Jump to content


Photo
- - - - -

Infection Problems


  • This topic is locked This topic is locked
20 replies to this topic

#1 deejay

deejay

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Australia

Posted 14 March 2012 - 06:45 AM

Merged post


Hi guys and gals,

I really need some help, I have been infected with some unknown virus. I have run numerous scans with AVG and malwarebytes all coming back with nothing, The symptoms I am getting at are:

Slow pc

pop up messages on my desktop randomly "message from webpage, congrats you have won a ipad 2"

everytime I start firefox I get "this is not your default browser, will you make it" I tick yes and dont ask me again.

Have attached the 2 dds files,

And Hijackthis Log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:06:46 PM, on 14/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Matthew\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
C:\Users\Matthew\Downloads\HijackThis.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://friendly-goog...ch.blogspot.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Upload to Facebook - C:\Program Files\UploadRabbitforFacebook\iecontext.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe

--
End of file - 11092 bytesAttached File  DDS.txt   21.45KB   3 downloadsAttached File  Attach.txt   21.61KB   1 downloads

And I am now getting this error from Malwarebytes

Attached File  malwarebytes.jpg   30.14KB   4 downloads

#2 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 19 March 2012 - 06:11 PM

:welcome:

Please don't attach the scan results, use Copy/Paste

Logs will be closed if you haven't replied within 3 days


DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt in your next reply

Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 deejay

deejay

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Australia

Posted 19 March 2012 - 06:31 PM

as requested

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Matthew at 10:20:28 on 2012-03-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1788.835 [GMT 11:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Matthew\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Matthew\Downloads\ATF_Cleaner.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://friendly-google-search.blogspot.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Google Update] "c:\users\matthew\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
uPolicies-explorer: NoInstrumentation = 1
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: Upload to Facebook - c:\program files\uploadrabbitforfacebook\iecontext.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 203.12.160.35 203.12.160.36 192.168.1.1
TCP: Interfaces\{0C22E69E-3C0B-449F-8EC6-12F9AB67FC80} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6E9E60BE-0811-410A-BA40-9D94B19AE934} : DhcpNameServer = 203.12.160.35 203.12.160.36 192.168.1.1
TCP: Interfaces\{6E9E60BE-0811-410A-BA40-9D94B19AE934}\E43435 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\matthew\appdata\roaming\mozilla\firefox\profiles\0llz4515.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\matthew\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-3-11 64512]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-1-31 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-1-31 12464]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2012-3-12 17904]
R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2012-3-12 34768]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2012-3-12 11776]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-1-5 167936]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2012-1-5 27320]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2012-3-12 51632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-2-2 80184]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-29 116064]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-2-2 181432]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-9 52224]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]
.
=============== Created Last 30 ================
.
2012-03-17 06:01:10 -------- d-----w- c:\users\matthew\appdata\local\Wizards of the Coast
2012-03-17 06:00:25 -------- d-----w- c:\users\matthew\appdata\local\IsolatedStorage
2012-03-17 05:56:44 -------- d-----w- c:\users\matthew\appdata\local\Apps
2012-03-17 05:56:43 -------- d-----w- c:\users\matthew\appdata\local\Deployment
2012-03-17 04:21:51 -------- d-----w- c:\users\matthew\appdata\local\CyberLink
2012-03-13 13:53:22 -------- d-----w- c:\users\matthew\appdata\roaming\Registry Mechanic
2012-03-13 10:54:34 -------- d-----w- c:\users\matthew\appdata\roaming\SUPERAntiSpyware.com
2012-03-13 10:54:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-13 10:54:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-12 09:48:41 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-03-12 00:11:24 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2012-03-12 00:11:24 512472 ----a-w- c:\windows\system32\msxml.dll
2012-03-12 00:11:24 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2012-03-12 00:11:24 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2012-03-12 00:11:24 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2012-03-12 00:11:23 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-03-12 00:11:20 -------- d-----w- c:\program files\PC Tools
2012-03-12 00:11:20 -------- d-----w- c:\program files\common files\PC Tools
2012-03-12 00:07:59 -------- d-----w- c:\programdata\PC Tools
2012-03-12 00:07:58 -------- d-----w- c:\users\matthew\appdata\roaming\Product_RM
2012-03-11 11:56:00 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-11 11:51:24 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-11 11:51:11 -------- d-----w- c:\program files\Lavasoft
2012-03-11 07:59:40 -------- d-----w- c:\users\matthew\appdata\roaming\Malwarebytes
2012-03-11 07:59:29 -------- d-----w- c:\programdata\Malwarebytes
2012-03-11 07:59:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-11 06:15:07 -------- d--h--w- C:\$AVG
2012-03-11 06:13:43 -------- d-----w- c:\program files\DA2CE
2012-03-11 06:13:40 -------- d-----w- c:\program files\LP
2012-03-11 06:13:11 -------- d--h--w- c:\users\matthew\appdata\roaming\C4ADA
2012-03-03 09:52:17 -------- d--h--w- c:\users\matthew\appdata\local\Apple Computer
2012-03-03 09:51:14 -------- d-----w- c:\program files\iPod
2012-03-03 09:51:13 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-03-03 09:51:13 -------- d-----w- c:\program files\iTunes
2012-03-03 09:50:14 -------- d--h--w- c:\users\matthew\appdata\local\Apple
2012-03-03 09:48:29 -------- d-----w- c:\program files\Bonjour
2012-03-02 13:45:50 -------- d-----w- c:\programdata\PopCap Games
2012-03-02 12:44:01 -------- d-----w- c:\program files\Plants vs. Zombies 2 Zombatar
2012-02-29 10:09:27 -------- d--h--w- c:\users\matthew\appdata\roaming\Natural Threat.Ominous Shores
2012-02-29 06:06:40 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-02-29 06:04:26 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-02-29 06:03:29 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-02-29 06:03:10 -------- d-----w- c:\windows\SHELLNEW
2012-02-27 07:39:28 -------- d--h--w- c:\users\matthew\appdata\roaming\GameInvest
2012-02-25 11:12:12 -------- d-----w- c:\users\matthew\appdata\roaming\JoyBits
2012-02-25 11:10:08 -------- d-----w- c:\program files\Foxy Games
2012-02-25 11:10:05 -------- d-----w- C:\Downloads
2012-02-23 19:20:33 -------- d--h--w- c:\users\matthew\appdata\roaming\Temp
2012-02-23 02:44:12 -------- d--h--w- c:\users\matthew\appdata\roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-02-23 02:44:01 -------- d--h--w- c:\users\matthew\appdata\local\Htc
2012-02-23 02:43:04 -------- d-----w- c:\users\matthew\appdata\roaming\HTC
2012-02-23 02:41:15 -------- d-----w- c:\program files\Spirent Communications
2012-02-23 02:40:47 -------- d-----w- c:\program files\HTC
2012-02-23 02:39:37 -------- d-----w- c:\program files\MSXML 4.0
2012-02-19 09:44:47 -------- d-----w- c:\users\matthew\appdata\roaming\Friday's games
.
==================== Find3M ====================
.
2012-03-13 12:25:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 07:11:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-31 04:51:49 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-31 03:10:05 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-31 03:10:05 161792 ----a-w- c:\windows\system32\msls31.dll
2012-01-31 03:10:04 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-31 03:10:04 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-31 03:10:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-31 03:10:04 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-31 03:10:01 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-01-31 03:10:01 367104 ----a-w- c:\windows\system32\html.iec
2012-01-31 03:10:00 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-01-31 03:09:59 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-31 03:09:59 152064 ----a-w- c:\windows\system32\wextract.exe
2012-01-31 03:09:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-01-31 03:09:58 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-01-31 03:09:58 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-31 03:09:57 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-01-31 03:09:57 11776 ----a-w- c:\windows\system32\mshta.exe
2012-01-31 03:09:57 101888 ----a-w- c:\windows\system32\admparse.dll
2012-01-14 03:35:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-04 21:38:10 505128 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-04 21:38:10 353576 ----a-w- c:\windows\system32\msvcr71.dll
2012-01-04 21:38:10 29480 ----a-w- c:\windows\system32\msxml3a.dll
2012-01-04 21:28:54 0 ----a-w- c:\windows\ativpsrm.bin
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
.
============= FINISH: 10:29:32.10 ===============

#4 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 19 March 2012 - 06:35 PM

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}


Looks like you're running 2 anti-virus programs.



Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!
The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.
Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Please do not delete anything unless instructed to.


1.Click Start > Settings > Control Panel.
2.Next, open Add/Remove Programs and remove either:
Lavasoft
AVG


Next:
Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")



Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs

  • Double click on ComboFix.exe & follow the prompts.

    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.





Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 deejay

deejay

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Australia

Posted 20 March 2012 - 12:14 AM

ok after all that, combofix was able to tell me I are infected with rootkit.zeroaccess
combofix kept crashing during scanning/removal, it also stated that it is in my tcp/ip settings

my pc still disables a few of the my startup programs, like catcalyst control centre, malwarebytes (see the screen shot on post 1)
everytime I open firefox it asks if I want it to be the default browser (even though I chose yes and tick the box)
I get random popups from "webpage" stating either just "thankyou" or "congratulations you have won a ipad2" or "are you sure you want to navigate away from this page" I always shut them down with alt + F4

#6 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 20 March 2012 - 09:40 AM

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 deejay

deejay

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Australia

Posted 20 March 2012 - 05:59 PM

09:54:37.0004 6140 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
09:54:38.0297 6140 ============================================================
09:54:38.0297 6140 Current date / time: 2012/03/21 09:54:38.0297
09:54:38.0297 6140 SystemInfo:
09:54:38.0297 6140
09:54:38.0297 6140 OS Version: 6.1.7601 ServicePack: 1.0
09:54:38.0297 6140 Product type: Workstation
09:54:38.0298 6140 ComputerName: MATTHEW-PC
09:54:38.0298 6140 UserName: Matthew
09:54:38.0298 6140 Windows directory: C:\Windows
09:54:38.0298 6140 System windows directory: C:\Windows
09:54:38.0298 6140 Processor architecture: Intel x86
09:54:38.0298 6140 Number of processors: 1
09:54:38.0298 6140 Page size: 0x1000
09:54:38.0298 6140 Boot type: Normal boot
09:54:38.0298 6140 ============================================================
09:54:40.0078 6140 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:54:40.0080 6140 \Device\Harddisk0\DR0:
09:54:40.0080 6140 MBR used
09:54:40.0080 6140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
09:54:40.0080 6140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23A07800
09:54:40.0080 6140 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23A6B800, BlocksNum 0x198F000
09:54:40.0080 6140 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
09:54:40.0181 6140 Initialize success
09:54:40.0181 6140 ============================================================
09:55:15.0133 2332 ============================================================
09:55:15.0133 2332 Scan started
09:55:15.0133 2332 Mode: Manual; SigCheck; TDLFS;
09:55:15.0133 2332 ============================================================
09:55:17.0447 2332 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
09:55:17.0548 2332 1394ohci - ok
09:55:17.0649 2332 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
09:55:17.0669 2332 a2acc - ok
09:55:17.0761 2332 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
09:55:17.0793 2332 A2DDA - ok
09:55:17.0825 2332 a2injectiondriver (23aac49133765eeaa86a65452d21ef1c) C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
09:55:17.0833 2332 a2injectiondriver - ok
09:55:17.0863 2332 a2util (2da26eb05b5495d3b2ee36456c239fb7) C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
09:55:17.0873 2332 a2util - ok
09:55:17.0971 2332 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
09:55:17.0986 2332 ACPI - ok
09:55:18.0025 2332 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
09:55:18.0085 2332 AcpiPmi - ok
09:55:18.0235 2332 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:55:18.0255 2332 adp94xx - ok
09:55:18.0288 2332 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:55:18.0304 2332 adpahci - ok
09:55:18.0329 2332 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:55:18.0399 2332 adpu320 - ok
09:55:18.0491 2332 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
09:55:18.0537 2332 AFD - ok
09:55:18.0607 2332 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\Windows\system32\DRIVERS\AGRSM.sys
09:55:18.0677 2332 AgereSoftModem - ok
09:55:18.0794 2332 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
09:55:18.0804 2332 agp440 - ok
09:55:18.0837 2332 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:55:18.0847 2332 aic78xx - ok
09:55:18.0899 2332 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
09:55:18.0909 2332 aliide - ok
09:55:18.0959 2332 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
09:55:18.0969 2332 amdagp - ok
09:55:18.0989 2332 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
09:55:18.0999 2332 amdide - ok
09:55:19.0039 2332 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:55:19.0089 2332 AmdK8 - ok
09:55:19.0139 2332 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:55:19.0179 2332 AmdPPM - ok
09:55:19.0239 2332 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
09:55:19.0249 2332 amdsata - ok
09:55:19.0269 2332 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:55:19.0279 2332 amdsbs - ok
09:55:19.0309 2332 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
09:55:19.0319 2332 amdxata - ok
09:55:19.0371 2332 ApfiltrService (7df70a08b56cbbc874744d9b0b396272) C:\Windows\system32\DRIVERS\Apfiltr.sys
09:55:19.0391 2332 ApfiltrService - ok
09:55:19.0431 2332 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
09:55:19.0551 2332 AppID - ok
09:55:19.0733 2332 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:55:19.0743 2332 arc - ok
09:55:19.0783 2332 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:55:19.0793 2332 arcsas - ok
09:55:19.0883 2332 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:55:19.0983 2332 AsyncMac - ok
09:55:20.0095 2332 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
09:55:20.0105 2332 atapi - ok
09:55:20.0175 2332 athr (6a661d017c4e5cd313f6a55acf1d7465) C:\Windows\system32\DRIVERS\athr.sys
09:55:20.0255 2332 athr - ok
09:55:20.0405 2332 AtiHdmiService (e2398389648b5d44dc63ca43fdd5b3f8) C:\Windows\system32\drivers\AtiHdmi.sys
09:55:20.0415 2332 AtiHdmiService - ok
09:55:20.0535 2332 atikmdag (bcb9cf3b087dd15a8f33a149296e6183) C:\Windows\system32\DRIVERS\atikmdag.sys
09:55:20.0719 2332 atikmdag - ok
09:55:20.0829 2332 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
09:55:20.0839 2332 AtiPcie - ok
09:55:20.0929 2332 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:55:20.0979 2332 b06bdrv - ok
09:55:21.0019 2332 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:55:21.0039 2332 b57nd60x - ok
09:55:21.0119 2332 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:55:21.0169 2332 Beep - ok
09:55:21.0231 2332 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:55:21.0261 2332 blbdrive - ok
09:55:21.0321 2332 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
09:55:21.0341 2332 bowser - ok
09:55:21.0371 2332 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:55:21.0421 2332 BrFiltLo - ok
09:55:21.0491 2332 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:55:21.0531 2332 BrFiltUp - ok
09:55:21.0641 2332 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
09:55:21.0691 2332 BridgeMP - ok
09:55:21.0743 2332 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:55:21.0793 2332 Brserid - ok
09:55:21.0803 2332 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:55:21.0833 2332 BrSerWdm - ok
09:55:21.0863 2332 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:55:21.0903 2332 BrUsbMdm - ok
09:55:21.0937 2332 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:55:21.0975 2332 BrUsbSer - ok
09:55:22.0037 2332 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
09:55:22.0077 2332 BthEnum - ok
09:55:22.0097 2332 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:55:22.0137 2332 BTHMODEM - ok
09:55:22.0177 2332 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
09:55:22.0207 2332 BthPan - ok
09:55:22.0267 2332 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
09:55:22.0317 2332 BTHPORT - ok
09:55:22.0367 2332 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
09:55:22.0387 2332 BTHUSB - ok
09:55:22.0517 2332 catchme - ok
09:55:22.0562 2332 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:55:22.0934 2332 cdfs - ok
09:55:23.0000 2332 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
09:55:23.0028 2332 cdrom - ok
09:55:23.0070 2332 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:55:23.0156 2332 circlass - ok
09:55:23.0189 2332 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:55:23.0204 2332 CLFS - ok
09:55:23.0265 2332 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:55:23.0299 2332 CmBatt - ok
09:55:23.0337 2332 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
09:55:23.0346 2332 cmdide - ok
09:55:23.0391 2332 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
09:55:23.0409 2332 CNG - ok
09:55:23.0491 2332 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:55:23.0501 2332 Compbatt - ok
09:55:23.0571 2332 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
09:55:23.0611 2332 CompositeBus - ok
09:55:23.0651 2332 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:55:23.0661 2332 crcdisk - ok
09:55:23.0741 2332 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
09:55:23.0783 2332 DfsC - ok
09:55:23.0835 2332 dg_ssudbus (919f338fd36f47d860775368d0748780) C:\Windows\system32\DRIVERS\ssudbus.sys
09:55:23.0855 2332 dg_ssudbus - ok
09:55:23.0895 2332 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:55:23.0945 2332 discache - ok
09:55:24.0007 2332 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:55:24.0017 2332 Disk - ok
09:55:24.0061 2332 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:55:24.0089 2332 drmkaud - ok
09:55:24.0149 2332 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
09:55:24.0169 2332 DXGKrnl - ok
09:55:24.0271 2332 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:55:24.0361 2332 ebdrv - ok
09:55:24.0513 2332 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:55:24.0543 2332 elxstor - ok
09:55:24.0574 2332 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
09:55:24.0598 2332 ErrDev - ok
09:55:24.0643 2332 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:55:24.0673 2332 exfat - ok
09:55:24.0695 2332 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:55:24.0743 2332 fastfat - ok
09:55:24.0786 2332 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:55:24.0815 2332 fdc - ok
09:55:24.0860 2332 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:55:24.0865 2332 FileInfo - ok
09:55:24.0885 2332 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:55:24.0935 2332 Filetrace - ok
09:55:24.0975 2332 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:55:24.0997 2332 flpydisk - ok
09:55:25.0027 2332 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:55:25.0037 2332 FltMgr - ok
09:55:25.0087 2332 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:55:25.0107 2332 FsDepends - ok
09:55:25.0127 2332 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
09:55:25.0146 2332 Fs_Rec - ok
09:55:25.0189 2332 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
09:55:25.0209 2332 fvevol - ok
09:55:25.0253 2332 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:55:25.0261 2332 gagp30kx - ok
09:55:25.0291 2332 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:55:25.0331 2332 hcw85cir - ok
09:55:25.0381 2332 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
09:55:25.0421 2332 HdAudAddService - ok
09:55:25.0451 2332 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
09:55:25.0481 2332 HDAudBus - ok
09:55:25.0521 2332 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:55:25.0551 2332 HidBatt - ok
09:55:25.0581 2332 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:55:25.0621 2332 HidBth - ok
09:55:25.0671 2332 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:55:25.0701 2332 HidIr - ok
09:55:25.0771 2332 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
09:55:25.0801 2332 HidUsb - ok
09:55:25.0893 2332 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
09:55:25.0933 2332 HpqKbFiltr - ok
09:55:25.0983 2332 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
09:55:25.0993 2332 HpSAMD - ok
09:55:26.0053 2332 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys
09:55:26.0113 2332 HTCAND32 - ok
09:55:26.0165 2332 htcnprot (339adefad60353f960e3ca67ce468c24) C:\Windows\system32\DRIVERS\htcnprot.sys
09:55:26.0205 2332 htcnprot - ok
09:55:26.0255 2332 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
09:55:26.0317 2332 HTTP - ok
09:55:26.0347 2332 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
09:55:26.0357 2332 hwpolicy - ok
09:55:26.0397 2332 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
09:55:26.0427 2332 i8042prt - ok
09:55:26.0477 2332 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
09:55:26.0497 2332 iaStorV - ok
09:55:26.0649 2332 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:55:26.0793 2332 igfx - ok
09:55:26.0913 2332 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:55:26.0913 2332 iirsp - ok
09:55:26.0964 2332 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
09:55:26.0973 2332 intelide - ok
09:55:27.0005 2332 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:55:27.0025 2332 intelppm - ok
09:55:27.0065 2332 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:55:27.0095 2332 IpFilterDriver - ok
09:55:27.0151 2332 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
09:55:27.0217 2332 IPMIDRV - ok
09:55:27.0267 2332 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:55:27.0307 2332 IPNAT - ok
09:55:27.0347 2332 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:55:27.0397 2332 IRENUM - ok
09:55:27.0437 2332 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
09:55:27.0448 2332 isapnp - ok
09:55:27.0478 2332 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
09:55:27.0488 2332 iScsiPrt - ok
09:55:27.0528 2332 JMCR (8c17deb1995e593853373c30485e7368) C:\Windows\system32\DRIVERS\jmcr.sys
09:55:27.0568 2332 JMCR - ok
09:55:27.0618 2332 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
09:55:27.0628 2332 kbdclass - ok
09:55:27.0668 2332 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
09:55:27.0688 2332 kbdhid - ok
09:55:27.0738 2332 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
09:55:27.0740 2332 KSecDD - ok
09:55:27.0770 2332 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
09:55:27.0780 2332 KSecPkg - ok
09:55:27.0882 2332 Lavasoft Kernexplorer - ok
09:55:28.0034 2332 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:55:28.0084 2332 lltdio - ok
09:55:28.0136 2332 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:55:28.0156 2332 LSI_FC - ok
09:55:28.0187 2332 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:55:28.0198 2332 LSI_SAS - ok
09:55:28.0208 2332 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:55:28.0218 2332 LSI_SAS2 - ok
09:55:28.0258 2332 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:55:28.0268 2332 LSI_SCSI - ok
09:55:28.0288 2332 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:55:28.0328 2332 luafv - ok
09:55:28.0348 2332 MBAMProtector - ok
09:55:28.0400 2332 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:55:28.0410 2332 megasas - ok
09:55:28.0440 2332 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:55:28.0450 2332 MegaSR - ok
09:55:28.0500 2332 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:55:28.0540 2332 Modem - ok
09:55:28.0592 2332 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:55:28.0622 2332 monitor - ok
09:55:28.0672 2332 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
09:55:28.0672 2332 mouclass - ok
09:55:28.0712 2332 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:55:28.0742 2332 mouhid - ok
09:55:28.0782 2332 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
09:55:28.0812 2332 mountmgr - ok
09:55:28.0847 2332 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
09:55:28.0854 2332 mpio - ok
09:55:28.0884 2332 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:55:28.0914 2332 mpsdrv - ok
09:55:28.0966 2332 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
09:55:29.0016 2332 MRxDAV - ok
09:55:29.0066 2332 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:55:29.0106 2332 mrxsmb - ok
09:55:29.0146 2332 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:55:29.0166 2332 mrxsmb10 - ok
09:55:29.0206 2332 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:55:29.0226 2332 mrxsmb20 - ok
09:55:29.0286 2332 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
09:55:29.0296 2332 msahci - ok
09:55:29.0336 2332 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
09:55:29.0346 2332 msdsm - ok
09:55:29.0396 2332 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:55:29.0426 2332 Msfs - ok
09:55:29.0468 2332 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:55:29.0538 2332 mshidkmdf - ok
09:55:29.0610 2332 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
09:55:29.0630 2332 msisadrv - ok
09:55:29.0732 2332 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:55:29.0772 2332 MSKSSRV - ok
09:55:29.0805 2332 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:55:29.0844 2332 MSPCLOCK - ok
09:55:29.0854 2332 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:55:29.0896 2332 MSPQM - ok
09:55:29.0926 2332 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:55:29.0936 2332 MsRPC - ok
09:55:29.0986 2332 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
09:55:29.0986 2332 mssmbios - ok
09:55:30.0006 2332 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:55:30.0046 2332 MSTEE - ok
09:55:30.0090 2332 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:55:30.0098 2332 MTConfig - ok
09:55:30.0118 2332 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:55:30.0128 2332 Mup - ok
09:55:30.0188 2332 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:55:30.0238 2332 NativeWifiP - ok
09:55:30.0331 2332 NBVol (e240f3204e86b7b6ccf266b2a2ad32b4) C:\Windows\system32\DRIVERS\NBVol.sys
09:55:30.0367 2332 NBVol - ok
09:55:30.0400 2332 NBVolUp (c0cf3cccce3c75f7280c89029ab47866) C:\Windows\system32\DRIVERS\NBVolUp.sys
09:55:30.0410 2332 NBVolUp - ok
09:55:30.0470 2332 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
09:55:30.0490 2332 NDIS - ok
09:55:30.0542 2332 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:55:30.0572 2332 NdisCap - ok
09:55:30.0614 2332 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:55:30.0644 2332 NdisTapi - ok
09:55:30.0706 2332 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
09:55:30.0770 2332 Ndisuio - ok
09:55:30.0798 2332 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
09:55:30.0838 2332 NdisWan - ok
09:55:30.0885 2332 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
09:55:30.0910 2332 NDProxy - ok
09:55:30.0952 2332 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:55:31.0002 2332 NetBIOS - ok
09:55:31.0042 2332 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
09:55:31.0072 2332 NetBT - ok
09:55:31.0257 2332 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
09:55:31.0420 2332 netw5v32 - ok
09:55:31.0546 2332 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:55:31.0566 2332 nfrd960 - ok
09:55:31.0626 2332 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:55:31.0686 2332 Npfs - ok
09:55:31.0728 2332 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:55:31.0768 2332 nsiproxy - ok
09:55:31.0830 2332 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
09:55:31.0870 2332 Ntfs - ok
09:55:31.0907 2332 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:55:31.0952 2332 Null - ok
09:55:31.0993 2332 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
09:55:32.0004 2332 nvraid - ok
09:55:32.0024 2332 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
09:55:32.0042 2332 nvstor - ok
09:55:32.0076 2332 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
09:55:32.0086 2332 nv_agp - ok
09:55:32.0116 2332 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
09:55:32.0146 2332 ohci1394 - ok
09:55:32.0248 2332 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:55:32.0258 2332 Parport - ok
09:55:32.0288 2332 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
09:55:32.0298 2332 partmgr - ok
09:55:32.0331 2332 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:55:32.0368 2332 Parvdm - ok
09:55:32.0439 2332 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
09:55:32.0452 2332 pci - ok
09:55:32.0473 2332 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
09:55:32.0483 2332 pciide - ok
09:55:32.0528 2332 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:55:32.0542 2332 pcmcia - ok
09:55:32.0602 2332 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:55:32.0618 2332 pcw - ok
09:55:32.0655 2332 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:55:32.0710 2332 PEAUTH - ok
09:55:32.0800 2332 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
09:55:32.0815 2332 Point32 - ok
09:55:32.0866 2332 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:55:32.0904 2332 PptpMiniport - ok
09:55:32.0932 2332 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:55:32.0956 2332 Processor - ok
09:55:33.0016 2332 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:55:33.0066 2332 Psched - ok
09:55:33.0128 2332 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:55:33.0158 2332 ql2300 - ok
09:55:33.0190 2332 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:55:33.0200 2332 ql40xx - ok
09:55:33.0230 2332 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:55:33.0250 2332 QWAVEdrv - ok
09:55:33.0280 2332 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:55:33.0330 2332 RasAcd - ok
09:55:33.0382 2332 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:55:33.0412 2332 RasAgileVpn - ok
09:55:33.0456 2332 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:55:33.0494 2332 Rasl2tp - ok
09:55:33.0546 2332 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:55:33.0596 2332 RasPppoe - ok
09:55:33.0638 2332 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:55:33.0688 2332 RasSstp - ok
09:55:33.0730 2332 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
09:55:33.0780 2332 rdbss - ok
09:55:33.0822 2332 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:55:33.0842 2332 rdpbus - ok
09:55:33.0882 2332 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:55:33.0922 2332 RDPCDD - ok
09:55:33.0968 2332 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:55:33.0994 2332 RDPENCDD - ok
09:55:34.0036 2332 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:55:34.0076 2332 RDPREFMP - ok
09:55:34.0127 2332 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
09:55:34.0168 2332 RDPWD - ok
09:55:34.0240 2332 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
09:55:34.0270 2332 rdyboost - ok
09:55:34.0332 2332 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
09:55:34.0342 2332 RFCOMM - ok
09:55:34.0422 2332 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:55:34.0452 2332 rspndr - ok
09:55:34.0504 2332 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys
09:55:34.0554 2332 RTL8167 - ok
09:55:34.0611 2332 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
09:55:34.0616 2332 sbp2port - ok
09:55:34.0666 2332 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
09:55:34.0716 2332 scfilter - ok
09:55:34.0778 2332 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
09:55:34.0808 2332 sdbus - ok
09:55:34.0858 2332 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:55:34.0898 2332 secdrv - ok
09:55:34.0960 2332 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:55:34.0990 2332 Serenum - ok
09:55:35.0020 2332 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:55:35.0254 2332 Serial - ok
09:55:35.0292 2332 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:55:35.0537 2332 sermouse - ok
09:55:35.0591 2332 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
09:55:35.0865 2332 sffdisk - ok
09:55:35.0887 2332 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
09:55:36.0042 2332 sffp_mmc - ok
09:55:36.0072 2332 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
09:55:36.0242 2332 sffp_sd - ok
09:55:36.0276 2332 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:55:36.0306 2332 sfloppy - ok
09:55:36.0372 2332 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
09:55:36.0382 2332 sisagp - ok
09:55:36.0418 2332 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:55:36.0428 2332 SiSRaid2 - ok
09:55:36.0448 2332 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:55:36.0458 2332 SiSRaid4 - ok
09:55:36.0501 2332 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:55:36.0740 2332 Smb - ok
09:55:36.0780 2332 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:55:36.0790 2332 spldr - ok
09:55:36.0850 2332 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
09:55:36.0902 2332 srv - ok
09:55:36.0942 2332 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
09:55:36.0962 2332 srv2 - ok
09:55:36.0999 2332 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
09:55:37.0034 2332 SrvHsfHDA - ok
09:55:37.0074 2332 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
09:55:37.0134 2332 SrvHsfV92 - ok
09:55:37.0174 2332 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
09:55:37.0204 2332 SrvHsfWinac - ok
09:55:37.0242 2332 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
09:55:37.0378 2332 srvnet - ok
09:55:37.0458 2332 ssudmdm (8f299012ef58246f1c98de7b7e48dbf0) C:\Windows\system32\DRIVERS\ssudmdm.sys
09:55:37.0478 2332 ssudmdm - ok
09:55:37.0520 2332 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:55:37.0530 2332 stexstor - ok
09:55:37.0580 2332 STHDA (dadb74bf26766757dbba9c5912969ebf) C:\Windows\system32\DRIVERS\stwrt.sys
09:55:37.0610 2332 STHDA - ok
09:55:37.0659 2332 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
09:55:37.0667 2332 swenum - ok
09:55:37.0782 2332 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
09:55:37.0812 2332 Tcpip - ok
09:55:37.0996 2332 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
09:55:38.0026 2332 TCPIP6 - ok
09:55:38.0145 2332 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
09:55:38.0185 2332 tcpipreg - ok
09:55:38.0228 2332 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
09:55:38.0270 2332 TDPIPE - ok
09:55:38.0290 2332 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
09:55:38.0330 2332 TDTCP - ok
09:55:38.0382 2332 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
09:55:38.0422 2332 tdx - ok
09:55:38.0470 2332 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
09:55:38.0474 2332 TermDD - ok
09:55:38.0556 2332 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:55:38.0586 2332 tssecsrv - ok
09:55:38.0628 2332 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
09:55:38.0668 2332 TsUsbFlt - ok
09:55:38.0739 2332 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
09:55:38.0799 2332 tunnel - ok
09:55:38.0839 2332 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:55:38.0841 2332 uagp35 - ok
09:55:38.0891 2332 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
09:55:38.0941 2332 udfs - ok
09:55:39.0003 2332 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
09:55:39.0014 2332 uliagpkx - ok
09:55:39.0053 2332 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
09:55:39.0283 2332 umbus - ok
09:55:39.0309 2332 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:55:39.0565 2332 UmPass - ok
09:55:39.0626 2332 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
09:55:39.0668 2332 USBAAPL - ok
09:55:39.0708 2332 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
09:55:39.0728 2332 usbccgp - ok
09:55:39.0778 2332 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
09:55:39.0788 2332 usbcir - ok
09:55:39.0818 2332 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
09:55:39.0848 2332 usbehci - ok
09:55:39.0918 2332 usbfilter (0150b06d3e73f6c27afcb963fd931820) C:\Windows\system32\DRIVERS\usbfilter.sys
09:55:39.0952 2332 usbfilter - ok
09:55:39.0990 2332 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
09:55:40.0020 2332 usbhub - ok
09:55:40.0070 2332 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
09:55:40.0100 2332 usbohci - ok
09:55:40.0150 2332 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:55:40.0170 2332 usbprint - ok
09:55:40.0230 2332 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
09:55:40.0242 2332 usbscan - ok
09:55:40.0282 2332 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:55:40.0322 2332 USBSTOR - ok
09:55:40.0362 2332 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
09:55:40.0372 2332 usbuhci - ok
09:55:40.0412 2332 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
09:55:40.0452 2332 usbvideo - ok
09:55:40.0504 2332 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
09:55:40.0514 2332 vdrvroot - ok
09:55:40.0544 2332 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:55:40.0586 2332 vga - ok
09:55:40.0626 2332 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:55:40.0648 2332 VgaSave - ok
09:55:40.0683 2332 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
09:55:40.0695 2332 vhdmp - ok
09:55:40.0726 2332 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
09:55:40.0736 2332 viaagp - ok
09:55:40.0762 2332 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:55:40.0790 2332 ViaC7 - ok
09:55:40.0837 2332 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
09:55:40.0846 2332 viaide - ok
09:55:40.0873 2332 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
09:55:40.0882 2332 volmgr - ok
09:55:40.0912 2332 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:55:40.0929 2332 volmgrx - ok
09:55:40.0976 2332 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
09:55:40.0990 2332 volsnap - ok
09:55:41.0034 2332 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:55:41.0044 2332 vsmraid - ok
09:55:41.0083 2332 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
09:55:41.0116 2332 vwifibus - ok
09:55:41.0146 2332 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
09:55:41.0186 2332 vwififlt - ok
09:55:41.0227 2332 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:55:41.0268 2332 WacomPen - ok
09:55:41.0328 2332 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:55:41.0368 2332 WANARP - ok
09:55:41.0378 2332 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:55:41.0418 2332 Wanarpv6 - ok
09:55:41.0492 2332 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:55:41.0502 2332 Wd - ok
09:55:41.0533 2332 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:55:41.0542 2332 Wdf01000 - ok
09:55:41.0624 2332 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:55:41.0644 2332 WfpLwf - ok
09:55:41.0664 2332 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:55:41.0681 2332 WIMMount - ok
09:55:41.0776 2332 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
09:55:41.0796 2332 WinUsb - ok
09:55:41.0837 2332 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
09:55:41.0858 2332 WmiAcpi - ok
09:55:41.0921 2332 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:55:41.0960 2332 ws2ifsl - ok
09:55:42.0032 2332 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
09:55:42.0062 2332 WudfPf - ok
09:55:42.0114 2332 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:55:42.0164 2332 WUDFRd - ok
09:55:42.0246 2332 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
09:55:42.0266 2332 yukonw7 - ok
09:55:42.0311 2332 MBR (0x1B8) (87b60ba824650a5a22043915b40a338e) \Device\Harddisk0\DR0
09:55:42.0338 2332 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
09:55:42.0338 2332 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
09:55:42.0408 2332 Boot (0x1200) (ab9c3f458846aa4505070124e9456fc2) \Device\Harddisk0\DR0\Partition0
09:55:42.0408 2332 \Device\Harddisk0\DR0\Partition0 - ok
09:55:42.0418 2332 Boot (0x1200) (95e78351fccb63d801d16fcf6567be26) \Device\Harddisk0\DR0\Partition1
09:55:42.0418 2332 \Device\Harddisk0\DR0\Partition1 - ok
09:55:42.0461 2332 Boot (0x1200) (7b080ef081319fc5937d01f29cf41bff) \Device\Harddisk0\DR0\Partition2
09:55:42.0462 2332 \Device\Harddisk0\DR0\Partition2 - ok
09:55:42.0470 2332 Boot (0x1200) (91b00e461e6114437d77a1c5480e260e) \Device\Harddisk0\DR0\Partition3
09:55:42.0480 2332 \Device\Harddisk0\DR0\Partition3 - ok
09:55:42.0480 2332 ============================================================
09:55:42.0480 2332 Scan finished
09:55:42.0480 2332 ============================================================
09:55:42.0500 3748 Detected object count: 1
09:55:42.0500 3748 Actual detected object count: 1
09:56:25.0785 3748 \Device\Harddisk0\DR0\# - copied to quarantine
09:56:25.0786 3748 \Device\Harddisk0\DR0 - copied to quarantine
09:56:25.0824 3748 \Device\Harddisk0\DR0 - processing error
09:56:41.0825 3748 \Device\Harddisk0\DR0 - will be restored on reboot
09:56:42.0317 3748 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
09:56:45.0269 6128 Deinitialize success

#8 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 20 March 2012 - 06:03 PM

09:56:41.0825 3748 \Device\Harddisk0\DR0 - will be restored on reboot
09:56:42.0317 3748 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore

Can't say I've every seen Cure Restore
Did you select to cure / delete that rootkit?
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 deejay

deejay

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Australia

Posted 20 March 2012 - 06:06 PM

I certainly did, it stated that can not cure, will write standard boot codes or something though.

#10 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 20 March 2012 - 06:09 PM

That's not a good sign.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11 deejay

deejay

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Australia

Posted 20 March 2012 - 06:14 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-21 10:11:47
-----------------------------
10:11:47.625 OS Version: Windows 6.1.7601 Service Pack 1
10:11:47.625 Number of processors: 1 586 0x602
10:11:47.629 ComputerName: MATTHEW-PC UserName: Matthew
10:12:07.067 Initialize success
10:12:21.779 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:12:21.779 Disk 0 Vendor: SAMSUNG_HM321HI 2AJ10003 Size: 305245MB BusType: 11
10:12:21.795 Disk 0 MBR read successfully
10:12:21.795 Disk 0 MBR scan
10:12:21.795 Disk 0 Windows XP default MBR code
10:12:21.811 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
10:12:21.826 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291855 MB offset 409600
10:12:21.857 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13086 MB offset 598128640
10:12:21.873 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
10:12:21.889 Disk 0 scanning sectors +625140400
10:12:21.935 Disk 0 scanning C:\Windows\system32\drivers
10:12:28.144 Service scanning
10:12:49.048 Modules scanning
10:13:00.935 Disk 0 trace - called modules:
10:13:01.279 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys dxgkrnl.sys atikmdag.sys dxgmms1.sys USBPORT.SYS usbohci.sys hidusb.sys HIDCLASS.SYS HIDPARSE.SYS mouhid.sys point32.sys Wdf01000.sys mouclass.sys??
10:13:01.294 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860bc4e8]
10:13:01.294 3 CLASSPNP.SYS[8899d59e] -> nt!IofCallDriver -> [0x852cc918]
10:13:01.310 5 ACPI.sys[833993d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86090030]
10:13:01.310 7 mouhid.sys[9060978b] -> nt!IofCallDriver -> \Device\00000094[0x86f32d08]
10:13:01.325 9 hidusb.sys[907f3391] -> nt!IofCallDriver -> [0x86f41020]
10:13:01.325 11 usbfilter.sys[8f3ddbf0] -> nt!IofCallDriver -> \Device\USBPDO-7[0x86d236a8]
10:13:01.341 13 usbhub.sys[8e59dc88] -> nt!IofCallDriver -> [0x86b894e0]
10:13:01.357 15 usbfilter.sys[8f3ddbf0] -> nt!IofCallDriver -> \Device\USBPDO-0[0x86b8b028]
10:13:01.357 17 mouhid.sys[9060978b] -> nt!IofCallDriver -> \Device\00000094[0x86f32d08]
10:13:01.372 19 hidusb.sys[907f3391] -> nt!IofCallDriver -> [0x86f41020]
10:13:01.372 21 usbfilter.sys[8f3ddbf0] -> nt!IofCallDriver -> \Device\USBPDO-7[0x86d236a8]
10:13:01.388 23 usbhub.sys[8e59dc88] -> nt!IofCallDriver -> [0x86b894e0]
10:13:01.403 25 usbfilter.sys[8f3ddbf0] -> nt!IofCallDriver -> \Device\USBPDO-0[0x86b8b028]
10:13:01.403 27 mouhid.sys[9060978b] -> nt!IofCallDriver -> \Device\00000094[0x86f32d08]
10:13:01.419 29 hidusb.sys[907f3391] -> nt!IofCallDriver -> [0x86f41020]
10:13:01.419 31 usbfilter.sys[8f3ddbf0] -> nt!IofCallDriver -> \Device\USBPDO-7[0x86d236a8]
10:13:01.435 33 usbhub.sys[8e59dc88] -> nt!IofCallDriver -> [0x86b894e0]
10:13:01.450 35 usbfilter.sys[8f3ddbf0] -> nt!IofCallDriver -> \Device\USBPDO-0[0x86b8b028]
10:13:01.450 37 mouhid.sys[9060978b] -> nt!IofCallDriver -> \Device\00000094[0x86f32d08]
10:13:01.466 39 hidusb.sys[907f3391] -> nt!IofCallDriver -> [0x86f41020]
10:13:01.481 41 usbfilter.sys[8f3ddbf0] -> nt!IofCallDriver -> \Device\USBPDO-7[0x86d236a8]
10:13:01.481 43 usbhub.sys[8e59dc88] -> nt!IofCallDriver -> [0x86b894e0]
10:13:01.497 45 usbfilter.sys[8f3ddbf0] -> nt!IofCallDriver -> \Device\USBPDO-0[0x86b8b028]
10:13:01.513 Scan finished successfully
10:13:36.507 Disk 0 MBR has been saved successfully to "C:\Users\Matthew\Desktop\MBR.dat"
10:13:36.522 The log file has been saved successfully to "C:\Users\Matthew\Desktop\aswMBR.txt"

#12 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 20 March 2012 - 06:17 PM

That one looks OK.

Run a new TDSSKIller scan
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#13 deejay

deejay

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Australia

Posted 20 March 2012 - 06:20 PM

10:19:19.0063 2616 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
10:19:20.0051 2616 ============================================================
10:19:20.0051 2616 Current date / time: 2012/03/21 10:19:20.0051
10:19:20.0051 2616 SystemInfo:
10:19:20.0051 2616
10:19:20.0051 2616 OS Version: 6.1.7601 ServicePack: 1.0
10:19:20.0051 2616 Product type: Workstation
10:19:20.0051 2616 ComputerName: MATTHEW-PC
10:19:20.0052 2616 UserName: Matthew
10:19:20.0052 2616 Windows directory: C:\Windows
10:19:20.0052 2616 System windows directory: C:\Windows
10:19:20.0052 2616 Processor architecture: Intel x86
10:19:20.0052 2616 Number of processors: 1
10:19:20.0052 2616 Page size: 0x1000
10:19:20.0052 2616 Boot type: Normal boot
10:19:20.0052 2616 ============================================================
10:19:21.0097 2616 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:19:21.0098 2616 \Device\Harddisk0\DR0:
10:19:21.0099 2616 MBR used
10:19:21.0099 2616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
10:19:21.0099 2616 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23A07800
10:19:21.0099 2616 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23A6B800, BlocksNum 0x198F000
10:19:21.0099 2616 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
10:19:21.0222 2616 Initialize success
10:19:21.0222 2616 ============================================================
10:19:27.0691 3800 ============================================================
10:19:27.0691 3800 Scan started
10:19:27.0691 3800 Mode: Manual; SigCheck; TDLFS;
10:19:27.0691 3800 ============================================================
10:19:28.0376 3800 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:19:28.0462 3800 1394ohci - ok
10:19:28.0584 3800 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
10:19:28.0619 3800 a2acc - ok
10:19:28.0706 3800 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
10:19:28.0714 3800 A2DDA - ok
10:19:28.0737 3800 a2injectiondriver (23aac49133765eeaa86a65452d21ef1c) C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
10:19:28.0745 3800 a2injectiondriver - ok
10:19:28.0779 3800 a2util (2da26eb05b5495d3b2ee36456c239fb7) C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
10:19:28.0787 3800 a2util - ok
10:19:28.0907 3800 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:19:28.0936 3800 ACPI - ok
10:19:28.0981 3800 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:19:29.0084 3800 AcpiPmi - ok
10:19:29.0274 3800 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:19:29.0302 3800 adp94xx - ok
10:19:29.0332 3800 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:19:29.0347 3800 adpahci - ok
10:19:29.0384 3800 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:19:29.0396 3800 adpu320 - ok
10:19:29.0480 3800 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
10:19:29.0553 3800 AFD - ok
10:19:29.0637 3800 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\Windows\system32\DRIVERS\AGRSM.sys
10:19:29.0693 3800 AgereSoftModem - ok
10:19:29.0839 3800 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:19:29.0863 3800 agp440 - ok
10:19:29.0903 3800 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:19:29.0913 3800 aic78xx - ok
10:19:29.0964 3800 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:19:29.0972 3800 aliide - ok
10:19:30.0006 3800 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:19:30.0016 3800 amdagp - ok
10:19:30.0046 3800 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:19:30.0055 3800 amdide - ok
10:19:30.0098 3800 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:19:30.0182 3800 AmdK8 - ok
10:19:30.0228 3800 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:19:30.0259 3800 AmdPPM - ok
10:19:30.0328 3800 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
10:19:30.0339 3800 amdsata - ok
10:19:30.0382 3800 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:19:30.0394 3800 amdsbs - ok
10:19:30.0421 3800 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
10:19:30.0430 3800 amdxata - ok
10:19:30.0493 3800 ApfiltrService (7df70a08b56cbbc874744d9b0b396272) C:\Windows\system32\DRIVERS\Apfiltr.sys
10:19:30.0519 3800 ApfiltrService - ok
10:19:30.0568 3800 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:19:30.0593 3800 AppID - ok
10:19:30.0659 3800 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:19:30.0669 3800 arc - ok
10:19:30.0698 3800 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:19:30.0708 3800 arcsas - ok
10:19:30.0764 3800 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:19:30.0812 3800 AsyncMac - ok
10:19:30.0860 3800 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:19:30.0869 3800 atapi - ok
10:19:30.0921 3800 athr (6a661d017c4e5cd313f6a55acf1d7465) C:\Windows\system32\DRIVERS\athr.sys
10:19:30.0995 3800 athr - ok
10:19:31.0201 3800 AtiHdmiService (e2398389648b5d44dc63ca43fdd5b3f8) C:\Windows\system32\drivers\AtiHdmi.sys
10:19:31.0217 3800 AtiHdmiService - ok
10:19:31.0376 3800 atikmdag (bcb9cf3b087dd15a8f33a149296e6183) C:\Windows\system32\DRIVERS\atikmdag.sys
10:19:31.0575 3800 atikmdag - ok
10:19:31.0738 3800 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
10:19:31.0756 3800 AtiPcie - ok
10:19:31.0903 3800 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:19:31.0945 3800 b06bdrv - ok
10:19:32.0002 3800 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:19:32.0021 3800 b57nd60x - ok
10:19:32.0122 3800 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:19:32.0210 3800 Beep - ok
10:19:32.0269 3800 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:19:32.0323 3800 blbdrive - ok
10:19:32.0605 3800 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:19:32.0638 3800 bowser - ok
10:19:32.0661 3800 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:19:32.0753 3800 BrFiltLo - ok
10:19:32.0787 3800 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:19:32.0816 3800 BrFiltUp - ok
10:19:32.0902 3800 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
10:19:32.0966 3800 BridgeMP - ok
10:19:33.0004 3800 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:19:33.0034 3800 Brserid - ok
10:19:33.0050 3800 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:19:33.0065 3800 BrSerWdm - ok
10:19:33.0092 3800 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:19:33.0117 3800 BrUsbMdm - ok
10:19:33.0148 3800 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:19:33.0161 3800 BrUsbSer - ok
10:19:33.0219 3800 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
10:19:33.0277 3800 BthEnum - ok
10:19:33.0315 3800 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:19:33.0347 3800 BTHMODEM - ok
10:19:33.0392 3800 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
10:19:33.0408 3800 BthPan - ok
10:19:33.0516 3800 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
10:19:33.0557 3800 BTHPORT - ok
10:19:33.0638 3800 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
10:19:33.0672 3800 BTHUSB - ok
10:19:33.0901 3800 catchme - ok
10:19:34.0052 3800 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:19:34.0137 3800 cdfs - ok
10:19:34.0190 3800 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
10:19:34.0215 3800 cdrom - ok
10:19:34.0282 3800 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:19:34.0309 3800 circlass - ok
10:19:34.0346 3800 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:19:34.0363 3800 CLFS - ok
10:19:34.0444 3800 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:19:34.0466 3800 CmBatt - ok
10:19:34.0505 3800 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:19:34.0514 3800 cmdide - ok
10:19:34.0594 3800 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
10:19:34.0639 3800 CNG - ok
10:19:34.0708 3800 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:19:34.0717 3800 Compbatt - ok
10:19:34.0811 3800 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
10:19:34.0864 3800 CompositeBus - ok
10:19:34.0915 3800 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:19:34.0924 3800 crcdisk - ok
10:19:34.0998 3800 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:19:35.0042 3800 DfsC - ok
10:19:35.0133 3800 dg_ssudbus (919f338fd36f47d860775368d0748780) C:\Windows\system32\DRIVERS\ssudbus.sys
10:19:35.0157 3800 dg_ssudbus - ok
10:19:35.0211 3800 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:19:35.0274 3800 discache - ok
10:19:35.0386 3800 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:19:35.0411 3800 Disk - ok
10:19:35.0462 3800 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:19:35.0496 3800 drmkaud - ok
10:19:35.0555 3800 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:19:35.0579 3800 DXGKrnl - ok
10:19:35.0716 3800 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:19:35.0795 3800 ebdrv - ok
10:19:35.0966 3800 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:19:35.0993 3800 elxstor - ok
10:19:36.0030 3800 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:19:36.0053 3800 ErrDev - ok
10:19:36.0099 3800 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:19:36.0127 3800 exfat - ok
10:19:36.0151 3800 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:19:36.0198 3800 fastfat - ok
10:19:36.0255 3800 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:19:36.0267 3800 fdc - ok
10:19:36.0305 3800 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:19:36.0315 3800 FileInfo - ok
10:19:36.0336 3800 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:19:36.0416 3800 Filetrace - ok
10:19:36.0442 3800 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:19:36.0466 3800 flpydisk - ok
10:19:36.0498 3800 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:19:36.0511 3800 FltMgr - ok
10:19:36.0564 3800 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:19:36.0573 3800 FsDepends - ok
10:19:36.0592 3800 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
10:19:36.0602 3800 Fs_Rec - ok
10:19:36.0654 3800 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:19:36.0669 3800 fvevol - ok
10:19:36.0709 3800 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:19:36.0719 3800 gagp30kx - ok
10:19:36.0752 3800 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:19:36.0779 3800 hcw85cir - ok
10:19:36.0865 3800 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
10:19:36.0899 3800 HdAudAddService - ok
10:19:36.0934 3800 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
10:19:36.0968 3800 HDAudBus - ok
10:19:37.0027 3800 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:19:37.0082 3800 HidBatt - ok
10:19:37.0123 3800 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:19:37.0151 3800 HidBth - ok
10:19:37.0194 3800 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:19:37.0263 3800 HidIr - ok
10:19:37.0366 3800 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
10:19:37.0422 3800 HidUsb - ok
10:19:37.0562 3800 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
10:19:37.0590 3800 HpqKbFiltr - ok
10:19:37.0641 3800 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:19:37.0652 3800 HpSAMD - ok
10:19:37.0711 3800 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys
10:19:37.0756 3800 HTCAND32 - ok
10:19:37.0846 3800 htcnprot (339adefad60353f960e3ca67ce468c24) C:\Windows\system32\DRIVERS\htcnprot.sys
10:19:37.0879 3800 htcnprot - ok
10:19:37.0930 3800 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:19:37.0994 3800 HTTP - ok
10:19:38.0032 3800 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:19:38.0042 3800 hwpolicy - ok
10:19:38.0102 3800 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
10:19:38.0128 3800 i8042prt - ok
10:19:38.0196 3800 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
10:19:38.0211 3800 iaStorV - ok
10:19:38.0398 3800 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:19:38.0548 3800 igfx - ok
10:19:38.0690 3800 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:19:38.0714 3800 iirsp - ok
10:19:38.0753 3800 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:19:38.0762 3800 intelide - ok
10:19:38.0797 3800 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:19:38.0821 3800 intelppm - ok
10:19:38.0864 3800 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:19:38.0902 3800 IpFilterDriver - ok
10:19:38.0940 3800 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:19:38.0965 3800 IPMIDRV - ok
10:19:38.0991 3800 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:19:39.0031 3800 IPNAT - ok
10:19:39.0072 3800 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:19:39.0110 3800 IRENUM - ok
10:19:39.0173 3800 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:19:39.0195 3800 isapnp - ok
10:19:39.0223 3800 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:19:39.0238 3800 iScsiPrt - ok
10:19:39.0281 3800 JMCR (8c17deb1995e593853373c30485e7368) C:\Windows\system32\DRIVERS\jmcr.sys
10:19:39.0299 3800 JMCR - ok
10:19:39.0332 3800 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
10:19:39.0342 3800 kbdclass - ok
10:19:39.0387 3800 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
10:19:39.0399 3800 kbdhid - ok
10:19:39.0449 3800 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
10:19:39.0460 3800 KSecDD - ok
10:19:39.0488 3800 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
10:19:39.0500 3800 KSecPkg - ok
10:19:39.0622 3800 Lavasoft Kernexplorer - ok
10:19:39.0807 3800 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:19:39.0870 3800 lltdio - ok
10:19:39.0922 3800 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:19:39.0933 3800 LSI_FC - ok
10:19:39.0953 3800 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:19:39.0965 3800 LSI_SAS - ok
10:19:40.0006 3800 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:19:40.0015 3800 LSI_SAS2 - ok
10:19:40.0047 3800 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:19:40.0058 3800 LSI_SCSI - ok
10:19:40.0101 3800 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:19:40.0167 3800 luafv - ok
10:19:40.0181 3800 MBAMProtector - ok
10:19:40.0267 3800 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:19:40.0276 3800 megasas - ok
10:19:40.0306 3800 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:19:40.0320 3800 MegaSR - ok
10:19:40.0386 3800 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:19:40.0427 3800 Modem - ok
10:19:40.0470 3800 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:19:40.0537 3800 monitor - ok
10:19:40.0605 3800 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
10:19:40.0629 3800 mouclass - ok
10:19:40.0672 3800 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:19:40.0697 3800 mouhid - ok
10:19:40.0732 3800 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:19:40.0742 3800 mountmgr - ok
10:19:40.0779 3800 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:19:40.0791 3800 mpio - ok
10:19:40.0819 3800 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:19:40.0865 3800 mpsdrv - ok
10:19:40.0905 3800 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:19:40.0934 3800 MRxDAV - ok
10:19:41.0006 3800 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:19:41.0058 3800 mrxsmb - ok
10:19:41.0094 3800 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:19:41.0109 3800 mrxsmb10 - ok
10:19:41.0132 3800 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:19:41.0145 3800 mrxsmb20 - ok
10:19:41.0183 3800 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:19:41.0193 3800 msahci - ok
10:19:41.0227 3800 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:19:41.0238 3800 msdsm - ok
10:19:41.0309 3800 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:19:41.0336 3800 Msfs - ok
10:19:41.0357 3800 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:19:41.0398 3800 mshidkmdf - ok
10:19:41.0446 3800 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:19:41.0455 3800 msisadrv - ok
10:19:41.0498 3800 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:19:41.0544 3800 MSKSSRV - ok
10:19:41.0571 3800 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:19:41.0661 3800 MSPCLOCK - ok
10:19:41.0680 3800 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:19:41.0717 3800 MSPQM - ok
10:19:41.0747 3800 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:19:41.0760 3800 MsRPC - ok
10:19:41.0785 3800 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
10:19:41.0795 3800 mssmbios - ok
10:19:41.0825 3800 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:19:41.0904 3800 MSTEE - ok
10:19:41.0934 3800 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:19:41.0977 3800 MTConfig - ok
10:19:42.0049 3800 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:19:42.0071 3800 Mup - ok
10:19:42.0128 3800 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:19:42.0159 3800 NativeWifiP - ok
10:19:42.0253 3800 NBVol (e240f3204e86b7b6ccf266b2a2ad32b4) C:\Windows\system32\DRIVERS\NBVol.sys
10:19:42.0274 3800 NBVol - ok
10:19:42.0319 3800 NBVolUp (c0cf3cccce3c75f7280c89029ab47866) C:\Windows\system32\DRIVERS\NBVolUp.sys
10:19:42.0326 3800 NBVolUp - ok
10:19:42.0383 3800 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
10:19:42.0406 3800 NDIS - ok
10:19:42.0458 3800 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:19:42.0485 3800 NdisCap - ok
10:19:42.0526 3800 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:19:42.0562 3800 NdisTapi - ok
10:19:42.0624 3800 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:19:42.0649 3800 Ndisuio - ok
10:19:42.0696 3800 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:19:42.0732 3800 NdisWan - ok
10:19:42.0773 3800 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:19:42.0798 3800 NDProxy - ok
10:19:42.0848 3800 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:19:42.0893 3800 NetBIOS - ok
10:19:42.0934 3800 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
10:19:42.0966 3800 NetBT - ok
10:19:43.0158 3800 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
10:19:43.0295 3800 netw5v32 - ok
10:19:43.0427 3800 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:19:43.0451 3800 nfrd960 - ok
10:19:43.0495 3800 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:19:43.0539 3800 Npfs - ok
10:19:43.0577 3800 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:19:43.0617 3800 nsiproxy - ok
10:19:43.0682 3800 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
10:19:43.0716 3800 Ntfs - ok
10:19:43.0751 3800 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:19:43.0796 3800 Null - ok
10:19:43.0836 3800 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
10:19:43.0847 3800 nvraid - ok
10:19:43.0873 3800 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
10:19:43.0886 3800 nvstor - ok
10:19:43.0908 3800 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:19:43.0920 3800 nv_agp - ok
10:19:43.0942 3800 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:19:43.0975 3800 ohci1394 - ok
10:19:44.0059 3800 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:19:44.0086 3800 Parport - ok
10:19:44.0138 3800 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
10:19:44.0148 3800 partmgr - ok
10:19:44.0174 3800 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:19:44.0201 3800 Parvdm - ok
10:19:44.0272 3800 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:19:44.0284 3800 pci - ok
10:19:44.0305 3800 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:19:44.0314 3800 pciide - ok
10:19:44.0372 3800 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:19:44.0384 3800 pcmcia - ok
10:19:44.0462 3800 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:19:44.0472 3800 pcw - ok
10:19:44.0510 3800 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:19:44.0565 3800 PEAUTH - ok
10:19:44.0644 3800 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
10:19:44.0652 3800 Point32 - ok
10:19:44.0699 3800 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:19:44.0740 3800 PptpMiniport - ok
10:19:44.0776 3800 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:19:44.0802 3800 Processor - ok
10:19:44.0910 3800 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:19:44.0962 3800 Psched - ok
10:19:45.0040 3800 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:19:45.0079 3800 ql2300 - ok
10:19:45.0100 3800 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:19:45.0111 3800 ql40xx - ok
10:19:45.0136 3800 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:19:45.0150 3800 QWAVEdrv - ok
10:19:45.0174 3800 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:19:45.0219 3800 RasAcd - ok
10:19:45.0282 3800 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:19:45.0350 3800 RasAgileVpn - ok
10:19:45.0388 3800 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:19:45.0433 3800 Rasl2tp - ok
10:19:45.0484 3800 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:19:45.0529 3800 RasPppoe - ok
10:19:45.0575 3800 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:19:45.0620 3800 RasSstp - ok
10:19:45.0666 3800 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:19:45.0715 3800 rdbss - ok
10:19:45.0763 3800 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:19:45.0794 3800 rdpbus - ok
10:19:45.0840 3800 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:19:45.0880 3800 RDPCDD - ok
10:19:45.0923 3800 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:19:45.0957 3800 RDPENCDD - ok
10:19:45.0991 3800 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:19:46.0027 3800 RDPREFMP - ok
10:19:46.0071 3800 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
10:19:46.0108 3800 RDPWD - ok
10:19:46.0179 3800 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:19:46.0210 3800 rdyboost - ok
10:19:46.0265 3800 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
10:19:46.0281 3800 RFCOMM - ok
10:19:46.0344 3800 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:19:46.0382 3800 rspndr - ok
10:19:46.0431 3800 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys
10:19:46.0459 3800 RTL8167 - ok
10:19:46.0510 3800 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:19:46.0521 3800 sbp2port - ok
10:19:46.0562 3800 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:19:46.0605 3800 scfilter - ok
10:19:46.0669 3800 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
10:19:46.0697 3800 sdbus - ok
10:19:46.0740 3800 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:19:46.0783 3800 secdrv - ok
10:19:46.0848 3800 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:19:46.0893 3800 Serenum - ok
10:19:46.0934 3800 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:19:46.0962 3800 Serial - ok
10:19:47.0003 3800 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:19:47.0019 3800 sermouse - ok
10:19:47.0069 3800 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:19:47.0093 3800 sffdisk - ok
10:19:47.0120 3800 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:19:47.0145 3800 sffp_mmc - ok
10:19:47.0176 3800 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:19:47.0201 3800 sffp_sd - ok
10:19:47.0241 3800 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:19:47.0282 3800 sfloppy - ok
10:19:47.0350 3800 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:19:47.0360 3800 sisagp - ok
10:19:47.0401 3800 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:19:47.0411 3800 SiSRaid2 - ok
10:19:47.0435 3800 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:19:47.0446 3800 SiSRaid4 - ok
10:19:47.0479 3800 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:19:47.0508 3800 Smb - ok
10:19:47.0543 3800 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:19:47.0552 3800 spldr - ok
10:19:47.0617 3800 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:19:47.0656 3800 srv - ok
10:19:47.0688 3800 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:19:47.0705 3800 srv2 - ok
10:19:47.0745 3800 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
10:19:47.0780 3800 SrvHsfHDA - ok
10:19:47.0847 3800 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
10:19:47.0884 3800 SrvHsfV92 - ok
10:19:47.0915 3800 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
10:19:47.0938 3800 SrvHsfWinac - ok
10:19:47.0976 3800 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:19:48.0009 3800 srvnet - ok
10:19:48.0087 3800 ssudmdm (8f299012ef58246f1c98de7b7e48dbf0) C:\Windows\system32\DRIVERS\ssudmdm.sys
10:19:48.0099 3800 ssudmdm - ok
10:19:48.0144 3800 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:19:48.0153 3800 stexstor - ok
10:19:48.0222 3800 STHDA (dadb74bf26766757dbba9c5912969ebf) C:\Windows\system32\DRIVERS\stwrt.sys
10:19:48.0270 3800 STHDA - ok
10:19:48.0315 3800 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
10:19:48.0324 3800 swenum - ok
10:19:48.0429 3800 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
10:19:48.0465 3800 Tcpip - ok
10:19:48.0643 3800 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
10:19:48.0674 3800 TCPIP6 - ok
10:19:48.0802 3800 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:19:48.0865 3800 tcpipreg - ok
10:19:48.0918 3800 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:19:48.0949 3800 TDPIPE - ok
10:19:48.0978 3800 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
10:19:49.0018 3800 TDTCP - ok
10:19:49.0063 3800 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:19:49.0105 3800 tdx - ok
10:19:49.0149 3800 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
10:19:49.0159 3800 TermDD - ok
10:19:49.0229 3800 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:19:49.0253 3800 tssecsrv - ok
10:19:49.0305 3800 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:19:49.0333 3800 TsUsbFlt - ok
10:19:49.0401 3800 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:19:49.0438 3800 tunnel - ok
10:19:49.0473 3800 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:19:49.0483 3800 uagp35 - ok
10:19:49.0531 3800 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:19:49.0577 3800 udfs - ok
10:19:49.0645 3800 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:19:49.0666 3800 uliagpkx - ok
10:19:49.0699 3800 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
10:19:49.0711 3800 umbus - ok
10:19:49.0743 3800 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:19:49.0771 3800 UmPass - ok
10:19:49.0827 3800 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
10:19:49.0854 3800 USBAAPL - ok
10:19:49.0891 3800 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
10:19:49.0927 3800 usbccgp - ok
10:19:49.0994 3800 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:19:50.0026 3800 usbcir - ok
10:19:50.0055 3800 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
10:19:50.0086 3800 usbehci - ok
10:19:50.0161 3800 usbfilter (0150b06d3e73f6c27afcb963fd931820) C:\Windows\system32\DRIVERS\usbfilter.sys
10:19:50.0176 3800 usbfilter - ok
10:19:50.0207 3800 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
10:19:50.0223 3800 usbhub - ok
10:19:50.0249 3800 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
10:19:50.0282 3800 usbohci - ok
10:19:50.0329 3800 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:19:50.0343 3800 usbprint - ok
10:19:50.0386 3800 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
10:19:50.0400 3800 usbscan - ok
10:19:50.0441 3800 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:19:50.0473 3800 USBSTOR - ok
10:19:50.0512 3800 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
10:19:50.0524 3800 usbuhci - ok
10:19:50.0567 3800 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
10:19:50.0583 3800 usbvideo - ok
10:19:50.0620 3800 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:19:50.0630 3800 vdrvroot - ok
10:19:50.0664 3800 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:19:50.0694 3800 vga - ok
10:19:50.0728 3800 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:19:50.0754 3800 VgaSave - ok
10:19:50.0784 3800 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:19:50.0796 3800 vhdmp - ok
10:19:50.0827 3800 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:19:50.0838 3800 viaagp - ok
10:19:50.0863 3800 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:19:50.0896 3800 ViaC7 - ok
10:19:50.0938 3800 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:19:50.0947 3800 viaide - ok
10:19:50.0974 3800 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:19:50.0985 3800 volmgr - ok
10:19:51.0015 3800 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:19:51.0030 3800 volmgrx - ok
10:19:51.0077 3800 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:19:51.0091 3800 volsnap - ok
10:19:51.0139 3800 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:19:51.0151 3800 vsmraid - ok
10:19:51.0184 3800 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
10:19:51.0210 3800 vwifibus - ok
10:19:51.0241 3800 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
10:19:51.0270 3800 vwififlt - ok
10:19:51.0307 3800 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:19:51.0332 3800 WacomPen - ok
10:19:51.0395 3800 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:19:51.0458 3800 WANARP - ok
10:19:51.0475 3800 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:19:51.0500 3800 Wanarpv6 - ok
10:19:51.0572 3800 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:19:51.0581 3800 Wd - ok
10:19:51.0613 3800 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:19:51.0632 3800 Wdf01000 - ok
10:19:51.0706 3800 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:19:51.0732 3800 WfpLwf - ok
10:19:51.0763 3800 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:19:51.0773 3800 WIMMount - ok
10:19:51.0878 3800 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
10:19:51.0905 3800 WinUsb - ok
10:19:51.0939 3800 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:19:51.0962 3800 WmiAcpi - ok
10:19:52.0012 3800 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:19:52.0056 3800 ws2ifsl - ok
10:19:52.0114 3800 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:19:52.0150 3800 WudfPf - ok
10:19:52.0210 3800 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:19:52.0284 3800 WUDFRd - ok
10:19:52.0349 3800 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
10:19:52.0366 3800 yukonw7 - ok
10:19:52.0402 3800 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:19:52.0612 3800 \Device\Harddisk0\DR0 - ok
10:19:52.0627 3800 Boot (0x1200) (ab9c3f458846aa4505070124e9456fc2) \Device\Harddisk0\DR0\Partition0
10:19:52.0629 3800 \Device\Harddisk0\DR0\Partition0 - ok
10:19:52.0667 3800 Boot (0x1200) (95e78351fccb63d801d16fcf6567be26) \Device\Harddisk0\DR0\Partition1
10:19:52.0668 3800 \Device\Harddisk0\DR0\Partition1 - ok
10:19:52.0707 3800 Boot (0x1200) (7b080ef081319fc5937d01f29cf41bff) \Device\Harddisk0\DR0\Partition2
10:19:52.0708 3800 \Device\Harddisk0\DR0\Partition2 - ok
10:19:52.0726 3800 Boot (0x1200) (91b00e461e6114437d77a1c5480e260e) \Device\Harddisk0\DR0\Partition3
10:19:52.0726 3800 \Device\Harddisk0\DR0\Partition3 - ok
10:19:52.0730 3800 ============================================================
10:19:52.0730 3800 Scan finished
10:19:52.0730 3800 ============================================================
10:19:52.0747 3724 Detected object count: 0
10:19:52.0747 3724 Actual detected object count: 0
10:20:06.0687 2524 Deinitialize success

#14 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 20 March 2012 - 06:23 PM

looks like TDSS might have fixed it,

Try Combofix now
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#15 deejay

deejay

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Australia

Posted 20 March 2012 - 07:10 PM

ComboFix 12-03-18.04 - Matthew 21/03/2012 10:25:28.3.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1788.1194 [GMT 11:00]
Running from: c:\users\Matthew\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Matthew\AppData\Local\TempDIR
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\avrt.dll
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\mfplat.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))
.
.
2012-03-20 23:57 . 2012-03-20 23:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-20 22:56 . 2012-03-20 22:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-20 09:35 . 2012-03-20 09:35 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D57D94E-CC83-4776-8645-EDD0C8D09E43}\offreg.dll
2012-03-20 09:31 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D57D94E-CC83-4776-8645-EDD0C8D09E43}\mpengine.dll
2012-03-20 04:47 . 2012-03-20 23:57 -------- d-----w- c:\users\Matthew\AppData\Local\temp
2012-03-17 06:01 . 2012-03-17 06:01 -------- d-----w- c:\users\Matthew\AppData\Local\Wizards of the Coast
2012-03-17 06:00 . 2012-03-17 06:00 -------- d-----w- c:\users\Matthew\AppData\Local\IsolatedStorage
2012-03-17 05:56 . 2012-03-17 05:56 -------- d-----w- c:\users\Matthew\AppData\Local\Apps
2012-03-17 05:56 . 2012-03-19 03:26 -------- d-----w- c:\users\Matthew\AppData\Local\Deployment
2012-03-17 04:21 . 2012-03-17 04:21 -------- d-----w- c:\users\Matthew\AppData\Local\CyberLink
2012-03-13 13:53 . 2012-03-13 13:57 -------- d-----w- c:\users\Matthew\AppData\Roaming\Registry Mechanic
2012-03-13 10:54 . 2012-03-13 10:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-12 09:48 . 2012-03-13 13:01 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-03-12 00:11 . 2011-12-12 03:07 512472 ----a-w- c:\windows\system32\msxml.dll
2012-03-12 00:11 . 2011-12-12 03:07 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2012-03-12 00:11 . 2008-04-02 05:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2012-03-12 00:11 . 2008-04-02 05:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2012-03-12 00:11 . 2008-04-02 05:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2012-03-12 00:11 . 2008-09-17 11:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-03-12 00:11 . 2012-03-12 00:11 -------- d-----w- c:\program files\Common Files\PC Tools
2012-03-12 00:11 . 2012-03-12 00:11 -------- d-----w- c:\program files\PC Tools
2012-03-12 00:07 . 2012-03-12 00:07 -------- d-----w- c:\programdata\PC Tools
2012-03-12 00:07 . 2012-03-12 00:07 -------- d-----w- c:\users\Matthew\AppData\Roaming\Product_RM
2012-03-11 11:56 . 2012-03-11 11:55 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-11 11:51 . 2012-03-19 23:39 -------- d-----w- c:\programdata\Lavasoft
2012-03-11 07:59 . 2012-03-11 07:59 -------- d-----w- c:\users\Matthew\AppData\Roaming\Malwarebytes
2012-03-11 07:59 . 2012-03-11 13:31 -------- d-----w- c:\programdata\Malwarebytes
2012-03-11 07:59 . 2012-03-11 12:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-11 06:13 . 2012-03-11 09:35 -------- d-----w- c:\program files\DA2CE
2012-03-11 06:13 . 2012-03-11 09:35 -------- d--h--w- c:\users\Matthew\AppData\Roaming\C4ADA
2012-03-03 09:52 . 2012-03-03 09:53 -------- d--h--w- c:\users\Matthew\AppData\Roaming\Apple Computer
2012-03-03 09:52 . 2012-03-03 09:52 -------- d--h--w- c:\users\Matthew\AppData\Local\Apple Computer
2012-03-03 09:51 . 2012-03-03 09:51 -------- d-----w- c:\program files\iPod
2012-03-03 09:51 . 2012-03-11 10:10 -------- d-----w- c:\program files\iTunes
2012-03-03 09:51 . 2012-03-11 10:09 -------- d-----w- c:\programdata\Apple Computer
2012-03-03 09:51 . 2012-03-03 09:52 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-03-03 09:50 . 2012-03-03 09:50 -------- d--h--w- c:\users\Matthew\AppData\Local\Apple
2012-03-03 09:50 . 2012-03-11 10:11 -------- d-----w- c:\program files\Apple Software Update
2012-03-03 09:48 . 2012-03-11 10:16 -------- d-----w- c:\program files\Bonjour
2012-03-03 09:48 . 2012-03-11 09:51 -------- d-----w- c:\program files\Common Files\Apple
2012-03-03 09:48 . 2012-03-03 09:50 -------- d-----w- c:\programdata\Apple
2012-03-02 13:45 . 2012-03-02 13:45 -------- d-----w- c:\programdata\PopCap Games
2012-03-02 12:44 . 2012-03-11 10:13 -------- d-----w- c:\program files\Plants vs. Zombies 2 Zombatar
2012-02-29 10:09 . 2012-02-29 10:36 -------- d--h--w- c:\users\Matthew\AppData\Roaming\Natural Threat.Ominous Shores
2012-02-29 06:06 . 2012-03-11 10:12 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-02-29 06:04 . 2012-03-11 10:12 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-02-29 06:03 . 2012-03-11 09:56 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-02-29 06:03 . 2012-02-29 06:07 -------- d-----w- c:\windows\SHELLNEW
2012-02-29 06:02 . 2012-03-11 09:49 -------- d-----r- C:\MSOCache
2012-02-27 07:39 . 2012-02-27 07:39 -------- d--h--w- c:\users\Matthew\AppData\Roaming\GameInvest
2012-02-25 11:12 . 2012-03-11 10:05 -------- d-----w- c:\users\Matthew\AppData\Roaming\JoyBits
2012-02-25 11:10 . 2012-03-11 09:54 -------- d-----w- c:\program files\Foxy Games
2012-02-25 11:10 . 2012-02-25 11:10 -------- d-----w- C:\Downloads
2012-02-23 02:44 . 2012-03-13 12:24 -------- d--h--w- c:\users\Matthew\AppData\Local\Htc
2012-02-23 02:43 . 2012-03-11 10:05 -------- d-----w- c:\users\Matthew\AppData\Roaming\HTC
2012-02-23 02:41 . 2012-03-11 10:13 -------- d-----w- c:\program files\Spirent Communications
2012-02-23 02:40 . 2012-03-11 10:12 -------- d-----w- c:\program files\HTC
2012-02-23 02:39 . 2012-02-23 02:39 -------- d-----w- c:\program files\MSXML 4.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-13 12:25 . 2012-01-06 08:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-22 22:18 . 2012-01-11 12:19 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 07:11 . 2012-01-06 08:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-31 04:51 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-31 03:10 . 2012-01-31 03:10 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-31 03:10 . 2012-01-31 03:10 161792 ----a-w- c:\windows\system32\msls31.dll
2012-01-31 03:10 . 2012-01-31 03:10 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-31 03:10 . 2012-01-31 03:10 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-31 03:10 . 2012-01-31 03:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-31 03:10 . 2012-01-31 03:10 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-31 03:10 . 2012-01-31 03:10 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-01-31 03:10 . 2012-01-31 03:10 367104 ----a-w- c:\windows\system32\html.iec
2012-01-31 03:10 . 2012-01-31 03:10 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-01-31 03:09 . 2012-01-31 03:09 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-31 03:09 . 2012-01-31 03:09 152064 ----a-w- c:\windows\system32\wextract.exe
2012-01-31 03:09 . 2012-01-31 03:09 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-01-31 03:09 . 2012-01-31 03:09 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-01-31 03:09 . 2012-01-31 03:09 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-31 03:09 . 2012-01-31 03:09 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-01-31 03:09 . 2012-01-31 03:09 11776 ----a-w- c:\windows\system32\mshta.exe
2012-01-31 03:09 . 2012-01-31 03:09 101888 ----a-w- c:\windows\system32\admparse.dll
2012-01-14 03:35 . 2012-02-14 23:08 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-04 21:38 . 2012-01-04 21:38 29480 ----a-w- c:\windows\system32\msxml3a.dll
2012-01-04 21:38 . 2009-03-20 04:38 505128 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-04 21:38 . 2009-03-20 04:38 353576 ----a-w- c:\windows\system32\msvcr71.dll
2012-01-04 08:58 . 2012-02-14 23:08 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27 . 2012-02-14 23:08 478720 ----a-w- c:\windows\system32\timedate.cpl
2011-12-23 09:58 . 2012-02-02 04:09 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-12-23 09:58 . 2011-12-23 09:58 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-12-23 09:58 . 2011-12-23 09:58 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-12-23 09:58 . 2011-12-23 09:58 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-12-23 09:58 . 2011-12-23 09:58 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2011-12-23 09:58 . 2011-12-23 09:58 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2011-12-23 09:58 . 2011-12-23 09:58 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2011-12-23 09:58 . 2011-12-23 09:58 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2011-12-23 09:58 . 2011-12-23 09:58 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2011-12-23 09:58 . 2011-12-23 09:58 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2011-12-23 09:58 . 2011-12-23 09:58 569344 ----a-w- c:\windows\system32\muzdecode.ax
2011-12-23 09:58 . 2011-12-23 09:58 491520 ----a-w- c:\windows\system32\muzapp.dll
2011-12-23 09:58 . 2011-12-23 09:58 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2011-12-23 09:58 . 2011-12-23 09:58 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-12-23 09:58 . 2011-12-23 09:58 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2011-12-23 09:58 . 2011-12-23 09:58 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2011-12-23 09:58 . 2011-12-23 09:58 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2011-12-23 09:58 . 2011-12-23 09:58 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2011-12-23 09:58 . 2011-12-23 09:58 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2011-12-23 09:58 . 2011-12-23 09:58 245760 ----a-w- c:\windows\system32\MSCLib.dll
2011-12-23 09:58 . 2011-12-23 09:58 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2011-12-23 09:58 . 2011-12-23 09:58 200704 ----a-w- c:\windows\system32\muzwmts.dll
2011-12-23 09:58 . 2011-12-23 09:58 155648 ----a-w- c:\windows\system32\MSFLib.dll
2011-12-23 09:58 . 2011-12-23 09:58 143360 ----a-w- c:\windows\system32\3DAudio.ax
2011-12-23 09:58 . 2011-12-23 09:58 135168 ----a-w- c:\windows\system32\muzaf1.dll
2011-12-23 09:58 . 2011-12-23 09:58 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-12-23 09:58 . 2011-12-23 09:58 122880 ----a-w- c:\windows\system32\muzeffect.ax
2011-12-23 09:58 . 2011-12-23 09:58 118784 ----a-w- c:\windows\system32\MaDRM.dll
2011-12-23 09:58 . 2011-12-23 09:58 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2011-12-23 09:58 . 2012-02-02 04:08 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-02-17 07:06 . 2012-01-06 08:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-20_04.50.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-09 19:04 . 2012-03-20 22:59 47964 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-03-20 22:47 66696 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-04 04:01 . 2012-03-20 22:47 10516 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2249668314-1619009243-3578254783-1000_UserData.bin
- 2012-01-04 21:24 . 2012-03-20 02:21 81920 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-04 21:24 . 2012-03-20 07:08 81920 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-20 22:57 . 2012-03-20 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-20 03:56 . 2012-03-20 03:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-20 22:57 . 2012-03-20 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-20 03:56 . 2012-03-20 03:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-04 21:24 . 2012-03-20 02:21 737280 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-04 21:24 . 2012-03-20 07:08 737280 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2012-03-20 07:08 524288 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2012-03-20 02:21 524288 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:47 . 2012-03-20 03:50 396980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2012-03-20 22:57 396980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-06 23:15 . 2012-03-20 22:57 7709324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2249668314-1619009243-3578254783-1000-12288.dat
- 2012-01-06 23:15 . 2012-03-20 03:50 7709324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2249668314-1619009243-3578254783-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 282624]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2567272]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 12:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2011-12-20 02:32 634880 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2012-02-03 08:50 943504 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-02-18 01:42 21416 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-02-03 08:50 3508624 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2011-03-04 01:45 2741616 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2011-09-20 03:53 1493288 ----a-w- c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe
.
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-11-01 51632]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-12-08 80184]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-22 23040]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-28 116064]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-12-08 181432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-08 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 56496]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 12464]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2011-11-01 34768]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-04 11776]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2012-01-21 3025112]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 176128]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793048]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 59064639
*NewlyCreated* - ASWMBR
*Deregistered* - 59064639
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 01:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2249668314-1619009243-3578254783-1000Core.job
- c:\users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-13 23:56]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2249668314-1619009243-3578254783-1000UA.job
- c:\users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-13 23:56]
.
2012-03-11 c:\windows\Tasks\HPCeeScheduleForMatthew.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2012-03-13 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools\PC Tools Registry Mechanic\RegMech.exe [2012-03-12 00:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://friendly-google-search.blogspot.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Upload to Facebook - c:\program files\UploadRabbitforFacebook\iecontext.htm
TCP: DhcpNameServer = 203.12.160.35 203.12.160.36 192.168.1.1
FF - ProfilePath - c:\users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\0llz4515.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2392)
c:\windows\System32\netshell.dll
c:\windows\System32\srchadmin.dll
c:\windows\System32\QAgent.dll
.
Completion time: 2012-03-21 11:01:45
ComboFix-quarantined-files.txt 2012-03-21 00:01
.
Pre-Run: 119,180,238,848 bytes free
Post-Run: 119,304,790,016 bytes free
.
- - End Of File - - 59E97DA2B58A544FE253AB666C0CCA88

#16 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 20 March 2012 - 07:15 PM

How's it running now?
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#17 deejay

deejay

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Australia

Posted 20 March 2012 - 07:19 PM

seems ok, but malwarebytes still wont work, im guessing its corrupted and i should re-install. but so far so good. i dont like having to make firefox default everytime, but yea

#18 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 20 March 2012 - 07:21 PM

Please do the following to see if it resolves the issue: Post back and let us know please

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#19 deejay

deejay

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Australia

Posted 20 March 2012 - 07:52 PM

seems ok, will leave it at that, hopefully I wont have to speak to you again (I mean that in the nicest possible way haha)

thanks!

Matt

#20 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 21 March 2012 - 06:42 AM

Good job Posted Image

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:
  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7
  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.


Log looks good :D


  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.


  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.


    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn

  • JAVA Click this link and click on the Free JAVA Download

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.


I would suggest you read:
PC Safety and Security--What Do I Need?.
How to Prevent Malware:


The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.




Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users