Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Uknown Start Up Item in System Config - Start Up


  • Please log in to reply
17 replies to this topic

#1 Oskee

Oskee

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 02 November 2010 - 08:21 PM

Hi -

Computer booted up extremely slow and locked up several times - after finally getting in and online - I noticed in my start up processes a new start up titled "dpnsecab" and in the command column it starts with "rundll32..... The computer is running extremely slow on start up still. I have scanned with Malwarebytes and found nothing.

What should I do?

BC AdBot (Login to Remove)

 


#2 Oskee

Oskee
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 03 November 2010 - 08:17 PM

I ran ESET - it detected Win32/bagle.gen.zip worm and a variant of Java Trojan Downloader.OpenStream.NAU trojan.

What do I need to do next? Please help - Thanks!

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:52 PM

Posted 03 November 2010 - 09:16 PM

Hello, are you running XP?
Are you getting a "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message with that dpnsecab/Rundll /??

Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Oskee

Oskee
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 03 November 2010 - 09:24 PM

Hi

I am running Vista - attached is what ESET found.

C:\ProgramData\Spybot - Search & Destroy\Recovery\WinFraudPack.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Users\Schutte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\448e3767-2f13c324 a variant of Java/TrojanDownloader.OpenStream.NAU trojan deleted - quarantined
C:\Users\Schutte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\5340ebba-6e7e9b8e multiple threats deleted - quarantined

I will run those and get right back to you - Thanks!

#5 Oskee

Oskee
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 03 November 2010 - 09:30 PM

The other thing to note is the favicon is completely messed up for each website - for instant bleeping computers favicon is googles!

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:52 PM

Posted 03 November 2010 - 09:39 PM

OK yes do run those .. Safe mode is the same as XP/
I am surprised MBAM did not see the Bagle,was it updated first?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Oskee

Oskee
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 03 November 2010 - 11:18 PM

Don't think it was updated.

Here is the SAS log - favicons are back to normal. Still a bit slow when booting - but maybe the SAS starting up??

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/03/2010 at 11:10 PM

Application Version : 4.45.1000

Core Rules Database Version : 5808
Trace Rules Database Version: 3620

Scan type : Complete Scan
Total Scan Time : 01:23:43

Memory items scanned : 283
Memory threats detected : 0
Registry items scanned : 13355
Registry threats detected : 0
File items scanned : 152854
File threats detected : 45

Adware.Tracking Cookie
a.ads2.msads.net [ C:\Users\Schutte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CTWCBF88 ]
ads2.msads.net [ C:\Users\Schutte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CTWCBF88 ]
b.ads2.msads.net [ C:\Users\Schutte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CTWCBF88 ]
ia.media-imdb.com [ C:\Users\Schutte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CTWCBF88 ]
kona.kontera.com [ C:\Users\Schutte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CTWCBF88 ]
secure-us.imrworldwide.com [ C:\Users\Schutte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CTWCBF88 ]
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@a1.interclick[2].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@ad.wsod[2].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@ad.yieldmanager[2].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@adecn[2].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@adlegend[2].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@ads.addynamix[2].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@ads.bleepingcomputer[1].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@ads.intergi[1].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@ads.neudesicmediagroup[1].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@ads.news-gazette[1].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@ads.pointroll[1].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@adserver.adtechus[1].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@at.atwola[2].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@bs.serving-sys[1].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@chitika[1].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@collective-media[1].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@content.yieldmanager[2].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@content.yieldmanager[3].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@dc.tremormedia[2].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@dmtracker[1].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@eset.122.2o7[1].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@ext-us.bestofmedia[1].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@imrworldwide[2].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@insightexpressai[2].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@interclick[1].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@invitemedia[1].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@kontera[1].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@legolas-media[2].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@lucidmedia[2].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@media6degrees[2].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@pointroll[2].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@pro-market[1].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@questionmarket[1].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@revsci[2].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@ru4[1].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@serving-sys[1].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@tacoda[1].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@tribalfusion[2].txt
C:\Users\Schutte\AppData\Roaming\Microsoft\Windows\Cookies\Low\schutte@xiti[1].txt

#8 Oskee

Oskee
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 03 November 2010 - 11:22 PM

Rebooted a few more times and seems to be booting up much faster!

#9 Oskee

Oskee
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 04 November 2010 - 03:44 PM

How do they look? To answer your question above - I never recieved any run errors etc from the dpnsecab rundll, that I can recall. Just a very slow start up and freezing issues.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:52 PM

Posted 04 November 2010 - 04:05 PM

Ok, let's take one more look in here..
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Edited by boopme, 04 November 2010 - 04:11 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Oskee

Oskee
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 04 November 2010 - 07:05 PM

Ok - just got home and computer froze on log on - had to re-boot.

I will run the above and get back to you - Thanks!

#12 Oskee

Oskee
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 04 November 2010 - 07:12 PM

Nothing found - here are the results.

2010/11/04 19:07:31.0534 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43
2010/11/04 19:07:31.0534 ================================================================================
2010/11/04 19:07:31.0534 SystemInfo:
2010/11/04 19:07:31.0534
2010/11/04 19:07:31.0534 OS Version: 6.0.6002 ServicePack: 2.0
2010/11/04 19:07:31.0534 Product type: Workstation
2010/11/04 19:07:31.0534 ComputerName: SCHUTTE-PC
2010/11/04 19:07:31.0534 UserName: Schutte
2010/11/04 19:07:31.0534 Windows directory: C:\Windows
2010/11/04 19:07:31.0534 System windows directory: C:\Windows
2010/11/04 19:07:31.0534 Running under WOW64
2010/11/04 19:07:31.0534 Processor architecture: Intel x64
2010/11/04 19:07:31.0534 Number of processors: 2
2010/11/04 19:07:31.0534 Page size: 0x1000
2010/11/04 19:07:31.0534 Boot type: Normal boot
2010/11/04 19:07:31.0534 ================================================================================
2010/11/04 19:07:31.0534 Utility is running under WOW64
2010/11/04 19:07:32.0127 Initialize success
2010/11/04 19:08:08.0350 ================================================================================
2010/11/04 19:08:08.0350 Scan started
2010/11/04 19:08:08.0350 Mode: Manual;
2010/11/04 19:08:08.0350 ================================================================================
2010/11/04 19:08:13.0498 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2010/11/04 19:08:13.0779 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2010/11/04 19:08:14.0481 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2010/11/04 19:08:15.0152 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2010/11/04 19:08:15.0573 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2010/11/04 19:08:16.0540 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2010/11/04 19:08:17.0164 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2010/11/04 19:08:17.0960 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2010/11/04 19:08:18.0599 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
2010/11/04 19:08:19.0036 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2010/11/04 19:08:19.0551 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2010/11/04 19:08:20.0268 ApfiltrService (8c85c812569df851e7a2159147323dfa) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/11/04 19:08:20.0612 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2010/11/04 19:08:20.0721 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2010/11/04 19:08:21.0267 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/04 19:08:21.0345 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2010/11/04 19:08:21.0782 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2010/11/04 19:08:21.0969 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/04 19:08:22.0499 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/04 19:08:22.0842 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2010/11/04 19:08:23.0466 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2010/11/04 19:08:23.0966 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2010/11/04 19:08:24.0371 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/04 19:08:24.0574 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2010/11/04 19:08:24.0995 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2010/11/04 19:08:25.0151 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/04 19:08:25.0697 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/04 19:08:26.0290 cfwids (e02c9cdb15f13de4eb2ff67660e62317) C:\Windows\system32\drivers\cfwids.sys
2010/11/04 19:08:26.0727 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2010/11/04 19:08:27.0132 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2010/11/04 19:08:27.0772 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/04 19:08:28.0193 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2010/11/04 19:08:28.0661 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/04 19:08:28.0786 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2010/11/04 19:08:29.0145 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2010/11/04 19:08:29.0909 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2010/11/04 19:08:30.0596 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
2010/11/04 19:08:31.0204 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/11/04 19:08:31.0469 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/11/04 19:08:32.0031 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2010/11/04 19:08:32.0374 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/04 19:08:32.0873 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
2010/11/04 19:08:33.0372 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2010/11/04 19:08:33.0856 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2010/11/04 19:08:34.0059 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2010/11/04 19:08:34.0480 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2010/11/04 19:08:34.0589 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2010/11/04 19:08:34.0901 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2010/11/04 19:08:35.0338 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/04 19:08:35.0806 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2010/11/04 19:08:36.0024 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2010/11/04 19:08:36.0290 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/04 19:08:36.0539 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2010/11/04 19:08:37.0023 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/04 19:08:37.0163 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/04 19:08:37.0475 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/11/04 19:08:38.0489 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/04 19:08:38.0910 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2010/11/04 19:08:38.0957 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2010/11/04 19:08:39.0066 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/04 19:08:39.0176 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2010/11/04 19:08:39.0394 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2010/11/04 19:08:39.0519 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2010/11/04 19:08:39.0581 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/04 19:08:39.0659 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2010/11/04 19:08:40.0002 igfx (d4a887f145e96fa9f08c1d1d67ea6546) C:\Windows\system32\DRIVERS\igdkmd64.sys
2010/11/04 19:08:40.0330 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2010/11/04 19:08:40.0502 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
2010/11/04 19:08:40.0704 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2010/11/04 19:08:40.0767 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/04 19:08:40.0907 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/04 19:08:41.0032 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/04 19:08:41.0188 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/04 19:08:41.0235 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2010/11/04 19:08:41.0344 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2010/11/04 19:08:41.0453 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/04 19:08:41.0500 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2010/11/04 19:08:41.0594 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
2010/11/04 19:08:41.0765 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2010/11/04 19:08:41.0874 k57nd60a (2798447996feb5a58b584c8443acad02) C:\Windows\system32\DRIVERS\k57nd60a.sys
2010/11/04 19:08:42.0015 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/04 19:08:42.0108 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/04 19:08:42.0202 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/04 19:08:42.0342 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2010/11/04 19:08:42.0452 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/04 19:08:42.0592 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/04 19:08:42.0639 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/04 19:08:42.0701 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/04 19:08:42.0748 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2010/11/04 19:08:42.0998 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2010/11/04 19:08:43.0091 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2010/11/04 19:08:43.0232 mfeapfk (c1556ca9695fcd6bbd23d75d402fd43d) C:\Windows\system32\drivers\mfeapfk.sys
2010/11/04 19:08:43.0310 mfeavfk (8857ee8b49f3338fc1fad476bfcca146) C:\Windows\system32\drivers\mfeavfk.sys
2010/11/04 19:08:43.0575 mfefirek (19c44295f6bf085c83352d48397f7870) C:\Windows\system32\drivers\mfefirek.sys
2010/11/04 19:08:43.0731 mfehidk (5f915e20ab56121c41c6bf9a91a83bda) C:\Windows\system32\drivers\mfehidk.sys
2010/11/04 19:08:44.0261 mfenlfk (23ae332e32ff615ca5e5224c8d91af11) C:\Windows\system32\DRIVERS\mfenlfk.sys
2010/11/04 19:08:44.0386 mferkdet (9c7a9273e345f8d653394b5c542bf86a) C:\Windows\system32\drivers\mferkdet.sys
2010/11/04 19:08:44.0573 mfewfpk (3140b2c56d7119ba314f68fc785683f0) C:\Windows\system32\drivers\mfewfpk.sys
2010/11/04 19:08:44.0714 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2010/11/04 19:08:44.0760 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/04 19:08:44.0885 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/04 19:08:44.0948 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/04 19:08:45.0041 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2010/11/04 19:08:45.0166 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2010/11/04 19:08:45.0244 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/04 19:08:45.0306 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/04 19:08:45.0431 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2010/11/04 19:08:45.0556 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/04 19:08:45.0634 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/04 19:08:45.0759 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/04 19:08:45.0837 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
2010/11/04 19:08:45.0930 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2010/11/04 19:08:46.0086 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2010/11/04 19:08:46.0164 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2010/11/04 19:08:46.0242 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/04 19:08:46.0320 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/04 19:08:46.0430 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2010/11/04 19:08:46.0539 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2010/11/04 19:08:46.0648 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/04 19:08:46.0788 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2010/11/04 19:08:46.0866 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2010/11/04 19:08:46.0944 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/04 19:08:47.0100 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2010/11/04 19:08:47.0272 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/04 19:08:47.0334 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/04 19:08:47.0412 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/04 19:08:47.0568 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2010/11/04 19:08:47.0740 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/04 19:08:47.0834 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/04 19:08:48.0239 NETw5v64 (b0b1ba4b9ae82b8b10d972f0cadaa833) C:\Windows\system32\DRIVERS\NETw5v64.sys
2010/11/04 19:08:48.0676 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2010/11/04 19:08:48.0754 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2010/11/04 19:08:48.0816 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/04 19:08:48.0941 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2010/11/04 19:08:49.0160 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2010/11/04 19:08:49.0238 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2010/11/04 19:08:49.0300 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2010/11/04 19:08:49.0440 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2010/11/04 19:08:49.0706 OA001Ufd (d09cc91e92fd1ff81af3a14be2cbb20d) C:\Windows\system32\DRIVERS\OA001Ufd.sys
2010/11/04 19:08:49.0862 OA001Vid (a42cb6914ad67e1584e807ce53f1e62c) C:\Windows\system32\DRIVERS\OA001Vid.sys
2010/11/04 19:08:50.0127 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/04 19:08:50.0220 Packet (43e24699a18126f11e3d9bf6db85518b) C:\Windows\system32\DRIVERS\packet.sys
2010/11/04 19:08:50.0486 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2010/11/04 19:08:50.0579 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2010/11/04 19:08:50.0720 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2010/11/04 19:08:50.0813 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2010/11/04 19:08:50.0891 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2010/11/04 19:08:51.0047 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2010/11/04 19:08:51.0422 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/04 19:08:51.0515 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2010/11/04 19:08:51.0624 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/04 19:08:51.0780 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
2010/11/04 19:08:52.0030 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2010/11/04 19:08:52.0248 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2010/11/04 19:08:52.0326 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/04 19:08:52.0514 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/04 19:08:52.0810 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/04 19:08:52.0904 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/04 19:08:53.0044 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/04 19:08:53.0138 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/04 19:08:53.0278 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/04 19:08:53.0372 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/04 19:08:53.0450 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2010/11/04 19:08:53.0606 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/04 19:08:53.0715 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2010/11/04 19:08:53.0871 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
2010/11/04 19:08:54.0011 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
2010/11/04 19:08:54.0167 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
2010/11/04 19:08:54.0292 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/04 19:08:54.0417 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2010/11/04 19:08:54.0604 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2010/11/04 19:08:54.0776 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2010/11/04 19:08:54.0900 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
2010/11/04 19:08:55.0010 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/11/04 19:08:55.0166 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2010/11/04 19:08:55.0228 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2010/11/04 19:08:55.0306 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2010/11/04 19:08:55.0493 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/11/04 19:08:55.0571 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/04 19:08:55.0665 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/11/04 19:08:55.0805 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2010/11/04 19:08:55.0899 silabenm (720088aad691ff1d90be8ec28727f6ca) C:\Windows\system32\DRIVERS\silabenm.sys
2010/11/04 19:08:56.0055 silabser (77d4f56682ab668dd7d4bd4f1178d3c9) C:\Windows\system32\DRIVERS\silabser.sys
2010/11/04 19:08:56.0242 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2010/11/04 19:08:56.0289 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2010/11/04 19:08:56.0398 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2010/11/04 19:08:56.0538 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2010/11/04 19:08:56.0663 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
2010/11/04 19:08:56.0819 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/04 19:08:56.0991 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/04 19:08:57.0209 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
2010/11/04 19:08:57.0490 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/04 19:08:57.0584 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2010/11/04 19:08:57.0677 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2010/11/04 19:08:57.0740 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2010/11/04 19:08:57.0989 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2010/11/04 19:08:58.0286 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/04 19:08:58.0457 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/04 19:08:58.0535 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2010/11/04 19:08:58.0598 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2010/11/04 19:08:58.0754 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/04 19:08:58.0832 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/04 19:08:59.0097 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/04 19:08:59.0190 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/04 19:08:59.0253 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/04 19:08:59.0409 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2010/11/04 19:08:59.0502 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/04 19:08:59.0721 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/04 19:08:59.0814 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2010/11/04 19:08:59.0955 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2010/11/04 19:09:00.0095 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2010/11/04 19:09:00.0158 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/04 19:09:00.0329 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys
2010/11/04 19:09:00.0516 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/04 19:09:00.0641 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2010/11/04 19:09:00.0750 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/04 19:09:00.0875 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/04 19:09:00.0969 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2010/11/04 19:09:01.0047 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/04 19:09:01.0187 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2010/11/04 19:09:01.0296 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/04 19:09:01.0359 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/04 19:09:01.0515 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2010/11/04 19:09:01.0655 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/04 19:09:01.0749 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2010/11/04 19:09:01.0920 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2010/11/04 19:09:01.0983 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2010/11/04 19:09:02.0108 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2010/11/04 19:09:02.0279 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2010/11/04 19:09:02.0373 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2010/11/04 19:09:02.0576 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2010/11/04 19:09:02.0732 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/04 19:09:02.0763 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/04 19:09:02.0888 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2010/11/04 19:09:03.0044 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/04 19:09:03.0480 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/04 19:09:03.0714 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/11/04 19:09:03.0870 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/04 19:09:03.0980 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/04 19:09:04.0167 ================================================================================
2010/11/04 19:09:04.0167 Scan finished
2010/11/04 19:09:04.0167 ================================================================================

#13 Oskee

Oskee
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 04 November 2010 - 07:49 PM

Computer seems to be operating ok - just sometimes an issue with start up. When idle - CPU usage remains low and does not spike. Just seems to be a start up related problem. That is where the original issue appeared.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:52 PM

Posted 04 November 2010 - 10:40 PM

Ok, Is the dpnsecab rundll still in startup?
Are the favicons OK?
Are you using a 64-bit system? If so, be aware Microsoft created a new folder (C:\Windows\SysWOW64) that contains all the 32-bit .dll files required for compatibility which run on top of the 64-bit version of Windows. WOW64 is the x86 emulator that allows 32-bit Windows-based applications to run on 64-bit Windows but x86 applications are re-directed to the x86 \syswow64 when seeking the x64 \system32. For a more detailed explanation, please refer to Making the Move to x64: File System Redirection and WOW64 Implementation Details. Many of the tools we use for malware removal are designed for 32-bit systems and do not work or can give misleading results on 64-bit machines. For instance, running HijackThis on a 64-bit machine may show log entries which indicate indicate (file missing) when that is NOT always the case. Anti-malware scanners and many specialized fix tools have problems enumerating the drivers and services on 64-bit machines so they do not always work properly.

We may want you to start a Vista topic and have them review your Startup list.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Oskee

Oskee
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 05 November 2010 - 11:34 AM

64 Bit is what I am running. The strange start up item is now gone - I disabled it originally and then did a system restore to a prior date to get rid of it.

Do you think this is a virus issue or a start up issue?

Favicons are now ok




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users