Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop crashing when started in xp standard mode


  • This topic is locked This topic is locked
30 replies to this topic

#1 Z77450

Z77450

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 30 October 2011 - 10:52 AM

My laptop crashes if turned on in standard mode. More and less a few seconds after the first windows logo shows up i get the blue screen. When in safe mode, the McAfee program is always off, even if I try to turn it on back again. It just switch back after 2 seconds.
The system was slow and getting slower a while ago, then I tried to upgrade McAfee and after downloading (and got some messages I dont remember), it tried to re-start.. and never worked again, other than in safe mode.


.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19088
Run by Alex at 6:32:20 on 2011-10-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1337 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.utexas.edu/
uInternet Settings,ProxyOverride = <local>;*.local
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110705212254.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [YZ5CZHZYVY5E9G3YP] c:\$recycle$\$Recycle$.exe /q
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\alex\appdata\local\google\update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe
uRunOnce: [Application Restart #0] c:\windows\ehome\ehtray.exe
uRunOnce: [Application Restart #1] c:\program files\windows media player\wmpnscfg.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [OEM02Cfg.exe] OEM02Cfg.exe /d:2
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
dRun: [Hjaxuyeganowetur] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\CTwsia0.dll",Startup
dRunOnce: [iP28601OgLgK28601] c:\programdata\ip28601oglgk28601\iP28601OgLgK28601.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe
StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} - hxxp://asp.mathxl.com/books/_Players/EconPlayer.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{CAFCFDDF-F6C8-4388-A676-495CFC45B187} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\progra~1\google\google~2\googledesktopnetwork3.dll c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli psqlpwd
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-8-16 387480]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-7-5 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-7-5 165032]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-5 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-7-5 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-7-5 141792]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-8-16 179712]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-7-5 314088]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-21 21504]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-5 271480]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-5 271480]
S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-7-5 171168]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-7-5 56064]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-16 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-8-16 153280]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-8-16 52320]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-7-5 84488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-8-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-8-16 40552]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 6:34:54.01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 PM

Posted 30 October 2011 - 12:06 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Z77450

Z77450
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 30 October 2011 - 04:38 PM

Gringo:
Ran Combofix (couldnt stop the mfevtps.exe program from McAfee. I stopped all th eother ones but this)
I noticed while Combofix was running a couple line where " need administrator security .." showed up
Now, a mistake I made; this laptop is window vists, not XP ...

After re-start, I chose run windows in normal mode... still crashed

then, once re-started, I chose SAFE mode... and this is it so far.

CAN'T FIND THE COMBOFiX REPORT !!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 PM

Posted 30 October 2011 - 06:22 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Z77450

Z77450
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 30 October 2011 - 06:38 PM

Gringo,


21:31:32.0085 1076 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
21:31:32.0283 1076 ============================================================
21:31:32.0283 1076 Current date / time: 2011/10/30 21:31:32.0283
21:31:32.0283 1076 SystemInfo:
21:31:32.0283 1076
21:31:32.0283 1076 OS Version: 6.0.6002 ServicePack: 2.0
21:31:32.0283 1076 Product type: Workstation
21:31:32.0283 1076 ComputerName: ALEX-PC
21:31:32.0284 1076 UserName: Alex
21:31:32.0284 1076 Windows directory: C:\Windows
21:31:32.0284 1076 System windows directory: C:\Windows
21:31:32.0284 1076 Processor architecture: Intel x86
21:31:32.0284 1076 Number of processors: 2
21:31:32.0284 1076 Page size: 0x1000
21:31:32.0284 1076 Boot type: Safe boot with network
21:31:32.0284 1076 ============================================================
21:31:32.0611 1076 Initialize success
21:31:41.0498 1088 ============================================================
21:31:41.0498 1088 Scan started
21:31:41.0498 1088 Mode: Manual;
21:31:41.0498 1088 ============================================================
21:31:41.0962 1088 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:31:41.0966 1088 ACPI - ok
21:31:42.0049 1088 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:31:42.0056 1088 adp94xx - ok
21:31:42.0189 1088 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:31:42.0195 1088 adpahci - ok
21:31:42.0273 1088 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:31:42.0276 1088 adpu160m - ok
21:31:42.0336 1088 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:31:42.0339 1088 adpu320 - ok
21:31:42.0445 1088 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:31:42.0450 1088 AFD - ok
21:31:42.0585 1088 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
21:31:42.0586 1088 agp440 - ok
21:31:42.0633 1088 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:31:42.0635 1088 aic78xx - ok
21:31:42.0684 1088 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
21:31:42.0685 1088 aliide - ok
21:31:42.0713 1088 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
21:31:42.0715 1088 amdagp - ok
21:31:42.0777 1088 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
21:31:42.0778 1088 amdide - ok
21:31:42.0983 1088 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:31:42.0984 1088 AmdK7 - ok
21:31:43.0009 1088 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:31:43.0025 1088 AmdK8 - ok
21:31:43.0094 1088 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:31:43.0096 1088 arc - ok
21:31:43.0158 1088 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:31:43.0160 1088 arcsas - ok
21:31:43.0310 1088 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:31:43.0311 1088 AsyncMac - ok
21:31:43.0383 1088 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:31:43.0384 1088 atapi - ok
21:31:43.0443 1088 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:31:43.0446 1088 b57nd60x - ok
21:31:43.0506 1088 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:31:43.0507 1088 Beep - ok
21:31:43.0613 1088 blbdrive - ok
21:31:43.0688 1088 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:31:43.0690 1088 bowser - ok
21:31:43.0753 1088 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:31:43.0754 1088 BrFiltLo - ok
21:31:43.0802 1088 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:31:43.0803 1088 BrFiltUp - ok
21:31:43.0860 1088 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:31:43.0862 1088 Brserid - ok
21:31:43.0994 1088 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:31:43.0996 1088 BrSerWdm - ok
21:31:44.0027 1088 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:31:44.0028 1088 BrUsbMdm - ok
21:31:44.0058 1088 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:31:44.0059 1088 BrUsbSer - ok
21:31:44.0132 1088 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
21:31:44.0133 1088 BthEnum - ok
21:31:44.0193 1088 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:31:44.0195 1088 BTHMODEM - ok
21:31:44.0325 1088 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
21:31:44.0327 1088 BthPan - ok
21:31:44.0361 1088 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
21:31:44.0370 1088 BTHPORT - ok
21:31:44.0481 1088 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
21:31:44.0482 1088 BTHUSB - ok
21:31:44.0547 1088 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
21:31:44.0548 1088 btwaudio - ok
21:31:44.0609 1088 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
21:31:44.0611 1088 btwavdt - ok
21:31:44.0651 1088 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
21:31:44.0652 1088 btwrchid - ok
21:31:44.0733 1088 catchme - ok
21:31:44.0849 1088 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:31:44.0851 1088 cdfs - ok
21:31:44.0914 1088 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:31:44.0916 1088 cdrom - ok
21:31:45.0010 1088 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys
21:31:45.0012 1088 cfwids - ok
21:31:45.0064 1088 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:31:45.0065 1088 circlass - ok
21:31:45.0193 1088 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:31:45.0210 1088 CLFS - ok
21:31:45.0300 1088 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:31:45.0301 1088 CmBatt - ok
21:31:45.0327 1088 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
21:31:45.0328 1088 cmdide - ok
21:31:45.0395 1088 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:31:45.0396 1088 Compbatt - ok
21:31:45.0437 1088 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:31:45.0439 1088 crcdisk - ok
21:31:45.0475 1088 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:31:45.0476 1088 Crusoe - ok
21:31:45.0584 1088 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:31:45.0586 1088 DfsC - ok
21:31:45.0731 1088 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:31:45.0733 1088 disk - ok
21:31:45.0801 1088 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:31:45.0802 1088 drmkaud - ok
21:31:45.0893 1088 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
21:31:45.0894 1088 DSproct - ok
21:31:45.0965 1088 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
21:31:45.0966 1088 dsunidrv - ok
21:31:46.0077 1088 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:31:46.0088 1088 DXGKrnl - ok
21:31:46.0199 1088 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
21:31:46.0203 1088 e1express - ok
21:31:46.0298 1088 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:31:46.0301 1088 E1G60 - ok
21:31:46.0374 1088 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:31:46.0377 1088 Ecache - ok
21:31:46.0432 1088 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:31:46.0438 1088 elxstor - ok
21:31:46.0603 1088 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:31:46.0606 1088 exfat - ok
21:31:46.0670 1088 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:31:46.0673 1088 fastfat - ok
21:31:46.0719 1088 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:31:46.0720 1088 fdc - ok
21:31:46.0780 1088 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:31:46.0782 1088 FileInfo - ok
21:31:46.0915 1088 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:31:46.0916 1088 Filetrace - ok
21:31:46.0946 1088 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:31:46.0948 1088 flpydisk - ok
21:31:47.0016 1088 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:31:47.0020 1088 FltMgr - ok
21:31:47.0086 1088 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:31:47.0087 1088 Fs_Rec - ok
21:31:47.0223 1088 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:31:47.0225 1088 gagp30kx - ok
21:31:47.0276 1088 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:31:47.0278 1088 GEARAspiWDM - ok
21:31:47.0389 1088 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:31:47.0398 1088 HDAudBus - ok
21:31:47.0523 1088 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:31:47.0524 1088 HidBth - ok
21:31:47.0570 1088 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:31:47.0572 1088 HidIr - ok
21:31:47.0635 1088 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:31:47.0636 1088 HidUsb - ok
21:31:47.0676 1088 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:31:47.0678 1088 HpCISSs - ok
21:31:47.0733 1088 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:31:47.0740 1088 HTTP - ok
21:31:47.0864 1088 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:31:47.0865 1088 i2omp - ok
21:31:47.0916 1088 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:31:47.0918 1088 i8042prt - ok
21:31:48.0003 1088 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
21:31:48.0005 1088 iaStor - ok
21:31:48.0031 1088 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:31:48.0036 1088 iaStorV - ok
21:31:48.0155 1088 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:31:48.0156 1088 iirsp - ok
21:31:48.0197 1088 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\DRIVERS\intelide.sys
21:31:48.0198 1088 intelide - ok
21:31:48.0265 1088 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:31:48.0267 1088 intelppm - ok
21:31:48.0328 1088 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:31:48.0329 1088 IpFilterDriver - ok
21:31:48.0412 1088 IpInIp - ok
21:31:48.0456 1088 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:31:48.0458 1088 IPMIDRV - ok
21:31:48.0502 1088 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:31:48.0504 1088 IPNAT - ok
21:31:48.0598 1088 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:31:48.0600 1088 IRENUM - ok
21:31:48.0726 1088 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
21:31:48.0727 1088 isapnp - ok
21:31:48.0790 1088 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:31:48.0792 1088 iScsiPrt - ok
21:31:48.0833 1088 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:31:48.0835 1088 iteatapi - ok
21:31:48.0886 1088 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:31:48.0888 1088 iteraid - ok
21:31:48.0941 1088 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:31:48.0941 1088 kbdclass - ok
21:31:49.0070 1088 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:31:49.0070 1088 kbdhid - ok
21:31:49.0132 1088 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:31:49.0139 1088 KSecDD - ok
21:31:49.0301 1088 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:31:49.0303 1088 lltdio - ok
21:31:49.0373 1088 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:31:49.0375 1088 LSI_FC - ok
21:31:49.0392 1088 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:31:49.0394 1088 LSI_SAS - ok
21:31:49.0446 1088 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:31:49.0448 1088 LSI_SCSI - ok
21:31:49.0499 1088 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:31:49.0501 1088 luafv - ok
21:31:49.0735 1088 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:31:49.0736 1088 megasas - ok
21:31:49.0796 1088 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\Windows\system32\drivers\mfeapfk.sys
21:31:49.0799 1088 mfeapfk - ok
21:31:49.0835 1088 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys
21:31:49.0839 1088 mfeavfk - ok
21:31:49.0847 1088 Suspicious service (Hidden): mfeavfk01
21:31:49.0877 1088 mfeavfk01 ( HiddenService.Multi.Generic ) - warning
21:31:49.0877 1088 mfeavfk01 - detected HiddenService.Multi.Generic (1)
21:31:49.0925 1088 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys
21:31:49.0927 1088 mfebopk - ok
21:31:50.0066 1088 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys
21:31:50.0069 1088 mfefirek - ok
21:31:50.0124 1088 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\Windows\system32\drivers\mfehidk.sys
21:31:50.0131 1088 mfehidk - ok
21:31:50.0233 1088 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys
21:31:50.0234 1088 mfenlfk - ok
21:31:50.0308 1088 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys
21:31:50.0310 1088 mferkdet - ok
21:31:50.0374 1088 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
21:31:50.0375 1088 mferkdk - ok
21:31:50.0436 1088 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
21:31:50.0437 1088 mfesmfk - ok
21:31:50.0564 1088 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys
21:31:50.0566 1088 mfewfpk - ok
21:31:50.0642 1088 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:31:50.0644 1088 Modem - ok
21:31:50.0733 1088 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:31:50.0734 1088 monitor - ok
21:31:50.0800 1088 motmodem (37e5a8c7f9a3b38f113b71ec7ce34f92) C:\Windows\system32\DRIVERS\motmodem.sys
21:31:50.0801 1088 motmodem - ok
21:31:50.0912 1088 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:31:50.0913 1088 mouclass - ok
21:31:50.0954 1088 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:31:50.0955 1088 mouhid - ok
21:31:51.0005 1088 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:31:51.0007 1088 MountMgr - ok
21:31:51.0089 1088 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:31:51.0091 1088 mpio - ok
21:31:51.0132 1088 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:31:51.0134 1088 mpsdrv - ok
21:31:51.0231 1088 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:31:51.0233 1088 Mraid35x - ok
21:31:51.0286 1088 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:31:51.0288 1088 MRxDAV - ok
21:31:51.0340 1088 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:31:51.0342 1088 mrxsmb - ok
21:31:51.0386 1088 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:31:51.0390 1088 mrxsmb10 - ok
21:31:51.0428 1088 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:31:51.0430 1088 mrxsmb20 - ok
21:31:51.0550 1088 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
21:31:51.0552 1088 msahci - ok
21:31:51.0606 1088 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:31:51.0608 1088 msdsm - ok
21:31:51.0683 1088 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:31:51.0684 1088 Msfs - ok
21:31:51.0745 1088 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:31:51.0747 1088 msisadrv - ok
21:31:51.0864 1088 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:31:51.0865 1088 MSKSSRV - ok
21:31:51.0921 1088 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:31:51.0922 1088 MSPCLOCK - ok
21:31:51.0966 1088 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:31:51.0967 1088 MSPQM - ok
21:31:52.0015 1088 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:31:52.0018 1088 MsRPC - ok
21:31:52.0088 1088 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:31:52.0088 1088 mssmbios - ok
21:31:52.0188 1088 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:31:52.0189 1088 MSTEE - ok
21:31:52.0234 1088 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:31:52.0236 1088 Mup - ok
21:31:52.0292 1088 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:31:52.0295 1088 NativeWifiP - ok
21:31:52.0378 1088 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:31:52.0386 1088 NDIS - ok
21:31:52.0504 1088 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:31:52.0505 1088 NdisTapi - ok
21:31:52.0558 1088 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:31:52.0559 1088 Ndisuio - ok
21:31:52.0617 1088 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:31:52.0620 1088 NdisWan - ok
21:31:52.0676 1088 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:31:52.0677 1088 NDProxy - ok
21:31:52.0735 1088 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:31:52.0736 1088 NetBIOS - ok
21:31:52.0832 1088 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:31:52.0836 1088 netbt - ok
21:31:52.0965 1088 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
21:31:53.0001 1088 NETw4v32 - ok
21:31:53.0131 1088 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:31:53.0133 1088 nfrd960 - ok
21:31:53.0192 1088 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:31:53.0193 1088 Npfs - ok
21:31:53.0251 1088 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:31:53.0252 1088 nsiproxy - ok
21:31:53.0321 1088 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:31:53.0339 1088 Ntfs - ok
21:31:53.0461 1088 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:31:53.0463 1088 ntrigdigi - ok
21:31:53.0517 1088 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:31:53.0517 1088 Null - ok
21:31:53.0797 1088 nvlddmkm (64fa050c9ce122792eed58b275d07c55) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:31:54.0037 1088 nvlddmkm - ok
21:31:54.0166 1088 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:31:54.0168 1088 nvraid - ok
21:31:54.0194 1088 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:31:54.0196 1088 nvstor - ok
21:31:54.0241 1088 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
21:31:54.0244 1088 nv_agp - ok
21:31:54.0256 1088 NwlnkFlt - ok
21:31:54.0275 1088 NwlnkFwd - ok
21:31:54.0323 1088 OEM02Dev (4db21d44fe49614e3a85e5c07ef09397) C:\Windows\system32\DRIVERS\OEM02Dev.sys
21:31:54.0328 1088 OEM02Dev - ok
21:31:54.0442 1088 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
21:31:54.0443 1088 OEM02Vfx - ok
21:31:54.0511 1088 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:31:54.0512 1088 ohci1394 - ok
21:31:54.0573 1088 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:31:54.0575 1088 Parport - ok
21:31:54.0642 1088 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:31:54.0644 1088 partmgr - ok
21:31:54.0766 1088 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:31:54.0767 1088 Parvdm - ok
21:31:54.0840 1088 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:31:54.0843 1088 pci - ok
21:31:54.0869 1088 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:31:54.0870 1088 pciide - ok
21:31:54.0927 1088 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:31:54.0930 1088 pcmcia - ok
21:31:55.0079 1088 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:31:55.0094 1088 PEAUTH - ok
21:31:55.0252 1088 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:31:55.0253 1088 PptpMiniport - ok
21:31:55.0297 1088 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:31:55.0299 1088 Processor - ok
21:31:55.0352 1088 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:31:55.0353 1088 PSched - ok
21:31:55.0387 1088 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
21:31:55.0388 1088 PxHelp20 - ok
21:31:55.0557 1088 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:31:55.0572 1088 ql2300 - ok
21:31:55.0672 1088 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:31:55.0674 1088 ql40xx - ok
21:31:55.0740 1088 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:31:55.0741 1088 QWAVEdrv - ok
21:31:55.0875 1088 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
21:31:55.0952 1088 R300 - ok
21:31:56.0099 1088 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:31:56.0100 1088 RasAcd - ok
21:31:56.0164 1088 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:31:56.0166 1088 Rasl2tp - ok
21:31:56.0225 1088 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:31:56.0226 1088 RasPppoe - ok
21:31:56.0249 1088 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:31:56.0251 1088 RasSstp - ok
21:31:56.0389 1088 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:31:56.0393 1088 rdbss - ok
21:31:56.0440 1088 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:31:56.0441 1088 RDPCDD - ok
21:31:56.0499 1088 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
21:31:56.0504 1088 rdpdr - ok
21:31:56.0522 1088 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:31:56.0523 1088 RDPENCDD - ok
21:31:56.0570 1088 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:31:56.0574 1088 RDPWD - ok
21:31:56.0744 1088 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
21:31:56.0747 1088 RFCOMM - ok
21:31:56.0785 1088 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
21:31:56.0786 1088 rimmptsk - ok
21:31:56.0806 1088 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
21:31:56.0807 1088 rimsptsk - ok
21:31:56.0847 1088 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
21:31:56.0848 1088 RimUsb - ok
21:31:56.0920 1088 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
21:31:56.0921 1088 RimVSerPort - ok
21:31:57.0031 1088 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:31:57.0032 1088 rismxdp - ok
21:31:57.0103 1088 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
21:31:57.0104 1088 ROOTMODEM - ok
21:31:57.0179 1088 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:31:57.0181 1088 rspndr - ok
21:31:57.0235 1088 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:31:57.0238 1088 sbp2port - ok
21:31:57.0386 1088 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
21:31:57.0388 1088 sdbus - ok
21:31:57.0417 1088 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:31:57.0419 1088 secdrv - ok
21:31:57.0459 1088 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:31:57.0460 1088 Serenum - ok
21:31:57.0487 1088 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:31:57.0489 1088 Serial - ok
21:31:57.0541 1088 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:31:57.0542 1088 sermouse - ok
21:31:57.0592 1088 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
21:31:57.0593 1088 sffdisk - ok
21:31:57.0717 1088 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
21:31:57.0718 1088 sffp_mmc - ok
21:31:57.0753 1088 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:31:57.0754 1088 sffp_sd - ok
21:31:57.0797 1088 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:31:57.0798 1088 sfloppy - ok
21:31:57.0834 1088 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
21:31:57.0836 1088 sisagp - ok
21:31:57.0871 1088 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:31:57.0872 1088 SiSRaid2 - ok
21:31:57.0924 1088 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:31:57.0926 1088 SiSRaid4 - ok
21:31:58.0067 1088 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:31:58.0069 1088 Smb - ok
21:31:58.0146 1088 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:31:58.0147 1088 spldr - ok
21:31:58.0207 1088 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:31:58.0212 1088 srv - ok
21:31:58.0360 1088 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:31:58.0363 1088 srv2 - ok
21:31:58.0388 1088 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:31:58.0390 1088 srvnet - ok
21:31:58.0447 1088 STHDA (8ee25fad17c309687eab8b963c05478a) C:\Windows\system32\drivers\stwrt.sys
21:31:58.0453 1088 STHDA - ok
21:31:58.0589 1088 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:31:58.0590 1088 swenum - ok
21:31:58.0640 1088 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:31:58.0642 1088 Symc8xx - ok
21:31:58.0698 1088 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:31:58.0699 1088 Sym_hi - ok
21:31:58.0731 1088 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:31:58.0733 1088 Sym_u3 - ok
21:31:58.0834 1088 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys
21:31:58.0836 1088 SynTP - ok
21:31:58.0971 1088 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
21:31:58.0977 1088 Tcpip - ok
21:31:59.0098 1088 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
21:31:59.0104 1088 Tcpip6 - ok
21:31:59.0157 1088 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:31:59.0158 1088 tcpipreg - ok
21:31:59.0210 1088 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys
21:31:59.0212 1088 TcUsb - ok
21:31:59.0256 1088 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:31:59.0258 1088 TDPIPE - ok
21:31:59.0397 1088 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:31:59.0398 1088 TDTCP - ok
21:31:59.0455 1088 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:31:59.0457 1088 tdx - ok
21:31:59.0516 1088 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:31:59.0517 1088 TermDD - ok
21:31:59.0561 1088 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:31:59.0562 1088 tssecsrv - ok
21:31:59.0631 1088 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:31:59.0632 1088 tunmp - ok
21:31:59.0759 1088 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:31:59.0760 1088 tunnel - ok
21:31:59.0812 1088 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:31:59.0813 1088 uagp35 - ok
21:31:59.0865 1088 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:31:59.0870 1088 udfs - ok
21:31:59.0912 1088 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
21:31:59.0914 1088 uliagpkx - ok
21:31:59.0943 1088 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:31:59.0948 1088 uliahci - ok
21:32:00.0081 1088 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:32:00.0083 1088 UlSata - ok
21:32:00.0109 1088 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:32:00.0112 1088 ulsata2 - ok
21:32:00.0157 1088 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:32:00.0158 1088 umbus - ok
21:32:00.0213 1088 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
21:32:00.0215 1088 USBAAPL - ok
21:32:00.0347 1088 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:32:00.0349 1088 usbccgp - ok
21:32:00.0408 1088 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:32:00.0410 1088 usbcir - ok
21:32:00.0467 1088 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:32:00.0469 1088 usbehci - ok
21:32:00.0521 1088 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:32:00.0525 1088 usbhub - ok
21:32:00.0545 1088 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:32:00.0547 1088 usbohci - ok
21:32:00.0675 1088 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:32:00.0676 1088 usbprint - ok
21:32:00.0731 1088 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:32:00.0733 1088 usbscan - ok
21:32:00.0777 1088 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:32:00.0779 1088 USBSTOR - ok
21:32:00.0825 1088 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:32:00.0827 1088 usbuhci - ok
21:32:00.0887 1088 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:32:00.0889 1088 vga - ok
21:32:01.0024 1088 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:32:01.0026 1088 VgaSave - ok
21:32:01.0064 1088 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
21:32:01.0066 1088 viaagp - ok
21:32:01.0110 1088 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:32:01.0112 1088 ViaC7 - ok
21:32:01.0152 1088 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
21:32:01.0153 1088 viaide - ok
21:32:01.0197 1088 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:32:01.0199 1088 volmgr - ok
21:32:01.0248 1088 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:32:01.0254 1088 volmgrx - ok
21:32:01.0402 1088 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:32:01.0407 1088 volsnap - ok
21:32:01.0461 1088 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:32:01.0464 1088 vsmraid - ok
21:32:01.0500 1088 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:32:01.0501 1088 WacomPen - ok
21:32:01.0568 1088 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:32:01.0570 1088 Wanarp - ok
21:32:01.0580 1088 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:32:01.0581 1088 Wanarpv6 - ok
21:32:01.0621 1088 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:32:01.0623 1088 Wd - ok
21:32:01.0781 1088 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:32:01.0790 1088 Wdf01000 - ok
21:32:01.0882 1088 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:32:01.0883 1088 WmiAcpi - ok
21:32:02.0045 1088 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:32:02.0047 1088 WpdUsb - ok
21:32:02.0098 1088 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:32:02.0099 1088 ws2ifsl - ok
21:32:02.0180 1088 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:32:02.0182 1088 WUDFRd - ok
21:32:02.0230 1088 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:32:02.0243 1088 \Device\Harddisk0\DR0 - ok
21:32:02.0258 1088 Boot (0x1200) (5011bf39b8f61eeab8dbf2e209efb8dc) \Device\Harddisk0\DR0\Partition0
21:32:02.0259 1088 \Device\Harddisk0\DR0\Partition0 - ok
21:32:02.0265 1088 Boot (0x1200) (c08a15dcd07efab5a97fa273aa1af28e) \Device\Harddisk0\DR0\Partition1
21:32:02.0266 1088 \Device\Harddisk0\DR0\Partition1 - ok
21:32:02.0268 1088 ============================================================
21:32:02.0269 1088 Scan finished
21:32:02.0269 1088 ============================================================
21:32:02.0280 1072 Detected object count: 1
21:32:02.0280 1072 Actual detected object count: 1
21:32:20.0118 1072 mfeavfk01 ( HiddenService.Multi.Generic ) - skipped by user
21:32:20.0118 1072 mfeavfk01 ( HiddenService.Multi.Generic ) - User select action: Skip

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 PM

Posted 30 October 2011 - 09:08 PM

ok try and run combofix again for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Z77450

Z77450
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 31 October 2011 - 01:00 AM

Gringo,
Nothing...same problem, blue screen in mormal mode.
where should I look for the Combofix log?
Again, while executing, shows some line about actions/changess cant be made because require administrator rights, it mention to use a command line or so.. but it kept working.

#8 Z77450

Z77450
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 31 October 2011 - 01:02 AM

Should I try to completely uninstall the McAfee? there is that program mfevtps.exe that I cant stop regardlee of what I try.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 PM

Posted 31 October 2011 - 02:52 AM

yes go ahead and try it then download combofix again to try and run it



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Z77450

Z77450
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 31 October 2011 - 10:32 PM

Gringo,
No luck. After unistalled, ran combofix. Reboot, and same blue screen. Where can I find the combofix log?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 PM

Posted 31 October 2011 - 11:27 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Z77450

Z77450
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 01 November 2011 - 08:18 AM

Gringo;

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-30 15:12:53
-----------------------------
15:12:53.655 OS Version: Windows 6.0.6002 Service Pack 2
15:12:53.655 Number of processors: 2 586 0xF0D
15:12:53.655 ComputerName: ALEX-PC UserName: Alex
15:12:54.310 Initialize success
15:13:13.155 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:13:13.155 Disk 0 Vendor: Hitachi_ SBDO Size: 114473MB BusType: 3
15:13:13.171 Disk 0 MBR read successfully
15:13:13.171 Disk 0 MBR scan
15:13:13.186 Disk 0 Windows VISTA default MBR code
15:13:13.186 Disk 0 scanning sectors +234438656
15:13:13.264 Disk 0 scanning C:\Windows\system32\drivers
15:13:22.780 Service scanning
15:13:23.794 Service mfeavfk01 C:\Windows\System32\Drivers\mfeavfk01.sys **HIDDEN**
15:13:24.153 Service TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe **HIDDEN**
15:13:24.699 Modules scanning
15:13:29.707 Disk 0 trace - called modules:
15:13:29.738 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
15:13:29.738 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a7b1f0]
15:13:29.738 3 CLASSPNP.SYS[83b9e8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85a1b030]
15:13:29.754 Scan finished successfully
15:13:45.728 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"
15:13:45.744 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 PM

Posted 01 November 2011 - 02:30 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Z77450

Z77450
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 01 November 2011 - 08:32 PM

Gringo,
I also noticed that every time I turn the laptop on, and try t go in standard mode, windows is trying to install 3 upgrades or so. Similar behavior to a typical upgrade of windows...

Ouput of OTL:


OTL logfile created on: 10/31/2011 12:14:30 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alex\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.57% Memory free
2.16 Gb Paging File | 1.86 Gb Available in Paging File | 86.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.22 Gb Total Space | 30.57 Gb Free Space | 30.81% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.04 Gb Free Space | 40.39% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Alex\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\Alex\AppData\Local\Google\Chrome\Application\12.0.742.112\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Alex\AppData\Local\Google\Chrome\Application\12.0.742.112\pdf.dll ()
MOD - C:\Users\Alex\AppData\Local\Google\Chrome\Application\12.0.742.112\avutil-50.dll ()
MOD - C:\Users\Alex\AppData\Local\Google\Chrome\Application\12.0.742.112\avformat-52.dll ()
MOD - C:\Users\Alex\AppData\Local\Google\Chrome\Application\12.0.742.112\avcodec-52.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MSK80Service) -- File not found
SRV - (mfevtp) -- File not found
SRV - (mfefire) -- File not found
SRV - (McShield) -- File not found
SRV - (McProxy) -- File not found
SRV - (McODS) -- File not found
SRV - (McNASvc) -- File not found
SRV - (McNaiAnn) -- File not found
SRV - (mcmscsvc) -- File not found
SRV - (McMPFSvc) -- File not found
SRV - (McComponentHostService) -- File not found
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577



IE - HKU\S-1-5-21-1913776158-442558091-3571781357-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.utexas.edu/
IE - HKU\S-1-5-21-1913776158-442558091-3571781357-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1913776158-442558091-3571781357-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1913776158-442558091-3571781357-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.utexas.edu/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: es-es@dictionaries.addons.mozilla.org:1.3.1
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Alex\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Alex\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Alex\AppData\Roaming\Move Networks [2010/01/20 21:40:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Users\Alex\Desktop\Mozilla Firefox\components [2011/05/16 19:48:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Users\Alex\Desktop\Mozilla Firefox\plugins [2011/05/01 12:01:55 | 000,000,000 | ---D | M]

[2010/01/20 21:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2011/05/15 20:36:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\epllav4m.default\extensions
[2011/03/14 23:47:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\epllav4m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/22 00:45:18 | 000,000,000 | ---D | M] (Diccionario de EspaƱol/EspaƱa) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\epllav4m.default\extensions\es-es@dictionaries.addons.mozilla.org
[2010/01/20 21:40:22 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\ALEX\APPDATA\ROAMING\MOVE NETWORKS

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\12.0.742.112\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\12.0.742.112\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\12.0.742.112\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\12.0.742.112\gears.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Alex\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Alex\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Alex\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Cuevana Stream = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\2.0.1_0\

O1 HOSTS File: ([2011/10/30 22:18:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110705212254.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1913776158-442558091-3571781357-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Cfg.exe] C:\Windows\OEM02Cfg.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Hjaxuyeganowetur] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\CTwsia0.dll",Startup File not found
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-18..\Run: [Hjaxuyeganowetur] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\CTwsia0.dll",Startup File not found
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-21-1913776158-442558091-3571781357-1000..\Run: [YZ5CZHZYVY5E9G3YP] C:\$Recycle$\$Recycle$.exe /q File not found
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [iP28601OgLgK28601] C:\ProgramData\iP28601OgLgK28601\iP28601OgLgK28601.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [iP28601OgLgK28601] C:\ProgramData\iP28601OgLgK28601\iP28601OgLgK28601.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1913776158-442558091-3571781357-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1913776158-442558091-3571781357-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1913776158-442558091-3571781357-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1913776158-442558091-3571781357-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1913776158-442558091-3571781357-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} http://asp.mathxl.com/books/_Players/EconPlayer.cab (Pearson MyEconLab Player Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAFCFDDF-F6C8-4388-A676-495CFC45B187}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/31 00:13:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011/10/30 21:45:00 | 004,279,921 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2011/10/30 21:29:22 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\tdsskiller.exe
[2011/10/30 18:24:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/30 18:24:29 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\temp
[2011/10/30 18:11:55 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/30 15:12:36 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe

========== Files - Modified Within 30 Days ==========

[2011/10/31 00:13:44 | 000,597,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/31 00:13:44 | 000,101,610 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/31 00:13:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011/10/31 00:09:27 | 000,371,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/31 00:09:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/31 00:08:24 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/10/30 22:18:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/30 21:29:18 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\tdsskiller.exe
[2011/10/30 18:58:27 | 000,027,648 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2011/10/30 18:11:38 | 004,279,921 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2011/10/30 16:44:40 | 000,274,528 | ---- | M] () -- C:\Users\Alex\Desktop\ark(txt).zip
[2011/10/30 16:03:54 | 000,146,472 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/30 15:24:30 | 000,057,856 | ---- | M] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/30 15:13:45 | 000,000,512 | ---- | M] () -- C:\Users\Alex\Desktop\MBR.dat
[2011/10/30 15:12:41 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe
[2011/10/30 13:45:05 | 000,000,017 | ---- | M] () -- C:\Users\Alex\Desktop\stinger10.2.0.199.opt
[2011/10/30 10:22:28 | 000,008,268 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2011/10/30 06:38:42 | 000,294,216 | ---- | M] () -- C:\Users\Alex\Desktop\gmer.zip

========== Files Created - No Company Name ==========

[2011/10/30 16:44:47 | 000,274,528 | ---- | C] () -- C:\Users\Alex\Desktop\ark(txt).zip
[2011/10/30 15:13:45 | 000,000,512 | ---- | C] () -- C:\Users\Alex\Desktop\MBR.dat
[2011/10/30 06:40:03 | 000,294,216 | ---- | C] () -- C:\Users\Alex\Desktop\gmer.zip
[2011/07/06 02:34:52 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/07/04 01:17:55 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/03/09 20:44:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/17 04:47:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/17 04:47:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/17 04:47:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/17 04:47:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/17 04:47:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/06/21 01:48:43 | 000,000,268 | ---- | C] () -- C:\Windows\dellstat.ini
[2009/12/08 06:52:40 | 000,008,268 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2009/09/24 09:16:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 09:16:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/24 09:15:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/23 04:08:45 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/23 04:08:45 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/26 02:30:47 | 000,146,472 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/11/26 02:30:47 | 000,146,472 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/09/16 22:28:03 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/05/19 21:15:58 | 000,000,000 | ---- | C] () -- C:\Windows\PCFriend.INI
[2007/12/08 09:36:46 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007/09/22 01:04:19 | 000,041,192 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\nvModes.001
[2007/09/22 01:04:18 | 000,041,192 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\nvModes.dat
[2007/08/28 02:02:30 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/08/26 22:58:22 | 000,057,856 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/16 16:31:47 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/08/16 16:31:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/08/16 08:49:53 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2007/08/16 08:38:34 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/10 14:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 20:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/03 23:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,371,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,597,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,101,610 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 05:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 05:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2001/11/14 18:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1998/10/11 06:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll

< End of report >

#15 Z77450

Z77450
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 01 November 2011 - 10:22 PM

Something else, The laptop is bad since last June.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users