TechSpot

Can't acces antivirus sites or microsoft.com

By sidewaysfcs07
Jun 26, 2012
  1. title says it all :( , I have followed the 5 steps as much as I could.

    my logs





    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.26.07

    Windows XP Service Pack 2 x86 NTFS
    Internet Explorer 6.0.2900.2180
    bau bau :: SIDEWAYS-820672 [administrator]

    Protection: Enabled

    6/26/2012 8:09:18 PM
    mbam-log-2012-06-26 (20-09-18).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 194171
    Time elapsed: 6 minute(s), 19 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 4
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL|CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 1
    C:\Documents and Settings\All Users\Application Data\TheBflix (PUP.BFlix) -> Quarantined and deleted successfully.

    Files Detected: 7
    C:\Documents and Settings\All Users\Application Data\ADDICT-THING\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\TheBflix\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TBYKZ7F7\iopy[1].png (Worm.Autorun) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\TheBflix\background.html (PUP.BFlix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\TheBflix\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\TheBflix\ggjcfhkbapgipmhcdhamijaodpaemene.crx (PUP.BFlix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\TheBflix\settings.ini (PUP.BFlix) -> Quarantined and deleted successfully.

    (end)
     
  2. sidewaysfcs07

    sidewaysfcs07 TS Rookie Topic Starter

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-06-26 20:28:40
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 WDC_WD1600JS-00MHB0 rev.02.01C03
    Running: 89ce8ixu.exe; Driver: C:\DOCUME~1\BAUBAU~1\LOCALS~1\Temp\afqyrpoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT sptd.sys ZwEnumerateKey [0xF73F8E2C]
    SSDT sptd.sys ZwEnumerateValueKey [0xF73F91BA]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdePort0 867D21E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 867D21E8
    Device \Driver\atapi \Device\Ide\IdePort1 867D21E8
    Device \Driver\atapi \Device\Ide\IdePort2 867D21E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 867D21E8
    Device \Driver\atapi \Device\Ide\IdePort3 867D21E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 867D21E8
    Device \Driver\agzr7f65 \Device\Scsi\agzr7f651 865517A0
    Device \Driver\agzr7f65 \Device\Scsi\agzr7f651Port4Path0Target0Lun0 865517A0
    Device \FileSystem\Ntfs \Ntfs 867D11E8

    ---- Services - GMER 1.0.15 ----

    Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] wffezdnah <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----
     
  3. sidewaysfcs07

    sidewaysfcs07 TS Rookie Topic Starter

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_31
    Run by bau bau at 20:30:54 on 2012-06-26
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.462 [GMT 3:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\OSCAR Editor\OscarEditor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\OSCAR Editor\OscarData\Tools\MyShowMessage.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://mystart.incredibar.com/mb139?a=6PQyTeVRnk&I=26
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
    uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
    uRun: [Steam] "e:\games\steam\steam.exe" -silent
    uRun: [OscarEditor] "c:\program files\oscar editor\OscarEditor.exe" Minimum
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
    mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [RaidCall] c:\program files\raidcall\\raidcall.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: Interfaces\{5434F102-709B-4C0A-922A-E38AD4B14C44} : NameServer = 213.154.124.1 193.231.252.1
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\bau bau\application data\mozilla\firefox\profiles\ogvu9i1x.default\
    FF - prefs.js: browser.startup.homepage - google.ro
    FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6PQyTeVRnk&&I=26&search=
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQyTeVRnk&loc=IB_TB&I=26&search=
    FF - user.js: extensions.incredibar_i.id - 884a0ab60000000000000013d33ad7a9
    FF - user.js: extensions.incredibar_i.instlDay - 15489
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.140:23:12
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6PQyTeVRnk
    FF - user.js: extensions.incredibar_i.upn2n - 92542970437908018
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10650
    FF - user.js: extensions.incredibar_i.ppd - 20%5F5
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-6-27 61424]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-26 654408]
    R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-5-30 185856]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-26 22344]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-4 136176]
    S2 wffezdnah;Config Time;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-4 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 113120]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-06-26 17:08:22 -------- d-----w- c:\documents and settings\bau bau\application data\Malwarebytes
    2012-06-26 17:08:17 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-06-26 17:08:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-26 17:08:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-06-17 15:47:46 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
    2012-06-17 15:47:46 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
    2012-06-06 19:25:52 -------- d-----w- c:\documents and settings\all users\application data\Xilisoft
    2012-05-29 21:24:08 -------- d-----w- c:\documents and settings\all users\application data\TheBflixUpdater
    2012-05-29 21:23:26 -------- d-----w- c:\documents and settings\all users\application data\Premium
    2012-05-29 21:23:20 -------- d-----w- c:\program files\Optimizer Pro
    2012-05-29 21:23:08 -------- d-----w- c:\program files\Web Assistant
    2012-05-29 21:22:54 -------- d-----w- c:\documents and settings\all users\application data\ADDICT-THING
    2012-05-29 21:22:12 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
    2012-05-28 21:34:37 -------- d-----w- c:\documents and settings\bau bau\application data\Xilisoft
    2012-05-28 21:33:11 -------- d-----w- c:\program files\Xilisoft
    .
    ==================== Find3M ====================
    .
    2012-03-29 11:20:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-03-29 11:20:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
    .
    ============= FINISH: 20:31:34.35 ===============
     
  4. sidewaysfcs07

    sidewaysfcs07 TS Rookie Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/3/2009 4:44:05 PM
    System Uptime: 6/26/2012 8:18:36 PM (0 hours ago)
    .
    Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7143
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 478 | 2782/200mhz
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 478 | 2782/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 15 GiB total, 5.271 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 3.999 GiB free.
    E: is FIXED (NTFS) - 60 GiB total, 15.661 GiB free.
    F: is FIXED (NTFS) - 60 GiB total, 36.162 GiB free.
    G: is CDROM ()
    H: is CDROM ()
    I: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: PCI Device
    Device ID: PCI\VEN_10DE&DEV_0BE3&SUBSYS_19051462&REV_A1\4&258299F3&0&0108
    Manufacturer:
    Name: PCI Device
    PNP Device ID: PCI\VEN_10DE&DEV_0BE3&SUBSYS_19051462&REV_A1\4&258299F3&0&0108
    Service:
    .
    ==== System Restore Points ===================
    .
    RP134: 6/10/2012 2:37:11 PM - System Checkpoint
    RP135: 6/11/2012 11:56:59 PM - System Checkpoint
    RP136: 6/13/2012 5:21:02 PM - System Checkpoint
    RP137: 6/15/2012 3:29:59 PM - System Checkpoint
    RP138: 6/16/2012 4:01:12 PM - System Checkpoint
    RP139: 6/18/2012 3:26:14 PM - System Checkpoint
    RP140: 6/20/2012 8:38:17 PM - System Checkpoint
    RP141: 6/22/2012 3:54:29 PM - System Checkpoint
    RP142: 6/24/2012 11:13:55 PM - Installed Counter-Strike 1.6
    RP143: 6/25/2012 1:53:31 PM - Removed Counter-Strike 1.6
    RP144: 6/25/2012 2:45:25 PM - Installed Counter-Strike 1.6
    RP145: 6/26/2012 4:12:21 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    ĀµTorrent
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X
    ALZip 8.51
    Ares 3.1.5.3033
    ASUS Enhanced Display Driver
    Canon iP1800 series
    Counter-Strike 1.6
    CyberLink PowerDVD 8
    DVDFab Platinum 3.0.3.6 Beta Ghosthunter release
    Ghost Recon Online
    Google Earth
    Google Update Helper
    Hotfix for Windows XP (KB915865)
    Java Auto Updater
    Java(TM) 6 Update 31
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 3.0 Service Pack 1
    Microsoft .NET Framework 3.5
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Office Professional Edition 2003
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 6.0 Parser (KB933579)
    Nero 7 Ultra Edition
    Nero Sipps
    NVIDIA Control Panel 266.77
    NVIDIA Graphics Driver 266.77
    NVIDIA Install Application
    NVIDIA PhysX
    OSCAR Editor
    RaidCall
    SoundMAX
    Steam
    Team Fortress 2
    TeamSpeak 3 Client
    uTorrentBar Toolbar
    Ventrilo Client
    VLC
    VLC media player 1.1.11
    Web Assistant 2.0.0.439
    WebFldrs XP
    Winamp
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    WinRAR 4.01 (32-bit)
    Xilisoft Audio Converter Pro
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/26/2012 8:20:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    6/24/2012 10:48:08 AM, error: Service Control Manager [7018] - Detected circular dependencies auto-starting services.
    6/22/2012 7:31:19 PM, error: Service Control Manager [7023] - The Config Time service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
    6/22/2012 7:29:49 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    .
    ==== End Of File ===========================
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The Security Center has been disabled by the malware.
    You are getting malware also because you have this set as a Start page and keyword:
    mystart.incredibar.com

    The other main reason is because of file sharing:
    P2P or 'file sharing' Warning:
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall :
    ĀµTorrent
    Ares 3.1.5.3033
    uTorrentBar Toolbar
    for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.
    Please read the information on P2P Warningto help you better understand these dangers.
    ---------------------------------------------
    As long as you are using the above, you will continue to get malware.
    FYI: There is a potentially unwanted program (PUP) is usually associated with using a particular pirating site on the system.

    Another PUP on the system was downloaded from a site deemed "unsafe."
    McAfee SiteAdvisor warning
    =============================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------

    • Download Combofix from HERE or HEREand save to the desktop
      • Double click combofix.exe & follow the prompts.
      • If prompted for Recovery Console, please allow.
      • Once installed, you should see a blue screen prompt that says:
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • Close any open browsers.
    • Before you run the Combofix scan, please disable any security software you have running.
      (If you need help with this, please see HERE)
    • Click on Yes, to continue scanning for malware
    • If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.
    ==============================================
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    ===================================================
    Please leave the logs in your next reply.
     
  6. sidewaysfcs07

    sidewaysfcs07 TS Rookie Topic Starter

    I could not download CKscanner , cannot acces that site :( , tried even with "save target as" in internet explorer

    so only the combofix log for now :(


    ComboFix 12-06-26.02 - bau bau 06/27/2012 9:30.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.436 [GMT 3:00]
    Running from: c:\documents and settings\bau bau\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
    c:\program files\Web Assistant\ExTEnsion32.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-26 17:08 . 2012-06-26 17:08 -------- d-----w- c:\documents and settings\bau bau\Application Data\Malwarebytes
    2012-06-26 17:08 . 2012-06-26 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-06-26 17:08 . 2012-06-26 17:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-06-26 17:08 . 2012-04-04 12:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-17 15:47 . 2012-06-17 15:47 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
    2012-06-17 15:47 . 2012-06-17 15:47 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
    2012-06-08 14:37 . 2012-06-08 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
    2012-06-06 19:25 . 2012-06-06 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Xilisoft
    2012-05-29 21:24 . 2012-05-29 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\TheBflixUpdater
    2012-05-29 21:23 . 2012-05-29 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium
    2012-05-29 21:23 . 2012-05-29 21:38 -------- d-----w- c:\program files\Optimizer Pro
    2012-05-29 21:23 . 2012-05-29 21:23 453 ----a-w- C:\user.js
    2012-05-29 21:23 . 2012-06-27 06:34 -------- d-----w- c:\program files\Web Assistant
    2012-05-29 21:22 . 2012-05-29 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ADDICT-THING
    2012-05-29 21:22 . 2012-05-29 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
    2012-05-28 21:34 . 2012-05-28 21:34 -------- d-----w- c:\documents and settings\bau bau\Application Data\Xilisoft
    2012-05-28 21:33 . 2012-05-28 21:33 -------- d-----w- c:\program files\Xilisoft
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-29 11:20 . 2012-03-29 11:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-03-29 11:20 . 2011-11-30 10:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-06-17 15:47 . 2011-11-19 15:36 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 139264]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-19 880496]
    "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
    "Steam"="e:\games\Steam\steam.exe" [2011-12-29 1242448]
    "OscarEditor"="c:\program files\OSCAR Editor\OscarEditor.exe" [2008-07-30 2865152]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-01-04 6497592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-20 111208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-20 13881960]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-03-27 36352]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "RaidCall"="c:\program files\raidcall\\raidcall.exe" [2012-03-28 2596536]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
    "e:\\Games\\Steam\\Steam.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4914:TCP"= 4914:TCP:ynygqwvm
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/29/2011 1:01 PM 682232]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [6/27/2008 5:50 PM 61424]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/26/2012 8:08 PM 654408]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/26/2012 8:08 PM 22344]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/29/2011 1:07 PM 47360]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/4/2011 11:15 PM 136176]
    S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [5/30/2012 12:23 AM 185856]
    S2 wffezdnah;Config Time;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/4/2011 11:15 PM 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/4/2012 10:23 AM 113120]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    wffezdnah
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-04 20:15]
    .
    2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-04 20:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.ro/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: Interfaces\{5434F102-709B-4C0A-922A-E38AD4B14C44}: NameServer = 213.154.124.1 193.231.252.1
    FF - ProfilePath - c:\documents and settings\bau bau\Application Data\Mozilla\Firefox\Profiles\ogvu9i1x.default\
    FF - prefs.js: browser.startup.homepage - google.ro
    FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6PQyTeVRnk&&I=26&search=
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQyTeVRnk&loc=IB_TB&I=26&search=
    FF - user.js: extensions.incredibar_i.id - 884a0ab60000000000000013d33ad7a9
    FF - user.js: extensions.incredibar_i.instlDay - 15489
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.140:23
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6PQyTeVRnk
    FF - user.js: extensions.incredibar_i.upn2n - 92542970437908018
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10650
    FF - user.js: extensions.incredibar_i.ppd - 20%5F5
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-06-27 09:35
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wffezdnah]
    "ServiceDll"="c:\windows\system32\haqqe.dll"
    .
    Completion time: 2012-06-27 09:37:50
    ComboFix-quarantined-files.txt 2012-06-27 06:37
    .
    Pre-Run: 5,322,088,448 bytes free
    Post-Run: 5,723,017,216 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - A6C883B0E6BE6305D2E314D098350EEC
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The CK Scanner link is good and the program runs. Please try it again.
     
  8. sidewaysfcs07

    sidewaysfcs07 TS Rookie Topic Starter

    I can't , tried with both internet explorer and mozilla firefox, im getting the "this page cannot be displayed / server not found" message , wich is also what I get if I try to acces antivirus sites
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, you can run the following first:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.
    ====================================
    Follow with this:
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\program files\Web Assistant\ExtensionUpdaterService.exe
    Folder::
    c:\program files\Optimizer Pro
    c:\program files\Web Assistant
    c:\documents and settings\All Users\Application Data\ADDICT-THING
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4914:TCP"=-
     
    Clearjavacache::
     
    Driver::
    Web Assistant Updater
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ==========================================
    Please leave TDSSKiller log and new Combofix log (after running the script) in next reply
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You can handle this when you finish with the TDSSKiller and Combofix scans:

    To remove MyStart.incredibar> Sign on to the Administrative Account.
    IF you use Incredimail itself: ****NOTE:Uninstall what you now have> re-downloaded. For the reinstall choose the custom installation feature and unclick the 'mystart search engine' and 'home page feature]****
    -----------------
    After the uninstall: > Open Firefox> type about:config in the location (Address) bar> Enter
    If you get a Warning, cleck 'continue' or 'I know what I'm doing'
    In the Filter box at the top of the about:config page type mystart.

    Preferences that have been modified show as bold (user set).
    Preferences can be reset to the default via the right-click context menu if they are user set
    Preferences can be changed via the right-click context menu: Modify (String or Integer) or Toggle (Boolean)

    Reset all mystart related prefs that appear bold (user set) using a right click via the right-click context menu to their default values.

    Mystart.incredibar.com(http://www.Mystart.incredibar.com) is a low quality search web that acts as a web browser hijacker virus to harm computer users. No matter what you type to the search bar of Mystart.incredibar.com, you'll be redirected to a list of links which are helpless at all
     
  11. sidewaysfcs07

    sidewaysfcs07 TS Rookie Topic Starter

    22:23:08.0468 3012 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
    22:23:08.0468 3012 ============================================================
    22:23:08.0468 3012 Current date / time: 2012/06/27 22:23:08.0468
    22:23:08.0468 3012 SystemInfo:
    22:23:08.0468 3012
    22:23:08.0468 3012 OS Version: 5.1.2600 ServicePack: 2.0
    22:23:08.0468 3012 Product type: Workstation
    22:23:08.0468 3012 ComputerName: SIDEWAYS-820672
    22:23:08.0468 3012 UserName: bau bau
    22:23:08.0468 3012 Windows directory: C:\WINDOWS
    22:23:08.0468 3012 System windows directory: C:\WINDOWS
    22:23:08.0468 3012 Processor architecture: Intel x86
    22:23:08.0468 3012 Number of processors: 2
    22:23:08.0468 3012 Page size: 0x1000
    22:23:08.0468 3012 Boot type: Normal boot
    22:23:08.0468 3012 ============================================================
    22:23:09.0734 3012 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    22:23:09.0734 3012 ============================================================
    22:23:09.0734 3012 \Device\Harddisk0\DR0:
    22:23:09.0734 3012 MBR partitions:
    22:23:09.0734 3012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D4EFFA
    22:23:09.0750 3012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4F078, BlocksNum 0x1D4EFFA
    22:23:09.0765 3012 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A9E0B1, BlocksNum 0x77BB588
    22:23:09.0781 3012 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xB259678, BlocksNum 0x77BF449
    22:23:09.0781 3012 ============================================================
    22:23:09.0796 3012 C: <-> \Device\Harddisk0\DR0\Partition0
    22:23:09.0890 3012 D: <-> \Device\Harddisk0\DR0\Partition1
    22:23:09.0953 3012 E: <-> \Device\Harddisk0\DR0\Partition2
    22:23:10.0015 3012 F: <-> \Device\Harddisk0\DR0\Partition3
    22:23:10.0015 3012 ============================================================
    22:23:10.0015 3012 Initialize success
    22:23:10.0015 3012 ============================================================
    22:23:25.0375 2888 ============================================================
    22:23:25.0375 2888 Scan started
    22:23:25.0375 2888 Mode: Manual;
    22:23:25.0375 2888 ============================================================
    22:23:26.0046 2888 Abiosdsk - ok
    22:23:26.0046 2888 abp480n5 - ok
    22:23:26.0093 2888 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    22:23:26.0109 2888 ACPI - ok
    22:23:26.0125 2888 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    22:23:26.0125 2888 ACPIEC - ok
    22:23:26.0125 2888 adpu160m - ok
    22:23:26.0156 2888 aeaudio (6803453f3ff53cf353cdbef5ffaa8b7e) C:\WINDOWS\system32\drivers\aeaudio.sys
    22:23:26.0156 2888 aeaudio - ok
    22:23:26.0203 2888 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
    22:23:26.0203 2888 aec - ok
    22:23:26.0234 2888 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
    22:23:26.0265 2888 AFD - ok
    22:23:26.0265 2888 Aha154x - ok
    22:23:26.0281 2888 aic78u2 - ok
    22:23:26.0281 2888 aic78xx - ok
    22:23:26.0312 2888 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
    22:23:26.0328 2888 Alerter - ok
    22:23:26.0343 2888 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
    22:23:26.0343 2888 ALG - ok
    22:23:26.0343 2888 AliIde - ok
    22:23:26.0343 2888 amsint - ok
    22:23:26.0390 2888 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
    22:23:26.0437 2888 AppMgmt - ok
    22:23:26.0437 2888 asc - ok
    22:23:26.0453 2888 asc3350p - ok
    22:23:26.0453 2888 asc3550 - ok
    22:23:26.0531 2888 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    22:23:26.0546 2888 aspnet_state - ok
    22:23:26.0562 2888 asuskbnt (f984f8bba45745e77ee0fc8a425bd417) C:\WINDOWS\system32\drivers\atkkbnt.sys
    22:23:26.0578 2888 asuskbnt - ok
    22:23:26.0593 2888 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    22:23:26.0593 2888 AsyncMac - ok
    22:23:26.0593 2888 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    22:23:26.0593 2888 atapi - ok
    22:23:26.0609 2888 Atdisk - ok
    22:23:26.0625 2888 ATKKeyboardService (c1bed871e20b9f0dd2a7de73e94bf9cb) C:\WINDOWS\ATKKBService.exe
    22:23:26.0625 2888 ATKKeyboardService - ok
    22:23:26.0640 2888 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    22:23:26.0640 2888 Atmarpc - ok
    22:23:26.0656 2888 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
    22:23:26.0656 2888 AudioSrv - ok
    22:23:26.0687 2888 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    22:23:26.0687 2888 audstub - ok
    22:23:26.0718 2888 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    22:23:26.0718 2888 Beep - ok
    22:23:26.0796 2888 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
    22:23:26.0859 2888 BITS - ok
    22:23:26.0875 2888 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
    22:23:26.0875 2888 Browser - ok
    22:23:26.0968 2888 catchme - ok
    22:23:27.0000 2888 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    22:23:27.0000 2888 cbidf2k - ok
    22:23:27.0000 2888 cd20xrnt - ok
    22:23:27.0015 2888 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    22:23:27.0015 2888 Cdaudio - ok
    22:23:27.0046 2888 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    22:23:27.0046 2888 Cdfs - ok
    22:23:27.0062 2888 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    22:23:27.0062 2888 Cdrom - ok
    22:23:27.0078 2888 Changer - ok
    22:23:27.0125 2888 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
    22:23:27.0125 2888 CiSvc - ok
    22:23:27.0140 2888 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
    22:23:27.0140 2888 ClipSrv - ok
    22:23:27.0171 2888 clr_optimization_v2.0.50727_32 (234b1bc2796483e1f5c3f26649fb3388) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:23:27.0187 2888 clr_optimization_v2.0.50727_32 - ok
    22:23:27.0203 2888 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:23:27.0281 2888 clr_optimization_v4.0.30319_32 - ok
    22:23:27.0296 2888 CmdIde - ok
    22:23:27.0296 2888 COMSysApp - ok
    22:23:27.0312 2888 Cpqarray - ok
    22:23:27.0328 2888 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
    22:23:27.0328 2888 CryptSvc - ok
    22:23:27.0343 2888 dac2w2k - ok
    22:23:27.0343 2888 dac960nt - ok
    22:23:27.0375 2888 DcomLaunch (5c83a4408604f737717ab96371201680) C:\WINDOWS\system32\rpcss.dll
    22:23:27.0390 2888 DcomLaunch - ok
    22:23:27.0406 2888 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
    22:23:27.0406 2888 Dhcp - ok
    22:23:27.0453 2888 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    22:23:27.0453 2888 Disk - ok
    22:23:27.0453 2888 dmadmin - ok
    22:23:27.0546 2888 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
    22:23:27.0578 2888 dmboot - ok
    22:23:27.0593 2888 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
    22:23:27.0609 2888 dmio - ok
    22:23:27.0609 2888 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    22:23:27.0609 2888 dmload - ok
    22:23:27.0640 2888 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
    22:23:27.0640 2888 dmserver - ok
    22:23:27.0671 2888 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    22:23:27.0671 2888 DMusic - ok
    22:23:27.0671 2888 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
    22:23:27.0687 2888 Dnscache - ok
    22:23:27.0687 2888 dpti2o - ok
    22:23:27.0703 2888 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    22:23:27.0718 2888 drmkaud - ok
    22:23:27.0718 2888 EIO (59d74c7b787aa3dda0948986403cea55) C:\WINDOWS\system32\drivers\EIO.sys
    22:23:27.0734 2888 EIO - ok
    22:23:27.0750 2888 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
    22:23:27.0750 2888 ERSvc - ok
    22:23:27.0765 2888 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
    22:23:27.0781 2888 Eventlog - ok
    22:23:27.0796 2888 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS\system32\es.dll
    22:23:27.0859 2888 EventSystem - ok
    22:23:27.0875 2888 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    22:23:27.0890 2888 Fastfat - ok
    22:23:27.0906 2888 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
    22:23:27.0921 2888 FastUserSwitchingCompatibility - ok
    22:23:27.0937 2888 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
    22:23:27.0937 2888 Fdc - ok
    22:23:27.0953 2888 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
    22:23:27.0953 2888 Fips - ok
    22:23:27.0984 2888 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    22:23:28.0000 2888 Flpydisk - ok
    22:23:28.0015 2888 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    22:23:28.0015 2888 FltMgr - ok
    22:23:28.0078 2888 FontCache3.0.0.0 (993883524aa9cf1c90e1545411a9ac9c) C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    22:23:28.0078 2888 FontCache3.0.0.0 - ok
    22:23:28.0109 2888 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    22:23:28.0109 2888 Fs_Rec - ok
    22:23:28.0125 2888 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    22:23:28.0125 2888 Ftdisk - ok
    22:23:28.0140 2888 GMSIPCI - ok
    22:23:28.0171 2888 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    22:23:28.0171 2888 Gpc - ok
    22:23:28.0234 2888 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    22:23:28.0250 2888 gupdate - ok
    22:23:28.0250 2888 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    22:23:28.0250 2888 gupdatem - ok
    22:23:28.0281 2888 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    22:23:28.0281 2888 helpsvc - ok
    22:23:28.0296 2888 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
    22:23:28.0312 2888 HidServ - ok
    22:23:28.0312 2888 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    22:23:28.0328 2888 HidUsb - ok
    22:23:28.0328 2888 hpn - ok
    22:23:28.0562 2888 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
    22:23:28.0578 2888 HTTP - ok
    22:23:28.0593 2888 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
    22:23:28.0593 2888 HTTPFilter - ok
    22:23:28.0609 2888 i2omgmt - ok
    22:23:28.0609 2888 i2omp - ok
    22:23:28.0625 2888 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    22:23:28.0640 2888 i8042prt - ok
    22:23:28.0656 2888 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    22:23:28.0671 2888 IDriverT - ok
    22:23:28.0734 2888 idsvc (e7cc3aeaed9893a88876744cd439f76c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    22:23:28.0765 2888 idsvc - ok
    22:23:28.0781 2888 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    22:23:28.0781 2888 Imapi - ok
    22:23:28.0843 2888 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
    22:23:28.0843 2888 ImapiService - ok
    22:23:28.0843 2888 ini910u - ok
    22:23:28.0875 2888 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
    22:23:28.0875 2888 IntelIde - ok
    22:23:28.0875 2888 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    22:23:28.0890 2888 intelppm - ok
    22:23:28.0890 2888 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    22:23:28.0890 2888 Ip6Fw - ok
    22:23:28.0921 2888 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    22:23:28.0921 2888 IpFilterDriver - ok
    22:23:28.0937 2888 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    22:23:28.0937 2888 IpInIp - ok
    22:23:28.0953 2888 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    22:23:28.0953 2888 IpNat - ok
    22:23:28.0984 2888 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    22:23:28.0984 2888 IPSec - ok
    22:23:29.0000 2888 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    22:23:29.0000 2888 IRENUM - ok
    22:23:29.0109 2888 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    22:23:29.0109 2888 isapnp - ok
    22:23:29.0187 2888 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
    22:23:29.0218 2888 JavaQuickStarterService - ok
    22:23:29.0234 2888 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    22:23:29.0234 2888 Kbdclass - ok
    22:23:29.0250 2888 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    22:23:29.0250 2888 kbdhid - ok
    22:23:29.0296 2888 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
    22:23:29.0359 2888 kmixer - ok
    22:23:29.0375 2888 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
    22:23:29.0375 2888 KSecDD - ok
    22:23:29.0406 2888 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll
    22:23:29.0406 2888 lanmanserver - ok
    22:23:29.0437 2888 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS\System32\wkssvc.dll
    22:23:29.0453 2888 lanmanworkstation - ok
    22:23:29.0468 2888 lbrtfdc - ok
    22:23:29.0500 2888 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
    22:23:29.0500 2888 LmHosts - ok
    22:23:29.0515 2888 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
    22:23:29.0531 2888 Messenger - ok
    22:23:29.0562 2888 MidiSyn (8c7d037a53b495e7c250fd70b158b581) C:\WINDOWS\system32\drivers\MidiSyn.sys
    22:23:29.0562 2888 MidiSyn - ok
    22:23:29.0593 2888 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    22:23:29.0593 2888 mnmdd - ok
    22:23:29.0625 2888 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
    22:23:29.0625 2888 mnmsrvc - ok
    22:23:29.0640 2888 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
    22:23:29.0640 2888 Modem - ok
    22:23:29.0656 2888 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    22:23:29.0656 2888 Mouclass - ok
    22:23:29.0671 2888 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    22:23:29.0671 2888 mouhid - ok
    22:23:29.0687 2888 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    22:23:29.0687 2888 MountMgr - ok
    22:23:29.0734 2888 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    22:23:29.0734 2888 MozillaMaintenance - ok
    22:23:29.0750 2888 mraid35x - ok
    22:23:29.0781 2888 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    22:23:29.0796 2888 MRxDAV - ok
    22:23:29.0843 2888 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    22:23:29.0890 2888 MRxSmb - ok
    22:23:29.0968 2888 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
    22:23:29.0968 2888 MSDTC - ok
    22:23:29.0984 2888 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    22:23:29.0984 2888 Msfs - ok
    22:23:29.0984 2888 MSICPL - ok
    22:23:30.0000 2888 MSIServer - ok
    22:23:30.0015 2888 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    22:23:30.0015 2888 MSKSSRV - ok
    22:23:30.0031 2888 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    22:23:30.0031 2888 MSPCLOCK - ok
    22:23:30.0031 2888 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    22:23:30.0031 2888 MSPQM - ok
    22:23:30.0062 2888 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    22:23:30.0062 2888 mssmbios - ok
    22:23:30.0078 2888 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    22:23:30.0093 2888 Mup - ok
    22:23:30.0187 2888 NBService (8e2e283a8ae9fa4e616327fe9ced2ab4) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    22:23:30.0203 2888 NBService - ok
    22:23:30.0218 2888 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    22:23:30.0218 2888 NDIS - ok
    22:23:30.0250 2888 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    22:23:30.0250 2888 NdisTapi - ok
    22:23:30.0265 2888 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    22:23:30.0265 2888 Ndisuio - ok
    22:23:30.0296 2888 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    22:23:30.0296 2888 NdisWan - ok
    22:23:30.0312 2888 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    22:23:30.0312 2888 NDProxy - ok
    22:23:30.0312 2888 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    22:23:30.0312 2888 NetBIOS - ok
    22:23:30.0343 2888 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    22:23:30.0359 2888 NetBT - ok
    22:23:30.0375 2888 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
    22:23:30.0375 2888 NetDDE - ok
    22:23:30.0390 2888 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
    22:23:30.0390 2888 NetDDEdsdm - ok
    22:23:30.0406 2888 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    22:23:30.0406 2888 Netlogon - ok
    22:23:30.0453 2888 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
    22:23:30.0468 2888 Netman - ok
    22:23:30.0531 2888 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    22:23:30.0546 2888 NetTcpPortSharing - ok
    22:23:30.0562 2888 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS\System32\mswsock.dll
    22:23:30.0578 2888 Nla - ok
    22:23:30.0578 2888 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    22:23:30.0593 2888 Npfs - ok
    22:23:30.0593 2888 NTACCESS - ok
    22:23:30.0640 2888 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
    22:23:30.0843 2888 Ntfs - ok
    22:23:30.0859 2888 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    22:23:30.0859 2888 NtLmSsp - ok
    22:23:30.0890 2888 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
    22:23:30.0921 2888 NtmsSvc - ok
    22:23:30.0921 2888 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    22:23:30.0937 2888 Null - ok
    22:23:31.0515 2888 nv (5a72584c700298e82a0342dc4bb38892) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    22:23:31.0906 2888 nv - ok
    22:23:31.0984 2888 NVSvc (ef895a872f11ac584413f6baea2ddb50) C:\WINDOWS\system32\nvsvc32.exe
    22:23:32.0031 2888 NVSvc - ok
    22:23:32.0062 2888 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    22:23:32.0062 2888 NwlnkFlt - ok
    22:23:32.0062 2888 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    22:23:32.0078 2888 NwlnkFwd - ok
    22:23:32.0109 2888 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:23:32.0109 2888 ose - ok
    22:23:32.0171 2888 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
    22:23:32.0187 2888 Parport - ok
    22:23:32.0203 2888 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    22:23:32.0203 2888 PartMgr - ok
    22:23:32.0218 2888 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    22:23:32.0218 2888 ParVdm - ok
    22:23:32.0234 2888 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    22:23:32.0250 2888 PCI - ok
    22:23:32.0250 2888 PCIDump - ok
    22:23:32.0250 2888 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    22:23:32.0250 2888 PCIIde - ok
    22:23:32.0296 2888 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
    22:23:32.0296 2888 Pcmcia - ok
    22:23:32.0328 2888 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\pcouffin.sys
    22:23:32.0328 2888 pcouffin - ok
    22:23:32.0343 2888 PDCOMP - ok
    22:23:32.0343 2888 PDFRAME - ok
    22:23:32.0359 2888 PDRELI - ok
    22:23:32.0359 2888 PDRFRAME - ok
    22:23:32.0359 2888 perc2 - ok
    22:23:32.0375 2888 perc2hib - ok
    22:23:32.0406 2888 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
    22:23:32.0406 2888 PlugPlay - ok
    22:23:32.0437 2888 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    22:23:32.0453 2888 PolicyAgent - ok
    22:23:32.0468 2888 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    22:23:32.0468 2888 PptpMiniport - ok
    22:23:32.0468 2888 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    22:23:32.0468 2888 ProtectedStorage - ok
    22:23:32.0484 2888 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    22:23:32.0484 2888 PSched - ok
    22:23:32.0484 2888 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    22:23:32.0484 2888 Ptilink - ok
    22:23:32.0515 2888 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    22:23:32.0515 2888 PxHelp20 - ok
    22:23:32.0515 2888 ql1080 - ok
    22:23:32.0515 2888 Ql10wnt - ok
    22:23:32.0531 2888 ql12160 - ok
    22:23:32.0531 2888 ql1240 - ok
    22:23:32.0546 2888 ql1280 - ok
    22:23:32.0562 2888 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    22:23:32.0562 2888 RasAcd - ok
    22:23:32.0578 2888 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
    22:23:32.0578 2888 RasAuto - ok
    22:23:32.0593 2888 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    22:23:32.0593 2888 Rasl2tp - ok
    22:23:32.0609 2888 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
    22:23:32.0640 2888 RasMan - ok
    22:23:32.0656 2888 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    22:23:32.0656 2888 RasPppoe - ok
    22:23:32.0671 2888 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    22:23:32.0671 2888 Raspti - ok
    22:23:32.0703 2888 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    22:23:32.0734 2888 Rdbss - ok
    22:23:32.0750 2888 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    22:23:32.0750 2888 RDPCDD - ok
    22:23:32.0781 2888 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    22:23:32.0781 2888 rdpdr - ok
    22:23:32.0796 2888 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
    22:23:32.0843 2888 RDPWD - ok
    22:23:32.0859 2888 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
    22:23:32.0875 2888 RDSessMgr - ok
    22:23:32.0890 2888 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
    22:23:32.0890 2888 redbook - ok
    22:23:32.0921 2888 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
    22:23:32.0921 2888 RemoteAccess - ok
    22:23:32.0937 2888 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
    22:23:32.0953 2888 RemoteRegistry - ok
    22:23:32.0968 2888 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
    22:23:32.0984 2888 RpcLocator - ok
    22:23:33.0015 2888 RpcSs (5c83a4408604f737717ab96371201680) C:\WINDOWS\System32\rpcss.dll
    22:23:33.0015 2888 RpcSs - ok
    22:23:33.0062 2888 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    22:23:33.0062 2888 RSVP - ok
    22:23:33.0093 2888 RTL8023xp (1e11171c0b9989e1bdaa59e96b2e81c4) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
    22:23:33.0093 2888 RTL8023xp - ok
    22:23:33.0109 2888 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    22:23:33.0109 2888 SamSs - ok
    22:23:33.0125 2888 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
    22:23:33.0156 2888 SCardSvr - ok
    22:23:33.0312 2888 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
    22:23:33.0328 2888 Schedule - ok
    22:23:33.0343 2888 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    22:23:33.0343 2888 Secdrv - ok
    22:23:33.0359 2888 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
    22:23:33.0359 2888 seclogon - ok
    22:23:33.0406 2888 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\WINDOWS\system32\drivers\senfilt.sys
    22:23:33.0421 2888 senfilt - ok
    22:23:33.0453 2888 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
    22:23:33.0453 2888 SENS - ok
    22:23:33.0468 2888 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
    22:23:33.0468 2888 serenum - ok
    22:23:33.0484 2888 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
    22:23:33.0484 2888 Serial - ok
    22:23:33.0546 2888 SetupNTGLM7X - ok
    22:23:33.0578 2888 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
    22:23:33.0578 2888 Sfloppy - ok
    22:23:33.0609 2888 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
    22:23:33.0671 2888 SharedAccess - ok
    22:23:33.0703 2888 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
    22:23:33.0703 2888 ShellHWDetection - ok
    22:23:33.0703 2888 Simbad - ok
    22:23:33.0750 2888 smwdm (db74141bbcbe8f22acfb53215e8af0d1) C:\WINDOWS\system32\drivers\smwdm.sys
    22:23:33.0750 2888 smwdm - ok
    22:23:33.0812 2888 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    22:23:33.0812 2888 SoundMAX Agent Service (default) - ok
    22:23:33.0828 2888 Sparrow - ok
    22:23:33.0859 2888 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
    22:23:33.0859 2888 splitter - ok
    22:23:33.0875 2888 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
    22:23:33.0875 2888 Spooler - ok
    22:23:33.0921 2888 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\system32\Drivers\sptd.sys
    22:23:33.0921 2888 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4f576e516cc76ec50a244586bcfa1c78
    22:23:33.0921 2888 sptd ( LockedFile.Multi.Generic ) - warning
    22:23:33.0921 2888 sptd - detected LockedFile.Multi.Generic (1)
    22:23:33.0953 2888 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
    22:23:33.0953 2888 sr - ok
    22:23:33.0984 2888 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
    22:23:34.0000 2888 srservice - ok
    22:23:34.0031 2888 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
    22:23:34.0046 2888 Srv - ok
    22:23:34.0062 2888 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
    22:23:34.0078 2888 SSDPSRV - ok
    22:23:34.0078 2888 Steam Client Service - ok
    22:23:34.0125 2888 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
    22:23:34.0187 2888 stisvc - ok
    22:23:34.0187 2888 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    22:23:34.0187 2888 swenum - ok
    22:23:34.0218 2888 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    22:23:34.0218 2888 swmidi - ok
    22:23:34.0234 2888 SwPrv - ok
    22:23:34.0234 2888 symc810 - ok
    22:23:34.0250 2888 symc8xx - ok
    22:23:34.0250 2888 sym_hi - ok
    22:23:34.0265 2888 sym_u3 - ok
    22:23:34.0281 2888 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    22:23:34.0281 2888 sysaudio - ok
    22:23:34.0312 2888 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
    22:23:34.0328 2888 SysmonLog - ok
    22:23:34.0343 2888 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
    22:23:34.0390 2888 TapiSrv - ok
    22:23:34.0437 2888 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    22:23:34.0484 2888 Tcpip - ok
    22:23:34.0500 2888 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    22:23:34.0500 2888 TDPIPE - ok
    22:23:34.0515 2888 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    22:23:34.0515 2888 TDTCP - ok
    22:23:34.0531 2888 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    22:23:34.0531 2888 TermDD - ok
    22:23:34.0562 2888 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
    22:23:34.0578 2888 TermService - ok
    22:23:34.0609 2888 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
    22:23:34.0609 2888 Themes - ok
    22:23:34.0640 2888 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
    22:23:34.0640 2888 TlntSvr - ok
    22:23:34.0640 2888 TosIde - ok
    22:23:34.0671 2888 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
    22:23:34.0687 2888 TrkWks - ok
    22:23:34.0703 2888 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    22:23:34.0703 2888 Udfs - ok
    22:23:34.0718 2888 ultra - ok
    22:23:34.0734 2888 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
    22:23:34.0750 2888 UMWdf - ok
    22:23:34.0765 2888 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
    22:23:34.0765 2888 Update - ok
    22:23:34.0796 2888 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
    22:23:34.0828 2888 upnphost - ok
    22:23:34.0843 2888 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
    22:23:34.0859 2888 UPS - ok
    22:23:34.0890 2888 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    22:23:34.0890 2888 usbccgp - ok
    22:23:34.0984 2888 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    22:23:35.0015 2888 usbehci - ok
    22:23:35.0031 2888 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    22:23:35.0031 2888 usbhub - ok
    22:23:35.0046 2888 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    22:23:35.0062 2888 usbprint - ok
    22:23:35.0078 2888 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    22:23:35.0078 2888 USBSTOR - ok
    22:23:35.0109 2888 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    22:23:35.0109 2888 usbuhci - ok
    22:23:35.0140 2888 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    22:23:35.0140 2888 VgaSave - ok
    22:23:35.0140 2888 ViaIde - ok
    22:23:35.0171 2888 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
    22:23:35.0171 2888 VolSnap - ok
    22:23:35.0203 2888 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
    22:23:35.0218 2888 VSS - ok
    22:23:35.0250 2888 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
    22:23:35.0281 2888 W32Time - ok
    22:23:35.0296 2888 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    22:23:35.0312 2888 Wanarp - ok
    22:23:35.0312 2888 WDICA - ok
    22:23:35.0343 2888 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
    22:23:35.0343 2888 wdmaud - ok
    22:23:35.0390 2888 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
     
  12. sidewaysfcs07

    sidewaysfcs07 TS Rookie Topic Starter

    22:23:35.0390 2888 WebClient - ok
    22:23:35.0390 2888 Suspicious service (NoAccess): wffezdnah
    22:23:35.0437 2888 wffezdnah (574cf0062911c8c4eca2156187b8207d) C:\WINDOWS\system32\haqqe.dll
    22:23:35.0437 2888 Suspicious file (NoAccess): C:\WINDOWS\system32\haqqe.dll. md5: 574cf0062911c8c4eca2156187b8207d
    22:23:35.0437 2888 wffezdnah ( LockedService.Multi.Generic ) - warning
    22:23:35.0437 2888 wffezdnah - detected LockedService.Multi.Generic (1)
    22:23:35.0500 2888 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
    22:23:35.0531 2888 winmgmt - ok
    22:23:35.0578 2888 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
    22:23:35.0578 2888 WmdmPmSN - ok
    22:23:35.0625 2888 Wmi (1aff244ca134956c54474f4e2433e4ce) C:\WINDOWS\System32\advapi32.dll
    22:23:35.0640 2888 Wmi - ok
    22:23:35.0671 2888 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    22:23:35.0703 2888 WmiApSrv - ok
    22:23:35.0890 2888 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    22:23:35.0953 2888 WPFFontCache_v0400 - ok
    22:23:35.0984 2888 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    22:23:36.0000 2888 WS2IFSL - ok
    22:23:36.0015 2888 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
    22:23:36.0015 2888 wscsvc - ok
    22:23:36.0046 2888 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
    22:23:36.0062 2888 wuauserv - ok
    22:23:36.0109 2888 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
    22:23:36.0125 2888 WZCSVC - ok
    22:23:36.0156 2888 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
    22:23:36.0171 2888 xmlprov - ok
    22:23:36.0437 2888 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    22:23:36.0484 2888 YahooAUService - ok
    22:23:36.0515 2888 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\CyberLink\PowerDVD8\000.fcl
    22:23:36.0515 2888 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
    22:23:36.0531 2888 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    22:23:36.0984 2888 \Device\Harddisk0\DR0 - ok
    22:23:37.0000 2888 Boot (0x1200) (847e84c43dbdbab01114456015c0a792) \Device\Harddisk0\DR0\Partition0
    22:23:37.0000 2888 \Device\Harddisk0\DR0\Partition0 - ok
    22:23:37.0015 2888 Boot (0x1200) (314b1e3b8dc642ab55f041cd6469315e) \Device\Harddisk0\DR0\Partition1
    22:23:37.0015 2888 \Device\Harddisk0\DR0\Partition1 - ok
    22:23:37.0031 2888 Boot (0x1200) (4a0ee531cd47e1b89a0fa7472af9d477) \Device\Harddisk0\DR0\Partition2
    22:23:37.0031 2888 \Device\Harddisk0\DR0\Partition2 - ok
    22:23:37.0046 2888 Boot (0x1200) (a7c1a2f25558245d9b0f1d89ac09cb0b) \Device\Harddisk0\DR0\Partition3
    22:23:37.0046 2888 \Device\Harddisk0\DR0\Partition3 - ok
    22:23:37.0046 2888 ============================================================
    22:23:37.0046 2888 Scan finished
    22:23:37.0046 2888 ============================================================
    22:23:37.0062 2836 Detected object count: 2
    22:23:37.0062 2836 Actual detected object count: 2
    22:24:13.0609 2836 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
    22:24:13.0609 2836 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
    22:24:13.0656 2836 C:\WINDOWS\system32\haqqe.dll - copied to quarantine
    22:24:13.0656 2836 wffezdnah ( LockedService.Multi.Generic ) - User select action: Quarantine
    22:24:52.0375 3608 ============================================================
    22:24:52.0375 3608 Scan started
    22:24:52.0375 3608 Mode: Manual;
    22:24:52.0375 3608 ============================================================
    22:24:52.0640 3608 Abiosdsk - ok
    22:24:52.0656 3608 abp480n5 - ok
    22:24:52.0687 3608 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    22:24:52.0687 3608 ACPI - ok
    22:24:52.0703 3608 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    22:24:52.0703 3608 ACPIEC - ok
    22:24:52.0718 3608 adpu160m - ok
    22:24:52.0734 3608 aeaudio (6803453f3ff53cf353cdbef5ffaa8b7e) C:\WINDOWS\system32\drivers\aeaudio.sys
    22:24:52.0750 3608 aeaudio - ok
    22:24:52.0765 3608 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
    22:24:52.0765 3608 aec - ok
    22:24:52.0796 3608 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
    22:24:52.0812 3608 AFD - ok
    22:24:52.0812 3608 Aha154x - ok
    22:24:52.0812 3608 aic78u2 - ok
    22:24:52.0828 3608 aic78xx - ok
    22:24:52.0859 3608 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
    22:24:52.0859 3608 Alerter - ok
    22:24:52.0890 3608 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
    22:24:52.0890 3608 ALG - ok
    22:24:52.0890 3608 AliIde - ok
    22:24:52.0906 3608 amsint - ok
    22:24:52.0953 3608 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
    22:24:52.0953 3608 AppMgmt - ok
    22:24:52.0953 3608 asc - ok
    22:24:52.0968 3608 asc3350p - ok
    22:24:52.0968 3608 asc3550 - ok
    22:24:53.0046 3608 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    22:24:53.0046 3608 aspnet_state - ok
    22:24:53.0078 3608 asuskbnt (f984f8bba45745e77ee0fc8a425bd417) C:\WINDOWS\system32\drivers\atkkbnt.sys
    22:24:53.0078 3608 asuskbnt - ok
    22:24:53.0093 3608 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    22:24:53.0093 3608 AsyncMac - ok
    22:24:53.0109 3608 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    22:24:53.0109 3608 atapi - ok
    22:24:53.0109 3608 Atdisk - ok
    22:24:53.0140 3608 ATKKeyboardService (c1bed871e20b9f0dd2a7de73e94bf9cb) C:\WINDOWS\ATKKBService.exe
    22:24:53.0140 3608 ATKKeyboardService - ok
    22:24:53.0140 3608 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    22:24:53.0140 3608 Atmarpc - ok
    22:24:53.0171 3608 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
    22:24:53.0171 3608 AudioSrv - ok
    22:24:53.0203 3608 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    22:24:53.0203 3608 audstub - ok
    22:24:53.0218 3608 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    22:24:53.0218 3608 Beep - ok
    22:24:53.0265 3608 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
    22:24:53.0265 3608 BITS - ok
    22:24:53.0281 3608 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
    22:24:53.0281 3608 Browser - ok
    22:24:53.0359 3608 catchme - ok
    22:24:53.0390 3608 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    22:24:53.0390 3608 cbidf2k - ok
    22:24:53.0390 3608 cd20xrnt - ok
    22:24:53.0468 3608 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    22:24:53.0468 3608 Cdaudio - ok
    22:24:53.0562 3608 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    22:24:53.0562 3608 Cdfs - ok
    22:24:53.0593 3608 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    22:24:53.0593 3608 Cdrom - ok
    22:24:53.0593 3608 Changer - ok
    22:24:53.0625 3608 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
    22:24:53.0625 3608 CiSvc - ok
    22:24:53.0640 3608 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
    22:24:53.0640 3608 ClipSrv - ok
    22:24:53.0687 3608 clr_optimization_v2.0.50727_32 (234b1bc2796483e1f5c3f26649fb3388) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:24:53.0687 3608 clr_optimization_v2.0.50727_32 - ok
    22:24:53.0718 3608 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:24:53.0718 3608 clr_optimization_v4.0.30319_32 - ok
    22:24:53.0718 3608 CmdIde - ok
    22:24:53.0734 3608 COMSysApp - ok
    22:24:53.0750 3608 Cpqarray - ok
    22:24:53.0781 3608 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
    22:24:53.0781 3608 CryptSvc - ok
    22:24:53.0781 3608 dac2w2k - ok
    22:24:53.0781 3608 dac960nt - ok
    22:24:53.0828 3608 DcomLaunch (5c83a4408604f737717ab96371201680) C:\WINDOWS\system32\rpcss.dll
    22:24:53.0828 3608 DcomLaunch - ok
    22:24:53.0843 3608 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
    22:24:53.0843 3608 Dhcp - ok
    22:24:53.0859 3608 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    22:24:53.0859 3608 Disk - ok
    22:24:53.0875 3608 dmadmin - ok
    22:24:53.0921 3608 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
    22:24:53.0921 3608 dmboot - ok
    22:24:53.0937 3608 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
    22:24:53.0937 3608 dmio - ok
    22:24:53.0968 3608 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    22:24:53.0968 3608 dmload - ok
    22:24:53.0984 3608 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
    22:24:53.0984 3608 dmserver - ok
    22:24:54.0015 3608 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    22:24:54.0015 3608 DMusic - ok
    22:24:54.0031 3608 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
    22:24:54.0031 3608 Dnscache - ok
    22:24:54.0031 3608 dpti2o - ok
    22:24:54.0125 3608 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    22:24:54.0125 3608 drmkaud - ok
    22:24:54.0140 3608 EIO (59d74c7b787aa3dda0948986403cea55) C:\WINDOWS\system32\drivers\EIO.sys
    22:24:54.0140 3608 EIO - ok
    22:24:54.0156 3608 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
    22:24:54.0156 3608 ERSvc - ok
    22:24:54.0187 3608 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
    22:24:54.0187 3608 Eventlog - ok
    22:24:54.0234 3608 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS\system32\es.dll
    22:24:54.0234 3608 EventSystem - ok
    22:24:54.0281 3608 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    22:24:54.0281 3608 Fastfat - ok
    22:24:54.0312 3608 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
    22:24:54.0312 3608 FastUserSwitchingCompatibility - ok
    22:24:54.0343 3608 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
    22:24:54.0343 3608 Fdc - ok
    22:24:54.0375 3608 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
    22:24:54.0375 3608 Fips - ok
    22:24:54.0390 3608 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    22:24:54.0390 3608 Flpydisk - ok
    22:24:54.0421 3608 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    22:24:54.0421 3608 FltMgr - ok
    22:24:54.0500 3608 FontCache3.0.0.0 (993883524aa9cf1c90e1545411a9ac9c) C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    22:24:54.0500 3608 FontCache3.0.0.0 - ok
    22:24:54.0531 3608 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    22:24:54.0531 3608 Fs_Rec - ok
    22:24:54.0531 3608 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    22:24:54.0531 3608 Ftdisk - ok
    22:24:54.0546 3608 GMSIPCI - ok
    22:24:54.0578 3608 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    22:24:54.0578 3608 Gpc - ok
    22:24:54.0640 3608 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    22:24:54.0640 3608 gupdate - ok
    22:24:54.0656 3608 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    22:24:54.0656 3608 gupdatem - ok
    22:24:54.0687 3608 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    22:24:54.0687 3608 helpsvc - ok
    22:24:54.0765 3608 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
    22:24:54.0765 3608 HidServ - ok
    22:24:54.0812 3608 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    22:24:54.0812 3608 HidUsb - ok
    22:24:54.0812 3608 hpn - ok
    22:24:54.0875 3608 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
    22:24:54.0875 3608 HTTP - ok
    22:24:54.0890 3608 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
    22:24:54.0890 3608 HTTPFilter - ok
    22:24:54.0906 3608 i2omgmt - ok
    22:24:54.0906 3608 i2omp - ok
    22:24:54.0937 3608 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    22:24:54.0937 3608 i8042prt - ok
    22:24:55.0015 3608 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    22:24:55.0015 3608 IDriverT - ok
    22:24:55.0078 3608 idsvc (e7cc3aeaed9893a88876744cd439f76c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    22:24:55.0093 3608 idsvc - ok
    22:24:55.0093 3608 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    22:24:55.0093 3608 Imapi - ok
    22:24:55.0125 3608 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
    22:24:55.0125 3608 ImapiService - ok
    22:24:55.0140 3608 ini910u - ok
    22:24:55.0156 3608 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
    22:24:55.0156 3608 IntelIde - ok
    22:24:55.0171 3608 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    22:24:55.0171 3608 intelppm - ok
    22:24:55.0171 3608 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    22:24:55.0171 3608 Ip6Fw - ok
    22:24:55.0203 3608 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    22:24:55.0203 3608 IpFilterDriver - ok
    22:24:55.0203 3608 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    22:24:55.0203 3608 IpInIp - ok
    22:24:55.0234 3608 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    22:24:55.0234 3608 IpNat - ok
    22:24:55.0265 3608 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    22:24:55.0265 3608 IPSec - ok
    22:24:55.0312 3608 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    22:24:55.0312 3608 IRENUM - ok
    22:24:55.0359 3608 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    22:24:55.0359 3608 isapnp - ok
    22:24:55.0437 3608 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
    22:24:55.0437 3608 JavaQuickStarterService - ok
    22:24:55.0437 3608 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    22:24:55.0437 3608 Kbdclass - ok
    22:24:55.0468 3608 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    22:24:55.0468 3608 kbdhid - ok
    22:24:55.0484 3608 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
    22:24:55.0484 3608 kmixer - ok
    22:24:55.0515 3608 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
    22:24:55.0515 3608 KSecDD - ok
    22:24:55.0546 3608 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll
    22:24:55.0546 3608 lanmanserver - ok
    22:24:55.0562 3608 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS\System32\wkssvc.dll
    22:24:55.0562 3608 lanmanworkstation - ok
    22:24:55.0562 3608 lbrtfdc - ok
    22:24:55.0593 3608 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
    22:24:55.0593 3608 LmHosts - ok
    22:24:55.0609 3608 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
    22:24:55.0609 3608 Messenger - ok
    22:24:55.0625 3608 MidiSyn (8c7d037a53b495e7c250fd70b158b581) C:\WINDOWS\system32\drivers\MidiSyn.sys
    22:24:55.0640 3608 MidiSyn - ok
    22:24:55.0656 3608 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    22:24:55.0656 3608 mnmdd - ok
    22:24:55.0671 3608 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
    22:24:55.0687 3608 mnmsrvc - ok
    22:24:55.0687 3608 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
    22:24:55.0687 3608 Modem - ok
    22:24:55.0703 3608 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    22:24:55.0703 3608 Mouclass - ok
    22:24:55.0718 3608 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    22:24:55.0718 3608 mouhid - ok
    22:24:55.0734 3608 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    22:24:55.0734 3608 MountMgr - ok
    22:24:55.0828 3608 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    22:24:55.0828 3608 MozillaMaintenance - ok
    22:24:55.0843 3608 mraid35x - ok
    22:24:55.0859 3608 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    22:24:55.0859 3608 MRxDAV - ok
    22:24:55.0890 3608 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    22:24:55.0890 3608 MRxSmb - ok
    22:24:55.0921 3608 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
    22:24:55.0921 3608 MSDTC - ok
    22:24:55.0937 3608 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    22:24:55.0937 3608 Msfs - ok
    22:24:55.0937 3608 MSICPL - ok
    22:24:55.0937 3608 MSIServer - ok
    22:24:55.0968 3608 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    22:24:55.0968 3608 MSKSSRV - ok
    22:24:55.0984 3608 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    22:24:55.0984 3608 MSPCLOCK - ok
    22:24:56.0000 3608 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    22:24:56.0000 3608 MSPQM - ok
    22:24:56.0015 3608 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    22:24:56.0015 3608 mssmbios - ok
    22:24:56.0031 3608 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    22:24:56.0031 3608 Mup - ok
    22:24:56.0140 3608 NBService (8e2e283a8ae9fa4e616327fe9ced2ab4) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    22:24:56.0140 3608 NBService - ok
    22:24:56.0156 3608 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    22:24:56.0156 3608 NDIS - ok
    22:24:56.0171 3608 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    22:24:56.0171 3608 NdisTapi - ok
    22:24:56.0187 3608 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    22:24:56.0187 3608 Ndisuio - ok
    22:24:56.0359 3608 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    22:24:56.0359 3608 NdisWan - ok
    22:24:56.0359 3608 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    22:24:56.0359 3608 NDProxy - ok
    22:24:56.0375 3608 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    22:24:56.0375 3608 NetBIOS - ok
    22:24:56.0390 3608 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    22:24:56.0406 3608 NetBT - ok
    22:24:56.0421 3608 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
    22:24:56.0421 3608 NetDDE - ok
    22:24:56.0421 3608 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
    22:24:56.0421 3608 NetDDEdsdm - ok
    22:24:56.0484 3608 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    22:24:56.0484 3608 Netlogon - ok
    22:24:56.0515 3608 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
    22:24:56.0515 3608 Netman - ok
    22:24:56.0593 3608 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    22:24:56.0593 3608 NetTcpPortSharing - ok
    22:24:56.0640 3608 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS\System32\mswsock.dll
    22:24:56.0640 3608 Nla - ok
    22:24:56.0671 3608 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    22:24:56.0671 3608 Npfs - ok
    22:24:56.0671 3608 NTACCESS - ok
    22:24:56.0734 3608 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
    22:24:56.0734 3608 Ntfs - ok
    22:24:56.0734 3608 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    22:24:56.0734 3608 NtLmSsp - ok
    22:24:56.0781 3608 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
    22:24:56.0781 3608 NtmsSvc - ok
    22:24:56.0796 3608 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    22:24:56.0796 3608 Null - ok
    22:24:57.0281 3608 nv (5a72584c700298e82a0342dc4bb38892) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    22:24:57.0359 3608 nv - ok
    22:24:57.0468 3608 NVSvc (ef895a872f11ac584413f6baea2ddb50) C:\WINDOWS\system32\nvsvc32.exe
    22:24:57.0484 3608 NVSvc - ok
    22:24:57.0531 3608 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    22:24:57.0531 3608 NwlnkFlt - ok
    22:24:57.0531 3608 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    22:24:57.0531 3608 NwlnkFwd - ok
    22:24:57.0578 3608 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:24:57.0578 3608 ose - ok
    22:24:57.0687 3608 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
    22:24:57.0687 3608 Parport - ok
    22:24:57.0703 3608 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    22:24:57.0703 3608 PartMgr - ok
    22:24:57.0718 3608 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    22:24:57.0718 3608 ParVdm - ok
    22:24:57.0734 3608 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    22:24:57.0734 3608 PCI - ok
    22:24:57.0734 3608 PCIDump - ok
    22:24:57.0750 3608 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    22:24:57.0750 3608 PCIIde - ok
    22:24:57.0765 3608 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
    22:24:57.0765 3608 Pcmcia - ok
    22:24:57.0796 3608 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\pcouffin.sys
    22:24:57.0796 3608 pcouffin - ok
    22:24:57.0796 3608 PDCOMP - ok
    22:24:57.0812 3608 PDFRAME - ok
    22:24:57.0812 3608 PDRELI - ok
    22:24:57.0828 3608 PDRFRAME - ok
    22:24:57.0828 3608 perc2 - ok
    22:24:57.0843 3608 perc2hib - ok
    22:24:57.0875 3608 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
    22:24:57.0875 3608 PlugPlay - ok
    22:24:57.0921 3608 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    22:24:57.0921 3608 PolicyAgent - ok
    22:24:57.0937 3608 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    22:24:57.0937 3608 PptpMiniport - ok
    22:24:57.0937 3608 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    22:24:57.0937 3608 ProtectedStorage - ok
    22:24:57.0968 3608 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    22:24:57.0968 3608 PSched - ok
    22:24:57.0984 3608 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    22:24:57.0984 3608 Ptilink - ok
    22:24:58.0015 3608 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    22:24:58.0015 3608 PxHelp20 - ok
    22:24:58.0015 3608 ql1080 - ok
    22:24:58.0015 3608 Ql10wnt - ok
    22:24:58.0031 3608 ql12160 - ok
    22:24:58.0031 3608 ql1240 - ok
    22:24:58.0046 3608 ql1280 - ok
    22:24:58.0062 3608 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    22:24:58.0062 3608 RasAcd - ok
    22:24:58.0078 3608 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
    22:24:58.0078 3608 RasAuto - ok
    22:24:58.0093 3608 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    22:24:58.0109 3608 Rasl2tp - ok
    22:24:58.0125 3608 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
    22:24:58.0125 3608 RasMan - ok
    22:24:58.0140 3608 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    22:24:58.0140 3608 RasPppoe - ok
    22:24:58.0156 3608 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    22:24:58.0156 3608 Raspti - ok
    22:24:58.0187 3608 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    22:24:58.0187 3608 Rdbss - ok
    22:24:58.0218 3608 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    22:24:58.0218 3608 RDPCDD - ok
    22:24:58.0234 3608 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    22:24:58.0250 3608 rdpdr - ok
    22:24:58.0265 3608 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
    22:24:58.0265 3608 RDPWD - ok
    22:24:58.0281 3608 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
    22:24:58.0296 3608 RDSessMgr - ok
    22:24:58.0312 3608 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
    22:24:58.0312 3608 redbook - ok
    22:24:58.0359 3608 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
    22:24:58.0375 3608 RemoteAccess - ok
    22:24:58.0390 3608 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
    22:24:58.0390 3608 RemoteRegistry - ok
    22:24:58.0406 3608 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
    22:24:58.0406 3608 RpcLocator - ok
    22:24:58.0484 3608 RpcSs (5c83a4408604f737717ab96371201680) C:\WINDOWS\System32\rpcss.dll
    22:24:58.0484 3608 RpcSs - ok
    22:24:58.0515 3608 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    22:24:58.0531 3608 RSVP - ok
    22:24:58.0562 3608 RTL8023xp (1e11171c0b9989e1bdaa59e96b2e81c4) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
    22:24:58.0562 3608 RTL8023xp - ok
    22:24:58.0578 3608 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    22:24:58.0578 3608 SamSs - ok
    22:24:58.0593 3608 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
    22:24:58.0609 3608 SCardSvr - ok
    22:24:58.0625 3608 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
    22:24:58.0625 3608 Schedule - ok
    22:24:58.0640 3608 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    22:24:58.0656 3608 Secdrv - ok
    22:24:58.0671 3608 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
    22:24:58.0671 3608 seclogon - ok
    22:24:58.0718 3608 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\WINDOWS\system32\drivers\senfilt.sys
    22:24:58.0718 3608 senfilt - ok
    22:24:58.0734 3608 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
    22:24:58.0734 3608 SENS - ok
    22:24:58.0750 3608 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
    22:24:58.0750 3608 serenum - ok
    22:24:58.0765 3608 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
    22:24:58.0765 3608 Serial - ok
    22:24:58.0781 3608 SetupNTGLM7X - ok
    22:24:58.0796 3608 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
    22:24:58.0796 3608 Sfloppy - ok
    22:24:58.0828 3608 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
    22:24:58.0828 3608 SharedAccess - ok
    22:24:58.0890 3608 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
    22:24:58.0890 3608 ShellHWDetection - ok
    22:24:58.0890 3608 Simbad - ok
    22:24:58.0921 3608 smwdm (db74141bbcbe8f22acfb53215e8af0d1) C:\WINDOWS\system32\drivers\smwdm.sys
    22:24:58.0921 3608 smwdm - ok
    22:24:58.0984 3608 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    22:24:58.0984 3608 SoundMAX Agent Service (default) - ok
    22:24:58.0984 3608 Sparrow - ok
    22:24:59.0015 3608 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
    22:24:59.0015 3608 splitter - ok
    22:24:59.0031 3608 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
    22:24:59.0046 3608 Spooler - ok
    22:24:59.0109 3608 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\system32\Drivers\sptd.sys
    22:24:59.0109 3608 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4f576e516cc76ec50a244586bcfa1c78
    22:24:59.0109 3608 sptd ( LockedFile.Multi.Generic ) - warning
    22:24:59.0109 3608 sptd - detected LockedFile.Multi.Generic (1)
    22:24:59.0125 3608 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
    22:24:59.0125 3608 sr - ok
    22:24:59.0281 3608 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
    22:24:59.0281 3608 srservice - ok
    22:24:59.0328 3608 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
    22:24:59.0328 3608 Srv - ok
    22:24:59.0359 3608 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
    22:24:59.0359 3608 SSDPSRV - ok
    22:24:59.0406 3608 Steam Client Service - ok
    22:24:59.0437 3608 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
    22:24:59.0437 3608 stisvc - ok
    22:24:59.0453 3608 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    22:24:59.0453 3608 swenum - ok
    22:24:59.0515 3608 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    22:24:59.0515 3608 swmidi - ok
    22:24:59.0515 3608 SwPrv - ok
    22:24:59.0531 3608 symc810 - ok
    22:24:59.0531 3608 symc8xx - ok
    22:24:59.0546 3608 sym_hi - ok
    22:24:59.0546 3608 sym_u3 - ok
    22:24:59.0578 3608 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    22:24:59.0578 3608 sysaudio - ok
    22:24:59.0609 3608 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
    22:24:59.0609 3608 SysmonLog - ok
    22:24:59.0640 3608 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
    22:24:59.0640 3608 TapiSrv - ok
    22:24:59.0703 3608 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    22:24:59.0703 3608 Tcpip - ok
    22:24:59.0718 3608 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    22:24:59.0718 3608 TDPIPE - ok
    22:24:59.0734 3608 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    22:24:59.0734 3608 TDTCP - ok
    22:24:59.0765 3608 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    22:24:59.0765 3608 TermDD - ok
    22:24:59.0796 3608 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
    22:24:59.0796 3608 TermService - ok
    22:24:59.0812 3608 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
    22:24:59.0828 3608 Themes - ok
    22:24:59.0843 3608 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
    22:24:59.0843 3608 TlntSvr - ok
    22:24:59.0843 3608 TosIde - ok
    22:24:59.0875 3608 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
    22:24:59.0875 3608 TrkWks - ok
    22:24:59.0890 3608 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    22:24:59.0890 3608 Udfs - ok
    22:24:59.0890 3608 ultra - ok
    22:24:59.0921 3608 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
    22:24:59.0921 3608 UMWdf - ok
    22:24:59.0968 3608 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
    22:24:59.0968 3608 Update - ok
    22:24:59.0984 3608 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
    22:24:59.0984 3608 upnphost - ok
    22:25:00.0031 3608 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
    22:25:00.0031 3608 UPS - ok
    22:25:00.0062 3608 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    22:25:00.0062 3608 usbccgp - ok
    22:25:00.0078 3608 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    22:25:00.0078 3608 usbehci - ok
    22:25:00.0093 3608 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    22:25:00.0093 3608 usbhub - ok
    22:25:00.0109 3608 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    22:25:00.0109 3608 usbprint - ok
    22:25:00.0140 3608 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    22:25:00.0140 3608 USBSTOR - ok
    22:25:00.0171 3608 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    22:25:00.0171 3608 usbuhci - ok
    22:25:00.0171 3608 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    22:25:00.0171 3608 VgaSave - ok
    22:25:00.0187 3608 ViaIde - ok
    22:25:00.0203 3608 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
    22:25:00.0203 3608 VolSnap - ok
    22:25:00.0234 3608 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
    22:25:00.0234 3608 VSS - ok
    22:25:00.0265 3608 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
    22:25:00.0265 3608 W32Time - ok
    22:25:00.0296 3608 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    22:25:00.0296 3608 Wanarp - ok
    22:25:00.0296 3608 WDICA - ok
    22:25:00.0421 3608 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
    22:25:00.0421 3608 wdmaud - ok
    22:25:00.0468 3608 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
    22:25:00.0468 3608 WebClient - ok
    22:25:00.0468 3608 Suspicious service (NoAccess): wffezdnah
    22:25:00.0500 3608 wffezdnah (574cf0062911c8c4eca2156187b8207d) C:\WINDOWS\system32\haqqe.dll
    22:25:00.0500 3608 Suspicious file (NoAccess): C:\WINDOWS\system32\haqqe.dll. md5: 574cf0062911c8c4eca2156187b8207d
    22:25:00.0500 3608 wffezdnah ( LockedService.Multi.Generic ) - warning
    22:25:00.0500 3608 wffezdnah - detected LockedService.Multi.Generic (1)
    22:25:00.0562 3608 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
    22:25:00.0562 3608 winmgmt - ok
    22:25:00.0593 3608 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
    22:25:00.0593 3608 WmdmPmSN - ok
    22:25:00.0656 3608 Wmi (1aff244ca134956c54474f4e2433e4ce) C:\WINDOWS\System32\advapi32.dll
    22:25:00.0656 3608 Wmi - ok
    22:25:00.0703 3608 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    22:25:00.0703 3608 WmiApSrv - ok
    22:25:00.0921 3608 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    22:25:00.0937 3608 WPFFontCache_v0400 - ok
    22:25:00.0968 3608 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    22:25:00.0968 3608 WS2IFSL - ok
    22:25:01.0000 3608 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
    22:25:01.0000 3608 wscsvc - ok
    22:25:01.0031 3608 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
    22:25:01.0031 3608 wuauserv - ok
    22:25:01.0046 3608 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
    22:25:01.0062 3608 WZCSVC - ok
    22:25:01.0078 3608 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
    22:25:01.0078 3608 xmlprov - ok
    22:25:01.0171 3608 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    22:25:01.0187 3608 YahooAUService - ok
    22:25:01.0265 3608 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\CyberLink\PowerDVD8\000.fcl
    22:25:01.0265 3608 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
    22:25:01.0281 3608 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    22:25:01.0703 3608 \Device\Harddisk0\DR0 - ok
    22:25:01.0718 3608 Boot (0x1200) (847e84c43dbdbab01114456015c0a792) \Device\Harddisk0\DR0\Partition0
    22:25:01.0734 3608 \Device\Harddisk0\DR0\Partition0 - ok
    22:25:01.0750 3608 Boot (0x1200) (314b1e3b8dc642ab55f041cd6469315e) \Device\Harddisk0\DR0\Partition1
    22:25:01.0765 3608 \Device\Harddisk0\DR0\Partition1 - ok
    22:25:01.0781 3608 Boot (0x1200) (4a0ee531cd47e1b89a0fa7472af9d477) \Device\Harddisk0\DR0\Partition2
    22:25:01.0796 3608 \Device\Harddisk0\DR0\Partition2 - ok
    22:25:01.0796 3608 Boot (0x1200) (a7c1a2f25558245d9b0f1d89ac09cb0b) \Device\Harddisk0\DR0\Partition3
    22:25:01.0812 3608 \Device\Harddisk0\DR0\Partition3 - ok
    22:25:01.0812 3608 ============================================================
    22:25:01.0812 3608 Scan finished
    22:25:01.0812 3608 ============================================================
    22:25:01.0812 0836 Detected object count: 2
    22:25:01.0812 0836 Actual detected object count: 2
    22:25:07.0828 0836 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
    22:25:07.0828 0836 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
    22:25:07.0859 0836 C:\WINDOWS\system32\haqqe.dll - copied to quarantine
    22:25:07.0859 0836 wffezdnah ( LockedService.Multi.Generic ) - User select action: Quarantine
    22:25:30.0078 2000 Deinitialize success
     
  13. sidewaysfcs07

    sidewaysfcs07 TS Rookie Topic Starter

    ComboFix 12-06-27.01 - bau bau 06/27/2012 22:30:59.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.611 [GMT 3:00]
    Running from: c:\documents and settings\bau bau\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\bau bau\Desktop\CFScript.txt
    .
    FILE ::
    "c:\program files\Web Assistant\ExtensionUpdaterService.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\ADDICT-THING
    c:\documents and settings\All Users\Application Data\ADDICT-THING\background.html
    c:\documents and settings\All Users\Application Data\ADDICT-THING\content.js
    c:\documents and settings\All Users\Application Data\ADDICT-THING\gdelagicpaddbhbibmgdfbkfhhfcghbb.crx
    c:\documents and settings\All Users\Application Data\ADDICT-THING\settings.ini
    c:\program files\Optimizer Pro
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-26 17:08 . 2012-06-26 17:08 -------- d-----w- c:\documents and settings\bau bau\Application Data\Malwarebytes
    2012-06-26 17:08 . 2012-06-26 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-06-17 15:47 . 2012-06-17 15:47 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
    2012-06-17 15:47 . 2012-06-17 15:47 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
    2012-06-08 14:37 . 2012-06-08 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
    2012-06-06 19:25 . 2012-06-06 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Xilisoft
    2012-05-29 21:24 . 2012-05-29 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\TheBflixUpdater
    2012-05-29 21:23 . 2012-05-29 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium
    2012-05-29 21:23 . 2012-05-29 21:23 453 ----a-w- C:\user.js
    2012-05-29 21:22 . 2012-05-29 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
    2012-05-28 21:34 . 2012-05-28 21:34 -------- d-----w- c:\documents and settings\bau bau\Application Data\Xilisoft
    2012-05-28 21:33 . 2012-05-28 21:33 -------- d-----w- c:\program files\Xilisoft
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-17 15:47 . 2011-11-19 15:36 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 139264]
    "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
    "Steam"="e:\games\Steam\steam.exe" [2011-12-29 1242448]
    "OscarEditor"="c:\program files\OSCAR Editor\OscarEditor.exe" [2008-07-30 2865152]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-01-04 6497592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-20 111208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-20 13881960]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-03-27 36352]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "RaidCall"="c:\program files\raidcall\\raidcall.exe" [2012-03-28 2596536]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
    "e:\\Games\\Steam\\Steam.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/29/2011 1:01 PM 682232]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [6/27/2008 5:50 PM 61424]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/29/2011 1:07 PM 47360]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/4/2011 11:15 PM 136176]
    S2 wffezdnah;Config Time;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/4/2011 11:15 PM 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/4/2012 10:23 AM 113120]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 32847900
    *Deregistered* - 32847900
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    wffezdnah
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-04 20:15]
    .
    2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-04 20:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.ro/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: Interfaces\{5434F102-709B-4C0A-922A-E38AD4B14C44}: NameServer = 213.154.124.1 193.231.252.1
    FF - ProfilePath - c:\documents and settings\bau bau\Application Data\Mozilla\Firefox\Profiles\ogvu9i1x.default\
    FF - prefs.js: browser.startup.homepage - google.ro
    FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6PQyTeVRnk&&I=26&search=
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQyTeVRnk&loc=IB_TB&I=26&search=
    FF - user.js: extensions.incredibar_i.id - 884a0ab60000000000000013d33ad7a9
    FF - user.js: extensions.incredibar_i.instlDay - 15489
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.140:23
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6PQyTeVRnk
    FF - user.js: extensions.incredibar_i.upn2n - 92542970437908018
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10650
    FF - user.js: extensions.incredibar_i.ppd - 20%5F5
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-06-27 22:35
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wffezdnah]
    "ServiceDll"="c:\windows\system32\haqqe.dll"
    .
    Completion time: 2012-06-27 22:37:26
    ComboFix-quarantined-files.txt 2012-06-27 19:37
    ComboFix2.txt 2012-06-27 06:37
    .
    Pre-Run: 6,870,388,736 bytes free
    Post-Run: 6,884,278,272 bytes free
    .
    - - End Of File - - DCC570D2BB95AA88CB85A3E7F5A8D712




    I ran the tdsskiller scan twice because I was not clear if it did anything the first time .
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    It shows quarantines.
    Please download SvcQuery.exe
    • Double click to run the tool
    • When prompted to enter a service name type wffezdnah
    • When asked to confirm type Y
    • A log will appear when finished> please paste that into your next reply.
    =======================================
    Please go to VirSCAN.org FREE on-line scan service:
    If busy, you can use one of the following: ( you only need one)
    VirusTotal
    Jotti

    • [1]. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.

      Code:
      c:\windows\system32\haqqe.dll
      
      [2]. At the upload site, click once inside the window next to Browse.
      [3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
      [4]. Click on the Upload button.
      This will perform a scan across multiple different virus scanning engines.
      Your file will possibly be entered into a queue which normally takes less than a minute to clear.
      Important: Wait for all of the scanning engines to complete.
      [5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
      [6]. Paste the contents of the Clipboard in your next reply.
    ====================================
    Please leave the logs from the SvcQuery and Virscan in your next reply.

    An entry fro uTorrent remains. Please do not use this program or any other file sharing program while I am helping you.
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Do you plan to continue?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...