Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 25

Thread: An infection that I can't find.

  1. #11
    Junior Member
    Join Date
    Mar 2013
    Posts
    18

    Default Ran MalwareBytes Successfully

    Hi,

    In the future please specify how to run MalwareBytes "full" or "quick". Log is of a Full scan. Did not find anything.

    Thanks,
    Ray
    Next???


    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.03.23.07

    Windows XP Service Pack 3 x86 NTFS (Safe Mode)
    Internet Explorer 8.0.6001.18702
    Ray :: RIGHTWINXP [administrator]

    3/23/2013 1:28:33 PM
    mbam-log-2013-03-23 (13-28-33).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 403512
    Time elapsed: 16 minute(s), 8 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  2. #12
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Did you delete anything out of the temps while in safe mode? Run combofix once more using the slightly changed script below, like you did before

    Click Start, then Run and type Notepad and click OK.
    Copy/paste the text in the code box below into notepad:

    Code:
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "BMGXXXXXXXX"=3-
    "BMGX"=3-
    
    File::
    c:\docume~1\Ray\LOCALS~1\Temp\AZULWXOPZZH.exe
    c:\docume~1\Ray\LOCALS~1\Temp\BMGX.exe
    c:\docume~1\Ray\LOCALS~1\Temp\TSJSRS.exe
    c:\docume~1\Ray\LOCALS~1\Temp\ZWKKQGF.exe
    
    Driver::
    AZULWXOPZZH
    BMGX.exe
    TSJSRS.exe
    ZWKKQGF.exe
    Name the Notepad file CFScript.txt and Save it to your desktop.
    Now locate the file you just saved to your desktop (CFScript.txt) and the combofix icon, also on your desktop.

    Using your mouse drag the CFScript right on top of the combofix icon and release, combofix will run, reboot and produce a new log
    please post the new combofix log in your reply.

    After the above download:
    Roguekiller.exe

    Download & SAVE to Rougekiller to your desktop
    Close any running programs
    Double click to start
    For Vista or Windows 7, right-click and select run as Admin
    Once the Prescan has finished click the scan button
    Once the scan is done a report.txt will be on your desktop.
    Exit Rougekiller by going to File>Quit.
    copy/paste the RKreport saved to your DeskTop
    How Can I Reduce My Risk?

  3. #13
    Junior Member
    Join Date
    Mar 2013
    Posts
    18

    Default Ran CombiFix and RogueKiller

    ComboFix 13-03-23.01 - Ray 03/23/2013 18:13:50.26.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2383 [GMT -4:00]
    Running from: c:\documents and settings\Ray\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Ray\Desktop\CFScript.txt
    AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .
    FILE ::
    "c:\docume~1\Ray\LOCALS~1\Temp\AZULWXOPZZH.exe"
    "c:\docume~1\Ray\LOCALS~1\Temp\BMGX.exe"
    "c:\docume~1\Ray\LOCALS~1\Temp\TSJSRS.exe"
    "c:\docume~1\Ray\LOCALS~1\Temp\ZWKKQGF.exe"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-02-23 to 2013-03-23 )))))))))))))))))))))))))))))))
    .
    .
    2013-03-22 14:42 . 2013-03-23 14:11 -------- d-----w- C:\ComboFix Logs 3-22-2013
    2013-03-19 21:59 . 2013-03-19 21:59 -------- d-----w- C:\CLEAN BOOT
    2013-03-19 21:09 . 2013-03-19 21:04 678912 ----a-w- C:\MicrosoftFixit50598.msi
    2013-03-18 19:16 . 2013-03-18 19:16 -------- d-----w- C:\CFScanner
    2013-03-17 18:51 . 2013-03-17 18:51 -------- d-----w- C:\sh4ldr
    2013-03-10 20:31 . 2013-03-10 20:32 -------- d-----w- C:\Sophos
    2013-03-09 00:22 . 2013-03-09 00:23 -------- d-----w- C:\Escort
    2013-03-07 20:48 . 2013-03-07 20:48 -------- d-----r- C:\Sandbox
    2013-03-07 17:06 . 2013-03-07 17:06 -------- d-----w- C:\rsit
    2013-03-07 15:54 . 2013-03-07 15:54 -------- d-----w- C:\Deleted Autoruns
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-08 23:02 . 2013-01-14 15:23 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2013-02-12 00:32 . 2008-04-13 17:56 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
    2013-02-12 00:32 . 2008-04-13 17:56 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-02-05 20:05 . 2012-12-26 20:16 916480 ----a-w- c:\windows\system32\wininet.dll
    2013-02-05 20:05 . 2012-12-26 20:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-02-05 20:05 . 2012-12-26 20:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-02-05 05:53 . 2012-12-24 06:40 385024 ----a-w- c:\windows\system32\html.iec
    2013-01-28 02:36 . 2013-01-28 02:36 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
    2013-01-26 04:35 . 2013-01-26 04:35 19528 ----a-w- c:\windows\system32\fbnative.exe
    2013-01-26 04:35 . 2013-01-26 04:35 185672 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
    2013-01-26 04:35 . 2013-01-26 04:35 40648 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
    2013-01-26 04:35 . 2013-01-26 04:35 14920 ----a-w- c:\windows\system32\drivers\eudskacs.sys
    2013-01-26 04:35 . 2013-01-26 04:35 50248 ----a-w- c:\windows\system32\drivers\eubakup.sys
    2013-01-26 03:55 . 2013-01-26 03:55 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-25 16:02 . 2013-01-25 16:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2013-01-25 16:02 . 2013-01-25 16:02 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-01-25 16:02 . 2013-01-25 16:02 473072 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-07 01:19 . 2013-01-07 01:19 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:37 . 2013-01-07 00:37 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20 . 2013-01-04 01:20 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49 . 2013-01-02 06:49 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49 . 2013-01-02 06:49 1292288 ----a-w- c:\windows\system32\quartz.dll
    2012-06-14 22:20 . 2012-06-14 22:20 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartupDelayer"="d:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2013-03-07 1081856]
    "SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
    "SDTray"="d:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
    "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-31 15496552]
    "EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2013-01-26 70728]
    "EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2013-01-26 1372232]
    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-03-05 418024]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-11-24 356376]
    .
    c:\documents and settings\Ray\Start Menu\Programs\Startup\
    CProcess.cfg [2013-3-23 860]
    CProcess.exe [2008-5-22 36352]
    Efficient Reminder Free.lnk - c:\program files\Efficient Reminder Free\EfficientReminderFree.exe [2013-1-2 10981888]
    PlexRadar.lnk - c:\program files\Plextor\PlexUTILITIES\PlexRadar.exe [2013-1-9 2907136]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    del_temp.vbs [2012-2-23 1914]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    HyperSnap-DX 5.lnk - c:\program files\HyperSnap-DX 5\HprSnap5.exe [2004-10-14 1785856]
    PlexRadar.lnk - c:\program files\Plextor\PlexUTILITIES\PlexRadar.exe [2013-1-9 2907136]
    Watch.lnk - c:\program files\Mustek 1200 UB Plus\Driver\WATCH.exe [2001-11-23 364544]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
    backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Ray^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
    path=c:\documents and settings\Ray\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
    2006-02-14 12:56 460800 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-11-28 19:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-13 23:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
    2012-11-13 18:13 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2012-11-01 17:56 1263512 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-12-12 18:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
    2006-10-30 12:44 1953792 ----a-r- c:\windows\system32\JMRaidSetup.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    2010-12-13 18:37 135536 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-10-25 08:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-06-19 15:50 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "SpyHunter 4 Service"=2 (0x2)
    "SDWSCService"=2 (0x2)
    "SDUpdateService"=2 (0x2)
    "SDScannerService"=2 (0x2)
    "SbieSvc"=2 (0x2)
    "ose"=3 (0x3)
    "NVWMI"=2 (0x2)
    "NVSvc"=2 (0x2)
    "Nero BackItUp Scheduler 4.0"=2 (0x2)
    "MSCamSvc"=2 (0x2)
    "MozillaMaintenance"=3 (0x3)
    "LightScribeService"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "idsvc"=3 (0x3)
    "gusvc"=2 (0x2)
    "gupdatem"=3 (0x3)
    "gupdate1c987ea6b15f84e"=2 (0x2)
    "gupdate"=2 (0x2)
    "Guard Agent"=2 (0x2)
    "FLEXnet Licensing Service"=3 (0x3)
    "EaseUS Agent"=2 (0x2)
    "DWMRCS"=2 (0x2)
    "CTAudSvcService"=2 (0x2)
    "Creative Service for CDROM Access"=2 (0x2)
    "Creative Media Toolbox 6 Licensing Service"=3 (0x3)
    "Creative Audio Engine Licensing Service"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "AdobeFlashPlayerUpdateSvc"=3 (0x3)
    "Adobe LM Service"=2 (0x2)
    "BMGXXXXXXXX"=3 (0x3)
    "BMGX"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride /**comment**(normally it is \"1\")**comment**/"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\AIM95\\aim.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\SoulseekNS\\slsk.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\BitLord 2\\Bitlord files\\bitlord.exe"=
    "c:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"=
    "c:\\Program Files\\EaseUS\\Todo Backup\\bin\\TbService.exe"=
    "c:\\Program Files\\EaseUS\\Todo Backup\\bin\\TBConsoleUI.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
    "d:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
    "d:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
    "d:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
    "d:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
    "d:\\Program Files\\Spybot - Search & Destroy 2\\SDFiles.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    "6346:TCP"= 6346:TCP:Limewire
    "6346:UDP"= 6346:UDP:Limewire
    .
    R0 asahxp32;asahxp32;c:\windows\system32\drivers\asahxp32.sys [5/6/2011 5:13 PM 41696]
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [1/26/2013 12:35 AM 50248]
    R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [1/26/2013 12:35 AM 40648]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [3/7/2013 2:46 PM 33112]
    R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [1/26/2013 12:35 AM 14920]
    R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [1/26/2013 12:35 AM 185672]
    R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [11/24/2012 6:33 PM 43608]
    R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [8/13/2012 5:49 PM 144344]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
    R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [5/12/2011 2:05 PM 18816]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [6/27/2012 3:09 PM 35672]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [11/24/2012 6:33 PM 24408]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/24/2012 6:33 PM 24920]
    S0 fnvu;fnvu;c:\windows\system32\drivers\behy.sys --> c:\windows\system32\drivers\behy.sys [?]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [12/29/2008 11:14 AM 171032]
    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [12/29/2008 11:14 AM 171032]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [12/29/2008 11:14 AM 1324056]
    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [12/29/2008 11:14 AM 1324056]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [12/29/2008 11:14 AM 72728]
    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [12/29/2008 11:14 AM 72728]
    S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [1/27/2013 10:36 PM 23456]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [12/21/2012 2:54 PM 13896]
    S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [5/6/2011 3:57 PM 13904]
    S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [6/22/2012 11:01 AM 19984]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [12/21/2012 2:53 PM 9160]
    S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [10/10/2012 11:08 PM 34432]
    S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [10/10/2012 11:08 PM 25088]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/13/2010 2:37 PM 30576]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6/3/2011 8:36 PM 47360]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [1/14/2013 11:23 AM 13024]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
    S4 BMGX;BMGX;c:\docume~1\Ray\LOCALS~1\Temp\BMGX.exe --> c:\docume~1\Ray\LOCALS~1\Temp\BMGX.exe [?]
    S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2/1/2011 9:56 PM 79360]
    S4 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2/1/2011 10:10 PM 79360]
    S4 EaseUS Agent;EaseUS Agent Service;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [1/26/2013 12:35 AM 68168]
    S4 Guard Agent;Guard Agent Service;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [1/26/2013 12:36 AM 23624]
    S4 gupdate1c987ea6b15f84e;Google Update Service (gupdate1c987ea6b15f84e);c:\program files\Google\Update\GoogleUpdate.exe [3/6/2011 12:12 AM 136176]
    S4 NVWMI;NVIDIA WMI Provider;c:\windows\system32\nvwmi.exe [12/31/1999 8:00 PM 664424]
    S4 SDScannerService;Spybot-S&D 2 Scanner Service;d:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [3/12/2013 10:21 AM 1103392]
    S4 SDUpdateService;Spybot-S&D 2 Updating Service;d:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [3/12/2013 10:21 AM 1369624]
    S4 SDWSCService;Spybot-S&D 2 Security Center Service;d:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [3/12/2013 10:21 AM 168384]
    S4 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1/14/2013 9:33 PM 769920]
    S4 TSJSRS;TSJSRS;c:\docume~1\Ray\LOCALS~1\Temp\TSJSRS.exe --> c:\docume~1\Ray\LOCALS~1\Temp\TSJSRS.exe [?]
    S4 ZWKKQGF;ZWKKQGF;c:\docume~1\Ray\LOCALS~1\Temp\ZWKKQGF.exe --> c:\docume~1\Ray\LOCALS~1\Temp\ZWKKQGF.exe [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-03-19 15:15 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 17:47]
    .
    2013-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2013-03-23 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    - d:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-03-12 18:08]
    .
    2013-03-23 c:\windows\Tasks\GlaryInitialize.job
    - d:\program files\Glary Utilities New 3-7-13\initialize.exe [2013-03-07 20:58]
    .
    2013-03-23 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-26 17:28]
    .
    2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-06 04:12]
    .
    2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-06 04:12]
    .
    2013-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-651377827-2146997909-1003Core.job
    - c:\documents and settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-25 22:50]
    .
    2013-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-651377827-2146997909-1003UA.job
    - c:\documents and settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-25 22:50]
    .
    2013-03-13 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    - d:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-03-12 18:07]
    .
    2013-03-12 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    - d:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-03-12 18:07]
    .
    2013-03-23 c:\windows\Tasks\User_Feed_Synchronization-{795DF606-D83B-4891-BD02-5F2638647941}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.optimum.net/
    mStart Page = about:blank
    uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
    uInternet Settings,ProxyOverride = *.local;<local>
    TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
    DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://amer-ml33.amer.csc.com/dwa85W.cab
    DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
    FF - ProfilePath - c:\documents and settings\Ray\Application Data\Mozilla\Firefox\Profiles\6cr6okv0.default\
    FF - ExtSQL: 2013-01-25 11:03; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
    FF - ExtSQL: 2013-02-14 11:38; torntv2@torntv.com; c:\documents and settings\Ray\Application Data\Mozilla\Firefox\Profiles\6cr6okv0.default\extensions\torntv2@torntv.com.xpi
    FF - ExtSQL: !HIDDEN! 2011-01-31 18:23; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - 1fde8a400000000000000022152aced0
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15750
    FF - user.js: extensions.delta.vrsn - 1.8.10.0
    FF - user.js: extensions.delta.vrsni - 1.8.10.0
    FF - user.js: extensions.delta.vrsnTs - 1.8.10.011:39
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-03-23 18:21
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1264)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(3884)
    c:\windows\system32\WININET.dll
    c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2013-03-23 18:24:40
    ComboFix-quarantined-files.txt 2013-03-23 22:24
    ComboFix2.txt 2013-03-22 15:19
    ComboFix3.txt 2013-03-22 14:54
    ComboFix4.txt 2013-03-20 19:57
    ComboFix5.txt 2013-03-23 13:34
    .
    Pre-Run: 48,996,126,720 bytes free
    Post-Run: 48,965,550,080 bytes free
    .
    - - End Of File - - 2BFD7078171C6FD05360C5B9C5899D10

    _________________________________________________________________


    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Ray [Admin rights]
    Mode : Scan -- Date : 03/23/2013 18:57:43
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 1 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3500630AS +++++
    --- User ---
    [MBR] 1abe93979b2dbe79cf8f51cd4711ed80
    [BSP] 21a0857be101ba19f44717e4f1fb3047 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive1: SAMSUNG HD103SI +++++
    --- User ---
    [MBR] 7c2d1787dda1ca0ab05b91036f3580ec
    [BSP] 5c2b22220f055145a9b1c7369ff5f509 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: WDC WD1002FAEX-00Z3A0 +++++
    --- User ---
    [MBR] 21475e07416da8f21be13708b5f622ca
    [BSP] 5711a6dba2474de31ee3d7621a7365f8 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive3: SATA ST310005 SCSI Disk Device +++++
    --- User ---
    [MBR] bfdd3ec03803c2ccaf7f86015141d08a
    [BSP] f1a4f4c15aeb52ccce9f82a9b658d6f8 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive4: KINGSTON SH103S3120G SCSI Disk Device +++++
    --- User ---
    [MBR] dd2d907da26384e77088766ef9d6679e
    [BSP] c8ef74fb392c575a42233e04e433445d : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114472 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1]_S_03232013_02d1857.txt >>
    RKreport[1]_S_03232013_02d1857.txt

  4. #14
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    Sometimes other software can interfere with combofix trying to make changes. Winpatrol and Spybots tea timer as well as antivirus and other antimalware can interfere. I see your AV was disabled but before running combofix once more please disable/exit the others if they are running, just as a precaution. After reboot they will be active again.

    We will use combofix to delete one more file I should have included before.

    Code:
    File::
    c:\windows\system32\drivers\behy.sys
    
    Driver::
    fnvu
    Run Rougekiller once more like you did before with a change at the end:

    Close any running programs
    Double click to start
    For Vista or Windows 7, right-click and select run as Admin
    Once the Prescan has finished click the scan button
    Once the scan is done a report.txt will be on your desktop.
    Click on the delete button to remove the disable registry item it found.
    Wait until the Status box shows "Deleting Finished"
    Click on "Report" and copy/paste the content of the Notepad into your next reply.
    The log should also be found in RKreport.txt on your Desktop
    Exit/Close RogueKiller
    How Can I Reduce My Risk?

  5. #15
    Junior Member
    Join Date
    Mar 2013
    Posts
    18

    Default Ran ComboFix & RougueKiller again

    Hi,
    Ran ComboFix & RougueKiller again. CF found, deleted and restored a sys file and RougeKiller deleted a reg entry. Looking thru the CF log I am still seeing "BMGX" as well as the files we deleted along with "BMGX" in my temp folder. Did a file re-infect the box? Below are the logs:

    Thank you,
    Ray

    ComboFix 13-03-24.03 - Ray 03/24/2013 12:12:43.27.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2442 [GMT -4:00]
    Running from: c:\documents and settings\Ray\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Ray\Desktop\CFScript.txt
    AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .
    FILE ::
    "c:\windows\system32\drivers\behy.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    Infected copy of c:\windows\system32\Restore\rstrui.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\rstrui.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_fnvu
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-02-24 to 2013-03-24 )))))))))))))))))))))))))))))))
    .
    .
    2013-03-22 14:42 . 2013-03-23 14:11 -------- d-----w- C:\ComboFix Logs 3-22-2013
    2013-03-19 21:59 . 2013-03-19 21:59 -------- d-----w- C:\CLEAN BOOT
    2013-03-19 21:09 . 2013-03-19 21:04 678912 ----a-w- C:\MicrosoftFixit50598.msi
    2013-03-18 19:16 . 2013-03-18 19:16 -------- d-----w- C:\CFScanner
    2013-03-17 18:51 . 2013-03-17 18:51 -------- d-----w- C:\sh4ldr
    2013-03-10 20:31 . 2013-03-10 20:32 -------- d-----w- C:\Sophos
    2013-03-09 00:22 . 2013-03-09 00:23 -------- d-----w- C:\Escort
    2013-03-07 20:48 . 2013-03-07 20:48 -------- d-----r- C:\Sandbox
    2013-03-07 17:06 . 2013-03-07 17:06 -------- d-----w- C:\rsit
    2013-03-07 15:54 . 2013-03-07 15:54 -------- d-----w- C:\Deleted Autoruns
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-08 23:02 . 2013-01-14 15:23 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2013-02-12 00:32 . 2008-04-13 17:56 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
    2013-02-12 00:32 . 2008-04-13 17:56 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-02-05 20:05 . 2012-12-26 20:16 916480 ----a-w- c:\windows\system32\wininet.dll
    2013-02-05 20:05 . 2012-12-26 20:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-02-05 20:05 . 2012-12-26 20:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-02-05 05:53 . 2012-12-24 06:40 385024 ----a-w- c:\windows\system32\html.iec
    2013-01-28 02:36 . 2013-01-28 02:36 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
    2013-01-26 04:35 . 2013-01-26 04:35 19528 ----a-w- c:\windows\system32\fbnative.exe
    2013-01-26 04:35 . 2013-01-26 04:35 185672 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
    2013-01-26 04:35 . 2013-01-26 04:35 40648 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
    2013-01-26 04:35 . 2013-01-26 04:35 14920 ----a-w- c:\windows\system32\drivers\eudskacs.sys
    2013-01-26 04:35 . 2013-01-26 04:35 50248 ----a-w- c:\windows\system32\drivers\eubakup.sys
    2013-01-26 03:55 . 2013-01-26 03:55 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-25 16:02 . 2013-01-25 16:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2013-01-25 16:02 . 2013-01-25 16:02 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-01-25 16:02 . 2013-01-25 16:02 473072 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-07 01:19 . 2013-01-07 01:19 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:37 . 2013-01-07 00:37 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20 . 2013-01-04 01:20 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49 . 2013-01-02 06:49 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49 . 2013-01-02 06:49 1292288 ----a-w- c:\windows\system32\quartz.dll
    2012-06-14 22:20 . 2012-06-14 22:20 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartupDelayer"="d:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2013-03-07 1081856]
    "SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
    "SDTray"="d:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
    "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-31 15496552]
    "EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2013-01-26 70728]
    "EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2013-01-26 1372232]
    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-03-05 418024]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-11-24 356376]
    .
    c:\documents and settings\Ray\Start Menu\Programs\Startup\
    CProcess.cfg [2013-3-23 860]
    CProcess.exe [2008-5-22 36352]
    Efficient Reminder Free.lnk - c:\program files\Efficient Reminder Free\EfficientReminderFree.exe [2013-1-2 10981888]
    PlexRadar.lnk - c:\program files\Plextor\PlexUTILITIES\PlexRadar.exe [2013-1-9 2907136]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    del_temp.vbs [2012-2-23 1914]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    HyperSnap-DX 5.lnk - c:\program files\HyperSnap-DX 5\HprSnap5.exe [2004-10-14 1785856]
    PlexRadar.lnk - c:\program files\Plextor\PlexUTILITIES\PlexRadar.exe [2013-1-9 2907136]
    Watch.lnk - c:\program files\Mustek 1200 UB Plus\Driver\WATCH.exe [2001-11-23 364544]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
    backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Ray^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
    path=c:\documents and settings\Ray\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
    2006-02-14 12:56 460800 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-11-28 19:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-13 23:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
    2012-11-13 18:13 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2012-11-01 17:56 1263512 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-12-12 18:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
    2006-10-30 12:44 1953792 ----a-r- c:\windows\system32\JMRaidSetup.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    2010-12-13 18:37 135536 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-10-25 08:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-06-19 15:50 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "SpyHunter 4 Service"=2 (0x2)
    "SDWSCService"=2 (0x2)
    "SDUpdateService"=2 (0x2)
    "SDScannerService"=2 (0x2)
    "SbieSvc"=2 (0x2)
    "ose"=3 (0x3)
    "NVWMI"=2 (0x2)
    "NVSvc"=2 (0x2)
    "Nero BackItUp Scheduler 4.0"=2 (0x2)
    "MSCamSvc"=2 (0x2)
    "MozillaMaintenance"=3 (0x3)
    "LightScribeService"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "idsvc"=3 (0x3)
    "gusvc"=2 (0x2)
    "gupdatem"=3 (0x3)
    "gupdate1c987ea6b15f84e"=2 (0x2)
    "gupdate"=2 (0x2)
    "Guard Agent"=2 (0x2)
    "FLEXnet Licensing Service"=3 (0x3)
    "EaseUS Agent"=2 (0x2)
    "DWMRCS"=2 (0x2)
    "CTAudSvcService"=2 (0x2)
    "Creative Service for CDROM Access"=2 (0x2)
    "Creative Media Toolbox 6 Licensing Service"=3 (0x3)
    "Creative Audio Engine Licensing Service"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "AdobeFlashPlayerUpdateSvc"=3 (0x3)
    "Adobe LM Service"=2 (0x2)
    "BMGXXXXXXXX"=3 (0x3)
    "BMGX"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride /**comment**(normally it is \"1\")**comment**/"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\AIM95\\aim.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\SoulseekNS\\slsk.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\BitLord 2\\Bitlord files\\bitlord.exe"=
    "c:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"=
    "c:\\Program Files\\EaseUS\\Todo Backup\\bin\\TbService.exe"=
    "c:\\Program Files\\EaseUS\\Todo Backup\\bin\\TBConsoleUI.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
    "d:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
    "d:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
    "d:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
    "d:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
    "d:\\Program Files\\Spybot - Search & Destroy 2\\SDFiles.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    "6346:TCP"= 6346:TCP:Limewire
    "6346:UDP"= 6346:UDP:Limewire
    .
    R0 asahxp32;asahxp32;c:\windows\system32\drivers\asahxp32.sys [5/6/2011 5:13 PM 41696]
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [1/26/2013 12:35 AM 50248]
    R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [1/26/2013 12:35 AM 40648]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [3/7/2013 2:46 PM 33112]
    R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [1/26/2013 12:35 AM 14920]
    R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [1/26/2013 12:35 AM 185672]
    R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [11/24/2012 6:33 PM 43608]
    R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [8/13/2012 5:49 PM 144344]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
    R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [5/12/2011 2:05 PM 18816]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [6/27/2012 3:09 PM 35672]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [11/24/2012 6:33 PM 24408]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/24/2012 6:33 PM 24920]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [12/29/2008 11:14 AM 171032]
    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [12/29/2008 11:14 AM 171032]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [12/29/2008 11:14 AM 1324056]
    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [12/29/2008 11:14 AM 1324056]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [12/29/2008 11:14 AM 72728]
    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [12/29/2008 11:14 AM 72728]
    S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [1/27/2013 10:36 PM 23456]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [12/21/2012 2:54 PM 13896]
    S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [5/6/2011 3:57 PM 13904]
    S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [6/22/2012 11:01 AM 19984]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [12/21/2012 2:53 PM 9160]
    S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [10/10/2012 11:08 PM 34432]
    S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [10/10/2012 11:08 PM 25088]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/13/2010 2:37 PM 30576]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6/3/2011 8:36 PM 47360]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [1/14/2013 11:23 AM 13024]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
    S4 BMGX;BMGX;c:\docume~1\Ray\LOCALS~1\Temp\BMGX.exe --> c:\docume~1\Ray\LOCALS~1\Temp\BMGX.exe [?][/COLOR]S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2/1/2011 9:56 PM 79360]
    S4 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2/1/2011 10:10 PM 79360]
    S4 EaseUS Agent;EaseUS Agent Service;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [1/26/2013 12:35 AM 68168]
    S4 Guard Agent;Guard Agent Service;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [1/26/2013 12:36 AM 23624]
    S4 gupdate1c987ea6b15f84e;Google Update Service (gupdate1c987ea6b15f84e);c:\program files\Google\Update\GoogleUpdate.exe [3/6/2011 12:12 AM 136176]
    S4 NVWMI;NVIDIA WMI Provider;c:\windows\system32\nvwmi.exe [12/31/1999 8:00 PM 664424]
    S4 SDScannerService;Spybot-S&D 2 Scanner Service;d:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [3/12/2013 10:21 AM 1103392]
    S4 SDUpdateService;Spybot-S&D 2 Updating Service;d:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [3/12/2013 10:21 AM 1369624]
    S4 SDWSCService;Spybot-S&D 2 Security Center Service;d:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [3/12/2013 10:21 AM 168384]
    S4 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1/14/2013 9:33 PM 769920]
    S4 TSJSRS;TSJSRS;c:\docume~1\Ray\LOCALS~1\Temp\TSJSRS.exe --> c:\docume~1\Ray\LOCALS~1\Temp\TSJSRS.exe [?]
    S4 ZWKKQGF;ZWKKQGF;c:\docume~1\Ray\LOCALS~1\Temp\ZWKKQGF.exe --> c:\docume~1\Ray\LOCALS~1\Temp\ZWKKQGF.exe [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-03-19 15:15 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 17:47]
    .
    2013-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2013-03-24 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    - d:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-03-12 18:08]
    .
    2013-03-24 c:\windows\Tasks\GlaryInitialize.job
    - d:\program files\Glary Utilities New 3-7-13\initialize.exe [2013-03-07 20:58]
    .
    2013-03-23 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-26 17:28]
    .
    2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-06 04:12]
    .
    2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-06 04:12]
    .
    2013-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-651377827-2146997909-1003Core.job
    - c:\documents and settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-25 22:50]
    .
    2013-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-651377827-2146997909-1003UA.job
    - c:\documents and settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-25 22:50]
    .
    2013-03-13 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    - d:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-03-12 18:07]
    .
    2013-03-12 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    - d:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-03-12 18:07]
    .
    2013-03-24 c:\windows\Tasks\User_Feed_Synchronization-{795DF606-D83B-4891-BD02-5F2638647941}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.optimum.net/
    mStart Page = about:blank
    uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
    uInternet Settings,ProxyOverride = *.local;<local>
    TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
    DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://amer-ml33.amer.csc.com/dwa85W.cab
    DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
    FF - ProfilePath - c:\documents and settings\Ray\Application Data\Mozilla\Firefox\Profiles\6cr6okv0.default\
    FF - ExtSQL: 2013-01-25 11:03; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
    FF - ExtSQL: 2013-02-14 11:38; torntv2@torntv.com; c:\documents and settings\Ray\Application Data\Mozilla\Firefox\Profiles\6cr6okv0.default\extensions\torntv2@torntv.com.xpi
    FF - ExtSQL: !HIDDEN! 2011-01-31 18:23; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - 1fde8a400000000000000022152aced0
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15750
    FF - user.js: extensions.delta.vrsn - 1.8.10.0
    FF - user.js: extensions.delta.vrsni - 1.8.10.0
    FF - user.js: extensions.delta.vrsnTs - 1.8.10.011:39
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-03-24 12:24
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1268)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(5292)
    c:\windows\system32\WININET.dll
    c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\locator.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\RTHDCPL.EXE
    c:\documents and settings\Ray\Start Menu\Programs\Startup\CProcess.exe
    c:\windows\StartupMonitor.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    .
    **************************************************************************
    .
    Completion time: 2013-03-24 12:28:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-03-24 16:28
    ComboFix2.txt 2013-03-23 22:24
    ComboFix3.txt 2013-03-22 15:19
    ComboFix4.txt 2013-03-22 14:54
    ComboFix5.txt 2013-03-24 16:10
    .
    Pre-Run: 48,972,357,632 bytes free
    Post-Run: 48,940,695,552 bytes free
    .
    - - End Of File - - 993893FE25FFBB093E432ACC0CAF5B8F

    _________________________________________________________________

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Ray [Admin rights]
    Mode : Remove -- Date : 03/24/2013 12:44:45
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] StartupMonitor.exe -- C:\WINDOWS\StartupMonitor.exe [-] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 1 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3500630AS +++++
    --- User ---
    [MBR] 1abe93979b2dbe79cf8f51cd4711ed80
    [BSP] 21a0857be101ba19f44717e4f1fb3047 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive1: SAMSUNG HD103SI +++++
    --- User ---
    [MBR] 7c2d1787dda1ca0ab05b91036f3580ec
    [BSP] 5c2b22220f055145a9b1c7369ff5f509 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: WDC WD1002FAEX-00Z3A0 +++++
    --- User ---
    [MBR] 21475e07416da8f21be13708b5f622ca
    [BSP] 5711a6dba2474de31ee3d7621a7365f8 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive3: SATA ST310005 SCSI Disk Device +++++
    --- User ---
    [MBR] bfdd3ec03803c2ccaf7f86015141d08a
    [BSP] f1a4f4c15aeb52ccce9f82a9b658d6f8 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive4: KINGSTON SH103S3120G SCSI Disk Device +++++
    --- User ---
    [MBR] dd2d907da26384e77088766ef9d6679e
    [BSP] c8ef74fb392c575a42233e04e433445d : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114472 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2]_D_03242013_02d1244.txt >>
    RKreport[1]_S_03242013_02d1241.txt ; RKreport[2]_D_03242013_02d1244.txt

  6. #16
    Junior Member
    Join Date
    Mar 2013
    Posts
    18

    Default System back to original symptom

    Hi,
    After performing the above, the system began hanging again. Box was unusable and hard to hard reboot. When it came back up, I re-ran combofix with the CFScript.txt which I included the files/drivers/registry entries from both of the emails from you. I get the feeling that the box gets re-infected during boot-up. Below is the log:
    Thanks,
    Ray


    ComboFix 13-03-24.03 - Ray 03/24/2013 13:17:51.28.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2389 [GMT -4:00]
    Running from: c:\documents and settings\Ray\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Ray\Desktop\CFScript.txt
    AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .
    FILE ::
    "c:\docume~1\Ray\LOCALS~1\Temp\AZULWXOPZZH.exe"
    "c:\docume~1\Ray\LOCALS~1\Temp\BMGX.exe"
    "c:\docume~1\Ray\LOCALS~1\Temp\TSJSRS.exe"
    "c:\docume~1\Ray\LOCALS~1\Temp\ZWKKQGF.exe"
    "c:\windows\system32\drivers\behy.sys"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-02-24 to 2013-03-24 )))))))))))))))))))))))))))))))
    .
    .
    2013-03-22 14:42 . 2013-03-23 14:11 -------- d-----w- C:\ComboFix Logs 3-22-2013
    2013-03-19 21:59 . 2013-03-19 21:59 -------- d-----w- C:\CLEAN BOOT
    2013-03-19 21:09 . 2013-03-19 21:04 678912 ----a-w- C:\MicrosoftFixit50598.msi
    2013-03-18 19:16 . 2013-03-18 19:16 -------- d-----w- C:\CFScanner
    2013-03-17 18:51 . 2013-03-17 18:51 -------- d-----w- C:\sh4ldr
    2013-03-10 20:31 . 2013-03-10 20:32 -------- d-----w- C:\Sophos
    2013-03-09 00:22 . 2013-03-09 00:23 -------- d-----w- C:\Escort
    2013-03-07 20:48 . 2013-03-07 20:48 -------- d-----r- C:\Sandbox
    2013-03-07 17:06 . 2013-03-07 17:06 -------- d-----w- C:\rsit
    2013-03-07 15:54 . 2013-03-07 15:54 -------- d-----w- C:\Deleted Autoruns
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-08 23:02 . 2013-01-14 15:23 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2013-02-12 00:32 . 2008-04-13 17:56 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
    2013-02-12 00:32 . 2008-04-13 17:56 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-02-05 20:05 . 2012-12-26 20:16 916480 ----a-w- c:\windows\system32\wininet.dll
    2013-02-05 20:05 . 2012-12-26 20:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-02-05 20:05 . 2012-12-26 20:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-02-05 05:53 . 2012-12-24 06:40 385024 ----a-w- c:\windows\system32\html.iec
    2013-01-28 02:36 . 2013-01-28 02:36 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
    2013-01-26 04:35 . 2013-01-26 04:35 19528 ----a-w- c:\windows\system32\fbnative.exe
    2013-01-26 04:35 . 2013-01-26 04:35 185672 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
    2013-01-26 04:35 . 2013-01-26 04:35 40648 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
    2013-01-26 04:35 . 2013-01-26 04:35 14920 ----a-w- c:\windows\system32\drivers\eudskacs.sys
    2013-01-26 04:35 . 2013-01-26 04:35 50248 ----a-w- c:\windows\system32\drivers\eubakup.sys
    2013-01-26 03:55 . 2013-01-26 03:55 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-25 16:02 . 2013-01-25 16:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2013-01-25 16:02 . 2013-01-25 16:02 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-01-25 16:02 . 2013-01-25 16:02 473072 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-07 01:19 . 2013-01-07 01:19 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:37 . 2013-01-07 00:37 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20 . 2013-01-04 01:20 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49 . 2013-01-02 06:49 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49 . 2013-01-02 06:49 1292288 ----a-w- c:\windows\system32\quartz.dll
    2012-06-14 22:20 . 2012-06-14 22:20 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartupDelayer"="d:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2013-03-07 1081856]
    "SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
    "SDTray"="d:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
    "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-31 15496552]
    "EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2013-01-26 70728]
    "EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2013-01-26 1372232]
    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-03-05 418024]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-11-24 356376]
    .
    c:\documents and settings\Ray\Start Menu\Programs\Startup\
    CProcess.cfg [2013-3-23 860]
    CProcess.exe [2008-5-22 36352]
    Efficient Reminder Free.lnk - c:\program files\Efficient Reminder Free\EfficientReminderFree.exe [2013-1-2 10981888]
    PlexRadar.lnk - c:\program files\Plextor\PlexUTILITIES\PlexRadar.exe [2013-1-9 2907136]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    del_temp.vbs [2012-2-23 1914]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    HyperSnap-DX 5.lnk - c:\program files\HyperSnap-DX 5\HprSnap5.exe [2004-10-14 1785856]
    PlexRadar.lnk - c:\program files\Plextor\PlexUTILITIES\PlexRadar.exe [2013-1-9 2907136]
    Watch.lnk - c:\program files\Mustek 1200 UB Plus\Driver\WATCH.exe [2001-11-23 364544]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
    backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Ray^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
    path=c:\documents and settings\Ray\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
    2006-02-14 12:56 460800 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-11-28 19:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-13 23:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
    2012-11-13 18:13 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2012-11-01 17:56 1263512 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-12-12 18:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
    2006-10-30 12:44 1953792 ----a-r- c:\windows\system32\JMRaidSetup.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    2010-12-13 18:37 135536 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-10-25 08:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-06-19 15:50 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "SpyHunter 4 Service"=2 (0x2)
    "SDWSCService"=2 (0x2)
    "SDUpdateService"=2 (0x2)
    "SDScannerService"=2 (0x2)
    "SbieSvc"=2 (0x2)
    "ose"=3 (0x3)
    "NVWMI"=2 (0x2)
    "NVSvc"=2 (0x2)
    "Nero BackItUp Scheduler 4.0"=2 (0x2)
    "MSCamSvc"=2 (0x2)
    "MozillaMaintenance"=3 (0x3)
    "LightScribeService"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "idsvc"=3 (0x3)
    "gusvc"=2 (0x2)
    "gupdatem"=3 (0x3)
    "gupdate1c987ea6b15f84e"=2 (0x2)
    "gupdate"=2 (0x2)
    "Guard Agent"=2 (0x2)
    "FLEXnet Licensing Service"=3 (0x3)
    "EaseUS Agent"=2 (0x2)
    "DWMRCS"=2 (0x2)
    "CTAudSvcService"=2 (0x2)
    "Creative Service for CDROM Access"=2 (0x2)
    "Creative Media Toolbox 6 Licensing Service"=3 (0x3)
    "Creative Audio Engine Licensing Service"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "AdobeFlashPlayerUpdateSvc"=3 (0x3)
    "Adobe LM Service"=2 (0x2)
    "BMGXXXXXXXX"=3 (0x3)
    "BMGX"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride /**comment**(normally it is \"1\")**comment**/"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\AIM95\\aim.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\SoulseekNS\\slsk.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\BitLord 2\\Bitlord files\\bitlord.exe"=
    "c:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"=
    "c:\\Program Files\\EaseUS\\Todo Backup\\bin\\TbService.exe"=
    "c:\\Program Files\\EaseUS\\Todo Backup\\bin\\TBConsoleUI.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
    "d:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
    "d:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
    "d:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
    "d:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
    "d:\\Program Files\\Spybot - Search & Destroy 2\\SDFiles.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    "6346:TCP"= 6346:TCP:Limewire
    "6346:UDP"= 6346:UDP:Limewire
    .
    R0 asahxp32;asahxp32;c:\windows\system32\drivers\asahxp32.sys [5/6/2011 5:13 PM 41696]
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [1/26/2013 12:35 AM 50248]
    R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [1/26/2013 12:35 AM 40648]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [3/7/2013 2:46 PM 33112]
    R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [1/26/2013 12:35 AM 14920]
    R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [1/26/2013 12:35 AM 185672]
    R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [11/24/2012 6:33 PM 43608]
    R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [8/13/2012 5:49 PM 144344]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
    R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [5/12/2011 2:05 PM 18816]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [6/27/2012 3:09 PM 35672]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [11/24/2012 6:33 PM 24408]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/24/2012 6:33 PM 24920]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [12/29/2008 11:14 AM 171032]
    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [12/29/2008 11:14 AM 171032]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [12/29/2008 11:14 AM 1324056]
    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [12/29/2008 11:14 AM 1324056]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [12/29/2008 11:14 AM 72728]
    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [12/29/2008 11:14 AM 72728]
    S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [1/27/2013 10:36 PM 23456]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [12/21/2012 2:54 PM 13896]
    S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [5/6/2011 3:57 PM 13904]
    S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [6/22/2012 11:01 AM 19984]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [12/21/2012 2:53 PM 9160]
    S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [10/10/2012 11:08 PM 34432]
    S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [10/10/2012 11:08 PM 25088]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/13/2010 2:37 PM 30576]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6/3/2011 8:36 PM 47360]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [1/14/2013 11:23 AM 13024]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
    S4 BMGX;BMGX;c:\docume~1\Ray\LOCALS~1\Temp\BMGX.exe --> c:\docume~1\Ray\LOCALS~1\Temp\BMGX.exe [?]
    S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2/1/2011 9:56 PM 79360]
    S4 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2/1/2011 10:10 PM 79360]
    S4 EaseUS Agent;EaseUS Agent Service;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [1/26/2013 12:35 AM 68168]
    S4 Guard Agent;Guard Agent Service;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [1/26/2013 12:36 AM 23624]
    S4 gupdate1c987ea6b15f84e;Google Update Service (gupdate1c987ea6b15f84e);c:\program files\Google\Update\GoogleUpdate.exe [3/6/2011 12:12 AM 136176]
    S4 NVWMI;NVIDIA WMI Provider;c:\windows\system32\nvwmi.exe [12/31/1999 8:00 PM 664424]
    S4 SDScannerService;Spybot-S&D 2 Scanner Service;d:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [3/12/2013 10:21 AM 1103392]
    S4 SDUpdateService;Spybot-S&D 2 Updating Service;d:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [3/12/2013 10:21 AM 1369624]
    S4 SDWSCService;Spybot-S&D 2 Security Center Service;d:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [3/12/2013 10:21 AM 168384]
    S4 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1/14/2013 9:33 PM 769920]
    S4 TSJSRS;TSJSRS;c:\docume~1\Ray\LOCALS~1\Temp\TSJSRS.exe --> c:\docume~1\Ray\LOCALS~1\Temp\TSJSRS.exe [?]
    S4 ZWKKQGF;ZWKKQGF;c:\docume~1\Ray\LOCALS~1\Temp\ZWKKQGF.exe --> c:\docume~1\Ray\LOCALS~1\Temp\ZWKKQGF.exe [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-03-19 15:15 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 17:47]
    .
    2013-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2013-03-24 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    - d:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-03-12 18:08]
    .
    2013-03-24 c:\windows\Tasks\GlaryInitialize.job
    - d:\program files\Glary Utilities New 3-7-13\initialize.exe [2013-03-07 20:58]
    .
    2013-03-23 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-26 17:28]
    .
    2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-06 04:12]
    .
    2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-06 04:12]
    .
    2013-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-651377827-2146997909-1003Core.job
    - c:\documents and settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-25 22:50]
    .
    2013-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-651377827-2146997909-1003UA.job
    - c:\documents and settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-25 22:50]
    .
    2013-03-13 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    - d:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-03-12 18:07]
    .
    2013-03-12 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    - d:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-03-12 18:07]
    .
    2013-03-24 c:\windows\Tasks\User_Feed_Synchronization-{795DF606-D83B-4891-BD02-5F2638647941}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.optimum.net/
    mStart Page = about:blank
    uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
    uInternet Settings,ProxyOverride = *.local;<local>
    TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
    DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://amer-ml33.amer.csc.com/dwa85W.cab
    DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
    FF - ProfilePath - c:\documents and settings\Ray\Application Data\Mozilla\Firefox\Profiles\6cr6okv0.default\
    FF - ExtSQL: 2013-01-25 11:03; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
    FF - ExtSQL: 2013-02-14 11:38; torntv2@torntv.com; c:\documents and settings\Ray\Application Data\Mozilla\Firefox\Profiles\6cr6okv0.default\extensions\torntv2@torntv.com.xpi
    FF - ExtSQL: !HIDDEN! 2011-01-31 18:23; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - 1fde8a400000000000000022152aced0
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15750
    FF - user.js: extensions.delta.vrsn - 1.8.10.0
    FF - user.js: extensions.delta.vrsni - 1.8.10.0
    FF - user.js: extensions.delta.vrsnTs - 1.8.10.011:39
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-03-24 13:25
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1268)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(9824)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2013-03-24 13:28:39
    ComboFix-quarantined-files.txt 2013-03-24 17:28
    ComboFix2.txt 2013-03-24 16:28
    ComboFix3.txt 2013-03-23 22:24
    ComboFix4.txt 2013-03-22 15:19
    ComboFix5.txt 2013-03-24 17:15
    .
    Pre-Run: 48,966,320,128 bytes free
    Post-Run: 48,934,748,160 bytes free
    .
    - - End Of File - - 9C7CC1574228D5814EFB645395316960


    QUARANTINE FILE:

    2013-03-24 16:18:10 . 2013-03-24 16:18:10 61,376 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_fnvu.reg.dat
    2013-03-23 13:46:17 . 2013-03-23 13:46:17 2,700 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_AZULWXOPZZH.reg.dat
    2013-03-23 13:46:17 . 2013-03-23 13:46:17 830 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_AZULWXOPZZH.reg.dat
    2013-03-23 13:37:59 . 2013-03-24 17:17:43 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
    2013-03-20 16:58:57 . 2013-03-20 16:58:57 796 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_RkHit.reg.dat
    2013-03-20 16:58:57 . 2013-03-20 16:58:57 1,130 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_RKHIT.reg.dat
    2013-03-20 15:24:18 . 2010-12-30 14:54:06 34,736 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\RKHit.sys.vir
    2013-03-19 18:11:12 . 2013-03-19 18:11:27 29,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\EventSystem.log.vir
    2013-03-18 19:55:58 . 2013-03-20 17:06:19 173 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
    2013-03-18 19:33:13 . 2013-03-24 17:22:56 8,749 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2013-03-18 19:16:26 . 2013-03-24 17:15:21 663 ----a-w- C:\Qoobox\Quarantine\catchme.log
    2013-03-12 19:08:42 . 2013-03-16 14:02:32 1,934 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wininit.ini.vir
    2008-04-13 23:12:36 . 2008-04-13 23:12:36 14,336 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\svchostt.exe.vir
    2008-04-13 23:12:33 . 2008-04-13 23:12:33 380,416 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Restore\rstrui.exe.vir

  7. #17
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Lets move on to and see what TDSSkiller can find. I dont think you ran it although it may be part of your Kaspersky AV. In any case:

    Download:
    TDSSkiller to your desktop

    Click the icon, then on Change Parameters. Check the option: Detect TDLFS file system, then click ok and Start Scan

    Once the scan is done you will find a .txt file in your root drive Local Disk, usually (C) labeled as: TDSSKILLER.2.8.13.0_15.10.2012_17.34.06_log.txt (version,date time) Please post it in your reply.
    How Can I Reduce My Risk?

  8. #18
    Junior Member
    Join Date
    Mar 2013
    Posts
    18

    Default Ran TDSSKiller....found nothing.

    Just 2 update, while running WinPatrol, it intercepted attempts to change the file association of .cab. I also lost the funtion of my internet explorer. My URL shortcuts no longer funtioned as well. My url file association changed but correcting that did not restore funtion. (see attached for what it changed it to) To repair, I reinstalled IE8. Awaiting further instructions.
    Ray


    18:47:58.0187 0552 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    18:47:58.0484 0552 ============================================================
    18:47:58.0484 0552 Current date / time: 2013/03/24 18:47:58.0484
    18:47:58.0484 0552 SystemInfo:
    18:47:58.0484 0552
    18:47:58.0484 0552 OS Version: 5.1.2600 ServicePack: 3.0
    18:47:58.0484 0552 Product type: Workstation
    18:47:58.0484 0552 ComputerName: RIGHTWINXP
    18:47:58.0484 0552 UserName: Ray
    18:47:58.0484 0552 Windows directory: C:\WINDOWS
    18:47:58.0484 0552 System windows directory: C:\WINDOWS
    18:47:58.0484 0552 Processor architecture: Intel x86
    18:47:58.0484 0552 Number of processors: 2
    18:47:58.0484 0552 Page size: 0x1000
    18:47:58.0484 0552 Boot type: Normal boot
    18:47:58.0484 0552 ============================================================
    18:47:59.0593 0552 Drive \Device\Harddisk4\DR4 - Size: 0x1BF2976200 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
    18:47:59.0593 0552 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
    18:47:59.0609 0552 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    18:47:59.0609 0552 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D9265, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000050
    18:47:59.0609 0552 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    18:47:59.0609 0552 Drive \Device\Harddisk5\DR10 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    18:47:59.0609 0552 ============================================================
    18:47:59.0609 0552 \Device\Harddisk4\DR4:
    18:47:59.0609 0552 MBR partitions:
    18:47:59.0609 0552 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF947F8
    18:47:59.0609 0552 \Device\Harddisk3\DR3:
    18:47:59.0609 0552 MBR partitions:
    18:47:59.0609 0552 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x74705982
    18:47:59.0609 0552 \Device\Harddisk0\DR0:
    18:47:59.0609 0552 MBR partitions:
    18:47:59.0609 0552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
    18:47:59.0609 0552 \Device\Harddisk1\DR1:
    18:47:59.0609 0552 MBR partitions:
    18:47:59.0609 0552 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
    18:47:59.0609 0552 \Device\Harddisk2\DR2:
    18:47:59.0609 0552 MBR partitions:
    18:47:59.0609 0552 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
    18:47:59.0609 0552 \Device\Harddisk5\DR10:
    18:47:59.0625 0552 MBR partitions:
    18:47:59.0625 0552 \Device\Harddisk5\DR10\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
    18:47:59.0625 0552 ============================================================
    18:47:59.0625 0552 C: <-> \Device\Harddisk4\DR4\Partition1
    18:47:59.0640 0552 D: <-> \Device\Harddisk2\DR2\Partition1
    18:47:59.0640 0552 E: <-> \Device\Harddisk1\DR1\Partition1
    18:47:59.0640 0552 I: <-> \Device\Harddisk5\DR10\Partition1
    18:47:59.0640 0552 P: <-> \Device\Harddisk3\DR3\Partition1
    18:47:59.0656 0552 F: <-> \Device\Harddisk0\DR0\Partition1
    18:47:59.0656 0552 ============================================================
    18:47:59.0656 0552 Initialize success
    18:47:59.0656 0552 ============================================================
    18:48:33.0750 2936 ============================================================
    18:48:33.0750 2936 Scan started
    18:48:33.0750 2936 Mode: Manual; TDLFS;
    18:48:33.0750 2936 ============================================================
    18:48:34.0109 2936 ================ Scan system memory ========================
    18:48:34.0109 2936 System memory - ok
    18:48:34.0109 2936 ================ Scan services =============================
    18:48:34.0171 2936 Abiosdsk - ok
    18:48:34.0171 2936 abp480n5 - ok
    18:48:34.0187 2936 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    18:48:34.0187 2936 ACPI - ok
    18:48:34.0203 2936 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    18:48:34.0203 2936 ACPIEC - ok
    18:48:34.0203 2936 [ 4AE327C9C375D985FF2A2AAB92765218 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    18:48:34.0218 2936 Adobe LM Service - ok
    18:48:34.0218 2936 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    18:48:34.0218 2936 AdobeFlashPlayerUpdateSvc - ok
    18:48:34.0234 2936 adpu160m - ok
    18:48:34.0250 2936 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    18:48:34.0250 2936 aec - ok
    18:48:34.0265 2936 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    18:48:34.0265 2936 AFD - ok
    18:48:34.0265 2936 Aha154x - ok
    18:48:34.0281 2936 aic78u2 - ok
    18:48:34.0296 2936 aic78xx - ok
    18:48:34.0296 2936 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    18:48:34.0296 2936 Alerter - ok
    18:48:34.0312 2936 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    18:48:34.0312 2936 ALG - ok
    18:48:34.0312 2936 AliIde - ok
    18:48:34.0328 2936 [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
    18:48:34.0328 2936 AmdK7 - ok
    18:48:34.0343 2936 amsint - ok
    18:48:34.0343 2936 [ 946EF1D9A26FB005B8257CF052FB3B83 ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
    18:48:34.0343 2936 AnyDVD - ok
    18:48:34.0359 2936 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:48:34.0359 2936 Apple Mobile Device - ok
    18:48:34.0375 2936 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    18:48:34.0375 2936 AppMgmt - ok
    18:48:34.0390 2936 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
    18:48:34.0390 2936 Arp1394 - ok
    18:48:34.0406 2936 [ 6C520546FB842E7CAD0102BF2C3B3F3F ] asahxp32 C:\WINDOWS\system32\DRIVERS\asahxp32.sys
    18:48:34.0406 2936 asahxp32 - ok
    18:48:34.0406 2936 asc - ok
    18:48:34.0421 2936 asc3350p - ok
    18:48:34.0437 2936 asc3550 - ok
    18:48:34.0453 2936 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    18:48:34.0453 2936 aspnet_state - ok
    18:48:34.0468 2936 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    18:48:34.0468 2936 AsyncMac - ok
    18:48:34.0484 2936 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    18:48:34.0484 2936 atapi - ok
    18:48:34.0484 2936 Atdisk - ok
    18:48:34.0500 2936 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    18:48:34.0500 2936 Atmarpc - ok
    18:48:34.0515 2936 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    18:48:34.0515 2936 AudioSrv - ok
    18:48:34.0515 2936 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    18:48:34.0515 2936 audstub - ok
    18:48:34.0531 2936 [ DB61A6ECACD9D84405D2F3E411B25409 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
    18:48:34.0531 2936 avgtp - ok
    18:48:34.0546 2936 AVP - ok
    18:48:34.0546 2936 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    18:48:34.0546 2936 Beep - ok
    18:48:34.0562 2936 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    18:48:34.0578 2936 BITS - ok
    18:48:34.0578 2936 BMGX - ok
    18:48:34.0593 2936 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    18:48:34.0593 2936 Bonjour Service - ok
    18:48:34.0609 2936 [ F934D1B230F84E1D19DD00AC5A7A83ED ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys
    18:48:34.0609 2936 Bridge - ok
    18:48:34.0625 2936 [ F934D1B230F84E1D19DD00AC5A7A83ED ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
    18:48:34.0625 2936 BridgeMP - ok
    18:48:34.0625 2936 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    18:48:34.0625 2936 Browser - ok
    18:48:34.0640 2936 catchme - ok
    18:48:34.0640 2936 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    18:48:34.0656 2936 cbidf2k - ok
    18:48:34.0656 2936 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    18:48:34.0656 2936 CCDECODE - ok
    18:48:34.0671 2936 cd20xrnt - ok
    18:48:34.0671 2936 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    18:48:34.0671 2936 Cdaudio - ok
    18:48:34.0687 2936 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    18:48:34.0687 2936 Cdfs - ok
    18:48:34.0703 2936 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    18:48:34.0703 2936 Cdrom - ok
    18:48:34.0703 2936 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    18:48:34.0703 2936 CiSvc - ok
    18:48:34.0718 2936 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    18:48:34.0718 2936 ClipSrv - ok
    18:48:34.0718 2936 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:48:34.0734 2936 clr_optimization_v2.0.50727_32 - ok
    18:48:34.0734 2936 CmdIde - ok
    18:48:34.0750 2936 COMSysApp - ok
    18:48:34.0765 2936 Cpqarray - ok
    18:48:34.0765 2936 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    18:48:34.0781 2936 Creative Audio Engine Licensing Service - ok
    18:48:34.0781 2936 [ D03466C36EF0E5C7694FF38B45271D9D ] Creative Media Toolbox 6 Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
    18:48:34.0781 2936 Creative Media Toolbox 6 Licensing Service - ok
    18:48:34.0796 2936 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
    18:48:34.0796 2936 Creative Service for CDROM Access - ok
    18:48:34.0796 2936 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    18:48:34.0796 2936 CryptSvc - ok
    18:48:34.0812 2936 [ 6F778D290F57D6137B7F258725D6D5F6 ] CT20XUT C:\WINDOWS\system32\drivers\CT20XUT.SYS
    18:48:34.0812 2936 CT20XUT - ok
    18:48:34.0828 2936 [ 6F778D290F57D6137B7F258725D6D5F6 ] CT20XUT.SYS C:\WINDOWS\System32\drivers\CT20XUT.SYS
    18:48:34.0828 2936 CT20XUT.SYS - ok
    18:48:34.0843 2936 [ 3404D052223E2C8F2CCD746C21680E65 ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
    18:48:34.0859 2936 ctac32k - ok
    18:48:34.0875 2936 [ 8254A1775B91B3C7644BC5D684F4AA59 ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys
    18:48:34.0875 2936 ctaud2k - ok
    18:48:34.0890 2936 [ 69CDBA2B9C397E349A04FA70DD9170A2 ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    18:48:34.0890 2936 CTAudSvcService - ok
    18:48:34.0906 2936 [ AC816D2A85C2673ADC5340D5CDEAB6B2 ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys
    18:48:34.0906 2936 ctdvda2k - ok
    18:48:34.0937 2936 [ 6D4CEF46BB223601289DC64034401C65 ] CTEXFIFX C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
    18:48:34.0953 2936 CTEXFIFX - ok
    18:48:34.0984 2936 [ 6D4CEF46BB223601289DC64034401C65 ] CTEXFIFX.SYS C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
    18:48:34.0984 2936 CTEXFIFX.SYS - ok
    18:48:35.0000 2936 [ 44B9F2040C57CFA509548DDAB2E8BF09 ] CTHWIUT C:\WINDOWS\system32\drivers\CTHWIUT.SYS
    18:48:35.0000 2936 CTHWIUT - ok
    18:48:35.0015 2936 [ 44B9F2040C57CFA509548DDAB2E8BF09 ] CTHWIUT.SYS C:\WINDOWS\System32\drivers\CTHWIUT.SYS
    18:48:35.0015 2936 CTHWIUT.SYS - ok
    18:48:35.0015 2936 [ DF51F3D85D2A20B4E95C2002505D4210 ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
    18:48:35.0031 2936 ctprxy2k - ok
    18:48:35.0031 2936 [ 8B6595EA6912A09EAE381C594DCA4947 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
    18:48:35.0031 2936 ctsfm2k - ok
    18:48:35.0046 2936 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
    18:48:35.0046 2936 CVirtA - ok
    18:48:35.0062 2936 dac2w2k - ok
    18:48:35.0062 2936 dac960nt - ok
    18:48:35.0078 2936 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    18:48:35.0093 2936 DcomLaunch - ok
    18:48:35.0093 2936 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    18:48:35.0093 2936 Dhcp - ok
    18:48:35.0109 2936 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    18:48:35.0109 2936 Disk - ok
    18:48:35.0109 2936 dmadmin - ok
    18:48:35.0140 2936 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    18:48:35.0140 2936 dmboot - ok
    18:48:35.0156 2936 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    18:48:35.0156 2936 dmio - ok
    18:48:35.0171 2936 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    18:48:35.0171 2936 dmload - ok
    18:48:35.0187 2936 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    18:48:35.0187 2936 dmserver - ok
    18:48:35.0187 2936 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    18:48:35.0203 2936 DMusic - ok
    18:48:35.0203 2936 [ 694616F813FB627A32C9E32DEC133078 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
    18:48:35.0203 2936 DNE - ok
    18:48:35.0218 2936 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    18:48:35.0218 2936 Dnscache - ok
    18:48:35.0234 2936 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    18:48:35.0234 2936 Dot3svc - ok
    18:48:35.0250 2936 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] Dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
    18:48:35.0250 2936 Dot4 - ok
    18:48:35.0250 2936 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
    18:48:35.0265 2936 Dot4Print - ok
    18:48:35.0265 2936 [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
    18:48:35.0265 2936 dot4usb - ok
    18:48:35.0281 2936 dpti2o - ok
    18:48:35.0281 2936 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    18:48:35.0281 2936 drmkaud - ok
    18:48:35.0296 2936 [ 651554E483712B708EDE864D0CA1AA73 ] DrvAgent32 C:\WINDOWS\system32\Drivers\DrvAgent32.sys
    18:48:35.0296 2936 DrvAgent32 - ok
    18:48:35.0312 2936 DWMRCS - ok
    18:48:35.0312 2936 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    18:48:35.0312 2936 EapHost - ok
    18:48:35.0328 2936 [ 98CB51EC5384635EA6B303D5648EEF1F ] EaseUS Agent C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
    18:48:35.0328 2936 EaseUS Agent - ok
    18:48:35.0343 2936 [ 178CC9403816C082D22A1D47FA1F9C85 ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
    18:48:35.0343 2936 ElbyCDIO - ok
    18:48:35.0343 2936 [ DF9957DB3BFE5136AAD3C2C101806C98 ] ElbyDelay C:\WINDOWS\system32\Drivers\ElbyDelay.sys
    18:48:35.0359 2936 ElbyDelay - ok
    18:48:35.0359 2936 [ 6C3DCE1A5600A079B046937653933281 ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys
    18:48:35.0359 2936 emupia - ok
    18:48:35.0375 2936 [ D57F1811D8258D8D277CD9F53657EEF9 ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys
    18:48:35.0375 2936 epmntdrv - ok
    18:48:35.0390 2936 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    18:48:35.0390 2936 ERSvc - ok
    18:48:35.0390 2936 [ 2407B8164E966755BC6A4242FC9DE31E ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
    18:48:35.0406 2936 esgiguard - ok
    18:48:35.0406 2936 [ 01CE484FF6D70A39479BC6D619DE7ED6 ] EsgScanner C:\WINDOWS\system32\DRIVERS\EsgScanner.sys
    18:48:35.0421 2936 EsgScanner - ok
    18:48:35.0421 2936 [ 84D5EF7D2E978B999610482286B772DC ] EUBAKUP C:\WINDOWS\system32\drivers\eubakup.sys
    18:48:35.0437 2936 EUBAKUP - ok
    18:48:35.0437 2936 [ DA4230C9F3375A94DF36F140425336B9 ] EUBKMON C:\WINDOWS\system32\drivers\EUBKMON.sys
    18:48:35.0437 2936 EUBKMON - ok
    18:48:35.0453 2936 [ CEF620676E9D8F1207D92FCDEB63F074 ] EUDSKACS C:\WINDOWS\system32\drivers\eudskacs.sys
    18:48:35.0453 2936 EUDSKACS - ok
    18:48:35.0468 2936 [ F1BB27BC6DD385C154666ADE0D28387B ] EUFDDISK C:\WINDOWS\system32\drivers\EuFdDisk.sys
    18:48:35.0468 2936 EUFDDISK - ok
    18:48:35.0484 2936 [ F1DE3EEF501DDA7DDF99F2EDF0C5540E ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys
    18:48:35.0484 2936 EuGdiDrv - ok
    18:48:35.0500 2936 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    18:48:35.0500 2936 Eventlog - ok
    18:48:35.0515 2936 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    18:48:35.0515 2936 EventSystem - ok
    18:48:35.0515 2936 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    18:48:35.0531 2936 Fastfat - ok
    18:48:35.0531 2936 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    18:48:35.0546 2936 FastUserSwitchingCompatibility - ok
    18:48:35.0546 2936 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
    18:48:35.0562 2936 Fax - ok
    18:48:35.0562 2936 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    18:48:35.0562 2936 Fdc - ok
    18:48:35.0578 2936 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    18:48:35.0578 2936 Fips - ok
    18:48:35.0593 2936 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    18:48:35.0609 2936 FLEXnet Licensing Service - ok
    18:48:35.0625 2936 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    18:48:35.0625 2936 Flpydisk - ok
    18:48:35.0625 2936 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    18:48:35.0640 2936 FltMgr - ok
    18:48:35.0640 2936 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    18:48:35.0640 2936 FontCache3.0.0.0 - ok
    18:48:35.0656 2936 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    18:48:35.0656 2936 Fs_Rec - ok
    18:48:35.0671 2936 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    18:48:35.0671 2936 Ftdisk - ok
    18:48:35.0687 2936 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
    18:48:35.0687 2936 gameenum - ok
    18:48:35.0687 2936 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    18:48:35.0703 2936 GEARAspiWDM - ok
    18:48:35.0703 2936 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    18:48:35.0703 2936 Gpc - ok
    18:48:35.0718 2936 [ 7B90BE6811334CAA9243B89F3D3FEE1A ] GT680x C:\WINDOWS\system32\Drivers\gt680x.sys
    18:48:35.0718 2936 GT680x - ok
    18:48:35.0734 2936 [ 2FC26B450D640F72E59F43DF1D48F439 ] Guard Agent C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
    18:48:35.0734 2936 Guard Agent - ok
    18:48:35.0734 2936 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    18:48:35.0750 2936 gupdate - ok
    18:48:35.0750 2936 [ F02A533F517EB38333CB12A9E8963773 ] gupdate1c987ea6b15f84e C:\Program Files\Google\Update\GoogleUpdate.exe
    18:48:35.0765 2936 gupdate1c987ea6b15f84e - ok
    18:48:35.0765 2936 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    18:48:35.0765 2936 gupdatem - ok
    18:48:35.0781 2936 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:48:35.0781 2936 gusvc - ok
    18:48:35.0812 2936 [ 46209281D43511CE2C660821B05C2B5D ] ha20x2k C:\WINDOWS\system32\drivers\ha20x2k.sys
    18:48:35.0828 2936 ha20x2k - ok
    18:48:35.0843 2936 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    18:48:35.0843 2936 HDAudBus - ok
    18:48:35.0843 2936 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    18:48:35.0859 2936 helpsvc - ok
    18:48:35.0859 2936 [ 923EE4EEF2582909A056904CA8026015 ] hidgame C:\WINDOWS\system32\DRIVERS\hidgame.sys
    18:48:35.0859 2936 hidgame - ok
    18:48:35.0875 2936 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    18:48:35.0875 2936 HidServ - ok
    18:48:35.0890 2936 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    18:48:35.0890 2936 hidusb - ok
    18:48:35.0890 2936 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    18:48:35.0906 2936 hkmsvc - ok
    18:48:35.0906 2936 hpn - ok
    18:48:35.0921 2936 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    18:48:35.0921 2936 hpqcxs08 - ok
    18:48:35.0921 2936 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    18:48:35.0937 2936 hpqddsvc - ok
    18:48:35.0937 2936 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    18:48:35.0937 2936 HPZid412 - ok
    18:48:35.0953 2936 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    18:48:35.0953 2936 HPZipr12 - ok
    18:48:35.0968 2936 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    18:48:35.0968 2936 HPZius12 - ok
    18:48:35.0968 2936 [ 6DB36593ABDDA54C505B77A4F135D5F3 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\USR_BSC2.sys
    18:48:35.0984 2936 HSFHWBS2 - ok
    18:48:36.0000 2936 [ 01DC6300BD5B4EAA3DE6FC3FA4ADB82A ] HSF_DPV C:\WINDOWS\system32\DRIVERS\USR_MDMV.sys
    18:48:36.0015 2936 HSF_DPV - ok
    18:48:36.0031 2936 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    18:48:36.0031 2936 HTTP - ok
    18:48:36.0046 2936 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    18:48:36.0046 2936 HTTPFilter - ok
    18:48:36.0062 2936 i2omp - ok
    18:48:36.0062 2936 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    18:48:36.0062 2936 i8042prt - ok
    18:48:36.0078 2936 [ 7E9DCE459BE666AB54F67E77CB7D1297 ] ICAM3NT5 C:\WINDOWS\system32\Drivers\Icam3.sys
    18:48:36.0093 2936 ICAM3NT5 - ok
    18:48:36.0109 2936 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    18:48:36.0125 2936 idsvc - ok
    18:48:36.0125 2936 [ 0A7C49B48C772591A2D362DAA00246C8 ] imagedrv C:\WINDOWS\system32\Drivers\imagedrv.sys
    18:48:36.0140 2936 imagedrv - ok
    18:48:36.0140 2936 [ 549BA4F539E7B8D8129500B96DD7B27A ] imagesrv C:\WINDOWS\system32\DRIVERS\imagesrv.sys
    18:48:36.0156 2936 imagesrv - ok
    18:48:36.0156 2936 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    18:48:36.0171 2936 Imapi - ok
    18:48:36.0187 2936 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    18:48:36.0187 2936 ImapiService - ok
    18:48:36.0187 2936 InCDfs - ok
    18:48:36.0203 2936 InCDrec - ok
    18:48:36.0218 2936 ini910u - ok
    18:48:36.0296 2936 [ 60D7460B07012D364CED11DD9FD83E1F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    18:48:36.0359 2936 IntcAzAudAddService - ok
    18:48:36.0375 2936 IntelIde - ok
    18:48:36.0390 2936 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    18:48:36.0390 2936 intelppm - ok
    18:48:36.0406 2936 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    18:48:36.0406 2936 Ip6Fw - ok
    18:48:36.0421 2936 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    18:48:36.0421 2936 IpFilterDriver - ok
    18:48:36.0437 2936 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    18:48:36.0437 2936 IpInIp - ok
    18:48:36.0453 2936 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    18:48:36.0453 2936 IpNat - ok
    18:48:36.0468 2936 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    18:48:36.0484 2936 iPod Service - ok
    18:48:36.0500 2936 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    18:48:36.0515 2936 IPSec - ok
    18:48:36.0515 2936 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    18:48:36.0515 2936 IRENUM - ok
    18:48:36.0531 2936 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    18:48:36.0546 2936 isapnp - ok
    18:48:36.0562 2936 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
    18:48:36.0562 2936 Iviaspi - ok
    18:48:36.0578 2936 [ 6D53710E993F9DDFE5C8F2C048F3AE4D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
    18:48:36.0578 2936 JavaQuickStarterService - ok
    18:48:36.0593 2936 [ C995C0E8B4503FAC38793BB0236AD246 ] JGOGO C:\WINDOWS\system32\DRIVERS\JGOGO.sys
    18:48:36.0593 2936 JGOGO - ok
    18:48:36.0593 2936 [ F4A31E66A61C0783F51157519B03280B ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys
    18:48:36.0609 2936 JRAID - ok
    18:48:36.0609 2936 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    18:48:36.0609 2936 Kbdclass - ok
    18:48:36.0625 2936 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    18:48:36.0625 2936 kbdhid - ok
    18:48:36.0640 2936 [ EA26CB00F83686856F2C79673C00C686 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
    18:48:36.0640 2936 KL1 - ok
    18:48:36.0656 2936 [ 3D23639C3FDBC082AF7016A5C8829329 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
    18:48:36.0671 2936 KLIF - ok
    18:48:36.0671 2936 [ 05E5504E5E06F75F18BBEA7291601FE2 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
    18:48:36.0671 2936 klim5 - ok
    18:48:36.0687 2936 [ 7BE035A9C20F357DC765D6C7FDCDC964 ] klkbdflt C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
    18:48:36.0687 2936 klkbdflt - ok
    18:48:36.0703 2936 [ A8234A8F67B0565F74753FE88A7BF03D ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
    18:48:36.0703 2936 klmouflt - ok
    18:48:36.0703 2936 [ 53C0DF6C5139CB78A631E7AFCD893730 ] kltdi C:\WINDOWS\system32\DRIVERS\kltdi.sys
    18:48:36.0718 2936 kltdi - ok
    18:48:36.0718 2936 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    18:48:36.0718 2936 kmixer - ok
    18:48:36.0734 2936 [ 71A38C123600172511C26BFABD0EF579 ] kneps C:\WINDOWS\system32\DRIVERS\kneps.sys
    18:48:36.0734 2936 kneps - ok
    18:48:36.0750 2936 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    18:48:36.0750 2936 KSecDD - ok
    18:48:36.0765 2936 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    18:48:36.0765 2936 lanmanserver - ok
    18:48:36.0781 2936 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    18:48:36.0781 2936 lanmanworkstation - ok
    18:48:36.0796 2936 [ AC2E68E3421AF857B8D438414E7AE31C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    18:48:36.0812 2936 LightScribeService - ok
    18:48:36.0812 2936 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    18:48:36.0812 2936 LmHosts - ok
    18:48:36.0828 2936 [ D8C0B2EB928D57C928522EFF500C4BA8 ] ManyCam C:\WINDOWS\system32\DRIVERS\mcvidrv.sys
    18:48:36.0828 2936 ManyCam - ok
    18:48:36.0843 2936 [ 964BD01FD77026F93F15040027F6F579 ] mcaudrv_simple C:\WINDOWS\system32\drivers\mcaudrv.sys
    18:48:36.0843 2936 mcaudrv_simple - ok
    18:48:36.0859 2936 MDM - ok
    18:48:36.0859 2936 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    18:48:36.0875 2936 mdmxsdk - ok
    18:48:36.0875 2936 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    18:48:36.0875 2936 Messenger - ok
    18:48:36.0890 2936 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    18:48:36.0890 2936 mnmdd - ok
    18:48:36.0906 2936 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    18:48:36.0906 2936 mnmsrvc - ok
    18:48:36.0906 2936 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    18:48:36.0921 2936 Modem - ok
    18:48:36.0921 2936 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
    18:48:36.0921 2936 MODEMCSA - ok
    18:48:36.0937 2936 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    18:48:36.0937 2936 Mouclass - ok
    18:48:36.0953 2936 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    18:48:36.0953 2936 mouhid - ok
    18:48:36.0968 2936 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    18:48:36.0968 2936 MountMgr - ok
    18:48:36.0968 2936 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    18:48:36.0984 2936 MozillaMaintenance - ok
    18:48:36.0984 2936 mraid35x - ok
    18:48:37.0000 2936 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    18:48:37.0000 2936 MRxDAV - ok
    18:48:37.0015 2936 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    18:48:37.0031 2936 MRxSmb - ok
    18:48:37.0031 2936 [ B03E3F64B70F8031E65EB26DA23DE91A ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    18:48:37.0046 2936 MSCamSvc - ok
    18:48:37.0046 2936 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    18:48:37.0062 2936 MSDTC - ok
    18:48:37.0062 2936 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    18:48:37.0078 2936 Msfs - ok
    18:48:37.0078 2936 [ 7A0F9CBDBDB135113B9A3C138E20C85D ] MSHUSBVideo C:\WINDOWS\system32\Drivers\nx6000.sys
    18:48:37.0078 2936 MSHUSBVideo - ok
    18:48:37.0093 2936 MSIServer - ok
    18:48:37.0109 2936 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    18:48:37.0109 2936 MSKSSRV - ok
    18:48:37.0109 2936 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    18:48:37.0125 2936 MSPCLOCK - ok
    18:48:37.0125 2936 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    18:48:37.0125 2936 MSPQM - ok
    18:48:37.0140 2936 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    18:48:37.0156 2936 mssmbios - ok
    18:48:37.0156 2936 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    18:48:37.0156 2936 MSTEE - ok
    18:48:37.0171 2936 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
    18:48:37.0171 2936 ms_mpu401 - ok
    18:48:37.0187 2936 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
    18:48:37.0187 2936 MTsensor - ok
    18:48:37.0203 2936 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    18:48:37.0203 2936 Mup - ok
    18:48:37.0218 2936 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    18:48:37.0218 2936 NABTSFEC - ok
    18:48:37.0234 2936 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    18:48:37.0234 2936 napagent - ok
    18:48:37.0250 2936 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    18:48:37.0250 2936 NDIS - ok
    18:48:37.0265 2936 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    18:48:37.0265 2936 NdisIP - ok
    18:48:37.0281 2936 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    18:48:37.0281 2936 NdisTapi - ok
    18:48:37.0296 2936 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    18:48:37.0296 2936 Ndisuio - ok
    18:48:37.0296 2936 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    18:48:37.0312 2936 NdisWan - ok
    18:48:37.0312 2936 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    18:48:37.0328 2936 NDProxy - ok
    18:48:37.0343 2936 [ 0FF3C6AA3E0FE0EB316DF5449B569463 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    18:48:37.0359 2936 Nero BackItUp Scheduler 4.0 - ok
    18:48:37.0359 2936 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    18:48:37.0375 2936 Net Driver HPZ12 - ok
    18:48:37.0375 2936 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    18:48:37.0375 2936 NetBIOS - ok
    18:48:37.0390 2936 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    18:48:37.0390 2936 NetBT - ok
    18:48:37.0406 2936 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    18:48:37.0421 2936 NetDDE - ok
    18:48:37.0421 2936 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    18:48:37.0437 2936 NetDDEdsdm - ok
    18:48:37.0437 2936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    18:48:37.0453 2936 Netlogon - ok
    18:48:37.0453 2936 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    18:48:37.0468 2936 Netman - ok
    18:48:37.0468 2936 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:48:37.0484 2936 NetTcpPortSharing - ok
    18:48:37.0484 2936 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
    18:48:37.0484 2936 NIC1394 - ok
    18:48:37.0500 2936 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    18:48:37.0515 2936 Nla - ok
    18:48:37.0515 2936 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    18:48:37.0515 2936 Npfs - ok
    18:48:37.0546 2936 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    18:48:37.0546 2936 Ntfs - ok
    18:48:37.0562 2936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    18:48:37.0562 2936 NtLmSsp - ok
    18:48:37.0578 2936 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    18:48:37.0593 2936 NtmsSvc - ok
    18:48:37.0593 2936 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
    18:48:37.0609 2936 NuidFltr - ok
    18:48:37.0609 2936 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    18:48:37.0609 2936 Null - ok
    18:48:37.0812 2936 [ 18A012E8A546942E5AA45CA0D2F52FCB ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    18:48:37.0984 2936 nv - ok
    18:48:38.0000 2936 [ C03E15101F6D9E82CD9B0E7D715F5DE3 ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
    18:48:38.0015 2936 nvata - ok
    18:48:38.0031 2936 [ B9333604527E02CD2223F200C0BAE7E0 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    18:48:38.0031 2936 NVENETFD - ok
    18:48:38.0046 2936 [ 5E9E55F7EE644C7C5FD78A206FBE37AB ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    18:48:38.0046 2936 nvnetbus - ok
    18:48:38.0062 2936 [ B65CE56C36F573113FF2F6D0F07B7563 ] nvraid C:\WINDOWS\system32\DRIVERS\nvraid.sys
    18:48:38.0062 2936 nvraid - ok
    18:48:38.0078 2936 [ E3C0F0D0DB96BFF169B0D7C33E2BA1AA ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
    18:48:38.0078 2936 NVSvc - ok
    18:48:38.0093 2936 [ 4347E23182C51BBE6A1C95F91CBFDC5E ] NVWMI C:\WINDOWS\system32\nvwmi.exe
    18:48:38.0109 2936 NVWMI - ok
    18:48:38.0125 2936 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    18:48:38.0125 2936 NwlnkFlt - ok
    18:48:38.0125 2936 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    18:48:38.0140 2936 NwlnkFwd - ok
    18:48:38.0140 2936 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    18:48:38.0156 2936 ohci1394 - ok
    18:48:38.0156 2936 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:48:38.0171 2936 ose - ok
    18:48:38.0171 2936 [ 5CFBF86E0A98390EBA378A7E738F92E3 ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys
    18:48:38.0187 2936 ossrv - ok
    18:48:38.0203 2936 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    18:48:38.0203 2936 Parport - ok
    18:48:38.0218 2936 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    18:48:38.0218 2936 PartMgr - ok
    18:48:38.0234 2936 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    18:48:38.0234 2936 ParVdm - ok
    18:48:38.0250 2936 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    18:48:38.0250 2936 PCI - ok
    18:48:38.0265 2936 PCIDump - ok
    18:48:38.0265 2936 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    18:48:38.0265 2936 PCIIde - ok
    18:48:38.0281 2936 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    18:48:38.0281 2936 Pcmcia - ok
    18:48:38.0296 2936 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
    18:48:38.0296 2936 pcouffin - ok
    18:48:38.0312 2936 perc2 - ok
    18:48:38.0328 2936 perc2hib - ok
    18:48:38.0359 2936 [ 444F122E68DB44C0589227781F3C8B3F ] pfc C:\WINDOWS\system32\drivers\pfc.sys
    18:48:38.0359 2936 pfc - ok
    18:48:38.0375 2936 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    18:48:38.0375 2936 PlugPlay - ok
    18:48:38.0390 2936 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    18:48:38.0390 2936 Pml Driver HPZ12 - ok
    18:48:38.0406 2936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    18:48:38.0406 2936 PolicyAgent - ok
    18:48:38.0421 2936 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    18:48:38.0421 2936 PptpMiniport - ok
    18:48:38.0437 2936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    18:48:38.0437 2936 ProtectedStorage - ok
    18:48:38.0453 2936 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    18:48:38.0453 2936 PSched - ok
    18:48:38.0468 2936 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    18:48:38.0468 2936 Ptilink - ok
    18:48:38.0484 2936 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    18:48:38.0484 2936 PxHelp20 - ok
    18:48:38.0500 2936 ql1080 - ok
    18:48:38.0500 2936 Ql10wnt - ok
    18:48:38.0515 2936 ql12160 - ok
    18:48:38.0531 2936 ql1240 - ok
    18:48:38.0531 2936 ql1280 - ok
    18:48:38.0546 2936 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    18:48:38.0546 2936 RasAcd - ok
    18:48:38.0562 2936 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    18:48:38.0578 2936 RasAuto - ok
    18:48:38.0578 2936 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    18:48:38.0578 2936 Rasl2tp - ok
    18:48:38.0593 2936 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    18:48:38.0609 2936 RasMan - ok
    18:48:38.0609 2936 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    18:48:38.0609 2936 RasPppoe - ok
    18:48:38.0625 2936 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    18:48:38.0625 2936 Raspti - ok
    18:48:38.0640 2936 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    18:48:38.0640 2936 Rdbss - ok
    18:48:38.0656 2936 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    18:48:38.0656 2936 RDPCDD - ok
    18:48:38.0671 2936 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    18:48:38.0687 2936 rdpdr - ok
    18:48:38.0703 2936 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    18:48:38.0703 2936 RDPWD - ok
    18:48:38.0718 2936 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    18:48:38.0718 2936 RDSessMgr - ok
    18:48:38.0734 2936 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    18:48:38.0734 2936 redbook - ok
    18:48:38.0750 2936 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    18:48:38.0750 2936 RemoteAccess - ok
    18:48:38.0765 2936 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    18:48:38.0765 2936 RemoteRegistry - ok
    18:48:38.0781 2936 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
    18:48:38.0781 2936 ROOTMODEM - ok
    18:48:38.0796 2936 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    18:48:38.0796 2936 RpcLocator - ok
    18:48:38.0812 2936 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
    18:48:38.0812 2936 RpcSs - ok
    18:48:38.0828 2936 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    18:48:38.0828 2936 RSVP - ok
    18:48:38.0843 2936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    18:48:38.0843 2936 SamSs - ok
    18:48:38.0843 2936 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    18:48:38.0859 2936 SASDIFSV - ok
    18:48:38.0859 2936 [ 61DB0D0756A99506207FD724E3692B25 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    18:48:38.0859 2936 SASKUTIL - ok
    18:48:38.0875 2936 [ E5C587C0668F83E799D1C43BC53E5E37 ] SAVRKBootTasks C:\WINDOWS\system32\SAVRKBootTasks.sys
    18:48:38.0875 2936 SAVRKBootTasks - ok
    18:48:39.0000 2936 [ CA57D847403633D0D97114071B59C2B2 ] SbieDrv D:\Program Files\Sandboxie\SbieDrv.sys
    18:48:39.0000 2936 SbieDrv - ok
    18:48:39.0046 2936 [ 5CC11034A2E22DFF623BC922090AEBAB ] SbieSvc D:\Program Files\Sandboxie\SbieSvc.exe
    18:48:39.0046 2936 SbieSvc - ok
    18:48:39.0046 2936 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    18:48:39.0062 2936 SCardSvr - ok
    18:48:39.0062 2936 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    18:48:39.0078 2936 Schedule - ok
    18:48:39.0171 2936 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService D:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    18:48:39.0187 2936 SDScannerService - ok
    18:48:39.0218 2936 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService D:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    18:48:39.0218 2936 SDUpdateService - ok
    18:48:39.0250 2936 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService D:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    18:48:39.0250 2936 SDWSCService - ok
    18:48:39.0265 2936 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    18:48:39.0265 2936 Secdrv - ok
    18:48:39.0281 2936 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    18:48:39.0281 2936 seclogon - ok
    18:48:39.0296 2936 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    18:48:39.0296 2936 SENS - ok
    18:48:39.0312 2936 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    18:48:39.0312 2936 serenum - ok
    18:48:39.0328 2936 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    18:48:39.0328 2936 Serial - ok
    18:48:39.0359 2936 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    18:48:39.0359 2936 Sfloppy - ok
    18:48:39.0375 2936 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    18:48:39.0375 2936 SharedAccess - ok
    18:48:39.0390 2936 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    18:48:39.0390 2936 ShellHWDetection - ok
    18:48:39.0406 2936 Simbad - ok
    18:48:39.0421 2936 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    18:48:39.0437 2936 SLIP - ok
    18:48:39.0453 2936 Sparrow - ok
    18:48:39.0468 2936 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    18:48:39.0468 2936 splitter - ok
    18:48:39.0484 2936 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    18:48:39.0484 2936 Spooler - ok
    18:48:39.0500 2936 [ 48AAE4C5E13611ED49C68F06857FF930 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    18:48:39.0515 2936 SpyHunter 4 Service - ok
    18:48:39.0531 2936 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    18:48:39.0531 2936 sr - ok
    18:48:39.0546 2936 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    18:48:39.0546 2936 srservice - ok
    18:48:39.0562 2936 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    18:48:39.0562 2936 Srv - ok
    18:48:39.0578 2936 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    18:48:39.0578 2936 SSDPSRV - ok
    18:48:39.0593 2936 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
    18:48:39.0593 2936 StillCam - ok
    18:48:39.0609 2936 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    18:48:39.0625 2936 stisvc - ok
    18:48:39.0625 2936 stllssvr - ok
    18:48:39.0640 2936 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    18:48:39.0640 2936 streamip - ok
    18:48:39.0656 2936 [ 289ABD8C3E253CFFC230C785E082FA60 ] SWDUMon C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
    18:48:39.0656 2936 SWDUMon - ok
    18:48:39.0671 2936 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    18:48:39.0671 2936 swenum - ok
    18:48:39.0687 2936 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    18:48:39.0687 2936 swmidi - ok
    18:48:39.0703 2936 SwPrv - ok
    18:48:39.0718 2936 symc810 - ok
    18:48:39.0734 2936 symc8xx - ok
    18:48:39.0750 2936 sym_hi - ok
    18:48:39.0750 2936 sym_u3 - ok
    18:48:39.0765 2936 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    18:48:39.0765 2936 sysaudio - ok
    18:48:39.0781 2936 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    18:48:39.0781 2936 SysmonLog - ok
    18:48:39.0812 2936 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    18:48:39.0812 2936 TapiSrv - ok
    18:48:39.0828 2936 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    18:48:39.0843 2936 Tcpip - ok
    18:48:39.0843 2936 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    18:48:39.0859 2936 TDPIPE - ok
    18:48:39.0859 2936 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    18:48:39.0875 2936 TDTCP - ok
    18:48:39.0875 2936 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    18:48:39.0890 2936 TermDD - ok
    18:48:39.0890 2936 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    18:48:39.0906 2936 TermService - ok
    18:48:39.0921 2936 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    18:48:39.0921 2936 Themes - ok
    18:48:39.0937 2936 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    18:48:39.0937 2936 TlntSvr - ok
    18:48:39.0953 2936 TosIde - ok
    18:48:39.0953 2936 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    18:48:39.0968 2936 TrkWks - ok
    18:48:39.0984 2936 TSJSRS - ok
    18:48:40.0000 2936 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    18:48:40.0000 2936 Udfs - ok
    18:48:40.0015 2936 ultra - ok
    18:48:40.0031 2936 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    18:48:40.0046 2936 Update - ok
    18:48:40.0062 2936 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    18:48:40.0062 2936 upnphost - ok
    18:48:40.0078 2936 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    18:48:40.0078 2936 UPS - ok
    18:48:40.0093 2936 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
    18:48:40.0093 2936 USBAAPL - ok
    18:48:40.0109 2936 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    18:48:40.0109 2936 usbaudio - ok
    18:48:40.0125 2936 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    18:48:40.0125 2936 usbccgp - ok
    18:48:40.0140 2936 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    18:48:40.0140 2936 usbehci - ok
    18:48:40.0156 2936 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    18:48:40.0156 2936 usbhub - ok
    18:48:40.0171 2936 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
    18:48:40.0171 2936 usbohci - ok
    18:48:40.0187 2936 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    18:48:40.0187 2936 usbprint - ok
    18:48:40.0203 2936 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    18:48:40.0203 2936 usbscan - ok
    18:48:40.0218 2936 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys
    18:48:40.0218 2936 usbser - ok
    18:48:40.0234 2936 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    18:48:40.0234 2936 USBSTOR - ok
    18:48:40.0250 2936 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    18:48:40.0250 2936 usbvideo - ok
    18:48:40.0265 2936 [ B4D7B7AD8A9F7C063C5CC3E2C1A0724E ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    18:48:40.0265 2936 usb_rndisx - ok
    18:48:40.0281 2936 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    18:48:40.0281 2936 VgaSave - ok
    18:48:40.0296 2936 ViaIde - ok
    18:48:40.0296 2936 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    18:48:40.0312 2936 VolSnap - ok
    18:48:40.0328 2936 [ 0354BA3A5BA5E28CC247EB5F5DD8793C ] vsdatant C:\WINDOWS\system32\vsdatant.sys
    18:48:40.0328 2936 vsdatant - ok
    18:48:40.0359 2936 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    18:48:40.0359 2936 VSS - ok
    18:48:40.0375 2936 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    18:48:40.0390 2936 W32Time - ok
    18:48:40.0406 2936 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    18:48:40.0406 2936 Wanarp - ok
    18:48:40.0421 2936 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
    18:48:40.0437 2936 WDC_SAM - ok
    18:48:40.0453 2936 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    18:48:40.0453 2936 Wdf01000 - ok
    18:48:40.0468 2936 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    18:48:40.0468 2936 wdmaud - ok
    18:48:40.0484 2936 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    18:48:40.0484 2936 WebClient - ok
    18:48:40.0515 2936 [ 35104D888A90EBC18F71FDC2374D2BB9 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_USR.sys
    18:48:40.0515 2936 winachsf - ok
    18:48:40.0546 2936 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    18:48:40.0546 2936 winmgmt - ok
    18:48:40.0578 2936 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
    18:48:40.0593 2936 WinRM - ok
    18:48:40.0656 2936 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    18:48:40.0656 2936 WmdmPmSN - ok
    18:48:40.0671 2936 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    18:48:40.0687 2936 Wmi - ok
    18:48:40.0703 2936 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    18:48:40.0703 2936 WmiApSrv - ok
    18:48:40.0734 2936 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    18:48:40.0734 2936 WMPNetworkSvc - ok
    18:48:40.0750 2936 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    18:48:40.0765 2936 WpdUsb - ok
    18:48:40.0765 2936 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    18:48:40.0781 2936 WS2IFSL - ok
    18:48:40.0781 2936 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    18:48:40.0796 2936 wscsvc - ok
    18:48:40.0812 2936 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    18:48:40.0812 2936 WSTCODEC - ok
    18:48:40.0828 2936 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    18:48:40.0828 2936 wuauserv - ok
    18:48:40.0843 2936 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    18:48:40.0843 2936 WudfPf - ok
    18:48:40.0859 2936 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    18:48:40.0859 2936 WudfRd - ok
    18:48:40.0875 2936 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    18:48:40.0875 2936 WudfSvc - ok
    18:48:40.0906 2936 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    18:48:40.0906 2936 WZCSVC - ok
    18:48:40.0921 2936 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    18:48:40.0921 2936 xmlprov - ok
    18:48:40.0937 2936 ZWKKQGF - ok
    18:48:41.0031 2936 ================ Scan global ===============================
    18:48:41.0031 2936 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    18:48:41.0046 2936 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    18:48:41.0062 2936 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    18:48:41.0078 2936 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    18:48:41.0078 2936 [Global] - ok
    18:48:41.0078 2936 ================ Scan MBR ==================================
    18:48:41.0078 2936 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk4\DR4
    18:48:41.0609 2936 \Device\Harddisk4\DR4 - ok
    18:48:41.0609 2936 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
    18:48:41.0812 2936 \Device\Harddisk3\DR3 - ok
    18:48:41.0828 2936 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    18:48:42.0250 2936 \Device\Harddisk0\DR0 - ok
    18:48:42.0250 2936 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    18:48:42.0640 2936 \Device\Harddisk1\DR1 - ok
    18:48:42.0640 2936 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
    18:48:43.0000 2936 \Device\Harddisk2\DR2 - ok
    18:48:43.0000 2936 [ 988D3C46CBD13EC7F482B833C55264C8 ] \Device\Harddisk5\DR10
    18:48:43.0515 2936 \Device\Harddisk5\DR10 - ok
    18:48:43.0515 2936 ================ Scan VBR ==================================
    18:48:43.0515 2936 [ EC344EA8A4F8C7BFC284909E99D34902 ] \Device\Harddisk4\DR4\Partition1
    18:48:43.0515 2936 \Device\Harddisk4\DR4\Partition1 - ok
    18:48:43.0515 2936 [ BAECBB54D003E5F2C5CCE61E21AF8D0D ] \Device\Harddisk3\DR3\Partition1
    18:48:43.0531 2936 \Device\Harddisk3\DR3\Partition1 - ok
    18:48:43.0531 2936 [ 6DD5E96E8B3B960C7980FB324EF00E23 ] \Device\Harddisk0\DR0\Partition1
    18:48:43.0531 2936 \Device\Harddisk0\DR0\Partition1 - ok
    18:48:43.0531 2936 [ D5CB73AE40CB0CC684E75947E4D3F073 ] \Device\Harddisk1\DR1\Partition1
    18:48:43.0531 2936 \Device\Harddisk1\DR1\Partition1 - ok
    18:48:43.0546 2936 [ 6E103E03B8B0B9E1FE4406DAC22A2FDD ] \Device\Harddisk2\DR2\Partition1
    18:48:43.0546 2936 \Device\Harddisk2\DR2\Partition1 - ok
    18:48:43.0546 2936 [ DDF211A61161C3A78EE76D496F9FA992 ] \Device\Harddisk5\DR10\Partition1
    18:48:43.0546 2936 \Device\Harddisk5\DR10\Partition1 - ok
    18:48:43.0546 2936 ============================================================
    18:48:43.0546 2936 Scan finished
    18:48:43.0546 2936 ============================================================
    18:48:43.0562 1108 Detected object count: 0
    18:48:43.0562 1108 Actual detected object count: 0

  9. #19
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Not really familiar with Winpatrol but cant it be used to prevent the change before it happens? Does it provide anymore info like what initiated the change? No luck with TDSSkiller, may as well try Malwarebytes Anti-Rootkit:

    Download the beta version of Malwarebytes Anti-rootkit to your desktop.
    Read the Disclaimer since this is a Beta version

    Download Malwarebytes Anti-Rootkit from the link to the right.
    Unzip the contents to a folder in a convenient location.
    Open the folder where the contents were unzipped and run mbar.exe
    Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    Wait while the system shuts down and the cleanup process is performed.
    Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

    Internet access
    Windows Update
    Windows Firewall

    If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
    Verify that your system is now functioning normally.

    Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
    Copy and paste the contents of these two log files in your next reply.

    After the above you can do a online scan with ESET

    These directions are old and probably outdated, but Iam sure you can manage to get a scan done:

    Use Internet Explorer
    check "YES" to accept terms
    click start button
    allow the ActiveX component to install
    click the start button. the Scanner will update.
    check both "Remove found threats" and "Scan archives" Leave the defaults checked under Advanced settings
    click scan. When it completes click "List found threats"
    click "Export to text file.." and save it to your desktop. Post the saved log.
    Click "back" and "finish"

    I wont be back online for 18 hours or so.
    How Can I Reduce My Risk?

  10. #20
    Junior Member
    Join Date
    Mar 2013
    Posts
    18

    Default Having a hard time...

    Below logs were from when all was running good except that I could not run Windows Update. Enabled BITS to try and repair update and issues began again. Something is re-triggering the malware.... Running ESET again. Will post results.

    System.log:

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1021

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_38

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, I:\ DRIVE_FIXED, P:\ DRIVE_FIXED
    CPU speed: 3.360000 GHz
    Memory total: 3219623936, free: 2373488640

    ------------ Kernel report ------------
    03/25/2013 09:56:48
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    imagesrv.sys
    kl1.sys
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    PartMgr.sys
    nvraid.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    VolSnap.sys
    atapi.sys
    nvata.sys
    jraid.sys
    \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    asahxp32.sys
    imagedrv.sys
    disk.sys
    fltmgr.sys
    sr.sys
    PxHelp20.sys
    KSecDD.sys
    WudfPf.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    JGOGO.sys
    EUBKMON.sys
    eubakup.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\nv4_mini.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\System32\Drivers\AnyDVD.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\nic1394.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\nvnetbus.sys
    \SystemRoot\system32\DRIVERS\NVNRM.SYS
    \SystemRoot\system32\DRIVERS\NVSNPU.SYS
    \SystemRoot\system32\DRIVERS\ASACPI.sys
    \SystemRoot\system32\DRIVERS\klim5.sys
    \SystemRoot\system32\DRIVERS\klflt.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\rdpdr.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\NVENETFD.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\RtkHDAud.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\klif.sys
    \??\C:\WINDOWS\system32\SAVRKBootTasks.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\WINDOWS\system32\drivers\avgtpx86.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\kltdi.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\drivers\ws2ifsl.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\arp1394.sys
    \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\kneps.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \??\C:\WINDOWS\system32\drivers\EuFdDisk.sys
    \??\C:\WINDOWS\system32\drivers\eudskacs.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\dot4usb.sys
    \SystemRoot\system32\DRIVERS\Dot4.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\klkbdflt.sys
    \SystemRoot\system32\DRIVERS\Dot4Prt.sys
    \SystemRoot\system32\DRIVERS\NuidFltr.sys
    \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    \SystemRoot\system32\DRIVERS\Wdf01000.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\klmouflt.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\system32\DRIVERS\HPZius12.sys
    \SystemRoot\system32\DRIVERS\HPZid412.sys
    \SystemRoot\system32\DRIVERS\HPZipr12.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_asahxp32.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\nv4_disp.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\System32\Drivers\ParVdm.SYS
    \SystemRoot\System32\Drivers\ElbyCDIO.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    \WINDOWS\system32\kernel32.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk5\DR10
    Upper Device Object: 0xffffffff8b2ca030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000009b\
    Lower Device Object: 0xffffffff8ac75670
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    Initialization returned 0x0
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR4
    Upper Device Object: 0xffffffff8b2ceab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Scsi\asahxp321Port5Path0Target0Lun0\
    Lower Device Object: 0xffffffff8b30aa38
    Lower Device Driver Name: \Driver\asahxp32\
    Driver name found: asahxp32
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\WINDOWS\system32\drivers\scsiport.sys (0x0)
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xffffffff8b3087e8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Scsi\JRAID1Port4Path0Target0Lun0\
    Lower Device Object: 0xffffffff8b391a38
    Lower Device Driver Name: \Driver\JRAID\
    Driver name found: JRAID
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\WINDOWS\system32\drivers\scsiport.sys (0x0)
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xffffffff8b308030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000089\
    Lower Device Object: 0xffffffff8b290030
    Lower Device Driver Name: \Driver\nvata\
    Driver name found: nvata
    Initialization returned 0x0
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff8b3098a0
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000086\
    Lower Device Object: 0xffffffff8b2ba030
    Lower Device Driver Name: \Driver\nvata\
    Driver name found: nvata
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8b309030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000085\
    Lower Device Object: 0xffffffff8b30c030
    Lower Device Driver Name: \Driver\nvata\
    Driver name found: nvata
    Downloaded database version: v2013.03.25.10
    Initializing...
    Done!
    <<<2>>>
    Device number: 4, partition: 1
    Physical Sector Size: 512
    Drive: 4, DevicePointer: 0xffffffff8b2ceab8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b2ce890, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b2ceab8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b30aa38, DeviceName: \Device\Scsi\asahxp321Port5Path0Target0Lun0\, DriverName: \Driver\asahxp32\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe54eb110, 0xffffffff8b2ceab8, 0xffffffff89509230
    Lower DeviceData: 0xffffffffe132a8c8, 0xffffffff8b30aa38, 0xffffffff896390b0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    <<<2>>>
    Device number: 4, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8b309030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b309e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b309030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b390ac0, DeviceName: \Device\00000087\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8b30c030, DeviceName: \Device\00000085\, DriverName: \Driver\nvata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe50d30d8, 0xffffffff8b309030, 0xffffffff89a1d8d0
    Lower DeviceData: 0xffffffffe498bfd0, 0xffffffff8b30c030, 0xffffffff8951eb68
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: F0D95948

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 976768002
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff8b3098a0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b309678, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b3098a0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b3a32b0, DeviceName: \Device\00000088\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8b2ba030, DeviceName: \Device\00000086\, DriverName: \Driver\nvata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe4950b90, 0xffffffff8b3098a0, 0xffffffff8955d318
    Lower DeviceData: 0xffffffffe53fc528, 0xffffffff8b2ba030, 0xffffffff89ee7b10
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 5CEE4027

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 1953520002
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xffffffff8b308030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b308e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b308030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b27ef18, DeviceName: \Device\0000008b\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8b290030, DeviceName: \Device\00000089\, DriverName: \Driver\nvata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe34e3f98, 0xffffffff8b308030, 0xffffffff8976e8e0
    Lower DeviceData: 0xffffffffe35bf918, 0xffffffff8b290030, 0xffffffff8b1dfd18
    Drive 2
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 8AD0619A

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 1953520002
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Physical Sector Size: 512
    Drive: 3, DevicePointer: 0xffffffff8b3087e8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b2ce020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b3087e8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b3938f8, DeviceName: Unknown, DriverName: \Driver\JGOGO\
    DevicePointer: 0xffffffff8b391a38, DeviceName: \Device\Scsi\JRAID1Port4Path0Target0Lun0\, DriverName: \Driver\JRAID\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe4aa9d00, 0xffffffff8b3087e8, 0xffffffff89b698d8
    Lower DeviceData: 0xffffffffe53f8170, 0xffffffff8b391a38, 0xffffffff89c37b10
    Drive 3
    Scanning MBR on drive 3...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 8424C816

    Partition information:

    Partition 0 type is Other (0x6)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 1953520002
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Drive 4
    Scanning MBR on drive 4...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 510C9D64

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 234440696
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 120034124288 bytes
    Sector size: 512 bytes

    Physical Sector Size: 512
    Drive: 5, DevicePointer: 0xffffffff8b2ca030, DeviceName: \Device\Harddisk5\DR10\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8accc7f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b2ca030, DeviceName: \Device\Harddisk5\DR10\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8ac75670, DeviceName: \Device\0000009b\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk5\DR10\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe57c41e0, 0xffffffff8b2ca030, 0xffffffff8a1ab158
    Lower DeviceData: 0xffffffffe4d52250, 0xffffffff8ac75670, 0xffffffff8a373040
    Drive 5
    Scanning MBR on drive 5...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 8D399BC0

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 976768002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1021

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_38

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, I:\ DRIVE_FIXED, P:\ DRIVE_FIXED
    CPU speed: 3.360000 GHz
    Memory total: 3219623936, free: 2604408832

    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1021

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_38

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, I:\ DRIVE_FIXED, P:\ DRIVE_FIXED
    CPU speed: 3.360000 GHz
    Memory total: 3219623936, free: 2067292160

    ------------ Kernel report ------------
    03/27/2013 08:52:22
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    imagesrv.sys
    kl1.sys
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    PartMgr.sys
    nvraid.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    pavboot.sys
    VolSnap.sys
    atapi.sys
    nvata.sys
    jraid.sys
    \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    asahxp32.sys
    imagedrv.sys
    disk.sys
    fltmgr.sys
    PxHelp20.sys
    KSecDD.sys
    WudfPf.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    JGOGO.sys
    EUBKMON.sys
    eubakup.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\nv4_mini.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\System32\Drivers\AnyDVD.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\nic1394.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\nvnetbus.sys
    \SystemRoot\system32\DRIVERS\NVNRM.SYS
    \SystemRoot\system32\DRIVERS\NVSNPU.SYS
    \SystemRoot\system32\DRIVERS\ASACPI.sys
    \SystemRoot\system32\DRIVERS\klim5.sys
    \SystemRoot\system32\DRIVERS\klflt.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\rdpdr.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\NVENETFD.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\RtkHDAud.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\klif.sys
    \??\C:\WINDOWS\system32\SAVRKBootTasks.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\WINDOWS\system32\drivers\avgtpx86.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\kltdi.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\drivers\ws2ifsl.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\arp1394.sys
    \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\kneps.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \??\C:\WINDOWS\system32\drivers\EuFdDisk.sys
    \??\C:\WINDOWS\system32\drivers\eudskacs.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\dot4usb.sys
    \SystemRoot\system32\DRIVERS\Dot4.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\klkbdflt.sys
    \SystemRoot\system32\DRIVERS\Dot4Prt.sys
    \SystemRoot\system32\DRIVERS\NuidFltr.sys
    \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    \SystemRoot\system32\DRIVERS\Wdf01000.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\klmouflt.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\system32\DRIVERS\HPZius12.sys
    \SystemRoot\system32\DRIVERS\HPZid412.sys
    \SystemRoot\system32\DRIVERS\HPZipr12.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_asahxp32.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\nv4_disp.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\System32\Drivers\ParVdm.SYS
    \SystemRoot\System32\Drivers\ElbyCDIO.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    \WINDOWS\system32\kernel32.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk5\DR10
    Upper Device Object: 0xffffffff8b341ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000009c\
    Lower Device Object: 0xffffffff8ad45888
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    Initialization returned 0x0
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR4
    Upper Device Object: 0xffffffff8b361030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Scsi\asahxp321Port5Path0Target0Lun0\
    Lower Device Object: 0xffffffff8b396a38
    Lower Device Driver Name: \Driver\asahxp32\
    Driver name found: asahxp32
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\WINDOWS\system32\drivers\scsiport.sys (0x0)
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xffffffff8b2fb8a0
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Scsi\JRAID1Port4Path0Target0Lun0\
    Lower Device Object: 0xffffffff8b30ea38
    Lower Device Driver Name: \Driver\JRAID\
    Driver name found: JRAID
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\WINDOWS\system32\drivers\scsiport.sys (0x0)
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xffffffff8b2fb030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000008a\
    Lower Device Object: 0xffffffff8b362030
    Lower Device Driver Name: \Driver\nvata\
    Driver name found: nvata
    Initialization returned 0x0
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff8b330ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000087\
    Lower Device Object: 0xffffffff8b3aa030
    Lower Device Driver Name: \Driver\nvata\
    Driver name found: nvata
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8b330030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000086\
    Lower Device Object: 0xffffffff8b2da030
    Lower Device Driver Name: \Driver\nvata\
    Driver name found: nvata
    Downloaded database version: v2013.03.27.05
    Downloaded database version: v2013.03.25.01
    Initializing...
    Done!
    <<<2>>>
    Device number: 4, partition: 1
    Physical Sector Size: 512
    Drive: 4, DevicePointer: 0xffffffff8b361030, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b361db0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b361030, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b396a38, DeviceName: \Device\Scsi\asahxp321Port5Path0Target0Lun0\, DriverName: \Driver\asahxp32\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe4579d98, 0xffffffff8b361030, 0xffffffff8887e680
    Lower DeviceData: 0xffffffffeeb7c318, 0xffffffff8b396a38, 0xffffffff89956330
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    <<<2>>>
    Device number: 4, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8b330030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b396718, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b330030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b30bac0, DeviceName: \Device\00000088\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8b2da030, DeviceName: \Device\00000086\, DriverName: \Driver\nvata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffffffff2f05bd0, 0xffffffff8b330030, 0xffffffff880d6248
    Lower DeviceData: 0xffffffffe79df690, 0xffffffff8b2da030, 0xffffffff88351438
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: F0D95948

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 976768002
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff8b330ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b330890, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b330ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b30caf8, DeviceName: \Device\00000089\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8b3aa030, DeviceName: \Device\00000087\, DriverName: \Driver\nvata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffffffff0fe23c0, 0xffffffff8b330ab8, 0xffffffff877f3ab8
    Lower DeviceData: 0xffffffffedcc6620, 0xffffffff8b3aa030, 0xffffffff89b215d0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 5CEE4027

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 1953520002
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xffffffff8b2fb030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b2fbe08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b2fb030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b2fcf18, DeviceName: \Device\0000008c\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8b362030, DeviceName: \Device\0000008a\, DriverName: \Driver\nvata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe978c4a8, 0xffffffff8b2fb030, 0xffffffff87a7d5e8
    Lower DeviceData: 0xffffffffeb733768, 0xffffffff8b362030, 0xffffffff87ddfd80
    Drive 2
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 8AD0619A

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 1953520002
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Physical Sector Size: 512
    Drive: 3, DevicePointer: 0xffffffff8b2fb8a0, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b2fb678, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b2fb8a0, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b3988f8, DeviceName: Unknown, DriverName: \Driver\JGOGO\
    DevicePointer: 0xffffffff8b30ea38, DeviceName: \Device\Scsi\JRAID1Port4Path0Target0Lun0\, DriverName: \Driver\JRAID\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe57f6700, 0xffffffff8b2fb8a0, 0xffffffff875f36c8
    Lower DeviceData: 0xffffffffe3d17a40, 0xffffffff8b30ea38, 0xffffffff87de98b0
    Drive 3
    Scanning MBR on drive 3...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 8424C816

    Partition information:

    Partition 0 type is Other (0x6)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 1953520002
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Drive 4
    Scanning MBR on drive 4...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 510C9D64

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 234440696
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 120034124288 bytes
    Sector size: 512 bytes

    Physical Sector Size: 512
    Drive: 5, DevicePointer: 0xffffffff8b341ab8, DeviceName: \Device\Harddisk5\DR10\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8acf47f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b341ab8, DeviceName: \Device\Harddisk5\DR10\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8ad45888, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk5\DR10\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe605bec0, 0xffffffff8b341ab8, 0xffffffff881712c8
    Lower DeviceData: 0xffffffffe9ee1408, 0xffffffff8ad45888, 0xffffffff885d0368
    Drive 5
    Scanning MBR on drive 5...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 8D399BC0

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 976768002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================


    mbar-log-2013-03-27 (09-01-23).txt

    Malwarebytes Anti-Rootkit BETA 1.01.0.1021
    www.malwarebytes.org

    Database version: v2013.03.27.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Ray :: RIGHTWINXP [administrator]

    3/27/2013 9:01:23 AM
    mbar-log-2013-03-27 (09-01-23).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 28145
    Time elapsed: 8 minute(s), 27 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    ESET.txt

    C:\Documents and Settings\Ray\My Documents\FreeWAVToMP3ConverterSetup.exe a variant of Win32/Agent.SZW trojan cleaned by deleting - quarantined
    C:\Documents and Settings\Ray\My Documents\PDF995\HCB004F5\Pdf995_Script.exe probably unknown NewHeur_PE virus deleted - quarantined
    C:\Documents and Settings\Ray\My Documents\PDF995\HCB00554\Pdf995_Script.exe probably unknown NewHeur_PE virus deleted - quarantined
    D:\DESKTOP n FAVORITES from SSD\My Documents\FreeWAVToMP3ConverterSetup.exe a variant of Win32/Agent.SZW trojan cleaned by deleting - quarantined
    D:\DESKTOP n FAVORITES from SSD\My Documents\PDF995\HCB004F5\Pdf995_Script.exe probably unknown NewHeur_PE virus deleted - quarantined
    D:\DESKTOP n FAVORITES from SSD\My Documents\PDF995\HCB00554\Pdf995_Script.exe probably unknown NewHeur_PE virus deleted - quarantined
    I:\C Drive Copy\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
    I:\C Drive Copy\Documents and Settings\Ray\Application Data\Sun\Java\Deployment\cache\6.0\25\6bc1819-222517b9 a variant of Java/TrojanDownloader.OpenStream.NCP trojan cleaned by deleting - quarantined
    I:\C Drive Copy\Documents and Settings\Ray\My Documents\FreeWAVToMP3ConverterSetup.exe a variant of Win32/Agent.SZW trojan cleaned by deleting - quarantined
    I:\C Drive Copy\Documents and Settings\Ray\My Documents\PDF995\HCB004F5\Pdf995_Script.exe probably unknown NewHeur_PE virus deleted - quarantined
    I:\C Drive Copy\Documents and Settings\Ray\My Documents\PDF995\HCB00554\Pdf995_Script.exe probably unknown NewHeur_PE virus deleted - quarantined

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •