Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trend Chip Away Virus has detected a boot virus


  • Please log in to reply
7 replies to this topic

#1 takaonichi

takaonichi

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 14 March 2013 - 05:18 AM

hi guys

 

please help me..

 

when i start up the computer, a red screen with the following message is displayed

 

Trend ChipAwayVirus has detected a boot virus on your hard disk.

Press <Enter> for more information (recommended)
      <C> to continue booting."

"Complete Virus Protection for the Entreprise"
Trend Micro - http://www.antivirus.com

 

after i press ENTER

 

To prevent the data lost from your computer,
Trend ChipAwayVirus will restart your computer.

Insert a bootable clean floppy disk into the floppy driver
press <r> to restart your system
      <b> to go back previous screen

For more information on viruses visit http://www.antivirus.com

 

after press R

 

If you continue to boot up your system, the virus will be
left in your computer.
Are you sure you want to continue the boot up procedures?

Press <y> to continue to boot anyway.
      <n> to return to previous screen.

For more information on viruses visit http://www.antivirus.com

 

 

and yes i can log in to windows like usually

 

here is my DDS log

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180  BrowserJavaVersion: 1.6.0_18
Run by nokitaro at 10:04:53 on 2013-03-14
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.256.90 [GMT 7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\FsUsbExService.Exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\windows\System32\alg.exe
C:\windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LG\LG PC Suite\LaunchApplication.exe
C:\windows\Mixer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - c:\program files\brothersoft\tbBrot.dll
TB: Brothersoft Toolbar: {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - c:\program files\brothersoft\tbBrot.dll
TB: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - c:\program files\brothersoft\tbBrot.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [LGPCSuiteTrayApplication] c:\program files\lg\lg pc suite\LaunchApplication.exe -startup
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NPSStartup] <no file>
dRun: [LG.PCSync] c:\program files\lg\lg pc suite\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\nokitaro\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\nokitaro\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: Interfaces\{1EDD9385-CA14-4C1C-B486-83979174D52E} : NameServer = 203.130.206.250,202.134.0.155
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: cryptnet32 - cryptnet32.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.160\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nokitaro\application data\mozilla\firefox\profiles\pwwkvtme.default\
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll
FF - ExtSQL: 2013-02-23 13:11; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-11 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-2-23 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-2-23 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-2-23 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-11 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-2-23 45248]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-2-24 233472]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\all users\application data\datacardservice\hwdeviceservice.exe -/service --> c:\documents and settings\all users\application data\datacardservice\HWDeviceService.exe -/service [?]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-2-24 36608]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2000-1-1 72576]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-11 164736]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys --> c:\windows\system32\drivers\avfwim.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2000-1-1 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2000-1-1 117504]
S3 nmwcdlg;LG USB Phone Parent;c:\windows\system32\drivers\nmwcdlg.sys [2009-8-18 135680]
S3 nmwcdlgc;LG USB Generic;c:\windows\system32\drivers\nmwcdlgc.sys [2009-8-18 8320]
S3 nmwcdlgcj;LG USB Port;c:\windows\system32\drivers\nmwcdlgcj.sys [2009-8-18 12288]
S3 nmwcdlgcm;LG USB Modem;c:\windows\system32\drivers\nmwcdlgcm.sys [2009-8-18 12288]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-2-24 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-2-24 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-2-24 121856]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\ct_ztemt_u_usbser.sys --> c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [?]
.
=============== Created Last 30 ================
.
2013-03-11 07:14:27    71024    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-11 07:14:27    691568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-03-11 06:09:16    164736    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-03-11 06:09:15    49248    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-03-11 06:09:14    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-03-10 13:23:59    917400    ----a-w-    c:\program files\mozilla firefox\firefox.exe
2013-03-10 13:23:59    2954136    ----a-w-    c:\program files\mozilla firefox\gkmedias.dll
2013-03-10 13:23:59    277400    ----a-w-    c:\program files\mozilla firefox\freebl3.dll
2013-03-10 13:23:59    1998168    ----a-w-    c:\program files\mozilla firefox\d3dx9_43.dll
2013-03-10 13:23:58    74136    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2013-03-10 13:23:58    2106216    ----a-w-    c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-03-10 13:23:58    19352    ----a-w-    c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-03-10 13:23:58    116120    ----a-w-    c:\program files\mozilla firefox\crashreporter.exe
2013-02-23 05:53:28    765736    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-02-23 05:51:46    41664    ----a-w-    c:\windows\avastSS.scr
2013-02-23 05:50:10    --------    d-----w-    c:\program files\AVAST Software
2013-02-23 05:50:10    --------    d-----w-    c:\documents and settings\all users\application data\AVAST Software
2013-02-23 05:46:53    --------    d-----w-    c:\documents and settings\nokitaro\application data\Smadav
2013-02-23 05:46:52    --------    d-----w-    c:\program files\Smadav
2013-02-23 05:46:47    --------    d-sh--w-    C:\[Smad-Cage]
.
==================== Find3M  ====================
.
.
============= FINISH: 10:06:06.45 ===============
 

thanks for your help!

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:37 AM

Posted 15 March 2013 - 01:04 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
  • Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
    • Click the "Scan" button to start scan.
    • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
    • Please post the contents of that log in your next reply.
    There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===

    Please post the logs for my review.


#3 takaonichi

takaonichi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 16 March 2013 - 04:53 AM

thanks for replay..

 

when i run the aswmbr.exe, at the bottom of the application it have options like this :

 

AV scan : Quick Scan 

                C

                ....

                none

 

which one should i choose???



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:37 AM

Posted 16 March 2013 - 08:14 AM

You can select any one.

Try the Quick Scan and post the log. Will take it from there.

#5 takaonichi

takaonichi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 17 March 2013 - 12:31 AM

hi thanks for replay...

 

i forgot to say this in my first post :

1. after that red screen trend chip away virus message,

    my computer show this message :  invalid BOOT.INI.file

                                                           booting from C:\windows\

 

2. i use avast AV and i performed a scan before make this topic

    the first Quick Scan avast detected 28 infected files, some of this are :

  1.  C:\documents and settings\grimlock\local settings\temp\0.26774574466420065,exe        thread:win32:crypt-HTD [trj]

  2.  C:\documents and settings\nokitaro\local settings\temp\msitcm.cpl             thread:win32:malOb-ER [cryp]

  3.  MBR:\\.\PHYSICALDRIVE0                               thread:win32:MBRoot-J [trj]

  4.  C:\WINDOWS\system32\cryptnet32.dll          thread:wn32:lukicsel-E [trj]

  5.  C:\WINDOWS\system32\dll.dll                        thread:wn32:lukicsel-E [trj]

  6.  C:\WINDOWS\system32\cryptnet32.dll          thread:wn32:lukicsel-E [trj]

  7.  C:\system volume information\_restore      thread:wn32:lukicsel-E [trj]

 

when i choose delete all  it just the no 1 and 2  result :  action successful

and 3-7 result: action postponed until next reboot and after i reboot the result is still same action postponed until next reboot

but the cryptnet32.dll &  dll.dll  already moved to quarantine

 

boot scan detected 19 infected files:

1. C:\hiberfil.sys   threat:win32:sinowal-IK [trj]    action:delete  result:error:the procees cannot access the file because it is being used by another procees(32)

2. TNODUP.exe  thread:win32:malware-gen action:delete  result: successful  but detected again and again when i perform another scan

3-19. others virus

 

 

here is my TDSS log

 

15:25:46.0671 3840  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:25:46.0718 3840  ============================================================
15:25:46.0718 3840  Current date / time: 2013/03/16 15:25:46.0718
15:25:46.0718 3840  SystemInfo:
15:25:46.0718 3840  
15:25:46.0718 3840  OS Version: 5.1.2600 ServicePack: 2.0
15:25:46.0718 3840  Product type: Workstation
15:25:46.0718 3840  ComputerName: WENZ
15:25:46.0718 3840  UserName: nokitaro
15:25:46.0718 3840  Windows directory: C:\windows
15:25:46.0718 3840  System windows directory: C:\windows
15:25:46.0718 3840  Processor architecture: Intel x86
15:25:46.0718 3840  Number of processors: 1
15:25:46.0718 3840  Page size: 0x1000
15:25:46.0718 3840  Boot type: Normal boot
15:25:46.0718 3840  ============================================================
15:25:48.0281 3840  Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:25:48.0296 3840  ============================================================
15:25:48.0296 3840  \Device\Harddisk0\DR0:
15:25:48.0296 3840  MBR partitions:
15:25:48.0296 3840  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542941
15:25:48.0312 3840  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x25429BF, BlocksNum 0x2546802
15:25:48.0312 3840  ============================================================
15:25:48.0343 3840  C: <-> \Device\Harddisk0\DR0\Partition1
15:25:48.0343 3840  D: <-> \Device\Harddisk0\DR0\Partition2
15:25:48.0343 3840  ============================================================
15:25:48.0343 3840  Initialize success
15:25:48.0343 3840  ============================================================
15:25:52.0140 0160  ============================================================
15:25:52.0140 0160  Scan started
15:25:52.0140 0160  Mode: Manual; TDLFS;
15:25:52.0140 0160  ============================================================
15:25:53.0046 0160  ================ Scan system memory ========================
15:25:53.0046 0160  System memory - ok
15:25:53.0062 0160  ================ Scan services =============================
15:25:53.0187 0160  Abiosdsk - ok
15:25:53.0203 0160  abp480n5 - ok
15:25:53.0250 0160  [ A10C7534F7223F4A73A948967D00E69B ] ACPI            C:\windows\system32\DRIVERS\ACPI.sys
15:25:53.0265 0160  ACPI - ok
15:25:53.0312 0160  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\windows\system32\drivers\ACPIEC.sys
15:25:53.0312 0160  ACPIEC - ok
15:25:53.0390 0160  [ C1EB9968EC89FBA5F3A264E2E57923AB ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:25:53.0390 0160  Adobe LM Service - ok
15:25:53.0421 0160  adpu160m - ok
15:25:53.0468 0160  [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec             C:\windows\system32\drivers\aec.sys
15:25:53.0468 0160  aec - ok
15:25:53.0515 0160  [ 55E6E1C51B6D30E54335750955453702 ] AFD             C:\windows\System32\drivers\afd.sys
15:25:53.0515 0160  AFD - ok
15:25:53.0546 0160  Aha154x - ok
15:25:53.0562 0160  aic78u2 - ok
15:25:53.0578 0160  aic78xx - ok
15:25:53.0640 0160  [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter         C:\windows\system32\alrsvc.dll
15:25:53.0640 0160  Alerter - ok
15:25:53.0671 0160  [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG             C:\windows\System32\alg.exe
15:25:53.0671 0160  ALG - ok
15:25:53.0703 0160  AliIde - ok
15:25:53.0718 0160  amsint - ok
15:25:53.0750 0160  [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt         C:\windows\System32\appmgmts.dll
15:25:53.0750 0160  AppMgmt - ok
15:25:53.0781 0160  asc - ok
15:25:53.0796 0160  asc3350p - ok
15:25:53.0812 0160  asc3550 - ok
15:25:53.0859 0160  [ 71356A1370739E25375A1D17B6AE318F ] aslm75          C:\WINDOWS\system32\drivers\aslm75.sys
15:25:53.0859 0160  aslm75 - ok
15:25:54.0000 0160  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:25:54.0000 0160  aspnet_state - ok
15:25:54.0046 0160  [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk        C:\windows\system32\drivers\aswFsBlk.sys
15:25:54.0046 0160  aswFsBlk - ok
15:25:54.0093 0160  [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
15:25:54.0109 0160  aswMonFlt - ok
15:25:54.0125 0160  [ C1A411B7CCD604554D96EFDAC2F83617 ] AswRdr          C:\windows\system32\drivers\AswRdr.sys
15:25:54.0125 0160  AswRdr - ok
15:25:54.0156 0160  [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
15:25:54.0171 0160  aswRvrt - ok
15:25:54.0234 0160  [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
15:25:54.0234 0160  aswSnx - ok
15:25:54.0281 0160  [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP           C:\windows\system32\drivers\aswSP.sys
15:25:54.0296 0160  aswSP - ok
15:25:54.0328 0160  [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi          C:\windows\system32\drivers\aswTdi.sys
15:25:54.0328 0160  aswTdi - ok
15:25:54.0359 0160  [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
15:25:54.0375 0160  aswVmm - ok
15:25:54.0437 0160  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
15:25:54.0437 0160  AsyncMac - ok
15:25:54.0484 0160  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\windows\system32\DRIVERS\atapi.sys
15:25:54.0484 0160  atapi - ok
15:25:54.0500 0160  Atdisk - ok
15:25:54.0531 0160  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\windows\system32\DRIVERS\atmarpc.sys
15:25:54.0531 0160  Atmarpc - ok
15:25:54.0562 0160  [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv        C:\windows\System32\audiosrv.dll
15:25:54.0562 0160  AudioSrv - ok
15:25:54.0609 0160  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\windows\system32\DRIVERS\audstub.sys
15:25:54.0609 0160  audstub - ok
15:25:54.0703 0160  [ 32A5DEFDDC3562BF89D73586F5915B34 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
15:25:54.0703 0160  Autodesk Licensing Service - ok
15:25:54.0781 0160  [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:25:54.0781 0160  avast! Antivirus - ok
15:25:54.0812 0160  avfwim - ok
15:25:54.0859 0160  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\windows\system32\drivers\Beep.sys
15:25:54.0859 0160  Beep - ok
15:25:54.0921 0160  [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS            C:\WINDOWS\system32\qmgr.dll
15:25:54.0953 0160  BITS - ok
15:25:55.0000 0160  [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser         C:\windows\System32\browser.dll
15:25:55.0000 0160  Browser - ok
15:25:55.0046 0160  [ 2FE6D5BE0629F706197B30C0AA05DE30 ] BrPar           C:\windows\System32\drivers\BrPar.sys
15:25:55.0046 0160  BrPar - ok
15:25:55.0093 0160  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\windows\system32\drivers\cbidf2k.sys
15:25:55.0109 0160  cbidf2k - ok
15:25:55.0125 0160  cd20xrnt - ok
15:25:55.0156 0160  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\windows\system32\drivers\Cdaudio.sys
15:25:55.0171 0160  Cdaudio - ok
15:25:55.0218 0160  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\windows\system32\drivers\Cdfs.sys
15:25:55.0218 0160  Cdfs - ok
15:25:55.0265 0160  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom           C:\windows\system32\DRIVERS\cdrom.sys
15:25:55.0265 0160  Cdrom - ok
15:25:55.0296 0160  Changer - ok
15:25:55.0328 0160  [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc           C:\windows\system32\cisvc.exe
15:25:55.0328 0160  CiSvc - ok
15:25:55.0359 0160  [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv         C:\windows\system32\clipsrv.exe
15:25:55.0375 0160  ClipSrv - ok
15:25:55.0421 0160  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:25:55.0421 0160  clr_optimization_v2.0.50727_32 - ok
15:25:55.0453 0160  CmdIde - ok
15:25:55.0515 0160  [ 7BE95CEA894B50D48286B03B82C4618E ] cmpci           C:\windows\system32\drivers\cmaudio.sys
15:25:55.0515 0160  cmpci - ok
15:25:55.0531 0160  COMSysApp - ok
15:25:55.0562 0160  Cpqarray - ok
15:25:55.0625 0160  [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc        C:\windows\System32\cryptsvc.dll
15:25:55.0625 0160  CryptSvc - ok
15:25:55.0656 0160  dac2w2k - ok
15:25:55.0671 0160  dac960nt - ok
15:25:55.0750 0160  [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] DcomLaunch      C:\windows\system32\rpcss.dll
15:25:55.0765 0160  DcomLaunch - ok
15:25:55.0812 0160  [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp            C:\windows\System32\dhcpcsvc.dll
15:25:55.0828 0160  Dhcp - ok
15:25:55.0875 0160  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\windows\system32\DRIVERS\disk.sys
15:25:55.0875 0160  Disk - ok
15:25:55.0890 0160  dmadmin - ok
15:25:55.0984 0160  [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot          C:\windows\system32\drivers\dmboot.sys
15:25:55.0984 0160  dmboot - ok
15:25:56.0031 0160  [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio            C:\windows\system32\drivers\dmio.sys
15:25:56.0031 0160  dmio - ok
15:25:56.0093 0160  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\windows\system32\drivers\dmload.sys
15:25:56.0093 0160  dmload - ok
15:25:56.0140 0160  [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver        C:\windows\System32\dmserver.dll
15:25:56.0156 0160  dmserver - ok
15:25:56.0203 0160  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\windows\system32\drivers\DMusic.sys
15:25:56.0203 0160  DMusic - ok
15:25:56.0234 0160  [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache        C:\windows\System32\dnsrslvr.dll
15:25:56.0234 0160  Dnscache - ok
15:25:56.0265 0160  dpti2o - ok
15:25:56.0281 0160  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
15:25:56.0281 0160  drmkaud - ok
15:25:56.0328 0160  [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc           C:\windows\System32\ersvc.dll
15:25:56.0343 0160  ERSvc - ok
15:25:56.0390 0160  [ 37561F8D4160D62DA86D24AE41FAE8DE ] Eventlog        C:\windows\system32\services.exe
15:25:56.0406 0160  Eventlog - ok
15:25:56.0468 0160  [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem     C:\WINDOWS\system32\es.dll
15:25:56.0484 0160  EventSystem - ok
15:25:56.0546 0160  [ A52794C010C6DF5B4BC70C4AB5E04088 ] ewusbnet        C:\windows\system32\DRIVERS\ewusbnet.sys
15:25:56.0546 0160  ewusbnet - ok
15:25:56.0578 0160  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev     C:\windows\system32\DRIVERS\ew_hwusbdev.sys
15:25:56.0578 0160  ew_hwusbdev - ok
15:25:56.0640 0160  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\windows\system32\drivers\Fastfat.sys
15:25:56.0640 0160  Fastfat - ok
15:25:56.0703 0160  [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll
15:25:56.0718 0160  FastUserSwitchingCompatibility - ok
15:25:56.0750 0160  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\windows\system32\DRIVERS\fdc.sys
15:25:56.0750 0160  Fdc - ok
15:25:56.0812 0160  [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips            C:\windows\system32\drivers\Fips.sys
15:25:56.0812 0160  Fips - ok
15:25:56.0843 0160  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
15:25:56.0843 0160  Flpydisk - ok
15:25:56.0906 0160  [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr          C:\windows\system32\DRIVERS\fltMgr.sys
15:25:56.0906 0160  FltMgr - ok
15:25:56.0984 0160  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:25:57.0000 0160  FontCache3.0.0.0 - ok
15:25:57.0031 0160  [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk     C:\windows\system32\FsUsbExDisk.SYS
15:25:57.0046 0160  FsUsbExDisk - ok
15:25:57.0078 0160  [ D3F9205CC4CB07553F2F9472C767EA87 ] FsUsbExService  C:\windows\system32\FsUsbExService.Exe
15:25:57.0093 0160  FsUsbExService - ok
15:25:57.0125 0160  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
15:25:57.0125 0160  Fs_Rec - ok
15:25:57.0156 0160  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\windows\system32\DRIVERS\ftdisk.sys
15:25:57.0171 0160  Ftdisk - ok
15:25:57.0203 0160  [ 5F92FD09E5610A5995DA7D775EADCD12 ] gameenum        C:\windows\system32\DRIVERS\gameenum.sys
15:25:57.0203 0160  gameenum - ok
15:25:57.0250 0160  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\windows\system32\DRIVERS\msgpc.sys
15:25:57.0250 0160  Gpc - ok
15:25:57.0296 0160  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:25:57.0296 0160  gupdate - ok
15:25:57.0328 0160  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:25:57.0328 0160  gupdatem - ok
15:25:57.0406 0160  [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc         C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:25:57.0406 0160  helpsvc - ok
15:25:57.0421 0160  HidServ - ok
15:25:57.0437 0160  hpn - ok
15:25:57.0500 0160  [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP            C:\windows\system32\Drivers\HTTP.sys
15:25:57.0515 0160  HTTP - ok
15:25:57.0562 0160  [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter      C:\windows\System32\w3ssl.dll
15:25:57.0578 0160  HTTPFilter - ok
15:25:57.0640 0160  [ BED3A9F86A637CC6C2C5296CD82423D8 ] huawei_enumerator C:\windows\system32\DRIVERS\ew_jubusenum.sys
15:25:57.0656 0160  huawei_enumerator - ok
15:25:57.0718 0160  [ 1F40368DC40B17DE3FA0FBE8A9D82F9E ] hwdatacard      C:\windows\system32\DRIVERS\ewusbmdm.sys
15:25:57.0718 0160  hwdatacard - ok
15:25:57.0812 0160  HWDeviceService.exe - ok
15:25:57.0859 0160  i2omgmt - ok
15:25:57.0890 0160  i2omp - ok
15:25:57.0921 0160  [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
15:25:57.0937 0160  i8042prt - ok
15:25:58.0031 0160  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:25:58.0031 0160  IDriverT - ok
15:25:58.0265 0160  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:25:58.0281 0160  idsvc - ok
15:25:58.0328 0160  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\windows\system32\DRIVERS\imapi.sys
15:25:58.0328 0160  Imapi - ok
15:25:58.0375 0160  [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService    C:\WINDOWS\system32\imapi.exe
15:25:58.0406 0160  ImapiService - ok
15:25:58.0421 0160  ini910u - ok
15:25:58.0453 0160  IntelIde - ok
15:25:58.0500 0160  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           C:\windows\system32\DRIVERS\Ip6Fw.sys
15:25:58.0515 0160  Ip6Fw - ok
15:25:58.0562 0160  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
15:25:58.0562 0160  IpFilterDriver - ok
15:25:58.0593 0160  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\windows\system32\DRIVERS\ipinip.sys
15:25:58.0593 0160  IpInIp - ok
15:25:58.0625 0160  [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat           C:\windows\system32\DRIVERS\ipnat.sys
15:25:58.0625 0160  IpNat - ok
15:25:58.0656 0160  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\windows\system32\DRIVERS\ipsec.sys
15:25:58.0671 0160  IPSec - ok
15:25:58.0718 0160  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\windows\system32\DRIVERS\irenum.sys
15:25:58.0718 0160  IRENUM - ok
15:25:58.0750 0160  [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp          C:\windows\system32\DRIVERS\isapnp.sys
15:25:58.0765 0160  isapnp - ok
15:25:58.0890 0160  [ 77AC10DB097DFD0CD3071465B644D0AB ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
15:25:58.0906 0160  JavaQuickStarterService - ok
15:25:58.0953 0160  [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
15:25:58.0953 0160  Kbdclass - ok
15:25:59.0015 0160  [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer          C:\windows\system32\drivers\kmixer.sys
15:25:59.0015 0160  kmixer - ok
15:25:59.0062 0160  [ 674D3E5A593475915DC6643317192403 ] KSecDD          C:\windows\system32\drivers\KSecDD.sys
15:25:59.0062 0160  KSecDD - ok
15:25:59.0125 0160  [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver    C:\windows\System32\srvsvc.dll
15:25:59.0156 0160  lanmanserver - ok
15:25:59.0218 0160  [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:25:59.0234 0160  LanmanWorkstation - ok
15:25:59.0265 0160  lbrtfdc - ok
15:25:59.0312 0160  [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts         C:\windows\System32\lmhsvc.dll
15:25:59.0312 0160  LmHosts - ok
15:25:59.0359 0160  [ 4E10E84320A8EC1C12BD0D00973B22AB ] mdvrmng         C:\windows\system32\drivers\mdvrmng.sys
15:25:59.0375 0160  mdvrmng - ok
15:25:59.0406 0160  [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger       C:\windows\System32\msgsvc.dll
15:25:59.0421 0160  Messenger - ok
15:25:59.0500 0160  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:25:59.0515 0160  Microsoft Office Groove Audit Service - ok
15:25:59.0562 0160  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\windows\system32\drivers\mnmdd.sys
15:25:59.0562 0160  mnmdd - ok
15:25:59.0609 0160  [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
15:25:59.0625 0160  mnmsrvc - ok
15:25:59.0687 0160  [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem           C:\windows\system32\drivers\Modem.sys
15:25:59.0687 0160  Modem - ok
15:25:59.0718 0160  [ 34E1F0031153E491910E12551400192C ] Mouclass        C:\windows\system32\DRIVERS\mouclass.sys
15:25:59.0718 0160  Mouclass - ok
15:25:59.0765 0160  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\windows\system32\drivers\MountMgr.sys
15:25:59.0765 0160  MountMgr - ok
15:25:59.0828 0160  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:25:59.0828 0160  MozillaMaintenance - ok
15:25:59.0859 0160  mraid35x - ok
15:25:59.0875 0160  [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV          C:\windows\system32\DRIVERS\mrxdav.sys
15:25:59.0890 0160  MRxDAV - ok
15:25:59.0968 0160  [ 6F2D483B97B395544E59749C47963C6A ] MRxSmb          C:\windows\system32\DRIVERS\mrxsmb.sys
15:25:59.0968 0160  MRxSmb - ok
15:26:00.0031 0160  [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
15:26:00.0031 0160  MSDTC - ok
15:26:00.0093 0160  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\windows\system32\drivers\Msfs.sys
15:26:00.0093 0160  Msfs - ok
15:26:00.0109 0160  MSIServer - ok
15:26:00.0156 0160  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
15:26:00.0156 0160  MSKSSRV - ok
15:26:00.0171 0160  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
15:26:00.0187 0160  MSPCLOCK - ok
15:26:00.0218 0160  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
15:26:00.0218 0160  MSPQM - ok
15:26:00.0265 0160  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
15:26:00.0281 0160  mssmbios - ok
15:26:00.0328 0160  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\windows\system32\drivers\Mup.sys
15:26:00.0328 0160  Mup - ok
15:26:00.0359 0160  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\windows\system32\drivers\NDIS.sys
15:26:00.0375 0160  NDIS - ok
15:26:00.0421 0160  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
15:26:00.0437 0160  NdisTapi - ok
15:26:00.0484 0160  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
15:26:00.0484 0160  Ndisuio - ok
15:26:00.0515 0160  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
15:26:00.0515 0160  NdisWan - ok
15:26:00.0546 0160  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
15:26:00.0546 0160  NDProxy - ok
15:26:00.0578 0160  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
15:26:00.0578 0160  NetBIOS - ok
15:26:00.0609 0160  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
15:26:00.0625 0160  NetBT - ok
15:26:00.0671 0160  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE          C:\windows\system32\netdde.exe
15:26:00.0687 0160  NetDDE - ok
15:26:00.0718 0160  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm      C:\windows\system32\netdde.exe
15:26:00.0734 0160  NetDDEdsdm - ok
15:26:00.0781 0160  [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon        C:\windows\system32\lsass.exe
15:26:00.0796 0160  Netlogon - ok
15:26:00.0859 0160  [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman          C:\windows\System32\netman.dll
15:26:00.0875 0160  Netman - ok
15:26:00.0953 0160  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:26:00.0953 0160  NetTcpPortSharing - ok
15:26:01.0000 0160  [ 097722F235A1FB698BF9234E01B52637 ] Nla             C:\windows\System32\mswsock.dll
15:26:01.0015 0160  Nla - ok
15:26:01.0093 0160  [ 2F26A7091B81AE5E9E201EA7BE5B0012 ] nmwcdlg         C:\windows\system32\drivers\nmwcdlg.sys
15:26:01.0093 0160  nmwcdlg - ok
15:26:01.0125 0160  [ 402D9B520CEBE42EF9F8D0342607B3D1 ] nmwcdlgc        C:\windows\system32\drivers\nmwcdlgc.sys
15:26:01.0125 0160  nmwcdlgc - ok
15:26:01.0140 0160  [ 6EFD9BCE6F293376C3AEB2F04EB78B2F ] nmwcdlgcj       C:\windows\system32\drivers\nmwcdlgcj.sys
15:26:01.0156 0160  nmwcdlgcj - ok
15:26:01.0187 0160  [ 6EFD9BCE6F293376C3AEB2F04EB78B2F ] nmwcdlgcm       C:\windows\system32\drivers\nmwcdlgcm.sys
15:26:01.0187 0160  nmwcdlgcm - ok
15:26:01.0218 0160  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\windows\system32\drivers\Npfs.sys
15:26:01.0218 0160  Npfs - ok
15:26:01.0296 0160  [ B78BE402C3F63DD55521F73876951CDD ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
15:26:01.0296 0160  Ntfs - ok
15:26:01.0328 0160  [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp         C:\windows\system32\lsass.exe
15:26:01.0343 0160  NtLmSsp - ok
15:26:01.0406 0160  [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc         C:\windows\system32\ntmssvc.dll
15:26:01.0421 0160  NtmsSvc - ok
15:26:01.0468 0160  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\windows\system32\drivers\Null.sys
15:26:01.0468 0160  Null - ok
15:26:01.0593 0160  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              C:\windows\system32\DRIVERS\nv4_mini.sys
15:26:01.0625 0160  nv - ok
15:26:01.0671 0160  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\windows\system32\DRIVERS\nwlnkflt.sys
15:26:01.0671 0160  NwlnkFlt - ok
15:26:01.0703 0160  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\windows\system32\DRIVERS\nwlnkfwd.sys
15:26:01.0703 0160  NwlnkFwd - ok
15:26:01.0812 0160  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:26:01.0828 0160  odserv - ok
15:26:01.0875 0160  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:26:01.0875 0160  ose - ok
15:26:01.0921 0160  [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport         C:\windows\system32\DRIVERS\parport.sys
15:26:01.0921 0160  Parport - ok
15:26:01.0953 0160  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\windows\system32\drivers\PartMgr.sys
15:26:01.0953 0160  PartMgr - ok
15:26:02.0000 0160  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\windows\system32\drivers\ParVdm.sys
15:26:02.0000 0160  ParVdm - ok
15:26:02.0031 0160  PCASp50 - ok
15:26:02.0078 0160  [ 175CC28DCF819F78CAA3FBD44AD9E52A ] pccsmcfd        C:\windows\system32\DRIVERS\pccsmcfd.sys
15:26:02.0078 0160  pccsmcfd - ok
15:26:02.0140 0160  [ 8086D9979234B603AD5BC2F5D890B234 ] PCI             C:\windows\system32\DRIVERS\pci.sys
15:26:02.0140 0160  PCI - ok
15:26:02.0171 0160  PCIDump - ok
15:26:02.0203 0160  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\windows\system32\DRIVERS\pciide.sys
15:26:02.0203 0160  PCIIde - ok
15:26:02.0250 0160  [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia          C:\windows\system32\drivers\Pcmcia.sys
15:26:02.0265 0160  Pcmcia - ok
15:26:02.0281 0160  PDCOMP - ok
15:26:02.0296 0160  PDFRAME - ok
15:26:02.0328 0160  PDRELI - ok
15:26:02.0343 0160  PDRFRAME - ok
15:26:02.0359 0160  perc2 - ok
15:26:02.0390 0160  perc2hib - ok
15:26:02.0453 0160  [ 37561F8D4160D62DA86D24AE41FAE8DE ] PlugPlay        C:\windows\system32\services.exe
15:26:02.0484 0160  PlugPlay - ok
15:26:02.0500 0160  [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent     C:\windows\system32\lsass.exe
15:26:02.0515 0160  PolicyAgent - ok
15:26:02.0546 0160  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
15:26:02.0546 0160  PptpMiniport - ok
15:26:02.0562 0160  [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\windows\system32\lsass.exe
15:26:02.0578 0160  ProtectedStorage - ok
15:26:02.0593 0160  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\windows\system32\DRIVERS\psched.sys
15:26:02.0609 0160  PSched - ok
15:26:02.0640 0160  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\windows\system32\DRIVERS\ptilink.sys
15:26:02.0640 0160  Ptilink - ok
15:26:02.0703 0160  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\windows\system32\Drivers\PxHelp20.sys
15:26:02.0703 0160  PxHelp20 - ok
15:26:02.0718 0160  ql1080 - ok
15:26:02.0734 0160  Ql10wnt - ok
15:26:02.0765 0160  ql12160 - ok
15:26:02.0781 0160  ql1240 - ok
15:26:02.0796 0160  ql1280 - ok
15:26:02.0828 0160  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
15:26:02.0828 0160  RasAcd - ok
15:26:02.0890 0160  [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto         C:\windows\System32\rasauto.dll
15:26:02.0921 0160  RasAuto - ok
15:26:02.0953 0160  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
15:26:02.0953 0160  Rasl2tp - ok
15:26:03.0000 0160  [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan          C:\windows\System32\rasmans.dll
15:26:03.0015 0160  RasMan - ok
15:26:03.0031 0160  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
15:26:03.0046 0160  RasPppoe - ok
15:26:03.0078 0160  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\windows\system32\DRIVERS\raspti.sys
15:26:03.0078 0160  Raspti - ok
15:26:03.0109 0160  [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss           C:\windows\system32\DRIVERS\rdbss.sys
15:26:03.0109 0160  Rdbss - ok
15:26:03.0140 0160  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
15:26:03.0140 0160  RDPCDD - ok
15:26:03.0218 0160  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr           C:\windows\system32\DRIVERS\rdpdr.sys
15:26:03.0218 0160  rdpdr - ok
15:26:03.0296 0160  [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
15:26:03.0296 0160  RDPWD - ok
15:26:03.0328 0160  [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
15:26:03.0343 0160  RDSessMgr - ok
15:26:03.0390 0160  [ B31B4588E4086D8D84ADBF9845C2402B ] redbook         C:\windows\system32\DRIVERS\redbook.sys
15:26:03.0390 0160  redbook - ok
15:26:03.0437 0160  [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess    C:\windows\System32\mprdim.dll
15:26:03.0453 0160  RemoteAccess - ok
15:26:03.0500 0160  [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry  C:\windows\system32\regsvc.dll
15:26:03.0515 0160  RemoteRegistry - ok
15:26:03.0578 0160  [ F17713D108ACA124A139FDE877EEF68A ] RimUsb          C:\windows\system32\Drivers\RimUsb.sys
15:26:03.0578 0160  RimUsb - ok
15:26:03.0625 0160  [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort     C:\windows\system32\DRIVERS\RimSerial.sys
15:26:03.0625 0160  RimVSerPort - ok
15:26:03.0687 0160  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\windows\system32\Drivers\RootMdm.sys
15:26:03.0687 0160  ROOTMODEM - ok
15:26:03.0750 0160  [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator      C:\windows\system32\locator.exe
15:26:03.0750 0160  RpcLocator - ok
15:26:03.0796 0160  [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] RpcSs           C:\windows\system32\rpcss.dll
15:26:03.0828 0160  RpcSs - ok
15:26:03.0859 0160  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\windows\system32\rsvp.exe
15:26:03.0875 0160  RSVP - ok
15:26:03.0921 0160  [ 7988BFE882BCD94199225B5C3482F1BD ] RTL8023xp       C:\windows\system32\DRIVERS\Rtnicxp.sys
15:26:03.0937 0160  RTL8023xp - ok
15:26:03.0984 0160  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\windows\system32\DRIVERS\RTL8139.SYS
15:26:04.0000 0160  rtl8139 - ok
15:26:04.0031 0160  [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs           C:\windows\system32\lsass.exe
15:26:04.0031 0160  SamSs - ok
15:26:04.0093 0160  [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr        C:\windows\System32\SCardSvr.exe
15:26:04.0109 0160  SCardSvr - ok
15:26:04.0171 0160  [ 92360854316611F6CC471612213C3D92 ] Schedule        C:\windows\system32\schedsvc.dll
15:26:04.0203 0160  Schedule - ok
15:26:04.0234 0160  [ D26E26EA516450AF9D072635C60387F4 ] Secdrv          C:\windows\system32\DRIVERS\secdrv.sys
15:26:04.0234 0160  Secdrv - ok
15:26:04.0265 0160  [ B1E0CE09895376871746F36DC5773B4F ] seclogon        C:\windows\System32\seclogon.dll
15:26:04.0281 0160  seclogon - ok
15:26:04.0312 0160  [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS            C:\windows\system32\sens.dll
15:26:04.0328 0160  SENS - ok
15:26:04.0359 0160  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum         C:\windows\system32\DRIVERS\serenum.sys
15:26:04.0359 0160  serenum - ok
15:26:04.0390 0160  [ CD9404D115A00D249F70A371B46D5A26 ] Serial          C:\windows\system32\DRIVERS\serial.sys
15:26:04.0406 0160  Serial - ok
15:26:04.0484 0160  [ 6AD303A3529B7AEF99391DE19F5B400B ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
15:26:04.0484 0160  ServiceLayer - ok
15:26:04.0546 0160  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\windows\system32\drivers\Sfloppy.sys
15:26:04.0546 0160  Sfloppy - ok
15:26:04.0593 0160  [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess    C:\windows\System32\ipnathlp.dll
15:26:04.0609 0160  SharedAccess - ok
15:26:04.0640 0160  [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:26:04.0656 0160  ShellHWDetection - ok
15:26:04.0687 0160  Simbad - ok
15:26:04.0718 0160  [ 732D859B286DA692119F286B21A2A114 ] sisagp          C:\windows\system32\DRIVERS\sisagp.sys
15:26:04.0734 0160  sisagp - ok
15:26:04.0750 0160  Sparrow - ok
15:26:04.0812 0160  [ 8E186B8F23295D1E42C573B82B80D548 ] splitter        C:\windows\system32\drivers\splitter.sys
15:26:04.0812 0160  splitter - ok
15:26:04.0843 0160  [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler         C:\windows\system32\spoolsv.exe
15:26:04.0859 0160  Spooler - ok
15:26:04.0921 0160  [ E41B6D037D6CD08461470AF04500DC24 ] sr              C:\windows\system32\DRIVERS\sr.sys
15:26:04.0921 0160  sr - ok
15:26:04.0953 0160  [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice       C:\WINDOWS\system32\srsvc.dll
15:26:04.0984 0160  srservice - ok
15:26:05.0046 0160  [ AB9C79ED12D65E800AAAD3D72A04792F ] Srv             C:\windows\system32\DRIVERS\srv.sys
15:26:05.0062 0160  Srv - ok
15:26:05.0125 0160  [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
15:26:05.0140 0160  SSDPSRV - ok
15:26:05.0171 0160  [ EAA66218CD39F5BB1B4853A78C67C787 ] ss_bbus         C:\windows\system32\DRIVERS\ss_bbus.sys
15:26:05.0171 0160  ss_bbus - ok
15:26:05.0218 0160  [ 91765F99914ED8693D8BC76524F21581 ] ss_bmdfl        C:\windows\system32\DRIVERS\ss_bmdfl.sys
15:26:05.0218 0160  ss_bmdfl - ok
15:26:05.0265 0160  [ 840E7B738B03C10EE91D9B7D3D6EFF15 ] ss_bmdm         C:\windows\system32\DRIVERS\ss_bmdm.sys
15:26:05.0265 0160  ss_bmdm - ok
15:26:05.0328 0160  [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc          C:\windows\system32\wiaservc.dll
15:26:05.0359 0160  stisvc - ok
15:26:05.0375 0160  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
15:26:05.0375 0160  swenum - ok
15:26:05.0437 0160  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\windows\system32\drivers\swmidi.sys
15:26:05.0437 0160  swmidi - ok
15:26:05.0468 0160  SwPrv - ok
15:26:05.0500 0160  symc810 - ok
15:26:05.0515 0160  symc8xx - ok
15:26:05.0531 0160  sym_hi - ok
15:26:05.0562 0160  sym_u3 - ok
15:26:05.0578 0160  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\windows\system32\drivers\sysaudio.sys
15:26:05.0593 0160  sysaudio - ok
15:26:05.0640 0160  [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog       C:\windows\system32\smlogsvc.exe
15:26:05.0671 0160  SysmonLog - ok
15:26:05.0703 0160  [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv         C:\windows\System32\tapisrv.dll
15:26:05.0734 0160  TapiSrv - ok
15:26:05.0781 0160  [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip           C:\windows\system32\DRIVERS\tcpip.sys
15:26:05.0796 0160  Tcpip - ok
15:26:05.0843 0160  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\windows\system32\drivers\TDPIPE.sys
15:26:05.0843 0160  TDPIPE - ok
15:26:05.0890 0160  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\windows\system32\drivers\TDTCP.sys
15:26:05.0890 0160  TDTCP - ok
15:26:05.0921 0160  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
15:26:05.0921 0160  TermDD - ok
15:26:05.0984 0160  [ A77219A971029DC2FB683E8513713803 ] TermService     C:\windows\System32\termsrv.dll
15:26:06.0000 0160  TermService - ok
15:26:06.0031 0160  [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes          C:\windows\System32\shsvcs.dll
15:26:06.0062 0160  Themes - ok
15:26:06.0109 0160  [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
15:26:06.0140 0160  TlntSvr - ok
15:26:06.0156 0160  TosIde - ok
15:26:06.0187 0160  [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks          C:\windows\system32\trkwks.dll
15:26:06.0203 0160  TrkWks - ok
15:26:06.0265 0160  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\windows\system32\drivers\Udfs.sys
15:26:06.0265 0160  Udfs - ok
15:26:06.0281 0160  ultra - ok
15:26:06.0343 0160  [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
15:26:06.0359 0160  UMWdf - ok
15:26:06.0421 0160  [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update          C:\windows\system32\DRIVERS\update.sys
15:26:06.0421 0160  Update - ok
15:26:06.0468 0160  [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost        C:\windows\System32\upnphost.dll
15:26:06.0500 0160  upnphost - ok
15:26:06.0531 0160  [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS             C:\windows\System32\ups.exe
15:26:06.0562 0160  UPS - ok
15:26:06.0609 0160  [ 5AADC9297C39AA249CD994ACDBA19034 ] usbbus          C:\windows\system32\DRIVERS\lgusbbus.sys
15:26:06.0609 0160  usbbus - ok
15:26:06.0671 0160  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
15:26:06.0671 0160  usbccgp - ok
15:26:06.0703 0160  [ 4650FFE04E5922399B0E932319E6B215 ] UsbDiag         C:\windows\system32\DRIVERS\lgusbdiag.sys
15:26:06.0703 0160  UsbDiag - ok
15:26:06.0734 0160  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
15:26:06.0750 0160  usbhub - ok
15:26:06.0765 0160  [ 2666FE171E0C2E7085CCD5FE0BAC09E3 ] USBModem        C:\windows\system32\DRIVERS\lgusbmodem.sys
15:26:06.0765 0160  USBModem - ok
15:26:06.0796 0160  [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
15:26:06.0812 0160  usbohci - ok
15:26:06.0859 0160  [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
15:26:06.0875 0160  usbprint - ok
15:26:06.0921 0160  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
15:26:06.0921 0160  usbscan - ok
15:26:06.0968 0160  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
15:26:06.0984 0160  USBSTOR - ok
15:26:07.0015 0160  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\windows\System32\drivers\vga.sys
15:26:07.0031 0160  VgaSave - ok
15:26:07.0046 0160  ViaIde - ok
15:26:07.0078 0160  [ EE4660083DEBA849FF6C485D944B379B ] VolSnap         C:\windows\system32\drivers\VolSnap.sys
15:26:07.0078 0160  VolSnap - ok
15:26:07.0140 0160  [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS             C:\windows\System32\vssvc.exe
15:26:07.0171 0160  VSS - ok
15:26:07.0234 0160  [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time         C:\WINDOWS\system32\w32time.dll
15:26:07.0265 0160  W32Time - ok
15:26:07.0296 0160  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\windows\system32\DRIVERS\wanarp.sys
15:26:07.0312 0160  Wanarp - ok
15:26:07.0375 0160  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000        C:\windows\system32\Drivers\wdf01000.sys
15:26:07.0390 0160  Wdf01000 - ok
15:26:07.0406 0160  WDICA - ok
15:26:07.0453 0160  [ 2797F33EBF50466020C430EE4F037933 ] wdmaud          C:\windows\system32\drivers\wdmaud.sys
15:26:07.0453 0160  wdmaud - ok
15:26:07.0484 0160  [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient       C:\windows\System32\webclnt.dll
15:26:07.0500 0160  WebClient - ok
15:26:07.0609 0160  [ F399242A80C4066FD155EFA4CF96658E ] winmgmt         C:\windows\system32\wbem\WMIsvc.dll
15:26:07.0609 0160  winmgmt - ok
15:26:07.0687 0160  [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
15:26:07.0703 0160  WmdmPmSN - ok
15:26:07.0781 0160  [ 1081C185AED0660B2B5F173C3E023B23 ] Wmi             C:\windows\System32\advapi32.dll
15:26:07.0796 0160  Wmi - ok
15:26:07.0859 0160  [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:26:07.0859 0160  WmiApSrv - ok
15:26:07.0921 0160  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\windows\System32\drivers\ws2ifsl.sys
15:26:07.0921 0160  WS2IFSL - ok
15:26:07.0984 0160  [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc          C:\windows\system32\wscsvc.dll
15:26:08.0015 0160  wscsvc - ok
15:26:08.0062 0160  [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
15:26:08.0078 0160  wuauserv - ok
15:26:08.0125 0160  [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC          C:\windows\System32\wzcsvc.dll
15:26:08.0156 0160  WZCSVC - ok
15:26:08.0187 0160  [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov         C:\windows\System32\xmlprov.dll
15:26:08.0218 0160  xmlprov - ok
15:26:08.0250 0160  ztemtusbser - ok
15:26:08.0281 0160  ================ Scan global ===============================
15:26:08.0328 0160  [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\windows\system32\basesrv.dll
15:26:08.0343 0160  [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\windows\system32\winsrv.dll
15:26:08.0390 0160  [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\windows\system32\winsrv.dll
15:26:08.0437 0160  [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\windows\system32\services.exe
15:26:08.0468 0160  [Global] - ok
15:26:08.0468 0160  ================ Scan MBR ==================================
15:26:08.0500 0160  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:26:08.0781 0160  \Device\Harddisk0\DR0 - ok
15:26:08.0796 0160  ================ Scan VBR ==================================
15:26:08.0796 0160  [ 33DCD28F7BA8719FFE476B196F03F007 ] \Device\Harddisk0\DR0\Partition1
15:26:08.0812 0160  \Device\Harddisk0\DR0\Partition1 - ok
15:26:08.0843 0160  [ 1E0C20C6FDC8E7AA0986B131E4C3099C ] \Device\Harddisk0\DR0\Partition2
15:26:08.0843 0160  \Device\Harddisk0\DR0\Partition2 - ok
15:26:08.0843 0160  ============================================================
15:26:08.0843 0160  Scan finished
15:26:08.0843 0160  ============================================================
15:26:08.0875 3144  Detected object count: 0
15:26:08.0875 3144  Actual detected object count: 0
15:26:23.0593 3508  Deinitialize success
 

 

aswMBR.exe log

 

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-17 00:04:46
-----------------------------
00:04:46.218    OS Version: Windows 5.1.2600 Service Pack 2
00:04:46.218    Number of processors: 1 586 0x102
00:04:46.218    ComputerName: WENZ  UserName:
00:04:46.468    Initialize success
00:04:47.140    AVAST engine defs: 13031501
00:05:03.031    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:05:03.031    Disk 0 Vendor: ST340016A 3.75 Size: 38166MB BusType: 3
00:05:03.078    Disk 0 MBR read successfully
00:05:03.078    Disk 0 MBR scan
00:05:03.078    Disk 0 Windows XP default MBR code
00:05:03.109    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        19077 MB offset 63
00:05:03.109    Disk 0 Partition - 00     0F Extended LBA             19085 MB offset 39070080
00:05:03.140    Disk 0 Partition 2 00     0B        FAT32 MSWIN4.1    19085 MB offset 39070143
00:05:03.187    Disk 0 scanning sectors +78156225
00:05:03.375    Disk 0 scanning C:\windows\system32\drivers
00:05:30.515    Service scanning
00:05:51.140    Modules scanning
00:06:25.500    Disk 0 trace - called modules:
00:06:26.046    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
00:06:26.062    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81b985e0]
00:06:26.062    3 CLASSPNP.SYS[f9a7205b] -> nt!IofCallDriver -> \Device\00000063[0x81b69f18]
00:06:26.078    5 ACPI.sys[f99e8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81b99030]
00:06:26.296    AVAST engine scan C:\
01:25:23.750    Scan finished successfully
01:33:17.171    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\nokitaro\Desktop\MBR.dat"
01:33:17.296    The log file has been saved successfully to "C:\Documents and Settings\nokitaro\Desktop\aswMBR(1).txt"

 

Attached Files

  • Attached File  mbr.zip   16.91KB   0 downloads

Edited by takaonichi, 17 March 2013 - 12:50 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:37 AM

Posted 17 March 2013 - 07:39 AM

Thank you for the information. Will take it from here.

Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.

Link 1 Bleepingcomputer
Link 2 RogueKiller (par Tigzy)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

After running the tool, execute and run this one.

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RcAuto1.gif

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
    Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Do not mouse click ComboFix's window while it's running. That may cause it to stall

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.


#7 takaonichi

takaonichi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 17 March 2013 - 09:53 AM

thank you for replay   :)

 

oh yeah, why the aswmbr.exe i downloaded still version 0.9.9.1707  is that the latest version??

 

before the combofix steps may i install the windows recovery console from CD following this steps http://www.bleepingcomputer.com/tutorials/how-to-install-the-windows-xp-recovery-console/

 

or http://www.bleepingcomputer.com/combofix/how-to-use-combofix#manual_recovery (if i follow this that download directly from microsoft should i need to update it) ?

 which one is better??



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:37 AM

Posted 17 March 2013 - 12:36 PM

oh yeah, why the aswmbr.exe i downloaded still version 0.9.9.1707 is that the latest version??

I trust the owner on this one.

===

before the combofix steps may i install the windows recovery console from CD following this steps http://www.bleepingcomputer.com/tutorials/how-to-install-the-windows-xp-recovery-console/

or http://www.bleepingcomputer.com/combofix/how-to-use-combofix#manual_recovery (if i follow this that download directly from microsoft should i need to update it) ?
which one is better??

Run ComboFix, you will be asked to install it. Follow the directives.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users