PDA

View Full Version : RootAlyzer found some invisible keys



ciglioverde
2012-10-24, 18:14
here's a link to my first post ..

http://forums.spybot.info/showthread.php?p=432474#post432474

Here's the DDS log ..

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by JVizoso at 15:49:06 on 2012-10-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1410 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
N:\Program Files\SASCORE.EXE
F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
H:\Program Files\iRacing\iRacingService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
F:\Program Files\IObit\Game Booster 3\gbtray.exe
F:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - f:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Six Engine] "c:\program files\asus\six engine\SixEngine.exe" -r
mRun: [DiskeeperSystray] "f:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [DAEMON Tools-1033] "l:\program files\d-tools\daemon.exe" -lang 1033
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278938489859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4610591C-7190-44DF-B5D8-39628228BC1E} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - n:\program files\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jvizoso\application data\mozilla\firefox\profiles\nqrfh3ir.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://members.iracing.com/membersite/login.jsp
FF - component: f:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\jvizoso\application data\mozilla\firefox\profiles\nqrfh3ir.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: f:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: f:\program files\adobe\reader 10.0\reader\browser\nppdf32.dll
FF - plugin: f:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: f:\program files\real alternative\browser\plugins\nppl3260.dll
FF - plugin: f:\program files\real alternative\browser\plugins\nprpjplug.dll
FF - plugin: f:\program files\videolan\vlc\npvlc.dll
FF - ExtSQL: !HIDDEN! 2010-07-13 11:47; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2011-2-22 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2011-2-22 5248]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 193552]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2010-7-12 150568]
R1 SASDIFSV;SASDIFSV;n:\program files\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;n:\program files\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;n:\program files\SASCORE.EXE [2011-8-12 116608]
R2 iRacingService;iRacing.com Helper Service;h:\program files\iracing\iRacingService.exe [2010-7-12 521896]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-12 10448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;f:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-1 250808]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 115168]
S3 WinRing0_1_2_0;WinRing0_1_2_0;f:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-5-12 14416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-24 07:09:38 6918632 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{976ff948-428a-42bd-98d1-8a2fafe24e1c}\mpengine.dll
2012-10-22 22:25:01 6918632 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-17 05:01:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-01 03:59:06 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
.
==================== Find3M ====================
.
2012-10-11 01:20:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-11 01:20:28 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-19 13:23:27 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-19 13:23:27 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-02 09:11:53 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-02 09:11:53 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 21:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-15 16:29:09 9826504 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 12:43:00 27648 --sh--w- c:\windows\system32\Smab0.dll
.
============= FINISH: 15:49:31.26 ===============

Here's the aswMBR log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-24 15:51:12
-----------------------------
15:51:12.796 OS Version: Windows 5.1.2600 Service Pack 3
15:51:12.796 Number of processors: 2 586 0xF0B
15:51:12.796 ComputerName: INTEL-JV UserName: JVizoso
15:51:13.062 Initialize success
15:52:23.828 AVAST engine defs: 12102400
15:52:37.078 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:52:37.078 Disk 0 Vendor: WDC_WD1200AAJS-00VTA0 01.01B01 Size: 114473MB BusType: 3
15:52:37.078 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\mv61xx1Port4Path0Target0Lun0
15:52:37.078 Disk 1 Vendor: Maxtor_6 Size: 78167MB BusType: 1
15:52:37.078 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\mv61xx1Port4Path0Target1Lun0
15:52:37.078 Disk 2 Vendor: Maxtor_6 Size: 78167MB BusType: 1
15:52:37.093 Disk 1 MBR read successfully
15:52:37.093 Disk 1 MBR scan
15:52:37.140 Disk 1 Windows XP default MBR code
15:52:37.140 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 19445 MB offset 63
15:52:37.140 Disk 1 Partition - 00 0F Extended LBA 58706 MB offset 39825135
15:52:37.156 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 14001 MB offset 39825198
15:52:37.171 Disk 1 Partition - 00 05 Extended 22701 MB offset 68501160
15:52:37.187 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 22701 MB offset 68501223
15:52:37.203 Disk 1 Partition - 00 05 Extended 22003 MB offset 143669295
15:52:37.218 Disk 1 Partition 4 00 07 HPFS/NTFS NTFS 22003 MB offset 114993333
15:52:37.218 Disk 1 scanning sectors +160055595
15:52:37.296 Disk 1 scanning C:\WINDOWS\system32\drivers
15:52:52.125 Service scanning
15:53:05.187 Service MpKslf632823d C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{976FF948-428A-42BD-98D1-8A2FAFE24E1C}\MpKslf632823d.sys **LOCKED** 32
15:53:17.968 Modules scanning
15:53:23.015 Disk 1 trace - called modules:
15:53:23.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll >>UNKNOWN [0x8a61d918]<<
15:53:23.031 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a676030]
15:53:23.046 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Scsi\mv61xx1Port4Path0Target0Lun0[0x8a707a38]
15:53:23.156 AVAST engine scan C:\WINDOWS
15:53:37.984 AVAST engine scan C:\WINDOWS\system32
15:56:32.609 AVAST engine scan C:\WINDOWS\system32\drivers
15:56:48.203 AVAST engine scan C:\Documents and Settings\JVizoso
15:59:05.937 AVAST engine scan C:\Documents and Settings\All Users
15:59:38.593 Scan finished successfully
15:59:46.812 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\JVizoso\Desktop\MBR.dat"
15:59:46.812 The log file has been saved successfully to "C:\Documents and Settings\JVizoso\Desktop\aswMBR.txt"


Hope I did this OK ...

Blade81
2012-10-30, 11:55
Hi,

Please post fresh dds logs.

ciglioverde
2012-10-30, 14:22
Hello Blade .. here's the fresh logs


DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by JVizoso at 12:14:35 on 2012-10-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1072 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
N:\Program Files\SASCORE.EXE
F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
H:\Program Files\iRacing\iRacingService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
F:\Program Files\IObit\Game Booster 3\gbtray.exe
G:\Program Files\Steam\steam.exe
F:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - f:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Six Engine] "c:\program files\asus\six engine\SixEngine.exe" -r
mRun: [DiskeeperSystray] "f:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [DAEMON Tools-1033] "l:\program files\d-tools\daemon.exe" -lang 1033
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278938489859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4610591C-7190-44DF-B5D8-39628228BC1E} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - n:\program files\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jvizoso\application data\mozilla\firefox\profiles\nqrfh3ir.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://members.iracing.com/membersite/login.jsp
FF - component: f:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\jvizoso\application data\mozilla\firefox\profiles\nqrfh3ir.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: f:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: f:\program files\adobe\reader 10.0\reader\browser\nppdf32.dll
FF - plugin: f:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: f:\program files\real alternative\browser\plugins\nppl3260.dll
FF - plugin: f:\program files\real alternative\browser\plugins\nprpjplug.dll
FF - plugin: f:\program files\videolan\vlc\npvlc.dll
FF - ExtSQL: !HIDDEN! 2010-07-13 11:47; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2011-2-22 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2011-2-22 5248]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 193552]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2010-7-12 150568]
R1 SASDIFSV;SASDIFSV;n:\program files\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;n:\program files\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;n:\program files\SASCORE.EXE [2011-8-11 116608]
R2 iRacingService;iRacing.com Helper Service;h:\program files\iracing\iRacingService.exe [2010-7-12 521896]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-12 10448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;f:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-1 250808]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 115168]
S3 WinRing0_1_2_0;WinRing0_1_2_0;f:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-5-12 14416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-30 08:45:22 6918632 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f920ed97-1da2-48ef-8161-d39cf2e04306}\mpengine.dll
2012-10-28 10:25:25 6918632 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-17 05:01:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-01 03:59:06 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
.
==================== Find3M ====================
.
2012-10-11 01:20:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-11 01:20:28 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-19 13:23:27 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-19 13:23:27 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-02 09:11:53 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-02 09:11:53 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 21:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-15 16:29:09 9826504 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 12:43:00 27648 --sh--w- c:\windows\system32\Smab0.dll
.
============= FINISH: 12:15:11.15 ===============

Blade81
2012-10-30, 15:51
Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

ciglioverde
2012-10-30, 18:54
Here's the combo fix log

ComboFix 12-10-30.03 - JVizoso 30/10/2012 16:41:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1219 [GMT 0:00]
Running from: c:\documents and settings\JVizoso\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\daemon.dll
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\SET74.tmp
c:\windows\system32\SET79.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-30 )))))))))))))))))))))))))))))))
.
.
2012-10-30 12:15 . 2012-10-30 12:15 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F920ED97-1DA2-48EF-8161-D39CF2E04306}\MpKsl8bd6fb9c.sys
2012-10-30 08:45 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F920ED97-1DA2-48EF-8161-D39CF2E04306}\mpengine.dll
2012-10-28 10:25 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-17 05:01 . 2012-09-24 22:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-01 03:59 . 2012-10-15 03:49 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 01:20 . 2012-07-01 21:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-11 01:20 . 2012-07-01 21:30 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-29 18:54 . 2011-12-24 23:35 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-19 13:23 . 2012-09-19 13:23 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-19 13:23 . 2012-09-19 13:23 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-02 09:11 . 2012-06-18 13:18 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-02 09:11 . 2010-07-23 11:42 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 21:03 . 2010-03-25 20:30 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14 . 2002-08-29 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2002-08-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2002-08-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2002-08-29 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2002-08-29 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2002-08-29 01:04 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-15 16:29 . 2012-08-04 10:29 9826504 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 12:43 27648 --sh--w- c:\windows\system32\Smab0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 5958656]
"DiskeeperSystray"="f:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-10-04 163840]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"DAEMON Tools-1033"="l:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 98304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-09-19 296096]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "n:\program files\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RGSC"=m:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
"EasyDVDMon"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Program Files\\Steam\\steamapps\\colliss\\team fortress 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"f:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\team fortress 2 meet the medic\\smp.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\Meet the Pyro TF2\\smp.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\Team Fortress 2 Meet the Sniper\\smp.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\Team Fortress 2 Meet the Heavy\\smp.exe"=
"f:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [22/02/2011 16:18 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [22/02/2011 16:18 5248]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [12/07/2010 12:35 150568]
R1 MpKsl8bd6fb9c;MpKsl8bd6fb9c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F920ED97-1DA2-48EF-8161-D39CF2E04306}\MpKsl8bd6fb9c.sys [30/10/2012 12:15 29904]
R1 SASDIFSV;SASDIFSV;n:\program files\sasdifsv.sys [22/07/2011 16:27 12880]
R1 SASKUTIL;SASKUTIL;n:\program files\SASKUTIL.SYS [12/07/2011 21:55 67664]
R2 !SASCORE;SAS Core Service;n:\program files\SASCORE.EXE [11/08/2011 23:38 116608]
R2 iRacingService;iRacing.com Helper Service;h:\program files\iRacing\iRacingService.exe [12/07/2010 16:59 521896]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [12/08/2010 12:08 10448]
S2 SkypeUpdate;Skype Updater;f:\program files\Skype\Updater\Updater.exe [13/07/2012 12:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [01/07/2012 21:30 250808]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [24/04/2012 18:41 115168]
S3 WinRing0_1_2_0;WinRing0_1_2_0;f:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [12/05/2012 20:06 14416]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL8BD6FB9C
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 01:20]
.
2012-10-30 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-10-09 14:24]
.
2012-10-20 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- f:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-05-12 16:57]
.
2012-10-29 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 16:25]
.
2012-08-27 c:\windows\Tasks\photostageDowngrade.job
- c:\program files\NCH Software\Photostage\photostage.exe [2011-04-17 10:28]
.
2012-09-05 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2011-04-17 10:28]
.
2012-10-22 c:\windows\Tasks\PixillionDowngrade.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2012-08-27 23:34]
.
2012-10-14 c:\windows\Tasks\PixillionReminder.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2012-08-27 23:34]
.
2012-10-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-790525478-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 13:27]
.
2012-10-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-790525478-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 13:27]
.
2012-10-30 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-03-25 17:54]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\JVizoso\Application Data\Mozilla\Firefox\Profiles\nqrfh3ir.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://members.iracing.com/membersite/login.jsp
FF - ExtSQL: !HIDDEN! 2010-07-13 11:47; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-37733666.sys
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-Jimmie Johnson Spotter Pack v6.00 - c:\program files\iRacing\sound\spcc\Jimmie Johnson Spotter Pack v6.00\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-30 16:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-10-30 16:46:50
ComboFix-quarantined-files.txt 2012-10-30 16:46
.
Pre-Run: 3,430,727,680 bytes free
Post-Run: 3,524,403,200 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 6406056FB3A3FCC20C3A480C094ABA9A


Here's the fresh dds log

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by JVizoso at 16:51:43 on 2012-10-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1180 [GMT 0:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
N:\Program Files\SASCORE.EXE
F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
H:\Program Files\iRacing\iRacingService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
F:\Program Files\IObit\Game Booster 3\gbtray.exe
G:\Program Files\Steam\steam.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
F:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - f:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Six Engine] "c:\program files\asus\six engine\SixEngine.exe" -r
mRun: [DiskeeperSystray] "f:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [DAEMON Tools-1033] "l:\program files\d-tools\daemon.exe" -lang 1033
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278938489859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4610591C-7190-44DF-B5D8-39628228BC1E} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - n:\program files\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jvizoso\application data\mozilla\firefox\profiles\nqrfh3ir.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://members.iracing.com/membersite/login.jsp
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\jvizoso\application data\mozilla\firefox\profiles\nqrfh3ir.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: f:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: f:\program files\adobe\reader 10.0\reader\browser\nppdf32.dll
FF - plugin: f:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: f:\program files\real alternative\browser\plugins\nppl3260.dll
FF - plugin: f:\program files\real alternative\browser\plugins\nprpjplug.dll
FF - plugin: f:\program files\videolan\vlc\npvlc.dll
FF - ExtSQL: !HIDDEN! 2010-07-13 11:47; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2011-2-22 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2011-2-22 5248]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 193552]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2010-7-12 150568]
R1 MpKsl8bd6fb9c;MpKsl8bd6fb9c;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f920ed97-1da2-48ef-8161-d39cf2e04306}\MpKsl8bd6fb9c.sys [2012-10-30 29904]
R1 SASDIFSV;SASDIFSV;n:\program files\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;n:\program files\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;n:\program files\SASCORE.EXE [2011-8-11 116608]
R2 iRacingService;iRacing.com Helper Service;h:\program files\iracing\iRacingService.exe [2010-7-12 521896]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-12 10448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;f:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-1 250808]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 115168]
S3 WinRing0_1_2_0;WinRing0_1_2_0;f:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-5-12 14416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-30 16:40:13 -------- d-sha-r- C:\cmdcons
2012-10-30 16:38:50 98816 ----a-w- c:\windows\sed.exe
2012-10-30 16:38:50 256000 ----a-w- c:\windows\PEV.exe
2012-10-30 16:38:50 208896 ----a-w- c:\windows\MBR.exe
2012-10-30 12:15:12 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f920ed97-1da2-48ef-8161-d39cf2e04306}\MpKsl8bd6fb9c.sys
2012-10-30 08:45:22 6918632 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f920ed97-1da2-48ef-8161-d39cf2e04306}\mpengine.dll
2012-10-28 10:25:25 6918632 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-17 05:01:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-01 03:59:06 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
.
==================== Find3M ====================
.
2012-10-11 01:20:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-11 01:20:28 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-19 13:23:27 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-19 13:23:27 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-02 09:11:53 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-02 09:11:53 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 21:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-15 16:29:09 9826504 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 12:43:00 27648 --sh--w- c:\windows\system32\Smab0.dll
.
============= FINISH: 16:51:48.84 ===============

ciglioverde
2012-10-30, 18:56
missed the attach log from dds :-)

Blade81
2012-10-31, 08:10
Hi again,



Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 11.0) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).



* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.


Post back its report and fresh DDS logs.

ciglioverde
2012-10-31, 12:27
Cheers .... I've removed the old Adobe Reader .. and installed foxit ..

But , since my Internet Explorer doesn't open, as I mention in my first post , I'm not sure what to do with the ESET scan ..
Is there a work around if IE is broken?

ciglioverde
2012-10-31, 12:29
Shall I try using the ESET Smart Installer ?

Blade81
2012-10-31, 14:28
Hi,

Try to run ESET scan with Firefox.

ciglioverde
2012-10-31, 17:27
I ran the stand-alone ESET scanner ...
ESET found some stuff ..

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BrothersoftExtremeCT.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\JVizoso\Desktop\cbsidlm-tr1_7-HitmanPro_3_32bit-10895604.exe Win32/DownloadAdmin.D application
I:\Download\easyDVDplayer\FinalMediaPlayer2011Setup.exe a variant of Win32/InstallIQ application
I:\Download\Freefileconverter\freefileconverter2_1422.exe a variant of Win32/InstallIQ application
I:\Download\gameBooster3\gb3-setup.exe a variant of Win32/ELEX application

I found the log for ESET ..

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13b18453f1a64d4b9720bdccc760918f
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-31 03:14:26
# local_time=2012-10-31 03:14:26 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 42 92 16736 5329848 0 0
# compatibility_mode=8192 67108863 100 0 14575 14575 0 0
# scanned=289169
# found=5
# cleaned=0
# scan_time=5991
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BrothersoftExtremeCT.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\JVizoso\Desktop\cbsidlm-tr1_7-HitmanPro_3_32bit-10895604.exe Win32/DownloadAdmin.D application (unable to clean) 00000000000000000000000000000000 I
I:\Download\easyDVDplayer\FinalMediaPlayer2011Setup.exe a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I
I:\Download\Freefileconverter\freefileconverter2_1422.exe a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I
I:\Download\gameBooster3\gb3-setup.exe a variant of Win32/ELEX application (unable to clean) 00000000000000000000000000000000 I

Here's the fresh DDS logs ...

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by JVizoso at 15:20:27 on 2012-10-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1312 [GMT 0:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
N:\Program Files\SASCORE.EXE
F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
H:\Program Files\iRacing\iRacingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - f:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Six Engine] "c:\program files\asus\six engine\SixEngine.exe" -r
mRun: [DiskeeperSystray] "f:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [DAEMON Tools-1033] "l:\program files\d-tools\daemon.exe" -lang 1033
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278938489859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4610591C-7190-44DF-B5D8-39628228BC1E} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - n:\program files\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jvizoso\application data\mozilla\firefox\profiles\nqrfh3ir.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://members.iracing.com/membersite/login.jsp
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\jvizoso\application data\mozilla\firefox\profiles\nqrfh3ir.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: f:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: f:\program files\adobe\reader 10.0\reader\browser\nppdf32.dll
FF - plugin: f:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: f:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: f:\program files\real alternative\browser\plugins\nppl3260.dll
FF - plugin: f:\program files\real alternative\browser\plugins\nprpjplug.dll
FF - plugin: f:\program files\videolan\vlc\npvlc.dll
FF - ExtSQL: !HIDDEN! 2010-07-13 11:47; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2011-2-22 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2011-2-22 5248]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 193552]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2010-7-12 150568]
R1 SASDIFSV;SASDIFSV;n:\program files\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;n:\program files\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;n:\program files\SASCORE.EXE [2011-8-11 116608]
R2 iRacingService;iRacing.com Helper Service;h:\program files\iracing\iRacingService.exe [2010-7-12 521896]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-12 10448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;f:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-1 250808]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 115168]
S3 WinRing0_1_2_0;WinRing0_1_2_0;f:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-5-12 14416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-31 10:31:41 -------- d-----w- c:\program files\ESET
2012-10-31 09:55:40 6918632 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6ac08db7-1e3b-459e-ab81-ebf800721771}\mpengine.dll
2012-10-30 17:09:07 6918632 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-30 16:40:13 -------- d-sha-r- C:\cmdcons
2012-10-30 16:38:50 98816 ----a-w- c:\windows\sed.exe
2012-10-30 16:38:50 256000 ----a-w- c:\windows\PEV.exe
2012-10-30 16:38:50 208896 ----a-w- c:\windows\MBR.exe
2012-10-17 05:01:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2012-10-11 01:20:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-11 01:20:28 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-19 13:23:27 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-19 13:23:27 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-02 09:11:53 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-02 09:11:53 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 21:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-15 16:29:09 9826504 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 12:43:00 27648 --sh--w- c:\windows\system32\Smab0.dll
.
============= FINISH: 15:21:15.03 ===============

Thanks for the help so far .. I await further instructions.. cheers.

Blade81
2012-10-31, 18:10
Hi,

Delete C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BrothersoftExtremeCT.zip file. Other four can be ignored.

What happens when you try to launch Internet Explorer? Any error messages?

ciglioverde
2012-10-31, 18:18
OK .. I've deleted C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BrothersoftExtremeCT.zip file

When I double click to start up IE the little hour glass comes up for about 2 secs and then nothing else happens .. no error messages..

It's been like that since the original trouble with the strathclyde police scareware .. uckily auto updates still work.

thanks again .. good to know the other positives ESET found can be ignored.

Blade81
2012-11-01, 09:24
Hi,

Click Start -> All Programs -> Accessories -> System Tools, and then click Internet Explorer (No Add-ons). Let me know if IE opens.

ciglioverde
2012-11-01, 14:55
No , it doesnt open. It fails silently.

Blade81
2012-11-01, 20:58
Hi,

Open task manager (ctrl+alt+del and select task manager). Try to launch Internet Explorer and see if iexplore.exe process shows up in task manager window.

ciglioverde
2012-11-02, 00:33
Another negative on the Internet explorer front I'm afraid ..

I tried Windows explorer from the Programs/Accessories List and that showed up in the Applications list on task manager just fine..

But Internet explorer without add-ons from the Programs/Accessories/system tools doesnt show up in Task Manager Applications or in Processes as iexplore.exe

When I click it nothing new shows up in processes .. there's a bit of activity in system memory usage in some of the processes on the list but nothing new shows up.

Blade81
2012-11-02, 07:42
If you navigate to c:\program files\Internet Explorer folder and double-click iexplore.exe file there it doesn't launch there either?

ciglioverde
2012-11-02, 11:44
It DOES come up in Task Manager as an Application but no iexplore Process in the Processes list.
When I right-click on the application and select go to process it highlights explorer.exe in the Process list.

But IE still doesn't launch even though it now shows as Internet Explorer status Running on the applications page.

ciglioverde
2012-11-02, 12:09
But it only shows up on the applications page in task manager because it is windows explorer showing up as I have it open to navigate to the internet explorer folder on the c drive so I can double click iexplorer.exe .

For a moment I thought we had something ... but no.

Blade81
2012-11-02, 12:13
Hi,

1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip and click Continue.
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

ciglioverde
2012-11-02, 12:40
Hi :-)

Here's the log .... I've had only one positive with this since September this year .. I'll zip up the logfile from that scan for you .. but here's the current log.

10:29:49.0078 2896 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:29:49.0265 2896 ============================================================
10:29:49.0265 2896 Current date / time: 2012/11/02 10:29:49.0265
10:29:49.0265 2896 SystemInfo:
10:29:49.0265 2896
10:29:49.0265 2896 OS Version: 5.1.2600 ServicePack: 3.0
10:29:49.0265 2896 Product type: Workstation
10:29:49.0265 2896 ComputerName: INTEL-JV
10:29:49.0265 2896 UserName: JVizoso
10:29:49.0265 2896 Windows directory: C:\WINDOWS
10:29:49.0265 2896 System windows directory: C:\WINDOWS
10:29:49.0265 2896 Processor architecture: Intel x86
10:29:49.0265 2896 Number of processors: 2
10:29:49.0265 2896 Page size: 0x1000
10:29:49.0265 2896 Boot type: Normal boot
10:29:49.0265 2896 ============================================================
10:29:51.0671 2896 Drive \Device\Harddisk1\DR1 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
10:29:51.0687 2896 Drive \Device\Harddisk2\DR2 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
10:29:51.0703 2896 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:29:52.0078 2896 Drive \Device\Harddisk3\DR15 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:29:52.0078 2896 Drive \Device\Harddisk3\DR15 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:29:52.0078 2896 ============================================================
10:29:52.0078 2896 \Device\Harddisk1\DR1:
10:29:52.0078 2896 MBR partitions:
10:29:52.0078 2896 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x25FAEB0
10:29:52.0093 2896 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x25FAF2E, BlocksNum 0x1B58F7A
10:29:52.0109 2896 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x4153EE7, BlocksNum 0x2C5698F
10:29:52.0125 2896 \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x6DAA8B5, BlocksNum 0x2AF9876
10:29:52.0125 2896 \Device\Harddisk2\DR2:
10:29:52.0125 2896 MBR partitions:
10:29:52.0125 2896 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1520964
10:29:52.0140 2896 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x15209E2, BlocksNum 0x2D59751
10:29:52.0171 2896 \Device\Harddisk2\DR2\Partition3: MBR, Type 0x7, StartLBA 0x427A172, BlocksNum 0x2A6C552
10:29:52.0187 2896 \Device\Harddisk2\DR2\Partition4: MBR, Type 0x7, StartLBA 0x6CE6703, BlocksNum 0x2BC18E9
10:29:52.0187 2896 \Device\Harddisk0\DR0:
10:29:52.0187 2896 MBR partitions:
10:29:52.0187 2896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x37E3E01
10:29:52.0187 2896 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37E3E40, BlocksNum 0x37E3E40
10:29:52.0187 2896 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6FC7C80, BlocksNum 0x37E3E40
10:29:52.0187 2896 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xA7ABAC0, BlocksNum 0x37E7D01
10:29:52.0187 2896 \Device\Harddisk3\DR15:
10:29:52.0187 2896 MBR partitions:
10:29:52.0187 2896 \Device\Harddisk3\DR15\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x12A18A82
10:29:52.0187 2896 \Device\Harddisk3\DR15:
10:29:52.0187 2896 MBR partitions:
10:29:52.0187 2896 \Device\Harddisk3\DR15\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x12A18A82
10:29:52.0187 2896 ============================================================
10:29:52.0218 2896 D: <-> \Device\Harddisk2\DR2\Partition1
10:29:52.0234 2896 E: <-> \Device\Harddisk0\DR0\Partition1
10:29:52.0281 2896 F: <-> \Device\Harddisk1\DR1\Partition2
10:29:52.0328 2896 G: <-> \Device\Harddisk1\DR1\Partition3
10:29:52.0421 2896 H: <-> \Device\Harddisk1\DR1\Partition4
10:29:52.0437 2896 I: <-> \Device\Harddisk2\DR2\Partition2
10:29:52.0453 2896 J: <-> \Device\Harddisk2\DR2\Partition3
10:29:52.0484 2896 K: <-> \Device\Harddisk2\DR2\Partition4
10:29:52.0531 2896 L: <-> \Device\Harddisk0\DR0\Partition2
10:29:52.0546 2896 M: <-> \Device\Harddisk0\DR0\Partition3
10:29:52.0578 2896 N: <-> \Device\Harddisk0\DR0\Partition4
10:29:52.0609 2896 C: <-> \Device\Harddisk1\DR1\Partition1
10:29:52.0625 2896 R: <-> \Device\Harddisk3\DR15\Partition1
10:29:52.0625 2896 ============================================================
10:29:52.0625 2896 Initialize success
10:29:52.0625 2896 ============================================================
10:30:55.0671 3808 ============================================================
10:30:55.0671 3808 Scan started
10:30:55.0671 3808 Mode: Manual;
10:30:55.0671 3808 ============================================================
10:30:56.0437 3808 ================ Scan system memory ========================
10:30:56.0437 3808 System memory - ok
10:30:56.0437 3808 ================ Scan services =============================
10:30:56.0468 3808 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE N:\Program Files\SASCORE.EXE
10:30:56.0640 3808 !SASCORE - ok
10:30:56.0750 3808 Abiosdsk - ok
10:30:56.0750 3808 abp480n5 - ok
10:30:56.0781 3808 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:30:56.0781 3808 ACPI - ok
10:30:56.0812 3808 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:30:56.0812 3808 ACPIEC - ok
10:30:56.0875 3808 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:30:56.0875 3808 AdobeFlashPlayerUpdateSvc - ok
10:30:56.0875 3808 adpu160m - ok
10:30:56.0906 3808 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:30:56.0906 3808 aec - ok
10:30:56.0953 3808 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:30:56.0953 3808 AFD - ok
10:30:56.0953 3808 Aha154x - ok
10:30:56.0953 3808 aic78u2 - ok
10:30:56.0953 3808 aic78xx - ok
10:30:56.0984 3808 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:30:56.0984 3808 Alerter - ok
10:30:57.0000 3808 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
10:30:57.0000 3808 ALG - ok
10:30:57.0015 3808 AliIde - ok
10:30:57.0015 3808 amsint - ok
10:30:57.0031 3808 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:30:57.0046 3808 AppMgmt - ok
10:30:57.0062 3808 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:30:57.0062 3808 Arp1394 - ok
10:30:57.0062 3808 asc - ok
10:30:57.0062 3808 asc3350p - ok
10:30:57.0062 3808 asc3550 - ok
10:30:57.0093 3808 [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys
10:30:57.0093 3808 AsIO - ok
10:30:57.0171 3808 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:30:57.0187 3808 aspnet_state - ok
10:30:57.0203 3808 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:30:57.0203 3808 AsyncMac - ok
10:30:57.0218 3808 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:30:57.0218 3808 atapi - ok
10:30:57.0218 3808 Atdisk - ok
10:30:57.0265 3808 [ 192A651DF943EE391DFD2E4A123F07F6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
10:30:57.0281 3808 Ati HotKey Poller - ok
10:30:57.0484 3808 [ 0A8B257DB810BE78AC9FD1860B4BA22B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:30:57.0515 3808 ati2mtag - ok
10:30:57.0546 3808 [ DC6957811FF95F2DD3004361B20D8D3F ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
10:30:57.0546 3808 AtiHdmiService - ok
10:30:57.0562 3808 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:30:57.0562 3808 Atmarpc - ok
10:30:57.0578 3808 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:30:57.0578 3808 AudioSrv - ok
10:30:57.0609 3808 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:30:57.0609 3808 audstub - ok
10:30:57.0625 3808 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:30:57.0625 3808 Beep - ok
10:30:57.0656 3808 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
10:30:57.0671 3808 BITS - ok
10:30:57.0687 3808 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
10:30:57.0703 3808 Browser - ok
10:30:57.0781 3808 catchme - ok
10:30:57.0812 3808 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:30:57.0812 3808 cbidf2k - ok
10:30:57.0812 3808 cd20xrnt - ok
10:30:57.0812 3808 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:30:57.0812 3808 Cdaudio - ok
10:30:57.0843 3808 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:30:57.0843 3808 Cdfs - ok
10:30:57.0859 3808 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:30:57.0859 3808 Cdrom - ok
10:30:57.0859 3808 Changer - ok
10:30:57.0890 3808 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:30:57.0890 3808 CiSvc - ok
10:30:57.0890 3808 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:30:57.0890 3808 ClipSrv - ok
10:30:57.0921 3808 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:30:57.0953 3808 clr_optimization_v2.0.50727_32 - ok
10:30:57.0984 3808 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:30:58.0046 3808 clr_optimization_v4.0.30319_32 - ok
10:30:58.0046 3808 CmdIde - ok
10:30:58.0046 3808 COMSysApp - ok
10:30:58.0062 3808 Cpqarray - ok
10:30:58.0078 3808 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:30:58.0093 3808 CryptSvc - ok
10:30:58.0109 3808 [ 5776322F93CDB91086111F5FFBFDA2A0 ] d347bus C:\WINDOWS\system32\DRIVERS\d347bus.sys
10:30:58.0125 3808 d347bus - ok
10:30:58.0125 3808 [ B49F79ACE459763F4E0380071BE9CB45 ] d347prt C:\WINDOWS\system32\Drivers\d347prt.sys
10:30:58.0125 3808 d347prt - ok
10:30:58.0125 3808 dac2w2k - ok
10:30:58.0125 3808 dac960nt - ok
10:30:58.0171 3808 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:30:58.0187 3808 DcomLaunch - ok
10:30:58.0203 3808 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:30:58.0203 3808 Dhcp - ok
10:30:58.0218 3808 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:30:58.0218 3808 Disk - ok
10:30:58.0296 3808 [ 26E09498268C88BD6A7C791EBC71DBE5 ] Diskeeper F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
10:30:58.0406 3808 Diskeeper - ok
10:30:58.0406 3808 dmadmin - ok
10:30:58.0437 3808 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:30:58.0468 3808 dmboot - ok
10:30:58.0500 3808 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:30:58.0500 3808 dmio - ok
10:30:58.0531 3808 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:30:58.0531 3808 dmload - ok
10:30:58.0546 3808 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:30:58.0546 3808 dmserver - ok
10:30:58.0562 3808 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:30:58.0562 3808 DMusic - ok
10:30:58.0578 3808 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:30:58.0593 3808 Dnscache - ok
10:30:58.0609 3808 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:30:58.0609 3808 Dot3svc - ok
10:30:58.0609 3808 dpti2o - ok
10:30:58.0625 3808 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:30:58.0625 3808 drmkaud - ok
10:30:58.0656 3808 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:30:58.0656 3808 EapHost - ok
10:30:58.0671 3808 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:30:58.0671 3808 ERSvc - ok
10:30:58.0703 3808 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
10:30:58.0703 3808 Eventlog - ok
10:30:58.0734 3808 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
10:30:58.0734 3808 EventSystem - ok
10:30:58.0781 3808 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:30:58.0781 3808 Fastfat - ok
10:30:58.0812 3808 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:30:58.0812 3808 FastUserSwitchingCompatibility - ok
10:30:58.0812 3808 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
10:30:58.0812 3808 Fdc - ok
10:30:58.0828 3808 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:30:58.0828 3808 Fips - ok
10:30:58.0843 3808 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:30:58.0843 3808 Flpydisk - ok
10:30:58.0875 3808 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
10:30:58.0890 3808 FltMgr - ok
10:30:58.0937 3808 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:30:58.0937 3808 FontCache3.0.0.0 - ok
10:30:58.0953 3808 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:30:58.0953 3808 Fs_Rec - ok
10:30:58.0953 3808 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:30:58.0953 3808 Ftdisk - ok
10:30:58.0984 3808 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:30:58.0984 3808 Gpc - ok
10:30:59.0015 3808 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:30:59.0031 3808 HDAudBus - ok
10:30:59.0093 3808 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:30:59.0093 3808 helpsvc - ok
10:30:59.0109 3808 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
10:30:59.0109 3808 HidServ - ok
10:30:59.0140 3808 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:30:59.0140 3808 hidusb - ok
10:30:59.0171 3808 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:30:59.0171 3808 hkmsvc - ok
10:30:59.0171 3808 hpn - ok
10:30:59.0203 3808 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:30:59.0203 3808 HTTP - ok
10:30:59.0218 3808 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:30:59.0218 3808 HTTPFilter - ok
10:30:59.0218 3808 i2omgmt - ok
10:30:59.0218 3808 i2omp - ok
10:30:59.0250 3808 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:30:59.0250 3808 i8042prt - ok
10:30:59.0296 3808 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:30:59.0328 3808 idsvc - ok
10:30:59.0343 3808 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:30:59.0343 3808 Imapi - ok
10:30:59.0375 3808 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:30:59.0375 3808 ImapiService - ok
10:30:59.0375 3808 ini910u - ok
10:30:59.0515 3808 [ 1824C4894AA438CD06C976E44B9E7353 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:30:59.0531 3808 IntcAzAudAddService - ok
10:30:59.0546 3808 IntelIde - ok
10:30:59.0562 3808 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:30:59.0562 3808 intelppm - ok
10:30:59.0578 3808 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
10:30:59.0578 3808 ip6fw - ok
10:30:59.0609 3808 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:30:59.0609 3808 IpFilterDriver - ok
10:30:59.0609 3808 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:30:59.0625 3808 IpInIp - ok
10:30:59.0640 3808 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:30:59.0640 3808 IpNat - ok
10:30:59.0656 3808 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:30:59.0656 3808 IPSec - ok
10:30:59.0734 3808 [ A246E490DA3FBAC524848F4B95AB1713 ] iRacingService H:\Program Files\iRacing\iRacingService.exe
10:30:59.0750 3808 iRacingService - ok
10:30:59.0765 3808 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:30:59.0765 3808 IRENUM - ok
10:30:59.0781 3808 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:30:59.0781 3808 isapnp - ok
10:30:59.0875 3808 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
10:30:59.0875 3808 JavaQuickStarterService - ok
10:30:59.0921 3808 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:30:59.0921 3808 Kbdclass - ok
10:30:59.0937 3808 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:30:59.0937 3808 kbdhid - ok
10:30:59.0953 3808 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:30:59.0953 3808 kmixer - ok
10:30:59.0984 3808 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:30:59.0984 3808 KSecDD - ok
10:31:00.0000 3808 [ B3A21F963BF315A29E1D5EB376A51078 ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
10:31:00.0000 3808 L1e - ok
10:31:00.0031 3808 [ 151D8C22A57025D0619D9ED452A4F1FF ] L8042Kbd C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
10:31:00.0031 3808 L8042Kbd - ok
10:31:00.0062 3808 [ 732AFC2D2643916CFA135130D2ADBC20 ] L8042mou C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
10:31:00.0062 3808 L8042mou - ok
10:31:00.0093 3808 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:31:00.0093 3808 lanmanserver - ok
10:31:00.0125 3808 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:31:00.0125 3808 lanmanworkstation - ok
10:31:00.0156 3808 [ CA63FE81705AD660E482BEF210BF2C73 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
10:31:00.0156 3808 LBeepKE - ok
10:31:00.0156 3808 lbrtfdc - ok
10:31:00.0218 3808 [ AB097D0F93B30A6D79D430422AC6A7E8 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
10:31:00.0218 3808 LBTServ - ok
10:31:00.0250 3808 [ B68309F25C5787385DA842EB5B496958 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
10:31:00.0250 3808 LHidFilt - ok
10:31:00.0281 3808 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:31:00.0281 3808 LmHosts - ok
10:31:00.0296 3808 [ 63D3B1D3CD267FCC186A0146B80D453B ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
10:31:00.0296 3808 LMouFilt - ok
10:31:00.0328 3808 [ 46F0396649101C27968089D127395980 ] LMouKE C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
10:31:00.0328 3808 LMouKE - ok
10:31:00.0359 3808 [ 0C62957912D4DF1E4BA9795E6BE3ED38 ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
10:31:00.0359 3808 LUsbFilt - ok
10:31:00.0390 3808 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:31:00.0390 3808 Messenger - ok
10:31:00.0406 3808 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:31:00.0406 3808 mnmdd - ok
10:31:00.0437 3808 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
10:31:00.0437 3808 mnmsrvc - ok
10:31:00.0453 3808 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:31:00.0453 3808 Modem - ok
10:31:00.0468 3808 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:31:00.0468 3808 Mouclass - ok
10:31:00.0500 3808 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:31:00.0500 3808 mouhid - ok
10:31:00.0500 3808 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:31:00.0515 3808 MountMgr - ok
10:31:00.0562 3808 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:31:00.0609 3808 MozillaMaintenance - ok
10:31:00.0640 3808 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
10:31:00.0640 3808 MpFilter - ok
10:31:00.0750 3808 [ A69630D039C38018689190234F866D77 ] MpKslea19fc45 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7B07EA62-B213-4598-B389-071F0885FC3E}\MpKslea19fc45.sys
10:31:00.0750 3808 MpKslea19fc45 - ok
10:31:00.0750 3808 mraid35x - ok
10:31:00.0765 3808 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:31:00.0765 3808 MRxDAV - ok
10:31:00.0812 3808 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:31:00.0828 3808 MRxSmb - ok
10:31:00.0859 3808 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
10:31:00.0859 3808 MSDTC - ok
10:31:00.0875 3808 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:31:00.0875 3808 Msfs - ok
10:31:00.0875 3808 MSIServer - ok
10:31:00.0890 3808 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:31:00.0890 3808 MSKSSRV - ok
10:31:00.0937 3808 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
10:31:00.0937 3808 MsMpSvc - ok
10:31:00.0937 3808 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:31:00.0937 3808 MSPCLOCK - ok
10:31:00.0953 3808 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:31:00.0953 3808 MSPQM - ok
10:31:00.0984 3808 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:31:00.0984 3808 mssmbios - ok
10:31:01.0000 3808 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
10:31:01.0000 3808 MTsensor - ok
10:31:01.0031 3808 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:31:01.0031 3808 Mup - ok
10:31:01.0046 3808 [ E6F48050AF7548E4BF775F0D83873794 ] mv61xx C:\WINDOWS\system32\DRIVERS\mv61xx.sys
10:31:01.0046 3808 mv61xx - ok
10:31:01.0093 3808 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
10:31:01.0093 3808 napagent - ok
10:31:01.0125 3808 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:31:01.0125 3808 NDIS - ok
10:31:01.0156 3808 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:31:01.0156 3808 NdisTapi - ok
10:31:01.0156 3808 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:31:01.0156 3808 Ndisuio - ok
10:31:01.0187 3808 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:31:01.0187 3808 NdisWan - ok
10:31:01.0203 3808 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:31:01.0203 3808 NDProxy - ok
10:31:01.0234 3808 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:31:01.0234 3808 NetBIOS - ok
10:31:01.0234 3808 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:31:01.0234 3808 NetBT - ok
10:31:01.0265 3808 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
10:31:01.0265 3808 NetDDE - ok
10:31:01.0265 3808 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:31:01.0265 3808 NetDDEdsdm - ok
10:31:01.0296 3808 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:31:01.0296 3808 Netlogon - ok
10:31:01.0312 3808 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
10:31:01.0312 3808 Netman - ok
10:31:01.0343 3808 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:31:01.0359 3808 NetTcpPortSharing - ok
10:31:01.0390 3808 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:31:01.0390 3808 NIC1394 - ok
10:31:01.0421 3808 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
10:31:01.0421 3808 Nla - ok
10:31:01.0437 3808 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:31:01.0437 3808 Npfs - ok
10:31:01.0453 3808 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:31:01.0500 3808 Ntfs - ok
10:31:01.0500 3808 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
10:31:01.0500 3808 NtLmSsp - ok
10:31:01.0531 3808 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:31:01.0578 3808 NtmsSvc - ok
10:31:01.0578 3808 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:31:01.0578 3808 Null - ok
10:31:01.0609 3808 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:31:01.0609 3808 NwlnkFlt - ok
10:31:01.0625 3808 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:31:01.0625 3808 NwlnkFwd - ok
10:31:01.0656 3808 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:31:01.0656 3808 ohci1394 - ok
10:31:01.0671 3808 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
10:31:01.0671 3808 Parport - ok
10:31:01.0671 3808 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:31:01.0671 3808 PartMgr - ok
10:31:01.0703 3808 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:31:01.0703 3808 ParVdm - ok
10:31:01.0718 3808 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:31:01.0734 3808 PCI - ok
10:31:01.0734 3808 PCIDump - ok
10:31:01.0750 3808 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:31:01.0750 3808 PCIIde - ok
10:31:01.0781 3808 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:31:01.0781 3808 Pcmcia - ok
10:31:01.0781 3808 PDCOMP - ok
10:31:01.0781 3808 PDFRAME - ok
10:31:01.0781 3808 PDRELI - ok
10:31:01.0781 3808 PDRFRAME - ok
10:31:01.0796 3808 perc2 - ok
10:31:01.0796 3808 perc2hib - ok
10:31:01.0812 3808 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
10:31:01.0812 3808 PlugPlay - ok
10:31:01.0828 3808 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:31:01.0828 3808 PolicyAgent - ok
10:31:01.0843 3808 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:31:01.0843 3808 PptpMiniport - ok
10:31:01.0859 3808 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
10:31:01.0859 3808 Processor - ok
10:31:01.0859 3808 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:31:01.0859 3808 ProtectedStorage - ok
10:31:01.0890 3808 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:31:01.0890 3808 PSched - ok
10:31:01.0921 3808 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:31:01.0921 3808 Ptilink - ok
10:31:01.0921 3808 ql1080 - ok
10:31:01.0937 3808 Ql10wnt - ok
10:31:01.0937 3808 ql12160 - ok
10:31:01.0937 3808 ql1240 - ok
10:31:01.0937 3808 ql1280 - ok
10:31:01.0937 3808 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:31:01.0937 3808 RasAcd - ok
10:31:01.0968 3808 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:31:01.0968 3808 RasAuto - ok
10:31:02.0000 3808 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:31:02.0000 3808 Rasl2tp - ok
10:31:02.0046 3808 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:31:02.0046 3808 RasMan - ok
10:31:02.0062 3808 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:31:02.0062 3808 RasPppoe - ok
10:31:02.0062 3808 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:31:02.0078 3808 Raspti - ok
10:31:02.0078 3808 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:31:02.0078 3808 Rdbss - ok
10:31:02.0093 3808 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:31:02.0093 3808 RDPCDD - ok
10:31:02.0109 3808 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:31:02.0109 3808 rdpdr - ok
10:31:02.0140 3808 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:31:02.0140 3808 RDPWD - ok
10:31:02.0171 3808 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:31:02.0171 3808 RDSessMgr - ok
10:31:02.0187 3808 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:31:02.0187 3808 redbook - ok
10:31:02.0203 3808 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:31:02.0203 3808 RemoteAccess - ok
10:31:02.0234 3808 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
10:31:02.0234 3808 RemoteRegistry - ok
10:31:02.0250 3808 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
10:31:02.0250 3808 RpcLocator - ok
10:31:02.0281 3808 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
10:31:02.0281 3808 RpcSs - ok
10:31:02.0312 3808 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
10:31:02.0312 3808 RSVP - ok
10:31:02.0328 3808 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
10:31:02.0328 3808 SamSs - ok
10:31:02.0359 3808 [ 39763504067962108505BFF25F024345 ] SASDIFSV N:\Program Files\SASDIFSV.SYS
10:31:02.0421 3808 SASDIFSV - ok
10:31:02.0453 3808 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL N:\Program Files\SASKUTIL.SYS
10:31:02.0484 3808 SASKUTIL - ok
10:31:02.0515 3808 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:31:02.0515 3808 SCardSvr - ok
10:31:02.0546 3808 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:31:02.0546 3808 Schedule - ok
10:31:02.0562 3808 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:31:02.0562 3808 Secdrv - ok
10:31:02.0578 3808 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
10:31:02.0578 3808 seclogon - ok
10:31:02.0593 3808 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
10:31:02.0593 3808 SENS - ok
10:31:02.0609 3808 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
10:31:02.0609 3808 serenum - ok
10:31:02.0609 3808 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
10:31:02.0609 3808 Serial - ok
10:31:02.0640 3808 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:31:02.0640 3808 Sfloppy - ok
10:31:02.0656 3808 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:31:02.0671 3808 SharedAccess - ok
10:31:02.0687 3808 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:31:02.0687 3808 ShellHWDetection - ok
10:31:02.0687 3808 Simbad - ok
10:31:02.0750 3808 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate F:\Program Files\Skype\Updater\Updater.exe
10:31:02.0875 3808 SkypeUpdate - ok
10:31:02.0890 3808 Sparrow - ok
10:31:02.0890 3808 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:31:02.0906 3808 splitter - ok
10:31:02.0921 3808 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:31:02.0921 3808 Spooler - ok
10:31:02.0921 3808 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:31:02.0937 3808 sr - ok
10:31:02.0953 3808 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
10:31:02.0968 3808 srservice - ok
10:31:03.0000 3808 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:31:03.0015 3808 Srv - ok
10:31:03.0031 3808 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:31:03.0031 3808 SSDPSRV - ok
10:31:03.0062 3808 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:31:03.0078 3808 stisvc - ok
10:31:03.0109 3808 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:31:03.0109 3808 swenum - ok
10:31:03.0125 3808 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:31:03.0125 3808 swmidi - ok
10:31:03.0125 3808 SwPrv - ok
10:31:03.0125 3808 symc810 - ok
10:31:03.0125 3808 symc8xx - ok
10:31:03.0125 3808 sym_hi - ok
10:31:03.0125 3808 sym_u3 - ok
10:31:03.0140 3808 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:31:03.0140 3808 sysaudio - ok
10:31:03.0171 3808 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:31:03.0171 3808 SysmonLog - ok
10:31:03.0203 3808 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:31:03.0203 3808 TapiSrv - ok
10:31:03.0234 3808 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:31:03.0234 3808 Tcpip - ok
10:31:03.0265 3808 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:31:03.0265 3808 TDPIPE - ok
10:31:03.0281 3808 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:31:03.0281 3808 TDTCP - ok
10:31:03.0296 3808 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:31:03.0296 3808 TermDD - ok
10:31:03.0343 3808 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
10:31:03.0343 3808 TermService - ok
10:31:03.0359 3808 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
10:31:03.0359 3808 Themes - ok
10:31:03.0375 3808 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
10:31:03.0375 3808 TlntSvr - ok
10:31:03.0375 3808 TosIde - ok
10:31:03.0406 3808 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:31:03.0406 3808 TrkWks - ok
10:31:03.0437 3808 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:31:03.0437 3808 Udfs - ok
10:31:03.0437 3808 ultra - ok
10:31:03.0484 3808 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:31:03.0500 3808 Update - ok
10:31:03.0531 3808 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:31:03.0531 3808 upnphost - ok
10:31:03.0562 3808 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
10:31:03.0562 3808 UPS - ok
10:31:03.0578 3808 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
10:31:03.0578 3808 usbaudio - ok
10:31:03.0593 3808 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:31:03.0593 3808 usbccgp - ok
10:31:03.0609 3808 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:31:03.0609 3808 usbehci - ok
10:31:03.0609 3808 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:31:03.0609 3808 usbhub - ok
10:31:03.0640 3808 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:31:03.0640 3808 USBSTOR - ok
10:31:03.0671 3808 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:31:03.0671 3808 usbuhci - ok
10:31:03.0671 3808 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:31:03.0671 3808 VgaSave - ok
10:31:03.0687 3808 ViaIde - ok
10:31:03.0687 3808 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:31:03.0687 3808 VolSnap - ok
10:31:03.0718 3808 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
10:31:03.0734 3808 VSS - ok
10:31:03.0765 3808 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
10:31:03.0765 3808 W32Time - ok
10:31:03.0796 3808 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:31:03.0796 3808 Wanarp - ok
10:31:03.0828 3808 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
10:31:03.0828 3808 Wdf01000 - ok
10:31:03.0828 3808 WDICA - ok
10:31:03.0859 3808 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:31:03.0859 3808 wdmaud - ok
10:31:03.0890 3808 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:31:03.0890 3808 WebClient - ok
10:31:03.0968 3808 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:31:03.0968 3808 winmgmt - ok
10:31:04.0015 3808 [ 845AF1BA23C8D5E64DEF61BCC441604C ] WinRing0_1_2_0 F:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys
10:31:04.0046 3808 WinRing0_1_2_0 - ok
10:31:04.0062 3808 [ 5D410936831F7FB58EFF941EAC3F6D3D ] WmBEnum C:\WINDOWS\system32\drivers\WmBEnum.sys
10:31:04.0062 3808 WmBEnum - ok
10:31:04.0093 3808 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
10:31:04.0093 3808 WmdmPmSN - ok
10:31:04.0109 3808 [ 7A13CFDE92956CA61A0927D766C5AD4F ] WmFilter C:\WINDOWS\system32\drivers\WmFilter.sys
10:31:04.0109 3808 WmFilter - ok
10:31:04.0125 3808 [ 1F596392149CAC51F7C095AF7D533934 ] WmHidLo C:\WINDOWS\system32\drivers\WmHidLo.sys
10:31:04.0125 3808 WmHidLo - ok
10:31:04.0156 3808 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
10:31:04.0187 3808 Wmi - ok
10:31:04.0218 3808 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
10:31:04.0296 3808 WmiApSrv - ok
10:31:04.0500 3808 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
10:31:04.0687 3808 WMPNetworkSvc - ok
10:31:04.0703 3808 [ 6F04646BC690F8BBFC344BE32A60796D ] WmVirHid C:\WINDOWS\system32\drivers\WmVirHid.sys
10:31:04.0703 3808 WmVirHid - ok
10:31:04.0718 3808 [ 1D6CA43D562333F4DFB40BCEF2453F3A ] WmXlCore C:\WINDOWS\system32\drivers\WmXlCore.sys
10:31:04.0718 3808 WmXlCore - ok
10:31:04.0781 3808 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:31:04.0812 3808 WPFFontCache_v0400 - ok
10:31:04.0843 3808 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:31:04.0843 3808 WS2IFSL - ok
10:31:04.0875 3808 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:31:04.0875 3808 wscsvc - ok
10:31:04.0906 3808 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:31:04.0906 3808 wuauserv - ok
10:31:04.0921 3808 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:31:04.0937 3808 WudfPf - ok
10:31:04.0937 3808 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:31:04.0953 3808 WudfRd - ok
10:31:04.0953 3808 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
10:31:04.0953 3808 WudfSvc - ok
10:31:05.0000 3808 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:31:05.0031 3808 WZCSVC - ok
10:31:05.0062 3808 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:31:05.0062 3808 xmlprov - ok
10:31:05.0062 3808 ================ Scan global ===============================
10:31:05.0093 3808 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:31:05.0109 3808 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:31:05.0125 3808 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:31:05.0140 3808 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:31:05.0140 3808 [Global] - ok
10:31:05.0140 3808 ================ Scan MBR ==================================
10:31:05.0156 3808 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
10:31:05.0343 3808 \Device\Harddisk1\DR1 - ok
10:31:05.0359 3808 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
10:31:05.0562 3808 \Device\Harddisk2\DR2 - ok
10:31:05.0578 3808 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:31:05.0578 3808 \Device\Harddisk0\DR0 - ok
10:31:05.0593 3808 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR15
10:31:05.0593 3808 \Device\Harddisk3\DR15 - ok
10:31:05.0593 3808 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR15
10:31:05.0593 3808 \Device\Harddisk3\DR15 - ok
10:31:05.0593 3808 ================ Scan VBR ==================================
10:31:05.0609 3808 [ 1464E117605592828F87AFFA6CB94672 ] \Device\Harddisk1\DR1\Partition1
10:31:05.0609 3808 \Device\Harddisk1\DR1\Partition1 - ok
10:31:05.0625 3808 [ 637AED9920FF15B470E1C3DC1ACDB840 ] \Device\Harddisk1\DR1\Partition2
10:31:05.0625 3808 \Device\Harddisk1\DR1\Partition2 - ok
10:31:05.0640 3808 [ 130FF3BC175BC4505E5462260A4FAB90 ] \Device\Harddisk1\DR1\Partition3
10:31:05.0640 3808 \Device\Harddisk1\DR1\Partition3 - ok
10:31:05.0656 3808 [ A644D170CE0BE1BC7E9FF0E34AC04A59 ] \Device\Harddisk1\DR1\Partition4
10:31:05.0656 3808 \Device\Harddisk1\DR1\Partition4 - ok
10:31:05.0656 3808 [ 01F7FC6250119AE9801E9D933903F7F4 ] \Device\Harddisk2\DR2\Partition1
10:31:05.0656 3808 \Device\Harddisk2\DR2\Partition1 - ok
10:31:05.0671 3808 [ 9C79F474D49AE96AEFC3AF621E5E8737 ] \Device\Harddisk2\DR2\Partition2
10:31:05.0671 3808 \Device\Harddisk2\DR2\Partition2 - ok
10:31:05.0687 3808 [ ED0A570A1686F8A6B55653BA84D58E5F ] \Device\Harddisk2\DR2\Partition3
10:31:05.0687 3808 \Device\Harddisk2\DR2\Partition3 - ok
10:31:05.0703 3808 [ 2DB01DA06668002ACB976A49E9DB4B01 ] \Device\Harddisk2\DR2\Partition4
10:31:05.0703 3808 \Device\Harddisk2\DR2\Partition4 - ok
10:31:05.0703 3808 [ 4DC36D6644E448D0AFCBBF136CAF5660 ] \Device\Harddisk0\DR0\Partition1
10:31:05.0703 3808 \Device\Harddisk0\DR0\Partition1 - ok
10:31:05.0718 3808 [ F3397BE7B60BEE673398C499A66A6FCD ] \Device\Harddisk0\DR0\Partition2
10:31:05.0718 3808 \Device\Harddisk0\DR0\Partition2 - ok
10:31:05.0734 3808 [ 72C6A858185462E4EC9E96BD8581465A ] \Device\Harddisk0\DR0\Partition3
10:31:05.0734 3808 \Device\Harddisk0\DR0\Partition3 - ok
10:31:05.0750 3808 [ C532384964A8B01022104EBA4885ED7F ] \Device\Harddisk0\DR0\Partition4
10:31:05.0750 3808 \Device\Harddisk0\DR0\Partition4 - ok
10:31:05.0765 3808 [ C86135E6A244D53E3D0DF9F4B5DC771C ] \Device\Harddisk3\DR15\Partition1
10:31:05.0765 3808 \Device\Harddisk3\DR15\Partition1 - ok
10:31:05.0765 3808 [ C86135E6A244D53E3D0DF9F4B5DC771C ] \Device\Harddisk3\DR15\Partition1
10:31:05.0765 3808 \Device\Harddisk3\DR15\Partition1 - ok
10:31:05.0765 3808 ============================================================
10:31:05.0765 3808 Scan finished
10:31:05.0765 3808 ============================================================
10:31:05.0765 3064 Detected object count: 0
10:31:05.0765 3064 Actual detected object count: 0
10:31:51.0312 2136 Deinitialize success

Blade81
2012-11-02, 16:58
Go to c:\windows\inf folder. See if ie.inf file exists there. Right-click it and select install.

ciglioverde
2012-11-02, 19:18
I did as you asked ..
it looked for a few files, either on my Xp cd or in one of the service pack updates ..
But at the end I got a rundll error
Rundll
Error in iesetup.dll
Missing entry :IEAccessSysInst

Now if I click Internet Explorer without addons from the system tools page i get Internet Explorer has encountered a problem and needs to close , and a 'click here' for more information about the error.

Error signature ....
AppName; iexplore.exe AppVer; 6..0.2900.5512 ModName urlmon.dll
ModVer; 8.0.6001.19328 Offset 0003e542


and further more detailed technical report I barely comprehend. :-)

any further ahead ?

Blade81
2012-11-02, 22:34
Hi,

I'm afraid it's time to face the facts and use reformat option. There're no enough clues to find out where the problem lies :sad:

ciglioverde
2012-11-03, 10:09
That's OK .. no worries , thanks for trying ;-)

Blade81
2012-11-03, 12:48
You're welcome :)