Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Infected Win32 carber fn, and Alureon

This is a discussion on Infected Win32 carber fn, and Alureon within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Good afternoon, I ran a DDS scan and it stated it was running silent in the background and would produce


Closed Thread
 
Thread Tools Search this Thread
Old 01-06-2013, 11:39 AM   #1
Registered Member
 
Join Date: Nov 2011
Location: Philadelphia
Posts: 166
OS: windows xp sp3



Good afternoon, I ran a DDS scan and it stated it was running silent in the background and would produce 2 logs, but did not and computer froze up.
Avast found File Boot F:infected by MBR :Alureon-K [RTK]
and File C :\Hiberfil.sys infected by WIN 32 Carberp- ??????
Thank you
Johnny Pollock is offline  
Sponsored Links
Advertisement
 
Old 01-07-2013, 06:47 AM   #2
Registered Member
 
Join Date: Nov 2011
Location: Philadelphia
Posts: 166
OS: windows xp sp3



Do not mean to be a pain, I know you are busy.
I am waiting for the next step, beings DDS scan has not been working after trying a few times.
Thanking you in advance,
John
Johnny Pollock is offline  
Old 01-08-2013, 06:31 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Delete your existing copy of dds.scr from your desktop.

Please download dds+.exe and save it to your desktop.
  • Double-click dds+.exe
  • Expand(click [+]) the options for dds.txt option then uncheck check MBR
  • Click Start
  • When finished, it will produce a DDS.txt log and an Attach.txt log and also save them to your desktop.
  • Please copy/paste the contents of DDS.txt in your next reply.
  • Please attach the Attach.txt log to your next reply.
------------------------------------------------------

Please continue with the rest of the instructions in the First Steps link and attach the gmer log to your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 01-09-2013, 03:58 AM   #4
Registered Member
 
Join Date: Nov 2011
Location: Philadelphia
Posts: 166
OS: windows xp sp3



Chemist, See DDS and Attach logs
Thank you

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.10.2
Run by John at 6:51:51 on 2013-01-09
#Option MBR scan is disabled.
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1546 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\John\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uProxyOverride = <local>
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*Yahoo!
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\john\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\john\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - XFINITY by Comcast -- Official Customer Site | Email | Watch TV Online
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - XFINITY Chat
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - https://online.comcast.net/help/
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344701914421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/CallAssistant/MyAccount/UnProtected/Voice%20Mail/VCAVMUtil.CAB
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{BDA81272-8183-45BF-A0E5-9A29DE4AD0F1} : DHCPNameServer = 192.168.1.1 71.242.0.12
Notify: igfxcui - igfxsrvc.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\john\application data\mozilla\firefox\profiles\zc0v4qxx.default-1357083706450\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - ExtSQL: 2013-01-03 19:01; [email protected]; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: !HIDDEN! 2011-12-30 18:09; [email protected]; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-3 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-1-3 361032]
R1 NEOFLTR_710_19235;Juniper Networks TDI Filter Driver (NEOFLTR_710_19235);c:\windows\system32\drivers\NEOFLTR_710_19235.SYS [2012-10-18 85064]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-1-3 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-1-3 44808]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-12-28 11520]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys --> c:\windows\system32\drivers\avgidsdriverx.sys [?]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz134;cpuz134;\??\c:\docume~1\john\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\john\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1"
ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"
.
=============== Created Last 30 ================
.
2013-01-04 00:01:04 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-03 23:59:23 41224 ----a-w- c:\windows\avastSS.scr
2013-01-03 23:58:36 -------- d-----w- c:\program files\AVAST Software
2013-01-03 23:58:36 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-12-28 23:57:11 -------- d-----w- c:\documents and settings\john\local settings\application data\Western_Digital
2012-12-28 23:54:01 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2012-12-28 23:53:52 -------- d-----w- c:\program files\Western Digital
2012-12-28 23:51:04 -------- d-----w- c:\documents and settings\john\local settings\application data\Western Digital
2012-12-27 13:15:58 -------- d-----w- C:\_OTL
2012-12-27 01:56:35 -------- d-----w- c:\program files\Dropbox
2012-12-24 16:48:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-24 16:48:22 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-19 18:24:42 -------- d-----w- c:\documents and settings\john\local settings\application data\PCHealth
2012-12-17 21:37:02 -------- d-----w- C:\MATS
.
==================== Find3M ====================
.
2012-12-24 16:48:01 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-19 19:24:48 13504 ----a-w- C:\FixitRegBackup.reg
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-14 13:51:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-14 13:51:29 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-28 15:35:43 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 6:52:54.10 ===============
Attached Files
File Type: txt attach.txt (25.7 KB, 61 views)
File Type: txt dds.txt (12.1 KB, 55 views)
Johnny Pollock is offline  
Old 01-09-2013, 04:43 AM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Johnny Pollock. You're welcome. I need to see the gmer log in order to help you.

Download GMER Rootkit Scanner from here and Save it to your Desktop.
  • Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
  • First, gmer will run a short, initial scan.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in ark.txt or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it to your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-09-2013, 05:37 AM   #6
Registered Member
 
Join Date: Nov 2011
Location: Philadelphia
Posts: 166
OS: windows xp sp3


Chemist, I am running GMER now when log is finished. I will post.

How long does the scan take? It seems like it has been running for about 30 minutes now
Johnny Pollock is offline  
Old 01-09-2013, 06:37 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



It depends on the number of files you have. Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-09-2013, 12:01 PM   #8
Registered Member
 
Join Date: Nov 2011
Location: Philadelphia
Posts: 166
OS: windows xp sp3



Chemist, see ARK.TXT log, sorry for the wait
Attached Files
File Type: txt ark.txt (35.7 KB, 61 views)
Johnny Pollock is offline  
Old 01-09-2013, 12:09 PM   #9
Registered Member
 
Join Date: Nov 2011
Location: Philadelphia
Posts: 166
OS: windows xp sp3



Chemist, FYI if by chance Microsoft Security Essentials is found on one of these logs, I uninstalled it, and in the TSF Forum I believe no one found it active on my PC. I am only using Avast and Malwarebytes
Johnny Pollock is offline  
Old 01-09-2013, 12:32 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Johnny Pollock.

Please download aswMBR.exe to your desktop.
  • Double-click aswMBR.exe to run it.
  • When prompted to download the latest Avast! virus definitions, please choose Yes
  • Click the Scan button to start scan.
  • Wait until it says, 'Scan finished successfully'. ( Note - do not select any Fix at this time)
  • Click Save log, and save it to your desktop.
  • Click Exit.
  • Please post the contents of that log, aswMBR.txt, in your next reply.
------------------------------------------------------

When you run this tool, remember to choose 'Skip' not 'Cure' if it finds something. We just want a scan, not a fix.

Download tdsskiller.exe and Save it to your Desktop.

Double-click tdsskiller.exe and click 'Run'

Click 'Start scan'.

If no infection is found, click 'Close' and let me know.

If an infection is found, select 'Skip' from the dropdown menu under 'Cure' then click 'Continue' > 'Close' > 'Close'.

It will produce a log here > C:\TDSSKiller.2.8.15.0_date_time_log.txt

Please navigate to the file, double-click to open it, and copy/paste the contents in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-09-2013, 06:19 PM   #11
Registered Member
 
Join Date: Nov 2011
Location: Philadelphia
Posts: 166
OS: windows xp sp3



Chemist, see aswMBR.txt log
Thank you

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-09 20:38:19
-----------------------------
20:38:19.328 OS Version: Windows 5.1.2600 Service Pack 3
20:38:19.328 Number of processors: 1 586 0x209
20:38:19.328 ComputerName: ANDREWS UserName: John
20:38:20.765 Initialize success
20:38:21.000 AVAST engine defs: 12121700
20:39:34.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:39:34.468 Disk 0 Vendor: ST380011A 3.16 Size: 76293MB BusType: 3
20:39:34.515 Disk 0 MBR read successfully
20:39:34.515 Disk 0 MBR scan
20:39:34.515 Disk 0 Windows XP default MBR code
20:39:34.546 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
20:39:34.562 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76245 MB offset 80325
20:39:34.593 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15 MB offset 156232125
20:39:34.593 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]
20:39:34.609 Disk 0 MBR [SST] **ROOTKIT**
20:39:34.609 Disk 0 trace - called modules:
20:39:34.640 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:39:34.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7afab8]
20:39:34.656 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7ded98]
20:39:35.093 AVAST engine scan C:\WINDOWS
20:39:53.765 File: C:\WINDOWS\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
20:40:07.109 AVAST engine scan C:\WINDOWS\system32
20:46:25.671 AVAST engine scan C:\WINDOWS\system32\drivers
20:47:11.125 AVAST engine scan C:\Documents and Settings\John
20:56:35.609 AVAST engine scan C:\Documents and Settings\All Users
20:57:45.890 Scan finished successfully
21:14:11.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\John\Desktop\MBR.dat"
21:14:11.656 The log file has been saved successfully to "C:\Documents and Settings\John\Desktop\aswMBR.txt"
Attached Files
File Type: txt aswMBR.txt (2.0 KB, 56 views)
Johnny Pollock is offline  
Old 01-09-2013, 06:27 PM   #12
Registered Member
 
Join Date: Nov 2011
Location: Philadelphia
Posts: 166
OS: windows xp sp3



Chemist, I ran tdsskiller.exe and no threat was found
Johnny Pollock is offline  
Old 01-09-2013, 06:42 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Johnny Pollock. You're welcome.

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

There should be a file on your desktop named MBR.dat. Right-click that file and select Send To > Compressed (zipped) folder. Please attach that zipped file to your next reply.

------------------------------------------------------

I'd still like to see the tdsskiller log. It will be located here > C:\TDSSKiller.2.8.15.0_date_time_log.txt

Please navigate to the file, double-click to open it, and copy/paste the contents in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-09-2013, 07:03 PM   #14
Registered Member
 
Join Date: Nov 2011
Location: Philadelphia
Posts: 166
OS: windows xp sp3



Chemist, I will look for the TDSSKiller file, but not to sure how to find it ?
See MBR attached
Attached Files
File Type: zip MBR.zip (522 Bytes, 48 views)
Johnny Pollock is offline  
Old 01-09-2013, 07:09 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



It will be located at the root of your C:\ drive:

C:\TDSSKiller.2.8.15.0_date_time_log.txt
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-09-2013, 07:14 PM   #16
Registered Member
 
Join Date: Nov 2011
Location: Philadelphia
Posts: 166
OS: windows xp sp3



Thanks, I found it.
Do you know where this infection came from ?
21:21:53.0671 0704 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:21:54.0015 0704 ============================================================
21:21:54.0015 0704 Current date / time: 2013/01/09 21:21:54.0015
21:21:54.0015 0704 SystemInfo:
21:21:54.0015 0704
21:21:54.0015 0704 OS Version: 5.1.2600 ServicePack: 3.0
21:21:54.0015 0704 Product type: Workstation
21:21:54.0015 0704 ComputerName: ANDREWS
21:21:54.0015 0704 UserName: John
21:21:54.0015 0704 Windows directory: C:\WINDOWS
21:21:54.0015 0704 System windows directory: C:\WINDOWS
21:21:54.0015 0704 Processor architecture: Intel x86
21:21:54.0015 0704 Number of processors: 1
21:21:54.0015 0704 Page size: 0x1000
21:21:54.0015 0704 Boot type: Normal boot
21:21:54.0015 0704 ============================================================
21:21:55.0250 0704 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:21:55.0250 0704 ============================================================
21:21:55.0250 0704 \Device\Harddisk0\DR0:
21:21:55.0250 0704 MBR partitions:
21:21:55.0250 0704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x94EAFF8
21:21:55.0250 0704 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x94FE9BD, BlocksNum 0x7D82
21:21:55.0250 0704 ============================================================
21:21:55.0281 0704 C: <-> \Device\Harddisk0\DR0\Partition1
21:21:55.0296 0704 ============================================================
21:21:55.0296 0704 Initialize success
21:21:55.0296 0704 ============================================================
21:22:18.0328 3436 ============================================================
21:22:18.0328 3436 Scan started
21:22:18.0328 3436 Mode: Manual;
21:22:18.0328 3436 ============================================================
21:22:18.0875 3436 ================ Scan system memory ========================
21:22:18.0875 3436 System memory - ok
21:22:18.0875 3436 ================ Scan services =============================
21:22:18.0890 3436 .NEOFLTR_650_15215 - ok
21:22:19.0046 3436 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
21:22:19.0046 3436 Aavmker4 - ok
21:22:19.0062 3436 Abiosdsk - ok
21:22:19.0109 3436 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
21:22:19.0109 3436 abp480n5 - ok
21:22:19.0156 3436 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:22:19.0156 3436 ACPI - ok
21:22:19.0203 3436 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:22:19.0203 3436 ACPIEC - ok
21:22:19.0296 3436 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:22:19.0296 3436 AdobeFlashPlayerUpdateSvc - ok
21:22:19.0343 3436 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\System32\DRIVERS\adpu160m.sys
21:22:19.0343 3436 adpu160m - ok
21:22:19.0390 3436 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
21:22:19.0390 3436 aeaudio - ok
21:22:19.0421 3436 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:22:19.0437 3436 aec - ok
21:22:19.0468 3436 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:22:19.0468 3436 AFD - ok
21:22:19.0531 3436 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\System32\DRIVERS\agp440.sys
21:22:19.0531 3436 agp440 - ok
21:22:19.0546 3436 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
21:22:19.0546 3436 agpCPQ - ok
21:22:19.0562 3436 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\System32\DRIVERS\aha154x.sys
21:22:19.0578 3436 Aha154x - ok
21:22:19.0609 3436 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\System32\DRIVERS\aic78u2.sys
21:22:19.0625 3436 aic78u2 - ok
21:22:19.0640 3436 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\System32\DRIVERS\aic78xx.sys
21:22:19.0640 3436 aic78xx - ok
21:22:19.0703 3436 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:22:19.0703 3436 Alerter - ok
21:22:19.0734 3436 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:22:19.0734 3436 ALG - ok
21:22:19.0781 3436 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\System32\DRIVERS\aliide.sys
21:22:19.0781 3436 AliIde - ok
21:22:19.0812 3436 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\System32\DRIVERS\alim1541.sys
21:22:19.0812 3436 alim1541 - ok
21:22:19.0859 3436 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\System32\DRIVERS\amdagp.sys
21:22:19.0859 3436 amdagp - ok
21:22:19.0906 3436 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\System32\DRIVERS\amsint.sys
21:22:19.0906 3436 amsint - ok
21:22:19.0921 3436 AppMgmt - ok
21:22:19.0937 3436 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\System32\DRIVERS\asc.sys
21:22:19.0937 3436 asc - ok
21:22:19.0968 3436 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\System32\DRIVERS\asc3350p.sys
21:22:19.0968 3436 asc3350p - ok
21:22:20.0015 3436 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\System32\DRIVERS\asc3550.sys
21:22:20.0015 3436 asc3550 - ok
21:22:20.0046 3436 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
21:22:20.0046 3436 ASCTRM - ok
21:22:20.0203 3436 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:22:20.0203 3436 aspnet_state - ok
21:22:20.0250 3436 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:22:20.0250 3436 aswFsBlk - ok
21:22:20.0281 3436 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
21:22:20.0296 3436 aswMon2 - ok
21:22:20.0312 3436 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
21:22:20.0312 3436 AswRdr - ok
21:22:20.0390 3436 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
21:22:20.0406 3436 aswSnx - ok
21:22:20.0453 3436 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
21:22:20.0453 3436 aswSP - ok
21:22:20.0484 3436 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
21:22:20.0484 3436 aswTdi - ok
21:22:20.0531 3436 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:22:20.0531 3436 AsyncMac - ok
21:22:20.0593 3436 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:22:20.0593 3436 atapi - ok
21:22:20.0609 3436 Atdisk - ok
21:22:20.0640 3436 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:22:20.0640 3436 Atmarpc - ok
21:22:20.0687 3436 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:22:20.0687 3436 AudioSrv - ok
21:22:20.0750 3436 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:22:20.0750 3436 audstub - ok
21:22:20.0796 3436 Automatic LiveUpdate Scheduler - ok
21:22:20.0859 3436 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:22:20.0859 3436 avast! Antivirus - ok
21:22:20.0875 3436 AVGIDSDriver - ok
21:22:20.0937 3436 [ 068523D2CD260069B19AD68ADEA0D739 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
21:22:20.0937 3436 bcm4sbxp - ok
21:22:20.0968 3436 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:22:20.0968 3436 Beep - ok
21:22:21.0015 3436 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:22:21.0031 3436 BITS - ok
21:22:21.0078 3436 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
21:22:21.0078 3436 Browser - ok
21:22:21.0093 3436 bvrp_pci - ok
21:22:21.0234 3436 catchme - ok
21:22:21.0281 3436 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
21:22:21.0296 3436 cbidf - ok
21:22:21.0312 3436 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:22:21.0312 3436 cbidf2k - ok
21:22:21.0375 3436 [ A9ACC4B9730B6D5B0BB2BFFDC53F0812 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
21:22:21.0375 3436 CCALib8 - ok
21:22:21.0421 3436 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
21:22:21.0421 3436 cd20xrnt - ok
21:22:21.0453 3436 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:22:21.0453 3436 Cdaudio - ok
21:22:21.0500 3436 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:22:21.0500 3436 Cdfs - ok
21:22:21.0546 3436 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\CDROM.SYS
21:22:21.0562 3436 Cdrom - ok
21:22:21.0578 3436 Changer - ok
21:22:21.0609 3436 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:22:21.0625 3436 CiSvc - ok
21:22:21.0640 3436 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:22:21.0640 3436 ClipSrv - ok
21:22:21.0703 3436 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:22:21.0718 3436 clr_optimization_v2.0.50727_32 - ok
21:22:21.0765 3436 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:22:21.0765 3436 clr_optimization_v4.0.30319_32 - ok
21:22:21.0812 3436 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\System32\DRIVERS\cmdide.sys
21:22:21.0812 3436 CmdIde - ok
21:22:21.0828 3436 COMSysApp - ok
21:22:21.0859 3436 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\System32\DRIVERS\cpqarray.sys
21:22:21.0859 3436 Cpqarray - ok
21:22:21.0875 3436 cpuz134 - ok
21:22:21.0921 3436 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:22:21.0937 3436 CryptSvc - ok
21:22:21.0968 3436 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
21:22:21.0968 3436 dac2w2k - ok
21:22:22.0000 3436 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\System32\DRIVERS\dac960nt.sys
21:22:22.0000 3436 dac960nt - ok
21:22:22.0062 3436 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:22:22.0093 3436 DcomLaunch - ok
21:22:22.0125 3436 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:22:22.0140 3436 Dhcp - ok
21:22:22.0187 3436 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:22:22.0187 3436 Disk - ok
21:22:22.0203 3436 dmadmin - ok
21:22:22.0250 3436 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:22:22.0281 3436 dmboot - ok
21:22:22.0328 3436 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:22:22.0328 3436 dmio - ok
21:22:22.0359 3436 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:22:22.0359 3436 dmload - ok
21:22:22.0421 3436 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:22:22.0421 3436 dmserver - ok
21:22:22.0468 3436 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:22:22.0468 3436 DMusic - ok
21:22:22.0531 3436 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:22:22.0531 3436 Dnscache - ok
21:22:22.0593 3436 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:22:22.0593 3436 Dot3svc - ok
21:22:22.0625 3436 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\System32\DRIVERS\dpti2o.sys
21:22:22.0625 3436 dpti2o - ok
21:22:22.0671 3436 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:22:22.0671 3436 drmkaud - ok
21:22:22.0718 3436 [ 7F056A52BCBA3102D2D37A4A2646C807 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
21:22:22.0734 3436 drvmcdb - ok
21:22:22.0750 3436 [ D3C1E501ED42E77574B3095309DD4075 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
21:22:22.0750 3436 drvnddm - ok
21:22:22.0812 3436 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
21:22:22.0812 3436 DSBrokerService - ok
21:22:22.0859 3436 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
21:22:22.0875 3436 DSproct - ok
21:22:22.0890 3436 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
21:22:22.0890 3436 dsunidrv - ok
21:22:22.0937 3436 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:22:22.0937 3436 EapHost - ok
21:22:22.0984 3436 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
21:22:22.0984 3436 EL90XBC - ok
21:22:23.0031 3436 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:22:23.0031 3436 ERSvc - ok
21:22:23.0062 3436 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:22:23.0093 3436 Eventlog - ok
21:22:23.0125 3436 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
21:22:23.0140 3436 EventSystem - ok
21:22:23.0171 3436 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:22:23.0187 3436 Fastfat - ok
21:22:23.0234 3436 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:22:23.0250 3436 FastUserSwitchingCompatibility - ok
21:22:23.0281 3436 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:22:23.0281 3436 Fdc - ok
21:22:23.0312 3436 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:22:23.0312 3436 Fips - ok
21:22:23.0343 3436 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:22:23.0359 3436 Flpydisk - ok
21:22:23.0406 3436 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:22:23.0421 3436 FltMgr - ok
21:22:23.0500 3436 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:22:23.0500 3436 FontCache3.0.0.0 - ok
21:22:23.0546 3436 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:22:23.0546 3436 Fs_Rec - ok
21:22:23.0593 3436 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:22:23.0609 3436 Ftdisk - ok
21:22:23.0640 3436 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:22:23.0640 3436 Gpc - ok
21:22:23.0718 3436 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:22:23.0718 3436 helpsvc - ok
21:22:23.0734 3436 HidServ - ok
21:22:23.0765 3436 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:22:23.0765 3436 HidUsb - ok
21:22:23.0812 3436 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:22:23.0828 3436 hkmsvc - ok
21:22:23.0859 3436 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\System32\DRIVERS\hpn.sys
21:22:23.0859 3436 hpn - ok
21:22:23.0953 3436 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:22:23.0953 3436 hpqcxs08 - ok
21:22:23.0984 3436 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:22:24.0000 3436 hpqddsvc - ok
21:22:24.0046 3436 [ 9D23402D305869844BC6004A05CC74BA ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:22:24.0062 3436 HPSLPSVC - ok
21:22:24.0109 3436 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:22:24.0125 3436 HTTP - ok
21:22:24.0156 3436 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:22:24.0171 3436 HTTPFilter - ok
21:22:24.0203 3436 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
21:22:24.0203 3436 i2omgmt - ok
21:22:24.0234 3436 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\System32\DRIVERS\i2omp.sys
21:22:24.0234 3436 i2omp - ok
21:22:24.0296 3436 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:22:24.0296 3436 i8042prt - ok
21:22:24.0343 3436 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
21:22:24.0343 3436 i81x - ok
21:22:24.0390 3436 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
21:22:24.0390 3436 iAimFP0 - ok
21:22:24.0406 3436 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
21:22:24.0406 3436 iAimFP1 - ok
21:22:24.0421 3436 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
21:22:24.0421 3436 iAimFP2 - ok
21:22:24.0484 3436 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
21:22:24.0484 3436 iAimFP3 - ok
21:22:24.0718 3436 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
21:22:24.0718 3436 iAimFP4 - ok
21:22:24.0765 3436 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
21:22:24.0765 3436 iAimTV0 - ok
21:22:24.0781 3436 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
21:22:24.0796 3436 iAimTV1 - ok
21:22:24.0812 3436 iAimTV2 - ok
21:22:24.0828 3436 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
21:22:24.0828 3436 iAimTV3 - ok
21:22:24.0843 3436 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
21:22:24.0859 3436 iAimTV4 - ok
21:22:24.0890 3436 [ 1406D6EF4436AEE970EFE13193123965 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:22:24.0890 3436 ialm - ok
21:22:25.0000 3436 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:22:25.0031 3436 idsvc - ok
21:22:25.0062 3436 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:22:25.0062 3436 Imapi - ok
21:22:25.0109 3436 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:22:25.0125 3436 ImapiService - ok
21:22:25.0156 3436 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\System32\DRIVERS\ini910u.sys
21:22:25.0156 3436 ini910u - ok
21:22:25.0250 3436 [ 7509C548400F4C9E0211E3F6E66ABBE6 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys
21:22:25.0265 3436 IntelC51 - ok
21:22:25.0312 3436 [ 9584FFDD41D37F2C239681D0DAC2513E ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys
21:22:25.0328 3436 IntelC52 - ok
21:22:25.0343 3436 [ DE2686C0E012E6AE24ACD6E79EB7FF5D ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys
21:22:25.0343 3436 IntelC53 - ok
21:22:25.0390 3436 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\System32\DRIVERS\intelide.sys
21:22:25.0390 3436 IntelIde - ok
21:22:25.0437 3436 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:22:25.0437 3436 intelppm - ok
21:22:25.0468 3436 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:22:25.0484 3436 ip6fw - ok
21:22:25.0500 3436 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:22:25.0500 3436 IpInIp - ok
21:22:25.0546 3436 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:22:25.0562 3436 IpNat - ok
21:22:25.0578 3436 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:22:25.0578 3436 IPSec - ok
21:22:25.0625 3436 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:22:25.0625 3436 IRENUM - ok
21:22:25.0656 3436 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:22:25.0671 3436 isapnp - ok
21:22:25.0765 3436 [ 6F9AE59017FAE7E111265394967E846E ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
21:22:25.0765 3436 JavaQuickStarterService - ok
21:22:25.0796 3436 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:22:25.0812 3436 Kbdclass - ok
21:22:25.0843 3436 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:22:25.0843 3436 kbdhid - ok
21:22:25.0875 3436 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:22:25.0890 3436 kmixer - ok
21:22:25.0921 3436 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:22:25.0921 3436 KSecDD - ok
21:22:25.0968 3436 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:22:25.0984 3436 lanmanserver - ok
21:22:26.0015 3436 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:22:26.0031 3436 lanmanworkstation - ok
21:22:26.0031 3436 Lavasoft Kernexplorer - ok
21:22:26.0046 3436 lbrtfdc - ok
21:22:26.0062 3436 LiveUpdate - ok
21:22:26.0109 3436 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:22:26.0109 3436 LmHosts - ok
21:22:26.0203 3436 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
21:22:26.0218 3436 McciCMService - ok
21:22:26.0296 3436 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
21:22:26.0312 3436 MDM - ok
21:22:26.0343 3436 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:22:26.0359 3436 Messenger - ok
21:22:26.0390 3436 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:22:26.0390 3436 mnmdd - ok
21:22:26.0437 3436 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
21:22:26.0453 3436 mnmsrvc - ok
21:22:26.0500 3436 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:22:26.0500 3436 Modem - ok
21:22:26.0546 3436 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:22:26.0546 3436 MODEMCSA - ok
21:22:26.0593 3436 [ 59B8B11FF70728EEC60E72131C58B716 ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys
21:22:26.0593 3436 mohfilt - ok
21:22:26.0609 3436 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:22:26.0625 3436 Mouclass - ok
21:22:26.0640 3436 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:22:26.0640 3436 MountMgr - ok
21:22:26.0687 3436 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:22:26.0703 3436 MozillaMaintenance - ok
21:22:26.0750 3436 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:22:26.0750 3436 MpFilter - ok
21:22:26.0781 3436 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\System32\DRIVERS\mraid35x.sys
21:22:26.0781 3436 mraid35x - ok
21:22:26.0796 3436 MREMP50 - ok
21:22:26.0812 3436 MREMPR5 - ok
21:22:26.0828 3436 MRENDIS5 - ok
21:22:26.0843 3436 MRESP50 - ok
21:22:26.0875 3436 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:22:26.0890 3436 MRxDAV - ok
21:22:26.0937 3436 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:22:26.0937 3436 MRxSmb - ok
21:22:26.0968 3436 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
21:22:26.0984 3436 MSDTC - ok
21:22:27.0015 3436 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:22:27.0015 3436 Msfs - ok
21:22:27.0031 3436 MSIServer - ok
21:22:27.0078 3436 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:22:27.0078 3436 MSKSSRV - ok
21:22:27.0093 3436 MsMpSvc - ok
21:22:27.0109 3436 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:22:27.0109 3436 MSPCLOCK - ok
21:22:27.0156 3436 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:22:27.0171 3436 MSPQM - ok
21:22:27.0203 3436 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:22:27.0203 3436 mssmbios - ok
21:22:27.0250 3436 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:22:27.0250 3436 Mup - ok
21:22:27.0312 3436 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:22:27.0328 3436 napagent - ok
21:22:27.0375 3436 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:22:27.0390 3436 NDIS - ok
21:22:27.0421 3436 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:22:27.0421 3436 NdisTapi - ok
21:22:27.0453 3436 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:22:27.0453 3436 Ndisuio - ok
21:22:27.0484 3436 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:22:27.0484 3436 NdisWan - ok
21:22:27.0546 3436 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:22:27.0546 3436 NDProxy - ok
21:22:27.0593 3436 [ F8F63781BCB525D13989209AA624BDD2 ] NEOFLTR_710_19235 C:\WINDOWS\system32\Drivers\NEOFLTR_710_19235.SYS
21:22:27.0593 3436 NEOFLTR_710_19235 - ok
21:22:27.0640 3436 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
21:22:27.0640 3436 Net Driver HPZ12 - ok
21:22:27.0671 3436 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:22:27.0671 3436 NetBIOS - ok
21:22:27.0718 3436 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:22:27.0718 3436 NetBT - ok
21:22:27.0765 3436 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:22:27.0781 3436 NetDDE - ok
21:22:27.0796 3436 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:22:27.0796 3436 NetDDEdsdm - ok
21:22:27.0843 3436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:22:27.0843 3436 Netlogon - ok
21:22:27.0875 3436 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:22:27.0890 3436 Netman - ok
21:22:27.0921 3436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:22:27.0921 3436 NetTcpPortSharing - ok
21:22:27.0968 3436 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:22:27.0984 3436 Nla - ok
21:22:28.0000 3436 NMSAccess - ok
21:22:28.0046 3436 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:22:28.0046 3436 Npfs - ok
21:22:28.0093 3436 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:22:28.0093 3436 Ntfs - ok
21:22:28.0125 3436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
21:22:28.0125 3436 NtLmSsp - ok
21:22:28.0187 3436 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:22:28.0203 3436 NtmsSvc - ok
21:22:28.0250 3436 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:22:28.0250 3436 Null - ok
21:22:28.0343 3436 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:22:28.0421 3436 nv - ok
21:22:28.0453 3436 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:22:28.0453 3436 NwlnkFlt - ok
21:22:28.0484 3436 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:22:28.0484 3436 NwlnkFwd - ok
21:22:28.0531 3436 [ 53D5F1278D9EDB21689BBBCECC09108D ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
21:22:28.0531 3436 omci - ok
21:22:28.0578 3436 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:22:28.0578 3436 ose - ok
21:22:28.0625 3436 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
21:22:28.0640 3436 P3 - ok
21:22:28.0656 3436 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:22:28.0656 3436 Parport - ok
21:22:28.0687 3436 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:22:28.0687 3436 PartMgr - ok
21:22:28.0734 3436 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:22:28.0734 3436 ParVdm - ok
21:22:28.0781 3436 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:22:28.0781 3436 PCI - ok
21:22:28.0796 3436 PCIDump - ok
21:22:28.0812 3436 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:22:28.0812 3436 PCIIde - ok
21:22:28.0859 3436 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:22:28.0859 3436 Pcmcia - ok
21:22:28.0875 3436 PDCOMP - ok
21:22:28.0890 3436 PDFRAME - ok
21:22:28.0906 3436 PDRELI - ok
21:22:28.0921 3436 PDRFRAME - ok
21:22:28.0953 3436 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\System32\DRIVERS\perc2.sys
21:22:28.0953 3436 perc2 - ok
21:22:29.0000 3436 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\System32\DRIVERS\perc2hib.sys
21:22:29.0000 3436 perc2hib - ok
21:22:29.0062 3436 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:22:29.0062 3436 PlugPlay - ok
21:22:29.0093 3436 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
21:22:29.0093 3436 Pml Driver HPZ12 - ok
21:22:29.0125 3436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:22:29.0125 3436 PolicyAgent - ok
21:22:29.0156 3436 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:22:29.0156 3436 PptpMiniport - ok
21:22:29.0187 3436 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
21:22:29.0187 3436 Processor - ok
21:22:29.0203 3436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:22:29.0203 3436 ProtectedStorage - ok
21:22:29.0250 3436 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
21:22:29.0250 3436 PSI - ok
21:22:29.0312 3436 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:22:29.0312 3436 Ptilink - ok
21:22:29.0359 3436 [ 81088114178112618B1C414A65E50F7C ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
21:22:29.0375 3436 PxHelp20 - ok
21:22:29.0406 3436 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\System32\DRIVERS\ql1080.sys
21:22:29.0421 3436 ql1080 - ok
21:22:29.0437 3436 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
21:22:29.0437 3436 Ql10wnt - ok
21:22:29.0453 3436 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\System32\DRIVERS\ql12160.sys
21:22:29.0453 3436 ql12160 - ok
21:22:29.0468 3436 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\System32\DRIVERS\ql1240.sys
21:22:29.0484 3436 ql1240 - ok
21:22:29.0500 3436 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\System32\DRIVERS\ql1280.sys
21:22:29.0500 3436 ql1280 - ok
21:22:29.0531 3436 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:22:29.0531 3436 RasAcd - ok
21:22:29.0578 3436 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:22:29.0593 3436 RasAuto - ok
21:22:29.0625 3436 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:22:29.0625 3436 Rasl2tp - ok
21:22:29.0671 3436 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:22:29.0703 3436 RasMan - ok
21:22:29.0718 3436 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:22:29.0718 3436 RasPppoe - ok
21:22:29.0750 3436 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:22:29.0750 3436 Raspti - ok
21:22:29.0781 3436 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:22:29.0781 3436 Rdbss - ok
21:22:29.0812 3436 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:22:29.0812 3436 RDPCDD - ok
21:22:29.0843 3436 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:22:29.0859 3436 rdpdr - ok
21:22:29.0906 3436 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:22:29.0906 3436 RDPWD - ok
21:22:29.0968 3436 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:22:29.0968 3436 RDSessMgr - ok
21:22:30.0031 3436 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:22:30.0031 3436 redbook - ok
21:22:30.0078 3436 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:22:30.0078 3436 RemoteAccess - ok
21:22:30.0140 3436 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
21:22:30.0156 3436 RpcLocator - ok
21:22:30.0203 3436 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:22:30.0218 3436 RpcSs - ok
21:22:30.0265 3436 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
21:22:30.0265 3436 RSVP - ok
21:22:30.0281 3436 SABKUTIL - ok
21:22:30.0312 3436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:22:30.0328 3436 SamSs - ok
21:22:30.0375 3436 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:22:30.0390 3436 SCardSvr - ok
21:22:30.0437 3436 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:22:30.0453 3436 Schedule - ok
21:22:30.0500 3436 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:22:30.0500 3436 Secdrv - ok
21:22:30.0531 3436 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:22:30.0546 3436 seclogon - ok
21:22:30.0578 3436 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:22:30.0578 3436 SENS - ok
21:22:30.0625 3436 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:22:30.0625 3436 serenum - ok
21:22:30.0656 3436 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:22:30.0656 3436 Serial - ok
21:22:30.0718 3436 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:22:30.0718 3436 Sfloppy - ok
21:22:30.0781 3436 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:22:30.0796 3436 SharedAccess - ok
21:22:30.0828 3436 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:22:30.0843 3436 ShellHWDetection - ok
21:22:30.0859 3436 Simbad - ok
21:22:30.0906 3436 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\System32\DRIVERS\sisagp.sys
21:22:30.0906 3436 sisagp - ok
21:22:30.0968 3436 [ 99A9E1EF62F955C82A5001AC94B4B77B ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
21:22:30.0984 3436 smwdm - ok
21:22:31.0046 3436 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\System32\DRIVERS\sparrow.sys
21:22:31.0046 3436 Sparrow - ok
21:22:31.0078 3436 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:22:31.0078 3436 splitter - ok
21:22:31.0125 3436 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:22:31.0125 3436 Spooler - ok
21:22:31.0156 3436 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:22:31.0156 3436 sr - ok
21:22:31.0203 3436 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:22:31.0218 3436 srservice - ok
21:22:31.0265 3436 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:22:31.0265 3436 Srv - ok
21:22:31.0328 3436 [ 328E8BB94EC58480F60458FB4B8437A7 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
21:22:31.0328 3436 sscdbhk5 - ok
21:22:31.0375 3436 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:22:31.0390 3436 SSDPSRV - ok
21:22:31.0406 3436 [ 7EC8B427CEE5C0CDAC066320B93F1355 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
21:22:31.0406 3436 ssrtln - ok
21:22:31.0453 3436 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
21:22:31.0453 3436 StillCam - ok
21:22:31.0500 3436 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:22:31.0546 3436 stisvc - ok
21:22:31.0578 3436 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:22:31.0578 3436 swenum - ok
21:22:31.0609 3436 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:22:31.0609 3436 swmidi - ok
21:22:31.0625 3436 SwPrv - ok
21:22:31.0671 3436 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\System32\DRIVERS\symc810.sys
21:22:31.0671 3436 symc810 - ok
21:22:31.0687 3436 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\System32\DRIVERS\symc8xx.sys
21:22:31.0687 3436 symc8xx - ok
21:22:31.0703 3436 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\System32\DRIVERS\sym_hi.sys
21:22:31.0703 3436 sym_hi - ok
21:22:31.0718 3436 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\System32\DRIVERS\sym_u3.sys
21:22:31.0734 3436 sym_u3 - ok
21:22:31.0750 3436 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:22:31.0765 3436 sysaudio - ok
21:22:31.0812 3436 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:22:31.0812 3436 SysmonLog - ok
21:22:31.0859 3436 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:22:31.0875 3436 TapiSrv - ok
21:22:31.0921 3436 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:22:31.0921 3436 Tcpip - ok
21:22:31.0968 3436 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:22:31.0968 3436 TDPIPE - ok
21:22:31.0984 3436 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:22:31.0984 3436 TDTCP - ok
21:22:32.0015 3436 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:22:32.0015 3436 TermDD - ok
21:22:32.0062 3436 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:22:32.0078 3436 TermService - ok
21:22:32.0187 3436 [ C229BF90443BE8D3BD2B65D7F3AC0F35 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
21:22:32.0187 3436 tfsnboio - ok
21:22:32.0203 3436 [ 79EE9FCD7728E54AB8FBC30962F0416F ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
21:22:32.0203 3436 tfsncofs - ok
21:22:32.0234 3436 [ 9EFB37E7DE17D783A059B653F7E8AFAD ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
21:22:32.0234 3436 tfsndrct - ok
21:22:32.0250 3436 [ 130254995EBEDCB34D62E8D78EC9DBD0 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
21:22:32.0250 3436 tfsndres - ok
21:22:32.0281 3436 [ 9B40E1E4AEED849812A2E43A388A7E77 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
21:22:32.0281 3436 tfsnifs - ok
21:22:32.0296 3436 [ 818047AD850B312705AA17CA96B9427D ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
21:22:32.0296 3436 tfsnopio - ok
21:22:32.0328 3436 [ 4603E813BCC6DD465CD8D2AFD37FA90D ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
21:22:32.0328 3436 tfsnpool - ok
21:22:32.0359 3436 [ 6FC2CD904A9A55ACFDFC780A611A75ED ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
21:22:32.0359 3436 tfsnudf - ok
21:22:32.0375 3436 [ D4AFA4D00F8DB3FD1C15B3FE49C3A96C ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
21:22:32.0375 3436 tfsnudfa - ok
21:22:32.0406 3436 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:22:32.0421 3436 Themes - ok
21:22:32.0484 3436 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\System32\DRIVERS\toside.sys
21:22:32.0484 3436 TosIde - ok
21:22:32.0531 3436 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:22:32.0546 3436 TrkWks - ok
21:22:32.0578 3436 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:22:32.0578 3436 Udfs - ok
21:22:32.0609 3436 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\System32\DRIVERS\ultra.sys
21:22:32.0609 3436 ultra - ok
21:22:32.0640 3436 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
21:22:32.0656 3436 UMWdf - ok
21:22:32.0703 3436 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:22:32.0718 3436 Update - ok
21:22:32.0765 3436 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:22:32.0781 3436 upnphost - ok
21:22:32.0812 3436 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:22:32.0828 3436 UPS - ok
21:22:32.0875 3436 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:22:32.0875 3436 usbccgp - ok
21:22:32.0921 3436 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:22:32.0921 3436 usbehci - ok
21:22:32.0937 3436 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:22:32.0953 3436 usbhub - ok
21:22:32.0984 3436 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:22:32.0984 3436 usbprint - ok
21:22:33.0015 3436 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:22:33.0015 3436 usbscan - ok
21:22:33.0046 3436 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:22:33.0046 3436 USBSTOR - ok
21:22:33.0078 3436 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:22:33.0078 3436 usbuhci - ok
21:22:33.0093 3436 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:22:33.0109 3436 VgaSave - ok
21:22:33.0140 3436 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\System32\DRIVERS\viaagp.sys
21:22:33.0140 3436 viaagp - ok
21:22:33.0156 3436 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\System32\DRIVERS\viaide.sys
21:22:33.0156 3436 ViaIde - ok
21:22:33.0187 3436 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:22:33.0203 3436 VolSnap - ok
21:22:33.0250 3436 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:22:33.0265 3436 VSS - ok
21:22:33.0296 3436 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
21:22:33.0312 3436 w32time - ok
21:22:33.0343 3436 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:22:33.0343 3436 Wanarp - ok
21:22:33.0375 3436 wanatw - ok
21:22:33.0421 3436 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
21:22:33.0421 3436 WDC_SAM - ok
21:22:33.0437 3436 WDICA - ok
21:22:33.0468 3436 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:22:33.0468 3436 wdmaud - ok
21:22:33.0531 3436 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:22:33.0546 3436 WebClient - ok
21:22:33.0718 3436 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:22:33.0718 3436 winmgmt - ok
21:22:33.0796 3436 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
21:22:33.0796 3436 WmdmPmSN - ok
21:22:33.0875 3436 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
21:22:33.0875 3436 WmiApSrv - ok
21:22:33.0968 3436 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:22:34.0000 3436 WPFFontCache_v0400 - ok
21:22:34.0062 3436 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:22:34.0062 3436 WS2IFSL - ok
21:22:34.0109 3436 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:22:34.0125 3436 wscsvc - ok
21:22:34.0140 3436 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:22:34.0156 3436 wuauserv - ok
21:22:34.0218 3436 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:22:34.0250 3436 WZCSVC - ok
21:22:34.0296 3436 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:22:34.0312 3436 xmlprov - ok
21:22:34.0375 3436 [ FD1F4E9CF06C71C8D73A24ACF18D8296 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
21:22:34.0375 3436 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
21:22:34.0406 3436 [ D4D7331D33D1FA73E588E5CE0D90A4C1 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
21:22:34.0421 3436 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
21:22:34.0421 3436 ================ Scan global ===============================
21:22:34.0453 3436 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:22:34.0500 3436 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:22:34.0562 3436 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:22:34.0593 3436 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:22:34.0609 3436 [Global] - ok
21:22:34.0609 3436 ================ Scan MBR ==================================
21:22:34.0640 3436 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:22:34.0781 3436 \Device\Harddisk0\DR0 - ok
21:22:34.0781 3436 ================ Scan VBR ==================================
21:22:34.0796 3436 [ F1DF664BCA7EA4E722445673A30B0CC3 ] \Device\Harddisk0\DR0\Partition1
21:22:34.0796 3436 \Device\Harddisk0\DR0\Partition1 - ok
21:22:34.0828 3436 [ 0212C30CBB8D21DED60DA0E50EBEB043 ] \Device\Harddisk0\DR0\Partition2
21:22:34.0828 3436 \Device\Harddisk0\DR0\Partition2 - ok
21:22:34.0843 3436 ============================================================
21:22:34.0843 3436 Scan finished
21:22:34.0843 3436 ============================================================
21:22:34.0859 1332 Detected object count: 0
21:22:34.0859 1332 Actual detected object count: 0
21:23:47.0000 4060 Deinitialize success
Johnny Pollock is offline  
Old 01-09-2013, 07:24 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Johnny Pollock. That's pretty much impossible to determine.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Backup any files you cannot live without before proceeding just as a precaution.

Print out these instructions to use while in the Recovery Console or read off another computer:
  • Restart your computer.
  • After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key.
  • In some systems, this may be the F5 key.
  • Instead of Windows loading as normal, a menu should appear.
  • Use the down arrow key to highlight Return to OS Choices Menu and press 'Enter'.
  • Use the up or down arrow key to highlight Microsoft Windows Recovery Console and press 'Enter'.
  • You must enter which Windows installation to log onto. Type 1 and press 'Enter'.
  • When prompted for Administrator password, enter it and press 'Enter', or if no password, just press 'Enter'.
  • At the C:\Windows prompt, type fixmbr and press 'Enter'.
  • When prompted "Are you sure you want to write a new MBR" type y and press 'Enter'.
  • Type exit and press 'Enter'.
  • Your computer should reboot.
------------------------------------------------------

Please run aswMBR and post the scan log as before.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-09-2013, 07:54 PM   #18
Registered Member
 
Join Date: Nov 2011
Location: Philadelphia
Posts: 166
OS: windows xp sp3


FYI, I am now running aswMBR.exe
After previous instructions
Johnny Pollock is offline  
Old 01-09-2013, 08:23 PM   #19
Registered Member
 
Join Date: Nov 2011
Location: Philadelphia
Posts: 166
OS: windows xp sp3



Chemist, see log I made it # 2 so I would not get confused
I hope you do not mind, but after this post, if there is anything else for me to do, I will respond back tomorrow morning
Thank you
Attached Files
File Type: txt aswMBR 2.txt (2.2 KB, 51 views)
Johnny Pollock is offline  
Old 01-10-2013, 04:22 AM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Johnny Pollock. You're welcome.

No need to attach logs going forward. Just copy/paste them directly into the Reply to Thread window. Thanks.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

Disable all antivirus and antispyware programs. Get help here

Double-click ComboFix.exe and follow the prompts to run it.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  • With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
  • It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:


  • Please click Yes to continue scanning for malware.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done.
  • ComboFix may reboot your machine. This is normal.
  • When the tool is finished, it will produce a log for you.

Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:31 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts