdrpman.sys
21:16:58.0643 2816 tdrpman - ok
21:16:58.0658 2816 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:16:58.0658 2816 TDTCP - ok
21:16:58.0689 2816 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:16:58.0689 2816 tdx - ok
21:16:58.0721 2816 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:16:58.0721 2816 TermDD - ok
21:16:58.0752 2816 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
21:16:58.0767 2816 TermService - ok
21:16:58.0783 2816 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\Windows\system32\drivers\TfFsMon.sys
21:16:58.0799 2816 TfFsMon - ok
21:16:58.0814 2816 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\Windows\system32\drivers\TfNetMon.sys
21:16:58.0814 2816 TfNetMon - ok
21:16:58.0861 2816 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\Windows\system32\drivers\TfSysMon.sys
21:16:58.0861 2816 TFSysMon - ok
21:16:58.0892 2816 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
21:16:58.0892 2816 Themes - ok
21:16:58.0908 2816 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:16:58.0923 2816 THREADORDER - ok
21:16:58.0970 2816 ThreatFire - ok
21:16:58.0986 2816 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
21:16:58.0986 2816 tifsfilter - ok
21:16:59.0017 2816 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
21:16:59.0017 2816 timounter - ok
21:16:59.0033 2816 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:16:59.0033 2816 TrkWks - ok
21:16:59.0064 2816 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
21:16:59.0064 2816 TrustedInstaller - ok
21:16:59.0095 2816 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:16:59.0095 2816 tssecsrv - ok
21:16:59.0126 2816 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:16:59.0126 2816 tunmp - ok
21:16:59.0142 2816 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:16:59.0142 2816 tunnel - ok
21:16:59.0173 2816 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:16:59.0173 2816 uagp35 - ok
21:16:59.0204 2816 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:16:59.0204 2816 udfs - ok
21:16:59.0235 2816 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:16:59.0235 2816 UI0Detect - ok
21:16:59.0251 2816 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
21:16:59.0251 2816 uliagpkx - ok
21:16:59.0267 2816 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:16:59.0267 2816 uliahci - ok
21:16:59.0298 2816 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:16:59.0298 2816 UlSata - ok
21:16:59.0298 2816 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:16:59.0313 2816 ulsata2 - ok
21:16:59.0329 2816 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:16:59.0329 2816 umbus - ok
21:16:59.0360 2816 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:16:59.0360 2816 upnphost - ok
21:16:59.0391 2816 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:16:59.0391 2816 usbccgp - ok
21:16:59.0407 2816 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:16:59.0407 2816 usbcir - ok
21:16:59.0438 2816 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:16:59.0438 2816 usbehci - ok
21:16:59.0454 2816 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:16:59.0469 2816 usbhub - ok
21:16:59.0469 2816 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
21:16:59.0469 2816 usbohci - ok
21:16:59.0485 2816 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:16:59.0485 2816 usbprint - ok
21:16:59.0516 2816 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:16:59.0516 2816 usbscan - ok
21:16:59.0547 2816 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:16:59.0547 2816 USBSTOR - ok
21:16:59.0563 2816 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
21:16:59.0563 2816 usbuhci - ok
21:16:59.0579 2816 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
21:16:59.0594 2816 UxSms - ok
21:16:59.0610 2816 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
21:16:59.0625 2816 vds - ok
21:16:59.0657 2816 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:16:59.0657 2816 vga - ok
21:16:59.0672 2816 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:16:59.0672 2816 VgaSave - ok
21:16:59.0688 2816 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
21:16:59.0688 2816 viaagp - ok
21:16:59.0703 2816 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:16:59.0703 2816 ViaC7 - ok
21:16:59.0719 2816 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
21:16:59.0719 2816 viaide - ok
21:16:59.0750 2816 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:16:59.0750 2816 volmgr - ok
21:16:59.0781 2816 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:16:59.0797 2816 volmgrx - ok
21:16:59.0828 2816 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:16:59.0828 2816 volsnap - ok
21:16:59.0844 2816 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:16:59.0844 2816 vsmraid - ok
21:16:59.0891 2816 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
21:16:59.0906 2816 VSS - ok
21:16:59.0937 2816 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
21:16:59.0937 2816 W32Time - ok
21:16:59.0953 2816 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:16:59.0953 2816 WacomPen - ok
21:16:59.0984 2816 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:16:59.0984 2816 Wanarp - ok
21:16:59.0984 2816 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:16:59.0984 2816 Wanarpv6 - ok
21:17:00.0015 2816 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
21:17:00.0015 2816 wanatw - ok
21:17:00.0047 2816 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
21:17:00.0047 2816 wcncsvc - ok
21:17:00.0078 2816 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:17:00.0078 2816 WcsPlugInService - ok
21:17:00.0093 2816 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:17:00.0093 2816 Wd - ok
21:17:00.0140 2816 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:17:00.0140 2816 Wdf01000 - ok
21:17:00.0171 2816 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:17:00.0171 2816 WdiServiceHost - ok
21:17:00.0171 2816 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:17:00.0171 2816 WdiSystemHost - ok
21:17:00.0203 2816 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
21:17:00.0203 2816 WebClient - ok
21:17:00.0234 2816 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
21:17:00.0234 2816 Wecsvc - ok
21:17:00.0265 2816 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:17:00.0265 2816 wercplsupport - ok
21:17:00.0296 2816 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
21:17:00.0296 2816 WerSvc - ok
21:17:00.0327 2816 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
21:17:00.0327 2816 WimFltr - ok
21:17:00.0374 2816 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:17:00.0374 2816 winachsf - ok
21:17:00.0437 2816 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
21:17:00.0437 2816 WinDefend - ok
21:17:00.0437 2816 WinHttpAutoProxySvc - ok
21:17:00.0483 2816 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
21:17:00.0483 2816 Winmgmt - ok
21:17:00.0530 2816 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
21:17:00.0546 2816 WinRM - ok
21:17:00.0577 2816 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
21:17:00.0593 2816 Wlansvc - ok
21:17:00.0624 2816 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
21:17:00.0624 2816 WmiAcpi - ok
21:17:00.0655 2816 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
21:17:00.0655 2816 wmiApSrv - ok
21:17:00.0717 2816 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:17:00.0717 2816 WMPNetworkSvc - ok
21:17:00.0733 2816 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
21:17:00.0733 2816 WPCSvc - ok
21:17:00.0764 2816 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
21:17:00.0764 2816 WPDBusEnum - ok
21:17:00.0795 2816 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:17:00.0795 2816 WpdUsb - ok
21:17:00.0889 2816 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:17:00.0889 2816 WPFFontCache_v0400 - ok
21:17:00.0920 2816 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:17:00.0920 2816 ws2ifsl - ok
21:17:00.0951 2816 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
21:17:00.0951 2816 wscsvc - ok
21:17:00.0967 2816 WSearch - ok
21:17:01.0029 2816 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
21:17:01.0029 2816 wuauserv - ok
21:17:01.0061 2816 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:17:01.0061 2816 WUDFRd - ok
21:17:01.0092 2816 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:17:01.0092 2816 wudfsvc - ok
21:17:01.0107 2816 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
21:17:01.0107 2816 XAudio - ok
21:17:01.0139 2816 XAudioService (96db5621857e1fddd1aa60733748bf17) C:\Windows\system32\DRIVERS\xaudio.exe
21:17:01.0139 2816 XAudioService - ok
21:17:01.0154 2816 MBR (0x1B8) (49f762a4b50ce0d32f1fdbab7ef9b96a) \Device\Harddisk0\DR0
21:17:01.0201 2816 \Device\Harddisk0\DR0 - ok
21:17:01.0201 2816 MBR (0x1B8) (0792f22bcc85cfd3b28324561fffcabb) \Device\Harddisk1\DR1
21:17:03.0822 2816 \Device\Harddisk1\DR1 - ok
21:17:03.0822 2816 Boot (0x1200) (10ff9c14cd7c653f910b683224932980) \Device\Harddisk0\DR0\Partition0
21:17:03.0822 2816 \Device\Harddisk0\DR0\Partition0 - ok
21:17:03.0822 2816 Boot (0x1200) (c1dc6e02b93052c89b63df3fa485b757) \Device\Harddisk0\DR0\Partition1
21:17:03.0822 2816 \Device\Harddisk0\DR0\Partition1 - ok
21:17:03.0853 2816 Boot (0x1200) (be874b919c17bd6da2c09a168ca44d65) \Device\Harddisk0\DR0\Partition2
21:17:03.0853 2816 \Device\Harddisk0\DR0\Partition2 - ok
21:17:03.0853 2816 Boot (0x1200) (e9010f6a5605b62023a4561cc4aa7a68) \Device\Harddisk1\DR1\Partition0
21:17:03.0853 2816 \Device\Harddisk1\DR1\Partition0 - ok
21:17:03.0853 2816 ============================================================
21:17:03.0853 2816 Scan finished
21:17:03.0853 2816 ============================================================
21:17:03.0869 2220 Detected object count: 0
21:17:03.0869 2220 Actual detected object count: 0

Broni · Apr 13, 2012

I don't see any rootkit activity.
Unless you have PC Tools logs, which will indicate some rootkit location I still insist your computer is clean.

Solved The virus revealed itself

Posts: 68 +0

Posts: 56,041 +516

Posts: 68 +0

Posts: 56,041 +516

Posts: 68 +0

Posts: 68 +0

Posts: 56,041 +516

Posts: 68 +0

Posts: 68 +0

Posts: 56,041 +516

Posts: 68 +0

Posts: 56,041 +516

Posts: 68 +0

Posts: 68 +0

Posts: 56,041 +516

Posts: 68 +0

Posts: 56,041 +516

Posts: 68 +0

Posts: 68 +0

Posts: 68 +0

Posts: 68 +0

Posts: 56,041 +516

Posts: 68 +0

Posts: 68 +0

Posts: 56,041 +516

Similar threads