deejay

Infection Problems

21 posts in this topic

Merged post

Hi guys and gals,

I really need some help, I have been infected with some unknown virus. I have run numerous scans with AVG and malwarebytes all coming back with nothing, The symptoms I am getting at are:

Slow pc

pop up messages on my desktop randomly "message from webpage, congrats you have won a ipad 2"

everytime I start firefox I get "this is not your default browser, will you make it" I tick yes and dont ask me again.

Have attached the 2 dds files,

And Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:06:46 PM, on 14/03/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Users\Matthew\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe

C:\Users\Matthew\Downloads\HijackThis.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://friendly-goog...ch.blogspot.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Upload to Facebook - C:\Program Files\UploadRabbitforFacebook\iecontext.htm

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe

--

End of file - 11092 bytesDDS.txtAttach.txt

And I am now getting this error from Malwarebytes

post-109533-0-60292400-1331770488.jpg

Share this post


Link to post
Share on other sites

:welcome:

Please don't attach the scan results, use Copy/Paste

Logs will be closed if you haven't replied within 3 days

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download DDS by sUBs from one of the following links and save it to your desktop.

[*]Disable any script blocking protection (How to Disable your Security Programs)

[*]Double click DDS icon to run the tool (may take up to 3 minutes to run)

[*]When done, DDS.txt will open.

[*]After a few moments, attach.txt will open in a second window.

[*]Save both reports to your desktop.

---------------------------------------------------

  • Post the contents of the DDS.txt in your next reply

Share this post


Link to post
Share on other sites

as requested

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Matthew at 10:20:28 on 2012-03-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1788.835 [GMT 11:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Emsisoft Anti-Malware\a2service.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Windows\system32\conhost.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Users\Matthew\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Users\Matthew\Downloads\ATF_Cleaner.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://friendly-google-search.blogspot.com

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

uRun: [Google Update] "c:\users\matthew\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe

uPolicies-explorer: NoInstrumentation = 1

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: Upload to Facebook - c:\program files\uploadrabbitforfacebook\iecontext.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 203.12.160.35 203.12.160.36 192.168.1.1

TCP: Interfaces\{0C22E69E-3C0B-449F-8EC6-12F9AB67FC80} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{6E9E60BE-0811-410A-BA40-9D94B19AE934} : DhcpNameServer = 203.12.160.35 203.12.160.36 192.168.1.1

TCP: Interfaces\{6E9E60BE-0811-410A-BA40-9D94B19AE934}\E43435 : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\matthew\appdata\roaming\mozilla\firefox\profiles\0llz4515.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/

FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\matthew\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-3-11 64512]

R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-1-31 56496]

R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-1-31 12464]

R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2012-3-12 17904]

R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2012-3-12 34768]

R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2012-3-12 11776]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-1-5 167936]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2012-1-5 27320]

S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2012-3-12 51632]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-2-2 80184]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-29 116064]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-2-2 181432]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-9 52224]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]

.

=============== Created Last 30 ================

.

2012-03-17 06:01:10 -------- d-----w- c:\users\matthew\appdata\local\Wizards of the Coast

2012-03-17 06:00:25 -------- d-----w- c:\users\matthew\appdata\local\IsolatedStorage

2012-03-17 05:56:44 -------- d-----w- c:\users\matthew\appdata\local\Apps

2012-03-17 05:56:43 -------- d-----w- c:\users\matthew\appdata\local\Deployment

2012-03-17 04:21:51 -------- d-----w- c:\users\matthew\appdata\local\CyberLink

2012-03-13 13:53:22 -------- d-----w- c:\users\matthew\appdata\roaming\Registry Mechanic

2012-03-13 10:54:34 -------- d-----w- c:\users\matthew\appdata\roaming\SUPERAntiSpyware.com

2012-03-13 10:54:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-03-13 10:54:24 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-03-12 09:48:41 -------- d-----w- c:\program files\Emsisoft Anti-Malware

2012-03-12 00:11:24 880640 ----a-w- c:\windows\system32\UniBox10.ocx

2012-03-12 00:11:24 512472 ----a-w- c:\windows\system32\msxml.dll

2012-03-12 00:11:24 37336 ----a-w- c:\windows\system32\CleanMFT32.exe

2012-03-12 00:11:24 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx

2012-03-12 00:11:24 1101824 ----a-w- c:\windows\system32\UniBox210.ocx

2012-03-12 00:11:23 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX

2012-03-12 00:11:20 -------- d-----w- c:\program files\PC Tools

2012-03-12 00:11:20 -------- d-----w- c:\program files\common files\PC Tools

2012-03-12 00:07:59 -------- d-----w- c:\programdata\PC Tools

2012-03-12 00:07:58 -------- d-----w- c:\users\matthew\appdata\roaming\Product_RM

2012-03-11 11:56:00 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-03-11 11:51:24 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2012-03-11 11:51:11 -------- d-----w- c:\program files\Lavasoft

2012-03-11 07:59:40 -------- d-----w- c:\users\matthew\appdata\roaming\Malwarebytes

2012-03-11 07:59:29 -------- d-----w- c:\programdata\Malwarebytes

2012-03-11 07:59:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-11 06:15:07 -------- d--h--w- C:\$AVG

2012-03-11 06:13:43 -------- d-----w- c:\program files\DA2CE

2012-03-11 06:13:40 -------- d-----w- c:\program files\LP

2012-03-11 06:13:11 -------- d--h--w- c:\users\matthew\appdata\roaming\C4ADA

2012-03-03 09:52:17 -------- d--h--w- c:\users\matthew\appdata\local\Apple Computer

2012-03-03 09:51:14 -------- d-----w- c:\program files\iPod

2012-03-03 09:51:13 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-03-03 09:51:13 -------- d-----w- c:\program files\iTunes

2012-03-03 09:50:14 -------- d--h--w- c:\users\matthew\appdata\local\Apple

2012-03-03 09:48:29 -------- d-----w- c:\program files\Bonjour

2012-03-02 13:45:50 -------- d-----w- c:\programdata\PopCap Games

2012-03-02 12:44:01 -------- d-----w- c:\program files\Plants vs. Zombies 2 Zombatar

2012-02-29 10:09:27 -------- d--h--w- c:\users\matthew\appdata\roaming\Natural Threat.Ominous Shores

2012-02-29 06:06:40 -------- d-----w- c:\program files\Microsoft Synchronization Services

2012-02-29 06:04:26 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2012-02-29 06:03:29 -------- d-----w- c:\program files\Microsoft Analysis Services

2012-02-29 06:03:10 -------- d-----w- c:\windows\SHELLNEW

2012-02-27 07:39:28 -------- d--h--w- c:\users\matthew\appdata\roaming\GameInvest

2012-02-25 11:12:12 -------- d-----w- c:\users\matthew\appdata\roaming\JoyBits

2012-02-25 11:10:08 -------- d-----w- c:\program files\Foxy Games

2012-02-25 11:10:05 -------- d-----w- C:\Downloads

2012-02-23 19:20:33 -------- d--h--w- c:\users\matthew\appdata\roaming\Temp

2012-02-23 02:44:12 -------- d--h--w- c:\users\matthew\appdata\roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

2012-02-23 02:44:01 -------- d--h--w- c:\users\matthew\appdata\local\Htc

2012-02-23 02:43:04 -------- d-----w- c:\users\matthew\appdata\roaming\HTC

2012-02-23 02:41:15 -------- d-----w- c:\program files\Spirent Communications

2012-02-23 02:40:47 -------- d-----w- c:\program files\HTC

2012-02-23 02:39:37 -------- d-----w- c:\program files\MSXML 4.0

2012-02-19 09:44:47 -------- d-----w- c:\users\matthew\appdata\roaming\Friday's games

.

==================== Find3M ====================

.

2012-03-13 12:25:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-16 07:11:31 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-01-31 04:51:49 152576 ----a-w- c:\windows\system32\msclmd.dll

2012-01-31 03:10:05 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-01-31 03:10:05 161792 ----a-w- c:\windows\system32\msls31.dll

2012-01-31 03:10:04 86528 ----a-w- c:\windows\system32\iesysprep.dll

2012-01-31 03:10:04 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-01-31 03:10:04 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-01-31 03:10:04 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-01-31 03:10:01 63488 ----a-w- c:\windows\system32\tdc.ocx

2012-01-31 03:10:01 367104 ----a-w- c:\windows\system32\html.iec

2012-01-31 03:10:00 74752 ----a-w- c:\windows\system32\iesetup.dll

2012-01-31 03:09:59 23552 ----a-w- c:\windows\system32\licmgr10.dll

2012-01-31 03:09:59 152064 ----a-w- c:\windows\system32\wextract.exe

2012-01-31 03:09:58 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-01-31 03:09:58 150528 ----a-w- c:\windows\system32\iexpress.exe

2012-01-31 03:09:58 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-01-31 03:09:57 35840 ----a-w- c:\windows\system32\imgutil.dll

2012-01-31 03:09:57 11776 ----a-w- c:\windows\system32\mshta.exe

2012-01-31 03:09:57 101888 ----a-w- c:\windows\system32\admparse.dll

2012-01-14 03:35:54 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-01-04 21:38:10 505128 ----a-w- c:\windows\system32\msvcp71.dll

2012-01-04 21:38:10 353576 ----a-w- c:\windows\system32\msvcr71.dll

2012-01-04 21:38:10 29480 ----a-w- c:\windows\system32\msxml3a.dll

2012-01-04 21:28:54 0 ----a-w- c:\windows\ativpsrm.bin

2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll

2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl

.

============= FINISH: 10:29:32.10 ===============

Share this post


Link to post
Share on other sites

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

Looks like you're running 2 anti-virus programs.

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Please do not delete anything unless instructed to.

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove either:

Lavasoft

AVG

Next:

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

ok after all that, combofix was able to tell me I are infected with rootkit.zeroaccess

combofix kept crashing during scanning/removal, it also stated that it is in my tcp/ip settings

my pc still disables a few of the my startup programs, like catcalyst control centre, malwarebytes (see the screen shot on post 1)

everytime I open firefox it asks if I want it to be the default browser (even though I chose yes and tick the box)

I get random popups from "webpage" stating either just "thankyou" or "congratulations you have won a ipad2" or "are you sure you want to navigate away from this page" I always shut them down with alt + F4

Share this post


Link to post
Share on other sites

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Share this post


Link to post
Share on other sites

09:54:37.0004 6140 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

09:54:38.0297 6140 ============================================================

09:54:38.0297 6140 Current date / time: 2012/03/21 09:54:38.0297

09:54:38.0297 6140 SystemInfo:

09:54:38.0297 6140

09:54:38.0297 6140 OS Version: 6.1.7601 ServicePack: 1.0

09:54:38.0297 6140 Product type: Workstation

09:54:38.0298 6140 ComputerName: MATTHEW-PC

09:54:38.0298 6140 UserName: Matthew

09:54:38.0298 6140 Windows directory: C:\Windows

09:54:38.0298 6140 System windows directory: C:\Windows

09:54:38.0298 6140 Processor architecture: Intel x86

09:54:38.0298 6140 Number of processors: 1

09:54:38.0298 6140 Page size: 0x1000

09:54:38.0298 6140 Boot type: Normal boot

09:54:38.0298 6140 ============================================================

09:54:40.0078 6140 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

09:54:40.0080 6140 \Device\Harddisk0\DR0:

09:54:40.0080 6140 MBR used

09:54:40.0080 6140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

09:54:40.0080 6140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23A07800

09:54:40.0080 6140 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23A6B800, BlocksNum 0x198F000

09:54:40.0080 6140 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0

09:54:40.0181 6140 Initialize success

09:54:40.0181 6140 ============================================================

09:55:15.0133 2332 ============================================================

09:55:15.0133 2332 Scan started

09:55:15.0133 2332 Mode: Manual; SigCheck; TDLFS;

09:55:15.0133 2332 ============================================================

09:55:17.0447 2332 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

09:55:17.0548 2332 1394ohci - ok

09:55:17.0649 2332 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys

09:55:17.0669 2332 a2acc - ok

09:55:17.0761 2332 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys

09:55:17.0793 2332 A2DDA - ok

09:55:17.0825 2332 a2injectiondriver (23aac49133765eeaa86a65452d21ef1c) C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys

09:55:17.0833 2332 a2injectiondriver - ok

09:55:17.0863 2332 a2util (2da26eb05b5495d3b2ee36456c239fb7) C:\Program Files\Emsisoft Anti-Malware\a2util32.sys

09:55:17.0873 2332 a2util - ok

09:55:17.0971 2332 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

09:55:17.0986 2332 ACPI - ok

09:55:18.0025 2332 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

09:55:18.0085 2332 AcpiPmi - ok

09:55:18.0235 2332 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

09:55:18.0255 2332 adp94xx - ok

09:55:18.0288 2332 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

09:55:18.0304 2332 adpahci - ok

09:55:18.0329 2332 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

09:55:18.0399 2332 adpu320 - ok

09:55:18.0491 2332 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

09:55:18.0537 2332 AFD - ok

09:55:18.0607 2332 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\Windows\system32\DRIVERS\AGRSM.sys

09:55:18.0677 2332 AgereSoftModem - ok

09:55:18.0794 2332 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

09:55:18.0804 2332 agp440 - ok

09:55:18.0837 2332 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

09:55:18.0847 2332 aic78xx - ok

09:55:18.0899 2332 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

09:55:18.0909 2332 aliide - ok

09:55:18.0959 2332 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

09:55:18.0969 2332 amdagp - ok

09:55:18.0989 2332 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

09:55:18.0999 2332 amdide - ok

09:55:19.0039 2332 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

09:55:19.0089 2332 AmdK8 - ok

09:55:19.0139 2332 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

09:55:19.0179 2332 AmdPPM - ok

09:55:19.0239 2332 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

09:55:19.0249 2332 amdsata - ok

09:55:19.0269 2332 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

09:55:19.0279 2332 amdsbs - ok

09:55:19.0309 2332 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

09:55:19.0319 2332 amdxata - ok

09:55:19.0371 2332 ApfiltrService (7df70a08b56cbbc874744d9b0b396272) C:\Windows\system32\DRIVERS\Apfiltr.sys

09:55:19.0391 2332 ApfiltrService - ok

09:55:19.0431 2332 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

09:55:19.0551 2332 AppID - ok

09:55:19.0733 2332 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

09:55:19.0743 2332 arc - ok

09:55:19.0783 2332 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

09:55:19.0793 2332 arcsas - ok

09:55:19.0883 2332 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

09:55:19.0983 2332 AsyncMac - ok

09:55:20.0095 2332 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

09:55:20.0105 2332 atapi - ok

09:55:20.0175 2332 athr (6a661d017c4e5cd313f6a55acf1d7465) C:\Windows\system32\DRIVERS\athr.sys

09:55:20.0255 2332 athr - ok

09:55:20.0405 2332 AtiHdmiService (e2398389648b5d44dc63ca43fdd5b3f8) C:\Windows\system32\drivers\AtiHdmi.sys

09:55:20.0415 2332 AtiHdmiService - ok

09:55:20.0535 2332 atikmdag (bcb9cf3b087dd15a8f33a149296e6183) C:\Windows\system32\DRIVERS\atikmdag.sys

09:55:20.0719 2332 atikmdag - ok

09:55:20.0829 2332 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys

09:55:20.0839 2332 AtiPcie - ok

09:55:20.0929 2332 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

09:55:20.0979 2332 b06bdrv - ok

09:55:21.0019 2332 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

09:55:21.0039 2332 b57nd60x - ok

09:55:21.0119 2332 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

09:55:21.0169 2332 Beep - ok

09:55:21.0231 2332 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

09:55:21.0261 2332 blbdrive - ok

09:55:21.0321 2332 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

09:55:21.0341 2332 bowser - ok

09:55:21.0371 2332 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

09:55:21.0421 2332 BrFiltLo - ok

09:55:21.0491 2332 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

09:55:21.0531 2332 BrFiltUp - ok

09:55:21.0641 2332 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

09:55:21.0691 2332 BridgeMP - ok

09:55:21.0743 2332 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

09:55:21.0793 2332 Brserid - ok

09:55:21.0803 2332 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

09:55:21.0833 2332 BrSerWdm - ok

09:55:21.0863 2332 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

09:55:21.0903 2332 BrUsbMdm - ok

09:55:21.0937 2332 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

09:55:21.0975 2332 BrUsbSer - ok

09:55:22.0037 2332 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys

09:55:22.0077 2332 BthEnum - ok

09:55:22.0097 2332 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

09:55:22.0137 2332 BTHMODEM - ok

09:55:22.0177 2332 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

09:55:22.0207 2332 BthPan - ok

09:55:22.0267 2332 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys

09:55:22.0317 2332 BTHPORT - ok

09:55:22.0367 2332 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys

09:55:22.0387 2332 BTHUSB - ok

09:55:22.0517 2332 catchme - ok

09:55:22.0562 2332 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

09:55:22.0934 2332 cdfs - ok

09:55:23.0000 2332 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

09:55:23.0028 2332 cdrom - ok

09:55:23.0070 2332 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

09:55:23.0156 2332 circlass - ok

09:55:23.0189 2332 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

09:55:23.0204 2332 CLFS - ok

09:55:23.0265 2332 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

09:55:23.0299 2332 CmBatt - ok

09:55:23.0337 2332 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

09:55:23.0346 2332 cmdide - ok

09:55:23.0391 2332 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

09:55:23.0409 2332 CNG - ok

09:55:23.0491 2332 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

09:55:23.0501 2332 Compbatt - ok

09:55:23.0571 2332 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

09:55:23.0611 2332 CompositeBus - ok

09:55:23.0651 2332 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

09:55:23.0661 2332 crcdisk - ok

09:55:23.0741 2332 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

09:55:23.0783 2332 DfsC - ok

09:55:23.0835 2332 dg_ssudbus (919f338fd36f47d860775368d0748780) C:\Windows\system32\DRIVERS\ssudbus.sys

09:55:23.0855 2332 dg_ssudbus - ok

09:55:23.0895 2332 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

09:55:23.0945 2332 discache - ok

09:55:24.0007 2332 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

09:55:24.0017 2332 Disk - ok

09:55:24.0061 2332 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

09:55:24.0089 2332 drmkaud - ok

09:55:24.0149 2332 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

09:55:24.0169 2332 DXGKrnl - ok

09:55:24.0271 2332 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

09:55:24.0361 2332 ebdrv - ok

09:55:24.0513 2332 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

09:55:24.0543 2332 elxstor - ok

09:55:24.0574 2332 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

09:55:24.0598 2332 ErrDev - ok

09:55:24.0643 2332 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

09:55:24.0673 2332 exfat - ok

09:55:24.0695 2332 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

09:55:24.0743 2332 fastfat - ok

09:55:24.0786 2332 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

09:55:24.0815 2332 fdc - ok

09:55:24.0860 2332 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

09:55:24.0865 2332 FileInfo - ok

09:55:24.0885 2332 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

09:55:24.0935 2332 Filetrace - ok

09:55:24.0975 2332 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

09:55:24.0997 2332 flpydisk - ok

09:55:25.0027 2332 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

09:55:25.0037 2332 FltMgr - ok

09:55:25.0087 2332 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

09:55:25.0107 2332 FsDepends - ok

09:55:25.0127 2332 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

09:55:25.0146 2332 Fs_Rec - ok

09:55:25.0189 2332 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

09:55:25.0209 2332 fvevol - ok

09:55:25.0253 2332 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

09:55:25.0261 2332 gagp30kx - ok

09:55:25.0291 2332 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

09:55:25.0331 2332 hcw85cir - ok

09:55:25.0381 2332 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

09:55:25.0421 2332 HdAudAddService - ok

09:55:25.0451 2332 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

09:55:25.0481 2332 HDAudBus - ok

09:55:25.0521 2332 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

09:55:25.0551 2332 HidBatt - ok

09:55:25.0581 2332 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

09:55:25.0621 2332 HidBth - ok

09:55:25.0671 2332 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

09:55:25.0701 2332 HidIr - ok

09:55:25.0771 2332 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

09:55:25.0801 2332 HidUsb - ok

09:55:25.0893 2332 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

09:55:25.0933 2332 HpqKbFiltr - ok

09:55:25.0983 2332 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

09:55:25.0993 2332 HpSAMD - ok

09:55:26.0053 2332 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys

09:55:26.0113 2332 HTCAND32 - ok

09:55:26.0165 2332 htcnprot (339adefad60353f960e3ca67ce468c24) C:\Windows\system32\DRIVERS\htcnprot.sys

09:55:26.0205 2332 htcnprot - ok

09:55:26.0255 2332 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

09:55:26.0317 2332 HTTP - ok

09:55:26.0347 2332 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

09:55:26.0357 2332 hwpolicy - ok

09:55:26.0397 2332 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

09:55:26.0427 2332 i8042prt - ok

09:55:26.0477 2332 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

09:55:26.0497 2332 iaStorV - ok

09:55:26.0649 2332 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys

09:55:26.0793 2332 igfx - ok

09:55:26.0913 2332 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

09:55:26.0913 2332 iirsp - ok

09:55:26.0964 2332 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

09:55:26.0973 2332 intelide - ok

09:55:27.0005 2332 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

09:55:27.0025 2332 intelppm - ok

09:55:27.0065 2332 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:55:27.0095 2332 IpFilterDriver - ok

09:55:27.0151 2332 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

09:55:27.0217 2332 IPMIDRV - ok

09:55:27.0267 2332 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

09:55:27.0307 2332 IPNAT - ok

09:55:27.0347 2332 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

09:55:27.0397 2332 IRENUM - ok

09:55:27.0437 2332 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

09:55:27.0448 2332 isapnp - ok

09:55:27.0478 2332 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

09:55:27.0488 2332 iScsiPrt - ok

09:55:27.0528 2332 JMCR (8c17deb1995e593853373c30485e7368) C:\Windows\system32\DRIVERS\jmcr.sys

09:55:27.0568 2332 JMCR - ok

09:55:27.0618 2332 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

09:55:27.0628 2332 kbdclass - ok

09:55:27.0668 2332 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

09:55:27.0688 2332 kbdhid - ok

09:55:27.0738 2332 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

09:55:27.0740 2332 KSecDD - ok

09:55:27.0770 2332 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

09:55:27.0780 2332 KSecPkg - ok

09:55:27.0882 2332 Lavasoft Kernexplorer - ok

09:55:28.0034 2332 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

09:55:28.0084 2332 lltdio - ok

09:55:28.0136 2332 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

09:55:28.0156 2332 LSI_FC - ok

09:55:28.0187 2332 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

09:55:28.0198 2332 LSI_SAS - ok

09:55:28.0208 2332 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

09:55:28.0218 2332 LSI_SAS2 - ok

09:55:28.0258 2332 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

09:55:28.0268 2332 LSI_SCSI - ok

09:55:28.0288 2332 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

09:55:28.0328 2332 luafv - ok

09:55:28.0348 2332 MBAMProtector - ok

09:55:28.0400 2332 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

09:55:28.0410 2332 megasas - ok

09:55:28.0440 2332 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

09:55:28.0450 2332 MegaSR - ok

09:55:28.0500 2332 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

09:55:28.0540 2332 Modem - ok

09:55:28.0592 2332 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

09:55:28.0622 2332 monitor - ok

09:55:28.0672 2332 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

09:55:28.0672 2332 mouclass - ok

09:55:28.0712 2332 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

09:55:28.0742 2332 mouhid - ok

09:55:28.0782 2332 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

09:55:28.0812 2332 mountmgr - ok

09:55:28.0847 2332 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

09:55:28.0854 2332 mpio - ok

09:55:28.0884 2332 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

09:55:28.0914 2332 mpsdrv - ok

09:55:28.0966 2332 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

09:55:29.0016 2332 MRxDAV - ok

09:55:29.0066 2332 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

09:55:29.0106 2332 mrxsmb - ok

09:55:29.0146 2332 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:55:29.0166 2332 mrxsmb10 - ok

09:55:29.0206 2332 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:55:29.0226 2332 mrxsmb20 - ok

09:55:29.0286 2332 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

09:55:29.0296 2332 msahci - ok

09:55:29.0336 2332 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

09:55:29.0346 2332 msdsm - ok

09:55:29.0396 2332 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

09:55:29.0426 2332 Msfs - ok

09:55:29.0468 2332 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

09:55:29.0538 2332 mshidkmdf - ok

09:55:29.0610 2332 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

09:55:29.0630 2332 msisadrv - ok

09:55:29.0732 2332 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

09:55:29.0772 2332 MSKSSRV - ok

09:55:29.0805 2332 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

09:55:29.0844 2332 MSPCLOCK - ok

09:55:29.0854 2332 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

09:55:29.0896 2332 MSPQM - ok

09:55:29.0926 2332 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

09:55:29.0936 2332 MsRPC - ok

09:55:29.0986 2332 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

09:55:29.0986 2332 mssmbios - ok

09:55:30.0006 2332 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

09:55:30.0046 2332 MSTEE - ok

09:55:30.0090 2332 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

09:55:30.0098 2332 MTConfig - ok

09:55:30.0118 2332 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

09:55:30.0128 2332 Mup - ok

09:55:30.0188 2332 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

09:55:30.0238 2332 NativeWifiP - ok

09:55:30.0331 2332 NBVol (e240f3204e86b7b6ccf266b2a2ad32b4) C:\Windows\system32\DRIVERS\NBVol.sys

09:55:30.0367 2332 NBVol - ok

09:55:30.0400 2332 NBVolUp (c0cf3cccce3c75f7280c89029ab47866) C:\Windows\system32\DRIVERS\NBVolUp.sys

09:55:30.0410 2332 NBVolUp - ok

09:55:30.0470 2332 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

09:55:30.0490 2332 NDIS - ok

09:55:30.0542 2332 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

09:55:30.0572 2332 NdisCap - ok

09:55:30.0614 2332 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

09:55:30.0644 2332 NdisTapi - ok

09:55:30.0706 2332 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

09:55:30.0770 2332 Ndisuio - ok

09:55:30.0798 2332 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

09:55:30.0838 2332 NdisWan - ok

09:55:30.0885 2332 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

09:55:30.0910 2332 NDProxy - ok

09:55:30.0952 2332 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

09:55:31.0002 2332 NetBIOS - ok

09:55:31.0042 2332 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

09:55:31.0072 2332 NetBT - ok

09:55:31.0257 2332 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys

09:55:31.0420 2332 netw5v32 - ok

09:55:31.0546 2332 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

09:55:31.0566 2332 nfrd960 - ok

09:55:31.0626 2332 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

09:55:31.0686 2332 Npfs - ok

09:55:31.0728 2332 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

09:55:31.0768 2332 nsiproxy - ok

09:55:31.0830 2332 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

09:55:31.0870 2332 Ntfs - ok

09:55:31.0907 2332 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

09:55:31.0952 2332 Null - ok

09:55:31.0993 2332 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

09:55:32.0004 2332 nvraid - ok

09:55:32.0024 2332 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

09:55:32.0042 2332 nvstor - ok

09:55:32.0076 2332 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

09:55:32.0086 2332 nv_agp - ok

09:55:32.0116 2332 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

09:55:32.0146 2332 ohci1394 - ok

09:55:32.0248 2332 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

09:55:32.0258 2332 Parport - ok

09:55:32.0288 2332 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

09:55:32.0298 2332 partmgr - ok

09:55:32.0331 2332 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

09:55:32.0368 2332 Parvdm - ok

09:55:32.0439 2332 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

09:55:32.0452 2332 pci - ok

09:55:32.0473 2332 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

09:55:32.0483 2332 pciide - ok

09:55:32.0528 2332 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

09:55:32.0542 2332 pcmcia - ok

09:55:32.0602 2332 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

09:55:32.0618 2332 pcw - ok

09:55:32.0655 2332 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

09:55:32.0710 2332 PEAUTH - ok

09:55:32.0800 2332 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys

09:55:32.0815 2332 Point32 - ok

09:55:32.0866 2332 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

09:55:32.0904 2332 PptpMiniport - ok

09:55:32.0932 2332 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

09:55:32.0956 2332 Processor - ok

09:55:33.0016 2332 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

09:55:33.0066 2332 Psched - ok

09:55:33.0128 2332 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

09:55:33.0158 2332 ql2300 - ok

09:55:33.0190 2332 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

09:55:33.0200 2332 ql40xx - ok

09:55:33.0230 2332 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

09:55:33.0250 2332 QWAVEdrv - ok

09:55:33.0280 2332 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

09:55:33.0330 2332 RasAcd - ok

09:55:33.0382 2332 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

09:55:33.0412 2332 RasAgileVpn - ok

09:55:33.0456 2332 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

09:55:33.0494 2332 Rasl2tp - ok

09:55:33.0546 2332 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

09:55:33.0596 2332 RasPppoe - ok

09:55:33.0638 2332 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

09:55:33.0688 2332 RasSstp - ok

09:55:33.0730 2332 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

09:55:33.0780 2332 rdbss - ok

09:55:33.0822 2332 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

09:55:33.0842 2332 rdpbus - ok

09:55:33.0882 2332 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

09:55:33.0922 2332 RDPCDD - ok

09:55:33.0968 2332 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

09:55:33.0994 2332 RDPENCDD - ok

09:55:34.0036 2332 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

09:55:34.0076 2332 RDPREFMP - ok

09:55:34.0127 2332 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

09:55:34.0168 2332 RDPWD - ok

09:55:34.0240 2332 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

09:55:34.0270 2332 rdyboost - ok

09:55:34.0332 2332 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

09:55:34.0342 2332 RFCOMM - ok

09:55:34.0422 2332 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

09:55:34.0452 2332 rspndr - ok

09:55:34.0504 2332 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys

09:55:34.0554 2332 RTL8167 - ok

09:55:34.0611 2332 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

09:55:34.0616 2332 sbp2port - ok

09:55:34.0666 2332 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

09:55:34.0716 2332 scfilter - ok

09:55:34.0778 2332 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys

09:55:34.0808 2332 sdbus - ok

09:55:34.0858 2332 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

09:55:34.0898 2332 secdrv - ok

09:55:34.0960 2332 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

09:55:34.0990 2332 Serenum - ok

09:55:35.0020 2332 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

09:55:35.0254 2332 Serial - ok

09:55:35.0292 2332 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

09:55:35.0537 2332 sermouse - ok

09:55:35.0591 2332 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

09:55:35.0865 2332 sffdisk - ok

09:55:35.0887 2332 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

09:55:36.0042 2332 sffp_mmc - ok

09:55:36.0072 2332 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

09:55:36.0242 2332 sffp_sd - ok

09:55:36.0276 2332 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

09:55:36.0306 2332 sfloppy - ok

09:55:36.0372 2332 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

09:55:36.0382 2332 sisagp - ok

09:55:36.0418 2332 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

09:55:36.0428 2332 SiSRaid2 - ok

09:55:36.0448 2332 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

09:55:36.0458 2332 SiSRaid4 - ok

09:55:36.0501 2332 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

09:55:36.0740 2332 Smb - ok

09:55:36.0780 2332 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

09:55:36.0790 2332 spldr - ok

09:55:36.0850 2332 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

09:55:36.0902 2332 srv - ok

09:55:36.0942 2332 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

09:55:36.0962 2332 srv2 - ok

09:55:36.0999 2332 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

09:55:37.0034 2332 SrvHsfHDA - ok

09:55:37.0074 2332 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

09:55:37.0134 2332 SrvHsfV92 - ok

09:55:37.0174 2332 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

09:55:37.0204 2332 SrvHsfWinac - ok

09:55:37.0242 2332 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

09:55:37.0378 2332 srvnet - ok

09:55:37.0458 2332 ssudmdm (8f299012ef58246f1c98de7b7e48dbf0) C:\Windows\system32\DRIVERS\ssudmdm.sys

09:55:37.0478 2332 ssudmdm - ok

09:55:37.0520 2332 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

09:55:37.0530 2332 stexstor - ok

09:55:37.0580 2332 STHDA (dadb74bf26766757dbba9c5912969ebf) C:\Windows\system32\DRIVERS\stwrt.sys

09:55:37.0610 2332 STHDA - ok

09:55:37.0659 2332 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

09:55:37.0667 2332 swenum - ok

09:55:37.0782 2332 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys

09:55:37.0812 2332 Tcpip - ok

09:55:37.0996 2332 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys

09:55:38.0026 2332 TCPIP6 - ok

09:55:38.0145 2332 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

09:55:38.0185 2332 tcpipreg - ok

09:55:38.0228 2332 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

09:55:38.0270 2332 TDPIPE - ok

09:55:38.0290 2332 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

09:55:38.0330 2332 TDTCP - ok

09:55:38.0382 2332 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

09:55:38.0422 2332 tdx - ok

09:55:38.0470 2332 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

09:55:38.0474 2332 TermDD - ok

09:55:38.0556 2332 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

09:55:38.0586 2332 tssecsrv - ok

09:55:38.0628 2332 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

09:55:38.0668 2332 TsUsbFlt - ok

09:55:38.0739 2332 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

09:55:38.0799 2332 tunnel - ok

09:55:38.0839 2332 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

09:55:38.0841 2332 uagp35 - ok

09:55:38.0891 2332 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

09:55:38.0941 2332 udfs - ok

09:55:39.0003 2332 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

09:55:39.0014 2332 uliagpkx - ok

09:55:39.0053 2332 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

09:55:39.0283 2332 umbus - ok

09:55:39.0309 2332 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

09:55:39.0565 2332 UmPass - ok

09:55:39.0626 2332 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

09:55:39.0668 2332 USBAAPL - ok

09:55:39.0708 2332 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

09:55:39.0728 2332 usbccgp - ok

09:55:39.0778 2332 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

09:55:39.0788 2332 usbcir - ok

09:55:39.0818 2332 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

09:55:39.0848 2332 usbehci - ok

09:55:39.0918 2332 usbfilter (0150b06d3e73f6c27afcb963fd931820) C:\Windows\system32\DRIVERS\usbfilter.sys

09:55:39.0952 2332 usbfilter - ok

09:55:39.0990 2332 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

09:55:40.0020 2332 usbhub - ok

09:55:40.0070 2332 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys

09:55:40.0100 2332 usbohci - ok

09:55:40.0150 2332 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

09:55:40.0170 2332 usbprint - ok

09:55:40.0230 2332 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

09:55:40.0242 2332 usbscan - ok

09:55:40.0282 2332 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

09:55:40.0322 2332 USBSTOR - ok

09:55:40.0362 2332 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys

09:55:40.0372 2332 usbuhci - ok

09:55:40.0412 2332 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys

09:55:40.0452 2332 usbvideo - ok

09:55:40.0504 2332 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

09:55:40.0514 2332 vdrvroot - ok

09:55:40.0544 2332 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

09:55:40.0586 2332 vga - ok

09:55:40.0626 2332 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

09:55:40.0648 2332 VgaSave - ok

09:55:40.0683 2332 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

09:55:40.0695 2332 vhdmp - ok

09:55:40.0726 2332 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

09:55:40.0736 2332 viaagp - ok

09:55:40.0762 2332 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

09:55:40.0790 2332 ViaC7 - ok

09:55:40.0837 2332 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

09:55:40.0846 2332 viaide - ok

09:55:40.0873 2332 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

09:55:40.0882 2332 volmgr - ok

09:55:40.0912 2332 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

09:55:40.0929 2332 volmgrx - ok

09:55:40.0976 2332 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

09:55:40.0990 2332 volsnap - ok

09:55:41.0034 2332 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

09:55:41.0044 2332 vsmraid - ok

09:55:41.0083 2332 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

09:55:41.0116 2332 vwifibus - ok

09:55:41.0146 2332 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

09:55:41.0186 2332 vwififlt - ok

09:55:41.0227 2332 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

09:55:41.0268 2332 WacomPen - ok

09:55:41.0328 2332 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

09:55:41.0368 2332 WANARP - ok

09:55:41.0378 2332 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

09:55:41.0418 2332 Wanarpv6 - ok

09:55:41.0492 2332 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

09:55:41.0502 2332 Wd - ok

09:55:41.0533 2332 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

09:55:41.0542 2332 Wdf01000 - ok

09:55:41.0624 2332 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

09:55:41.0644 2332 WfpLwf - ok

09:55:41.0664 2332 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

09:55:41.0681 2332 WIMMount - ok

09:55:41.0776 2332 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

09:55:41.0796 2332 WinUsb - ok

09:55:41.0837 2332 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

09:55:41.0858 2332 WmiAcpi - ok

09:55:41.0921 2332 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

09:55:41.0960 2332 ws2ifsl - ok

09:55:42.0032 2332 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

09:55:42.0062 2332 WudfPf - ok

09:55:42.0114 2332 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

09:55:42.0164 2332 WUDFRd - ok

09:55:42.0246 2332 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys

09:55:42.0266 2332 yukonw7 - ok

09:55:42.0311 2332 MBR (0x1B8) (87b60ba824650a5a22043915b40a338e) \Device\Harddisk0\DR0

09:55:42.0338 2332 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected

09:55:42.0338 2332 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)

09:55:42.0408 2332 Boot (0x1200) (ab9c3f458846aa4505070124e9456fc2) \Device\Harddisk0\DR0\Partition0

09:55:42.0408 2332 \Device\Harddisk0\DR0\Partition0 - ok

09:55:42.0418 2332 Boot (0x1200) (95e78351fccb63d801d16fcf6567be26) \Device\Harddisk0\DR0\Partition1

09:55:42.0418 2332 \Device\Harddisk0\DR0\Partition1 - ok

09:55:42.0461 2332 Boot (0x1200) (7b080ef081319fc5937d01f29cf41bff) \Device\Harddisk0\DR0\Partition2

09:55:42.0462 2332 \Device\Harddisk0\DR0\Partition2 - ok

09:55:42.0470 2332 Boot (0x1200) (91b00e461e6114437d77a1c5480e260e) \Device\Harddisk0\DR0\Partition3

09:55:42.0480 2332 \Device\Harddisk0\DR0\Partition3 - ok

09:55:42.0480 2332 ============================================================

09:55:42.0480 2332 Scan finished

09:55:42.0480 2332 ============================================================

09:55:42.0500 3748 Detected object count: 1

09:55:42.0500 3748 Actual detected object count: 1

09:56:25.0785 3748 \Device\Harddisk0\DR0\# - copied to quarantine

09:56:25.0786 3748 \Device\Harddisk0\DR0 - copied to quarantine

09:56:25.0824 3748 \Device\Harddisk0\DR0 - processing error

09:56:41.0825 3748 \Device\Harddisk0\DR0 - will be restored on reboot

09:56:42.0317 3748 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore

09:56:45.0269 6128 Deinitialize success

Share this post


Link to post
Share on other sites

09:56:41.0825 3748 \Device\Harddisk0\DR0 - will be restored on reboot

09:56:42.0317 3748 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore

Can't say I've every seen Cure Restore

Did you select to cure / delete that rootkit?

Share this post


Link to post
Share on other sites

I certainly did, it stated that can not cure, will write standard boot codes or something though.

Share this post


Link to post
Share on other sites

That's not a good sign.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Share this post


Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-03-21 10:11:47

-----------------------------

10:11:47.625 OS Version: Windows 6.1.7601 Service Pack 1

10:11:47.625 Number of processors: 1 586 0x602

10:11:47.629 ComputerName: MATTHEW-PC UserName: Matthew

10:12:07.067 Initialize success

10:12:21.779 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

10:12:21.779 Disk 0 Vendor: SAMSUNG_HM321HI 2AJ10003 Size: 305245MB BusType: 11

10:12:21.795 Disk 0 MBR read successfully

10:12:21.795 Disk 0 MBR scan

10:12:21.795 Disk 0 Windows XP default MBR code

10:12:21.811 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048

10:12:21.826 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291855 MB offset 409600

10:12:21.857 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13086 MB offset 598128640

10:12:21.873 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768

10:12:21.889 Disk 0 scanning sectors +625140400

10:12:21.935 Disk 0 scanning C:\Windows\system32\drivers

10:12:28.144 Service scanning

10:12:49.048 Modules scanning

10:13:00.935 Disk 0 trace - called modules:

10:13:01.279 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys dxgkrnl.sys atikmdag.sys dxgmms1.sys USBPORT.SYS usbohci.sys hidusb.sys HIDCLASS.SYS HIDPARSE.SYS mouhid.sys point32.sys Wdf01000.sys mouclass.sys??

10:13:01.294 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860bc4e8]

10:13:01.294 3 CLASSPNP.SYS[8899d59e] -> nt!IofCallDriver -> [0x852cc918]

10:13:01.310 5 ACPI.sys[833993d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86090030]

10:13:01.310 7 mouhid.sys[9060978b] -> nt!IofCallDriver -> \Device\00000094[0x86f32d08]

10:13:01.325 9 hidusb.sys[907f3391] -> nt!IofCallDriver -> [0x86f41020]

10:13:01.325 11 usbfilter.sys[8f3ddbf0] -> nt!IofCallDriver -> \Device\USBPDO-7[0x86d236a8]

10:13:01.341 13 usbhub.sys[8e59dc88] -> nt!IofCallDriver -> [0x86b894e0]

10:13:01.357 15 usbfilter.sys[8f3ddbf0] -> nt!IofCallDriver -> \Device\USBPDO-0[0x86b8b028]

10:13:01.357 17 mouhid.sys[9060978b] -> nt!IofCallDriver -> \Device\00000094[0x86f32d08]

10:13:01.372 19 hidusb.sys[907f3391] -> nt!IofCallDriver -> [0x86f41020]

10:13:01.372 21 usbfilter.sys[8f3ddbf0] -> nt!IofCallDriver -> \Device\USBPDO-7[0x86d236a8]

10:13:01.388 23 usbhub.sys[8e59dc88] -> nt!IofCallDriver -> [0x86b894e0]

10:13:01.403 25 usbfilter.sys[8f3ddbf0] -> nt!IofCallDriver -> \Device\USBPDO-0[0x86b8b028]

10:13:01.403 27 mouhid.sys[9060978b] -> nt!IofCallDriver -> \Device\00000094[0x86f32d08]

10:13:01.419 29 hidusb.sys[907f3391] -> nt!IofCallDriver -> [0x86f41020]

10:13:01.419 31 usbfilter.sys[8f3ddbf0] -> nt!IofCallDriver -> \Device\USBPDO-7[0x86d236a8]

10:13:01.435 33 usbhub.sys[8e59dc88] -> nt!IofCallDriver -> [0x86b894e0]

10:13:01.450 35 usbfilter.sys[8f3ddbf0] -> nt!IofCallDriver -> \Device\USBPDO-0[0x86b8b028]

10:13:01.450 37 mouhid.sys[9060978b] -> nt!IofCallDriver -> \Device\00000094[0x86f32d08]

10:13:01.466 39 hidusb.sys[907f3391] -> nt!IofCallDriver -> [0x86f41020]

10:13:01.481 41 usbfilter.sys[8f3ddbf0] -> nt!IofCallDriver -> \Device\USBPDO-7[0x86d236a8]

10:13:01.481 43 usbhub.sys[8e59dc88] -> nt!IofCallDriver -> [0x86b894e0]

10:13:01.497 45 usbfilter.sys[8f3ddbf0] -> nt!IofCallDriver -> \Device\USBPDO-0[0x86b8b028]

10:13:01.513 Scan finished successfully

10:13:36.507 Disk 0 MBR has been saved successfully to "C:\Users\Matthew\Desktop\MBR.dat"

10:13:36.522 The log file has been saved successfully to "C:\Users\Matthew\Desktop\aswMBR.txt"

Share this post


Link to post
Share on other sites

That one looks OK.

Run a new TDSSKIller scan

Share this post


Link to post
Share on other sites

10:19:19.0063 2616 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

10:19:20.0051 2616 ============================================================

10:19:20.0051 2616 Current date / time: 2012/03/21 10:19:20.0051

10:19:20.0051 2616 SystemInfo:

10:19:20.0051 2616

10:19:20.0051 2616 OS Version: 6.1.7601 ServicePack: 1.0

10:19:20.0051 2616 Product type: Workstation

10:19:20.0051 2616 ComputerName: MATTHEW-PC

10:19:20.0052 2616 UserName: Matthew

10:19:20.0052 2616 Windows directory: C:\Windows

10:19:20.0052 2616 System windows directory: C:\Windows

10:19:20.0052 2616 Processor architecture: Intel x86

10:19:20.0052 2616 Number of processors: 1

10:19:20.0052 2616 Page size: 0x1000

10:19:20.0052 2616 Boot type: Normal boot

10:19:20.0052 2616 ============================================================

10:19:21.0097 2616 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

10:19:21.0098 2616 \Device\Harddisk0\DR0:

10:19:21.0099 2616 MBR used

10:19:21.0099 2616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

10:19:21.0099 2616 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23A07800

10:19:21.0099 2616 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23A6B800, BlocksNum 0x198F000

10:19:21.0099 2616 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0

10:19:21.0222 2616 Initialize success

10:19:21.0222 2616 ============================================================

10:19:27.0691 3800 ============================================================

10:19:27.0691 3800 Scan started

10:19:27.0691 3800 Mode: Manual; SigCheck; TDLFS;

10:19:27.0691 3800 ============================================================

10:19:28.0376 3800 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

10:19:28.0462 3800 1394ohci - ok

10:19:28.0584 3800 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys

10:19:28.0619 3800 a2acc - ok

10:19:28.0706 3800 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys

10:19:28.0714 3800 A2DDA - ok

10:19:28.0737 3800 a2injectiondriver (23aac49133765eeaa86a65452d21ef1c) C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys

10:19:28.0745 3800 a2injectiondriver - ok

10:19:28.0779 3800 a2util (2da26eb05b5495d3b2ee36456c239fb7) C:\Program Files\Emsisoft Anti-Malware\a2util32.sys

10:19:28.0787 3800 a2util - ok

10:19:28.0907 3800 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

10:19:28.0936 3800 ACPI - ok

10:19:28.0981 3800 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

10:19:29.0084 3800 AcpiPmi - ok

10:19:29.0274 3800 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

10:19:29.0302 3800 adp94xx - ok

10:19:29.0332 3800 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

10:19:29.0347 3800 adpahci - ok

10:19:29.0384 3800 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

10:19:29.0396 3800 adpu320 - ok

10:19:29.0480 3800 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

10:19:29.0553 3800 AFD - ok

10:19:29.0637 3800 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\Windows\system32\DRIVERS\AGRSM.sys

10:19:29.0693 3800 AgereSoftModem - ok

10:19:29.0839 3800 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

10:19:29.0863 3800 agp440 - ok

10:19:29.0903 3800 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

10:19:29.0913 3800 aic78xx - ok

10:19:29.0964 3800 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

10:19:29.0972 3800 aliide - ok

10:19:30.0006 3800 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

10:19:30.0016 3800 amdagp - ok

10:19:30.0046 3800 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

10:19:30.0055 3800 amdide - ok

10:19:30.0098 3800 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

10:19:30.0182 3800 AmdK8 - ok

10:19:30.0228 3800 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

10:19:30.0259 3800 AmdPPM - ok

10:19:30.0328 3800 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

10:19:30.0339 3800 amdsata - ok

10:19:30.0382 3800 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

10:19:30.0394 3800 amdsbs - ok

10:19:30.0421 3800 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

10:19:30.0430 3800 amdxata - ok

10:19:30.0493 3800 ApfiltrService (7df70a08b56cbbc874744d9b0b396272) C:\Windows\system32\DRIVERS\Apfiltr.sys

10:19:30.0519 3800 ApfiltrService - ok

10:19:30.0568 3800 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

10:19:30.0593 3800 AppID - ok

10:19:30.0659 3800 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

10:19:30.0669 3800 arc - ok

10:19:30.0698 3800 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

10:19:30.0708 3800 arcsas - ok

10:19:30.0764 3800 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

10:19:30.0812 3800 AsyncMac - ok

10:19:30.0860 3800 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

10:19:30.0869 3800 atapi - ok

10:19:30.0921 3800 athr (6a661d017c4e5cd313f6a55acf1d7465) C:\Windows\system32\DRIVERS\athr.sys

10:19:30.0995 3800 athr - ok

10:19:31.0201 3800 AtiHdmiService (e2398389648b5d44dc63ca43fdd5b3f8) C:\Windows\system32\drivers\AtiHdmi.sys

10:19:31.0217 3800 AtiHdmiService - ok

10:19:31.0376 3800 atikmdag (bcb9cf3b087dd15a8f33a149296e6183) C:\Windows\system32\DRIVERS\atikmdag.sys

10:19:31.0575 3800 atikmdag - ok

10:19:31.0738 3800 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys

10:19:31.0756 3800 AtiPcie - ok

10:19:31.0903 3800 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

10:19:31.0945 3800 b06bdrv - ok

10:19:32.0002 3800 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

10:19:32.0021 3800 b57nd60x - ok

10:19:32.0122 3800 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

10:19:32.0210 3800 Beep - ok

10:19:32.0269 3800 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

10:19:32.0323 3800 blbdrive - ok

10:19:32.0605 3800 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

10:19:32.0638 3800 bowser - ok

10:19:32.0661 3800 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:19:32.0753 3800 BrFiltLo - ok

10:19:32.0787 3800 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:19:32.0816 3800 BrFiltUp - ok

10:19:32.0902 3800 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

10:19:32.0966 3800 BridgeMP - ok

10:19:33.0004 3800 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

10:19:33.0034 3800 Brserid - ok

10:19:33.0050 3800 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

10:19:33.0065 3800 BrSerWdm - ok

10:19:33.0092 3800 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:19:33.0117 3800 BrUsbMdm - ok

10:19:33.0148 3800 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

10:19:33.0161 3800 BrUsbSer - ok

10:19:33.0219 3800 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys

10:19:33.0277 3800 BthEnum - ok

10:19:33.0315 3800 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

10:19:33.0347 3800 BTHMODEM - ok

10:19:33.0392 3800 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

10:19:33.0408 3800 BthPan - ok

10:19:33.0516 3800 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys

10:19:33.0557 3800 BTHPORT - ok

10:19:33.0638 3800 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys

10:19:33.0672 3800 BTHUSB - ok

10:19:33.0901 3800 catchme - ok

10:19:34.0052 3800 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

10:19:34.0137 3800 cdfs - ok

10:19:34.0190 3800 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

10:19:34.0215 3800 cdrom - ok

10:19:34.0282 3800 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

10:19:34.0309 3800 circlass - ok

10:19:34.0346 3800 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

10:19:34.0363 3800 CLFS - ok

10:19:34.0444 3800 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

10:19:34.0466 3800 CmBatt - ok

10:19:34.0505 3800 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

10:19:34.0514 3800 cmdide - ok

10:19:34.0594 3800 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

10:19:34.0639 3800 CNG - ok

10:19:34.0708 3800 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

10:19:34.0717 3800 Compbatt - ok

10:19:34.0811 3800 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

10:19:34.0864 3800 CompositeBus - ok

10:19:34.0915 3800 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

10:19:34.0924 3800 crcdisk - ok

10:19:34.0998 3800 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

10:19:35.0042 3800 DfsC - ok

10:19:35.0133 3800 dg_ssudbus (919f338fd36f47d860775368d0748780) C:\Windows\system32\DRIVERS\ssudbus.sys

10:19:35.0157 3800 dg_ssudbus - ok

10:19:35.0211 3800 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

10:19:35.0274 3800 discache - ok

10:19:35.0386 3800 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

10:19:35.0411 3800 Disk - ok

10:19:35.0462 3800 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

10:19:35.0496 3800 drmkaud - ok

10:19:35.0555 3800 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

10:19:35.0579 3800 DXGKrnl - ok

10:19:35.0716 3800 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

10:19:35.0795 3800 ebdrv - ok

10:19:35.0966 3800 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

10:19:35.0993 3800 elxstor - ok

10:19:36.0030 3800 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

10:19:36.0053 3800 ErrDev - ok

10:19:36.0099 3800 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

10:19:36.0127 3800 exfat - ok

10:19:36.0151 3800 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

10:19:36.0198 3800 fastfat - ok

10:19:36.0255 3800 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

10:19:36.0267 3800 fdc - ok

10:19:36.0305 3800 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

10:19:36.0315 3800 FileInfo - ok

10:19:36.0336 3800 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

10:19:36.0416 3800 Filetrace - ok

10:19:36.0442 3800 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

10:19:36.0466 3800 flpydisk - ok

10:19:36.0498 3800 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

10:19:36.0511 3800 FltMgr - ok

10:19:36.0564 3800 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

10:19:36.0573 3800 FsDepends - ok

10:19:36.0592 3800 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

10:19:36.0602 3800 Fs_Rec - ok

10:19:36.0654 3800 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

10:19:36.0669 3800 fvevol - ok

10:19:36.0709 3800 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

10:19:36.0719 3800 gagp30kx - ok

10:19:36.0752 3800 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

10:19:36.0779 3800 hcw85cir - ok

10:19:36.0865 3800 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

10:19:36.0899 3800 HdAudAddService - ok

10:19:36.0934 3800 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

10:19:36.0968 3800 HDAudBus - ok

10:19:37.0027 3800 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

10:19:37.0082 3800 HidBatt - ok

10:19:37.0123 3800 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

10:19:37.0151 3800 HidBth - ok

10:19:37.0194 3800 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

10:19:37.0263 3800 HidIr - ok

10:19:37.0366 3800 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

10:19:37.0422 3800 HidUsb - ok

10:19:37.0562 3800 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

10:19:37.0590 3800 HpqKbFiltr - ok

10:19:37.0641 3800 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

10:19:37.0652 3800 HpSAMD - ok

10:19:37.0711 3800 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys

10:19:37.0756 3800 HTCAND32 - ok

10:19:37.0846 3800 htcnprot (339adefad60353f960e3ca67ce468c24) C:\Windows\system32\DRIVERS\htcnprot.sys

10:19:37.0879 3800 htcnprot - ok

10:19:37.0930 3800 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

10:19:37.0994 3800 HTTP - ok

10:19:38.0032 3800 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

10:19:38.0042 3800 hwpolicy - ok

10:19:38.0102 3800 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

10:19:38.0128 3800 i8042prt - ok

10:19:38.0196 3800 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

10:19:38.0211 3800 iaStorV - ok

10:19:38.0398 3800 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys

10:19:38.0548 3800 igfx - ok

10:19:38.0690 3800 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

10:19:38.0714 3800 iirsp - ok

10:19:38.0753 3800 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

10:19:38.0762 3800 intelide - ok

10:19:38.0797 3800 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

10:19:38.0821 3800 intelppm - ok

10:19:38.0864 3800 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:19:38.0902 3800 IpFilterDriver - ok

10:19:38.0940 3800 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

10:19:38.0965 3800 IPMIDRV - ok

10:19:38.0991 3800 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

10:19:39.0031 3800 IPNAT - ok

10:19:39.0072 3800 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

10:19:39.0110 3800 IRENUM - ok

10:19:39.0173 3800 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

10:19:39.0195 3800 isapnp - ok

10:19:39.0223 3800 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

10:19:39.0238 3800 iScsiPrt - ok

10:19:39.0281 3800 JMCR (8c17deb1995e593853373c30485e7368) C:\Windows\system32\DRIVERS\jmcr.sys

10:19:39.0299 3800 JMCR - ok

10:19:39.0332 3800 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

10:19:39.0342 3800 kbdclass - ok

10:19:39.0387 3800 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

10:19:39.0399 3800 kbdhid - ok

10:19:39.0449 3800 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

10:19:39.0460 3800 KSecDD - ok

10:19:39.0488 3800 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

10:19:39.0500 3800 KSecPkg - ok

10:19:39.0622 3800 Lavasoft Kernexplorer - ok

10:19:39.0807 3800 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

10:19:39.0870 3800 lltdio - ok

10:19:39.0922 3800 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

10:19:39.0933 3800 LSI_FC - ok

10:19:39.0953 3800 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

10:19:39.0965 3800 LSI_SAS - ok

10:19:40.0006 3800 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:19:40.0015 3800 LSI_SAS2 - ok

10:19:40.0047 3800 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:19:40.0058 3800 LSI_SCSI - ok

10:19:40.0101 3800 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

10:19:40.0167 3800 luafv - ok

10:19:40.0181 3800 MBAMProtector - ok

10:19:40.0267 3800 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

10:19:40.0276 3800 megasas - ok

10:19:40.0306 3800 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

10:19:40.0320 3800 MegaSR - ok

10:19:40.0386 3800 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

10:19:40.0427 3800 Modem - ok

10:19:40.0470 3800 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

10:19:40.0537 3800 monitor - ok

10:19:40.0605 3800 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

10:19:40.0629 3800 mouclass - ok

10:19:40.0672 3800 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

10:19:40.0697 3800 mouhid - ok

10:19:40.0732 3800 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

10:19:40.0742 3800 mountmgr - ok

10:19:40.0779 3800 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

10:19:40.0791 3800 mpio - ok

10:19:40.0819 3800 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

10:19:40.0865 3800 mpsdrv - ok

10:19:40.0905 3800 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

10:19:40.0934 3800 MRxDAV - ok

10:19:41.0006 3800 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:19:41.0058 3800 mrxsmb - ok

10:19:41.0094 3800 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:19:41.0109 3800 mrxsmb10 - ok

10:19:41.0132 3800 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:19:41.0145 3800 mrxsmb20 - ok

10:19:41.0183 3800 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

10:19:41.0193 3800 msahci - ok

10:19:41.0227 3800 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

10:19:41.0238 3800 msdsm - ok

10:19:41.0309 3800 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

10:19:41.0336 3800 Msfs - ok

10:19:41.0357 3800 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

10:19:41.0398 3800 mshidkmdf - ok

10:19:41.0446 3800 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

10:19:41.0455 3800 msisadrv - ok

10:19:41.0498 3800 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

10:19:41.0544 3800 MSKSSRV - ok

10:19:41.0571 3800 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

10:19:41.0661 3800 MSPCLOCK - ok

10:19:41.0680 3800 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

10:19:41.0717 3800 MSPQM - ok

10:19:41.0747 3800 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

10:19:41.0760 3800 MsRPC - ok

10:19:41.0785 3800 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

10:19:41.0795 3800 mssmbios - ok

10:19:41.0825 3800 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

10:19:41.0904 3800 MSTEE - ok

10:19:41.0934 3800 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

10:19:41.0977 3800 MTConfig - ok

10:19:42.0049 3800 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

10:19:42.0071 3800 Mup - ok

10:19:42.0128 3800 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

10:19:42.0159 3800 NativeWifiP - ok

10:19:42.0253 3800 NBVol (e240f3204e86b7b6ccf266b2a2ad32b4) C:\Windows\system32\DRIVERS\NBVol.sys

10:19:42.0274 3800 NBVol - ok

10:19:42.0319 3800 NBVolUp (c0cf3cccce3c75f7280c89029ab47866) C:\Windows\system32\DRIVERS\NBVolUp.sys

10:19:42.0326 3800 NBVolUp - ok

10:19:42.0383 3800 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

10:19:42.0406 3800 NDIS - ok

10:19:42.0458 3800 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

10:19:42.0485 3800 NdisCap - ok

10:19:42.0526 3800 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

10:19:42.0562 3800 NdisTapi - ok

10:19:42.0624 3800 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

10:19:42.0649 3800 Ndisuio - ok

10:19:42.0696 3800 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

10:19:42.0732 3800 NdisWan - ok

10:19:42.0773 3800 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

10:19:42.0798 3800 NDProxy - ok

10:19:42.0848 3800 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

10:19:42.0893 3800 NetBIOS - ok

10:19:42.0934 3800 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

10:19:42.0966 3800 NetBT - ok

10:19:43.0158 3800 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys

10:19:43.0295 3800 netw5v32 - ok

10:19:43.0427 3800 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

10:19:43.0451 3800 nfrd960 - ok

10:19:43.0495 3800 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

10:19:43.0539 3800 Npfs - ok

10:19:43.0577 3800 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

10:19:43.0617 3800 nsiproxy - ok

10:19:43.0682 3800 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

10:19:43.0716 3800 Ntfs - ok

10:19:43.0751 3800 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

10:19:43.0796 3800 Null - ok

10:19:43.0836 3800 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

10:19:43.0847 3800 nvraid - ok

10:19:43.0873 3800 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

10:19:43.0886 3800 nvstor - ok

10:19:43.0908 3800 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

10:19:43.0920 3800 nv_agp - ok

10:19:43.0942 3800 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

10:19:43.0975 3800 ohci1394 - ok

10:19:44.0059 3800 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

10:19:44.0086 3800 Parport - ok

10:19:44.0138 3800 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

10:19:44.0148 3800 partmgr - ok

10:19:44.0174 3800 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

10:19:44.0201 3800 Parvdm - ok

10:19:44.0272 3800 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

10:19:44.0284 3800 pci - ok

10:19:44.0305 3800 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

10:19:44.0314 3800 pciide - ok

10:19:44.0372 3800 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

10:19:44.0384 3800 pcmcia - ok

10:19:44.0462 3800 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

10:19:44.0472 3800 pcw - ok

10:19:44.0510 3800 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

10:19:44.0565 3800 PEAUTH - ok

10:19:44.0644 3800 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys

10:19:44.0652 3800 Point32 - ok

10:19:44.0699 3800 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

10:19:44.0740 3800 PptpMiniport - ok

10:19:44.0776 3800 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

10:19:44.0802 3800 Processor - ok

10:19:44.0910 3800 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

10:19:44.0962 3800 Psched - ok

10:19:45.0040 3800 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

10:19:45.0079 3800 ql2300 - ok

10:19:45.0100 3800 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

10:19:45.0111 3800 ql40xx - ok

10:19:45.0136 3800 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

10:19:45.0150 3800 QWAVEdrv - ok

10:19:45.0174 3800 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

10:19:45.0219 3800 RasAcd - ok

10:19:45.0282 3800 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:19:45.0350 3800 RasAgileVpn - ok

10:19:45.0388 3800 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:19:45.0433 3800 Rasl2tp - ok

10:19:45.0484 3800 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

10:19:45.0529 3800 RasPppoe - ok

10:19:45.0575 3800 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

10:19:45.0620 3800 RasSstp - ok

10:19:45.0666 3800 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

10:19:45.0715 3800 rdbss - ok

10:19:45.0763 3800 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

10:19:45.0794 3800 rdpbus - ok

10:19:45.0840 3800 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:19:45.0880 3800 RDPCDD - ok

10:19:45.0923 3800 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

10:19:45.0957 3800 RDPENCDD - ok

10:19:45.0991 3800 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

10:19:46.0027 3800 RDPREFMP - ok

10:19:46.0071 3800 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

10:19:46.0108 3800 RDPWD - ok

10:19:46.0179 3800 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

10:19:46.0210 3800 rdyboost - ok

10:19:46.0265 3800 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

10:19:46.0281 3800 RFCOMM - ok

10:19:46.0344 3800 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

10:19:46.0382 3800 rspndr - ok

10:19:46.0431 3800 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys

10:19:46.0459 3800 RTL8167 - ok

10:19:46.0510 3800 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

10:19:46.0521 3800 sbp2port - ok

10:19:46.0562 3800 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

10:19:46.0605 3800 scfilter - ok

10:19:46.0669 3800 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys

10:19:46.0697 3800 sdbus - ok

10:19:46.0740 3800 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

10:19:46.0783 3800 secdrv - ok

10:19:46.0848 3800 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

10:19:46.0893 3800 Serenum - ok

10:19:46.0934 3800 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

10:19:46.0962 3800 Serial - ok

10:19:47.0003 3800 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

10:19:47.0019 3800 sermouse - ok

10:19:47.0069 3800 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

10:19:47.0093 3800 sffdisk - ok

10:19:47.0120 3800 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

10:19:47.0145 3800 sffp_mmc - ok

10:19:47.0176 3800 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

10:19:47.0201 3800 sffp_sd - ok

10:19:47.0241 3800 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

10:19:47.0282 3800 sfloppy - ok

10:19:47.0350 3800 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

10:19:47.0360 3800 sisagp - ok

10:19:47.0401 3800 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:19:47.0411 3800 SiSRaid2 - ok

10:19:47.0435 3800 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

10:19:47.0446 3800 SiSRaid4 - ok

10:19:47.0479 3800 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

10:19:47.0508 3800 Smb - ok

10:19:47.0543 3800 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

10:19:47.0552 3800 spldr - ok

10:19:47.0617 3800 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

10:19:47.0656 3800 srv - ok

10:19:47.0688 3800 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

10:19:47.0705 3800 srv2 - ok

10:19:47.0745 3800 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

10:19:47.0780 3800 SrvHsfHDA - ok

10:19:47.0847 3800 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

10:19:47.0884 3800 SrvHsfV92 - ok

10:19:47.0915 3800 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

10:19:47.0938 3800 SrvHsfWinac - ok

10:19:47.0976 3800 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

10:19:48.0009 3800 srvnet - ok

10:19:48.0087 3800 ssudmdm (8f299012ef58246f1c98de7b7e48dbf0) C:\Windows\system32\DRIVERS\ssudmdm.sys

10:19:48.0099 3800 ssudmdm - ok

10:19:48.0144 3800 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

10:19:48.0153 3800 stexstor - ok

10:19:48.0222 3800 STHDA (dadb74bf26766757dbba9c5912969ebf) C:\Windows\system32\DRIVERS\stwrt.sys

10:19:48.0270 3800 STHDA - ok

10:19:48.0315 3800 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

10:19:48.0324 3800 swenum - ok

10:19:48.0429 3800 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys

10:19:48.0465 3800 Tcpip - ok

10:19:48.0643 3800 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys

10:19:48.0674 3800 TCPIP6 - ok

10:19:48.0802 3800 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

10:19:48.0865 3800 tcpipreg - ok

10:19:48.0918 3800 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

10:19:48.0949 3800 TDPIPE - ok

10:19:48.0978 3800 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

10:19:49.0018 3800 TDTCP - ok

10:19:49.0063 3800 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

10:19:49.0105 3800 tdx - ok

10:19:49.0149 3800 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

10:19:49.0159 3800 TermDD - ok

10:19:49.0229 3800 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:19:49.0253 3800 tssecsrv - ok

10:19:49.0305 3800 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

10:19:49.0333 3800 TsUsbFlt - ok

10:19:49.0401 3800 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

10:19:49.0438 3800 tunnel - ok

10:19:49.0473 3800 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

10:19:49.0483 3800 uagp35 - ok

10:19:49.0531 3800 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

10:19:49.0577 3800 udfs - ok

10:19:49.0645 3800 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

10:19:49.0666 3800 uliagpkx - ok

10:19:49.0699 3800 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

10:19:49.0711 3800 umbus - ok

10:19:49.0743 3800 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

10:19:49.0771 3800 UmPass - ok

10:19:49.0827 3800 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

10:19:49.0854 3800 USBAAPL - ok

10:19:49.0891 3800 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

10:19:49.0927 3800 usbccgp - ok

10:19:49.0994 3800 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

10:19:50.0026 3800 usbcir - ok

10:19:50.0055 3800 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

10:19:50.0086 3800 usbehci - ok

10:19:50.0161 3800 usbfilter (0150b06d3e73f6c27afcb963fd931820) C:\Windows\system32\DRIVERS\usbfilter.sys

10:19:50.0176 3800 usbfilter - ok

10:19:50.0207 3800 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

10:19:50.0223 3800 usbhub - ok

10:19:50.0249 3800 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys

10:19:50.0282 3800 usbohci - ok

10:19:50.0329 3800 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

10:19:50.0343 3800 usbprint - ok

10:19:50.0386 3800 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

10:19:50.0400 3800 usbscan - ok

10:19:50.0441 3800 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:19:50.0473 3800 USBSTOR - ok

10:19:50.0512 3800 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys

10:19:50.0524 3800 usbuhci - ok

10:19:50.0567 3800 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys

10:19:50.0583 3800 usbvideo - ok

10:19:50.0620 3800 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

10:19:50.0630 3800 vdrvroot - ok

10:19:50.0664 3800 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

10:19:50.0694 3800 vga - ok

10:19:50.0728 3800 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

10:19:50.0754 3800 VgaSave - ok

10:19:50.0784 3800 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

10:19:50.0796 3800 vhdmp - ok

10:19:50.0827 3800 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

10:19:50.0838 3800 viaagp - ok

10:19:50.0863 3800 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

10:19:50.0896 3800 ViaC7 - ok

10:19:50.0938 3800 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

10:19:50.0947 3800 viaide - ok

10:19:50.0974 3800 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

10:19:50.0985 3800 volmgr - ok

10:19:51.0015 3800 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

10:19:51.0030 3800 volmgrx - ok

10:19:51.0077 3800 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

10:19:51.0091 3800 volsnap - ok

10:19:51.0139 3800 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

10:19:51.0151 3800 vsmraid - ok

10:19:51.0184 3800 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

10:19:51.0210 3800 vwifibus - ok

10:19:51.0241 3800 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

10:19:51.0270 3800 vwififlt - ok

10:19:51.0307 3800 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

10:19:51.0332 3800 WacomPen - ok

10:19:51.0395 3800 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

10:19:51.0458 3800 WANARP - ok

10:19:51.0475 3800 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

10:19:51.0500 3800 Wanarpv6 - ok

10:19:51.0572 3800 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

10:19:51.0581 3800 Wd - ok

10:19:51.0613 3800 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

10:19:51.0632 3800 Wdf01000 - ok

10:19:51.0706 3800 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

10:19:51.0732 3800 WfpLwf - ok

10:19:51.0763 3800 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

10:19:51.0773 3800 WIMMount - ok

10:19:51.0878 3800 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

10:19:51.0905 3800 WinUsb - ok

10:19:51.0939 3800 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

10:19:51.0962 3800 WmiAcpi - ok

10:19:52.0012 3800 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

10:19:52.0056 3800 ws2ifsl - ok

10:19:52.0114 3800 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

10:19:52.0150 3800 WudfPf - ok

10:19:52.0210 3800 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:19:52.0284 3800 WUDFRd - ok

10:19:52.0349 3800 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys

10:19:52.0366 3800 yukonw7 - ok

10:19:52.0402 3800 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

10:19:52.0612 3800 \Device\Harddisk0\DR0 - ok

10:19:52.0627 3800 Boot (0x1200) (ab9c3f458846aa4505070124e9456fc2) \Device\Harddisk0\DR0\Partition0

10:19:52.0629 3800 \Device\Harddisk0\DR0\Partition0 - ok

10:19:52.0667 3800 Boot (0x1200) (95e78351fccb63d801d16fcf6567be26) \Device\Harddisk0\DR0\Partition1

10:19:52.0668 3800 \Device\Harddisk0\DR0\Partition1 - ok

10:19:52.0707 3800 Boot (0x1200) (7b080ef081319fc5937d01f29cf41bff) \Device\Harddisk0\DR0\Partition2

10:19:52.0708 3800 \Device\Harddisk0\DR0\Partition2 - ok

10:19:52.0726 3800 Boot (0x1200) (91b00e461e6114437d77a1c5480e260e) \Device\Harddisk0\DR0\Partition3

10:19:52.0726 3800 \Device\Harddisk0\DR0\Partition3 - ok

10:19:52.0730 3800 ============================================================

10:19:52.0730 3800 Scan finished

10:19:52.0730 3800 ============================================================

10:19:52.0747 3724 Detected object count: 0

10:19:52.0747 3724 Actual detected object count: 0

10:20:06.0687 2524 Deinitialize success

Share this post


Link to post
Share on other sites

looks like TDSS might have fixed it,

Try Combofix now

Share this post


Link to post
Share on other sites

ComboFix 12-03-18.04 - Matthew 21/03/2012 10:25:28.3.1 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1788.1194 [GMT 11:00]

Running from: c:\users\Matthew\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\users\Matthew\AppData\Local\TempDIR

c:\windows\system32\system32

c:\windows\system32\system32\3DAudio.ax

c:\windows\system32\system32\avrt.dll

c:\windows\system32\system32\cis-2.4.dll

c:\windows\system32\system32\issacapi_bs-2.3.dll

c:\windows\system32\system32\issacapi_pe-2.3.dll

c:\windows\system32\system32\issacapi_se-2.3.dll

c:\windows\system32\system32\MACXMLProto.dll

c:\windows\system32\system32\MaDRM.dll

c:\windows\system32\system32\MaJGUILib.dll

c:\windows\system32\system32\MAMACExtract.dll

c:\windows\system32\system32\MASetupCleaner.exe

c:\windows\system32\system32\MaXMLProto.dll

c:\windows\system32\system32\mfplat.dll

c:\windows\system32\system32\MK_Lyric.dll

c:\windows\system32\system32\MSCLib.dll

c:\windows\system32\system32\MSFLib.dll

c:\windows\system32\system32\MSLUR71.dll

c:\windows\system32\system32\msvcp60.dll

c:\windows\system32\system32\MTTELECHIP.dll

c:\windows\system32\system32\MTXSYNCICON.dll

c:\windows\system32\system32\muzaf1.dll

c:\windows\system32\system32\muzapp.dll

c:\windows\system32\system32\muzapp.exe

c:\windows\system32\system32\muzdecode.ax

c:\windows\system32\system32\muzeffect.ax

c:\windows\system32\system32\muzmp4sp.ax

c:\windows\system32\system32\muzmpgsp.ax

c:\windows\system32\system32\muzoggsp.ax

c:\windows\system32\system32\muzwmts.dll

c:\windows\system32\system32\psapi.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))

.

.

2012-03-20 23:57 . 2012-03-20 23:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-20 22:56 . 2012-03-20 22:56 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-20 09:35 . 2012-03-20 09:35 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D57D94E-CC83-4776-8645-EDD0C8D09E43}\offreg.dll

2012-03-20 09:31 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D57D94E-CC83-4776-8645-EDD0C8D09E43}\mpengine.dll

2012-03-20 04:47 . 2012-03-20 23:57 -------- d-----w- c:\users\Matthew\AppData\Local\temp

2012-03-17 06:01 . 2012-03-17 06:01 -------- d-----w- c:\users\Matthew\AppData\Local\Wizards of the Coast

2012-03-17 06:00 . 2012-03-17 06:00 -------- d-----w- c:\users\Matthew\AppData\Local\IsolatedStorage

2012-03-17 05:56 . 2012-03-17 05:56 -------- d-----w- c:\users\Matthew\AppData\Local\Apps

2012-03-17 05:56 . 2012-03-19 03:26 -------- d-----w- c:\users\Matthew\AppData\Local\Deployment

2012-03-17 04:21 . 2012-03-17 04:21 -------- d-----w- c:\users\Matthew\AppData\Local\CyberLink

2012-03-13 13:53 . 2012-03-13 13:57 -------- d-----w- c:\users\Matthew\AppData\Roaming\Registry Mechanic

2012-03-13 10:54 . 2012-03-13 10:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-03-12 09:48 . 2012-03-13 13:01 -------- d-----w- c:\program files\Emsisoft Anti-Malware

2012-03-12 00:11 . 2011-12-12 03:07 512472 ----a-w- c:\windows\system32\msxml.dll

2012-03-12 00:11 . 2011-12-12 03:07 37336 ----a-w- c:\windows\system32\CleanMFT32.exe

2012-03-12 00:11 . 2008-04-02 05:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx

2012-03-12 00:11 . 2008-04-02 05:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx

2012-03-12 00:11 . 2008-04-02 05:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx

2012-03-12 00:11 . 2008-09-17 11:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX

2012-03-12 00:11 . 2012-03-12 00:11 -------- d-----w- c:\program files\Common Files\PC Tools

2012-03-12 00:11 . 2012-03-12 00:11 -------- d-----w- c:\program files\PC Tools

2012-03-12 00:07 . 2012-03-12 00:07 -------- d-----w- c:\programdata\PC Tools

2012-03-12 00:07 . 2012-03-12 00:07 -------- d-----w- c:\users\Matthew\AppData\Roaming\Product_RM

2012-03-11 11:56 . 2012-03-11 11:55 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-03-11 11:51 . 2012-03-19 23:39 -------- d-----w- c:\programdata\Lavasoft

2012-03-11 07:59 . 2012-03-11 07:59 -------- d-----w- c:\users\Matthew\AppData\Roaming\Malwarebytes

2012-03-11 07:59 . 2012-03-11 13:31 -------- d-----w- c:\programdata\Malwarebytes

2012-03-11 07:59 . 2012-03-11 12:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-11 06:13 . 2012-03-11 09:35 -------- d-----w- c:\program files\DA2CE

2012-03-11 06:13 . 2012-03-11 09:35 -------- d--h--w- c:\users\Matthew\AppData\Roaming\C4ADA

2012-03-03 09:52 . 2012-03-03 09:53 -------- d--h--w- c:\users\Matthew\AppData\Roaming\Apple Computer

2012-03-03 09:52 . 2012-03-03 09:52 -------- d--h--w- c:\users\Matthew\AppData\Local\Apple Computer

2012-03-03 09:51 . 2012-03-03 09:51 -------- d-----w- c:\program files\iPod

2012-03-03 09:51 . 2012-03-11 10:10 -------- d-----w- c:\program files\iTunes

2012-03-03 09:51 . 2012-03-11 10:09 -------- d-----w- c:\programdata\Apple Computer

2012-03-03 09:51 . 2012-03-03 09:52 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-03-03 09:50 . 2012-03-03 09:50 -------- d--h--w- c:\users\Matthew\AppData\Local\Apple

2012-03-03 09:50 . 2012-03-11 10:11 -------- d-----w- c:\program files\Apple Software Update

2012-03-03 09:48 . 2012-03-11 10:16 -------- d-----w- c:\program files\Bonjour

2012-03-03 09:48 . 2012-03-11 09:51 -------- d-----w- c:\program files\Common Files\Apple

2012-03-03 09:48 . 2012-03-03 09:50 -------- d-----w- c:\programdata\Apple

2012-03-02 13:45 . 2012-03-02 13:45 -------- d-----w- c:\programdata\PopCap Games

2012-03-02 12:44 . 2012-03-11 10:13 -------- d-----w- c:\program files\Plants vs. Zombies 2 Zombatar

2012-02-29 10:09 . 2012-02-29 10:36 -------- d--h--w- c:\users\Matthew\AppData\Roaming\Natural Threat.Ominous Shores

2012-02-29 06:06 . 2012-03-11 10:12 -------- d-----w- c:\program files\Microsoft Synchronization Services

2012-02-29 06:04 . 2012-03-11 10:12 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2012-02-29 06:03 . 2012-03-11 09:56 -------- d-----w- c:\program files\Microsoft Analysis Services

2012-02-29 06:03 . 2012-02-29 06:07 -------- d-----w- c:\windows\SHELLNEW

2012-02-29 06:02 . 2012-03-11 09:49 -------- d-----r- C:\MSOCache

2012-02-27 07:39 . 2012-02-27 07:39 -------- d--h--w- c:\users\Matthew\AppData\Roaming\GameInvest

2012-02-25 11:12 . 2012-03-11 10:05 -------- d-----w- c:\users\Matthew\AppData\Roaming\JoyBits

2012-02-25 11:10 . 2012-03-11 09:54 -------- d-----w- c:\program files\Foxy Games

2012-02-25 11:10 . 2012-02-25 11:10 -------- d-----w- C:\Downloads

2012-02-23 02:44 . 2012-03-13 12:24 -------- d--h--w- c:\users\Matthew\AppData\Local\Htc

2012-02-23 02:43 . 2012-03-11 10:05 -------- d-----w- c:\users\Matthew\AppData\Roaming\HTC

2012-02-23 02:41 . 2012-03-11 10:13 -------- d-----w- c:\program files\Spirent Communications

2012-02-23 02:40 . 2012-03-11 10:12 -------- d-----w- c:\program files\HTC

2012-02-23 02:39 . 2012-02-23 02:39 -------- d-----w- c:\program files\MSXML 4.0

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-13 12:25 . 2012-01-06 08:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-22 22:18 . 2012-01-11 12:19 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-16 07:11 . 2012-01-06 08:25 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-01-31 04:51 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2012-01-31 03:10 . 2012-01-31 03:10 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-01-31 03:10 . 2012-01-31 03:10 161792 ----a-w- c:\windows\system32\msls31.dll

2012-01-31 03:10 . 2012-01-31 03:10 86528 ----a-w- c:\windows\system32\iesysprep.dll

2012-01-31 03:10 . 2012-01-31 03:10 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-01-31 03:10 . 2012-01-31 03:10 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-01-31 03:10 . 2012-01-31 03:10 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-01-31 03:10 . 2012-01-31 03:10 63488 ----a-w- c:\windows\system32\tdc.ocx

2012-01-31 03:10 . 2012-01-31 03:10 367104 ----a-w- c:\windows\system32\html.iec

2012-01-31 03:10 . 2012-01-31 03:10 74752 ----a-w- c:\windows\system32\iesetup.dll

2012-01-31 03:09 . 2012-01-31 03:09 23552 ----a-w- c:\windows\system32\licmgr10.dll

2012-01-31 03:09 . 2012-01-31 03:09 152064 ----a-w- c:\windows\system32\wextract.exe

2012-01-31 03:09 . 2012-01-31 03:09 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-01-31 03:09 . 2012-01-31 03:09 150528 ----a-w- c:\windows\system32\iexpress.exe

2012-01-31 03:09 . 2012-01-31 03:09 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-01-31 03:09 . 2012-01-31 03:09 35840 ----a-w- c:\windows\system32\imgutil.dll

2012-01-31 03:09 . 2012-01-31 03:09 11776 ----a-w- c:\windows\system32\mshta.exe

2012-01-31 03:09 . 2012-01-31 03:09 101888 ----a-w- c:\windows\system32\admparse.dll

2012-01-14 03:35 . 2012-02-14 23:08 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-01-04 21:38 . 2012-01-04 21:38 29480 ----a-w- c:\windows\system32\msxml3a.dll

2012-01-04 21:38 . 2009-03-20 04:38 505128 ----a-w- c:\windows\system32\msvcp71.dll

2012-01-04 21:38 . 2009-03-20 04:38 353576 ----a-w- c:\windows\system32\msvcr71.dll

2012-01-04 08:58 . 2012-02-14 23:08 442880 ----a-w- c:\windows\system32\ntshrui.dll

2011-12-30 05:27 . 2012-02-14 23:08 478720 ----a-w- c:\windows\system32\timedate.cpl

2011-12-23 09:58 . 2012-02-02 04:09 4659712 ----a-w- c:\windows\system32\Redemption.dll

2011-12-23 09:58 . 2011-12-23 09:58 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2011-12-23 09:58 . 2011-12-23 09:58 325552 ----a-w- c:\windows\MASetupCaller.dll

2011-12-23 09:58 . 2011-12-23 09:58 30568 ----a-w- c:\windows\MusiccityDownload.exe

2011-12-23 09:58 . 2011-12-23 09:58 974848 ----a-w- c:\windows\system32\cis-2.4.dll

2011-12-23 09:58 . 2011-12-23 09:58 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll

2011-12-23 09:58 . 2011-12-23 09:58 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll

2011-12-23 09:58 . 2011-12-23 09:58 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll

2011-12-23 09:58 . 2011-12-23 09:58 57344 ----a-w- c:\windows\system32\MK_Lyric.dll

2011-12-23 09:58 . 2011-12-23 09:58 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll

2011-12-23 09:58 . 2011-12-23 09:58 569344 ----a-w- c:\windows\system32\muzdecode.ax

2011-12-23 09:58 . 2011-12-23 09:58 491520 ----a-w- c:\windows\system32\muzapp.dll

2011-12-23 09:58 . 2011-12-23 09:58 49152 ----a-w- c:\windows\system32\MaJGUILib.dll

2011-12-23 09:58 . 2011-12-23 09:58 45056 ----a-w- c:\windows\system32\MaXMLProto.dll

2011-12-23 09:58 . 2011-12-23 09:58 45056 ----a-w- c:\windows\system32\MACXMLProto.dll

2011-12-23 09:58 . 2011-12-23 09:58 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll

2011-12-23 09:58 . 2011-12-23 09:58 40960 ----a-w- c:\windows\system32\MAMACExtract.dll

2011-12-23 09:58 . 2011-12-23 09:58 352256 ----a-w- c:\windows\system32\MSLUR71.dll

2011-12-23 09:58 . 2011-12-23 09:58 258048 ----a-w- c:\windows\system32\muzoggsp.ax

2011-12-23 09:58 . 2011-12-23 09:58 245760 ----a-w- c:\windows\system32\MSCLib.dll

2011-12-23 09:58 . 2011-12-23 09:58 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe

2011-12-23 09:58 . 2011-12-23 09:58 200704 ----a-w- c:\windows\system32\muzwmts.dll

2011-12-23 09:58 . 2011-12-23 09:58 155648 ----a-w- c:\windows\system32\MSFLib.dll

2011-12-23 09:58 . 2011-12-23 09:58 143360 ----a-w- c:\windows\system32\3DAudio.ax

2011-12-23 09:58 . 2011-12-23 09:58 135168 ----a-w- c:\windows\system32\muzaf1.dll

2011-12-23 09:58 . 2011-12-23 09:58 131072 ----a-w- c:\windows\system32\muzmpgsp.ax

2011-12-23 09:58 . 2011-12-23 09:58 122880 ----a-w- c:\windows\system32\muzeffect.ax

2011-12-23 09:58 . 2011-12-23 09:58 118784 ----a-w- c:\windows\system32\MaDRM.dll

2011-12-23 09:58 . 2011-12-23 09:58 110592 ----a-w- c:\windows\system32\muzmp4sp.ax

2011-12-23 09:58 . 2012-02-02 04:08 821824 ----a-w- c:\windows\system32\dgderapi.dll

2012-02-17 07:06 . 2012-01-06 08:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-20_04.50.10 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-11-09 19:04 . 2012-03-20 22:59 47964 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2012-03-20 22:47 66696 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-01-04 04:01 . 2012-03-20 22:47 10516 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2249668314-1619009243-3578254783-1000_UserData.bin

- 2012-01-04 21:24 . 2012-03-20 02:21 81920 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-01-04 21:24 . 2012-03-20 07:08 81920 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-03-20 22:57 . 2012-03-20 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-03-20 03:56 . 2012-03-20 03:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-20 22:57 . 2012-03-20 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-03-20 03:56 . 2012-03-20 03:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-01-04 21:24 . 2012-03-20 02:21 737280 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2012-01-04 21:24 . 2012-03-20 07:08 737280 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:41 . 2012-03-20 07:08 524288 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:41 . 2012-03-20 02:21 524288 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:47 . 2012-03-20 03:50 396980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:47 . 2012-03-20 22:57 396980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-01-06 23:15 . 2012-03-20 22:57 7709324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2249668314-1619009243-3578254783-1000-12288.dat

- 2012-01-06 23:15 . 2012-03-20 03:50 7709324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2249668314-1619009243-3578254783-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 282624]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2567272]

"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-11-01 12:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]

2011-12-20 02:32 634880 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]

2012-02-03 08:50 943504 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]

2012-02-18 01:42 21416 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]

2012-02-03 08:50 3508624 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2011-03-04 01:45 2741616 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]

2011-09-20 03:53 1493288 ----a-w- c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe

.

R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-11-01 51632]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-12-08 80184]

R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-22 23040]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-28 116064]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-12-08 181432]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-08 1343400]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 56496]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 12464]

S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]

S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2011-11-01 34768]

S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-04 11776]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2012-01-21 3025112]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-02 81920]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 176128]

S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-09-23 641832]

S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793048]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 59064639

*NewlyCreated* - ASWMBR

*Deregistered* - 59064639

*Deregistered* - aswMBR

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-03-04 01:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2249668314-1619009243-3578254783-1000Core.job

- c:\users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-13 23:56]

.

2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2249668314-1619009243-3578254783-1000UA.job

- c:\users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-13 23:56]

.

2012-03-11 c:\windows\Tasks\HPCeeScheduleForMatthew.job

- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]

.

2012-03-13 c:\windows\Tasks\RMSchedule.job

- c:\program files\PC Tools\PC Tools Registry Mechanic\RegMech.exe [2012-03-12 00:13]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://friendly-google-search.blogspot.com

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

IE: Upload to Facebook - c:\program files\UploadRabbitforFacebook\iecontext.htm

TCP: DhcpNameServer = 203.12.160.35 203.12.160.36 192.168.1.1

FF - ProfilePath - c:\users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\0llz4515.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-LSI Soft Modem - c:\windows\agrsmdel

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2392)

c:\windows\System32\netshell.dll

c:\windows\System32\srchadmin.dll

c:\windows\System32\QAgent.dll

.

Completion time: 2012-03-21 11:01:45

ComboFix-quarantined-files.txt 2012-03-21 00:01

.

Pre-Run: 119,180,238,848 bytes free

Post-Run: 119,304,790,016 bytes free

.

- - End Of File - - 59E97DA2B58A544FE253AB666C0CCA88

Share this post


Link to post
Share on other sites

seems ok, but malwarebytes still wont work, im guessing its corrupted and i should re-install. but so far so good. i dont like having to make firefox default everytime, but yea

Share this post


Link to post
Share on other sites

Please do the following to see if it resolves the issue: Post back and let us know please


  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Share this post


Link to post
Share on other sites

seems ok, will leave it at that, hopefully I wont have to speak to you again (I mean that in the nicest possible way haha)

thanks!

Matt

Share this post


Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.