Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

clicking sound, unknown malware


  • This topic is locked This topic is locked
46 replies to this topic

#1 randomnumber

randomnumber

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 PM

Posted 23 July 2013 - 04:51 PM

doesnt show up in superantivirus, malwarebytes, spybot, kaspery

 

cant change windows firewall settings

 

can do windows updates

 

lots of internet files placed in networkservice directory

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by xxxxx at 16:14:01 on 2013-07-23
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3582.1763 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4081204
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan enterprise\ScriptCl.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: legalnoticecaption = Computer Only For Use by SwRI Employees
mPolicies-System: legalnoticetext = This computer, its contents, and the network it is attached to are the property of Southwest Research Institute. Use of this computer and the network shall be in accordance with the Acceptable Use Policy of Southwest Research Institute. Unauthorized use of this system is prohibited. Use of this system is subject to monitoring. Unauthorized, or improper, use of this system may result in disciplinary action as deemed appropriate including termination and possible prosecution by civil or criminal authorities.
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://sslvpn.swri.org/CSHELL/extender.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
TCP: NameServer = 209.18.47.61 192.168.1.254 209.18.47.62
TCP: Interfaces\{B1CEC814-B8F4-4B57-A172-645C7EF79B0D} : DHCPNameServer = 209.18.47.61 192.168.1.254 209.18.47.62
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 129.162.30.50 b138dc1
Hosts: 129.162.80.9 oaedc1
Hosts: 129.162.33.75 websrvr02
Hosts: 129.162.33.80 cdb03.swri.edu
Hosts: 129.162.248.20 swale
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 VDWINIO;VDWINIO;c:\windows\system32\drivers\VdWinIo.sys [2011-4-2 7168]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 cpextender;Check Point SSL Network Extender;c:\program files\checkpoint\ssl network extender\slimsvc.exe [2011-10-18 355496]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-12-29 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2007-2-22 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2007-2-22 54872]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-12-29 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-12-29 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-12-29 170408]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2007-8-7 129304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2011-2-10 51968]
S3 nipalusb;NI-PAL USB Driver;c:\windows\system32\drivers\nipalusb.sys --> c:\windows\system32\drivers\nipalusb.sys [?]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2010-12-15 174720]
S3 TetaSCDevice;TetaSCDevice;\??\c:\windows\system32\tetascop.sys --> c:\windows\system32\tetascop.SYS [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== Created Last 30 ================
.
2013-07-21 21:09:56 -------- d-----w- c:\windows\system32\MRT
2013-07-20 16:38:03 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-07-20 16:38:03 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
2013-07-19 21:55:34 -------- d-----w- c:\documents and settings\rhonc\application data\Malwarebytes
2013-07-19 21:55:18 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-07-19 21:55:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-19 21:55:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-19 19:45:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-07-19 19:37:08 -------- d-----w- c:\windows\pss
2013-07-19 19:32:57 -------- d-----w- c:\program files\CCleaner
2013-07-19 18:57:09 -------- d-----w- c:\documents and settings\rhonc\application data\SUPERAntiSpyware.com
2013-07-19 18:56:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-07-19 18:56:53 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
.
==================== Find3M  ====================
.
2013-07-23 17:06:29 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2013-07-23 17:06:27 69792 ----a-w- c:\windows\system32\rpcnet.dll
2013-07-19 19:51:32 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2013-07-18 23:46:49 69792 ------w- c:\windows\system32\rpcnet.exe
2013-06-08 04:55:44 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 14:32:36 9456 ----a-w- c:\windows\system32\sabprocenum.sys
2013-05-10 16:39:07 39936 ----a-w- c:\windows\system32\identprv.dll
2013-05-09 05:28:02 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 16:14:39.51 ===============
 

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 24 July 2013 - 01:52 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 randomnumber

randomnumber
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 PM

Posted 24 July 2013 - 11:16 AM

gmer crashed (blue screen)

 

do i need to stop antivirus?

 

superantivirus and macafee are running.

 

thanks



#4 randomnumber

randomnumber
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 PM

Posted 24 July 2013 - 11:26 AM

should i turn off wireless while gmer runs?

 

thanks



#5 randomnumber

randomnumber
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 PM

Posted 24 July 2013 - 01:22 PM

got it

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-24 12:07:39
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e SAMSUNG_HM121HJ rev.2AA00_01 111.79GB
Running: hvtmqzky.exe; Driver: C:\DOCUME~1\rhonc\LOCALS~1\Temp\pwldrpog.sys

---- System - GMER 2.1 ----

SSDT            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)  ZwTerminateProcess [0xB35F3640]

Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                   ZwCreateFile [0xABEB457B]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                   ZwCreateKey [0xABEB44FB]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                   ZwCreateProcess [0xABEB45A5]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                   ZwDeleteKey [0xABEB450F]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                   ZwDeleteValueKey [0xABEB453B]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                   ZwMapViewOfSection [0xABEB45CF]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                   ZwOpenKey [0xABEB44E7]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                   ZwProtectVirtualMemory [0xABEB458F]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                   ZwRenameKey [0xABEB4525]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                   ZwSetValueKey [0xABEB4551]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                   ZwTerminateProcess [0xABEB4567]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                   ZwUnmapViewOfSection [0xABEB45E5]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                   ZwYieldExecution [0xABEB45B9]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                   NtCreateFile
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)                   NtMapViewOfSection

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                         mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                       mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                      mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device          \Driver\atapi \Device\Ide\IdePort0                                                                             8B1F7F3B
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                    8B1F7F3B
Device          \Driver\atapi \Device\Ide\IdePort1                                                                             8B1F7F3B
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                    8B1F8C10

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                      mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                    mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device          \FileSystem\Fastfat \Fat                                                                                       AB860D20

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                       mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Trace I/O - GMER 2.1 ----

Trace           ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8b1f8c10]<<                                                    8b1f8c10
Trace           1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b2ceab8]                                                        8b2ceab8
Trace           3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8b276ac0]                      8b276ac0
Trace           \Driver\atapi[0x8b123f38] -> IRP_MJ_CREATE -> 0x8b1f8c10                                                       8b1f8c10

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\                                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\@Parameters\0\x202e\x2764                                               232
Reg             HKLM\SYSTEM\ControlSet002\Services\ (not active ControlSet)                                                   
Reg             HKLM\SYSTEM\ControlSet002\Services\@Parameters\0\x202e\x2764                                                   232

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                          Windows XP default MBR code found via API
Disk            \Device\Harddisk0\DR0                                                                                          unknown MBR code
Disk            \Device\Harddisk0\DR0                                                                                          sector 0: rootkit-like behavior

---- EOF - GMER 2.1 ----

 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 25 July 2013 - 02:47 AM

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 randomnumber

randomnumber
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 PM

Posted 25 July 2013 - 11:10 AM

ok, it found Harbinger.a

i need to tell you some things

1.on boot up it displays the following:
 autochk program not found - skipping autocheck
 autochk program not found - skipping autocheck

2. when i enable the wireless,
 hardware manager detects an unknown usb device in port 2 but no usb devices are installed

3. when i go to manage my computer, disk management, it shows 3 partitions (2 ntfs and 1 fat).
 
 the ntfs partitions have drive letters and if you right click on them, you see an options menu
 with several options including delete.

 the fat partition has no drive letter, is small (135 mb), and only has "help" in its options menu.

4. also the keyboard has been hijacked.

 

10:00:15.0390 2300  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:00:15.0406 2300  ============================================================
10:00:15.0406 2300  Current date / time: 2013/07/25 10:00:15.0406
10:00:15.0406 2300  SystemInfo:
10:00:15.0406 2300 
10:00:15.0406 2300  OS Version: 5.1.2600 ServicePack: 3.0
10:00:15.0406 2300  Product type: Workstation
10:00:15.0406 2300  ComputerName: xxxxx
10:00:15.0406 2300  UserName: xxxx
10:00:15.0406 2300  Windows directory: C:\WINDOWS
10:00:15.0406 2300  System windows directory: C:\WINDOWS
10:00:15.0406 2300  Processor architecture: Intel x86
10:00:15.0406 2300  Number of processors: 2
10:00:15.0406 2300  Page size: 0x1000
10:00:15.0406 2300  Boot type: Normal boot
10:00:15.0406 2300  ============================================================
10:00:18.0906 2300  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:00:18.0906 2300  ============================================================
10:00:18.0906 2300  \Device\Harddisk0\DR0:
10:00:18.0906 2300  MBR partitions:
10:00:18.0906 2300  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3EC10, BlocksNum 0x4F025E5
10:00:18.0906 2300  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4F411F5, BlocksNum 0x90525CC
10:00:18.0906 2300  ============================================================
10:00:18.0953 2300  C: <-> \Device\Harddisk0\DR0\Partition1
10:00:19.0046 2300  D: <-> \Device\Harddisk0\DR0\Partition2
10:00:19.0062 2300  ============================================================
10:00:19.0062 2300  Initialize success
10:00:19.0062 2300  ============================================================
10:00:24.0953 1364  ============================================================
10:00:24.0953 1364  Scan started
10:00:24.0953 1364  Mode: Manual;
10:00:24.0953 1364  ============================================================
10:00:27.0734 1364  ================ Scan system memory ========================
10:00:37.0359 1364  System memory - ok
10:00:37.0359 1364  ================ Scan services =============================
10:00:37.0515 1364  [ 9EBE730D4B5E3FF25EAAF5A59BA6CCFF ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:00:37.0562 1364  !SASCORE - ok
10:00:38.0140 1364  Abiosdsk - ok
10:00:38.0171 1364  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:00:38.0187 1364  abp480n5 - ok
10:00:38.0312 1364  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:00:38.0421 1364  ACPI - ok
10:00:38.0453 1364  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
10:00:38.0453 1364  ACPIEC - ok
10:00:38.0531 1364  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:00:38.0578 1364  adpu160m - ok
10:00:38.0687 1364  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
10:00:38.0781 1364  aec - ok
10:00:38.0859 1364  [ A1AD1A4A9F18D900CA9C93FA3EFDCB56 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:00:38.0859 1364  AegisP - ok
10:00:38.0984 1364  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
10:00:39.0046 1364  AFD - ok
10:00:39.0109 1364  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
10:00:39.0125 1364  agp440 - ok
10:00:39.0156 1364  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:00:39.0187 1364  agpCPQ - ok
10:00:39.0203 1364  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:00:39.0218 1364  Aha154x - ok
10:00:39.0265 1364  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:00:39.0296 1364  aic78u2 - ok
10:00:39.0343 1364  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:00:39.0375 1364  aic78xx - ok
10:00:39.0421 1364  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
10:00:39.0437 1364  Alerter - ok
10:00:39.0500 1364  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
10:00:39.0515 1364  ALG - ok
10:00:39.0546 1364  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
10:00:39.0562 1364  AliIde - ok
10:00:39.0593 1364  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:00:39.0609 1364  alim1541 - ok
10:00:39.0640 1364  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:00:39.0671 1364  amdagp - ok
10:00:39.0687 1364  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
10:00:39.0703 1364  amsint - ok
10:00:39.0812 1364  [ B8D65DA679A4A8D048783EDE2691B5D4 ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
10:00:39.0812 1364  ApfiltrService - ok
10:00:39.0906 1364  [ EC94E05B76D033B74394E7B2175103CF ] APPDRV          C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
10:00:39.0921 1364  APPDRV - ok
10:00:40.0031 1364  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
10:00:40.0109 1364  AppMgmt - ok
10:00:40.0171 1364  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:00:40.0203 1364  Arp1394 - ok
10:00:40.0250 1364  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
10:00:40.0265 1364  asc - ok
10:00:40.0281 1364  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:00:40.0296 1364  asc3350p - ok
10:00:40.0312 1364  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:00:40.0328 1364  asc3550 - ok
10:00:40.0562 1364  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:00:40.0625 1364  aspnet_state - ok
10:00:40.0687 1364  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:00:40.0687 1364  AsyncMac - ok
10:00:40.0796 1364  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
10:00:40.0796 1364  atapi - ok
10:00:40.0812 1364  Atdisk - ok
10:00:40.0890 1364  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:00:40.0921 1364  Atmarpc - ok
10:00:41.0000 1364  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
10:00:41.0031 1364  AudioSrv - ok
10:00:41.0125 1364  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
10:00:41.0125 1364  audstub - ok
10:00:41.0250 1364  [ F96038AA1EC4013A93D2420FC689D1E9 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
10:00:41.0250 1364  b57w2k - ok
10:00:41.0265 1364  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
10:00:41.0312 1364  Beep - ok
10:00:41.0578 1364  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
10:00:41.0968 1364  BITS - ok
10:00:42.0046 1364  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
10:00:42.0093 1364  Browser - ok
10:00:42.0125 1364  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:00:42.0140 1364  cbidf - ok
10:00:42.0156 1364  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
10:00:42.0156 1364  cbidf2k - ok
10:00:42.0171 1364  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:00:42.0171 1364  cd20xrnt - ok
10:00:42.0218 1364  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
10:00:42.0218 1364  Cdaudio - ok
10:00:42.0296 1364  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
10:00:42.0328 1364  Cdfs - ok
10:00:42.0375 1364  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:00:42.0406 1364  Cdrom - ok
10:00:42.0406 1364  Changer - ok
10:00:42.0468 1364  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
10:00:42.0468 1364  CiSvc - ok
10:00:42.0500 1364  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
10:00:42.0515 1364  ClipSrv - ok
10:00:42.0687 1364  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:00:42.0828 1364  clr_optimization_v2.0.50727_32 - ok
10:00:42.0968 1364  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:00:43.0109 1364  clr_optimization_v4.0.30319_32 - ok
10:00:43.0125 1364  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:00:43.0125 1364  CmBatt - ok
10:00:43.0171 1364  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:00:43.0171 1364  CmdIde - ok
10:00:43.0187 1364  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:00:43.0187 1364  Compbatt - ok
10:00:43.0187 1364  COMSysApp - ok
10:00:43.0484 1364  [ CD58FB9264F97BBB45C4154C61D9BDDD ] cpextender      C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
10:00:43.0671 1364  cpextender - ok
10:00:43.0687 1364  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:00:43.0703 1364  Cpqarray - ok
10:00:43.0765 1364  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
10:00:43.0796 1364  CryptSvc - ok
10:00:43.0968 1364  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:00:44.0078 1364  dac2w2k - ok
10:00:44.0312 1364  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:00:44.0328 1364  dac960nt - ok
10:00:44.0718 1364  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
10:00:45.0093 1364  DcomLaunch - ok
10:00:45.0265 1364  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
10:00:45.0375 1364  Dhcp - ok
10:00:45.0453 1364  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
10:00:45.0468 1364  Disk - ok
10:00:45.0468 1364  dmadmin - ok
10:00:45.0937 1364  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
10:00:46.0375 1364  dmboot - ok
10:00:46.0453 1364  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
10:00:46.0531 1364  dmio - ok
10:00:46.0562 1364  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
10:00:46.0562 1364  dmload - ok
10:00:46.0625 1364  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
10:00:46.0640 1364  dmserver - ok
10:00:46.0703 1364  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
10:00:46.0734 1364  DMusic - ok
10:00:46.0843 1364  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
10:00:46.0875 1364  Dnscache - ok
10:00:46.0984 1364  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
10:00:47.0062 1364  Dot3svc - ok
10:00:47.0093 1364  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:00:47.0109 1364  dpti2o - ok
10:00:47.0140 1364  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
10:00:47.0140 1364  drmkaud - ok
10:00:47.0218 1364  [ B2C3F71B86E25C3DF78339DDB40A7562 ] dsNcAdpt        C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
10:00:47.0218 1364  dsNcAdpt - ok
10:00:47.0609 1364  [ 5538EED60DC1BC13E9E534D067CC0F40 ] dsNcService     C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
10:00:47.0968 1364  dsNcService - ok
10:00:48.0078 1364  [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:00:48.0140 1364  E100B - ok
10:00:48.0171 1364  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
10:00:48.0187 1364  EapHost - ok
10:00:48.0218 1364  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
10:00:48.0234 1364  ERSvc - ok
10:00:48.0328 1364  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
10:00:48.0406 1364  Eventlog - ok
10:00:48.0578 1364  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
10:00:48.0687 1364  EventSystem - ok
10:00:49.0171 1364  [ E71B03FF6B819AE1A286AA27E956D523 ] EvtEng          C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
10:00:49.0515 1364  EvtEng - ok
10:00:49.0625 1364  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
10:00:49.0703 1364  Fastfat - ok
10:00:49.0859 1364  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:00:49.0937 1364  FastUserSwitchingCompatibility - ok
10:00:50.0187 1364  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
10:00:50.0328 1364  Fax - ok
10:00:50.0375 1364  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
10:00:50.0390 1364  Fdc - ok
10:00:50.0437 1364  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
10:00:50.0437 1364  Fips - ok
10:00:50.0859 1364  [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:00:51.0375 1364  FLEXnet Licensing Service - ok
10:00:51.0390 1364  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:00:51.0406 1364  Flpydisk - ok
10:00:51.0484 1364  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
10:00:51.0562 1364  FltMgr - ok
10:00:51.0671 1364  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:00:51.0703 1364  FontCache3.0.0.0 - ok
10:00:51.0718 1364  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:00:51.0734 1364  Fs_Rec - ok
10:00:51.0734 1364  FTDIBUS - ok
10:00:51.0828 1364  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:00:51.0906 1364  Ftdisk - ok
10:00:51.0906 1364  FTSER2K - ok
10:00:52.0125 1364  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:00:52.0156 1364  Gpc - ok
10:00:52.0187 1364  [ 7031A936832967A93B0E5D5F1C76745A ] guardian2       C:\WINDOWS\system32\Drivers\oz776.sys
10:00:52.0234 1364  guardian2 - ok
10:00:52.0312 1364  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:00:52.0312 1364  HDAudBus - ok
10:00:52.0421 1364  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:00:52.0437 1364  helpsvc - ok
10:00:52.0468 1364  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
10:00:52.0484 1364  HidServ - ok
10:00:52.0515 1364  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:00:52.0515 1364  HidUsb - ok
10:00:52.0593 1364  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
10:00:52.0625 1364  hkmsvc - ok
10:00:52.0671 1364  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
10:00:52.0687 1364  hpn - ok
10:00:52.0843 1364  [ 7290FB97535C317A237D4C73149C7E2C ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
10:00:53.0171 1364  HSFHWAZL - ok
10:00:53.0703 1364  [ F362C0B442337DA8AB0608DFAA4CA076 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
10:00:54.0453 1364  HSF_DPV - ok
10:00:54.0640 1364  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
10:00:54.0796 1364  HTTP - ok
10:00:54.0843 1364  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
10:00:54.0875 1364  HTTPFilter - ok
10:00:54.0937 1364  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
10:00:55.0140 1364  i2omgmt - ok
10:00:55.0171 1364  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:00:55.0171 1364  i2omp - ok
10:00:55.0203 1364  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:00:55.0234 1364  i8042prt - ok
10:00:55.0375 1364  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
10:00:55.0421 1364  IDriverT - ok
10:00:56.0203 1364  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:00:56.0687 1364  idsvc - ok
10:00:56.0718 1364  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
10:00:56.0734 1364  Imapi - ok
10:00:56.0859 1364  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
10:00:56.0906 1364  ImapiService - ok
10:00:57.0140 1364  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:00:57.0140 1364  ini910u - ok
10:00:57.0171 1364  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
10:00:57.0171 1364  IntelIde - ok
10:00:57.0187 1364  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:00:57.0218 1364  intelppm - ok
10:00:57.0250 1364  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
10:00:57.0265 1364  Ip6Fw - ok
10:00:57.0312 1364  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:00:57.0343 1364  IpFilterDriver - ok
10:00:57.0359 1364  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:00:57.0375 1364  IpInIp - ok
10:00:57.0484 1364  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:00:57.0562 1364  IpNat - ok
10:00:57.0625 1364  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:00:57.0656 1364  IPSec - ok
10:00:57.0687 1364  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
10:00:57.0703 1364  IRENUM - ok
10:00:57.0750 1364  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:00:57.0781 1364  isapnp - ok
10:00:57.0796 1364  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:00:57.0828 1364  Kbdclass - ok
10:00:57.0843 1364  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:00:57.0843 1364  kbdhid - ok
10:00:58.0156 1364  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
10:00:58.0250 1364  kmixer - ok
10:00:58.0328 1364  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
10:00:58.0375 1364  KSecDD - ok
10:00:58.0468 1364  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
10:00:58.0515 1364  lanmanserver - ok
10:00:58.0625 1364  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:00:58.0687 1364  lanmanworkstation - ok
10:00:58.0687 1364  lbrtfdc - ok
10:00:58.0718 1364  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
10:00:58.0734 1364  LmHosts - ok
10:00:58.0906 1364  [ 61A075EEE96E6B6CA54C1DC22CA9BF86 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
10:00:59.0156 1364  McAfeeFramework - ok
10:00:59.0546 1364  [ B74CEBEF7F2126F68CDC060C855E5AAB ] McShield        C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
10:00:59.0750 1364  McShield - ok
10:00:59.0953 1364  [ A7AF906D9F480A5B60F70C499B91A983 ] McTaskManager   C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
10:01:00.0171 1364  McTaskManager - ok
10:01:00.0234 1364  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:01:00.0265 1364  mdmxsdk - ok
10:01:00.0421 1364  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
10:01:00.0453 1364  Messenger - ok
10:01:00.0546 1364  [ B5C306C5B5E7417B9D2B410894678069 ] mfeapfk         C:\WINDOWS\system32\drivers\mfeapfk.sys
10:01:00.0546 1364  mfeapfk - ok
10:01:00.0671 1364  [ 87B28198B308AF3469D6E0B81D86C1FA ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
10:01:00.0671 1364  mfeavfk - ok
10:01:00.0703 1364  [ CF37784DD24C83F62626BC0EA3F5E386 ] mfebopk         C:\WINDOWS\system32\drivers\mfebopk.sys
10:01:00.0703 1364  mfebopk - ok
10:01:00.0828 1364  [ 241C09C7D8C589EA1D72A36E6578E42C ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
10:01:00.0828 1364  mfehidk - ok
10:01:00.0875 1364  [ 37B5228BEA6B4429FFB90DFA77AF4431 ] mferkdk         C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
10:01:00.0875 1364  mferkdk - ok
10:01:00.0906 1364  [ 19C2D8AF421E96D12E4004CA2162DBE9 ] mfetdik         C:\WINDOWS\system32\drivers\mfetdik.sys
10:01:00.0906 1364  mfetdik - ok
10:01:01.0218 1364  [ 4F169F43F932739F093AE4E659FFF26A ] MHIKEY10        C:\WINDOWS\system32\Drivers\MHIKEY10.sys
10:01:01.0265 1364  MHIKEY10 - ok
10:01:01.0359 1364  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
10:01:01.0359 1364  mnmdd - ok
10:01:01.0421 1364  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
10:01:01.0437 1364  mnmsrvc - ok
10:01:01.0531 1364  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
10:01:01.0531 1364  Modem - ok
10:01:01.0562 1364  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:01:01.0593 1364  Mouclass - ok
10:01:01.0640 1364  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:01:01.0640 1364  mouhid - ok
10:01:01.0703 1364  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
10:01:01.0718 1364  MountMgr - ok
10:01:01.0765 1364  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:01:01.0781 1364  mraid35x - ok
10:01:01.0921 1364  [ E3F17E1EA5256709D4E97EF0DA04B3C9 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:01:02.0234 1364  MRxDAV - ok
10:01:02.0515 1364  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:01:02.0765 1364  MRxSmb - ok
10:01:02.0796 1364  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
10:01:02.0812 1364  MSDTC - ok
10:01:02.0828 1364  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
10:01:02.0843 1364  Msfs - ok
10:01:02.0843 1364  MSIServer - ok
10:01:02.0859 1364  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:01:02.0875 1364  MSKSSRV - ok
10:01:02.0890 1364  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:01:02.0890 1364  MSPCLOCK - ok
10:01:02.0921 1364  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
10:01:03.0125 1364  MSPQM - ok
10:01:03.0140 1364  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:01:03.0156 1364  mssmbios - ok
10:01:03.0234 1364  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
10:01:03.0296 1364  Mup - ok
10:01:03.0484 1364  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
10:01:03.0640 1364  napagent - ok
10:01:03.0750 1364  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
10:01:03.0859 1364  NDIS - ok
10:01:03.0890 1364  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:01:03.0906 1364  NdisTapi - ok
10:01:03.0921 1364  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:01:04.0140 1364  Ndisuio - ok
10:01:04.0203 1364  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:01:04.0250 1364  NdisWan - ok
10:01:04.0328 1364  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
10:01:04.0359 1364  NDProxy - ok
10:01:04.0375 1364  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
10:01:04.0390 1364  NetBIOS - ok
10:01:04.0531 1364  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
10:01:04.0640 1364  NetBT - ok
10:01:04.0750 1364  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
10:01:04.0796 1364  NetDDE - ok
10:01:04.0859 1364  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
10:01:04.0875 1364  NetDDEdsdm - ok
10:01:04.0921 1364  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
10:01:04.0921 1364  Netlogon - ok
10:01:05.0031 1364  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
10:01:05.0140 1364  Netman - ok
10:01:05.0265 1364  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:01:05.0343 1364  NetTcpPortSharing - ok
10:01:06.0562 1364  [ B5AB1108B377B5F3D37409FABDA01453 ] NETw4x32        C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
10:01:07.0750 1364  NETw4x32 - ok
10:01:07.0796 1364  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:01:07.0828 1364  NIC1394 - ok
10:01:08.0171 1364  [ 27D38B7D646283D98D65E3435B1E6197 ] NICCONFIGSVC    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
10:01:08.0421 1364  NICCONFIGSVC - ok
10:01:08.0421 1364  nipalusb - ok
10:01:08.0593 1364  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
10:01:08.0734 1364  Nla - ok
10:01:08.0734 1364  Nmea - ok
10:01:08.0765 1364  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
10:01:08.0781 1364  Npfs - ok
10:01:09.0140 1364  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
10:01:09.0781 1364  Ntfs - ok
10:01:09.0828 1364  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
10:01:09.0828 1364  NtLmSsp - ok
10:01:10.0296 1364  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
10:01:10.0687 1364  NtmsSvc - ok
10:01:10.0843 1364  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
10:01:10.0843 1364  Null - ok
10:01:14.0421 1364  [ 8129D762CC3E3C5AB9CF2EABC377FB73 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:01:18.0062 1364  nv - ok
10:01:18.0218 1364  [ 7EE6243758619A391491148EABF0E7B7 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
10:01:18.0312 1364  NVSvc - ok
10:01:18.0468 1364  [ 93213C7EC08E01E37A935BF144E75DF6 ] NWADI           C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
10:01:18.0468 1364  NWADI - ok
10:01:18.0515 1364  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:01:18.0515 1364  NwlnkFlt - ok
10:01:18.0546 1364  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:01:18.0562 1364  NwlnkFwd - ok
10:01:18.0718 1364  [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBModem      C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
10:01:18.0828 1364  NWUSBModem - ok
10:01:18.0968 1364  [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBPort       C:\WINDOWS\system32\DRIVERS\nwusbser.sys
10:01:19.0078 1364  NWUSBPort - ok
10:01:19.0484 1364  [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBPort2      C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
10:01:19.0796 1364  NWUSBPort2 - ok
10:01:20.0578 1364  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:01:21.0000 1364  odserv - ok
10:01:21.0046 1364  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:01:21.0078 1364  ohci1394 - ok
10:01:21.0218 1364  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:01:21.0296 1364  ose - ok
10:01:21.0390 1364  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
10:01:21.0437 1364  Parport - ok
10:01:21.0484 1364  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
10:01:21.0500 1364  PartMgr - ok
10:01:21.0515 1364  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
10:01:21.0531 1364  ParVdm - ok
10:01:21.0531 1364  PCASp50 - ok
10:01:21.0578 1364  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
10:01:21.0609 1364  PCI - ok
10:01:21.0609 1364  PCIDump - ok
10:01:21.0640 1364  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
10:01:21.0640 1364  PCIIde - ok
10:01:21.0718 1364  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:01:21.0796 1364  Pcmcia - ok
10:01:21.0796 1364  PCTINDIS5 - ok
10:01:21.0796 1364  PDCOMP - ok
10:01:21.0812 1364  PDFRAME - ok
10:01:21.0812 1364  PDRELI - ok
10:01:21.0812 1364  PDRFRAME - ok
10:01:21.0859 1364  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
10:01:21.0875 1364  perc2 - ok
10:01:21.0906 1364  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:01:21.0906 1364  perc2hib - ok
10:01:22.0015 1364  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
10:01:22.0015 1364  PlugPlay - ok
10:01:22.0031 1364  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
10:01:22.0031 1364  PolicyAgent - ok
10:01:22.0078 1364  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:01:22.0109 1364  PptpMiniport - ok
10:01:22.0125 1364  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:01:22.0125 1364  ProtectedStorage - ok
10:01:22.0171 1364  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
10:01:22.0203 1364  PSched - ok
10:01:22.0234 1364  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:01:22.0234 1364  Ptilink - ok
10:01:22.0265 1364  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:01:22.0296 1364  ql1080 - ok
10:01:22.0312 1364  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:01:22.0328 1364  Ql10wnt - ok
10:01:22.0406 1364  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:01:22.0437 1364  ql12160 - ok
10:01:22.0468 1364  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:01:22.0484 1364  ql1240 - ok
10:01:22.0531 1364  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:01:22.0562 1364  ql1280 - ok
10:01:22.0593 1364  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:01:22.0593 1364  RasAcd - ok
10:01:22.0687 1364  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
10:01:22.0734 1364  RasAuto - ok
10:01:22.0781 1364  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:01:22.0812 1364  Rasl2tp - ok
10:01:22.0984 1364  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:01:23.0078 1364  RasMan - ok
10:01:23.0109 1364  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:01:23.0140 1364  RasPppoe - ok
10:01:23.0156 1364  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
10:01:23.0156 1364  Raspti - ok
10:01:23.0265 1364  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:01:23.0359 1364  Rdbss - ok
10:01:23.0375 1364  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:01:23.0375 1364  RDPCDD - ok
10:01:23.0484 1364  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:01:23.0593 1364  rdpdr - ok
10:01:23.0718 1364  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
10:01:23.0812 1364  RDPWD - ok
10:01:23.0906 1364  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
10:01:23.0984 1364  RDSessMgr - ok
10:01:24.0031 1364  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
10:01:24.0062 1364  redbook - ok
10:01:24.0250 1364  [ 2CF574D0965F58E514A2DC94114D7ECA ] RegSrvc         C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
10:01:24.0421 1364  RegSrvc - ok
10:01:24.0484 1364  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:01:24.0500 1364  RemoteAccess - ok
10:01:24.0562 1364  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
10:01:24.0593 1364  RemoteRegistry - ok
10:01:24.0671 1364  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
10:01:24.0718 1364  RpcLocator - ok
10:01:24.0812 1364  [ 675C575444AAFD56B4E8A99EF8A570CD ] Rpcnet          C:\WINDOWS\system32\rpcnet.exe
10:01:24.0812 1364  Rpcnet - ok
10:01:25.0078 1364  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
10:01:25.0078 1364  RpcSs - ok
10:01:25.0203 1364  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
10:01:25.0281 1364  RSVP - ok
10:01:25.0859 1364  [ 874173EDBD4F2FE711F245855A2FFA23 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
10:01:26.0390 1364  S24EventMonitor - ok
10:01:26.0406 1364  [ EADFB87F911A7A75D1B80617F92901E8 ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
10:01:26.0421 1364  s24trans - ok
10:01:26.0484 1364  SABProcEnum - ok
10:01:26.0500 1364  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
10:01:26.0500 1364  SamSs - ok
10:01:26.0500 1364  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:01:26.0500 1364  SASDIFSV - ok
10:01:26.0578 1364  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:01:26.0578 1364  SASKUTIL - ok
10:01:26.0640 1364  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
10:01:26.0687 1364  SCardSvr - ok
10:01:26.0812 1364  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:01:26.0906 1364  Schedule - ok
10:01:26.0968 1364  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:01:26.0984 1364  Secdrv - ok
10:01:27.0031 1364  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
10:01:27.0031 1364  seclogon - ok
10:01:27.0062 1364  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
10:01:27.0078 1364  SENS - ok
10:01:27.0125 1364  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
10:01:27.0140 1364  serenum - ok
10:01:27.0171 1364  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
10:01:27.0203 1364  Serial - ok
10:01:27.0265 1364  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
10:01:27.0265 1364  Sfloppy - ok
10:01:27.0375 1364  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:01:27.0375 1364  ShellHWDetection - ok
10:01:27.0375 1364  Simbad - ok
10:01:27.0437 1364  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:01:27.0453 1364  sisagp - ok
10:01:27.0515 1364  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:01:27.0531 1364  Sparrow - ok
10:01:27.0593 1364  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
10:01:27.0593 1364  splitter - ok
10:01:27.0640 1364  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
10:01:27.0671 1364  Spooler - ok
10:01:27.0734 1364  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
10:01:27.0781 1364  sr - ok
10:01:27.0890 1364  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
10:01:27.0968 1364  srservice - ok
10:01:28.0203 1364  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
10:01:28.0406 1364  Srv - ok
10:01:28.0453 1364  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
10:01:28.0484 1364  SSDPSRV - ok
10:01:28.0578 1364  [ 6F855B5625A47F3AC731A262FDC379A6 ] STacSV          C:\WINDOWS\system32\StacSV.exe
10:01:28.0640 1364  STacSV - ok
10:01:29.0359 1364  [ 951801DFB54D86F611F0AF47825476F9 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
10:01:29.0359 1364  STHDA - ok
10:01:29.0421 1364  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
10:01:29.0437 1364  StillCam - ok
10:01:29.0656 1364  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
10:01:29.0828 1364  stisvc - ok
10:01:29.0890 1364  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
10:01:29.0906 1364  swenum - ok
10:01:29.0953 1364  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
10:01:29.0984 1364  swmidi - ok
10:01:29.0984 1364  SwPrv - ok
10:01:30.0015 1364  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
10:01:30.0031 1364  symc810 - ok
10:01:30.0062 1364  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:01:30.0078 1364  symc8xx - ok
10:01:30.0093 1364  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:01:30.0109 1364  sym_hi - ok
10:01:30.0140 1364  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:01:30.0156 1364  sym_u3 - ok
10:01:30.0218 1364  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
10:01:30.0250 1364  sysaudio - ok
10:01:30.0328 1364  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
10:01:30.0375 1364  SysmonLog - ok
10:01:30.0531 1364  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
10:01:30.0656 1364  TapiSrv - ok
10:01:30.0906 1364  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:01:31.0093 1364  Tcpip - ok
10:01:31.0125 1364  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
10:01:31.0140 1364  TDPIPE - ok
10:01:31.0187 1364  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
10:01:31.0203 1364  TDTCP - ok
10:01:31.0234 1364  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
10:01:31.0250 1364  TermDD - ok
10:01:31.0421 1364  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
10:01:31.0562 1364  TermService - ok
10:01:31.0562 1364  TetaSCDevice - ok
10:01:31.0656 1364  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
10:01:31.0656 1364  Themes - ok
10:01:31.0750 1364  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
10:01:31.0781 1364  TlntSvr - ok
10:01:31.0812 1364  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
10:01:31.0812 1364  TosIde - ok
10:01:31.0812 1364  tosporte - ok
10:01:31.0812 1364  tosrfbd - ok
10:01:31.0828 1364  tosrfbnp - ok
10:01:31.0828 1364  Tosrfcom - ok
10:01:31.0843 1364  Tosrfhid - ok
10:01:31.0843 1364  tosrfnds - ok
10:01:31.0843 1364  Tosrfusb - ok
10:01:31.0937 1364  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
10:01:31.0968 1364  TrkWks - ok
10:01:32.0031 1364  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
10:01:32.0062 1364  Udfs - ok
10:01:32.0109 1364  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
10:01:32.0125 1364  ultra - ok
10:01:32.0390 1364  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
10:01:32.0593 1364  Update - ok
10:01:32.0734 1364  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
10:01:32.0843 1364  upnphost - ok
10:01:32.0875 1364  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
10:01:32.0875 1364  UPS - ok
10:01:32.0906 1364  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:01:32.0937 1364  usbccgp - ok
10:01:32.0968 1364  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:01:32.0984 1364  usbehci - ok
10:01:33.0031 1364  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:01:33.0062 1364  usbhub - ok
10:01:33.0093 1364  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:01:33.0093 1364  usbohci - ok
10:01:33.0156 1364  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:01:33.0156 1364  usbscan - ok
10:01:33.0234 1364  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:01:33.0250 1364  USBSTOR - ok
10:01:33.0296 1364  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:01:33.0312 1364  usbuhci - ok
10:01:33.0328 1364  [ AAE4EBBDA3E42885663A34C4A35B0C53 ] VDWINIO         C:\WINDOWS\system32\Drivers\VdWinIo.sys
10:01:33.0343 1364  VDWINIO - ok
10:01:33.0375 1364  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
10:01:33.0390 1364  VgaSave - ok
10:01:33.0421 1364  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:01:33.0453 1364  viaagp - ok
10:01:33.0484 1364  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
10:01:33.0500 1364  ViaIde - ok
10:01:33.0609 1364  [ 48007916B1D0DAB3E6C0D701DE7C4AFB ] VNA             C:\WINDOWS\system32\DRIVERS\vna.sys
10:01:33.0609 1364  VNA - ok
10:01:33.0703 1364  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
10:01:33.0734 1364  VolSnap - ok
10:01:33.0921 1364  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
10:01:34.0078 1364  VSS - ok
10:01:34.0203 1364  [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time         C:\WINDOWS\system32\w32time.dll
10:01:34.0296 1364  w32time - ok
10:01:34.0328 1364  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:01:34.0343 1364  Wanarp - ok
10:01:34.0343 1364  WaveFDE - ok
10:01:34.0343 1364  WDICA - ok
10:01:34.0406 1364  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
10:01:34.0453 1364  wdmaud - ok
10:01:34.0500 1364  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
10:01:34.0531 1364  WebClient - ok
10:01:34.0968 1364  [ 92CE6497076EAC3083185C44157B3A46 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:01:35.0359 1364  winachsf - ok
10:01:35.0546 1364  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
10:01:35.0609 1364  winmgmt - ok
10:01:36.0250 1364  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
10:01:36.0843 1364  WinRM - ok
10:01:37.0046 1364  [ 4307641CA3389A210295FDFFD2A73DEE ] WLANKEEPER      C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
10:01:37.0203 1364  WLANKEEPER - ok
10:01:38.0078 1364  [ D9250B31B353EE3322C1CAD411997E38 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:01:38.0921 1364  wlidsvc - ok
10:01:38.0984 1364  [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
10:01:39.0000 1364  WmdmPmSN - ok
10:01:39.0359 1364  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
10:01:39.0687 1364  Wmi - ok
10:01:39.0703 1364  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:01:39.0718 1364  WmiAcpi - ok
10:01:39.0828 1364  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:01:39.0906 1364  WmiApSrv - ok
10:01:40.0546 1364  [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
10:01:41.0078 1364  WMPNetworkSvc - ok
10:01:41.0718 1364  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:01:42.0140 1364  WPFFontCache_v0400 - ok
10:01:42.0156 1364  WSearch - ok
10:01:42.0203 1364  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
10:01:42.0218 1364  wuauserv - ok
10:01:42.0312 1364  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:01:42.0359 1364  WudfPf - ok
10:01:42.0437 1364  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:01:42.0484 1364  WudfRd - ok
10:01:42.0531 1364  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
10:01:42.0562 1364  WudfSvc - ok
10:01:42.0890 1364  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
10:01:43.0187 1364  WZCSVC - ok
10:01:43.0312 1364  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
10:01:43.0390 1364  xmlprov - ok
10:01:43.0531 1364  etadpug - ok
10:01:43.0531 1364  ================ Scan global ===============================
10:01:43.0578 1364  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:01:43.0796 1364  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
10:01:44.0140 1364  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
10:01:44.0390 1364  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:01:44.0390 1364  [Global] - ok
10:01:44.0390 1364  ================ Scan MBR ==================================
10:01:44.0437 1364  [ B8219E126CCFCA2511CA3F82E8C3CEDF ] \Device\Harddisk0\DR0
10:01:44.0437 1364  Suspicious mbr (Forged): \Device\Harddisk0\DR0
10:01:44.0625 1364  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected
10:01:44.0625 1364  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0)
10:01:44.0625 1364  ================ Scan VBR ==================================
10:01:44.0640 1364  [ 3E5B5FF5FEF19BC3A1AC64875277B2A6 ] \Device\Harddisk0\DR0\Partition1
10:01:44.0781 1364  \Device\Harddisk0\DR0\Partition1 - ok
10:01:44.0906 1364  [ 66E5F9822D7992D657AE5CFF79EE45A6 ] \Device\Harddisk0\DR0\Partition2
10:01:44.0968 1364  \Device\Harddisk0\DR0\Partition2 - ok
10:01:44.0968 1364  ============================================================
10:01:44.0968 1364  Scan finished
10:01:44.0968 1364  ============================================================
10:01:44.0968 0652  Detected object count: 1
10:01:44.0968 0652  Actual detected object count: 1
10:02:11.0265 0652  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - skipped by user
10:02:11.0265 0652  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Skip
10:02:35.0125 1264  Deinitialize success

 



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 26 July 2013 - 12:40 AM

Fix with TDSS-Killer

Please read and follow these instructions carefully.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • When the scan is finished, select cure for the following entry.

    Rootkit.Boot.Harbinger.a
     
    
  • Hit continue.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 randomnumber

randomnumber
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 PM

Posted 26 July 2013 - 10:23 AM

the last sections should show this

keyboard and cut/paste is acting strange

 

 

 

08:52:06.0921 3148  ================ Scan global ===============================
08:52:06.0984 3148  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:52:07.0218 3148  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
08:52:07.0406 3148  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
08:52:07.0500 3148  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:52:07.0500 3148  [Global] - ok
08:52:07.0500 3148  ================ Scan MBR ==================================
08:52:07.0546 3148  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
08:52:08.0031 3148  \Device\Harddisk0\DR0 - ok
08:52:08.0031 3148  ================ Scan VBR ==================================
08:52:08.0046 3148  [ 3E5B5FF5FEF19BC3A1AC64875277B2A6 ] \Device\Harddisk0\DR0\Partition1
08:52:08.0046 3148  \Device\Harddisk0\DR0\Partition1 - ok
08:52:08.0078 3148  [ 66E5F9822D7992D657AE5CFF79EE45A6 ] \Device\Harddisk0\DR0\Partition2
08:52:08.0078 3148  \Device\Harddisk0\DR0\Partition2 - ok
08:52:08.0078 3148  ============================================================
08:52:08.0078 3148  Scan finished
08:52:08.0078 3148  ============================================================
08:52:08.0093 2792  Detected object count: 0
08:52:08.0093 2792  Actual detected object count: 0
08:54:05.0984 2364  Deinitialize success

 

 

 

 

 

08:48:57.0765 2276  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:48:58.0453 2276  ============================================================
08:48:58.0453 2276  Current date / time: 2013/07/26 08:48:58.0453
08:48:58.0453 2276  SystemInfo:
08:48:58.0453 2276 
08:48:58.0453 2276  OS Version: 5.1.2600 ServicePack: 3.0
08:48:58.0453 2276  Product type: Workstation
08:48:58.0468 2276  ComputerName: xxxxxx
08:48:58.0468 2276  UserName: xxxxx
08:48:58.0468 2276  Windows directory: C:\WINDOWS
08:48:58.0468 2276  System windows directory: C:\WINDOWS
08:48:58.0468 2276  Processor architecture: Intel x86
08:48:58.0468 2276  Number of processors: 2
08:48:58.0468 2276  Page size: 0x1000
08:48:58.0468 2276  Boot type: Normal boot
08:48:58.0468 2276  ============================================================
08:49:25.0593 2276  BG loaded
08:49:26.0328 2276  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:49:26.0468 2276  ============================================================
08:49:26.0468 2276  \Device\Harddisk0\DR0:
08:49:26.0468 2276  MBR partitions:
08:49:26.0468 2276  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3EC10, BlocksNum 0x4F025E5
08:49:26.0468 2276  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4F411F5, BlocksNum 0x90525CC
08:49:26.0468 2276  ============================================================
08:49:27.0109 2276  C: <-> \Device\Harddisk0\DR0\Partition1
08:49:28.0562 2276  D: <-> \Device\Harddisk0\DR0\Partition2
08:49:28.0562 2276  ============================================================
08:49:28.0562 2276  Initialize success
08:49:28.0562 2276  ============================================================
08:51:16.0875 3148  ============================================================
08:51:16.0875 3148  Scan started
08:51:16.0875 3148  Mode: Manual;
08:51:16.0875 3148  ============================================================
08:51:18.0046 3148  ================ Scan system memory ========================
08:51:18.0046 3148  System memory - ok
08:51:18.0046 3148  ================ Scan services =============================
08:51:18.0234 3148  [ 9EBE730D4B5E3FF25EAAF5A59BA6CCFF ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
08:51:18.0234 3148  !SASCORE - ok
08:51:18.0843 3148  Abiosdsk - ok
08:51:18.0921 3148  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
08:51:18.0937 3148  abp480n5 - ok
08:51:19.0109 3148  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:51:19.0234 3148  ACPI - ok
08:51:19.0281 3148  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
08:51:19.0296 3148  ACPIEC - ok
08:51:19.0375 3148  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
08:51:19.0437 3148  adpu160m - ok
08:51:19.0578 3148  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
08:51:19.0656 3148  aec - ok
08:51:19.0718 3148  [ A1AD1A4A9F18D900CA9C93FA3EFDCB56 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
08:51:19.0718 3148  AegisP - ok
08:51:19.0859 3148  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
08:51:19.0859 3148  AFD - ok
08:51:19.0921 3148  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
08:51:19.0953 3148  agp440 - ok
08:51:20.0000 3148  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
08:51:20.0031 3148  agpCPQ - ok
08:51:20.0062 3148  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
08:51:20.0078 3148  Aha154x - ok
08:51:20.0140 3148  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
08:51:20.0187 3148  aic78u2 - ok
08:51:20.0234 3148  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
08:51:20.0281 3148  aic78xx - ok
08:51:20.0343 3148  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
08:51:20.0359 3148  Alerter - ok
08:51:20.0421 3148  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
08:51:20.0453 3148  ALG - ok
08:51:20.0484 3148  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
08:51:20.0484 3148  AliIde - ok
08:51:20.0531 3148  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
08:51:20.0562 3148  alim1541 - ok
08:51:20.0593 3148  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
08:51:20.0625 3148  amdagp - ok
08:51:20.0640 3148  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
08:51:20.0656 3148  amsint - ok
08:51:20.0781 3148  [ B8D65DA679A4A8D048783EDE2691B5D4 ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
08:51:20.0781 3148  ApfiltrService - ok
08:51:20.0875 3148  [ EC94E05B76D033B74394E7B2175103CF ] APPDRV          C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
08:51:20.0875 3148  APPDRV - ok
08:51:21.0015 3148  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
08:51:21.0125 3148  AppMgmt - ok
08:51:21.0187 3148  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:51:21.0187 3148  Arp1394 - ok
08:51:21.0234 3148  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
08:51:21.0250 3148  asc - ok
08:51:21.0281 3148  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
08:51:21.0296 3148  asc3350p - ok
08:51:21.0312 3148  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
08:51:21.0328 3148  asc3550 - ok
08:51:21.0593 3148  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:51:21.0671 3148  aspnet_state - ok
08:51:21.0718 3148  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:51:21.0734 3148  AsyncMac - ok
08:51:21.0828 3148  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
08:51:21.0828 3148  atapi - ok
08:51:21.0843 3148  Atdisk - ok
08:51:21.0921 3148  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:51:21.0953 3148  Atmarpc - ok
08:51:22.0046 3148  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
08:51:22.0046 3148  AudioSrv - ok
08:51:22.0109 3148  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
08:51:22.0109 3148  audstub - ok
08:51:22.0234 3148  [ F96038AA1EC4013A93D2420FC689D1E9 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
08:51:22.0234 3148  b57w2k - ok
08:51:22.0265 3148  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
08:51:22.0265 3148  Beep - ok
08:51:22.0546 3148  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
08:51:22.0718 3148  BITS - ok
08:51:22.0812 3148  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
08:51:22.0875 3148  Browser - ok
08:51:22.0906 3148  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
08:51:22.0921 3148  cbidf - ok
08:51:22.0937 3148  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
08:51:22.0937 3148  cbidf2k - ok
08:51:22.0953 3148  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
08:51:22.0968 3148  cd20xrnt - ok
08:51:23.0187 3148  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
08:51:23.0187 3148  Cdaudio - ok
08:51:23.0265 3148  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
08:51:23.0265 3148  Cdfs - ok
08:51:23.0312 3148  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:51:23.0312 3148  Cdrom - ok
08:51:23.0312 3148  Changer - ok
08:51:23.0484 3148  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
08:51:23.0484 3148  CiSvc - ok
08:51:23.0671 3148  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
08:51:23.0750 3148  ClipSrv - ok
08:51:24.0234 3148  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:51:24.0375 3148  clr_optimization_v2.0.50727_32 - ok
08:51:24.0500 3148  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:51:24.0578 3148  clr_optimization_v4.0.30319_32 - ok
08:51:24.0609 3148  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:51:24.0609 3148  CmBatt - ok
08:51:24.0640 3148  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
08:51:24.0640 3148  CmdIde - ok
08:51:24.0656 3148  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:51:24.0656 3148  Compbatt - ok
08:51:24.0671 3148  COMSysApp - ok
08:51:24.0984 3148  [ CD58FB9264F97BBB45C4154C61D9BDDD ] cpextender      C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
08:51:24.0984 3148  cpextender - ok
08:51:25.0031 3148  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
08:51:25.0046 3148  Cpqarray - ok
08:51:25.0140 3148  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
08:51:25.0140 3148  CryptSvc - ok
08:51:25.0281 3148  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
08:51:25.0390 3148  dac2w2k - ok
08:51:25.0421 3148  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
08:51:25.0437 3148  dac960nt - ok
08:51:25.0734 3148  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
08:51:25.0750 3148  DcomLaunch - ok
08:51:25.0843 3148  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
08:51:25.0843 3148  Dhcp - ok
08:51:25.0875 3148  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
08:51:25.0906 3148  Disk - ok
08:51:25.0906 3148  dmadmin - ok
08:51:26.0453 3148  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
08:51:26.0953 3148  dmboot - ok
08:51:27.0062 3148  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
08:51:27.0156 3148  dmio - ok
08:51:27.0218 3148  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
08:51:27.0218 3148  dmload - ok
08:51:27.0296 3148  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
08:51:27.0312 3148  dmserver - ok
08:51:27.0375 3148  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
08:51:27.0406 3148  DMusic - ok
08:51:27.0484 3148  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
08:51:27.0484 3148  Dnscache - ok
08:51:27.0609 3148  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
08:51:27.0703 3148  Dot3svc - ok
08:51:27.0734 3148  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
08:51:27.0750 3148  dpti2o - ok
08:51:27.0781 3148  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
08:51:27.0781 3148  drmkaud - ok
08:51:27.0843 3148  [ B2C3F71B86E25C3DF78339DDB40A7562 ] dsNcAdpt        C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
08:51:27.0843 3148  dsNcAdpt - ok
08:51:28.0250 3148  [ 5538EED60DC1BC13E9E534D067CC0F40 ] dsNcService     C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
08:51:28.0250 3148  dsNcService - ok
08:51:28.0343 3148  [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
08:51:28.0406 3148  E100B - ok
08:51:28.0437 3148  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
08:51:28.0468 3148  EapHost - ok
08:51:28.0515 3148  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
08:51:28.0515 3148  ERSvc - ok
08:51:28.0609 3148  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
08:51:28.0625 3148  Eventlog - ok
08:51:28.0812 3148  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
08:51:28.0812 3148  EventSystem - ok
08:51:29.0218 3148  [ E71B03FF6B819AE1A286AA27E956D523 ] EvtEng          C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
08:51:29.0218 3148  EvtEng - ok
08:51:29.0328 3148  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
08:51:29.0406 3148  Fastfat - ok
08:51:29.0515 3148  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:51:29.0515 3148  FastUserSwitchingCompatibility - ok
08:51:29.0703 3148  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
08:51:29.0703 3148  Fax - ok
08:51:29.0734 3148  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
08:51:29.0750 3148  Fdc - ok
08:51:29.0812 3148  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
08:51:29.0812 3148  Fips - ok
08:51:30.0218 3148  [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:51:30.0578 3148  FLEXnet Licensing Service - ok
08:51:30.0593 3148  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:51:30.0609 3148  Flpydisk - ok
08:51:30.0687 3148  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
08:51:30.0765 3148  FltMgr - ok
08:51:30.0859 3148  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:51:30.0906 3148  FontCache3.0.0.0 - ok
08:51:30.0906 3148  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:51:30.0906 3148  Fs_Rec - ok
08:51:30.0921 3148  FTDIBUS - ok
08:51:31.0015 3148  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:51:31.0078 3148  Ftdisk - ok
08:51:31.0093 3148  FTSER2K - ok
08:51:31.0125 3148  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:51:31.0125 3148  Gpc - ok
08:51:31.0171 3148  [ 7031A936832967A93B0E5D5F1C76745A ] guardian2       C:\WINDOWS\system32\Drivers\oz776.sys
08:51:31.0171 3148  guardian2 - ok
08:51:31.0250 3148  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:51:31.0250 3148  HDAudBus - ok
08:51:31.0375 3148  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:51:31.0375 3148  helpsvc - ok
08:51:31.0437 3148  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
08:51:31.0437 3148  HidServ - ok
08:51:31.0453 3148  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:51:31.0468 3148  HidUsb - ok
08:51:31.0546 3148  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
08:51:31.0593 3148  hkmsvc - ok
08:51:31.0625 3148  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
08:51:31.0625 3148  hpn - ok
08:51:31.0796 3148  [ 7290FB97535C317A237D4C73149C7E2C ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
08:51:31.0796 3148  HSFHWAZL - ok
08:51:32.0328 3148  [ F362C0B442337DA8AB0608DFAA4CA076 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
08:51:32.0343 3148  HSF_DPV - ok
08:51:32.0531 3148  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
08:51:32.0531 3148  HTTP - ok
08:51:32.0562 3148  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
08:51:32.0578 3148  HTTPFilter - ok
08:51:32.0609 3148  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
08:51:32.0609 3148  i2omgmt - ok
08:51:32.0656 3148  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
08:51:32.0671 3148  i2omp - ok
08:51:32.0703 3148  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:51:32.0703 3148  i8042prt - ok
08:51:32.0859 3148  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
08:51:32.0906 3148  IDriverT - ok
08:51:33.0468 3148  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:51:33.0968 3148  idsvc - ok
08:51:33.0984 3148  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
08:51:33.0984 3148  Imapi - ok
08:51:34.0125 3148  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
08:51:34.0125 3148  ImapiService - ok
08:51:34.0156 3148  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
08:51:34.0171 3148  ini910u - ok
08:51:34.0171 3148  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
08:51:34.0187 3148  IntelIde - ok
08:51:34.0203 3148  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:51:34.0203 3148  intelppm - ok
08:51:34.0234 3148  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
08:51:34.0250 3148  Ip6Fw - ok
08:51:34.0312 3148  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:51:34.0328 3148  IpFilterDriver - ok
08:51:34.0359 3148  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:51:34.0359 3148  IpInIp - ok
08:51:34.0484 3148  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:51:34.0562 3148  IpNat - ok
08:51:34.0625 3148  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:51:34.0625 3148  IPSec - ok
08:51:34.0640 3148  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
08:51:34.0656 3148  IRENUM - ok
08:51:34.0718 3148  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:51:34.0734 3148  isapnp - ok
08:51:34.0765 3148  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:51:34.0765 3148  Kbdclass - ok
08:51:34.0781 3148  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:51:34.0781 3148  kbdhid - ok
08:51:34.0890 3148  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
08:51:34.0984 3148  kmixer - ok
08:51:35.0046 3148  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
08:51:35.0109 3148  KSecDD - ok
08:51:35.0203 3148  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
08:51:35.0203 3148  lanmanserver - ok
08:51:35.0328 3148  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:51:35.0328 3148  lanmanworkstation - ok
08:51:35.0328 3148  lbrtfdc - ok
08:51:35.0359 3148  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
08:51:35.0359 3148  LmHosts - ok
08:51:35.0484 3148  [ 61A075EEE96E6B6CA54C1DC22CA9BF86 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
08:51:35.0484 3148  McAfeeFramework - ok
08:51:35.0593 3148  [ B74CEBEF7F2126F68CDC060C855E5AAB ] McShield        C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
08:51:35.0593 3148  McShield - ok
08:51:35.0625 3148  [ A7AF906D9F480A5B60F70C499B91A983 ] McTaskManager   C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
08:51:35.0625 3148  McTaskManager - ok
08:51:35.0640 3148  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:51:35.0640 3148  mdmxsdk - ok
08:51:35.0703 3148  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
08:51:35.0718 3148  Messenger - ok
08:51:35.0781 3148  [ B5C306C5B5E7417B9D2B410894678069 ] mfeapfk         C:\WINDOWS\system32\drivers\mfeapfk.sys
08:51:35.0781 3148  mfeapfk - ok
08:51:35.0828 3148  [ 87B28198B308AF3469D6E0B81D86C1FA ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
08:51:35.0843 3148  mfeavfk - ok
08:51:35.0859 3148  [ CF37784DD24C83F62626BC0EA3F5E386 ] mfebopk         C:\WINDOWS\system32\drivers\mfebopk.sys
08:51:35.0859 3148  mfebopk - ok
08:51:35.0984 3148  [ 241C09C7D8C589EA1D72A36E6578E42C ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
08:51:35.0984 3148  mfehidk - ok
08:51:36.0015 3148  [ 37B5228BEA6B4429FFB90DFA77AF4431 ] mferkdk         C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
08:51:36.0015 3148  mferkdk - ok
08:51:36.0046 3148  [ 19C2D8AF421E96D12E4004CA2162DBE9 ] mfetdik         C:\WINDOWS\system32\drivers\mfetdik.sys
08:51:36.0046 3148  mfetdik - ok
08:51:36.0125 3148  [ 4F169F43F932739F093AE4E659FFF26A ] MHIKEY10        C:\WINDOWS\system32\Drivers\MHIKEY10.sys
08:51:36.0156 3148  MHIKEY10 - ok
08:51:36.0234 3148  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
08:51:36.0234 3148  mnmdd - ok
08:51:36.0296 3148  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
08:51:36.0312 3148  mnmsrvc - ok
08:51:36.0375 3148  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
08:51:36.0375 3148  Modem - ok
08:51:36.0390 3148  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:51:36.0390 3148  Mouclass - ok
08:51:36.0437 3148  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:51:36.0453 3148  mouhid - ok
08:51:36.0500 3148  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
08:51:36.0531 3148  MountMgr - ok
08:51:36.0578 3148  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
08:51:36.0578 3148  mraid35x - ok
08:51:36.0734 3148  [ E3F17E1EA5256709D4E97EF0DA04B3C9 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:51:36.0734 3148  MRxDAV - ok
08:51:37.0031 3148  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:51:37.0031 3148  MRxSmb - ok
08:51:37.0062 3148  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
08:51:37.0062 3148  MSDTC - ok
08:51:37.0078 3148  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
08:51:37.0078 3148  Msfs - ok
08:51:37.0093 3148  MSIServer - ok
08:51:37.0109 3148  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:51:37.0109 3148  MSKSSRV - ok
08:51:37.0125 3148  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:51:37.0125 3148  MSPCLOCK - ok
08:51:37.0140 3148  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
08:51:37.0156 3148  MSPQM - ok
08:51:37.0156 3148  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:51:37.0156 3148  mssmbios - ok
08:51:37.0250 3148  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
08:51:37.0312 3148  Mup - ok
08:51:37.0500 3148  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
08:51:37.0671 3148  napagent - ok
08:51:37.0765 3148  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
08:51:37.0875 3148  NDIS - ok
08:51:37.0921 3148  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:51:37.0921 3148  NdisTapi - ok
08:51:37.0937 3148  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:51:37.0937 3148  Ndisuio - ok
08:51:38.0000 3148  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:51:38.0000 3148  NdisWan - ok
08:51:38.0078 3148  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
08:51:38.0093 3148  NDProxy - ok
08:51:38.0109 3148  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
08:51:38.0109 3148  NetBIOS - ok
08:51:38.0203 3148  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
08:51:38.0203 3148  NetBT - ok
08:51:38.0312 3148  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
08:51:38.0359 3148  NetDDE - ok
08:51:38.0421 3148  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
08:51:38.0437 3148  NetDDEdsdm - ok
08:51:38.0468 3148  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
08:51:38.0468 3148  Netlogon - ok
08:51:38.0593 3148  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
08:51:38.0593 3148  Netman - ok
08:51:38.0703 3148  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:51:38.0765 3148  NetTcpPortSharing - ok
08:51:40.0046 3148  [ B5AB1108B377B5F3D37409FABDA01453 ] NETw4x32        C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
08:51:40.0062 3148  NETw4x32 - ok
08:51:40.0109 3148  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:51:40.0109 3148  NIC1394 - ok
08:51:40.0484 3148  [ 27D38B7D646283D98D65E3435B1E6197 ] NICCONFIGSVC    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
08:51:40.0484 3148  NICCONFIGSVC - ok
08:51:40.0484 3148  nipalusb - ok
08:51:40.0671 3148  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
08:51:40.0671 3148  Nla - ok
08:51:40.0671 3148  Nmea - ok
08:51:40.0687 3148  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
08:51:40.0687 3148  Npfs - ok
08:51:41.0015 3148  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
08:51:41.0328 3148  Ntfs - ok
08:51:41.0343 3148  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
08:51:41.0343 3148  NtLmSsp - ok
08:51:41.0609 3148  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
08:51:41.0843 3148  NtmsSvc - ok
08:51:41.0890 3148  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
08:51:41.0890 3148  Null - ok
08:51:46.0203 3148  [ 8129D762CC3E3C5AB9CF2EABC377FB73 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:51:46.0250 3148  nv - ok
08:51:46.0390 3148  [ 7EE6243758619A391491148EABF0E7B7 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
08:51:46.0390 3148  NVSvc - ok
08:51:46.0546 3148  [ 93213C7EC08E01E37A935BF144E75DF6 ] NWADI           C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
08:51:46.0546 3148  NWADI - ok
08:51:46.0578 3148  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:51:46.0593 3148  NwlnkFlt - ok
08:51:46.0609 3148  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:51:46.0625 3148  NwlnkFwd - ok
08:51:46.0781 3148  [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBModem      C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
08:51:46.0906 3148  NWUSBModem - ok
08:51:47.0062 3148  [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBPort       C:\WINDOWS\system32\DRIVERS\nwusbser.sys
08:51:47.0171 3148  NWUSBPort - ok
08:51:47.0296 3148  [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBPort2      C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
08:51:47.0421 3148  NWUSBPort2 - ok
08:51:47.0859 3148  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:51:48.0109 3148  odserv - ok
08:51:48.0171 3148  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:51:48.0203 3148  ohci1394 - ok
08:51:48.0343 3148  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:51:48.0421 3148  ose - ok
08:51:48.0500 3148  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
08:51:48.0546 3148  Parport - ok
08:51:48.0578 3148  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
08:51:48.0593 3148  PartMgr - ok
08:51:48.0625 3148  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
08:51:48.0625 3148  ParVdm - ok
08:51:48.0625 3148  PCASp50 - ok
08:51:48.0671 3148  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
08:51:48.0703 3148  PCI - ok
08:51:48.0703 3148  PCIDump - ok
08:51:48.0718 3148  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
08:51:48.0734 3148  PCIIde - ok
08:51:48.0796 3148  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
08:51:48.0875 3148  Pcmcia - ok
08:51:48.0875 3148  PCTINDIS5 - ok
08:51:48.0875 3148  PDCOMP - ok
08:51:48.0875 3148  PDFRAME - ok
08:51:48.0890 3148  PDRELI - ok
08:51:48.0890 3148  PDRFRAME - ok
08:51:48.0953 3148  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
08:51:48.0968 3148  perc2 - ok
08:51:48.0984 3148  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
08:51:48.0984 3148  perc2hib - ok
08:51:49.0093 3148  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
08:51:49.0093 3148  PlugPlay - ok
08:51:49.0109 3148  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
08:51:49.0109 3148  PolicyAgent - ok
08:51:49.0156 3148  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:51:49.0156 3148  PptpMiniport - ok
08:51:49.0171 3148  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:51:49.0171 3148  ProtectedStorage - ok
08:51:49.0218 3148  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
08:51:49.0218 3148  PSched - ok
08:51:49.0234 3148  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:51:49.0234 3148  Ptilink - ok
08:51:49.0265 3148  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
08:51:49.0281 3148  ql1080 - ok
08:51:49.0312 3148  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
08:51:49.0328 3148  Ql10wnt - ok
08:51:49.0406 3148  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
08:51:49.0421 3148  ql12160 - ok
08:51:49.0453 3148  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
08:51:49.0484 3148  ql1240 - ok
08:51:49.0531 3148  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
08:51:49.0546 3148  ql1280 - ok
08:51:49.0578 3148  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:51:49.0578 3148  RasAcd - ok
08:51:49.0656 3148  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
08:51:49.0703 3148  RasAuto - ok
08:51:49.0734 3148  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:51:49.0734 3148  Rasl2tp - ok
08:51:49.0890 3148  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
08:51:49.0890 3148  RasMan - ok
08:51:49.0921 3148  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:51:49.0921 3148  RasPppoe - ok
08:51:49.0937 3148  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
08:51:49.0937 3148  Raspti - ok
08:51:50.0031 3148  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:51:50.0031 3148  Rdbss - ok
08:51:50.0046 3148  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:51:50.0046 3148  RDPCDD - ok
08:51:50.0156 3148  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:51:50.0156 3148  rdpdr - ok
08:51:50.0281 3148  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
08:51:50.0281 3148  RDPWD - ok
08:51:50.0406 3148  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
08:51:50.0484 3148  RDSessMgr - ok
08:51:50.0515 3148  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
08:51:50.0515 3148  redbook - ok
08:51:50.0734 3148  [ 2CF574D0965F58E514A2DC94114D7ECA ] RegSrvc         C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
08:51:50.0734 3148  RegSrvc - ok
08:51:50.0781 3148  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
08:51:50.0812 3148  RemoteAccess - ok
08:51:50.0875 3148  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
08:51:50.0875 3148  RemoteRegistry - ok
08:51:50.0953 3148  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
08:51:51.0000 3148  RpcLocator - ok
08:51:51.0078 3148  [ 675C575444AAFD56B4E8A99EF8A570CD ] Rpcnet          C:\WINDOWS\system32\rpcnet.exe
08:51:51.0078 3148  Rpcnet - ok
08:51:51.0312 3148  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
08:51:51.0312 3148  RpcSs - ok
08:51:51.0437 3148  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
08:51:51.0515 3148  RSVP - ok
08:51:52.0093 3148  [ 874173EDBD4F2FE711F245855A2FFA23 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
08:51:52.0109 3148  S24EventMonitor - ok
08:51:52.0125 3148  [ EADFB87F911A7A75D1B80617F92901E8 ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
08:51:52.0140 3148  s24trans - ok
08:51:52.0187 3148  SABProcEnum - ok
08:51:52.0203 3148  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
08:51:52.0203 3148  SamSs - ok
08:51:52.0218 3148  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:51:52.0218 3148  SASDIFSV - ok
08:51:52.0281 3148  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:51:52.0281 3148  SASKUTIL - ok
08:51:52.0359 3148  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
08:51:52.0359 3148  SCardSvr - ok
08:51:52.0468 3148  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
08:51:52.0484 3148  Schedule - ok
08:51:52.0546 3148  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:51:52.0562 3148  Secdrv - ok
08:51:52.0609 3148  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
08:51:52.0609 3148  seclogon - ok
08:51:52.0640 3148  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
08:51:52.0640 3148  SENS - ok
08:51:52.0687 3148  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
08:51:52.0687 3148  serenum - ok
08:51:52.0718 3148  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
08:51:52.0718 3148  Serial - ok
08:51:52.0781 3148  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
08:51:52.0781 3148  Sfloppy - ok
08:51:52.0890 3148  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:51:52.0890 3148  ShellHWDetection - ok
08:51:52.0890 3148  Simbad - ok
08:51:52.0937 3148  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
08:51:52.0968 3148  sisagp - ok
08:51:53.0015 3148  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
08:51:53.0031 3148  Sparrow - ok
08:51:53.0093 3148  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
08:51:53.0109 3148  splitter - ok
08:51:53.0140 3148  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
08:51:53.0140 3148  Spooler - ok
08:51:53.0234 3148  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
08:51:53.0281 3148  sr - ok
08:51:53.0375 3148  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
08:51:53.0375 3148  srservice - ok
08:51:53.0593 3148  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
08:51:53.0593 3148  Srv - ok
08:51:53.0671 3148  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
08:51:53.0671 3148  SSDPSRV - ok
08:51:53.0781 3148  [ 6F855B5625A47F3AC731A262FDC379A6 ] STacSV          C:\WINDOWS\system32\StacSV.exe
08:51:53.0781 3148  STacSV - ok
08:51:54.0500 3148  [ 951801DFB54D86F611F0AF47825476F9 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
08:51:54.0515 3148  STHDA - ok
08:51:54.0562 3148  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
08:51:54.0562 3148  StillCam - ok
08:51:54.0796 3148  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
08:51:54.0796 3148  stisvc - ok
08:51:54.0828 3148  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
08:51:54.0828 3148  swenum - ok
08:51:54.0890 3148  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
08:51:54.0921 3148  swmidi - ok
08:51:54.0921 3148  SwPrv - ok
08:51:54.0968 3148  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
08:51:54.0968 3148  symc810 - ok
08:51:55.0000 3148  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
08:51:55.0015 3148  symc8xx - ok
08:51:55.0046 3148  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
08:51:55.0062 3148  sym_hi - ok
08:51:55.0078 3148  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
08:51:55.0093 3148  sym_u3 - ok
08:51:55.0171 3148  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
08:51:55.0203 3148  sysaudio - ok
08:51:55.0296 3148  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
08:51:55.0343 3148  SysmonLog - ok
08:51:55.0500 3148  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
08:51:55.0515 3148  TapiSrv - ok
08:51:55.0750 3148  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:51:55.0750 3148  Tcpip - ok
08:51:55.0796 3148  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
08:51:55.0796 3148  TDPIPE - ok
08:51:55.0859 3148  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
08:51:55.0859 3148  TDTCP - ok
08:51:55.0890 3148  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
08:51:55.0890 3148  TermDD - ok
08:51:56.0062 3148  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
08:51:56.0062 3148  TermService - ok
08:51:56.0062 3148  TetaSCDevice - ok
08:51:56.0140 3148  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
08:51:56.0140 3148  Themes - ok
08:51:56.0234 3148  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
08:51:56.0265 3148  TlntSvr - ok
08:51:56.0281 3148  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
08:51:56.0281 3148  TosIde - ok
08:51:56.0296 3148  tosporte - ok
08:51:56.0296 3148  tosrfbd - ok
08:51:56.0296 3148  tosrfbnp - ok
08:51:56.0312 3148  Tosrfcom - ok
08:51:56.0312 3148  Tosrfhid - ok
08:51:56.0328 3148  tosrfnds - ok
08:51:56.0328 3148  Tosrfusb - ok
08:51:56.0406 3148  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
08:51:56.0421 3148  TrkWks - ok
08:51:56.0484 3148  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
08:51:56.0515 3148  Udfs - ok
08:51:56.0562 3148  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
08:51:56.0578 3148  ultra - ok
08:51:56.0859 3148  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
08:51:56.0859 3148  Update - ok
08:51:56.0984 3148  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
08:51:57.0078 3148  upnphost - ok
08:51:57.0125 3148  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
08:51:57.0125 3148  UPS - ok
08:51:57.0171 3148  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:51:57.0187 3148  usbccgp - ok
08:51:57.0234 3148  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:51:57.0234 3148  usbehci - ok
08:51:57.0265 3148  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:51:57.0281 3148  usbhub - ok
08:51:57.0312 3148  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:51:57.0328 3148  usbohci - ok
08:51:57.0390 3148  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:51:57.0390 3148  usbscan - ok
08:51:57.0453 3148  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:51:57.0468 3148  USBSTOR - ok
08:51:57.0515 3148  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:51:57.0515 3148  usbuhci - ok
08:51:57.0546 3148  [ AAE4EBBDA3E42885663A34C4A35B0C53 ] VDWINIO         C:\WINDOWS\system32\Drivers\VdWinIo.sys
08:51:57.0546 3148  VDWINIO - ok
08:51:57.0578 3148  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
08:51:57.0578 3148  VgaSave - ok
08:51:57.0640 3148  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
08:51:57.0656 3148  viaagp - ok
08:51:57.0687 3148  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
08:51:57.0687 3148  ViaIde - ok
08:51:57.0812 3148  [ 48007916B1D0DAB3E6C0D701DE7C4AFB ] VNA             C:\WINDOWS\system32\DRIVERS\vna.sys
08:51:57.0828 3148  VNA - ok
08:51:57.0906 3148  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
08:51:57.0937 3148  VolSnap - ok
08:51:58.0140 3148  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
08:51:58.0437 3148  VSS - ok
08:51:58.0703 3148  [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time         C:\WINDOWS\system32\w32time.dll
08:51:58.0703 3148  w32time - ok
08:51:58.0750 3148  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:51:58.0750 3148  Wanarp - ok
08:51:58.0750 3148  WaveFDE - ok
08:51:58.0750 3148  WDICA - ok
08:51:58.0984 3148  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
08:51:59.0109 3148  wdmaud - ok
08:51:59.0218 3148  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
08:51:59.0218 3148  WebClient - ok
08:51:59.0781 3148  [ 92CE6497076EAC3083185C44157B3A46 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
08:51:59.0781 3148  winachsf - ok
08:51:59.0984 3148  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
08:51:59.0984 3148  winmgmt - ok
08:52:00.0687 3148  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
08:52:01.0406 3148  WinRM - ok
08:52:01.0656 3148  [ 4307641CA3389A210295FDFFD2A73DEE ] WLANKEEPER      C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
08:52:01.0656 3148  WLANKEEPER - ok
08:52:02.0687 3148  [ D9250B31B353EE3322C1CAD411997E38 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:52:02.0703 3148  wlidsvc - ok
08:52:02.0781 3148  [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
08:52:02.0796 3148  WmdmPmSN - ok
08:52:03.0203 3148  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
08:52:03.0218 3148  Wmi - ok
08:52:03.0234 3148  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:52:03.0234 3148  WmiAcpi - ok
08:52:03.0328 3148  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:52:03.0390 3148  WmiApSrv - ok
08:52:04.0015 3148  [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
08:52:04.0546 3148  WMPNetworkSvc - ok
08:52:05.0187 3148  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:52:05.0687 3148  WPFFontCache_v0400 - ok
08:52:05.0687 3148  WSearch - ok
08:52:05.0765 3148  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
08:52:05.0765 3148  wuauserv - ok
08:52:05.0875 3148  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:52:05.0937 3148  WudfPf - ok
08:52:06.0046 3148  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:52:06.0093 3148  WudfRd - ok
08:52:06.0171 3148  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
08:52:06.0203 3148  WudfSvc - ok
08:52:06.0578 3148  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
08:52:06.0578 3148  WZCSVC - ok
08:52:06.0703 3148  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
08:52:06.0781 3148  xmlprov - ok
08:52:06.0921 3148  etadpug - ok
08:52:06.0921 3148  ================ Scan global ===============================
08:52:06.0984 3148  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:52:07.0218 3148  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
08:52:07.0406 3148  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
08:52:07.0500 3148  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:52:07.0500 3148  [Global] - ok
08:52:07.0500 3148  ================ Scan MBR ==================================
08:52:07.0546 3148  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
08:52:08.0031 3148  \Device\Harddisk0\DR0 - ok
08:52:08.0031 3148  ================ Scan VBR ==================================
08:52:08.0046 3148  [ 3E5B5FF5FEF19BC3A1AC64875277B2A6 ] \Device\Harddisk0\DR0\Partition1
08:52:08.0046 3148  \Device\Harddisk0\DR0\Partition1 - ok
08:52:08.0078 3148  [ 66E5F9822D7992D657AE5CFF79EE45A6 ] \Device\Harddisk0\DR0\Partition2
08:52:08.0078 3148  \Device\Harddisk0\DR0\Partition2 - ok
08:52:08.0078 3148  ============================================================
08:52:08.0078 3148  Scan finished
08:52:08.0078 3148  ============================================================
08:52:08.0093 2792  Detected object count: 0
08:52:08.0093 2792  Actual detected object count: 0
08:54:05.0984 2364  Deinitialize succes

 

 

 



#10 randomnumber

randomnumber
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 PM

Posted 26 July 2013 - 02:21 PM

after posting, it was "fixed"

 

the reply box for posting replies displays wrong text and keystrokes in edit mode



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 27 July 2013 - 07:59 AM

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 randomnumber

randomnumber
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 PM

Posted 28 July 2013 - 01:20 PM

error at the end

could not save runreg00, file or disk error

 

 

 

ComboFix 13-07-27.01 - xxxx 07/28/2013  12:53:21.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3582.2939 [GMT -5:00]
Running from: c:\documents and settings\xxxx\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\3002.abs
c:\documents and settings\All Users\Application Data\3002.xml
c:\documents and settings\xxxx\WINDOWS
c:\windows\system32\SET11D0.tmp
c:\windows\system32\SET6FC.tmp
c:\windows\system32\SET972.tmp
c:\windows\system32\SETA96.tmp
c:\windows\system32\SETB14.tmp
c:\windows\system32\SETB1C.tmp
c:\windows\system32\SETB24.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETD1.tmp
c:\windows\system32\SETDF.tmp
c:\windows\system32\test
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-28 to 2013-07-28  )))))))))))))))))))))))))))))))
.
.
2013-07-28 17:12 . 2013-07-28 17:12 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-07-28 17:12 . 2013-07-28 17:12 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2013-07-28 17:12 . 2013-07-28 17:12 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2013-07-28 17:12 . 2013-07-28 17:12 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2013-07-28 17:12 . 2013-07-28 17:12 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2013-07-28 17:12 . 2013-07-28 17:12 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2013-07-28 17:12 . 2013-07-28 17:12 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2013-07-28 17:12 . 2013-07-28 17:12 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2013-07-28 17:12 . 2013-07-28 17:12 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2013-07-28 17:12 . 2013-07-28 17:12 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2013-07-28 17:12 . 2013-07-28 17:12 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2013-07-28 17:12 . 2013-07-28 17:12 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2013-07-28 17:11 . 2013-07-28 17:11 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2013-07-28 17:11 . 2013-07-28 17:11 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2013-07-28 17:10 . 2013-07-28 17:11 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-07-28 17:10 . 2013-07-28 17:10 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-07-28 17:10 . 2013-07-28 17:10 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-07-26 13:37 . 2013-07-26 13:37 -------- d-----w- C:\TDSSKiller_Quarantine
2013-07-23 19:39 . 2013-07-23 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2013-07-21 21:09 . 2013-07-21 21:09 -------- d-----w- c:\windows\system32\MRT
2013-07-20 16:38 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-07-20 16:38 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
2013-07-20 12:39 . 2013-07-26 14:47 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-07-19 21:55 . 2013-07-19 21:55 -------- d-----w- c:\documents and settings\xxxx\Application Data\Malwarebytes
2013-07-19 21:55 . 2013-07-19 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-07-19 21:55 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-19 21:55 . 2013-07-19 21:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-19 19:45 . 2013-07-23 16:54 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-07-19 19:32 . 2013-07-19 22:36 -------- d-----w- c:\program files\CCleaner
2013-07-19 18:57 . 2013-07-19 18:57 -------- d-----w- c:\documents and settings\xxxx\Application Data\SUPERAntiSpyware.com
2013-07-19 18:56 . 2013-07-19 18:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-07-19 18:56 . 2013-07-19 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-07-02 15:54 . 2013-07-02 15:54 -------- d-----w- c:\documents and settings\dchaby
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-28 17:07 . 2008-12-30 19:36 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2013-07-28 17:07 . 2008-12-04 04:54 69792 ----a-w- c:\windows\system32\rpcnet.dll
2013-07-19 19:51 . 2008-12-30 19:37 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2013-07-18 23:46 . 2006-12-02 00:37 69792 ------w- c:\windows\system32\rpcnet.exe
2013-06-08 04:55 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-11 23:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-11 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-11 23:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-11 23:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 14:32 . 2013-05-15 14:32 9456 ----a-w- c:\windows\system32\sabprocenum.sys
2013-05-10 16:39 . 2013-02-14 20:18 39936 ----a-w- c:\windows\system32\identprv.dll
2013-05-09 05:28 . 2006-10-19 03:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-03 01:30 . 2004-08-11 23:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-04 04:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 4760816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2008-08-04 136512]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk /p \??\c:\0autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2008-02-22 18:43 1245184 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 10:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2007-05-31 21:50 67584 ----a-w- c:\windows\system32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-12-05 23:24 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\stsystra.exe
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R1 VDWINIO;VDWINIO;c:\windows\system32\drivers\VdWinIo.sys [4/2/2011 12:19 PM 7168]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [5/23/2013 3:11 PM 119056]
R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [10/18/2011 7:24 PM 355496]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [8/7/2007 3:42 PM 129304]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2/10/2011 4:34 AM 51968]
S3 nipalusb;NI-PAL USB Driver;c:\windows\system32\DRIVERS\nipalusb.sys --> c:\windows\system32\DRIVERS\nipalusb.sys [?]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/15/2010 2:38 PM 174720]
S3 TetaSCDevice;TetaSCDevice;\??\c:\windows\system32\tetascop.SYS --> c:\windows\system32\tetascop.SYS [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-28 c:\windows\Tasks\User_Feed_Synchronization-{83BFE52C-1040-48FA-8026-5DF6CE38485F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://sslvpn.swri.org/CSHELL/extender.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Google Update - (no file)
SafeBoot-39477616.sys
MSConfigStartUp-RDVCHG - c:\program files\Sprint\Sprint SmartView\RDVCHG.exe
MSConfigStartUp-Sprint SmartView - c:\program files\Sprint\Sprint SmartView\SprintSV.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-JNLP - c:\windows\system32\javaws.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-28 13:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
Binary file temp00 matches
.
Completion time: 2013-07-28  13:08:47
ComboFix-quarantined-files.txt  2013-07-28 18:08
.
Pre-Run: 14,815,789,056 bytes free
Post-Run: 15,128,608,768 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0F900DCFEF782180ECDE3E080010EC1D
8F558EB6672622401DA993E1E865C861
 



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 29 July 2013 - 01:19 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 randomnumber

randomnumber
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 PM

Posted 29 July 2013 - 01:45 PM

malware results below, eset will follow (they are long scans)

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.29.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
xxxx :: xxxx [administrator]

7/29/2013 9:52:40 AM
mbam-log-2013-07-29 (09-52-40).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 385008
Time elapsed: 2 hour(s), 56 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#15 randomnumber

randomnumber
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 PM

Posted 29 July 2013 - 10:17 PM

eset log

 

C:\WINDOWS\$NtServicePackUninstall$\autochk.exe a variant of Win32/CompuTrace.C application
 

 

 

 

when i boot, i get the following message (it says it twice)

 

 autochk program not found - skipping autocheck
 autochk program not found - skipping autocheck

 

thanks






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users