Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Guard Alert - I am supposed to have a bot - PC #2


  • This topic is locked This topic is locked
10 replies to this topic

#1 sander66

sander66

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 22 February 2013 - 08:36 PM

The logs for PC2. I am supposed to have a bot according to Comcast.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:45 PM

Posted 23 February 2013 - 09:49 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 
Do not run the other tools on this computer as suggested in the other topic.
 
Please Download
 
>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue 
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
  •  
    Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe)  to your desktop. Double click the aswMBR.exe to run it 
     
  • Click the "Scan" button to start scan.  
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
  • There shall also be a file on your desktop named MBR.dat.  Right click that file and select Send To>Compressed (zipped) folder.  Please attach that zipped file in your next reply.
     
    ===
     
    Please post the logs for my review.


    #3 sander66

    sander66
    • Topic Starter

    • Members
    • 77 posts
    • OFFLINE
    •  
    • Local time:02:45 PM

    Posted 23 February 2013 - 11:20 AM

    TDSKiller found something.

     

    Here is its log:

    09:56:53.0156 5196  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    09:56:54.0703 5196  ============================================================
    09:56:54.0703 5196  Current date / time: 2013/02/23 09:56:54.0703
    09:56:54.0703 5196  SystemInfo:
    09:56:54.0703 5196 
    09:56:54.0703 5196  OS Version: 5.1.2600 ServicePack: 3.0
    09:56:54.0703 5196  Product type: Workstation
    09:56:54.0703 5196  ComputerName: RIGI
    09:56:54.0703 5196  UserName: chregeli
    09:56:54.0703 5196  Windows directory: C:\WINDOWS
    09:56:54.0703 5196  System windows directory: C:\WINDOWS
    09:56:54.0703 5196  Processor architecture: Intel x86
    09:56:54.0703 5196  Number of processors: 2
    09:56:54.0703 5196  Page size: 0x1000
    09:56:54.0703 5196  Boot type: Normal boot
    09:56:54.0703 5196  ============================================================
    09:56:55.0812 5196  Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    09:56:55.0812 5196  ============================================================
    09:56:55.0812 5196  \Device\Harddisk0\DR0:
    09:56:55.0812 5196  MBR partitions:
    09:56:55.0812 5196  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x12376650
    09:56:55.0812 5196  ============================================================
    09:56:55.0859 5196  C: <-> \Device\Harddisk0\DR0\Partition1
    09:56:55.0859 5196  ============================================================
    09:56:55.0859 5196  Initialize success
    09:56:55.0859 5196  ============================================================
    09:57:00.0734 4668  ============================================================
    09:57:00.0734 4668  Scan started
    09:57:00.0734 4668  Mode: Manual;
    09:57:00.0734 4668  ============================================================
    09:57:01.0812 4668  ================ Scan system memory ========================
    09:57:01.0812 4668  System memory - ok
    09:57:01.0812 4668  ================ Scan services =============================
    09:57:02.0046 4668  Abiosdsk - ok
    09:57:02.0062 4668  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    09:57:02.0062 4668  abp480n5 - ok
    09:57:02.0109 4668  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
    09:57:02.0109 4668  ACPI - ok
    09:57:02.0140 4668  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
    09:57:02.0140 4668  ACPIEC - ok
    09:57:02.0218 4668  [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    09:57:02.0218 4668  AdobeFlashPlayerUpdateSvc - ok
    09:57:02.0234 4668  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    09:57:02.0250 4668  adpu160m - ok
    09:57:02.0296 4668  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
    09:57:02.0312 4668  aec - ok
    09:57:02.0343 4668  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
    09:57:02.0343 4668  AFD - ok
    09:57:02.0375 4668  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
    09:57:02.0375 4668  agp440 - ok
    09:57:02.0390 4668  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    09:57:02.0406 4668  agpCPQ - ok
    09:57:02.0421 4668  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
    09:57:02.0421 4668  Aha154x - ok
    09:57:02.0437 4668  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    09:57:02.0437 4668  aic78u2 - ok
    09:57:02.0453 4668  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    09:57:02.0468 4668  aic78xx - ok
    09:57:02.0500 4668  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
    09:57:02.0500 4668  Alerter - ok
    09:57:02.0515 4668  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
    09:57:02.0515 4668  ALG - ok
    09:57:02.0546 4668  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
    09:57:02.0546 4668  AliIde - ok
    09:57:02.0546 4668  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
    09:57:02.0546 4668  alim1541 - ok
    09:57:02.0656 4668  [ FF6F0F6A2D72065AE4300426FA414693 ] Amazon Download Agent C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    09:57:02.0671 4668  Amazon Download Agent - ok
    09:57:02.0687 4668  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
    09:57:02.0687 4668  amdagp - ok
    09:57:02.0703 4668  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
    09:57:02.0703 4668  amsint - ok
    09:57:02.0765 4668  [ 68277BB887A67D992A81B01710AFF92A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    09:57:02.0765 4668  Apple Mobile Device - ok
    09:57:02.0812 4668  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
    09:57:02.0812 4668  AppMgmt - ok
    09:57:02.0859 4668  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
    09:57:02.0859 4668  Arp1394 - ok
    09:57:02.0906 4668  [ 875F9079CABEE679D34B49E466B61701 ] asapiW2k        C:\WINDOWS\system32\DRIVERS\asapiW2k.sys
    09:57:02.0906 4668  asapiW2k - ok
    09:57:02.0937 4668  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
    09:57:02.0937 4668  asc - ok
    09:57:02.0953 4668  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    09:57:02.0953 4668  asc3350p - ok
    09:57:02.0984 4668  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
    09:57:02.0984 4668  asc3550 - ok
    09:57:03.0078 4668  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    09:57:03.0078 4668  aspnet_state - ok
    09:57:03.0125 4668  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    09:57:03.0125 4668  AsyncMac - ok
    09:57:03.0156 4668  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
    09:57:03.0156 4668  atapi - ok
    09:57:03.0171 4668  Atdisk - ok
    09:57:03.0218 4668  [ 6A9420C302E3ABF99B58426FBA694C51 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
    09:57:03.0234 4668  Ati HotKey Poller - ok
    09:57:03.0281 4668  [ 5F90B5A3381F5795E852960FCCEBFF6A ] ATI Smart       C:\WINDOWS\system32\ati2sgag.exe
    09:57:03.0296 4668  ATI Smart - ok
    09:57:03.0593 4668  [ 011388DDC5B83EF4A0B2B829735C646F ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    09:57:03.0796 4668  ati2mtag - ok
    09:57:03.0859 4668  [ 41C8F0EDA10DA14378D304C20BA6E558 ] AtiHdmiService  C:\WINDOWS\system32\drivers\AtiHdmi.sys
    09:57:03.0859 4668  AtiHdmiService - ok
    09:57:03.0906 4668  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    09:57:03.0906 4668  Atmarpc - ok
    09:57:03.0953 4668  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
    09:57:03.0953 4668  AudioSrv - ok
    09:57:03.0968 4668  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
    09:57:03.0968 4668  audstub - ok
    09:57:04.0000 4668  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
    09:57:04.0000 4668  Beep - ok
    09:57:04.0265 4668  [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx86.sys
    09:57:04.0312 4668  BHDrvx86 - ok
    09:57:04.0390 4668  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
    09:57:04.0390 4668  BITS - ok
    09:57:04.0453 4668  [ CFD4C3352E29A8B729536648466E8DF5 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    09:57:04.0453 4668  Bonjour Service - ok
    09:57:04.0484 4668  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
    09:57:04.0484 4668  Browser - ok
    09:57:04.0484 4668  catchme - ok
    09:57:04.0515 4668  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    09:57:04.0515 4668  cbidf - ok
    09:57:04.0531 4668  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
    09:57:04.0531 4668  cbidf2k - ok
    09:57:04.0609 4668  [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_N360      C:\WINDOWS\system32\drivers\N360\1402000.013\ccSetx86.sys
    09:57:04.0609 4668  ccSet_N360 - ok
    09:57:04.0640 4668  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    09:57:04.0656 4668  cd20xrnt - ok
    09:57:04.0671 4668  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
    09:57:04.0671 4668  Cdaudio - ok
    09:57:04.0703 4668  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
    09:57:04.0718 4668  Cdfs - ok
    09:57:04.0750 4668  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
    09:57:04.0750 4668  Cdrom - ok
    09:57:04.0765 4668  Changer - ok
    09:57:04.0796 4668  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
    09:57:04.0796 4668  CiSvc - ok
    09:57:04.0843 4668  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
    09:57:04.0843 4668  ClipSrv - ok
    09:57:04.0875 4668  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    09:57:04.0875 4668  clr_optimization_v2.0.50727_32 - ok
    09:57:04.0906 4668  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
    09:57:04.0906 4668  CmdIde - ok
    09:57:04.0921 4668  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
    09:57:04.0921 4668  Compbatt - ok
    09:57:04.0921 4668  COMSysApp - ok
    09:57:04.0937 4668  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    09:57:04.0937 4668  Cpqarray - ok
    09:57:04.0937 4668  cpudrv - ok
    09:57:04.0968 4668  [ 7DB5E3F44D797BD38B8E336CCC2E49D5 ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    09:57:04.0968 4668  Creative Labs Licensing Service - ok
    09:57:05.0015 4668  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
    09:57:05.0015 4668  CryptSvc - ok
    09:57:05.0046 4668  [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k         C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
    09:57:05.0062 4668  ctsfm2k - ok
    09:57:05.0078 4668  [ 4EE8822ADB764EDD28CE44E808097995 ] CTUSFSYN        C:\WINDOWS\system32\drivers\ctusfsyn.sys
    09:57:05.0078 4668  CTUSFSYN - ok
    09:57:05.0109 4668  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    09:57:05.0109 4668  dac2w2k - ok
    09:57:05.0125 4668  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    09:57:05.0125 4668  dac960nt - ok
    09:57:05.0171 4668  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
    09:57:05.0171 4668  DcomLaunch - ok
    09:57:05.0250 4668  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
    09:57:05.0250 4668  Dhcp - ok
    09:57:05.0281 4668  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
    09:57:05.0281 4668  Disk - ok
    09:57:05.0296 4668  dmadmin - ok
    09:57:05.0359 4668  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
    09:57:05.0375 4668  dmboot - ok
    09:57:05.0406 4668  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
    09:57:05.0406 4668  dmio - ok
    09:57:05.0406 4668  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
    09:57:05.0421 4668  dmload - ok
    09:57:05.0453 4668  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
    09:57:05.0453 4668  dmserver - ok
    09:57:05.0468 4668  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
    09:57:05.0468 4668  DMusic - ok
    09:57:05.0531 4668  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
    09:57:05.0531 4668  Dnscache - ok
    09:57:05.0578 4668  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
    09:57:05.0578 4668  Dot3svc - ok
    09:57:05.0593 4668  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    09:57:05.0593 4668  dpti2o - ok
    09:57:05.0609 4668  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
    09:57:05.0609 4668  drmkaud - ok
    09:57:05.0656 4668  [ 12ACA694B50EA53563C1E7C99E7BB27D ] dtscsi          C:\WINDOWS\System32\Drivers\dtscsi.sys
    09:57:05.0671 4668  dtscsi - ok
    09:57:05.0734 4668  [ C42009E37E377AE55968768E521E05C3 ] E1000           C:\WINDOWS\system32\DRIVERS\e1000325.sys
    09:57:05.0734 4668  E1000 - ok
    09:57:05.0765 4668  [ D57A8FC800B501AC05B10D00F66D127A ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
    09:57:05.0765 4668  E100B - ok
    09:57:05.0812 4668  [ C725C56FFB5696D30B6B4350C34844E8 ] e1qexpress      C:\WINDOWS\system32\DRIVERS\e1q5132.sys
    09:57:05.0812 4668  e1qexpress - ok
    09:57:05.0859 4668  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
    09:57:05.0859 4668  EapHost - ok
    09:57:05.0937 4668  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    09:57:05.0937 4668  eeCtrl - ok
    09:57:05.0968 4668  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    09:57:05.0984 4668  EraserUtilRebootDrv - ok
    09:57:06.0015 4668  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
    09:57:06.0031 4668  ERSvc - ok
    09:57:06.0062 4668  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
    09:57:06.0062 4668  Eventlog - ok
    09:57:06.0109 4668  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
    09:57:06.0109 4668  EventSystem - ok
    09:57:06.0140 4668  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
    09:57:06.0156 4668  Fastfat - ok
    09:57:06.0187 4668  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    09:57:06.0203 4668  FastUserSwitchingCompatibility - ok
    09:57:06.0218 4668  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
    09:57:06.0218 4668  Fdc - ok
    09:57:06.0250 4668  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
    09:57:06.0250 4668  Fips - ok
    09:57:06.0281 4668  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    09:57:06.0281 4668  Flpydisk - ok
    09:57:06.0328 4668  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
    09:57:06.0328 4668  FltMgr - ok
    09:57:06.0406 4668  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    09:57:06.0406 4668  FontCache3.0.0.0 - ok
    09:57:06.0421 4668  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
    09:57:06.0421 4668  Fs_Rec - ok
    09:57:06.0437 4668  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    09:57:06.0437 4668  Ftdisk - ok
    09:57:06.0468 4668  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    09:57:06.0468 4668  GEARAspiWDM - ok
    09:57:06.0484 4668  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
    09:57:06.0484 4668  Gpc - ok
    09:57:06.0593 4668  [ 626A24ED1228580B9518C01930936DF9 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
    09:57:06.0593 4668  gupdate - ok
    09:57:06.0609 4668  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
    09:57:06.0609 4668  gupdatem - ok
    09:57:06.0656 4668  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    09:57:06.0656 4668  gusvc - ok
    09:57:06.0703 4668  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    09:57:06.0703 4668  HDAudBus - ok
    09:57:06.0781 4668  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    09:57:06.0781 4668  helpsvc - ok
    09:57:06.0796 4668  [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt         C:\WINDOWS\system32\DRIVERS\HidBatt.sys
    09:57:06.0796 4668  HidBatt - ok
    09:57:06.0843 4668  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
    09:57:06.0843 4668  HidServ - ok
    09:57:06.0859 4668  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
    09:57:06.0859 4668  HidUsb - ok
    09:57:06.0906 4668  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
    09:57:06.0906 4668  hkmsvc - ok
    09:57:06.0937 4668  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
    09:57:06.0937 4668  hpn - ok
    09:57:06.0984 4668  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
    09:57:06.0984 4668  HTTP - ok
    09:57:07.0015 4668  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
    09:57:07.0015 4668  HTTPFilter - ok
    09:57:07.0062 4668  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
    09:57:07.0062 4668  i2omgmt - ok
    09:57:07.0093 4668  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
    09:57:07.0093 4668  i2omp - ok
    09:57:07.0109 4668  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    09:57:07.0109 4668  i8042prt - ok
    09:57:07.0187 4668  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    09:57:07.0187 4668  IDriverT - ok
    09:57:07.0281 4668  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    09:57:07.0312 4668  idsvc - ok
    09:57:07.0437 4668  [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130222.001\IDSxpx86.sys
    09:57:07.0437 4668  IDSxpx86 - ok
    09:57:07.0468 4668  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
    09:57:07.0468 4668  Imapi - ok
    09:57:07.0546 4668  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
    09:57:07.0562 4668  ImapiService - ok
    09:57:07.0718 4668  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
    09:57:07.0718 4668  ini910u - ok
    09:57:07.0765 4668  [ B955D52C067AC17B01B42FBA3B29B96E ] Intel® PROSet Monitoring Service C:\WINDOWS\system32\IProsetMonitor.exe
    09:57:07.0765 4668  Intel® PROSet Monitoring Service - ok
    09:57:07.0812 4668  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
    09:57:07.0812 4668  IntelIde - ok
    09:57:07.0859 4668  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
    09:57:07.0859 4668  intelppm - ok
    09:57:07.0921 4668  [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    09:57:07.0921 4668  IntuitUpdateService - ok
    09:57:07.0953 4668  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
    09:57:07.0968 4668  Ip6Fw - ok
    09:57:07.0984 4668  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    09:57:07.0984 4668  IpFilterDriver - ok
    09:57:08.0000 4668  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
    09:57:08.0000 4668  IpInIp - ok
    09:57:08.0031 4668  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
    09:57:08.0031 4668  IpNat - ok
    09:57:08.0078 4668  [ B510D6665EA4562797187F18094A040E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
    09:57:08.0093 4668  iPod Service - ok
    09:57:08.0140 4668  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
    09:57:08.0140 4668  IPSec - ok
    09:57:08.0171 4668  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
    09:57:08.0171 4668  IRENUM - ok
    09:57:08.0203 4668  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
    09:57:08.0203 4668  isapnp - ok
    09:57:08.0328 4668  [ 1758AF653723679E3746FC7DDD93C69B ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    09:57:08.0328 4668  JavaQuickStarterService - ok
    09:57:08.0343 4668  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    09:57:08.0343 4668  Kbdclass - ok
    09:57:08.0359 4668  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    09:57:08.0359 4668  kbdhid - ok
    09:57:08.0375 4668  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
    09:57:08.0375 4668  kmixer - ok
    09:57:08.0406 4668  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
    09:57:08.0406 4668  KSecDD - ok
    09:57:08.0453 4668  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
    09:57:08.0453 4668  lanmanserver - ok
    09:57:08.0484 4668  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    09:57:08.0500 4668  lanmanworkstation - ok
    09:57:08.0500 4668  lbrtfdc - ok
    09:57:08.0531 4668  [ FB5E7A5C86C0B58AA155487B141B8457 ] LCcfltr         C:\WINDOWS\system32\Drivers\LCcFltr.Sys
    09:57:08.0531 4668  LCcfltr - ok
    09:57:08.0578 4668  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
    09:57:08.0578 4668  LmHosts - ok
    09:57:08.0656 4668  mbr - ok
    09:57:08.0703 4668  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
    09:57:08.0703 4668  Messenger - ok
    09:57:08.0750 4668  [ BAFDD5E28BAEA99D7F4772AF2F5EC7EE ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
    09:57:08.0750 4668  mfeavfk - ok
    09:57:08.0781 4668  [ 1D003E3056A43D881597D6763E83B943 ] mfebopk         C:\WINDOWS\system32\drivers\mfebopk.sys
    09:57:08.0781 4668  mfebopk - ok
    09:57:08.0828 4668  [ 3F138A1C8A0659F329F242D1E389B2CF ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
    09:57:08.0828 4668  mfehidk - ok
    09:57:08.0859 4668  [ 41FE2F288E05A6C8AB85DD56770FFBAD ] mferkdk         C:\WINDOWS\system32\drivers\mferkdk.sys
    09:57:08.0859 4668  mferkdk - ok
    09:57:08.0890 4668  [ 096B52EA918AA909BA5903D79E129005 ] mfesmfk         C:\WINDOWS\system32\drivers\mfesmfk.sys
    09:57:08.0906 4668  mfesmfk - ok
    09:57:08.0921 4668  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
    09:57:08.0921 4668  mnmdd - ok
    09:57:08.0953 4668  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
    09:57:08.0953 4668  mnmsrvc - ok
    09:57:09.0000 4668  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
    09:57:09.0000 4668  Modem - ok
    09:57:09.0031 4668  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
    09:57:09.0031 4668  Mouclass - ok
    09:57:09.0078 4668  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
    09:57:09.0078 4668  mouhid - ok
    09:57:09.0093 4668  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
    09:57:09.0093 4668  MountMgr - ok
    09:57:09.0109 4668  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    09:57:09.0109 4668  mraid35x - ok
    09:57:09.0125 4668  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    09:57:09.0125 4668  MRxDAV - ok
    09:57:09.0171 4668  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    09:57:09.0187 4668  MRxSmb - ok
    09:57:09.0234 4668  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
    09:57:09.0234 4668  MSDTC - ok
    09:57:09.0265 4668  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
    09:57:09.0265 4668  Msfs - ok
    09:57:09.0265 4668  MSIServer - ok
    09:57:09.0296 4668  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
    09:57:09.0296 4668  MSKSSRV - ok
    09:57:09.0312 4668  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    09:57:09.0312 4668  MSPCLOCK - ok
    09:57:09.0328 4668  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
    09:57:09.0328 4668  MSPQM - ok
    09:57:09.0359 4668  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    09:57:09.0359 4668  mssmbios - ok
    09:57:09.0375 4668  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
    09:57:09.0375 4668  Mup - ok
    09:57:09.0453 4668  [ 4A9258B9597A31DB68EC9740F3A8A70B ] N360            C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
    09:57:09.0468 4668  N360 - ok
    09:57:09.0500 4668  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
    09:57:09.0500 4668  napagent - ok
    09:57:09.0671 4668  [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG          C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130221.033\NAVENG.SYS
    09:57:09.0671 4668  NAVENG - ok
    09:57:09.0750 4668  [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15         C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130221.033\NAVEX15.SYS
    09:57:09.0812 4668  NAVEX15 - ok
    09:57:09.0859 4668  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
    09:57:09.0859 4668  NDIS - ok
    09:57:09.0890 4668  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    09:57:09.0890 4668  NdisTapi - ok
    09:57:09.0937 4668  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    09:57:09.0937 4668  Ndisuio - ok
    09:57:09.0937 4668  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    09:57:09.0937 4668  NdisWan - ok
    09:57:09.0984 4668  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
    09:57:09.0984 4668  NDProxy - ok
    09:57:10.0015 4668  [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    09:57:10.0015 4668  Net Driver HPZ12 - ok
    09:57:10.0062 4668  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
    09:57:10.0062 4668  NetBIOS - ok
    09:57:10.0078 4668  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
    09:57:10.0078 4668  NetBT - ok
    09:57:10.0109 4668  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
    09:57:10.0125 4668  NetDDE - ok
    09:57:10.0125 4668  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
    09:57:10.0125 4668  NetDDEdsdm - ok
    09:57:10.0156 4668  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
    09:57:10.0156 4668  Netlogon - ok
    09:57:10.0187 4668  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
    09:57:10.0187 4668  Netman - ok
    09:57:10.0250 4668  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    09:57:10.0250 4668  NetTcpPortSharing - ok
    09:57:10.0296 4668  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
    09:57:10.0296 4668  NIC1394 - ok
    09:57:10.0343 4668  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
    09:57:10.0343 4668  Nla - ok
    09:57:10.0343 4668  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
    09:57:10.0343 4668  Npfs - ok
    09:57:10.0375 4668  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
    09:57:10.0375 4668  Ntfs - ok
    09:57:10.0390 4668  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
    09:57:10.0390 4668  NtLmSsp - ok
    09:57:10.0406 4668  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
    09:57:10.0421 4668  NtmsSvc - ok
    09:57:10.0468 4668  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
    09:57:10.0468 4668  Null - ok
    09:57:10.0531 4668  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    09:57:10.0625 4668  nv - ok
    09:57:10.0656 4668  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    09:57:10.0656 4668  NwlnkFlt - ok
    09:57:10.0671 4668  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    09:57:10.0671 4668  NwlnkFwd - ok
    09:57:10.0671 4668  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    09:57:10.0671 4668  ohci1394 - ok
    09:57:10.0734 4668  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    09:57:10.0734 4668  ose - ok
    09:57:10.0750 4668  [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv           C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
    09:57:10.0750 4668  ossrv - ok
    09:57:10.0796 4668  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
    09:57:10.0796 4668  Parport - ok
    09:57:10.0828 4668  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
    09:57:10.0828 4668  PartMgr - ok
    09:57:10.0859 4668  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
    09:57:10.0875 4668  ParVdm - ok
    09:57:10.0890 4668  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
    09:57:10.0890 4668  PCI - ok
    09:57:10.0890 4668  PCIDump - ok
    09:57:10.0890 4668  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
    09:57:10.0890 4668  PCIIde - ok
    09:57:10.0937 4668  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
    09:57:10.0937 4668  Pcmcia - ok
    09:57:10.0937 4668  PDCOMP - ok
    09:57:10.0937 4668  PDFRAME - ok
    09:57:10.0953 4668  PDRELI - ok
    09:57:10.0953 4668  PDRFRAME - ok
    09:57:10.0968 4668  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
    09:57:10.0968 4668  perc2 - ok
    09:57:10.0968 4668  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    09:57:10.0968 4668  perc2hib - ok
    09:57:11.0015 4668  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
    09:57:11.0015 4668  PlugPlay - ok
    09:57:11.0062 4668  [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    09:57:11.0062 4668  Pml Driver HPZ12 - ok
    09:57:11.0062 4668  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
    09:57:11.0062 4668  PolicyAgent - ok
    09:57:11.0078 4668  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
    09:57:11.0078 4668  PptpMiniport - ok
    09:57:11.0078 4668  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    09:57:11.0093 4668  ProtectedStorage - ok
    09:57:11.0093 4668  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
    09:57:11.0093 4668  PSched - ok
    09:57:11.0093 4668  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
    09:57:11.0093 4668  Ptilink - ok
    09:57:11.0125 4668  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
    09:57:11.0125 4668  ql1080 - ok
    09:57:11.0140 4668  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    09:57:11.0140 4668  Ql10wnt - ok
    09:57:11.0156 4668  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
    09:57:11.0156 4668  ql12160 - ok
    09:57:11.0171 4668  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
    09:57:11.0171 4668  ql1240 - ok
    09:57:11.0187 4668  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
    09:57:11.0187 4668  ql1280 - ok
    09:57:11.0218 4668  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
    09:57:11.0218 4668  RasAcd - ok
    09:57:11.0265 4668  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
    09:57:11.0296 4668  RasAuto - ok
    09:57:11.0343 4668  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    09:57:11.0375 4668  Rasl2tp - ok
    09:57:11.0421 4668  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
    09:57:11.0421 4668  RasMan - ok
    09:57:11.0437 4668  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    09:57:11.0453 4668  RasPppoe - ok
    09:57:11.0453 4668  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
    09:57:11.0453 4668  Raspti - ok
    09:57:11.0484 4668  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
    09:57:11.0484 4668  Rdbss - ok
    09:57:11.0500 4668  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    09:57:11.0500 4668  RDPCDD - ok
    09:57:11.0531 4668  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    09:57:11.0531 4668  rdpdr - ok
    09:57:11.0578 4668  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
    09:57:11.0578 4668  RDPWD - ok
    09:57:11.0656 4668  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
    09:57:11.0656 4668  RDSessMgr - ok
    09:57:11.0687 4668  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
    09:57:11.0687 4668  redbook - ok
    09:57:11.0718 4668  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
    09:57:11.0718 4668  RemoteAccess - ok
    09:57:11.0750 4668  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
    09:57:11.0765 4668  RemoteRegistry - ok
    09:57:11.0796 4668  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
    09:57:11.0796 4668  RpcLocator - ok
    09:57:11.0843 4668  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
    09:57:11.0843 4668  RpcSs - ok
    09:57:11.0906 4668  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
    09:57:11.0906 4668  RSVP - ok
    09:57:11.0937 4668  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
    09:57:11.0937 4668  SamSs - ok
    09:57:11.0968 4668  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
    09:57:11.0968 4668  SCardSvr - ok
    09:57:12.0000 4668  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
    09:57:12.0000 4668  Schedule - ok
    09:57:12.0062 4668  [ 8EDD7B9E4A4B4C16E2DAB9188CAA861B ] SDDMI2          C:\WINDOWS\system32\DDMI2.sys
    09:57:12.0062 4668  SDDMI2 - ok
    09:57:12.0093 4668  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
    09:57:12.0109 4668  Secdrv - ok
    09:57:12.0125 4668  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
    09:57:12.0125 4668  seclogon - ok
    09:57:12.0140 4668  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
    09:57:12.0156 4668  SENS - ok
    09:57:12.0171 4668  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
    09:57:12.0171 4668  serenum - ok
    09:57:12.0203 4668  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
    09:57:12.0203 4668  Serial - ok
    09:57:12.0234 4668  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
    09:57:12.0296 4668  Sfloppy - ok
    09:57:12.0375 4668  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
    09:57:12.0375 4668  SharedAccess - ok
    09:57:12.0406 4668  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    09:57:12.0406 4668  ShellHWDetection - ok
    09:57:12.0437 4668  [ A812952A87F629D29393574D05C2C6EC ] SI3114          C:\WINDOWS\system32\DRIVERS\SI3114.sys
    09:57:12.0437 4668  SI3114 - ok
    09:57:12.0453 4668  [ D8D12A5ACF76BBC9A3CF56A85B7F442F ] SI3114r         C:\WINDOWS\system32\DRIVERS\SI3114R.sys
    09:57:12.0453 4668  SI3114r - ok
    09:57:12.0453 4668  [ 09889D435EDC82435B18C7C311FE5721 ] Si3114r5        C:\WINDOWS\system32\DRIVERS\Si3114r5.sys
    09:57:12.0468 4668  Si3114r5 - ok
    09:57:12.0468 4668  [ 46B92189FE4DB53A09E3A0099AA3084C ] SiFilter        C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
    09:57:12.0468 4668  SiFilter - ok
    09:57:12.0546 4668  [ 6BD3976B881888AC9A0ED3EB94E7FD38 ] sigfilt         C:\WINDOWS\system32\drivers\sigfilt.sys
    09:57:12.0625 4668  sigfilt - ok
    09:57:12.0625 4668  Simbad - ok
    09:57:12.0656 4668  [ B688378D258D1ECCE4768CDB55D48D92 ] SiRemFil        C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
    09:57:12.0656 4668  SiRemFil - ok
    09:57:12.0703 4668  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
    09:57:12.0703 4668  sisagp - ok
    09:57:12.0703 4668  SMPLSCSI - ok
    09:57:12.0734 4668  [ 64658D452038C0110D854F1CB0807F73 ] SNXPCARD        C:\WINDOWS\system32\DRIVERS\snxpcard.sys
    09:57:12.0750 4668  SNXPCARD - ok
    09:57:12.0781 4668  [ 18A90049571156C3C59AD9A8A3C6EF5B ] SNXPPALX        C:\WINDOWS\system32\DRIVERS\snxppalx.sys
    09:57:12.0781 4668  SNXPPALX - ok
    09:57:12.0828 4668  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
    09:57:12.0828 4668  Sparrow - ok
    09:57:12.0859 4668  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
    09:57:12.0859 4668  splitter - ok
    09:57:12.0906 4668  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
    09:57:12.0906 4668  Spooler - ok
    09:57:12.0906 4668  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
    09:57:12.0906 4668  sr - ok
    09:57:12.0953 4668  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
    09:57:12.0953 4668  srservice - ok
    09:57:13.0062 4668  [ 26C1B59C80FEF94B025DF5C3C1B791A7 ] SRTSP           C:\WINDOWS\System32\Drivers\N360\1402000.013\SRTSP.SYS
    09:57:13.0062 4668  SRTSP - ok
    09:57:13.0109 4668  [ 21AC3AE81E8263061624C4ED3B11509A ] SRTSPX          C:\WINDOWS\system32\drivers\N360\1402000.013\SRTSPX.SYS
    09:57:13.0109 4668  SRTSPX - ok
    09:57:13.0140 4668  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
    09:57:13.0156 4668  Srv - ok
    09:57:13.0203 4668  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
    09:57:13.0203 4668  SSDPSRV - ok
    09:57:13.0250 4668  [ B95480C92C4C9C311BE47B8A1AD73770 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
    09:57:13.0281 4668  STHDA - ok
    09:57:13.0328 4668  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
    09:57:13.0343 4668  stisvc - ok
    09:57:13.0390 4668  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
    09:57:13.0390 4668  swenum - ok
    09:57:13.0406 4668  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
    09:57:13.0421 4668  swmidi - ok
    09:57:13.0421 4668  SwPrv - ok
    09:57:13.0453 4668  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
    09:57:13.0453 4668  symc810 - ok
    09:57:13.0468 4668  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    09:57:13.0468 4668  symc8xx - ok
    09:57:13.0500 4668  [ FB69A67FEEE3026C7F99774A1C405326 ] SymDS           C:\WINDOWS\system32\drivers\N360\1402000.013\SYMDS.SYS
    09:57:13.0500 4668  SymDS - ok
    09:57:13.0562 4668  [ 28C5FAFA7FD1C522B8DCD59694D39412 ] SymEFA          C:\WINDOWS\system32\drivers\N360\1402000.013\SYMEFA.SYS
    09:57:13.0640 4668  SymEFA - ok
    09:57:13.0703 4668  [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    09:57:13.0703 4668  SymEvent - ok
    09:57:13.0703 4668  SYMFW - ok
    09:57:13.0718 4668  SYMIDS - ok
    09:57:13.0765 4668  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\WINDOWS\system32\drivers\N360\1402000.013\Ironx86.SYS
    09:57:13.0765 4668  SymIRON - ok
    09:57:13.0781 4668  SYMNDIS - ok
    09:57:13.0843 4668  [ EC979002EBA25C9D109B2FE0E03457DA ] SYMTDI          C:\WINDOWS\System32\Drivers\N360\1402000.013\SYMTDI.SYS
    09:57:13.0843 4668  SYMTDI - ok
    09:57:13.0875 4668  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    09:57:13.0875 4668  sym_hi - ok
    09:57:13.0875 4668  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    09:57:13.0875 4668  sym_u3 - ok
    09:57:13.0906 4668  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
    09:57:13.0906 4668  sysaudio - ok
    09:57:13.0937 4668  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
    09:57:13.0937 4668  SysmonLog - ok
    09:57:13.0968 4668  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
    09:57:13.0984 4668  TapiSrv - ok
    09:57:14.0031 4668  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
    09:57:14.0046 4668  Tcpip - ok
    09:57:14.0078 4668  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
    09:57:14.0078 4668  TDPIPE - ok
    09:57:14.0093 4668  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
    09:57:14.0093 4668  TDTCP - ok
    09:57:14.0109 4668  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
    09:57:14.0109 4668  TermDD - ok
    09:57:14.0140 4668  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
    09:57:14.0140 4668  TermService - ok
    09:57:14.0156 4668  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
    09:57:14.0156 4668  Themes - ok
    09:57:14.0187 4668  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
    09:57:14.0187 4668  TlntSvr - ok
    09:57:14.0234 4668  [ DF8444A8FA8FD38D8848BDD40A8403B3 ] tmcomm          C:\WINDOWS\system32\drivers\tmcomm.sys
    09:57:14.0281 4668  tmcomm - ok
    09:57:14.0312 4668  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
    09:57:14.0312 4668  TosIde - ok
    09:57:14.0343 4668  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
    09:57:14.0343 4668  TrkWks - ok
    09:57:14.0375 4668  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
    09:57:14.0375 4668  Udfs - ok
    09:57:14.0390 4668  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
    09:57:14.0390 4668  ultra - ok
    09:57:14.0437 4668  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
    09:57:14.0437 4668  Update - ok
    09:57:14.0500 4668  [ 3F9A3232E5F942874488981F3242C989 ] UPHClean        C:\Program Files\UPHClean\uphclean.exe
    09:57:14.0500 4668  UPHClean - ok
    09:57:14.0562 4668  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
    09:57:14.0562 4668  upnphost - ok
    09:57:14.0578 4668  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
    09:57:14.0578 4668  UPS - ok
    09:57:14.0578 4668  UPSentry_Smart - ok
    09:57:14.0609 4668  [ DF38374E12E73C25B37B6F8A9B8622EF ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
    09:57:14.0609 4668  USBAAPL - ok
    09:57:14.0671 4668  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
    09:57:14.0671 4668  usbaudio - ok
    09:57:14.0781 4668  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    09:57:14.0781 4668  usbccgp - ok
    09:57:14.0796 4668  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
    09:57:14.0796 4668  usbehci - ok
    09:57:14.0812 4668  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
    09:57:14.0812 4668  usbhub - ok
    09:57:14.0843 4668  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
    09:57:14.0843 4668  usbprint - ok
    09:57:14.0859 4668  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
    09:57:14.0859 4668  usbscan - ok
    09:57:14.0875 4668  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    09:57:14.0875 4668  USBSTOR - ok
    09:57:14.0890 4668  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    09:57:14.0890 4668  usbuhci - ok
    09:57:14.0906 4668  [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx      C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    09:57:14.0906 4668  usb_rndisx - ok
    09:57:14.0921 4668  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
    09:57:14.0921 4668  VgaSave - ok
    09:57:14.0953 4668  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
    09:57:14.0953 4668  viaagp - ok
    09:57:14.0984 4668  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
    09:57:14.0984 4668  ViaIde - ok
    09:57:14.0984 4668  VICAMUSB - ok
    09:57:15.0015 4668  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
    09:57:15.0015 4668  VolSnap - ok
    09:57:15.0062 4668  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
    09:57:15.0062 4668  VSS - ok
    09:57:15.0093 4668  [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time         C:\WINDOWS\system32\w32time.dll
    09:57:15.0109 4668  w32time - ok
    09:57:15.0125 4668  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
    09:57:15.0125 4668  Wanarp - ok
    09:57:15.0140 4668  wanatw - ok
    09:57:15.0281 4668  [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh        C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    09:57:15.0281 4668  wceusbsh - ok
    09:57:15.0296 4668  WDICA - ok
    09:57:15.0328 4668  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
    09:57:15.0328 4668  wdmaud - ok
    09:57:15.0375 4668  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
    09:57:15.0375 4668  WebClient - ok
    09:57:15.0437 4668  [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend       C:\Program Files\Windows Defender\MsMpEng.exe
    09:57:15.0437 4668  WinDefend - ok
    09:57:15.0484 4668  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
    09:57:15.0484 4668  winmgmt - ok
    09:57:15.0609 4668  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    09:57:15.0718 4668  wlidsvc - ok
    09:57:15.0781 4668  [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc      C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    09:57:15.0796 4668  WLSetupSvc - ok
    09:57:15.0828 4668  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
    09:57:15.0828 4668  WmdmPmSN - ok
    09:57:15.0875 4668  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
    09:57:15.0890 4668  Wmi - ok
    09:57:15.0921 4668  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
    09:57:15.0921 4668  WmiApSrv - ok
    09:57:16.0000 4668  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
    09:57:16.0093 4668  WMPNetworkSvc - ok
    09:57:16.0125 4668  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
    09:57:16.0125 4668  wscsvc - ok
    09:57:16.0140 4668  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
    09:57:16.0140 4668  wuauserv - ok
    09:57:16.0171 4668  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    09:57:16.0171 4668  WudfPf - ok
    09:57:16.0218 4668  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    09:57:16.0218 4668  WudfRd - ok
    09:57:16.0265 4668  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
    09:57:16.0265 4668  WudfSvc - ok
    09:57:16.0343 4668  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
    09:57:16.0359 4668  WZCSVC - ok
    09:57:16.0390 4668  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
    09:57:16.0390 4668  xmlprov - ok
    09:57:16.0406 4668  ================ Scan global ===============================
    09:57:16.0437 4668  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    09:57:16.0484 4668  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    09:57:16.0500 4668  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    09:57:16.0531 4668  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    09:57:16.0531 4668  [Global] - ok
    09:57:16.0531 4668  ================ Scan MBR ==================================
    09:57:16.0562 4668  [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
    09:57:16.0562 4668  Suspicious mbr (Forged): \Device\Harddisk0\DR0
    09:57:16.0578 4668  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    09:57:16.0578 4668  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    09:57:16.0578 4668  ================ Scan VBR ==================================
    09:57:16.0609 4668  [ B6F473A5F2AF944133F38646A849D37D ] \Device\Harddisk0\DR0\Partition1
    09:57:16.0625 4668  \Device\Harddisk0\DR0\Partition1 - ok
    09:57:16.0625 4668  ============================================================
    09:57:16.0625 4668  Scan finished
    09:57:16.0625 4668  ============================================================
    09:57:16.0625 2760  Detected object count: 1
    09:57:16.0625 2760  Actual detected object count: 1
    09:57:41.0921 2760  \Device\Harddisk0\DR0\# - copied to quarantine
    09:57:41.0921 2760  \Device\Harddisk0\DR0 - copied to quarantine
    09:57:41.0968 2760  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    09:57:41.0984 2760  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    09:57:41.0984 2760  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    09:57:42.0000 2760  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    09:57:42.0015 2760  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    09:57:42.0140 2760  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    09:57:42.0140 2760  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    09:57:42.0171 2760  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    09:57:42.0171 2760  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    09:57:42.0171 2760  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    09:57:42.0187 2760  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    09:57:42.0187 2760  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    09:57:42.0187 2760  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    09:57:42.0218 2760  \Device\Harddisk0\DR0 - ok
    09:57:42.0234 2760  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    09:58:07.0515 4600  Deinitialize success
     

     

    ASWMBR

     

    aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
    Run date: 2013-02-23 10:13:14
    -----------------------------
    10:13:14.875    OS Version: Windows 5.1.2600 Service Pack 3
    10:13:14.875    Number of processors: 2 586 0x604
    10:13:14.890    ComputerName: RIGI  UserName:
    10:13:16.187    Initialize success
    10:13:44.453    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
    10:13:44.453    Disk 0 Vendor: ST3160812AS 3.ADH Size: 152587MB BusType: 3
    10:13:44.484    Disk 0 MBR read successfully
    10:13:44.484    Disk 0 MBR scan
    10:13:44.484    Disk 0 unknown MBR code
    10:13:44.484    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       54 MB offset 63
    10:13:44.500    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       149228 MB offset 112455
    10:13:44.531    Disk 0 Partition 3 00     DB  CP/M / CTOS Dell 8.0     3302 MB offset 305733015
    10:13:44.531    Disk 0 scanning sectors +312496380
    10:13:44.546    Disk 0 PE file @ sector 312496380 !
    10:13:44.593    Disk 0 scanning C:\WINDOWS\system32\drivers
    10:13:52.968    Service scanning
    10:14:08.609    Modules scanning
    10:14:18.609    Disk 0 trace - called modules:
    10:14:18.640    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    10:14:18.640    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b306ab8]
    10:14:18.640    3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8b2fbb00]
    10:14:18.656    Scan finished successfully
    10:15:05.046    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\chregeli\Desktop\MBR.dat"
    10:15:05.062    The log file has been saved successfully to "C:\Documents and Settings\chregeli\Desktop\aswMBR.txt"


     


     

     

     

     

    Attached Files

    • Attached File  MBR.zip   577bytes   0 downloads


    #4 nasdaq

    nasdaq

    • Malware Response Team
    • 38,770 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:03:45 PM

    Posted 23 February 2013 - 11:33 AM

    Good work, let continue.
     
    Please download ComboFix from one of these locations:
     
     
    * IMPORTANT !!! Save ComboFix.exe to your Desktop
     

    • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

     

    • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.

     

    • Do not install any other programs until this if fixed.[/b]

     

    • Double click on ComboFix.exe & follow the prompts.

     

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. 

     

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

     

    • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

     
     
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
     

     
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
     
     
    Click on Yes, to continue scanning for malware.
     
    When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
     
    Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
     
    Do not mouse click ComboFix's window while it's running. That may cause it to stall
     
    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===
     
    Third party programs if not up to date can be the cause of infiltration an infection.
     
    Please run this security check for my review.
     
    Download Security Check by screen317 from here.
    • Save it to your Desktop.

    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    ===
     
    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
     
    Please download AdwCleaner by Xplode onto your Desktop.

    •  


    • Close all open programs and internet browsers.


    • Double click on AdwCleaner.exe to run the tool.


    • Click on Delete tab follow the prompts.


    • A log file will automatically open after the scan has finished.


    • Please post the content of that log file with your next answer.


    • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

     
    Please post the logs and let me know if the problem persists.


    #5 sander66

    sander66
    • Topic Starter

    • Members
    • 77 posts
    • OFFLINE
    •  
    • Local time:02:45 PM

    Posted 23 February 2013 - 12:12 PM

    Could not download ADWCleaner. Getting an error.

     

    -> combofix log 

     

    ComboFix 13-02-23.01 - chregeli 02/23/2013  10:48:03.2.2 - x86
    Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3326.2523 [GMT -6:00]
    Running from: c:\documents and settings\chregeli\Desktop\ComboFix.exe
    AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\imhofr\WINDOWS
    c:\documents and settings\Kommandant\WINDOWS
    c:\windows\dasetup.log
    c:\windows\EventSystem.log
    c:\windows\system32\SET2A.tmp
    c:\windows\system32\SET4A.tmp
    c:\windows\system32\SET4D.tmp
    c:\windows\system32\SET53.tmp
    c:\windows\system32\SET5C.tmp
    c:\windows\system32\SET5F.tmp
    c:\windows\system32\SET68.tmp
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\wininit.ini
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-01-23 to 2013-02-23  )))))))))))))))))))))))))))))))
    .
    .
    2013-02-23 15:57 . 2013-02-23 15:57 -------- d-----w- C:\TDSSKiller_Quarantine
    2013-02-20 01:00 . 2013-02-20 00:59 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-02-19 07:55 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{4E6AC43C-8F35-42D2-B976-EBB83168DEC2}\mpengine.dll
    2013-02-19 07:09 . 2013-02-19 07:09 -------- d-----w- c:\documents and settings\chregeli\Local Settings\Application Data\Sun
    2013-02-19 03:16 . 2013-02-19 03:16 -------- d-----w- c:\program files\Common Files\Java
    2013-02-19 03:16 . 2013-02-20 00:59 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-02-19 03:16 . 2013-02-20 00:59 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    2013-02-09 15:31 . 2013-02-19 02:07 -------- d-----w- c:\windows\system32\drivers\N360\1402000.013
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-20 00:59 . 2009-06-13 13:56 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-02-19 02:17 . 2012-08-19 17:23 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-19 02:17 . 2011-08-06 22:54 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-09 15:15 . 2010-05-22 19:24 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2013-01-26 03:55 . 2004-08-11 22:00 552448 ------w- c:\windows\system32\oleaut32.dll
    2013-01-17 07:28 . 2009-10-03 00:43 232336 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-08 04:57 . 2008-10-20 23:15 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2013-01-07 01:19 . 2004-08-11 22:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:37 . 2004-08-04 03:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20 . 2004-08-11 22:00 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49 . 2004-08-11 22:00 1292288 ----a-w- c:\windows\system32\quartz.dll
    2013-01-02 06:49 . 2004-08-11 22:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2012-12-26 20:16 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2012-12-26 20:16 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-12-26 20:16 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-12-24 06:40 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec
    2012-12-16 12:23 . 2004-08-11 22:00 290560 ----a-w- c:\windows\system32\atmfd.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-18 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
    "imekrmig7.0"="c:\program files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2007-04-19 25440]
    "IMSCMig"="c:\progra~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE" [2007-04-03 17248]
    "CJIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2007-03-23 66400]
    "PHIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2007-03-23 98656]
    "IMJPMIG9.0"="c:\progra~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE" [2007-04-19 125792]
    "VOBRegCheck"="c:\windows\System32\VOBREGCheck.exe" [2003-01-08 153088]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
    "AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 98304]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00e0804]
       IME File REG_SZ          IMSC40A.IME
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]
       Ime File REG_SZ          IMEKR70.IME
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0080404]
       IME File REG_SZ          MSTCIPHA.IME
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0090404]
       IME File REG_SZ          MSTCICJA.IME
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
       Ime File REG_SZ          IMJP9.IME
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\downloads\\hp\\OJ6000vE609_Full_14\\setup\\hpznui01.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1402000.013\symds.sys [2/9/2013 9:31 AM 368288]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1402000.013\symefa.sys [2/9/2013 9:31 AM 927904]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx86.sys [2/12/2013 2:52 PM 997464]
    R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360\1402000.013\ccsetx86.sys [2/9/2013 9:31 AM 134304]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1402000.013\ironx86.sys [2/9/2013 9:31 AM 175264]
    R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2/28/2011 8:37 PM 109728]
    R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\20.2.0.19\ccsvchst.exe [2/9/2013 9:31 AM 143928]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/12/2012 8:33 AM 106656]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130222.001\IDSXpx86.sys [2/22/2013 9:52 PM 373728]
    S0 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\SI3114.sys [4/14/2008 6:52 PM 73768]
    S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [3/27/2010 2:42 PM 401920]
    S3 cpudrv;cpudrv;\??\c:\program files\SystemRequirementsLab\cpudrv.sys --> c:\program files\SystemRequirementsLab\cpudrv.sys [?]
    S3 SNXPCARD;SNXPCARD;c:\windows\system32\drivers\snxpcard.sys [9/6/2006 6:10 PM 23040]
    S3 SNXPPALX;SNXPPALX;c:\windows\system32\drivers\snxppalx.sys [9/6/2006 6:10 PM 76800]
    S3 VICAMUSB;3Com HomeConnect USB Camera;c:\windows\system32\drivers\vicamusb.sys --> c:\windows\system32\drivers\vicamusb.sys [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 09640330
    *NewlyCreated* - 55136108
    *NewlyCreated* - ASWMBR
    *Deregistered* - 09640330
    *Deregistered* - 55136108
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 02:17]
    .
    2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 14:05]
    .
    2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 14:05]
    .
    2013-02-23 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
    .
    2013-02-17 c:\windows\Tasks\rigi data diff.job
    - c:\windows\system32\ntbackup.exe [2004-08-11 00:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyServer = port2:80
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 10.0.0.99
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-SetDefaultMIDI - MIDIDef.exe
    HKCU-Run-Creative Detector - c:\program files\Creative\MediaSource\Detector\CTDetect.exe
    HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    HKCU-Run-H/PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe
    HKCU-Run-QuickTime Task - c:\program files\QuickTime\qttask.exe
    HKLM-Run-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe
    SafeBoot-55136108.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-02-23 11:01
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(696)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    .
    Completion time: 2013-02-23  11:05:17
    ComboFix-quarantined-files.txt  2013-02-23 17:05
    ComboFix2.txt  2010-05-22 18:47
    .
    Pre-Run: 85,584,515,072 bytes free
    Post-Run: 85,903,007,744 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 2BCF987B2A092A78C46D1072619BC1E0
     

    -> checkup log

     

     Results of screen317's Security Check version 0.99.59 
     Windows XP Service Pack 3 x86  
     Internet Explorer 8 
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Firewall Disabled! 
    Please wait while WMIC compiles updated MOF files.d
    i
    s
    p
    l
    a
    y
    N
    a
    m
    e
    ECHO is off.
    N
    o
    r
    t
    o
    n
    ECHO is off.
    S
    e
    c
    u
    r
    i
    t
    y
    ECHO is off.
    S
    u
    i
    t
    e
    ECHO is off.
     Antivirus up to date! 
    `````````Anti-malware/Other Utilities Check:`````````
     Windows Defender   
     Gmer    
     Java™ 6 Update 19 
     Java 7 Update 15 
     Java version out of Date!
     Adobe Reader 10.1.6 Adobe Reader out of Date! 
    ````````Process Check: objlist.exe by Laurent```````` 
     Norton ccSvcHst.exe
     Windows Defender MSMpEng.exe
     Windows Defender MSASCui.exe
     Windows Defender MsMpEng.exe  
     Windows Defender MSASCui.exe  
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C:: 3%
    ````````````````````End of Log``````````````````````
     



    #6 sander66

    sander66
    • Topic Starter

    • Members
    • 77 posts
    • OFFLINE
    •  
    • Local time:02:45 PM

    Posted 23 February 2013 - 12:40 PM

    took care of Java 6 and Acrobat Reader



    #7 nasdaq

    nasdaq

    • Malware Response Team
    • 38,770 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:03:45 PM

    Posted 23 February 2013 - 01:15 PM

    Logs are clean.

     

    Right click on the AdwCleaner  above and use open in new tab or Windows.

     

    It's working for me.



    #8 sander66

    sander66
    • Topic Starter

    • Members
    • 77 posts
    • OFFLINE
    •  
    • Local time:02:45 PM

    Posted 23 February 2013 - 01:34 PM

    Great. Looks like this was the PC that Comcast found?

     

     

    Got the ADW Cleaner to work:

     

    # AdwCleaner v2.112 - Logfile created 02/23/2013 at 12:28:08
    # Updated 10/02/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : chregeli - RIGI
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\chregeli\Local Settings\Temporary Internet Files\Content.IE5\O28QLBU2\adwcleaner0[1].exe
    # Option [Delete]


     


    ***** [Services] *****


     


    ***** [Files / Folders] *****


     

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
    Folder Deleted : C:\Documents and Settings\chregeli\Application Data\Viewpoint
    Folder Deleted : C:\Documents and Settings\imhofr\Application Data\Viewpoint
    Folder Deleted : C:\Documents and Settings\imhofr\Local Settings\Application Data\AskToolbar


     

    ***** [Registry] *****


     

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : HKLM\Software\Viewpoint
    Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}


     

    ***** [Internet Browsers] *****


     

    -\\ Internet Explorer v8.0.6001.18702


     

    [OK] Registry is clean.


     

    *************************


     

    AdwCleaner[S1].txt - [2315 octets] - [23/02/2013 12:28:08]


     

    ########## EOF - C:\AdwCleaner[S1].txt - [2375 octets] ##########



    #9 sander66

    sander66
    • Topic Starter

    • Members
    • 77 posts
    • OFFLINE
    •  
    • Local time:02:45 PM

    Posted 23 February 2013 - 06:33 PM

    I did run ESET Online on this computer as well.

     

    This is the log, I am not sure if I need to worry about this or not.

     

    C:\TDSSKiller_Quarantine\23.02.2013_09.56.54\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan
    C:\TDSSKiller_Quarantine\23.02.2013_09.56.54\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AM trojan
    C:\TDSSKiller_Quarantine\23.02.2013_09.56.54\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.RG trojan
    C:\TDSSKiller_Quarantine\23.02.2013_09.56.54\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AN trojan
    C:\TDSSKiller_Quarantine\23.02.2013_09.56.54\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan
    C:\TDSSKiller_Quarantine\23.02.2013_09.56.54\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan
     



    #10 nasdaq

    nasdaq

    • Malware Response Team
    • 38,770 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:03:45 PM

    Posted 24 February 2013 - 08:46 AM

    The files found by Eset are in theTDSSKiller quarantine folder. Nothing to worry about.

    You can delete the folder.

     

     

    If all is well:
     
    Time for some housekeeping
    The following will implement some cleanup procedures as well as reset  System Restore points:
     
    Click Start > Run  and copy/paste the following bold text into the Run box and click OK:
     
    ComboFix /Uninstall 
    ===
     
    To remove AdwCleaner.
     
    Please double click on AdwCleaner.exe to run the tool.
    Click on Uninstall.
    Confirm with Yes.
     
    If you decide to keep the AdwCleaner tool make sure delete your version and download the latest before running it.
     
    Delete the other tools we used.
    You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.
     
    Surf Safely, and Think Prevention!
    ===


    #11 nasdaq

    nasdaq

    • Malware Response Team
    • 38,770 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:03:45 PM

    Posted 02 March 2013 - 09:50 AM

    It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users