Inactive Random Mouse clicking sound after start up

webgal · 2012/07/03

[Inactive] Random Mouse clicking sound after start up

For the last 10 days or so, I have been noticing random mouse clicking sounds after a few minutes after starting up windows(mine is Windows XP).

This last for may be 20-30 sec, that's it. Then I noticed my Firefox taking longer to respond and also there is typing delay in email editor.

On the whole, my pc is now slow.

Four days back, avast scan showed infections and i removed them. Then the next day, there was no sound. But now it is back again but avast full scan is not showing any threats/infections now.

I will follow the instructions as in this thread ( http://www.windowsbbs.com/malware-virus-removal/announcements.html ) and will post the logs subsequently.

PeteC · 2012/07/04

Welcome to WindowsBBS

As a new member with less than 10 posts any post you make which contains a URL requires approval (moderation) before it is visible. So do not despair if you do not immediately see your post!

webgal · 2012/07/04

Thanks for the fast approval, Pete. I thought, all new members need approval for their first post to show up.

I will shortly update the thread with the logs..

PeteC · 2012/07/04

I thought, all new members need approval for their first post to show up.
Click to expand...

You will need approval on your first 9 posts should they include URL's - which some logs will contain

webgal · 2012/07/04

Avast Scan didn't show any threats today also.

Here is the Malware bytes log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.05.01

Windows XP Service Pack 2 x86 FAT32
Internet Explorer 6.0.2900.2180
user :: COMP [administrator]

7/4/2012 9:12:18 PM
mbam-log-2012-07-04 (21-12-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188338
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

webgal · 2012/07/05

Pasting Gmer log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-04 21:42:57
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c ST380215A rev.3.AAD
Running: gmer.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pxtdqpoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA9E953DE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA9E94B32]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA9E9526A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA9E95172]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA9E94686]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA9E94C78]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA9E9458A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA9E94608]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA9E94DA8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA9E95338]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA9E94CEA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA9E94FA6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA9EA1744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA9EA156E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA9EA16A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 265C 80501360 4 Bytes JMP DEA9E94C
PAGE ntkrnlpa.exe!ZwLoadDriver 8057832A 7 Bytes JMP A9EA16A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 8059F23E 7 Bytes JMP A9EA1572 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B073A 5 Bytes JMP A9E9E61C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B7428 5 Bytes JMP A9EA00FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C5C32 7 Bytes JMP A9EA1748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[124] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[124] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[452] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[504] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[560] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[560] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[868] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[868] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[892] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[936] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[936] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[948] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[948] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1228] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1228] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1308] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1424] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\igfxtray.exe[1444] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\igfxtray.exe[1444] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[1448] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[1448] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[1468] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[1468] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[1472] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[1472] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[1508] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[1508] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1568] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[1604] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[1604] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[1612] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[1612] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe[1620] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe[1620] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1648] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1648] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1692] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1692] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1716] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1716] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Skype\Phone\Skype.exe[1728] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Skype\Phone\Skype.exe[1728] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1844] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1844] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1844] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1892] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2024] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2024] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Documents and Settings\user\Desktop\gmer.exe[2060] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\user\Desktop\gmer.exe[2060] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3504] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3504] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[936] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[936] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000
IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[1648] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\user\My Documents\Downloads\Jay Abraham & Rich Schefren - Maven Marketing Bootcamp\Jay Abraham & Rich Schefren - Maven Marketing Bootcamp\Jay Abraham & Rich Schefren - Maven Marketing Bootcamp.part12\Jay Abraham & Rich Schefren - Maven Marketing Bootcamp\BONUS SOFTWARE
File C:\Documents and Settings\user\My Documents\Downloads\Jay Abraham & Rich Schefren - Maven Marketing Bootcamp\Jay Abraham & Rich Schefren - Maven Marketing Bootcamp\Jay Abraham & Rich Schefren - Maven Marketing Bootcamp.part12\Jay Abraham & Rich Schefren - Maven Marketing Bootcamp\BONUS SOFTWARE\MM70-E-472_Viewer.msi

---- EOF - GMER 1.0.15 ----

webgal · 2012/07/05

Pasting aswMBR log: (done quick scan)

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-04 21:51:48
-----------------------------
21:51:48.343 OS Version: Windows 5.1.2600 Service Pack 2
21:51:48.343 Number of processors: 1 586 0x401
21:51:48.343 ComputerName: COMP UserName: user
21:51:49.015 Initialize success
21:51:49.796 AVAST engine defs: 12070401
21:51:53.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
21:51:53.578 Disk 0 Vendor: ST380215A 3.AAD Size: 76319MB BusType: 3
21:51:53.609 Disk 0 MBR read successfully
21:51:53.609 Disk 0 MBR scan
21:51:53.609 Disk 0 Windows XP default MBR code
21:51:53.609 Disk 0 Partition 1 80 (A) 0C FAT32 LBA MSDOS5.0 20002 MB offset 63
21:51:53.609 Disk 0 Partition - 00 0F Extended LBA 56313 MB offset 40965750
21:51:53.640 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 24999 MB offset 40965813
21:51:53.640 Disk 0 Partition - 00 05 Extended 31314 MB offset 92164905
21:51:53.671 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 31314 MB offset 92164968
21:51:53.687 Disk 0 scanning sectors +156296385
21:51:53.749 Disk 0 scanning C:\WINDOWS\system32\drivers
21:52:01.296 Service scanning
21:52:17.562 Modules scanning
21:52:30.203 Disk 0 trace - called modules:
21:52:30.218 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:52:30.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8657cab8]
21:52:30.234 3 CLASSPNP.SYS[f75ff05b] -> nt!IofCallDriver -> \Device\00000067[0x86581f18]
21:52:30.234 5 ACPI.sys[f7495620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-c[0x86560b00]
21:52:30.890 AVAST engine scan C:\WINDOWS
21:52:37.937 AVAST engine scan C:\WINDOWS\system32
21:53:51.562 AVAST engine scan C:\WINDOWS\system32\drivers
21:54:03.812 AVAST engine scan C:\Documents and Settings\user
21:59:17.609 AVAST engine scan C:\Documents and Settings\All Users
21:59:27.718 Scan finished successfully
22:09:48.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\My Documents\MBR.dat "
22:09:48.546 The log file has been saved successfully to "C:\Documents and Settings\user\My Documents\aswMBR.txt "
22:09:59.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat "
22:09:59.296 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt "

Pasting DDS log - dds.text:

.
DDS (Ver_2011-08-26.01) - FAT32x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.4.1
Run by user at 22:10:30 on 2012-07-04
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.557 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [aswAhAScr.dll] "c:\program files\avast software\avast\aswregsvr.exe" "c:\program files\avast software\avast\AhAScr.dll "
mRunOnce: [aswasOutExt.dll] "c:\program files\avast software\avast\aswregsvr.exe" "c:\program files\avast software\avast\asOutExt.dll "
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{14C8F20A-C46E-4A82-B5DC-16F29A18A6FE} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\y36bse3w.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-5-15 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-5-15 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-5-15 44808]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2012-4-27 517632]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-5-15 721000]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-3-23 1684736]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 113120]
S4 Dacmaccs;Dacmaccs; [x]
.
=============== Created Last 30 ================
.
2012-07-05 03:28:03 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2012-07-05 03:27:52 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-05 03:27:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-05 03:27:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-03 02:10:11 -------- d-----w- c:\documents and settings\user\WINDOWS
2012-07-03 02:09:52 -------- d-----w- C:\Softbook
2012-07-01 19:07:30 -------- d-sh--w- C:\FOUND.001
2012-06-29 05:58:01 -------- d-----w- c:\program files\Citrix
2012-06-29 05:56:08 60304 ----a-w- c:\documents and settings\user\g2mdlhlpx.exe
2012-06-23 04:35:06 -------- d-----w- c:\documents and settings\all users\application data\DesktopServer
2012-06-23 02:52:34 -------- d-sh--w- C:\FOUND.000
2012-06-21 16:03:54 -------- d-----w- C:\xampplite
2012-06-20 15:50:34 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-06-06 17:37:23 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-06 17:37:23 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-07-03 16:21:54 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-06-19 02:31:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-19 02:31:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-16 06:51:38 772552 ----a-w- c:\windows\system32\npDeployJava1.dll
.
============= FINISH: 22:12:57.89 ===============

webgal · 2012/07/05

Pasting DDS Log- attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/22/2012 2:46:34 PM
System Uptime: 7/4/2012 7:55:18 PM (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5KPL-AM/PS
Processor: Intel(R) Pentium(R) 4 CPU 2.93GHz | Socket 775 | 2934/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (FAT32) - 20 GiB total, 7.441 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 24 GiB total, 22.562 GiB free.
F: is FIXED (NTFS) - 31 GiB total, 19.241 GiB free.
G: is FIXED (NTFS) - 298 GiB total, 184.935 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&CF81C54&0&00F0
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&CF81C54&0&00F0
Service: rtl8139
.
==== System Restore Points ===================
.
RP57: 6/21/2012 8:49:48 PM - System Checkpoint
RP58: 6/22/2012 11:20:40 PM - System Checkpoint
RP59: 6/26/2012 2:01:03 AM - System Checkpoint
RP60: 6/27/2012 1:53:48 PM - System Checkpoint
RP61: 6/28/2012 10:45:19 PM - System Checkpoint
RP62: 6/30/2012 9:15:33 AM - System Checkpoint
RP63: 7/1/2012 9:46:03 AM - Removed Facebook Video Calling 1.2.0.159
RP64: 7/2/2012 12:24:25 PM - System Checkpoint
RP65: 7/2/2012 7:09:03 PM - How Your Body Works Installation
RP66: 7/4/2012 5:52:23 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe PageMaker 7.0
Adobe Photoshop CS
Adobe Reader 9.2
avast! Free Antivirus
Belkin 54Mbps Wireless Network Adapter
Camtasia Studio 7
Edraw Max 6.1
Google Chrome
High Definition Audio Driver Package - KB888111
How Your Body Works
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 7 Update 4
JavaFX 2.1.0
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 2.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mobipocket Reader 6.2
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Nero 7 Essentials
neroxml
PrimoPDF -- brought to you by Nitro PDF Software
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Skype Click to Call
Skype™ 5.9
Snagit 9.1
VLC media player 0.9.9
WebFldrs XP
Windows Media Format Runtime
WinRAR archiver
WinZip 15.0
XMind
.
==== Event Viewer Messages From Past Week ========
.
7/5/2012 8:35:48 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually

configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket

operation was attempted to an unreachable host. (0x80072751)
7/4/2012 6:47:29 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.

Reference error message: Insufficient system resources exist to complete the requested service. .
7/4/2012 6:47:29 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\CRYPTUI.dll.

Reference error message: The operation completed successfully. .
7/4/2012 5:52:23 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while

processing the file 'change.log' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
7/2/2012 7:32:19 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
7/2/2012 7:21:07 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
7/1/2012 12:08:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed

to load: aswSnx
.
==== End Of File ===========================

broni · 2012/07/05

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

webgal · 2012/07/06

Combofix is getting hang and nothing happens for more than one hour after reaching a particular point.

I think .. I have messed up. I run combofix two times. I am sorry...

First time, it started.. and installed recovery console and scanning stated. All stages were completed and it deleted two files from G:/
And started deleting folders..then a pop up came and asked something like
" pux.exe needs some changes..press continue to proceed" [or puf.exe]
and I thought it came from the combofix..and I pressed continue. Then only it came to me that it may be something else. oops!
And the whole system simply went blank, expect the wallpaper and the combofix.

I waited for 30 or so minutes and nothing changed. So I restarted the system. And I was worried.

And after restarting, there was system file verification. I once again deactivated all antivirus, connected internet (thought it might need any downloading as before) and run combofix again.

And it got hang after around 7 minutes. I waited for more than 1.5 hours and nothing changed. No reports got generated. May be it is because of what I did earlier. Or should I have waited for more time?
(I am working from home and I have some tasks that need to be completed today...so to be frank, my patience was thin )
I restarted the computer after this.

I know I have not followed the instructions properly.Sorry. Please tell me what to do next. And I thank you and really appreciate the work that you do here..Broni.

Here is what was on combofix's screen second time. I copied it.

Scanning for infected files . . .
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double

Completed Stage_1
Completed Stage_2
Completed Stage_3
Completed Stage_4
Completed Stage_5
Completed Stage_6
Completed Stage_6A
Completed Stage_7
Completed Stage_8
Completed Stage_9
Completed Stage_10
Completed Stage_11
Completed Stage_12
Completed Stage_13
Completed Stage_14
Completed Stage_15
Completed Stage_16
Completed Stage_17
Completed Stage_18
Completed Stage_19
Completed Stage_19B
Completed Stage_20
Completed Stage_21
Completed Stage_22
Completed Stage_23
Completed Stage_24
Completed Stage_25
Completed Stage_26
Completed Stage_27
Completed Stage_28
Completed Stage_29
Completed Stage_30
Completed Stage_31
Completed Stage_32
Completed Stage_32A
Completed Stage_33
Completed Stage_34
Completed Stage_35
Completed Stage_36
Completed Stage_37
Completed Stage_38
Completed Stage_39
Completed Stage_40
Completed Stage_41
Completed Stage_42
Completed Stage_43
Completed Stage_44
Completed Stage_45
Completed Stage_46
Completed Stage_47
Completed Stage_48
Completed Stage_49
Completed Stage_50

Deleting Folders:

C:\Documents and Settings\user\WINDOWS

broni · 2012/07/06

Try to re-run it from safe mode.

webgal · 2012/07/10

Sorry for the delay in posting reply.

I was not able to start the system in safe mode the normal way (pressing f8 while starting up).
It gave errors. I will attach the screenshot I took from my camera.

Then after following one thread at bleepingcomputer.com (using msconfig command in run), I was able to start the system in safe mode.

I started combofix and during the process I got a pop up saying pev.exe has encountered a problem and need to close. Please tell Microsoft about this problem..the usual window pop up when something gets closed in between.

(screenshot taken from camera attached)

And after that combofix got kind of hung. Nothing is happening just like before. After one hour I closed it.. and made changes to msconfig and restarted the system the normal way.

What to do next?

broni · 2012/07/10

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

webgal · 2012/07/11

Here is the TDSSKiller report:

15:07:05.0531 5816 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
15:07:07.0531 5816 ============================================================
15:07:07.0531 5816 Current date / time: 2012/07/11 15:07:07.0531
15:07:07.0531 5816 SystemInfo:
15:07:07.0531 5816
15:07:07.0531 5816 OS Version: 5.1.2600 ServicePack: 2.0
15:07:07.0531 5816 Product type: Workstation
15:07:07.0531 5816 ComputerName: COMP
15:07:07.0531 5816 UserName: user
15:07:07.0531 5816 Windows directory: C:\WINDOWS
15:07:07.0531 5816 System windows directory: C:\WINDOWS
15:07:07.0531 5816 Processor architecture: Intel x86
15:07:07.0531 5816 Number of processors: 1
15:07:07.0531 5816 Page size: 0x1000
15:07:07.0531 5816 Boot type: Normal boot
15:07:07.0531 5816 ============================================================
15:07:08.0562 5816 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:07:08.0562 5816 Drive \Device\Harddisk1\DR4 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:07:12.0125 5816 ============================================================
15:07:12.0125 5816 \Device\Harddisk0\DR0:
15:07:12.0140 5816 MBR partitions:
15:07:12.0140 5816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x2711637
15:07:12.0140 5816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x30D3C74
15:07:12.0156 5816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x57E5368, BlocksNum 0x3D29159
15:07:12.0156 5816 \Device\Harddisk1\DR4:
15:07:12.0156 5816 MBR partitions:
15:07:12.0156 5816 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
15:07:12.0156 5816 ============================================================
15:07:12.0171 5816 C: <-> \Device\Harddisk0\DR0\Partition0
15:07:12.0234 5816 E: <-> \Device\Harddisk0\DR0\Partition1
15:07:12.0250 5816 F: <-> \Device\Harddisk0\DR0\Partition2
15:07:12.0500 5816 G: <-> \Device\Harddisk1\DR4\Partition0
15:07:12.0500 5816 ============================================================
15:07:12.0500 5816 Initialize success
15:07:12.0500 5816 ============================================================
15:08:39.0093 2768 ============================================================
15:08:39.0093 2768 Scan started
15:08:39.0093 2768 Mode: Manual;
15:08:39.0093 2768 ============================================================
15:08:39.0625 2768 Aavmker4 (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
15:08:39.0625 2768 Aavmker4 - ok
15:08:39.0640 2768 Abiosdsk - ok
15:08:39.0640 2768 abp480n5 - ok
15:08:39.0687 2768 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:08:39.0703 2768 ACPI - ok
15:08:39.0734 2768 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:08:39.0734 2768 ACPIEC - ok
15:08:39.0781 2768 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:08:39.0828 2768 Adobe LM Service - ok
15:08:39.0828 2768 adpu160m - ok
15:08:39.0875 2768 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
15:08:39.0890 2768 aec - ok
15:08:39.0921 2768 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:08:39.0937 2768 AegisP - ok
15:08:39.0953 2768 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
15:08:39.0953 2768 AFD - ok
15:08:39.0968 2768 Aha154x - ok
15:08:39.0968 2768 aic78u2 - ok
15:08:39.0984 2768 aic78xx - ok
15:08:40.0031 2768 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
15:08:40.0031 2768 Alerter - ok
15:08:40.0078 2768 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
15:08:40.0078 2768 ALG - ok
15:08:40.0093 2768 AliIde - ok
15:08:40.0203 2768 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
15:08:40.0265 2768 Ambfilt - ok
15:08:40.0265 2768 amsint - ok
15:08:40.0296 2768 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
15:08:40.0312 2768 AppMgmt - ok
15:08:40.0328 2768 asc - ok
15:08:40.0328 2768 asc3350p - ok
15:08:40.0343 2768 asc3550 - ok
15:08:40.0421 2768 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:08:40.0421 2768 aspnet_state - ok
15:08:40.0453 2768 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:08:40.0453 2768 aswFsBlk - ok
15:08:40.0500 2768 aswMon2 (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
15:08:40.0500 2768 aswMon2 - ok
15:08:40.0531 2768 AswRdr (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\AswRdr.sys
15:08:40.0531 2768 AswRdr - ok
15:08:40.0593 2768 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
15:08:40.0640 2768 aswSnx - ok
15:08:40.0687 2768 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
15:08:40.0703 2768 aswSP - ok
15:08:40.0718 2768 aswTdi (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
15:08:40.0718 2768 aswTdi - ok
15:08:40.0750 2768 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:08:40.0750 2768 AsyncMac - ok
15:08:40.0781 2768 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:08:40.0796 2768 atapi - ok
15:08:40.0796 2768 Atdisk - ok
15:08:40.0828 2768 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:08:40.0828 2768 Atmarpc - ok
15:08:40.0890 2768 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
15:08:40.0890 2768 AudioSrv - ok
15:08:40.0906 2768 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:08:40.0906 2768 audstub - ok
15:08:40.0984 2768 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:08:40.0984 2768 avast! Antivirus - ok
15:08:41.0015 2768 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:08:41.0031 2768 Beep - ok
15:08:41.0109 2768 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
15:08:41.0156 2768 BITS - ok
15:08:41.0203 2768 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
15:08:41.0218 2768 Browser - ok
15:08:41.0265 2768 catchme - ok
15:08:41.0281 2768 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:08:41.0281 2768 cbidf2k - ok
15:08:41.0312 2768 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:08:41.0312 2768 CCDECODE - ok
15:08:41.0328 2768 cd20xrnt - ok
15:08:41.0343 2768 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:08:41.0343 2768 Cdaudio - ok
15:08:41.0375 2768 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
15:08:41.0375 2768 Cdfs - ok
15:08:41.0390 2768 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:08:41.0390 2768 Cdrom - ok
15:08:41.0406 2768 Changer - ok
15:08:41.0437 2768 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
15:08:41.0453 2768 CiSvc - ok
15:08:41.0468 2768 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
15:08:41.0468 2768 ClipSrv - ok
15:08:41.0531 2768 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:08:41.0531 2768 clr_optimization_v2.0.50727_32 - ok
15:08:41.0546 2768 CmdIde - ok
15:08:41.0593 2768 COMSysApp - ok
15:08:41.0609 2768 Cpqarray - ok
15:08:41.0656 2768 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
15:08:41.0656 2768 CryptSvc - ok
15:08:41.0671 2768 dac2w2k - ok
15:08:41.0671 2768 dac960nt - ok
15:08:41.0734 2768 DcomLaunch (5c83a4408604f737717ab96371201680) C:\WINDOWS\system32\rpcss.dll
15:08:41.0750 2768 DcomLaunch - ok
15:08:41.0781 2768 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
15:08:41.0796 2768 Dhcp - ok
15:08:41.0812 2768 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
15:08:41.0828 2768 Disk - ok
15:08:41.0843 2768 dmadmin - ok
15:08:41.0906 2768 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
15:08:41.0921 2768 dmboot - ok
15:08:41.0953 2768 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
15:08:41.0968 2768 dmio - ok
15:08:41.0968 2768 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:08:41.0968 2768 dmload - ok
15:08:42.0000 2768 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
15:08:42.0015 2768 dmserver - ok
15:08:42.0046 2768 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
15:08:42.0046 2768 DMusic - ok
15:08:42.0093 2768 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
15:08:42.0109 2768 Dnscache - ok
15:08:42.0109 2768 dpti2o - ok
15:08:42.0140 2768 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
15:08:42.0140 2768 drmkaud - ok
15:08:42.0171 2768 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
15:08:42.0171 2768 ERSvc - ok
15:08:42.0203 2768 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
15:08:42.0218 2768 Eventlog - ok
15:08:42.0250 2768 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS\system32\es.dll
15:08:42.0250 2768 EventSystem - ok
15:08:42.0281 2768 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
15:08:42.0296 2768 Fastfat - ok
15:08:42.0328 2768 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
15:08:42.0343 2768 FastUserSwitchingCompatibility - ok
15:08:42.0359 2768 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:08:42.0359 2768 Fdc - ok
15:08:42.0390 2768 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
15:08:42.0390 2768 Fips - ok
15:08:42.0406 2768 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:08:42.0406 2768 Flpydisk - ok
15:08:42.0437 2768 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:08:42.0453 2768 FltMgr - ok
15:08:42.0453 2768 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:08:42.0468 2768 Fs_Rec - ok
15:08:42.0484 2768 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:08:42.0484 2768 Ftdisk - ok
15:08:42.0531 2768 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:08:42.0531 2768 Gpc - ok
15:08:42.0562 2768 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:08:42.0562 2768 HDAudBus - ok
15:08:42.0609 2768 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:08:42.0609 2768 helpsvc - ok
15:08:42.0687 2768 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
15:08:42.0703 2768 HidServ - ok
15:08:42.0734 2768 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:08:42.0734 2768 hidusb - ok
15:08:42.0734 2768 hpn - ok
15:08:42.0781 2768 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
15:08:42.0796 2768 HTTP - ok
15:08:42.0843 2768 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
15:08:42.0859 2768 HTTPFilter - ok
15:08:42.0859 2768 i2omgmt - ok
15:08:42.0875 2768 i2omp - ok
15:08:42.0890 2768 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:08:42.0890 2768 i8042prt - ok
15:08:43.0156 2768 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:08:43.0296 2768 ialm - ok
15:08:43.0359 2768 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:08:43.0359 2768 Imapi - ok
15:08:43.0406 2768 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
15:08:43.0421 2768 ImapiService - ok
15:08:43.0453 2768 InCDfs (b02a8a25192ee1c5e653628637ab6aaa) C:\WINDOWS\system32\drivers\InCDFs.sys
15:08:43.0468 2768 InCDfs - ok
15:08:43.0484 2768 InCDPass (b49bd5b663e1af9bf3233b782b70d865) C:\WINDOWS\system32\drivers\InCDPass.sys
15:08:43.0484 2768 InCDPass - ok
15:08:43.0531 2768 InCDrec (8fd364edbd97983575cee3e8909e62b4) C:\WINDOWS\system32\drivers\InCDrec.sys
15:08:43.0531 2768 InCDrec - ok
15:08:43.0546 2768 incdrm (fc04e827133d54ab79ca254708f76cd0) C:\WINDOWS\system32\drivers\InCDRm.sys
15:08:43.0546 2768 incdrm - ok
15:08:43.0703 2768 InCDsrv (067020bb8abf1f6b80361051b2806c90) C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
15:08:43.0750 2768 InCDsrv - ok
15:08:43.0765 2768 ini910u - ok
15:08:44.0015 2768 IntcAzAudAddService (c89535b2d7b42fe402ac4b20d9908249) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:08:44.0156 2768 IntcAzAudAddService - ok
15:08:44.0187 2768 IntelIde - ok
15:08:44.0218 2768 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:08:44.0218 2768 intelppm - ok
15:08:44.0250 2768 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:08:44.0250 2768 Ip6Fw - ok
15:08:44.0265 2768 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:08:44.0265 2768 IpFilterDriver - ok
15:08:44.0281 2768 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:08:44.0281 2768 IpInIp - ok
15:08:44.0328 2768 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:08:44.0328 2768 IpNat - ok
15:08:44.0359 2768 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:08:44.0359 2768 IPSec - ok
15:08:44.0390 2768 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:08:44.0390 2768 IRENUM - ok
15:08:44.0421 2768 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:08:44.0421 2768 isapnp - ok
15:08:44.0484 2768 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
15:08:44.0500 2768 JavaQuickStarterService - ok
15:08:44.0515 2768 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:08:44.0515 2768 Kbdclass - ok
15:08:44.0546 2768 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:08:44.0546 2768 kbdhid - ok
15:08:44.0578 2768 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
15:08:44.0593 2768 kmixer - ok
15:08:44.0625 2768 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
15:08:44.0625 2768 KSecDD - ok
15:08:44.0671 2768 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll
15:08:44.0687 2768 lanmanserver - ok
15:08:44.0734 2768 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS\System32\wkssvc.dll
15:08:44.0750 2768 lanmanworkstation - ok
15:08:44.0765 2768 lbrtfdc - ok
15:08:44.0812 2768 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
15:08:44.0812 2768 LmHosts - ok
15:08:44.0859 2768 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
15:08:44.0875 2768 Messenger - ok
15:08:44.0921 2768 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:08:44.0921 2768 Microsoft Office Groove Audit Service - ok
15:08:44.0937 2768 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:08:44.0937 2768 mnmdd - ok
15:08:45.0015 2768 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
15:08:45.0031 2768 mnmsrvc - ok
15:08:45.0046 2768 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
15:08:45.0046 2768 Modem - ok
15:08:45.0140 2768 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
15:08:45.0187 2768 Monfilt - ok
15:08:45.0218 2768 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:08:45.0218 2768 Mouclass - ok
15:08:45.0250 2768 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:08:45.0250 2768 mouhid - ok
15:08:45.0296 2768 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
15:08:45.0296 2768 MountMgr - ok
15:08:45.0328 2768 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:08:45.0359 2768 MozillaMaintenance - ok
15:08:45.0375 2768 mraid35x - ok
15:08:45.0406 2768 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:08:45.0421 2768 MRxDAV - ok
15:08:45.0437 2768 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:08:45.0453 2768 MRxSmb - ok
15:08:45.0546 2768 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
15:08:45.0562 2768 MSDTC - ok
15:08:45.0578 2768 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
15:08:45.0578 2768 Msfs - ok
15:08:45.0625 2768 MSIServer - ok
15:08:45.0656 2768 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:08:45.0656 2768 MSKSSRV - ok
15:08:45.0671 2768 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:08:45.0671 2768 MSPCLOCK - ok
15:08:45.0687 2768 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
15:08:45.0687 2768 MSPQM - ok
15:08:45.0703 2768 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:08:45.0703 2768 mssmbios - ok
15:08:45.0734 2768 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
15:08:45.0734 2768 MSTEE - ok
15:08:45.0765 2768 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
15:08:45.0765 2768 MTsensor - ok
15:08:45.0781 2768 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
15:08:45.0781 2768 Mup - ok
15:08:45.0812 2768 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:08:45.0828 2768 NABTSFEC - ok
15:08:45.0937 2768 NBService (5836b9e91863a00ec1b8e785efd86ecb) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
15:08:45.0968 2768 NBService - ok
15:08:45.0984 2768 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
15:08:46.0000 2768 NDIS - ok
15:08:46.0015 2768 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:08:46.0015 2768 NdisIP - ok
15:08:46.0031 2768 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:08:46.0031 2768 NdisTapi - ok
15:08:46.0062 2768 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:08:46.0078 2768 Ndisuio - ok
15:08:46.0109 2768 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:08:46.0125 2768 NdisWan - ok
15:08:46.0156 2768 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
15:08:46.0156 2768 NDProxy - ok
15:08:46.0171 2768 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:08:46.0171 2768 NetBIOS - ok
15:08:46.0203 2768 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:08:46.0203 2768 NetBT - ok
15:08:46.0234 2768 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
15:08:46.0250 2768 NetDDE - ok
15:08:46.0265 2768 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
15:08:46.0265 2768 NetDDEdsdm - ok
15:08:46.0296 2768 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
15:08:46.0312 2768 Netlogon - ok
15:08:46.0359 2768 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
15:08:46.0375 2768 Netman - ok
15:08:46.0406 2768 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS\System32\mswsock.dll
15:08:46.0421 2768 Nla - ok
15:08:46.0500 2768 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
15:08:46.0515 2768 NMIndexingService - ok
15:08:46.0531 2768 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
15:08:46.0531 2768 Npfs - ok
15:08:46.0562 2768 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
15:08:46.0593 2768 Ntfs - ok
15:08:46.0609 2768 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
15:08:46.0609 2768 NtLmSsp - ok
15:08:46.0656 2768 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
15:08:46.0687 2768 NtmsSvc - ok
15:08:46.0718 2768 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:08:46.0718 2768 Null - ok
15:08:46.0750 2768 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:08:46.0750 2768 NwlnkFlt - ok
15:08:46.0750 2768 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:08:46.0765 2768 NwlnkFwd - ok
15:08:46.0843 2768 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:08:46.0859 2768 odserv - ok
15:08:46.0906 2768 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:08:46.0921 2768 ose - ok
15:08:46.0953 2768 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
15:08:46.0953 2768 Parport - ok
15:08:46.0968 2768 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
15:08:46.0968 2768 PartMgr - ok
15:08:47.0000 2768 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:08:47.0000 2768 ParVdm - ok
15:08:47.0031 2768 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
15:08:47.0031 2768 PCI - ok
15:08:47.0031 2768 PCIDump - ok
15:08:47.0046 2768 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:08:47.0046 2768 PCIIde - ok
15:08:47.0078 2768 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:08:47.0093 2768 Pcmcia - ok
15:08:47.0109 2768 PDCOMP - ok
15:08:47.0125 2768 PDFRAME - ok
15:08:47.0125 2768 PDRELI - ok
15:08:47.0140 2768 PDRFRAME - ok
15:08:47.0156 2768 perc2 - ok
15:08:47.0156 2768 perc2hib - ok
15:08:47.0203 2768 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
15:08:47.0218 2768 PlugPlay - ok
15:08:47.0234 2768 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
15:08:47.0234 2768 PolicyAgent - ok
15:08:47.0265 2768 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:08:47.0265 2768 PptpMiniport - ok
15:08:47.0281 2768 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
15:08:47.0296 2768 ProtectedStorage - ok
15:08:47.0312 2768 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
15:08:47.0312 2768 PSched - ok
15:08:47.0312 2768 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:08:47.0312 2768 Ptilink - ok
15:08:47.0328 2768 ql1080 - ok
15:08:47.0343 2768 Ql10wnt - ok
15:08:47.0359 2768 ql12160 - ok
15:08:47.0359 2768 ql1240 - ok
15:08:47.0375 2768 ql1280 - ok
15:08:47.0406 2768 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:08:47.0406 2768 RasAcd - ok
15:08:47.0453 2768 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
15:08:47.0468 2768 RasAuto - ok
15:08:47.0484 2768 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:08:47.0484 2768 Rasl2tp - ok
15:08:47.0531 2768 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
15:08:47.0546 2768 RasMan - ok
15:08:47.0562 2768 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:08:47.0578 2768 RasPppoe - ok
15:08:47.0578 2768 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:08:47.0578 2768 Raspti - ok
15:08:47.0609 2768 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:08:47.0609 2768 Rdbss - ok
15:08:47.0625 2768 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:08:47.0640 2768 RDPCDD - ok
15:08:47.0656 2768 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:08:47.0671 2768 rdpdr - ok
15:08:47.0718 2768 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
15:08:47.0718 2768 RDPWD - ok
15:08:47.0765 2768 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
15:08:47.0781 2768 RDSessMgr - ok
15:08:47.0796 2768 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:08:47.0812 2768 redbook - ok
15:08:47.0828 2768 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
15:08:47.0843 2768 RemoteAccess - ok
15:08:47.0875 2768 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
15:08:47.0890 2768 RemoteRegistry - ok
15:08:47.0937 2768 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
15:08:47.0953 2768 RpcLocator - ok
15:08:48.0000 2768 RpcSs (5c83a4408604f737717ab96371201680) C:\WINDOWS\system32\rpcss.dll
15:08:48.0000 2768 RpcSs - ok
15:08:48.0031 2768 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:08:48.0046 2768 RSVP - ok
15:08:48.0109 2768 rt2870 (c2a6f7f35e617744a65dbfb0c0a64adc) C:\WINDOWS\system32\DRIVERS\rt2870.sys
15:08:48.0125 2768 rt2870 - ok
15:08:48.0187 2768 RT73 (4f153709d0691c6de8c9a4c5e813907c) C:\WINDOWS\system32\DRIVERS\rt73.sys
15:08:48.0203 2768 RT73 - ok
15:08:48.0218 2768 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:08:48.0218 2768 rtl8139 - ok
15:08:48.0250 2768 RTLE8023xp (b0e1648aae1e59bdd0854af07a605399) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
15:08:48.0265 2768 RTLE8023xp - ok
15:08:48.0281 2768 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
15:08:48.0281 2768 SamSs - ok
15:08:48.0328 2768 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
15:08:48.0343 2768 SCardSvr - ok
15:08:48.0406 2768 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
15:08:48.0421 2768 Schedule - ok
15:08:48.0453 2768 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:08:48.0453 2768 Secdrv - ok
15:08:48.0484 2768 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
15:08:48.0500 2768 seclogon - ok
15:08:48.0515 2768 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
15:08:48.0515 2768 SENS - ok
15:08:48.0531 2768 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:08:48.0546 2768 serenum - ok
15:08:48.0562 2768 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
15:08:48.0562 2768 Serial - ok
15:08:48.0593 2768 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:08:48.0593 2768 Sfloppy - ok
15:08:48.0640 2768 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
15:08:48.0656 2768 SharedAccess - ok
15:08:48.0687 2768 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
15:08:48.0687 2768 ShellHWDetection - ok
15:08:48.0703 2768 Simbad - ok
15:08:48.0796 2768 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe
15:08:48.0828 2768 SkypeUpdate - ok
15:08:48.0859 2768 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:08:48.0859 2768 SLIP - ok
15:08:48.0875 2768 Sparrow - ok
15:08:48.0890 2768 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
15:08:48.0890 2768 splitter - ok
15:08:48.0921 2768 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
15:08:48.0921 2768 Spooler - ok
15:08:48.0953 2768 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
15:08:48.0953 2768 sr - ok
15:08:48.0984 2768 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
15:08:49.0015 2768 srservice - ok
15:08:49.0046 2768 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
15:08:49.0062 2768 Srv - ok
15:08:49.0109 2768 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
15:08:49.0125 2768 SSDPSRV - ok
15:08:49.0171 2768 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
15:08:49.0187 2768 stisvc - ok
15:08:49.0218 2768 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:08:49.0218 2768 streamip - ok
15:08:49.0250 2768 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:08:49.0250 2768 swenum - ok
15:08:49.0265 2768 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
15:08:49.0281 2768 swmidi - ok
15:08:49.0328 2768 SwPrv - ok
15:08:49.0328 2768 symc810 - ok
15:08:49.0343 2768 symc8xx - ok
15:08:49.0359 2768 sym_hi - ok
15:08:49.0375 2768 sym_u3 - ok
15:08:49.0390 2768 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
15:08:49.0390 2768 sysaudio - ok
15:08:49.0453 2768 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
15:08:49.0468 2768 SysmonLog - ok
15:08:49.0500 2768 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
15:08:49.0515 2768 TapiSrv - ok
15:08:49.0562 2768 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:08:49.0562 2768 Tcpip - ok
15:08:49.0593 2768 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:08:49.0609 2768 TDPIPE - ok
15:08:49.0609 2768 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
15:08:49.0609 2768 TDTCP - ok
15:08:49.0640 2768 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:08:49.0640 2768 TermDD - ok
15:08:49.0703 2768 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
15:08:49.0734 2768 TermService - ok
15:08:49.0781 2768 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
15:08:49.0781 2768 Themes - ok
15:08:49.0828 2768 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
15:08:49.0828 2768 TlntSvr - ok
15:08:49.0843 2768 TosIde - ok
15:08:49.0875 2768 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
15:08:49.0890 2768 TrkWks - ok
15:08:49.0921 2768 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
15:08:49.0921 2768 Udfs - ok
15:08:49.0921 2768 ultra - ok
15:08:49.0968 2768 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
15:08:49.0984 2768 UMWdf - ok
15:08:50.0015 2768 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
15:08:50.0015 2768 Update - ok
15:08:50.0062 2768 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
15:08:50.0078 2768 upnphost - ok
15:08:50.0109 2768 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
15:08:50.0109 2768 UPS - ok
15:08:50.0140 2768 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:08:50.0140 2768 usbccgp - ok
15:08:50.0171 2768 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:08:50.0171 2768 usbehci - ok
15:08:50.0187 2768 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:08:50.0187 2768 usbhub - ok
15:08:50.0234 2768 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:08:50.0234 2768 usbprint - ok
15:08:50.0250 2768 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:08:50.0265 2768 USBSTOR - ok
15:08:50.0281 2768 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:08:50.0281 2768 usbuhci - ok
15:08:50.0296 2768 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:08:50.0296 2768 usbvideo - ok
15:08:50.0328 2768 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
15:08:50.0328 2768 VgaSave - ok
15:08:50.0343 2768 ViaIde - ok
15:08:50.0359 2768 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
15:08:50.0359 2768 VolSnap - ok
15:08:50.0406 2768 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
15:08:50.0421 2768 VSS - ok
15:08:50.0468 2768 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
15:08:50.0468 2768 W32Time - ok
15:08:50.0500 2768 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:08:50.0500 2768 Wanarp - ok
15:08:50.0515 2768 WDICA - ok
15:08:50.0531 2768 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
15:08:50.0546 2768 wdmaud - ok
15:08:50.0593 2768 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
15:08:50.0609 2768 WebClient - ok
15:08:50.0640 2768 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:08:50.0656 2768 winmgmt - ok
15:08:50.0703 2768 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
15:08:50.0718 2768 WmdmPmSN - ok
15:08:50.0765 2768 Wmi (1aff244ca134956c54474f4e2433e4ce) C:\WINDOWS\System32\advapi32.dll
15:08:50.0812 2768 Wmi - ok
15:08:50.0859 2768 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:08:50.0859 2768 WmiApSrv - ok
15:08:50.0890 2768 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:08:50.0890 2768 WS2IFSL - ok
15:08:50.0921 2768 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
15:08:50.0937 2768 wscsvc - ok
15:08:50.0968 2768 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:08:50.0968 2768 WSTCODEC - ok
15:08:51.0000 2768 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
15:08:51.0015 2768 wuauserv - ok
15:08:51.0078 2768 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
15:08:51.0109 2768 WZCSVC - ok
15:08:51.0140 2768 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
15:08:51.0156 2768 xmlprov - ok
15:08:51.0203 2768 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:08:51.0625 2768 \Device\Harddisk0\DR0 - ok
15:08:51.0921 2768 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR4
15:08:51.0984 2768 \Device\Harddisk1\DR4 - ok
15:08:52.0000 2768 Boot (0x1200) (d2990a997a2755b93c2a5473c1ad5325) \Device\Harddisk0\DR0\Partition0
15:08:52.0015 2768 \Device\Harddisk0\DR0\Partition0 - ok
15:08:52.0031 2768 Boot (0x1200) (93a000e68cce6ad4712e692cc7e4e5ac) \Device\Harddisk0\DR0\Partition1
15:08:52.0031 2768 \Device\Harddisk0\DR0\Partition1 - ok
15:08:52.0062 2768 Boot (0x1200) (a469976cc0d69cd16a1b856a5a37ca62) \Device\Harddisk0\DR0\Partition2
15:08:52.0062 2768 \Device\Harddisk0\DR0\Partition2 - ok
15:08:52.0140 2768 Boot (0x1200) (a54edf0d25cb781c260e6c87e359f6f9) \Device\Harddisk1\DR4\Partition0
15:08:52.0406 2768 \Device\Harddisk1\DR4\Partition0 - ok
15:08:52.0406 2768 ============================================================
15:08:52.0406 2768 Scan finished
15:08:52.0406 2768 ============================================================
15:08:52.0437 2288 Detected object count: 0
15:08:52.0437 2288 Actual detected object count: 0

broni · 2012/07/11

Download RogueKiller on the desktop

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

webgal · 2012/07/11

Roguekiller log:

RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: user [Admin rights]
Mode: Scan -- Date: 07/12/2012 21:33:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED

¤¤¤ Particular Files / Folders: ¤¤¤
[Faked.Drv][FAKED] wmilib.sys : c:\windows\system32\drivers\wmilib.sys --> CANNOT FIX
[Faked.Drv][FAKED] dmload.sys : c:\windows\system32\drivers\dmload.sys --> CANNOT FIX
[Faked.Drv][FAKED] ftdisk.sys : c:\windows\system32\drivers\ftdisk.sys --> CANNOT FIX
[Faked.Drv][FAKED] partmgr.sys : c:\windows\system32\drivers\partmgr.sys --> CANNOT FIX
[Faked.Drv][FAKED] ndistapi.sys : c:\windows\system32\drivers\ndistapi.sys --> CANNOT FIX
[Faked.Drv][FAKED] ptilink.sys : c:\windows\system32\drivers\ptilink.sys --> CANNOT FIX
[Faked.Drv][FAKED] raspti.sys : c:\windows\system32\drivers\raspti.sys --> CANNOT FIX
[Faked.Drv][FAKED] ndproxy.sys : c:\windows\system32\drivers\ndproxy.sys --> CANNOT FIX
[Faked.Drv][FAKED] cdaudio.sys : c:\windows\system32\drivers\cdaudio.sys --> CANNOT FIX
[Faked.Drv][FAKED] fs_rec.sys : c:\windows\system32\drivers\fs_rec.sys --> CANNOT FIX
[Faked.Drv][FAKED] null.sys : c:\windows\system32\drivers\null.sys --> CANNOT FIX
[Faked.Drv][FAKED] beep.sys : c:\windows\system32\drivers\beep.sys --> CANNOT FIX
[Faked.Drv][FAKED] rdpcdd.sys : c:\windows\system32\drivers\rdpcdd.sys --> CANNOT FIX
[Faked.Drv][FAKED] rasacd.sys : c:\windows\system32\drivers\rasacd.sys --> CANNOT FIX
[Faked.Drv][FAKED] fips.sys : c:\windows\system32\drivers\fips.sys --> CANNOT FIX
[Faked.Drv][FAKED] dxgthk.sys : c:\windows\system32\drivers\dxgthk.sys --> CANNOT FIX
[Faked.Drv][FAKED] parvdm.sys : c:\windows\system32\drivers\parvdm.sys --> CANNOT FIX
[Faked.Drv][FAKED] atmepvc.sys : c:\windows\system32\drivers\atmepvc.sys --> CANNOT FIX
[Faked.Drv][FAKED] atmuni.sys : c:\windows\system32\drivers\atmuni.sys --> CANNOT FIX
[Faked.Drv][FAKED] cbidf2k.sys : c:\windows\system32\drivers\cbidf2k.sys --> CANNOT FIX
[Faked.Drv][FAKED] cinemst2.sys : c:\windows\system32\drivers\cinemst2.sys --> CANNOT FIX
[Faked.Drv][FAKED] cpqdap01.sys : c:\windows\system32\drivers\cpqdap01.sys --> CANNOT FIX
[Faked.Drv][FAKED] dxapi.sys : c:\windows\system32\drivers\dxapi.sys --> CANNOT FIX
[Faked.Drv][FAKED] ipfltdrv.sys : c:\windows\system32\drivers\ipfltdrv.sys --> CANNOT FIX
[Faked.Drv][FAKED] mcd.sys : c:\windows\system32\drivers\mcd.sys --> CANNOT FIX
[Faked.Drv][FAKED] nikedrv.sys : c:\windows\system32\drivers\nikedrv.sys --> CANNOT FIX
[Faked.Drv][FAKED] nwlnkflt.sys : c:\windows\system32\drivers\nwlnkflt.sys --> CANNOT FIX
[Faked.Drv][FAKED] nwlnkfwd.sys : c:\windows\system32\drivers\nwlnkfwd.sys --> CANNOT FIX
[Faked.Drv][FAKED] nwlnknb.sys : c:\windows\system32\drivers\nwlnknb.sys --> CANNOT FIX
[Faked.Drv][FAKED] nwlnkspx.sys : c:\windows\system32\drivers\nwlnkspx.sys --> CANNOT FIX
[Faked.Drv][FAKED] rawwan.sys : c:\windows\system32\drivers\rawwan.sys --> CANNOT FIX
[Faked.Drv][FAKED] rio8drv.sys : c:\windows\system32\drivers\rio8drv.sys --> CANNOT FIX
[Faked.Drv][FAKED] riodrv.sys : c:\windows\system32\drivers\riodrv.sys --> CANNOT FIX
[Faked.Drv][FAKED] aavmker4.sys : c:\windows\system32\drivers\aavmker4.sys --> CANNOT FIX
[Faked.Drv][FAKED] RMCast.sys : c:\windows\system32\drivers\RMCast.sys --> CANNOT FIX
[Faked.Drv][FAKED] rootmdm.sys : c:\windows\system32\drivers\rootmdm.sys --> CANNOT FIX
[Faked.Drv][FAKED] smclib.sys : c:\windows\system32\drivers\smclib.sys --> CANNOT FIX
[Faked.Drv][FAKED] tosdvd.sys : c:\windows\system32\drivers\tosdvd.sys --> CANNOT FIX
[Faked.Drv][FAKED] tsbvcap.sys : c:\windows\system32\drivers\tsbvcap.sys --> CANNOT FIX
[Faked.Drv][FAKED] usbcamd.sys : c:\windows\system32\drivers\usbcamd.sys --> CANNOT FIX
[Faked.Drv][FAKED] usbcamd2.sys : c:\windows\system32\drivers\usbcamd2.sys --> CANNOT FIX
[Faked.Drv][FAKED] vdmindvd.sys : c:\windows\system32\drivers\vdmindvd.sys --> CANNOT FIX
[Faked.Drv][FAKED] ws2ifsl.sys : c:\windows\system32\drivers\ws2ifsl.sys --> CANNOT FIX
[Faked.Drv][FAKED] mnmdd.sys : c:\windows\system32\drivers\mnmdd.sys --> CANNOT FIX
[Faked.Drv][FAKED] fsvga.sys : c:\windows\system32\drivers\fsvga.sys --> CANNOT FIX
[Faked.Drv][FAKED] mouhid.sys : c:\windows\system32\drivers\mouhid.sys --> CANNOT FIX
[Faked.Drv][FAKED] aswmon.sys : c:\windows\system32\drivers\aswmon.sys --> CANNOT FIX
[Faked.Drv][FAKED] acpiec.sys : c:\windows\system32\drivers\acpiec.sys --> CANNOT FIX
[Faked.Drv][FAKED] oprghdlr.sys : c:\windows\system32\drivers\oprghdlr.sys --> CANNOT FIX
[Faked.Drv][FAKED] aswmon2.sys : c:\windows\system32\drivers\aswmon2.sys --> CANNOT FIX
[Faked.Drv][FAKED] hidusb.sys : c:\windows\system32\drivers\hidusb.sys --> CANNOT FIX
[Faked.Drv][FAKED] usbd.sys : c:\windows\system32\drivers\usbd.sys --> CANNOT FIX
[Faked.Drv][FAKED] disk.sys : c:\windows\system32\drivers\disk.sys --> CANNOT FIX
[Faked.Drv][FAKED] classpnp.sys : c:\windows\system32\drivers\classpnp.sys --> CANNOT FIX
[Faked.Drv][FAKED] dmio.sys : c:\windows\system32\drivers\dmio.sys --> CANNOT FIX
[Faked.Drv][FAKED] ksecdd.sys : c:\windows\system32\drivers\ksecdd.sys --> CANNOT FIX
[Faked.Drv][FAKED] mountmgr.sys : c:\windows\system32\drivers\mountmgr.sys --> CANNOT FIX
[Faked.Drv][FAKED] mrxdav.sys : c:\windows\system32\drivers\mrxdav.sys --> CANNOT FIX
[Faked.Drv][FAKED] tdi.sys : c:\windows\system32\drivers\tdi.sys --> CANNOT FIX
[Faked.Drv][FAKED] ndis.sys : c:\windows\system32\drivers\ndis.sys --> CANNOT FIX
[Faked.Drv][FAKED] mrxsmb.sys : c:\windows\system32\drivers\mrxsmb.sys --> CANNOT FIX
[Faked.Drv][FAKED] rdbss.sys : c:\windows\system32\drivers\rdbss.sys --> CANNOT FIX
[Faked.Drv][FAKED] msfs.sys : c:\windows\system32\drivers\msfs.sys --> CANNOT FIX
[Faked.Drv][FAKED] mup.sys : c:\windows\system32\drivers\mup.sys --> CANNOT FIX
[Faked.Drv][FAKED] netbios.sys : c:\windows\system32\drivers\netbios.sys --> CANNOT FIX
[Faked.Drv][FAKED] npfs.sys : c:\windows\system32\drivers\npfs.sys --> CANNOT FIX
[Faked.Drv][FAKED] volsnap.sys : c:\windows\system32\drivers\volsnap.sys --> CANNOT FIX
[Faked.Drv][FAKED] p3.sys : c:\windows\system32\drivers\p3.sys --> CANNOT FIX
[Faked.Drv][FAKED] videoprt.sys : c:\windows\system32\drivers\videoprt.sys --> CANNOT FIX
[Faked.Drv][FAKED] modem.sys : c:\windows\system32\drivers\modem.sys --> CANNOT FIX
[Faked.Drv][FAKED] fdc.sys : c:\windows\system32\drivers\fdc.sys --> CANNOT FIX
[Faked.Drv][FAKED] serial.sys : c:\windows\system32\drivers\serial.sys --> CANNOT FIX
[Faked.Drv][FAKED] serenum.sys : c:\windows\system32\drivers\serenum.sys --> CANNOT FIX
[Faked.Drv][FAKED] parport.sys : c:\windows\system32\drivers\parport.sys --> CANNOT FIX
[Faked.Drv][FAKED] cdrom.sys : c:\windows\system32\drivers\cdrom.sys --> CANNOT FIX
[Faked.Drv][FAKED] rasl2tp.sys : c:\windows\system32\drivers\rasl2tp.sys --> CANNOT FIX
[Faked.Drv][FAKED] ndiswan.sys : c:\windows\system32\drivers\ndiswan.sys --> CANNOT FIX
[Faked.Drv][FAKED] raspppoe.sys : c:\windows\system32\drivers\raspppoe.sys --> CANNOT FIX
[Faked.Drv][FAKED] raspptp.sys : c:\windows\system32\drivers\raspptp.sys --> CANNOT FIX
[Faked.Drv][FAKED] psched.sys : c:\windows\system32\drivers\psched.sys --> CANNOT FIX
[Faked.Drv][FAKED] msgpc.sys : c:\windows\system32\drivers\msgpc.sys --> CANNOT FIX
[Faked.Drv][FAKED] swenum.sys : c:\windows\system32\drivers\swenum.sys --> CANNOT FIX
[Faked.Drv][FAKED] flpydisk.sys : c:\windows\system32\drivers\flpydisk.sys --> CANNOT FIX
[Faked.Drv][FAKED] sfloppy.sys : c:\windows\system32\drivers\sfloppy.sys --> CANNOT FIX
[Faked.Drv][FAKED] vga.sys : c:\windows\system32\drivers\vga.sys --> CANNOT FIX
[Faked.Drv][FAKED] ipsec.sys : c:\windows\system32\drivers\ipsec.sys --> CANNOT FIX
[Faked.Drv][FAKED] tcpip.sys : c:\windows\system32\drivers\tcpip.sys --> CANNOT FIX
[Faked.Drv][FAKED] netbt.sys : c:\windows\system32\drivers\netbt.sys --> CANNOT FIX
[Faked.Drv][FAKED] wanarp.sys : c:\windows\system32\drivers\wanarp.sys --> CANNOT FIX
[Faked.Drv][FAKED] imapi.sys : c:\windows\system32\drivers\imapi.sys --> CANNOT FIX
[Faked.Drv][FAKED] fastfat.sys : c:\windows\system32\drivers\fastfat.sys --> CANNOT FIX
[Faked.Drv][FAKED] dxg.sys : c:\windows\system32\drivers\dxg.sys --> CANNOT FIX
[Faked.Drv][FAKED] afd.sys : c:\windows\system32\drivers\afd.sys --> CANNOT FIX
[Faked.Drv][FAKED] srv.sys : c:\windows\system32\drivers\srv.sys --> CANNOT FIX
[Faked.Drv][FAKED] ndisuio.sys : c:\windows\system32\drivers\ndisuio.sys --> CANNOT FIX
[Faked.Drv][FAKED] diskdump.sys : c:\windows\system32\drivers\diskdump.sys --> CANNOT FIX
[Faked.Drv][FAKED] processr.sys : c:\windows\system32\drivers\processr.sys --> CANNOT FIX
[Faked.Drv][FAKED] amdk6.sys : c:\windows\system32\drivers\amdk6.sys --> CANNOT FIX
[Faked.Drv][FAKED] amdk7.sys : c:\windows\system32\drivers\amdk7.sys --> CANNOT FIX
[Faked.Drv][FAKED] arp1394.sys : c:\windows\system32\drivers\arp1394.sys --> CANNOT FIX
[Faked.Drv][FAKED] asyncmac.sys : c:\windows\system32\drivers\asyncmac.sys --> CANNOT FIX
[Faked.Drv][FAKED] atmarpc.sys : c:\windows\system32\drivers\atmarpc.sys --> CANNOT FIX
[Faked.Drv][FAKED] atmlane.sys : c:\windows\system32\drivers\atmlane.sys --> CANNOT FIX
[Faked.Drv][FAKED] bridge.sys : c:\windows\system32\drivers\bridge.sys --> CANNOT FIX
[Faked.Drv][FAKED] cdfs.sys : c:\windows\system32\drivers\cdfs.sys --> CANNOT FIX
[Faked.Drv][FAKED] crusoe.sys : c:\windows\system32\drivers\crusoe.sys --> CANNOT FIX
[Faked.Drv][FAKED] dmboot.sys : c:\windows\system32\drivers\dmboot.sys --> CANNOT FIX
[Faked.Drv][FAKED] hxxp.sys : c:\windows\system32\drivers\hxxp.sys --> CANNOT FIX
[Faked.Drv][FAKED] intelppm.sys : c:\windows\system32\drivers\intelppm.sys --> CANNOT FIX
[Faked.Drv][FAKED] ip6fw.sys : c:\windows\system32\drivers\ip6fw.sys --> CANNOT FIX
[Faked.Drv][FAKED] ipinip.sys : c:\windows\system32\drivers\ipinip.sys --> CANNOT FIX
[Faked.Drv][FAKED] ipnat.sys : c:\windows\system32\drivers\ipnat.sys --> CANNOT FIX
[Faked.Drv][FAKED] mf.sys : c:\windows\system32\drivers\mf.sys --> CANNOT FIX
[Faked.Drv][FAKED] mqac.sys : c:\windows\system32\drivers\mqac.sys --> CANNOT FIX
[Faked.Drv][FAKED] mssmbios.sys : c:\windows\system32\drivers\mssmbios.sys --> CANNOT FIX
[Faked.Drv][FAKED] nic1394.sys : c:\windows\system32\drivers\nic1394.sys --> CANNOT FIX
[Faked.Drv][FAKED] nmnt.sys : c:\windows\system32\drivers\nmnt.sys --> CANNOT FIX
[Faked.Drv][FAKED] ntfs.sys : c:\windows\system32\drivers\ntfs.sys --> CANNOT FIX
[Faked.Drv][FAKED] nwlnkipx.sys : c:\windows\system32\drivers\nwlnkipx.sys --> CANNOT FIX
[Faked.Drv][FAKED] nwrdr.sys : c:\windows\system32\drivers\nwrdr.sys --> CANNOT FIX
[Faked.Drv][FAKED] pcmcia.sys : c:\windows\system32\drivers\pcmcia.sys --> CANNOT FIX
[Faked.Drv][FAKED] rndismp.sys : c:\windows\system32\drivers\rndismp.sys --> CANNOT FIX
[Faked.Drv][FAKED] scsiport.sys : c:\windows\system32\drivers\scsiport.sys --> CANNOT FIX
[Faked.Drv][FAKED] sdbus.sys : c:\windows\system32\drivers\sdbus.sys --> CANNOT FIX
[Faked.Drv][FAKED] secdrv.sys : c:\windows\system32\drivers\secdrv.sys --> CANNOT FIX
[Faked.Drv][FAKED] sffdisk.sys : c:\windows\system32\drivers\sffdisk.sys --> CANNOT FIX
[Faked.Drv][FAKED] sffp_sd.sys : c:\windows\system32\drivers\sffp_sd.sys --> CANNOT FIX
[Faked.Drv][FAKED] sonydcam.sys : c:\windows\system32\drivers\sonydcam.sys --> CANNOT FIX
[Faked.Drv][FAKED] tape.sys : c:\windows\system32\drivers\tape.sys --> CANNOT FIX
[Faked.Drv][FAKED] tcpip6.sys : c:\windows\system32\drivers\tcpip6.sys --> CANNOT FIX
[Faked.Drv][FAKED] tunmp.sys : c:\windows\system32\drivers\tunmp.sys --> CANNOT FIX
[Faked.Drv][FAKED] udfs.sys : c:\windows\system32\drivers\udfs.sys --> CANNOT FIX
[Faked.Drv][FAKED] usb8023.sys : c:\windows\system32\drivers\usb8023.sys --> CANNOT FIX
[Faked.Drv][FAKED] update.sys : c:\windows\system32\drivers\update.sys --> CANNOT FIX
[Faked.Drv][FAKED] usbintel.sys : c:\windows\system32\drivers\usbintel.sys --> CANNOT FIX
[Faked.Drv][FAKED] i8042prt.sys : c:\windows\system32\drivers\i8042prt.sys --> CANNOT FIX
[Faked.Drv][FAKED] acpi.sys : c:\windows\system32\drivers\acpi.sys --> CANNOT FIX
[Faked.Drv][FAKED] aswSnx.sys : c:\windows\system32\drivers\aswSnx.sys --> CANNOT FIX
[Faked.Drv][FAKED] hidclass.sys : c:\windows\system32\drivers\hidclass.sys --> CANNOT FIX
[Faked.Drv][FAKED] hidparse.sys : c:\windows\system32\drivers\hidparse.sys --> CANNOT FIX
[Faked.Drv][FAKED] aswTdi.sys : c:\windows\system32\drivers\aswTdi.sys --> CANNOT FIX
[Faked.Drv][FAKED] mouclass.sys : c:\windows\system32\drivers\mouclass.sys --> CANNOT FIX
[Faked.Drv][FAKED] kbdclass.sys : c:\windows\system32\drivers\kbdclass.sys --> CANNOT FIX
[Faked.Drv][FAKED] irenum.sys : c:\windows\system32\drivers\irenum.sys --> CANNOT FIX
[Faked.Drv][FAKED] aswRdr.sys : c:\windows\system32\drivers\aswRdr.sys --> CANNOT FIX
[Faked.Drv][FAKED] redbook.sys : c:\windows\system32\drivers\redbook.sys --> CANNOT FIX
[Faked.Drv][FAKED] aswSP.sys : c:\windows\system32\drivers\aswSP.sys --> CANNOT FIX
[Faked.Drv][FAKED] audstub.sys : c:\windows\system32\drivers\audstub.sys --> CANNOT FIX
[Faked.Drv][FAKED] aswFsBlk.sys : c:\windows\system32\drivers\aswFsBlk.sys --> CANNOT FIX
[Faked.Drv][FAKED] termdd.sys : c:\windows\system32\drivers\termdd.sys --> CANNOT FIX
[Faked.Drv][FAKED] TrueSight.sys : c:\windows\system32\drivers\TrueSight.sys --> CANNOT FIX
[Faked.Drv][FAKED] rdpdr.sys : c:\windows\system32\drivers\rdpdr.sys --> CANNOT FIX
[Faked.Drv][FAKED] rdpwd.sys : c:\windows\system32\drivers\rdpwd.sys --> CANNOT FIX
[Faked.Drv][FAKED] tdpipe.sys : c:\windows\system32\drivers\tdpipe.sys --> CANNOT FIX
[Faked.Drv][FAKED] tdtcp.sys : c:\windows\system32\drivers\tdtcp.sys --> CANNOT FIX
[Faked.Drv][FAKED] sr.sys : c:\windows\system32\drivers\sr.sys --> CANNOT FIX
[Faked.Drv][FAKED] fltMgr.sys : c:\windows\system32\drivers\fltMgr.sys --> CANNOT FIX
[Faked.Drv][FAKED] RTL8139.sys : c:\windows\system32\drivers\RTL8139.sys --> CANNOT FIX
[Faked.Drv][FAKED] usbccgp.sys : c:\windows\system32\drivers\usbccgp.sys --> CANNOT FIX
[Faked.Drv][FAKED] usbvideo.sys : c:\windows\system32\drivers\usbvideo.sys --> CANNOT FIX
[Faked.Drv][FAKED] ASUSHWIO.SYS : c:\windows\system32\drivers\ASUSHWIO.SYS --> CANNOT FIX
[Faked.Drv][FAKED] MSPCLOCK.sys : c:\windows\system32\drivers\MSPCLOCK.sys --> CANNOT FIX
[Faked.Drv][FAKED] MSPQM.sys : c:\windows\system32\drivers\MSPQM.sys --> CANNOT FIX
[Faked.Drv][FAKED] MSKSSRV.sys : c:\windows\system32\drivers\MSKSSRV.sys --> CANNOT FIX
[Faked.Drv][FAKED] CCDECODE.sys : c:\windows\system32\drivers\CCDECODE.sys --> CANNOT FIX
[Faked.Drv][FAKED] NABTSFEC.sys : c:\windows\system32\drivers\NABTSFEC.sys --> CANNOT FIX
[Faked.Drv][FAKED] WSTCODEC.SYS : c:\windows\system32\drivers\WSTCODEC.SYS --> CANNOT FIX
[Faked.Drv][FAKED] SLIP.sys : c:\windows\system32\drivers\SLIP.sys --> CANNOT FIX
[Faked.Drv][FAKED] StreamIP.sys : c:\windows\system32\drivers\StreamIP.sys --> CANNOT FIX
[Faked.Drv][FAKED] NdisIP.sys : c:\windows\system32\drivers\NdisIP.sys --> CANNOT FIX
[Faked.Drv][FAKED] ASACPI.sys : c:\windows\system32\drivers\ASACPI.sys --> CANNOT FIX
[Faked.Drv][FAKED] MSTEE.sys : c:\windows\system32\drivers\MSTEE.sys --> CANNOT FIX
[Faked.Drv][FAKED] Hdaudbus.sys : c:\windows\system32\drivers\Hdaudbus.sys --> CANNOT FIX
[Faked.Drv][FAKED] Hdaudio.sys : c:\windows\system32\drivers\Hdaudio.sys --> CANNOT FIX
[Faked.Drv][FAKED] portcls.sys : c:\windows\system32\drivers\portcls.sys --> CANNOT FIX
[Faked.Drv][FAKED] stream.sys : c:\windows\system32\drivers\stream.sys --> CANNOT FIX
[Faked.Drv][FAKED] drmk.sys : c:\windows\system32\drivers\drmk.sys --> CANNOT FIX
[Faked.Drv][FAKED] ks.sys : c:\windows\system32\drivers\ks.sys --> CANNOT FIX
[Faked.Drv][FAKED] RtkHDAud.sys : c:\windows\system32\drivers\RtkHDAud.sys --> CANNOT FIX
[Faked.Drv][FAKED] Monfilt.sys : c:\windows\system32\drivers\Monfilt.sys --> CANNOT FIX
[Faked.Drv][FAKED] Ambfilt.sys : c:\windows\system32\drivers\Ambfilt.sys --> CANNOT FIX
[Faked.Drv][FAKED] sysaudio.sys : c:\windows\system32\drivers\sysaudio.sys --> CANNOT FIX
[Faked.Drv][FAKED] drmkaud.sys : c:\windows\system32\drivers\drmkaud.sys --> CANNOT FIX
[Faked.Drv][FAKED] kmixer.sys : c:\windows\system32\drivers\kmixer.sys --> CANNOT FIX
[Faked.Drv][FAKED] aec.sys : c:\windows\system32\drivers\aec.sys --> CANNOT FIX
[Faked.Drv][FAKED] swmidi.sys : c:\windows\system32\drivers\swmidi.sys --> CANNOT FIX
[Faked.Drv][FAKED] DMusic.sys : c:\windows\system32\drivers\DMusic.sys --> CANNOT FIX
[Faked.Drv][FAKED] wdmaud.sys : c:\windows\system32\drivers\wdmaud.sys --> CANNOT FIX
[Faked.Drv][FAKED] splitter.sys : c:\windows\system32\drivers\splitter.sys --> CANNOT FIX
[Faked.Drv][FAKED] pciide.sys : c:\windows\system32\drivers\pciide.sys --> CANNOT FIX
[Faked.Drv][FAKED] atapi.sys : c:\windows\system32\drivers\atapi.sys --> CANNOT FIX
[Faked.Drv][FAKED] pciidex.sys : c:\windows\system32\drivers\pciidex.sys --> CANNOT FIX
[Faked.Drv][FAKED] usbuhci.sys : c:\windows\system32\drivers\usbuhci.sys --> CANNOT FIX
[Faked.Drv][FAKED] usbhub.sys : c:\windows\system32\drivers\usbhub.sys --> CANNOT FIX
[Faked.Drv][FAKED] usbport.sys : c:\windows\system32\drivers\usbport.sys --> CANNOT FIX
[Faked.Drv][FAKED] usbehci.sys : c:\windows\system32\drivers\usbehci.sys --> CANNOT FIX
[Faked.Drv][FAKED] pci.sys : c:\windows\system32\drivers\pci.sys --> CANNOT FIX
[Faked.Drv][FAKED] isapnp.sys : c:\windows\system32\drivers\isapnp.sys --> CANNOT FIX
[Faked.Drv][FAKED] Rtenicxp.sys : c:\windows\system32\drivers\Rtenicxp.sys --> CANNOT FIX
[Faked.Drv][FAKED] igxpmp32.sys : c:\windows\system32\drivers\igxpmp32.sys --> CANNOT FIX
[Faked.Drv][FAKED] usbprint.sys : c:\windows\system32\drivers\usbprint.sys --> CANNOT FIX
[Faked.Drv][FAKED] wpdusb.sys : c:\windows\system32\drivers\wpdusb.sys --> CANNOT FIX
[Faked.Drv][FAKED] InCDfs.sys : c:\windows\system32\drivers\InCDfs.sys --> CANNOT FIX
[Faked.Drv][FAKED] InCDPass.sys : c:\windows\system32\drivers\InCDPass.sys --> CANNOT FIX
[Faked.Drv][FAKED] InCDrec.sys : c:\windows\system32\drivers\InCDrec.sys --> CANNOT FIX
[Faked.Drv][FAKED] InCDRm.sys : c:\windows\system32\drivers\InCDRm.sys --> CANNOT FIX
[Faked.Drv][FAKED] USBSTOR.SYS : c:\windows\system32\drivers\USBSTOR.SYS --> CANNOT FIX
[Faked.Drv][FAKED] rt73.sys : c:\windows\system32\drivers\rt73.sys --> CANNOT FIX
[Faked.Drv][FAKED] AegisP.sys : c:\windows\system32\drivers\AegisP.sys --> CANNOT FIX
[Faked.Drv][FAKED] rt2870.sys : c:\windows\system32\drivers\rt2870.sys --> CANNOT FIX
[Faked.Drv][FAKED] kbdhid.sys : c:\windows\system32\drivers\kbdhid.sys --> CANNOT FIX
[Faked.Drv][FAKED] mbam.sys : c:\windows\system32\drivers\mbam.sys --> CANNOT FIX

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 www.huedesigners.dev
127.0.0.1 www.hue-designers.dev

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380215A +++++
--- User ---
[MBR] f053e95068aff34bf0d1ac7e8be47632
[BSP] eab0fd26762eede494ef9b80985946d6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 20002 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 40965750 | Size: 56313 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Seagate Portable USB Device +++++
--- User ---
[MBR] 5ad8fdd07dcb01972aef31073ee3a146
[BSP] 29ab77d8524e6013b94115d2af0c4f66 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

broni · 2012/07/12

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

webgal · 2012/07/12

No report got generated. Scan found no threats.

broni · 2012/07/12

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Log in or Sign up

Inactive Random Mouse clicking sound after start up

webgal Inactive Thread Starter

PeteC SuperGeek Staff

webgal Inactive Thread Starter

PeteC SuperGeek Staff

webgal Inactive Thread Starter

webgal Inactive Thread Starter

webgal Inactive Thread Starter

webgal Inactive Thread Starter

broni Moderator Malware Analyst

webgal Inactive Thread Starter

broni Moderator Malware Analyst

webgal Inactive Thread Starter

broni Moderator Malware Analyst

webgal Inactive Thread Starter

broni Moderator Malware Analyst

webgal Inactive Thread Starter

broni Moderator Malware Analyst

webgal Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Random Mouse clicking sound after start up

webgal Inactive Thread Starter

PeteC SuperGeek Staff

webgal Inactive Thread Starter

PeteC SuperGeek Staff

webgal Inactive Thread Starter

webgal Inactive Thread Starter

webgal Inactive Thread Starter

webgal Inactive Thread Starter

broni Moderator Malware Analyst

webgal Inactive Thread Starter

broni Moderator Malware Analyst

webgal Inactive Thread Starter

broni Moderator Malware Analyst

webgal Inactive Thread Starter

broni Moderator Malware Analyst

webgal Inactive Thread Starter

broni Moderator Malware Analyst

webgal Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches