Jump to content

texaswilly

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

 Content Type 

Everything posted by texaswilly

  1. texaswilly
    Yes, thank you very much. The Forefront was the older program I was using and I just got Norton. I had not unistalled Forefront until we had this finished to avoid changing settings on you. I will follow all the other recommendations, thank you very much for your help and I soon as I get my next paycheck I will donate to your efforts. This was of incredible help.
  2. texaswilly
    Here they are: Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.09.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Willy :: HOMEOFFICE-PC [administrator] Protection: Disabled 2/10/2012 12:19:39 PM mbam-log-2012-02-10 (12-19-39).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 245972 Time elapsed: 7 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) C:\TDSSKiller_Quarantine\04.02.2012_10.48.45\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan C:\TDSSKiller_Quarantine\04.02.2012_10.48.45\mbr0000\tdlfs0000\tsk0005.dta Win32/Olmarik.AWO trojan C:\TDSSKiller_Quarantine\08.02.2012_18.34.41\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan C:\TDSSKiller_Quarantine\08.02.2012_18.34.41\tdlfs0000\tsk0005.dta Win32/Olmarik.AWO trojan M:\Willy Files\Install Programs\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application M:\Willy Files\My Downloads\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Willy at 12:14:03 on 2012-02-10 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1324 [GMT -6:00] . AV: Microsoft Forefront Client Security *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Microsoft Forefront Client Security *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\PSIService.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Windows\Explorer.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskeng.exe C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Windows\system32\DllHost.exe C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Windows\ehome\ehtray.exe C:\Program Files\PTC\WindchillSharePointProducts\ClientManager\ProductPointService.exe C:\Users\Willy\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\WUDFHost.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\taskeng.exe C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Logitech\Vid HD\Vid.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll uURLSearchHooks: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\smilebox_en\prxtbSmil.dll mURLSearchHooks: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\smilebox_en\prxtbSmil.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\smilebox_en\prxtbSmil.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll TB: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\smilebox_en\prxtbSmil.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode uRun: [Eye-Fi] "c:\program files\eye-fi\helper\EyeFiHelper.exe" uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WifiMediaSync] c:\program files\ccapps\wifi media backup\Wifi Media Backup.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe mRun: [startCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe mRun: [stxTrayMenu] c:\program files\seagate\systemtray\freeagentlauncher.exe c:\program files\seagate\systemtray\StxMenuMgr.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Microsoft Forefront Client Security Antimalware Service] "c:\program files\microsoft forefront\client security\client\antimalware\MSASCui.exe" -hide mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe mRun: [uVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe" mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [ArcSoft MediaImpression Monitor] c:\program files\kodak\mediaimpression\ArcMonitor.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\users\willy\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\willy\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\willy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\windch~1.lnk - c:\windows\installer\{129024ff-a6c9-4696-91bc-570c6c05193a}\_F5BCEE176F60B4DABC6DF8.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: intuit.com\ttlc DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1 TCP: Interfaces\{980025DD-A381-4517-8823-EF080FA4120A} : DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\users\willy\appdata\roaming\mozilla\firefox\profiles\dk6nrk6u.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\common files\wolfram research\browser\8.0.1.2063897\npmathplugin.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\willy\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\users\willy\appdata\roaming\mozilla\firefox\profiles\dk6nrk6u.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll FF - plugin: c:\users\willy\appdata\roaming\mozilla\firefox\profiles\dk6nrk6u.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\users\willy\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll FF - plugin: c:\users\willy\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\willy\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-2-8 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-2-8 744568] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120207.003\BHDrvx86.sys [2012-2-7 820344] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120209.002\IDSvix86.sys [2012-2-9 368248] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-2-8 136312] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048] R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\microsoft forefront\client security\client\ssa\FcsSas.exe [2007-4-6 73120] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-5-17 21504] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-3 652360] R2 N360;Norton 360;c:\program files\norton 360\engine\5.2.0.13\ccsvchst.exe [2012-2-8 130008] R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2009-9-17 369952] R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\common files\safenet sentinel\sentinel security runtime\sntlsrtsrvr.exe [2009-9-17 292128] R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-5-15 5120] R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 450848] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-3 20464] R3 N5SG;Airlink101 SuperG Wireless Network Adapter Service;c:\windows\system32\drivers\N5SG.sys [2006-11-3 467040] R3 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2012-2-8 331384] R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648] R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\microsoft forefront\client security\client\antimalware\MsMpEng.exe [2011-1-8 16896] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 136176] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-11-10 19456] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 136176] S3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-8-24 71296] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files\sony\sound organizer\sony.earth\PACSPTISVR.exe [2010-11-19 157024] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-02-10 12:58:23 -------- d-----w- c:\program files\ESET 2012-02-10 01:00:32 -------- d-----w- c:\programdata\Protexis 2012-02-10 00:52:14 -------- d-----w- c:\users\willy\appdata\local\WinZip 2012-02-10 00:33:28 -------- d-----w- c:\users\willy\appdata\roaming\proDAD 2012-02-10 00:33:23 -------- d-----w- c:\programdata\proDAD 2012-02-10 00:33:23 -------- d-----w- c:\program files\proDAD 2012-02-10 00:32:16 69632 ----a-w- c:\windows\system32\MtxPreview.dll 2012-02-10 00:32:16 49152 ----a-w- c:\windows\system32\MtxParhBFXPreview.dll 2012-02-10 00:32:16 49152 ----a-w- c:\windows\system32\CvoAPI.dll 2012-02-10 00:32:16 45056 ----a-w- c:\windows\system32\BFXSrcFilter.ax 2012-02-10 00:32:16 237568 ----a-r- c:\windows\system32\qtmlClient.dll 2012-02-10 00:31:22 -------- d-----w- c:\program files\Boris FX, Inc 2012-02-10 00:31:15 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll 2012-02-10 00:31:15 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe 2012-02-10 00:31:15 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll 2012-02-10 00:31:15 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll 2012-02-10 00:31:11 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll 2012-02-10 00:31:09 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll 2012-02-10 00:31:08 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll 2012-02-10 00:30:15 -------- d-----w- c:\programdata\eSellerate 2012-02-10 00:05:48 -------- d-----w- c:\users\willy\appdata\local\Corel PaintShop Pro 2012-02-10 00:04:42 -------- d-----w- c:\program files\common files\Protexis 2012-02-09 03:16:22 744568 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symefa.sys 2012-02-09 03:16:22 340088 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symds.sys 2012-02-09 03:16:22 331384 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys 2012-02-09 03:16:22 299640 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symnets.sys 2012-02-09 03:16:21 516216 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtsp.sys 2012-02-09 03:16:21 50168 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtspx.sys 2012-02-09 03:16:21 136312 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys 2012-02-09 03:16:07 -------- d-----w- c:\windows\system32\drivers\n360\0502000.00D 2012-02-09 01:33:39 331384 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys 2012-02-09 01:33:39 296568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys 2012-02-09 01:33:38 744568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symefa.sys 2012-02-09 01:33:38 516216 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys 2012-02-09 01:33:38 50168 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys 2012-02-09 01:33:38 340088 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symds.sys 2012-02-09 01:33:38 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys 2012-02-09 01:33:22 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D 2012-02-09 01:24:45 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-02-09 01:24:38 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-02-09 01:24:38 -------- d-----w- c:\program files\Symantec 2012-02-09 01:23:35 -------- d-----w- c:\windows\system32\drivers\N360 2012-02-09 01:23:33 -------- d-----w- c:\program files\Norton 360 2012-02-09 01:23:32 -------- d-----w- c:\programdata\Norton 2012-02-09 01:05:33 -------- d-sh--w- C:\$RECYCLE.BIN 2012-02-09 01:05:13 -------- d-----w- c:\users\willy\appdata\local\temp 2012-02-08 14:52:29 98816 ----a-w- c:\windows\sed.exe 2012-02-08 14:52:29 518144 ----a-w- c:\windows\SWREG.exe 2012-02-08 14:52:29 256000 ----a-w- c:\windows\PEV.exe 2012-02-08 14:52:29 208896 ----a-w- c:\windows\MBR.exe 2012-02-08 14:22:23 6557240 ----a-w- c:\programdata\microsoft\microsoft forefront\client security\client\antimalware\definition updates\{df622446-0653-46db-bf0d-cbb7518fa040}\mpengine.dll 2012-02-06 04:34:12 -------- d-----w- c:\windows\CheckSur 2012-02-05 04:29:50 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-02-05 04:29:49 72704 ----a-w- c:\windows\system32\secur32.dll 2012-02-05 04:29:49 278528 ----a-w- c:\windows\system32\schannel.dll 2012-02-05 04:29:48 9728 ----a-w- c:\windows\system32\lsass.exe 2012-02-05 04:29:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-02-05 04:29:48 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-02-05 04:17:22 -------- d-----w- c:\programdata\NortonInstaller 2012-02-05 04:17:22 -------- d-----w- c:\program files\NortonInstaller 2012-02-05 03:30:13 -------- d-----w- c:\users\willy\appdata\roaming\my_app_files 2012-02-05 03:30:08 -------- d-----w- c:\users\willy\appdata\roaming\BirthdayAdventure 2012-02-05 03:23:08 -------- d-----w- c:\program files\Dora's Big Birthday Adventure 2012-02-04 16:50:38 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-03 22:59:16 -------- d-----w- c:\users\willy\appdata\roaming\Malwarebytes 2012-02-03 22:58:55 -------- d-----w- c:\programdata\Malwarebytes 2012-02-03 22:58:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-03 22:58:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-03 02:57:55 -------- d-----w- c:\windows\Microsoft Antimalware 2012-02-03 02:57:49 -------- d-----w- c:\windows\Windows Defender Offline 2012-01-22 18:25:23 -------- d-----w- c:\program files\iPod 2012-01-16 04:24:11 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll 2012-01-16 04:24:11 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll 2012-01-16 04:24:11 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll 2012-01-16 04:24:10 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll . ==================== Find3M ==================== . 2012-02-10 03:27:54 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys 2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe 2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 20:23:34 1205064 ----a-w- c:\windows\system32\ntdll.dll 2011-11-18 17:47:03 66560 ----a-w- c:\windows\system32\packager.dll 2011-11-18 03:31:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 12:15:03.01 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 5/15/2009 12:45:24 AM System Uptime: 2/8/2012 7:35:47 PM (41 hours ago) . Motherboard: Dell Inc. | | 0TP406 Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | CPU | 2394/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 932 GiB total, 629.741 GiB free. D: is CDROM () E: is CDROM () G: is Removable H: is CDROM () I: is Removable J: is Removable K: is Removable L: is FIXED (NTFS) - 699 GiB total, 352.605 GiB free. M: is FIXED (NTFS) - 1397 GiB total, 1214.595 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21} Description: Microsoft Windows SideShow Development Hardware Device ID: USB\VID_BEEF&PID_0006\AAAAAAAAAAAAAAAAAAAA Manufacturer: Microsoft Name: XPS MiniView PNP Device ID: USB\VID_BEEF&PID_0006\AAAAAAAAAAAAAAAAAAAA Service: WUDFRd . Class GUID: Description: BT Mini-Receiver Device ID: USB\VID_413C&PID_8130\00197EE67D86 Manufacturer: Name: BT Mini-Receiver PNP Device ID: USB\VID_413C&PID_8130\00197EE67D86 Service: . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA . ==== System Restore Points =================== . RP2460: 1/22/2012 3:06:41 PM - Scheduled Checkpoint RP2461: 1/22/2012 7:52:34 PM - Windows Update RP2462: 1/23/2012 7:52:30 AM - Windows Update RP2463: 1/23/2012 7:09:15 PM - Windows Update RP2465: 1/23/2012 7:21:44 PM - Microsoft Forefront Client Security Checkpoint RP2467: 1/23/2012 7:52:38 PM - Microsoft Forefront Client Security Checkpoint RP2468: 1/24/2012 7:54:49 AM - Windows Update RP2469: 1/24/2012 7:56:59 AM - Windows Update RP2470: 1/24/2012 7:55:10 PM - Windows Update RP2471: 1/25/2012 7:54:37 AM - Windows Update RP2472: 1/25/2012 10:28:10 AM - Windows Update RP2473: 1/25/2012 7:54:57 PM - Windows Update RP2474: 1/26/2012 6:58:32 AM - Windows Update RP2475: 1/26/2012 7:54:35 AM - Windows Update RP2476: 1/26/2012 7:54:38 PM - Windows Update RP2477: 1/27/2012 1:57:31 AM - Windows Update RP2479: 1/27/2012 7:14:23 AM - Microsoft Forefront Client Security Checkpoint RP2480: 1/27/2012 7:54:29 AM - Windows Update RP2481: 1/27/2012 7:54:23 PM - Windows Update RP2482: 1/28/2012 7:54:54 AM - Windows Update RP2483: 1/28/2012 4:45:07 PM - Windows Update RP2535: 1/31/2012 11:11:37 PM - Restore Operation RP2541: 2/1/2012 6:55:13 AM - Restore Operation RP2562: 2/4/2012 12:06:41 PM - Scheduled Checkpoint RP2563: 2/4/2012 7:47:44 PM - Windows Update RP2564: 2/4/2012 9:22:41 PM - Installed Dora's Big Birthday Adventure. RP2565: 2/4/2012 10:27:56 PM - Windows Update RP2566: 2/4/2012 11:23:19 PM - Windows Update RP2567: 2/5/2012 7:50:37 AM - Windows Update RP2568: 2/5/2012 5:23:34 PM - Windows Update RP2569: 2/5/2012 10:33:31 PM - Windows Update RP2570: 2/6/2012 7:55:11 AM - Windows Update RP2571: 2/6/2012 8:11:15 AM - Windows Update RP2572: 2/6/2012 8:24:50 PM - Windows Update RP2573: 2/7/2012 8:20:41 AM - Windows Update RP2574: 2/7/2012 8:20:53 PM - Windows Update RP2575: 2/8/2012 8:20:54 AM - Windows Update RP2576: 2/8/2012 11:56:41 PM - Scheduled Checkpoint RP2578: 2/9/2012 6:00:41 PM - Installed DirectX RP2580: 2/9/2012 6:15:49 PM - Installed DirectX RP2582: 2/9/2012 6:28:48 PM - Installed SmartSound Common Data RP2584: 2/9/2012 6:29:53 PM - Installed SmartSound Quicktracks 5 RP2585: 2/9/2012 6:50:49 PM - Installed WinZip 15.5 . ==== Installed Programs ====================== . . 'PTC Places' Namespace Shell Extension Update for Microsoft Office 2007 (KB2508958) 2007 Microsoft Office Suite Service Pack 2 (SP2) ABBYY FineReader 9.0 Sprint Adobe Acrobat X Pro Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Common File Installer Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Help Viewer CS3 Adobe Media Player Adobe PDF Library Files Adobe Photoshop 6.0 Adobe Photoshop Elements 6.0 Adobe Premiere Elements 4.0 Adobe Premiere Elements 4.0 Templates Adobe Reader X (10.0.1) Adobe Setup Adobe Shockwave Player 11.6 Adobe Soundbooth CS3 Adobe Soundbooth CS3 Codecs Adobe Soundbooth CS3 Scores Adobe SVG Viewer Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe XMP DVA Panels CS3 Adobe XMP Panels CS3 ALGOR 23.00 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft MediaImpression for Kodak ATI Catalyst Install Manager Audacity 1.3.12 (Unicode) BlackBerry Desktop Software 6.1 Bonjour Boris Graffiti for Corel CameraHelperMsi Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista CAXA Common Component-Info CAXA Print Tool CAXADraft Library for IronCAD Design Collaboration Suite 2011 ccc-core-static ccc-utility CCC Help English CCleaner Cisco Systems VPN Client 5.0.07.0290 Common Contents ConvertHelper 2.2 Corel MediaOne Corel Paint Shop Pro Photo X2 Corel Painter X Corel PaintShop Pro X4 Corel PaintShop Pro X4 Ultimate Bonus Pack Corel VideoStudio 12 Corel VideoStudio Pro X4 Ultimate Coupon Printer for Windows D3DX10 Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Resource CD DeviceIO DivX Converter DivX Plus DirectShow Filters DivX Setup DivX Version Checker Dora's Big Birthday Adventure Dropbox DVDFab HD Decrypter 4.0.5.0 Easy DVD Rip Epson CreativeZone Epson Easy Photo Print 2 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup Epson Event Manager Epson FAX Utility Epson PC-FAX Driver Epson Print CD EPSON Printer Software EPSON Scan EPSON WorkForce 520 Series Printer Uninstall EpsonNet Print EpsonNet Setup 3.2 erLT ESET Online Scanner v3 Eusing Free Registry Cleaner Eye-Fi Center 3.4 FFmpeg for Audacity on Windows FileZilla Client 3.5.1 Fine Woodworking Archive Fisher-Price iXL - Disney Princess Fisher-Price iXL - Toy Story Fisher-Price iXL Computer Software Free Convert MOV AVI to FLV Flash WMV Converter 5.8 FreeAgent Pro Tools GEO5 for Redi GEO5 for Redi - Redi Rock Wall getPlus® for Adobe Google Calendar Sync Google Chrome Google Earth Google SketchUp Pro 7 Google Talk Plugin Google Update Helper HandBrake 0.9.5 Hauppauge MCE XP/Vista Software Encoder (2.0.26057) Hauppauge WinTV Hauppauge WinTV Scheduler Hauppauge WinTV Soft PVR Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP My Display ICA iCloud Intel® PRO Network Connections Drivers Interactive Mechanics of Materials Tutorial InterVideo DeviceService InterVideo FilterSDK for Hauppauge InterVideo WinDVD 8 iPhone Configuration Utility IPM_PSP_COM IPM_VS_Pro IronCAD 11 IRONCAD 11 Product Update 1 Hotfix 1 IronCAD Design Collaboration Suite 2011 ISCOM iSEEK AnswerWorks English Runtime iTunes Java 6 Update 26 Junk Mail filter update K-Lite Codec Pack 4.0.0 (Full) LAME v3.98.2 for Audacity LeapFrog Connect LeapFrog Tag Plugin LightScribe Applications LightScribe System Software LightScribe Template Labeler Logitech QuickCam Driver Package Logitech Unifying Software 2.00 Logitech Vid HD Logitech Webcam Software LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS VideoEffects LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware version 1.60.1.1000 Mathcad 15 F000 Mathematica Extras 8.0 (2063897) Memorex exPressit Label Design Studio Mesh Runtime Messenger Companion Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Forefront Client Security Antimalware Service Microsoft Forefront Client Security State Assessment Service Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Live Add-in 1.5 Microsoft Office Live Meeting 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Project MUI (English) 2010 Microsoft Office Project Professional 2010 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2007 Microsoft Project 2010 Service Pack 1 (SP1) Microsoft Project Professional 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MobileMe Control Panel Mozilla Firefox 9.0.1 (x86 en-US) Mozilla Thunderbird 9.0.1 (x86 en-US) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NCMA Masonry Design Software NOOKstudy Norton 360 OGA Notifier 2.0.0048.0 OrangeWare USB2.0 Driver Picasa 3 Pivot Software proDAD Mercalli 2.0 PSPPContent PSPPHelp PureHD QuickTime RealPlayer Roxio Activation Module Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator Premier Roxio Creator Tools Roxio EasyArchive Roxio Express Labeler Roxio MyDVD Premier Roxio Update Manager SDK Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Groove 2007 (KB2552997) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Encoder (KB979332) Segoe UI Sentinel Protection Installer 7.6.1 Setup Share Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) Skins Skype Click to Call Skype™ 5.6 SmartSound Common Data SmartSound Quicktracks 5 SmartSound Quicktracks Plugin Smilebox SmileBox EN Toolbar Sonic CinePlayer Decoder Pack Sound Organizer StuffIt 11 swMSM The Weather Channel Toolbar TurboCAD Professional 15 TURBOFloorPlan3D Home & Landscape PRO TurboTax 2009 TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wrapper TurboTax 2010 TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper Ulead VideoStudio 11 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) VC80CRTRedist - 8.0.50727.4053 VideoStudio VIO VSClassic VSUltimate WebEx Wifi Media Backup Windchill ProductPoint Client Manager Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series Windows Media Player Firefox Plugin WinZip 15.5 Wolfram Mathematica 8 (M-WIN-L 8.0.1 2063990) Xilisoft Video Converter 3 XviD & MP3 Codec Pack (remove only) Xvid Video Codec Yahoo! Messenger Yahoo! Toolbar ZENcast Organizer Zinio Reader Zinio Reader 4 . ==== Event Viewer Messages From Past Week ======== . 2/8/2012 8:55:32 AM, Error: Service Control Manager [7034] - The Portrait Displays Display Tune Service service terminated unexpectedly. It has done this 1 time(s). 2/8/2012 8:34:06 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 2/8/2012 8:34:06 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/8/2012 8:28:58 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control. 2/8/2012 7:43:43 PM, Error: FcsSas [10006] - Forefront Client Security State Assessment Service policy applied with errors. Reverted to the following settings: Schedule Type: Interval Time: 12 Parameter: 2/8/2012 7:39:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: OMCI 2/8/2012 7:39:06 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified. 2/8/2012 6:53:32 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 2/6/2012 9:22:23 AM, Error: EventLog [6008] - The previous system shutdown at 9:18:35 AM on 2/6/2012 was unexpected. 2/4/2012 2:18:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 2/4/2012 2:18:19 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/4/2012 2:18:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 2/4/2012 10:53:58 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 2/4/2012 10:53:58 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23). 2/4/2012 10:29:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows Vista (KB2585542). 2/4/2012 10:28:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2585542 (Security Update) into Resolving(Resolving) state 2/4/2012 10:28:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2585542 (Security Update) into Absent(Absent) state 2/4/2012 10:28:16 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2585542-8_neutral_GDR from package KB2585542(Security Update) into Resolving(Resolving) state 2/4/2012 10:28:16 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2585542-7_neutral_LDR from package KB2585542(Security Update) into Resolving(Resolving) state 2/4/2012 10:28:16 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2585542-6_neutral_LDR from package KB2585542(Security Update) into Resolving(Resolving) state 2/4/2012 10:28:16 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2585542-5_neutral_GDR from package KB2585542(Security Update) into Resolving(Resolving) state 2/4/2012 10:28:16 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2585542-4_neutral_LDR from package KB2585542(Security Update) into Resolving(Resolving) state 2/4/2012 10:28:16 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2585542-3_neutral_GDR from package KB2585542(Security Update) into Resolving(Resolving) state 2/4/2012 10:28:16 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2585542-2_neutral_LDR from package KB2585542(Security Update) into Resolving(Resolving) state 2/4/2012 10:28:16 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2585542-1_neutral_LDR from package KB2585542(Security Update) into Resolving(Resolving) state 2/3/2012 8:16:36 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 2/3/2012 8:16:36 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running. 2/3/2012 8:13:39 PM, Error: Service Control Manager [7034] - The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s). 2/3/2012 8:13:39 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 2/3/2012 8:13:39 PM, Error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 2/3/2012 8:13:39 PM, Error: Service Control Manager [7031] - The WebClient service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 2/3/2012 8:13:39 PM, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 2/3/2012 8:13:39 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 2/3/2012 8:13:39 PM, Error: Service Control Manager [7031] - The Secure Socket Tunneling Protocol Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 2/3/2012 8:13:39 PM, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 2/3/2012 8:13:39 PM, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 2/3/2012 8:13:39 PM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 2/3/2012 8:13:39 PM, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 2/3/2012 7:36:11 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control. 2/3/2012 7:35:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service. 2/3/2012 7:34:35 PM, Error: EventLog [6008] - The previous system shutdown at 7:31:31 PM on 2/3/2012 was unexpected. 2/3/2012 7:04:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect. 2/3/2012 7:04:24 AM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/3/2012 4:57:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 OMCI spldr Wanarpv6 2/3/2012 4:57:58 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 2/3/2012 4:57:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 2/3/2012 4:57:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 2/3/2012 4:57:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 2/3/2012 4:57:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 2/3/2012 4:56:44 PM, Error: EventLog [6008] - The previous system shutdown at 4:54:02 PM on 2/3/2012 was unexpected. 2/10/2012 11:49:52 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer RAMIREZNB2 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{980025DD-A381-4517-8823-EF080FA. The master browser is stopping or an election is being forced. . ==== End Of File ===========================
  3. texaswilly
    It seems to be running normal after the last steps. The logs are below this paragraph as requested. I have a question, I noticed that you went after the "Ask" toolbar and directory, is Ask.com a bad website or was it just a conincidence that the files there had to be removed? 18:34:41.0369 4704 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46 18:34:41.0739 4704 ============================================================ 18:34:41.0739 4704 Current date / time: 2012/02/08 18:34:41.0739 18:34:41.0739 4704 SystemInfo: 18:34:41.0739 4704 18:34:41.0739 4704 OS Version: 6.0.6002 ServicePack: 2.0 18:34:41.0739 4704 Product type: Workstation 18:34:41.0740 4704 ComputerName: HOMEOFFICE-PC 18:34:41.0740 4704 UserName: Willy 18:34:41.0740 4704 Windows directory: C:\Windows 18:34:41.0740 4704 System windows directory: C:\Windows 18:34:41.0740 4704 Processor architecture: Intel x86 18:34:41.0740 4704 Number of processors: 4 18:34:41.0740 4704 Page size: 0x1000 18:34:41.0740 4704 Boot type: Normal boot 18:34:41.0740 4704 ============================================================ 18:34:42.0687 4704 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 18:34:42.0725 4704 Drive \Device\Harddisk5\DR5 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 18:34:52.0767 4704 Drive \Device\Harddisk6\DR6 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 18:35:01.0941 4704 \Device\Harddisk0\DR0: 18:35:01.0941 4704 MBR used 18:35:01.0941 4704 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800 18:35:01.0941 4704 \Device\Harddisk5\DR5: 18:35:01.0941 4704 MBR used 18:35:01.0942 4704 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000 18:35:01.0942 4704 \Device\Harddisk6\DR6: 18:35:01.0942 4704 MBR used 18:35:01.0942 4704 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2 18:35:02.0409 4704 Initialize success 18:35:02.0409 4704 ============================================================ 18:35:10.0931 6136 ============================================================ 18:35:10.0932 6136 Scan started 18:35:10.0932 6136 Mode: Manual; SigCheck; TDLFS; 18:35:10.0932 6136 ============================================================ 18:35:12.0221 6136 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys 18:35:12.0434 6136 61883 - ok 18:35:12.0507 6136 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 18:35:12.0521 6136 ACPI - ok 18:35:12.0557 6136 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 18:35:12.0572 6136 adp94xx - ok 18:35:12.0603 6136 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 18:35:12.0614 6136 adpahci - ok 18:35:12.0633 6136 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 18:35:12.0641 6136 adpu160m - ok 18:35:12.0661 6136 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 18:35:12.0671 6136 adpu320 - ok 18:35:12.0699 6136 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys 18:35:12.0751 6136 Afc - ok 18:35:12.0823 6136 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 18:35:12.0870 6136 AFD - ok 18:35:12.0896 6136 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 18:35:12.0903 6136 agp440 - ok 18:35:12.0920 6136 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 18:35:12.0929 6136 aic78xx - ok 18:35:12.0965 6136 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys 18:35:12.0973 6136 aliide - ok 18:35:12.0993 6136 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 18:35:13.0001 6136 amdagp - ok 18:35:13.0016 6136 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys 18:35:13.0023 6136 amdide - ok 18:35:13.0037 6136 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 18:35:13.0186 6136 AmdK7 - ok 18:35:13.0228 6136 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 18:35:13.0280 6136 AmdK8 - ok 18:35:13.0338 6136 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 18:35:13.0347 6136 arc - ok 18:35:13.0370 6136 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 18:35:13.0378 6136 arcsas - ok 18:35:13.0516 6136 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys 18:35:13.0536 6136 ASPI32 ( UnsignedFile.Multi.Generic ) - warning 18:35:13.0536 6136 ASPI32 - detected UnsignedFile.Multi.Generic (1) 18:35:13.0564 6136 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 18:35:13.0584 6136 AsyncMac - ok 18:35:13.0623 6136 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 18:35:13.0632 6136 atapi - ok 18:35:13.0694 6136 atikmdag (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys 18:35:13.0869 6136 atikmdag - ok 18:35:13.0890 6136 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys 18:35:13.0930 6136 Avc - ok 18:35:13.0961 6136 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 18:35:13.0983 6136 Beep - ok 18:35:13.0992 6136 blbdrive - ok 18:35:14.0036 6136 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 18:35:14.0090 6136 bowser - ok 18:35:14.0108 6136 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 18:35:14.0158 6136 BrFiltLo - ok 18:35:14.0191 6136 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 18:35:14.0227 6136 BrFiltUp - ok 18:35:14.0260 6136 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 18:35:14.0297 6136 Brserid - ok 18:35:14.0313 6136 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 18:35:14.0367 6136 BrSerWdm - ok 18:35:14.0396 6136 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 18:35:14.0451 6136 BrUsbMdm - ok 18:35:14.0474 6136 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 18:35:14.0526 6136 BrUsbSer - ok 18:35:14.0555 6136 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 18:35:14.0607 6136 BTHMODEM - ok 18:35:14.0712 6136 catchme - ok 18:35:14.0733 6136 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 18:35:14.0775 6136 cdfs - ok 18:35:14.0837 6136 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 18:35:14.0854 6136 cdrom - ok 18:35:14.0870 6136 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 18:35:14.0906 6136 circlass - ok 18:35:14.0951 6136 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 18:35:14.0964 6136 CLFS - ok 18:35:15.0026 6136 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys 18:35:15.0034 6136 cmdide - ok 18:35:15.0051 6136 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 18:35:15.0058 6136 Compbatt - ok 18:35:15.0078 6136 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 18:35:15.0086 6136 crcdisk - ok 18:35:15.0105 6136 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 18:35:15.0164 6136 Crusoe - ok 18:35:15.0201 6136 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys 18:35:15.0235 6136 CVirtA - ok 18:35:15.0314 6136 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys 18:35:15.0349 6136 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning 18:35:15.0349 6136 CVPNDRVA - detected UnsignedFile.Multi.Generic (1) 18:35:15.0356 6136 dbhjcjpf - ok 18:35:15.0434 6136 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 18:35:15.0496 6136 DfsC - ok 18:35:15.0542 6136 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys 18:35:15.0579 6136 DgiVecp ( UnsignedFile.Multi.Generic ) - warning 18:35:15.0579 6136 DgiVecp - detected UnsignedFile.Multi.Generic (1) 18:35:15.0610 6136 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 18:35:15.0619 6136 disk - ok 18:35:15.0656 6136 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys 18:35:15.0664 6136 DNE - ok 18:35:15.0736 6136 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 18:35:15.0786 6136 drmkaud - ok 18:35:15.0860 6136 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 18:35:15.0884 6136 DXGKrnl - ok 18:35:15.0956 6136 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys 18:35:15.0965 6136 e1express - ok 18:35:15.0997 6136 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 18:35:16.0055 6136 E1G60 - ok 18:35:16.0076 6136 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 18:35:16.0086 6136 Ecache - ok 18:35:16.0116 6136 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 18:35:16.0127 6136 elxstor - ok 18:35:16.0186 6136 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 18:35:16.0265 6136 exfat - ok 18:35:16.0289 6136 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 18:35:16.0342 6136 fastfat - ok 18:35:16.0381 6136 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 18:35:16.0436 6136 fdc - ok 18:35:16.0470 6136 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 18:35:16.0479 6136 FileInfo - ok 18:35:16.0501 6136 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 18:35:16.0521 6136 Filetrace - ok 18:35:16.0538 6136 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 18:35:16.0574 6136 flpydisk - ok 18:35:16.0592 6136 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 18:35:16.0603 6136 FltMgr - ok 18:35:16.0649 6136 FlyUsb (85e5ad3a9d56fd6f92db5fc9ca62e2e4) C:\Windows\system32\DRIVERS\FlyUsb.sys 18:35:16.0692 6136 FlyUsb - ok 18:35:16.0754 6136 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys 18:35:16.0762 6136 fssfltr - ok 18:35:16.0804 6136 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 18:35:16.0820 6136 Fs_Rec - ok 18:35:16.0841 6136 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 18:35:16.0849 6136 gagp30kx - ok 18:35:16.0872 6136 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 18:35:16.0878 6136 GEARAspiWDM - ok 18:35:16.0955 6136 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 18:35:17.0012 6136 HdAudAddService - ok 18:35:17.0055 6136 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 18:35:17.0121 6136 HDAudBus - ok 18:35:17.0147 6136 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 18:35:17.0184 6136 HidBth - ok 18:35:17.0206 6136 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 18:35:17.0277 6136 HidIr - ok 18:35:17.0318 6136 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 18:35:17.0335 6136 HidUsb - ok 18:35:17.0360 6136 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 18:35:17.0368 6136 HpCISSs - ok 18:35:17.0403 6136 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 18:35:17.0492 6136 HTTP - ok 18:35:17.0518 6136 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 18:35:17.0526 6136 i2omp - ok 18:35:17.0554 6136 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 18:35:17.0571 6136 i8042prt - ok 18:35:17.0596 6136 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 18:35:17.0606 6136 iaStorV - ok 18:35:17.0625 6136 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 18:35:17.0633 6136 iirsp - ok 18:35:17.0666 6136 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys 18:35:17.0674 6136 intelide - ok 18:35:17.0700 6136 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 18:35:17.0755 6136 intelppm - ok 18:35:17.0796 6136 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:35:17.0848 6136 IpFilterDriver - ok 18:35:17.0860 6136 IpInIp - ok 18:35:17.0895 6136 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 18:35:17.0965 6136 IPMIDRV - ok 18:35:17.0995 6136 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 18:35:18.0017 6136 IPNAT - ok 18:35:18.0044 6136 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 18:35:18.0065 6136 IRENUM - ok 18:35:18.0082 6136 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 18:35:18.0090 6136 isapnp - ok 18:35:18.0122 6136 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 18:35:18.0134 6136 iScsiPrt - ok 18:35:18.0145 6136 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 18:35:18.0153 6136 iteatapi - ok 18:35:18.0192 6136 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 18:35:18.0200 6136 iteraid - ok 18:35:18.0219 6136 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 18:35:18.0228 6136 kbdclass - ok 18:35:18.0264 6136 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 18:35:18.0316 6136 kbdhid - ok 18:35:18.0365 6136 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 18:35:18.0382 6136 KSecDD - ok 18:35:18.0458 6136 LHidFilt (8b30311241f97b35167afe68d79e8530) C:\Windows\system32\DRIVERS\LHidFilt.Sys 18:35:18.0465 6136 LHidFilt - ok 18:35:18.0511 6136 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 18:35:18.0549 6136 lltdio - ok 18:35:18.0577 6136 LMouFilt (48d7422a6c4eec886b56ac534cfa3acf) C:\Windows\system32\DRIVERS\LMouFilt.Sys 18:35:18.0583 6136 LMouFilt - ok 18:35:18.0600 6136 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 18:35:18.0609 6136 LSI_FC - ok 18:35:18.0623 6136 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 18:35:18.0631 6136 LSI_SAS - ok 18:35:18.0652 6136 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 18:35:18.0661 6136 LSI_SCSI - ok 18:35:18.0686 6136 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 18:35:18.0723 6136 luafv - ok 18:35:18.0751 6136 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\Drivers\LVPr2Mon.sys 18:35:18.0758 6136 LVPr2Mon - ok 18:35:18.0810 6136 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys 18:35:18.0824 6136 LVRS - ok 18:35:18.0878 6136 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\Windows\system32\drivers\LVUSBSta.sys 18:35:18.0885 6136 LVUSBSta - ok 18:35:18.0965 6136 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys 18:35:19.0073 6136 LVUVC - ok 18:35:19.0113 6136 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys 18:35:19.0120 6136 MBAMProtector - ok 18:35:19.0142 6136 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 18:35:19.0150 6136 megasas - ok 18:35:19.0194 6136 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 18:35:19.0236 6136 Modem - ok 18:35:19.0277 6136 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 18:35:19.0321 6136 monitor - ok 18:35:19.0362 6136 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 18:35:19.0371 6136 mouclass - ok 18:35:19.0384 6136 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 18:35:19.0404 6136 mouhid - ok 18:35:19.0431 6136 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 18:35:19.0440 6136 MountMgr - ok 18:35:19.0486 6136 MpFilter (356842aac621ab40f18992c01a590f71) C:\Windows\system32\DRIVERS\MpFilter.sys 18:35:19.0494 6136 MpFilter - ok 18:35:19.0530 6136 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 18:35:19.0540 6136 mpio - ok 18:35:19.0561 6136 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 18:35:19.0578 6136 mpsdrv - ok 18:35:19.0615 6136 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 18:35:19.0623 6136 Mraid35x - ok 18:35:19.0670 6136 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 18:35:19.0715 6136 MRxDAV - ok 18:35:19.0740 6136 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 18:35:19.0802 6136 mrxsmb - ok 18:35:19.0852 6136 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:35:19.0865 6136 mrxsmb10 - ok 18:35:19.0873 6136 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:35:19.0918 6136 mrxsmb20 - ok 18:35:19.0987 6136 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys 18:35:19.0995 6136 msahci - ok 18:35:20.0017 6136 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 18:35:20.0026 6136 msdsm - ok 18:35:20.0067 6136 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys 18:35:20.0123 6136 MSDV - ok 18:35:20.0163 6136 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 18:35:20.0184 6136 Msfs - ok 18:35:20.0216 6136 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 18:35:20.0224 6136 msisadrv - ok 18:35:20.0243 6136 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 18:35:20.0297 6136 MSKSSRV - ok 18:35:20.0320 6136 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 18:35:20.0341 6136 MSPCLOCK - ok 18:35:20.0359 6136 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 18:35:20.0381 6136 MSPQM - ok 18:35:20.0405 6136 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 18:35:20.0417 6136 MsRPC - ok 18:35:20.0458 6136 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 18:35:20.0466 6136 mssmbios - ok 18:35:20.0482 6136 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 18:35:20.0524 6136 MSTEE - ok 18:35:20.0544 6136 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 18:35:20.0554 6136 Mup - ok 18:35:20.0603 6136 N5SG (77dad453144952e7cec56ac6e2061fd7) C:\Windows\system32\DRIVERS\N5SG.sys 18:35:20.0643 6136 N5SG ( UnsignedFile.Multi.Generic ) - warning 18:35:20.0644 6136 N5SG - detected UnsignedFile.Multi.Generic (1) 18:35:20.0681 6136 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 18:35:20.0721 6136 NativeWifiP - ok 18:35:20.0751 6136 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 18:35:20.0768 6136 NDIS - ok 18:35:20.0776 6136 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 18:35:20.0792 6136 NdisTapi - ok 18:35:20.0812 6136 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 18:35:20.0832 6136 Ndisuio - ok 18:35:20.0873 6136 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 18:35:20.0909 6136 NdisWan - ok 18:35:20.0957 6136 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 18:35:21.0007 6136 NDProxy - ok 18:35:21.0032 6136 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 18:35:21.0075 6136 NetBIOS - ok 18:35:21.0104 6136 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 18:35:21.0159 6136 netbt - ok 18:35:21.0197 6136 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 18:35:21.0205 6136 nfrd960 - ok 18:35:21.0227 6136 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 18:35:21.0245 6136 Npfs - ok 18:35:21.0253 6136 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 18:35:21.0293 6136 nsiproxy - ok 18:35:21.0340 6136 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 18:35:21.0386 6136 Ntfs - ok 18:35:21.0404 6136 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 18:35:21.0474 6136 ntrigdigi - ok 18:35:21.0509 6136 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 18:35:21.0530 6136 Null - ok 18:35:21.0580 6136 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys 18:35:21.0601 6136 nvraid - ok 18:35:21.0618 6136 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys 18:35:21.0702 6136 nvstor - ok 18:35:21.0727 6136 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 18:35:21.0737 6136 nv_agp - ok 18:35:21.0744 6136 NwlnkFlt - ok 18:35:21.0753 6136 NwlnkFwd - ok 18:35:21.0804 6136 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 18:35:21.0855 6136 ohci1394 - ok 18:35:21.0875 6136 OMCI - ok 18:35:21.0945 6136 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 18:35:21.0981 6136 Parport - ok 18:35:21.0993 6136 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 18:35:22.0002 6136 partmgr - ok 18:35:22.0013 6136 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 18:35:22.0073 6136 Parvdm - ok 18:35:22.0116 6136 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 18:35:22.0127 6136 pci - ok 18:35:22.0139 6136 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 18:35:22.0148 6136 pciide - ok 18:35:22.0189 6136 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 18:35:22.0198 6136 pcmcia - ok 18:35:22.0258 6136 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys 18:35:22.0276 6136 pcouffin - ok 18:35:22.0354 6136 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys 18:35:22.0360 6136 PdiPorts - ok 18:35:22.0386 6136 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 18:35:22.0470 6136 PEAUTH - ok 18:35:22.0510 6136 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 18:35:22.0556 6136 PptpMiniport - ok 18:35:22.0581 6136 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 18:35:22.0618 6136 Processor - ok 18:35:22.0658 6136 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 18:35:22.0703 6136 PSched - ok 18:35:22.0732 6136 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys 18:35:22.0739 6136 PxHelp20 - ok 18:35:22.0783 6136 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 18:35:22.0842 6136 ql2300 - ok 18:35:22.0912 6136 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 18:35:22.0921 6136 ql40xx - ok 18:35:22.0953 6136 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 18:35:23.0022 6136 QWAVEdrv - ok 18:35:23.0049 6136 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 18:35:23.0070 6136 RasAcd - ok 18:35:23.0083 6136 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 18:35:23.0146 6136 Rasl2tp - ok 18:35:23.0195 6136 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 18:35:23.0211 6136 RasPppoe - ok 18:35:23.0223 6136 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 18:35:23.0257 6136 RasSstp - ok 18:35:23.0295 6136 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 18:35:23.0314 6136 rdbss - ok 18:35:23.0329 6136 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 18:35:23.0350 6136 RDPCDD - ok 18:35:23.0388 6136 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 18:35:23.0449 6136 rdpdr - ok 18:35:23.0472 6136 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 18:35:23.0494 6136 RDPENCDD - ok 18:35:23.0519 6136 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 18:35:23.0538 6136 RDPWD - ok 18:35:23.0720 6136 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys 18:35:23.0741 6136 RimUsb - ok 18:35:23.0788 6136 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys 18:35:23.0846 6136 RimVSerPort - ok 18:35:23.0885 6136 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys 18:35:23.0906 6136 ROOTMODEM - ok 18:35:23.0936 6136 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 18:35:23.0976 6136 rspndr - ok 18:35:24.0020 6136 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 18:35:24.0029 6136 sbp2port - ok 18:35:24.0067 6136 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 18:35:24.0123 6136 secdrv - ok 18:35:24.0208 6136 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\Windows\System32\Drivers\SENTINEL.SYS 18:35:24.0215 6136 Sentinel - ok 18:35:24.0269 6136 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 18:35:24.0305 6136 Serenum - ok 18:35:24.0325 6136 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 18:35:24.0384 6136 Serial - ok 18:35:24.0422 6136 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 18:35:24.0467 6136 sermouse - ok 18:35:24.0502 6136 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 18:35:24.0538 6136 sffdisk - ok 18:35:24.0549 6136 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 18:35:24.0619 6136 sffp_mmc - ok 18:35:24.0645 6136 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 18:35:24.0717 6136 sffp_sd - ok 18:35:24.0741 6136 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 18:35:24.0777 6136 sfloppy - ok 18:35:24.0840 6136 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 18:35:24.0848 6136 sisagp - ok 18:35:24.0865 6136 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 18:35:24.0873 6136 SiSRaid2 - ok 18:35:24.0897 6136 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 18:35:24.0905 6136 SiSRaid4 - ok 18:35:24.0944 6136 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 18:35:24.0962 6136 Smb - ok 18:35:24.0997 6136 SNTNLUSB (ce724fc3ef8468bbab146ca1793c66dc) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS 18:35:25.0004 6136 SNTNLUSB - ok 18:35:25.0031 6136 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 18:35:25.0039 6136 spldr - ok 18:35:25.0102 6136 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\System32\Drivers\sptd.sys 18:35:25.0126 6136 sptd - ok 18:35:25.0181 6136 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 18:35:25.0299 6136 srv - ok 18:35:25.0348 6136 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 18:35:25.0384 6136 srv2 - ok 18:35:25.0410 6136 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 18:35:25.0457 6136 srvnet - ok 18:35:25.0532 6136 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys 18:35:25.0536 6136 SSPORT ( UnsignedFile.Multi.Generic ) - warning 18:35:25.0536 6136 SSPORT - detected UnsignedFile.Multi.Generic (1) 18:35:25.0562 6136 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 18:35:25.0570 6136 swenum - ok 18:35:25.0589 6136 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 18:35:25.0597 6136 Symc8xx - ok 18:35:25.0610 6136 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 18:35:25.0618 6136 Sym_hi - ok 18:35:25.0633 6136 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 18:35:25.0641 6136 Sym_u3 - ok 18:35:25.0690 6136 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 18:35:25.0738 6136 Tcpip - ok 18:35:25.0785 6136 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 18:35:25.0841 6136 Tcpip6 - ok 18:35:25.0909 6136 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 18:35:25.0945 6136 tcpipreg - ok 18:35:25.0995 6136 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 18:35:26.0038 6136 TDPIPE - ok 18:35:26.0062 6136 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 18:35:26.0083 6136 TDTCP - ok 18:35:26.0121 6136 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 18:35:26.0138 6136 tdx - ok 18:35:26.0163 6136 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 18:35:26.0172 6136 TermDD - ok 18:35:26.0206 6136 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 18:35:26.0227 6136 tssecsrv - ok 18:35:26.0249 6136 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 18:35:26.0310 6136 tunmp - ok 18:35:26.0363 6136 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 18:35:26.0392 6136 tunnel - ok 18:35:26.0424 6136 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 18:35:26.0433 6136 uagp35 - ok 18:35:26.0481 6136 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 18:35:26.0501 6136 udfs - ok 18:35:26.0546 6136 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 18:35:26.0554 6136 uliagpkx - ok 18:35:26.0569 6136 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 18:35:26.0579 6136 uliahci - ok 18:35:26.0599 6136 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 18:35:26.0608 6136 UlSata - ok 18:35:26.0626 6136 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 18:35:26.0635 6136 ulsata2 - ok 18:35:26.0659 6136 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 18:35:26.0703 6136 umbus - ok 18:35:26.0785 6136 USB28xxBGA (48bfa9c9145b7527aa8849c974756461) C:\Windows\system32\DRIVERS\emBDA.sys 18:35:26.0870 6136 USB28xxBGA - ok 18:35:26.0899 6136 USB28xxOEM (9053737716744587b748cf7aaa424758) C:\Windows\system32\DRIVERS\emOEM.sys 18:35:26.0942 6136 USB28xxOEM - ok 18:35:26.0980 6136 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 18:35:27.0027 6136 USBAAPL - ok 18:35:27.0080 6136 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 18:35:27.0119 6136 usbaudio - ok 18:35:27.0151 6136 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 18:35:27.0167 6136 usbccgp - ok 18:35:27.0226 6136 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 18:35:27.0263 6136 usbcir - ok 18:35:27.0279 6136 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 18:35:27.0317 6136 usbehci - ok 18:35:27.0345 6136 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 18:35:27.0363 6136 usbhub - ok 18:35:27.0376 6136 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 18:35:27.0415 6136 usbohci - ok 18:35:27.0446 6136 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 18:35:27.0466 6136 usbprint - ok 18:35:27.0494 6136 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 18:35:27.0511 6136 usbscan - ok 18:35:27.0527 6136 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:35:27.0545 6136 USBSTOR - ok 18:35:27.0563 6136 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 18:35:27.0580 6136 usbuhci - ok 18:35:27.0603 6136 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys 18:35:27.0674 6136 usbvideo - ok 18:35:27.0703 6136 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 18:35:27.0739 6136 vga - ok 18:35:27.0756 6136 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 18:35:27.0778 6136 VgaSave - ok 18:35:27.0833 6136 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 18:35:27.0841 6136 viaagp - ok 18:35:27.0852 6136 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 18:35:27.0907 6136 ViaC7 - ok 18:35:27.0948 6136 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys 18:35:27.0957 6136 viaide - ok 18:35:27.0976 6136 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 18:35:27.0984 6136 volmgr - ok 18:35:28.0039 6136 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 18:35:28.0053 6136 volmgrx - ok 18:35:28.0094 6136 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 18:35:28.0106 6136 volsnap - ok 18:35:28.0140 6136 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 18:35:28.0149 6136 vsmraid - ok 18:35:28.0207 6136 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS 18:35:28.0262 6136 VSTHWBS2 - ok 18:35:28.0300 6136 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 18:35:28.0359 6136 VST_DPV - ok 18:35:28.0384 6136 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 18:35:28.0420 6136 WacomPen - ok 18:35:28.0447 6136 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 18:35:28.0488 6136 Wanarp - ok 18:35:28.0491 6136 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 18:35:28.0508 6136 Wanarpv6 - ok 18:35:28.0532 6136 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 18:35:28.0559 6136 Wd - ok 18:35:28.0615 6136 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 18:35:28.0631 6136 Wdf01000 - ok 18:35:28.0676 6136 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 18:35:28.0730 6136 winachsf - ok 18:35:28.0820 6136 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS 18:35:28.0836 6136 WinUsb - ok 18:35:28.0886 6136 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 18:35:28.0922 6136 WmiAcpi - ok 18:35:29.0006 6136 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 18:35:29.0045 6136 WpdUsb - ok 18:35:29.0103 6136 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 18:35:29.0146 6136 ws2ifsl - ok 18:35:29.0189 6136 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 18:35:29.0210 6136 WUDFRd - ok 18:35:29.0257 6136 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 18:35:29.0346 6136 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 18:35:29.0346 6136 \Device\Harddisk0\DR0 - detected TDSS File System (1) 18:35:29.0350 6136 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5 18:35:29.0815 6136 \Device\Harddisk5\DR5 - ok 18:35:29.0841 6136 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR6 18:35:29.0957 6136 \Device\Harddisk6\DR6 - ok 18:35:29.0960 6136 Boot (0x1200) (72c9b9c4bb3bbf1d1f668a4fea4533af) \Device\Harddisk0\DR0\Partition0 18:35:29.0960 6136 \Device\Harddisk0\DR0\Partition0 - ok 18:35:29.0964 6136 Boot (0x1200) (1b3678f513eb38e152e46d7d2f1d7091) \Device\Harddisk5\DR5\Partition0 18:35:29.0965 6136 \Device\Harddisk5\DR5\Partition0 - ok 18:35:29.0967 6136 Boot (0x1200) (19270f5db212c5652859b65ba4ab0cb3) \Device\Harddisk6\DR6\Partition0 18:35:29.0969 6136 \Device\Harddisk6\DR6\Partition0 - ok 18:35:29.0969 6136 ============================================================ 18:35:29.0969 6136 Scan finished 18:35:29.0969 6136 ============================================================ 18:35:29.0976 5304 Detected object count: 6 18:35:29.0976 5304 Actual detected object count: 6 18:35:45.0305 5304 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user 18:35:45.0305 5304 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:35:45.0306 5304 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user 18:35:45.0306 5304 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:35:45.0307 5304 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user 18:35:45.0307 5304 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:35:45.0308 5304 N5SG ( UnsignedFile.Multi.Generic ) - skipped by user 18:35:45.0308 5304 N5SG ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:35:45.0309 5304 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user 18:35:45.0309 5304 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:35:45.0317 5304 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 18:35:45.0319 5304 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 18:35:45.0326 5304 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 18:35:45.0327 5304 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 18:35:45.0329 5304 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 18:35:45.0330 5304 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 18:35:45.0339 5304 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 18:35:45.0340 5304 \Device\Harddisk0\DR0\TDLFS - deleted 18:35:45.0340 5304 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete 18:35:57.0897 7304 Deinitialize success ComboFix 12-02-08.01 - Willy 02/08/2012 18:40:38.2.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1739 [GMT -6:00] Running from: c:\users\Willy\Desktop\ComboFix.exe Command switches used :: c:\users\Willy\Desktop\CFScript.txt AV: Microsoft Forefront Client Security *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Forefront Client Security *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Ask.com c:\program files\Ask.com\cobrand.ico c:\program files\Ask.com\config.xml c:\program files\Ask.com\favicon.ico c:\program files\Ask.com\fv_ebe2.ico c:\program files\Ask.com\GenericAskToolbar.dll c:\program files\Ask.com\mupcfg.xml c:\program files\Ask.com\SaUpdate.exe c:\program files\Ask.com\UpdateTask.exe . . ((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 ))))))))))))))))))))))))))))))) . . 2012-02-09 00:53 . 2012-02-09 00:53 -------- d-----w- c:\users\Willy\AppData\Local\temp 2012-02-09 00:53 . 2012-02-09 00:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-09 00:53 . 2012-02-09 00:53 -------- d-----w- c:\users\Darla\AppData\Local\temp 2012-02-09 00:53 . 2012-02-09 00:53 -------- d-----w- c:\users\Darla.HomeOffice-PC\AppData\Local\temp 2012-02-08 14:22 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{DF622446-0653-46DB-BF0D-CBB7518FA040}\mpengine.dll 2012-02-06 18:26 . 2012-02-06 18:27 -------- d-----w- c:\users\Darla.HomeOffice-PC\AppData\Roaming\my_app_files 2012-02-06 18:25 . 2012-02-06 18:25 -------- d-----w- c:\users\Darla.HomeOffice-PC\AppData\Roaming\BirthdayAdventure 2012-02-06 04:34 . 2012-02-06 04:34 -------- d-----w- c:\windows\CheckSur 2012-02-05 04:29 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-02-05 04:29 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2012-02-05 04:29 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll 2012-02-05 04:29 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-02-05 04:29 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-02-05 04:29 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe 2012-02-05 04:17 . 2012-02-05 04:17 -------- d-----w- c:\programdata\NortonInstaller 2012-02-05 04:17 . 2012-02-05 04:17 -------- d-----w- c:\program files\NortonInstaller 2012-02-05 03:30 . 2012-02-05 03:31 -------- d-----w- c:\users\Willy\AppData\Roaming\my_app_files 2012-02-05 03:30 . 2012-02-05 03:30 -------- d-----w- c:\users\Willy\AppData\Roaming\BirthdayAdventure 2012-02-05 03:23 . 2012-02-05 03:26 -------- d-----w- c:\program files\Dora's Big Birthday Adventure 2012-02-04 16:50 . 2012-02-09 00:35 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-04 03:20 . 2012-02-04 03:20 -------- d-----w- c:\users\Darla.HomeOffice-PC\AppData\Roaming\Malwarebytes 2012-02-03 22:59 . 2012-02-03 22:59 -------- d-----w- c:\users\Willy\AppData\Roaming\Malwarebytes 2012-02-03 22:58 . 2012-02-03 22:58 -------- d-----w- c:\programdata\Malwarebytes 2012-02-03 22:58 . 2012-02-04 04:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-03 22:58 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-03 02:57 . 2012-02-03 02:57 -------- d-----w- c:\windows\Microsoft Antimalware 2012-02-03 02:57 . 2012-02-03 02:57 -------- d-----w- c:\windows\Windows Defender Offline 2012-01-29 04:04 . 2012-01-29 04:04 -------- d-----w- c:\windows\Sun 2012-01-22 18:25 . 2012-01-22 18:25 -------- d-----w- c:\program files\iPod 2012-01-16 04:24 . 2012-01-16 04:24 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-16 04:24 . 2012-01-16 04:24 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2012-01-16 04:24 . 2012-01-16 04:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-16 04:24 . 2012-01-16 04:24 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-11 14:04 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll 2012-01-11 14:04 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll 2012-01-11 14:04 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 14:04 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll 2012-01-11 14:04 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll 2012-01-11 14:04 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-01-11 14:04 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 14:04 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-31 12:44 . 2009-10-02 06:46 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-06 04:19 . 2009-08-24 22:26 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll 2011-11-23 13:37 . 2011-12-15 00:44 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 03:31 . 2011-05-15 13:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-11 05:45 . 2011-11-11 05:45 53248 ----a-r- c:\users\Willy\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-01-16 04:24 . 2011-03-25 07:54 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f897eb0e-a3a4-46c3-80eb-2729699d8892}] 2011-05-09 09:49 176936 ----a-w- c:\program files\SmileBox_EN\prxtbSmil.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{F897EB0E-A3A4-46C3-80EB-2729699D8892}"= "c:\program files\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Willy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Willy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Willy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-01-19 2736128] "Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-06-02 6123032] "Eye-Fi"="c:\program files\Eye-Fi\Helper\EyeFiHelper.exe" [2011-12-22 3961464] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WifiMediaSync"="c:\program files\CCApps\Wifi Media Backup\Wifi Media Backup.exe" [2009-12-15 243200] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "Xvid"="c:\program files\XviD\CheckUpdate.exe" [2011-01-17 8192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "StxTrayMenu"="c:\program files\Seagate\SystemTray\FreeAgentLauncher.exe" [2007-01-18 79416] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240] "Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2011-02-02 1033600] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200] "UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-06-06 251744] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-18 180269] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-11-12 73728] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . c:\users\Darla.HomeOffice-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\users\Willy\AppData\Local\Temp\ONENOTEM.EXE [N/A] . c:\users\Willy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Willy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-5-2 6144] Windchill ProductPoint Client Manager.lnk - c:\windows\Installer\{129024FF-A6C9-4696-91BC-570C6C05193A}\_F5BCEE176F60B4DABC6DF8.exe [2011-4-30 1406] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk] backup=c:\windows\pss\VPN Client.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2012-01-03 13:10 815512 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2012-01-03 13:10 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-09-11 05:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW] 2008-07-14 18:42 81920 ----a-w- c:\program files\Common Files\Portrait Displays\Shared\DT_Startup.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-06-16 02:07 136176 ----atw- c:\users\Willy\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iXL_MiddleWare] 2010-04-28 08:36 52280 ----a-w- c:\program files\Fisher-Price\iXL\iXL.Middleware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware] 2007-02-09 17:17 694008 ----a-w- c:\program files\Portrait Displays\Pivot Software\wpCtrl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-05-18 12:42 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 14513384 *Deregistered* - 14513384 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2011-01-19 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:01] . 2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:01] . 2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1986106255-517538349-219921657-1000Core.job - c:\users\Willy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-26 02:07] . 2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1986106255-517538349-219921657-1000UA.job - c:\users\Willy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-26 02:07] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1 FF - ProfilePath - c:\users\Willy\AppData\Roaming\Mozilla\Firefox\Profiles\dk6nrk6u.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-08 18:53 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2012-02-08 19:04:58 ComboFix-quarantined-files.txt 2012-02-09 01:04 ComboFix2.txt 2012-02-08 15:11 . Pre-Run: 679,201,697,792 bytes free Post-Run: 679,142,412,288 bytes free . - - End Of File - - D3D934029873E9949C2BB5E138CF995B
  4. texaswilly
    On TDSSKiller I was not given the option of cure, just Skip, Quarentine or Delete. Here are the logs: 08:38:35.0684 4856 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46 08:38:36.0049 4856 ============================================================ 08:38:36.0049 4856 Current date / time: 2012/02/08 08:38:36.0049 08:38:36.0049 4856 SystemInfo: 08:38:36.0049 4856 08:38:36.0049 4856 OS Version: 6.0.6002 ServicePack: 2.0 08:38:36.0049 4856 Product type: Workstation 08:38:36.0049 4856 ComputerName: HOMEOFFICE-PC 08:38:36.0049 4856 UserName: Willy 08:38:36.0049 4856 Windows directory: C:\Windows 08:38:36.0049 4856 System windows directory: C:\Windows 08:38:36.0049 4856 Processor architecture: Intel x86 08:38:36.0049 4856 Number of processors: 4 08:38:36.0049 4856 Page size: 0x1000 08:38:36.0049 4856 Boot type: Normal boot 08:38:36.0050 4856 ============================================================ 08:38:38.0644 4856 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 08:38:38.0700 4856 Drive \Device\Harddisk5\DR5 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 08:38:38.0745 4856 Drive \Device\Harddisk6\DR6 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 08:38:38.0746 4856 \Device\Harddisk0\DR0: 08:38:38.0746 4856 MBR used 08:38:38.0746 4856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800 08:38:38.0746 4856 \Device\Harddisk5\DR5: 08:38:38.0746 4856 MBR used 08:38:38.0746 4856 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000 08:38:38.0746 4856 \Device\Harddisk6\DR6: 08:38:38.0747 4856 MBR used 08:38:38.0747 4856 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2 08:38:39.0285 4856 Initialize success 08:38:39.0285 4856 ============================================================ 08:38:46.0662 4208 ============================================================ 08:38:46.0663 4208 Scan started 08:38:46.0663 4208 Mode: Manual; SigCheck; TDLFS; 08:38:46.0663 4208 ============================================================ 08:38:48.0269 4208 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys 08:38:48.0591 4208 61883 - ok 08:38:48.0772 4208 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 08:38:48.0801 4208 ACPI - ok 08:38:48.0894 4208 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 08:38:49.0015 4208 adp94xx - ok 08:38:49.0058 4208 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 08:38:49.0182 4208 adpahci - ok 08:38:49.0211 4208 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 08:38:49.0260 4208 adpu160m - ok 08:38:49.0339 4208 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 08:38:49.0393 4208 adpu320 - ok 08:38:49.0442 4208 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys 08:38:49.0490 4208 Afc - ok 08:38:49.0569 4208 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 08:38:49.0664 4208 AFD - ok 08:38:49.0689 4208 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 08:38:49.0737 4208 agp440 - ok 08:38:49.0772 4208 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 08:38:49.0814 4208 aic78xx - ok 08:38:49.0850 4208 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys 08:38:49.0871 4208 aliide - ok 08:38:49.0911 4208 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 08:38:49.0957 4208 amdagp - ok 08:38:49.0992 4208 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys 08:38:50.0023 4208 amdide - ok 08:38:50.0055 4208 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 08:38:50.0236 4208 AmdK7 - ok 08:38:50.0295 4208 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 08:38:50.0399 4208 AmdK8 - ok 08:38:50.0464 4208 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 08:38:50.0506 4208 arc - ok 08:38:50.0536 4208 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 08:38:50.0585 4208 arcsas - ok 08:38:50.0657 4208 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys 08:38:50.0731 4208 ASPI32 ( UnsignedFile.Multi.Generic ) - warning 08:38:50.0731 4208 ASPI32 - detected UnsignedFile.Multi.Generic (1) 08:38:50.0764 4208 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 08:38:50.0823 4208 AsyncMac - ok 08:38:50.0881 4208 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 08:38:50.0902 4208 atapi - ok 08:38:51.0069 4208 atikmdag (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys 08:38:51.0230 4208 atikmdag - ok 08:38:51.0264 4208 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys 08:38:51.0360 4208 Avc - ok 08:38:51.0410 4208 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 08:38:51.0480 4208 Beep - ok 08:38:51.0490 4208 blbdrive - ok 08:38:51.0576 4208 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 08:38:51.0699 4208 bowser - ok 08:38:51.0739 4208 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 08:38:51.0928 4208 BrFiltLo - ok 08:38:51.0947 4208 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 08:38:51.0981 4208 BrFiltUp - ok 08:38:52.0057 4208 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 08:38:52.0227 4208 Brserid - ok 08:38:52.0334 4208 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 08:38:52.0434 4208 BrSerWdm - ok 08:38:52.0475 4208 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 08:38:52.0580 4208 BrUsbMdm - ok 08:38:52.0602 4208 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 08:38:52.0688 4208 BrUsbSer - ok 08:38:52.0717 4208 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 08:38:52.0809 4208 BTHMODEM - ok 08:38:52.0862 4208 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 08:38:52.0984 4208 cdfs - ok 08:38:53.0049 4208 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 08:38:53.0148 4208 cdrom - ok 08:38:53.0181 4208 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 08:38:53.0262 4208 circlass - ok 08:38:53.0311 4208 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 08:38:53.0342 4208 CLFS - ok 08:38:53.0404 4208 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys 08:38:53.0448 4208 cmdide - ok 08:38:53.0519 4208 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 08:38:53.0560 4208 Compbatt - ok 08:38:53.0604 4208 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 08:38:53.0621 4208 crcdisk - ok 08:38:53.0639 4208 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 08:38:53.0725 4208 Crusoe - ok 08:38:54.0009 4208 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys 08:38:54.0119 4208 CVirtA - ok 08:38:54.0396 4208 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys 08:38:54.0468 4208 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning 08:38:54.0468 4208 CVPNDRVA - detected UnsignedFile.Multi.Generic (1) 08:38:54.0491 4208 dbhjcjpf - ok 08:38:54.0574 4208 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 08:38:54.0682 4208 DfsC - ok 08:38:54.0873 4208 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys 08:38:54.0957 4208 DgiVecp ( UnsignedFile.Multi.Generic ) - warning 08:38:54.0957 4208 DgiVecp - detected UnsignedFile.Multi.Generic (1) 08:38:55.0025 4208 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 08:38:55.0055 4208 disk - ok 08:38:55.0126 4208 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys 08:38:55.0143 4208 DNE - ok 08:38:55.0224 4208 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 08:38:55.0324 4208 drmkaud - ok 08:38:55.0431 4208 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 08:38:55.0584 4208 DXGKrnl - ok 08:38:55.0660 4208 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys 08:38:55.0757 4208 e1express - ok 08:38:55.0867 4208 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 08:38:56.0033 4208 E1G60 - ok 08:38:56.0141 4208 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 08:38:56.0174 4208 Ecache - ok 08:38:56.0218 4208 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 08:38:56.0269 4208 elxstor - ok 08:38:56.0346 4208 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 08:38:56.0441 4208 exfat - ok 08:38:56.0458 4208 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 08:38:56.0538 4208 fastfat - ok 08:38:56.0599 4208 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 08:38:56.0688 4208 fdc - ok 08:38:56.0715 4208 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 08:38:56.0724 4208 FileInfo - ok 08:38:56.0794 4208 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 08:38:56.0900 4208 Filetrace - ok 08:38:56.0947 4208 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 08:38:57.0019 4208 flpydisk - ok 08:38:57.0125 4208 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 08:38:57.0151 4208 FltMgr - ok 08:38:57.0190 4208 FlyUsb (85e5ad3a9d56fd6f92db5fc9ca62e2e4) C:\Windows\system32\DRIVERS\FlyUsb.sys 08:38:57.0287 4208 FlyUsb - ok 08:38:57.0362 4208 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys 08:38:57.0448 4208 fssfltr - ok 08:38:57.0486 4208 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 08:38:57.0521 4208 Fs_Rec - ok 08:38:57.0540 4208 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 08:38:57.0589 4208 gagp30kx - ok 08:38:57.0621 4208 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 08:38:57.0658 4208 GEARAspiWDM - ok 08:38:57.0729 4208 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 08:38:57.0864 4208 HdAudAddService - ok 08:38:58.0037 4208 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 08:38:58.0127 4208 HDAudBus - ok 08:38:58.0170 4208 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 08:38:58.0220 4208 HidBth - ok 08:38:58.0237 4208 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 08:38:58.0344 4208 HidIr - ok 08:38:58.0366 4208 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 08:38:58.0442 4208 HidUsb - ok 08:38:58.0457 4208 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 08:38:58.0489 4208 HpCISSs - ok 08:38:58.0617 4208 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 08:38:58.0729 4208 HTTP - ok 08:38:58.0781 4208 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 08:38:58.0811 4208 i2omp - ok 08:38:58.0842 4208 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 08:38:58.0900 4208 i8042prt - ok 08:38:59.0000 4208 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 08:38:59.0063 4208 iaStorV - ok 08:38:59.0079 4208 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 08:38:59.0109 4208 iirsp - ok 08:38:59.0203 4208 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys 08:38:59.0236 4208 intelide - ok 08:38:59.0344 4208 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 08:38:59.0414 4208 intelppm - ok 08:38:59.0466 4208 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 08:38:59.0529 4208 IpFilterDriver - ok 08:38:59.0548 4208 IpInIp - ok 08:38:59.0606 4208 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 08:38:59.0720 4208 IPMIDRV - ok 08:38:59.0781 4208 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 08:38:59.0826 4208 IPNAT - ok 08:38:59.0880 4208 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 08:38:59.0947 4208 IRENUM - ok 08:38:59.0984 4208 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 08:39:00.0024 4208 isapnp - ok 08:39:00.0206 4208 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 08:39:00.0229 4208 iScsiPrt - ok 08:39:00.0345 4208 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 08:39:00.0379 4208 iteatapi - ok 08:39:00.0442 4208 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 08:39:00.0481 4208 iteraid - ok 08:39:00.0518 4208 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 08:39:00.0555 4208 kbdclass - ok 08:39:00.0622 4208 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 08:39:00.0694 4208 kbdhid - ok 08:39:00.0790 4208 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 08:39:00.0820 4208 KSecDD - ok 08:39:00.0882 4208 LHidFilt (8b30311241f97b35167afe68d79e8530) C:\Windows\system32\DRIVERS\LHidFilt.Sys 08:39:00.0924 4208 LHidFilt - ok 08:39:00.0968 4208 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 08:39:01.0028 4208 lltdio - ok 08:39:01.0059 4208 LMouFilt (48d7422a6c4eec886b56ac534cfa3acf) C:\Windows\system32\DRIVERS\LMouFilt.Sys 08:39:01.0095 4208 LMouFilt - ok 08:39:01.0124 4208 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 08:39:01.0168 4208 LSI_FC - ok 08:39:01.0262 4208 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 08:39:01.0311 4208 LSI_SAS - ok 08:39:01.0341 4208 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 08:39:01.0397 4208 LSI_SCSI - ok 08:39:01.0433 4208 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 08:39:01.0529 4208 luafv - ok 08:39:01.0557 4208 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\Drivers\LVPr2Mon.sys 08:39:01.0592 4208 LVPr2Mon - ok 08:39:01.0657 4208 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys 08:39:01.0720 4208 LVRS - ok 08:39:01.0775 4208 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\Windows\system32\drivers\LVUSBSta.sys 08:39:01.0842 4208 LVUSBSta - ok 08:39:01.0961 4208 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys 08:39:02.0145 4208 LVUVC - ok 08:39:02.0209 4208 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys 08:39:02.0230 4208 MBAMProtector - ok 08:39:02.0337 4208 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 08:39:02.0368 4208 megasas - ok 08:39:02.0398 4208 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 08:39:02.0479 4208 Modem - ok 08:39:02.0704 4208 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 08:39:02.0757 4208 monitor - ok 08:39:02.0873 4208 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 08:39:02.0902 4208 mouclass - ok 08:39:02.0936 4208 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 08:39:03.0002 4208 mouhid - ok 08:39:03.0083 4208 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 08:39:03.0110 4208 MountMgr - ok 08:39:03.0174 4208 MpFilter (356842aac621ab40f18992c01a590f71) C:\Windows\system32\DRIVERS\MpFilter.sys 08:39:03.0204 4208 MpFilter - ok 08:39:03.0281 4208 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 08:39:03.0339 4208 mpio - ok 08:39:03.0370 4208 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 08:39:03.0432 4208 mpsdrv - ok 08:39:03.0466 4208 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 08:39:03.0494 4208 Mraid35x - ok 08:39:03.0562 4208 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 08:39:03.0712 4208 MRxDAV - ok 08:39:03.0776 4208 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 08:39:03.0900 4208 mrxsmb - ok 08:39:03.0959 4208 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 08:39:04.0030 4208 mrxsmb10 - ok 08:39:04.0051 4208 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 08:39:04.0142 4208 mrxsmb20 - ok 08:39:04.0186 4208 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys 08:39:04.0204 4208 msahci - ok 08:39:04.0232 4208 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 08:39:04.0289 4208 msdsm - ok 08:39:04.0332 4208 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys 08:39:04.0418 4208 MSDV - ok 08:39:04.0445 4208 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 08:39:04.0519 4208 Msfs - ok 08:39:04.0539 4208 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 08:39:04.0547 4208 msisadrv - ok 08:39:04.0566 4208 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 08:39:04.0695 4208 MSKSSRV - ok 08:39:04.0718 4208 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 08:39:04.0745 4208 MSPCLOCK - ok 08:39:04.0765 4208 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 08:39:04.0793 4208 MSPQM - ok 08:39:04.0851 4208 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 08:39:04.0902 4208 MsRPC - ok 08:39:04.0938 4208 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 08:39:04.0961 4208 mssmbios - ok 08:39:04.0979 4208 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 08:39:05.0038 4208 MSTEE - ok 08:39:05.0046 4208 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 08:39:05.0074 4208 Mup - ok 08:39:05.0116 4208 N5SG (77dad453144952e7cec56ac6e2061fd7) C:\Windows\system32\DRIVERS\N5SG.sys 08:39:05.0160 4208 N5SG ( UnsignedFile.Multi.Generic ) - warning 08:39:05.0160 4208 N5SG - detected UnsignedFile.Multi.Generic (1) 08:39:05.0236 4208 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 08:39:05.0299 4208 NativeWifiP - ok 08:39:05.0373 4208 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 08:39:05.0408 4208 NDIS - ok 08:39:05.0471 4208 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 08:39:05.0515 4208 NdisTapi - ok 08:39:05.0541 4208 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 08:39:05.0614 4208 Ndisuio - ok 08:39:05.0644 4208 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 08:39:05.0725 4208 NdisWan - ok 08:39:05.0769 4208 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 08:39:05.0855 4208 NDProxy - ok 08:39:05.0877 4208 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 08:39:05.0978 4208 NetBIOS - ok 08:39:06.0016 4208 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 08:39:06.0095 4208 netbt - ok 08:39:06.0133 4208 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 08:39:06.0172 4208 nfrd960 - ok 08:39:06.0181 4208 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 08:39:06.0231 4208 Npfs - ok 08:39:06.0240 4208 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 08:39:06.0282 4208 nsiproxy - ok 08:39:06.0360 4208 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 08:39:06.0566 4208 Ntfs - ok 08:39:06.0606 4208 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 08:39:06.0684 4208 ntrigdigi - ok 08:39:06.0717 4208 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 08:39:06.0746 4208 Null - ok 08:39:06.0782 4208 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys 08:39:06.0862 4208 nvraid - ok 08:39:06.0886 4208 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys 08:39:06.0969 4208 nvstor - ok 08:39:06.0996 4208 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 08:39:07.0030 4208 nv_agp - ok 08:39:07.0036 4208 NwlnkFlt - ok 08:39:07.0045 4208 NwlnkFwd - ok 08:39:07.0089 4208 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 08:39:07.0177 4208 ohci1394 - ok 08:39:07.0186 4208 OMCI - ok 08:39:07.0255 4208 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 08:39:07.0362 4208 Parport - ok 08:39:07.0405 4208 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 08:39:07.0435 4208 partmgr - ok 08:39:07.0464 4208 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 08:39:07.0518 4208 Parvdm - ok 08:39:07.0575 4208 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 08:39:07.0598 4208 pci - ok 08:39:07.0623 4208 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 08:39:07.0640 4208 pciide - ok 08:39:07.0681 4208 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 08:39:07.0716 4208 pcmcia - ok 08:39:07.0775 4208 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys 08:39:07.0829 4208 pcouffin - ok 08:39:07.0954 4208 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys 08:39:07.0984 4208 PdiPorts - ok 08:39:08.0020 4208 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 08:39:08.0147 4208 PEAUTH - ok 08:39:08.0201 4208 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 08:39:08.0302 4208 PptpMiniport - ok 08:39:08.0347 4208 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 08:39:08.0423 4208 Processor - ok 08:39:08.0465 4208 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 08:39:08.0566 4208 PSched - ok 08:39:08.0589 4208 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys 08:39:08.0615 4208 PxHelp20 - ok 08:39:08.0657 4208 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 08:39:08.0742 4208 ql2300 - ok 08:39:08.0786 4208 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 08:39:08.0855 4208 ql40xx - ok 08:39:08.0901 4208 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 08:39:08.0988 4208 QWAVEdrv - ok 08:39:09.0048 4208 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 08:39:09.0089 4208 RasAcd - ok 08:39:09.0099 4208 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 08:39:09.0185 4208 Rasl2tp - ok 08:39:09.0242 4208 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 08:39:09.0292 4208 RasPppoe - ok 08:39:09.0300 4208 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 08:39:09.0403 4208 RasSstp - ok 08:39:09.0451 4208 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 08:39:09.0523 4208 rdbss - ok 08:39:09.0531 4208 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 08:39:09.0558 4208 RDPCDD - ok 08:39:09.0585 4208 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 08:39:09.0673 4208 rdpdr - ok 08:39:09.0691 4208 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 08:39:09.0719 4208 RDPENCDD - ok 08:39:09.0757 4208 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 08:39:09.0860 4208 RDPWD - ok 08:39:09.0925 4208 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys 08:39:10.0007 4208 RimUsb - ok 08:39:10.0051 4208 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys 08:39:10.0123 4208 RimVSerPort - ok 08:39:10.0174 4208 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys 08:39:10.0202 4208 ROOTMODEM - ok 08:39:10.0241 4208 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 08:39:10.0309 4208 rspndr - ok 08:39:10.0342 4208 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 08:39:10.0399 4208 sbp2port - ok 08:39:10.0430 4208 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 08:39:10.0498 4208 secdrv - ok 08:39:10.0546 4208 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\Windows\System32\Drivers\SENTINEL.SYS 08:39:10.0783 4208 Sentinel - ok 08:39:10.0914 4208 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 08:39:11.0003 4208 Serenum - ok 08:39:11.0027 4208 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 08:39:11.0095 4208 Serial - ok 08:39:11.0133 4208 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 08:39:11.0214 4208 sermouse - ok 08:39:11.0255 4208 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 08:39:11.0315 4208 sffdisk - ok 08:39:11.0352 4208 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 08:39:11.0432 4208 sffp_mmc - ok 08:39:11.0489 4208 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 08:39:11.0570 4208 sffp_sd - ok 08:39:11.0601 4208 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 08:39:11.0669 4208 sfloppy - ok 08:39:11.0700 4208 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 08:39:11.0727 4208 sisagp - ok 08:39:11.0751 4208 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 08:39:11.0781 4208 SiSRaid2 - ok 08:39:11.0798 4208 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 08:39:11.0843 4208 SiSRaid4 - ok 08:39:11.0888 4208 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 08:39:11.0959 4208 Smb - ok 08:39:12.0007 4208 SNTNLUSB (ce724fc3ef8468bbab146ca1793c66dc) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS 08:39:12.0045 4208 SNTNLUSB - ok 08:39:12.0074 4208 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 08:39:12.0091 4208 spldr - ok 08:39:12.0194 4208 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\System32\Drivers\sptd.sys 08:39:13.0876 4208 sptd - ok 08:39:13.0915 4208 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 08:39:14.0007 4208 srv - ok 08:39:14.0049 4208 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 08:39:14.0124 4208 srv2 - ok 08:39:14.0169 4208 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 08:39:14.0222 4208 srvnet - ok 08:39:14.0259 4208 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys 08:39:14.0281 4208 SSPORT ( UnsignedFile.Multi.Generic ) - warning 08:39:14.0281 4208 SSPORT - detected UnsignedFile.Multi.Generic (1) 08:39:14.0330 4208 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 08:39:14.0347 4208 swenum - ok 08:39:14.0373 4208 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 08:39:14.0404 4208 Symc8xx - ok 08:39:14.0419 4208 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 08:39:14.0449 4208 Sym_hi - ok 08:39:14.0475 4208 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 08:39:14.0507 4208 Sym_u3 - ok 08:39:14.0566 4208 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 08:39:14.0664 4208 Tcpip - ok 08:39:14.0718 4208 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 08:39:14.0760 4208 Tcpip6 - ok 08:39:14.0793 4208 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 08:39:14.0827 4208 tcpipreg - ok 08:39:14.0887 4208 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 08:39:14.0956 4208 TDPIPE - ok 08:39:14.0979 4208 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 08:39:15.0027 4208 TDTCP - ok 08:39:15.0072 4208 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 08:39:15.0162 4208 tdx - ok 08:39:15.0179 4208 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 08:39:15.0230 4208 TermDD - ok 08:39:15.0264 4208 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 08:39:15.0308 4208 tssecsrv - ok 08:39:15.0340 4208 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 08:39:15.0420 4208 tunmp - ok 08:39:15.0463 4208 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 08:39:15.0521 4208 tunnel - ok 08:39:15.0557 4208 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 08:39:15.0603 4208 uagp35 - ok 08:39:15.0630 4208 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 08:39:15.0670 4208 udfs - ok 08:39:15.0703 4208 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 08:39:15.0756 4208 uliagpkx - ok 08:39:15.0793 4208 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 08:39:15.0884 4208 uliahci - ok 08:39:15.0914 4208 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 08:39:15.0943 4208 UlSata - ok 08:39:15.0966 4208 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 08:39:15.0998 4208 ulsata2 - ok 08:39:16.0035 4208 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 08:39:16.0141 4208 umbus - ok 08:39:16.0224 4208 USB28xxBGA (48bfa9c9145b7527aa8849c974756461) C:\Windows\system32\DRIVERS\emBDA.sys 08:39:16.0362 4208 USB28xxBGA - ok 08:39:16.0430 4208 USB28xxOEM (9053737716744587b748cf7aaa424758) C:\Windows\system32\DRIVERS\emOEM.sys 08:39:16.0485 4208 USB28xxOEM - ok 08:39:16.0552 4208 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 08:39:16.0678 4208 USBAAPL - ok 08:39:16.0718 4208 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 08:39:16.0822 4208 usbaudio - ok 08:39:16.0855 4208 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 08:39:16.0974 4208 usbccgp - ok 08:39:17.0022 4208 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 08:39:17.0125 4208 usbcir - ok 08:39:17.0183 4208 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 08:39:17.0261 4208 usbehci - ok 08:39:17.0323 4208 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 08:39:17.0370 4208 usbhub - ok 08:39:17.0404 4208 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 08:39:17.0447 4208 usbohci - ok 08:39:17.0474 4208 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 08:39:17.0537 4208 usbprint - ok 08:39:17.0564 4208 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 08:39:17.0648 4208 usbscan - ok 08:39:17.0671 4208 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 08:39:17.0783 4208 USBSTOR - ok 08:39:17.0816 4208 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 08:39:17.0854 4208 usbuhci - ok 08:39:17.0880 4208 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys 08:39:17.0960 4208 usbvideo - ok 08:39:17.0988 4208 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 08:39:18.0047 4208 vga - ok 08:39:18.0067 4208 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 08:39:18.0122 4208 VgaSave - ok 08:39:18.0160 4208 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 08:39:18.0204 4208 viaagp - ok 08:39:18.0237 4208 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 08:39:18.0373 4208 ViaC7 - ok 08:39:18.0465 4208 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys 08:39:18.0488 4208 viaide - ok 08:39:19.0463 4208 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 08:39:19.0493 4208 volmgr - ok 08:39:19.0560 4208 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 08:39:19.0587 4208 volmgrx - ok 08:39:19.0648 4208 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 08:39:19.0674 4208 volsnap - ok 08:39:19.0711 4208 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 08:39:19.0778 4208 vsmraid - ok 08:39:19.0819 4208 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS 08:39:19.0906 4208 VSTHWBS2 - ok 08:39:19.0970 4208 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 08:39:20.0068 4208 VST_DPV - ok 08:39:20.0104 4208 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 08:39:20.0165 4208 WacomPen - ok 08:39:20.0216 4208 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 08:39:20.0315 4208 Wanarp - ok 08:39:20.0328 4208 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 08:39:20.0369 4208 Wanarpv6 - ok 08:39:20.0401 4208 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 08:39:20.0428 4208 Wd - ok 08:39:20.0525 4208 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 08:39:20.0587 4208 Wdf01000 - ok 08:39:20.0661 4208 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 08:39:20.0774 4208 winachsf - ok 08:39:20.0905 4208 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS 08:39:20.0983 4208 WinUsb - ok 08:39:21.0037 4208 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 08:39:21.0090 4208 WmiAcpi - ok 08:39:21.0224 4208 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 08:39:21.0288 4208 WpdUsb - ok 08:39:21.0346 4208 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 08:39:21.0424 4208 ws2ifsl - ok 08:39:21.0481 4208 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 08:39:21.0558 4208 WUDFRd - ok 08:39:21.0591 4208 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 08:39:21.0847 4208 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 08:39:21.0847 4208 \Device\Harddisk0\DR0 - detected TDSS File System (1) 08:39:21.0851 4208 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5 08:39:22.0324 4208 \Device\Harddisk5\DR5 - ok 08:39:22.0340 4208 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR6 08:39:22.0457 4208 \Device\Harddisk6\DR6 - ok 08:39:22.0485 4208 Boot (0x1200) (72c9b9c4bb3bbf1d1f668a4fea4533af) \Device\Harddisk0\DR0\Partition0 08:39:22.0486 4208 \Device\Harddisk0\DR0\Partition0 - ok 08:39:22.0488 4208 Boot (0x1200) (1b3678f513eb38e152e46d7d2f1d7091) \Device\Harddisk5\DR5\Partition0 08:39:22.0490 4208 \Device\Harddisk5\DR5\Partition0 - ok 08:39:22.0494 4208 Boot (0x1200) (19270f5db212c5652859b65ba4ab0cb3) \Device\Harddisk6\DR6\Partition0 08:39:22.0495 4208 \Device\Harddisk6\DR6\Partition0 - ok 08:39:22.0495 4208 ============================================================ 08:39:22.0495 4208 Scan finished 08:39:22.0495 4208 ============================================================ 08:39:22.0504 4352 Detected object count: 6 08:39:22.0504 4352 Actual detected object count: 6 08:39:53.0207 4352 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user 08:39:53.0207 4352 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:39:53.0208 4352 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user 08:39:53.0208 4352 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:39:53.0209 4352 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user 08:39:53.0209 4352 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:39:53.0210 4352 N5SG ( UnsignedFile.Multi.Generic ) - skipped by user 08:39:53.0210 4352 N5SG ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:39:53.0211 4352 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user 08:39:53.0211 4352 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:39:53.0212 4352 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 08:39:53.0212 4352 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 08:40:06.0768 4056 Deinitialize success ComboFix 12-02-08.01 - Willy 02/08/2012 8:55.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2066 [GMT -6:00] Running from: c:\users\Willy\Desktop\ComboFix.exe AV: Microsoft Forefront Client Security *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Forefront Client Security *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk c:\programdata\SPL286D.tmp c:\programdata\SPL5696.tmp c:\programdata\SPL6141.tmp c:\programdata\SPL8625.tmp c:\programdata\SPLD5D4.tmp c:\users\Willy\AppData\Roaming\inst.exe c:\users\Willy\AppData\Roaming\Microsoft\Windows\Recent\ironcad.url c:\users\Willy\g2mdlhlpx.exe c:\windows\system32\regobj.dll c:\windows\system32\setup.ini c:\windows\system32\vs2005-kb908002-enu-x86.exe c:\windows\system32\WindowsInstaller-KB893803-v2-x86.exe M:\autorun.inf . . ((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 ))))))))))))))))))))))))))))))) . . 2012-02-08 14:22 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{DF622446-0653-46DB-BF0D-CBB7518FA040}\mpengine.dll 2012-02-06 18:26 . 2012-02-06 18:27 -------- d-----w- c:\users\Darla.HomeOffice-PC\AppData\Roaming\my_app_files 2012-02-06 18:25 . 2012-02-06 18:25 -------- d-----w- c:\users\Darla.HomeOffice-PC\AppData\Roaming\BirthdayAdventure 2012-02-06 04:34 . 2012-02-06 04:34 -------- d-----w- c:\windows\CheckSur 2012-02-05 04:29 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-02-05 04:29 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2012-02-05 04:29 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll 2012-02-05 04:29 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-02-05 04:29 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-02-05 04:29 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe 2012-02-05 04:17 . 2012-02-05 04:17 -------- d-----w- c:\programdata\NortonInstaller 2012-02-05 04:17 . 2012-02-05 04:17 -------- d-----w- c:\program files\NortonInstaller 2012-02-05 03:30 . 2012-02-05 03:31 -------- d-----w- c:\users\Willy\AppData\Roaming\my_app_files 2012-02-05 03:30 . 2012-02-05 03:30 -------- d-----w- c:\users\Willy\AppData\Roaming\BirthdayAdventure 2012-02-05 03:23 . 2012-02-05 03:26 -------- d-----w- c:\program files\Dora's Big Birthday Adventure 2012-02-04 16:50 . 2012-02-04 16:50 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-04 03:20 . 2012-02-04 03:20 -------- d-----w- c:\users\Darla.HomeOffice-PC\AppData\Roaming\Malwarebytes 2012-02-03 22:59 . 2012-02-03 22:59 -------- d-----w- c:\users\Willy\AppData\Roaming\Malwarebytes 2012-02-03 22:58 . 2012-02-03 22:58 -------- d-----w- c:\programdata\Malwarebytes 2012-02-03 22:58 . 2012-02-04 04:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-03 22:58 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-03 02:57 . 2012-02-03 02:57 -------- d-----w- c:\windows\Microsoft Antimalware 2012-02-03 02:57 . 2012-02-03 02:57 -------- d-----w- c:\windows\Windows Defender Offline 2012-01-29 04:04 . 2012-01-29 04:04 -------- d-----w- c:\windows\Sun 2012-01-22 18:25 . 2012-01-22 18:25 -------- d-----w- c:\program files\iPod 2012-01-16 04:24 . 2012-01-16 04:24 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-16 04:24 . 2012-01-16 04:24 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2012-01-16 04:24 . 2012-01-16 04:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-16 04:24 . 2012-01-16 04:24 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-11 14:04 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll 2012-01-11 14:04 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll 2012-01-11 14:04 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 14:04 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll 2012-01-11 14:04 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll 2012-01-11 14:04 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-01-11 14:04 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 14:04 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-31 12:44 . 2009-10-02 06:46 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-06 04:19 . 2009-08-24 22:26 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll 2011-11-23 13:37 . 2011-12-15 00:44 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 03:31 . 2011-05-15 13:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-11 05:45 . 2011-11-11 05:45 53248 ----a-r- c:\users\Willy\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-01-16 04:24 . 2011-03-25 07:54 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-05-26 20:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f897eb0e-a3a4-46c3-80eb-2729699d8892}] 2011-05-09 09:49 176936 ----a-w- c:\program files\SmileBox_EN\prxtbSmil.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] "{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] "{F897EB0E-A3A4-46C3-80EB-2729699D8892}"= "c:\program files\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Willy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Willy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Willy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-01-19 2736128] "Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-06-02 6123032] "Eye-Fi"="c:\program files\Eye-Fi\Helper\EyeFiHelper.exe" [2011-12-22 3961464] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WifiMediaSync"="c:\program files\CCApps\Wifi Media Backup\Wifi Media Backup.exe" [2009-12-15 243200] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "Xvid"="c:\program files\XviD\CheckUpdate.exe" [2011-01-17 8192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "StxTrayMenu"="c:\program files\Seagate\SystemTray\FreeAgentLauncher.exe" [2007-01-18 79416] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240] "Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2011-02-02 1033600] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200] "UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-06-06 251744] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-18 180269] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-11-12 73728] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . c:\users\Darla.HomeOffice-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\users\Willy\AppData\Local\Temp\ONENOTEM.EXE [N/A] . c:\users\Willy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Willy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-5-2 6144] Windchill ProductPoint Client Manager.lnk - c:\windows\Installer\{129024FF-A6C9-4696-91BC-570C6C05193A}\_F5BCEE176F60B4DABC6DF8.exe [2011-4-30 1406] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk] backup=c:\windows\pss\VPN Client.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2012-01-03 13:10 815512 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2012-01-03 13:10 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-09-11 05:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW] 2008-07-14 18:42 81920 ----a-w- c:\program files\Common Files\Portrait Displays\Shared\DT_Startup.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-06-16 02:07 136176 ----atw- c:\users\Willy\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iXL_MiddleWare] 2010-04-28 08:36 52280 ----a-w- c:\program files\Fisher-Price\iXL\iXL.Middleware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware] 2007-02-09 17:17 694008 ----a-w- c:\program files\Portrait Displays\Pivot Software\wpCtrl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-05-18 12:42 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2011-01-19 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:01] . 2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:01] . 2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1986106255-517538349-219921657-1000Core.job - c:\users\Willy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-26 02:07] . 2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1986106255-517538349-219921657-1000UA.job - c:\users\Willy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-26 02:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://home.mywebsearch.com/index.jhtml?ptnrS=ZKfox000&ptb=pCCxBptJsv9yBYOF_WrRcA uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1 FF - ProfilePath - c:\users\Willy\AppData\Roaming\Mozilla\Firefox\Profiles\dk6nrk6u.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . SafeBoot-SolutoService AddRemove-_{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150} - c:\program files\Corel\Corel Painter X\MSILauncher {91CABF8F-A81C-4CB0-A1B0-D55B25F1B150} . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-08 09:07 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2012-02-08 09:11:50 ComboFix-quarantined-files.txt 2012-02-08 15:11 . Pre-Run: 680,351,715,328 bytes free Post-Run: 680,265,707,520 bytes free . - - End Of File - - 7E74F40922E374C6727B48CC9B46FA3C
  5. texaswilly
    Here is the log from the second run: 11:01:54.0386 1576 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49 11:01:54.0927 1576 ============================================================ 11:01:54.0928 1576 Current date / time: 2012/02/04 11:01:54.0927 11:01:54.0928 1576 SystemInfo: 11:01:54.0928 1576 11:01:54.0928 1576 OS Version: 6.0.6002 ServicePack: 2.0 11:01:54.0928 1576 Product type: Workstation 11:01:54.0928 1576 ComputerName: HOMEOFFICE-PC 11:01:54.0928 1576 UserName: Willy 11:01:54.0928 1576 Windows directory: C:\Windows 11:01:54.0928 1576 System windows directory: C:\Windows 11:01:54.0928 1576 Processor architecture: Intel x86 11:01:54.0928 1576 Number of processors: 4 11:01:54.0928 1576 Page size: 0x1000 11:01:54.0928 1576 Boot type: Normal boot 11:01:54.0928 1576 ============================================================ 11:01:57.0505 1576 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 11:01:57.0569 1576 Drive \Device\Harddisk5\DR5 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 11:01:57.0612 1576 Drive \Device\Harddisk6\DR6 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 11:01:57.0613 1576 \Device\Harddisk0\DR0: 11:01:57.0619 1576 MBR used 11:01:57.0619 1576 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800 11:01:57.0619 1576 \Device\Harddisk5\DR5: 11:01:57.0619 1576 MBR used 11:01:57.0619 1576 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000 11:01:57.0619 1576 \Device\Harddisk6\DR6: 11:01:57.0620 1576 MBR used 11:01:57.0620 1576 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2 11:01:58.0125 1576 Initialize success 11:01:58.0125 1576 ============================================================ 11:02:06.0120 4824 ============================================================ 11:02:06.0120 4824 Scan started 11:02:06.0120 4824 Mode: Manual; SigCheck; TDLFS; 11:02:06.0120 4824 ============================================================ 11:02:07.0665 4824 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys 11:02:07.0848 4824 61883 - ok 11:02:07.0929 4824 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 11:02:07.0958 4824 ACPI - ok 11:02:08.0014 4824 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 11:02:08.0081 4824 adp94xx - ok 11:02:08.0111 4824 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 11:02:08.0260 4824 adpahci - ok 11:02:08.0298 4824 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 11:02:08.0365 4824 adpu160m - ok 11:02:08.0421 4824 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 11:02:08.0500 4824 adpu320 - ok 11:02:08.0536 4824 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys 11:02:08.0616 4824 Afc - ok 11:02:08.0692 4824 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 11:02:08.0798 4824 AFD - ok 11:02:08.0855 4824 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 11:02:08.0913 4824 agp440 - ok 11:02:09.0115 4824 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 11:02:09.0207 4824 aic78xx - ok 11:02:09.0242 4824 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys 11:02:09.0264 4824 aliide - ok 11:02:09.0304 4824 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 11:02:09.0350 4824 amdagp - ok 11:02:09.0388 4824 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys 11:02:09.0412 4824 amdide - ok 11:02:09.0445 4824 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 11:02:09.0526 4824 AmdK7 - ok 11:02:09.0568 4824 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 11:02:09.0649 4824 AmdK8 - ok 11:02:09.0709 4824 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 11:02:09.0755 4824 arc - ok 11:02:09.0788 4824 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 11:02:09.0825 4824 arcsas - ok 11:02:09.0892 4824 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys 11:02:09.0949 4824 ASPI32 ( UnsignedFile.Multi.Generic ) - warning 11:02:09.0949 4824 ASPI32 - detected UnsignedFile.Multi.Generic (1) 11:02:09.0993 4824 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 11:02:10.0049 4824 AsyncMac - ok 11:02:10.0099 4824 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 11:02:10.0117 4824 atapi - ok 11:02:10.0211 4824 atikmdag (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys 11:02:10.0358 4824 atikmdag - ok 11:02:10.0443 4824 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys 11:02:10.0505 4824 Avc - ok 11:02:10.0536 4824 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 11:02:10.0591 4824 Beep - ok 11:02:10.0604 4824 blbdrive - ok 11:02:10.0669 4824 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 11:02:10.0731 4824 bowser - ok 11:02:10.0751 4824 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 11:02:10.0832 4824 BrFiltLo - ok 11:02:10.0865 4824 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 11:02:10.0919 4824 BrFiltUp - ok 11:02:10.0983 4824 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 11:02:11.0072 4824 Brserid - ok 11:02:11.0150 4824 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 11:02:11.0308 4824 BrSerWdm - ok 11:02:11.0352 4824 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 11:02:11.0425 4824 BrUsbMdm - ok 11:02:11.0456 4824 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 11:02:11.0541 4824 BrUsbSer - ok 11:02:11.0580 4824 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 11:02:11.0672 4824 BTHMODEM - ok 11:02:11.0731 4824 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 11:02:11.0837 4824 cdfs - ok 11:02:11.0889 4824 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 11:02:11.0977 4824 cdrom - ok 11:02:12.0018 4824 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 11:02:12.0093 4824 circlass - ok 11:02:12.0164 4824 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 11:02:12.0215 4824 CLFS - ok 11:02:12.0284 4824 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys 11:02:12.0310 4824 cmdide - ok 11:02:12.0350 4824 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 11:02:12.0413 4824 Compbatt - ok 11:02:12.0474 4824 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 11:02:12.0500 4824 crcdisk - ok 11:02:12.0529 4824 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 11:02:12.0767 4824 Crusoe - ok 11:02:12.0815 4824 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys 11:02:12.0970 4824 CVirtA - ok 11:02:13.0083 4824 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys 11:02:13.0147 4824 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning 11:02:13.0147 4824 CVPNDRVA - detected UnsignedFile.Multi.Generic (1) 11:02:13.0178 4824 dbhjcjpf - ok 11:02:13.0230 4824 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 11:02:13.0407 4824 DfsC - ok 11:02:13.0676 4824 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys 11:02:13.0816 4824 DgiVecp ( UnsignedFile.Multi.Generic ) - warning 11:02:13.0816 4824 DgiVecp - detected UnsignedFile.Multi.Generic (1) 11:02:13.0868 4824 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 11:02:13.0913 4824 disk - ok 11:02:13.0940 4824 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys 11:02:13.0958 4824 DNE - ok 11:02:13.0985 4824 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 11:02:14.0036 4824 drmkaud - ok 11:02:14.0139 4824 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 11:02:14.0176 4824 DXGKrnl - ok 11:02:14.0374 4824 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys 11:02:14.0481 4824 e1express - ok 11:02:14.0510 4824 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 11:02:14.0630 4824 E1G60 - ok 11:02:14.0674 4824 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 11:02:14.0725 4824 Ecache - ok 11:02:14.0780 4824 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 11:02:14.0968 4824 elxstor - ok 11:02:15.0042 4824 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 11:02:15.0180 4824 exfat - ok 11:02:15.0211 4824 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 11:02:15.0302 4824 fastfat - ok 11:02:15.0366 4824 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 11:02:15.0464 4824 fdc - ok 11:02:15.0557 4824 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 11:02:15.0609 4824 FileInfo - ok 11:02:15.0756 4824 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 11:02:15.0828 4824 Filetrace - ok 11:02:15.0852 4824 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 11:02:15.0912 4824 flpydisk - ok 11:02:16.0014 4824 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 11:02:16.0088 4824 FltMgr - ok 11:02:16.0147 4824 FlyUsb (85e5ad3a9d56fd6f92db5fc9ca62e2e4) C:\Windows\system32\DRIVERS\FlyUsb.sys 11:02:16.0271 4824 FlyUsb - ok 11:02:16.0333 4824 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys 11:02:16.0367 4824 fssfltr - ok 11:02:16.0405 4824 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 11:02:16.0442 4824 Fs_Rec - ok 11:02:16.0541 4824 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 11:02:16.0591 4824 gagp30kx - ok 11:02:16.0623 4824 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 11:02:16.0665 4824 GEARAspiWDM - ok 11:02:16.0764 4824 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 11:02:16.0858 4824 HdAudAddService - ok 11:02:17.0031 4824 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 11:02:17.0114 4824 HDAudBus - ok 11:02:17.0282 4824 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 11:02:17.0346 4824 HidBth - ok 11:02:17.0438 4824 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 11:02:17.0553 4824 HidIr - ok 11:02:17.0622 4824 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 11:02:17.0658 4824 HidUsb - ok 11:02:17.0820 4824 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 11:02:17.0853 4824 HpCISSs - ok 11:02:17.0993 4824 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 11:02:18.0171 4824 HTTP - ok 11:02:18.0191 4824 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 11:02:18.0242 4824 i2omp - ok 11:02:18.0294 4824 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 11:02:18.0350 4824 i8042prt - ok 11:02:18.0380 4824 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 11:02:18.0430 4824 iaStorV - ok 11:02:18.0451 4824 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 11:02:18.0488 4824 iirsp - ok 11:02:18.0536 4824 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys 11:02:18.0560 4824 intelide - ok 11:02:18.0587 4824 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 11:02:18.0643 4824 intelppm - ok 11:02:18.0703 4824 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:02:18.0778 4824 IpFilterDriver - ok 11:02:18.0797 4824 IpInIp - ok 11:02:18.0859 4824 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 11:02:18.0963 4824 IPMIDRV - ok 11:02:18.0999 4824 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 11:02:19.0156 4824 IPNAT - ok 11:02:19.0369 4824 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 11:02:19.0473 4824 IRENUM - ok 11:02:19.0622 4824 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 11:02:19.0756 4824 isapnp - ok 11:02:19.0805 4824 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 11:02:19.0829 4824 iScsiPrt - ok 11:02:19.0854 4824 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 11:02:19.0876 4824 iteatapi - ok 11:02:19.0915 4824 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 11:02:19.0949 4824 iteraid - ok 11:02:19.0986 4824 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 11:02:20.0024 4824 kbdclass - ok 11:02:20.0063 4824 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 11:02:20.0152 4824 kbdhid - ok 11:02:20.0231 4824 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 11:02:20.0304 4824 KSecDD - ok 11:02:20.0365 4824 LHidFilt (8b30311241f97b35167afe68d79e8530) C:\Windows\system32\DRIVERS\LHidFilt.Sys 11:02:20.0405 4824 LHidFilt - ok 11:02:20.0519 4824 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 11:02:20.0580 4824 lltdio - ok 11:02:20.0617 4824 LMouFilt (48d7422a6c4eec886b56ac534cfa3acf) C:\Windows\system32\DRIVERS\LMouFilt.Sys 11:02:20.0654 4824 LMouFilt - ok 11:02:20.0688 4824 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 11:02:20.0715 4824 LSI_FC - ok 11:02:20.0741 4824 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 11:02:20.0786 4824 LSI_SAS - ok 11:02:20.0837 4824 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 11:02:20.0893 4824 LSI_SCSI - ok 11:02:20.0966 4824 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 11:02:21.0063 4824 luafv - ok 11:02:21.0129 4824 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\Drivers\LVPr2Mon.sys 11:02:21.0165 4824 LVPr2Mon - ok 11:02:21.0221 4824 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys 11:02:21.0292 4824 LVRS - ok 11:02:21.0399 4824 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\Windows\system32\drivers\LVUSBSta.sys 11:02:21.0473 4824 LVUSBSta - ok 11:02:21.0644 4824 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys 11:02:21.0886 4824 LVUVC - ok 11:02:21.0920 4824 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys 11:02:21.0940 4824 MBAMProtector - ok 11:02:21.0983 4824 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 11:02:22.0047 4824 megasas - ok 11:02:22.0085 4824 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 11:02:22.0130 4824 Modem - ok 11:02:22.0216 4824 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 11:02:22.0273 4824 monitor - ok 11:02:22.0298 4824 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 11:02:22.0335 4824 mouclass - ok 11:02:22.0510 4824 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 11:02:22.0611 4824 mouhid - ok 11:02:22.0690 4824 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 11:02:22.0801 4824 MountMgr - ok 11:02:22.0881 4824 MpFilter (356842aac621ab40f18992c01a590f71) C:\Windows\system32\DRIVERS\MpFilter.sys 11:02:22.0913 4824 MpFilter - ok 11:02:22.0945 4824 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 11:02:22.0997 4824 mpio - ok 11:02:23.0185 4824 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 11:02:23.0255 4824 mpsdrv - ok 11:02:23.0301 4824 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 11:02:23.0454 4824 Mraid35x - ok 11:02:23.0526 4824 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 11:02:23.0561 4824 MRxDAV - ok 11:02:23.0619 4824 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 11:02:23.0714 4824 mrxsmb - ok 11:02:23.0799 4824 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:02:23.0852 4824 mrxsmb10 - ok 11:02:23.0870 4824 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:02:23.0965 4824 mrxsmb20 - ok 11:02:24.0042 4824 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys 11:02:24.0168 4824 msahci - ok 11:02:24.0213 4824 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 11:02:24.0408 4824 msdsm - ok 11:02:24.0482 4824 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys 11:02:24.0624 4824 MSDV - ok 11:02:24.0897 4824 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 11:02:24.0997 4824 Msfs - ok 11:02:25.0150 4824 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 11:02:25.0175 4824 msisadrv - ok 11:02:25.0268 4824 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 11:02:25.0390 4824 MSKSSRV - ok 11:02:25.0446 4824 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 11:02:25.0475 4824 MSPCLOCK - ok 11:02:25.0548 4824 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 11:02:25.0668 4824 MSPQM - ok 11:02:25.0743 4824 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 11:02:25.0831 4824 MsRPC - ok 11:02:25.0980 4824 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 11:02:26.0004 4824 mssmbios - ok 11:02:26.0047 4824 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 11:02:26.0165 4824 MSTEE - ok 11:02:26.0172 4824 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 11:02:26.0221 4824 Mup - ok 11:02:26.0324 4824 N5SG (77dad453144952e7cec56ac6e2061fd7) C:\Windows\system32\DRIVERS\N5SG.sys 11:02:26.0385 4824 N5SG ( UnsignedFile.Multi.Generic ) - warning 11:02:26.0385 4824 N5SG - detected UnsignedFile.Multi.Generic (1) 11:02:26.0582 4824 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 11:02:26.0731 4824 NativeWifiP - ok 11:02:26.0855 4824 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 11:02:26.0966 4824 NDIS - ok 11:02:26.0986 4824 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 11:02:27.0071 4824 NdisTapi - ok 11:02:27.0132 4824 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 11:02:27.0197 4824 Ndisuio - ok 11:02:27.0224 4824 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 11:02:27.0273 4824 NdisWan - ok 11:02:27.0322 4824 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 11:02:27.0405 4824 NDProxy - ok 11:02:27.0433 4824 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 11:02:27.0502 4824 NetBIOS - ok 11:02:27.0532 4824 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 11:02:27.0651 4824 netbt - ok 11:02:27.0779 4824 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 11:02:27.0834 4824 nfrd960 - ok 11:02:27.0843 4824 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 11:02:27.0917 4824 Npfs - ok 11:02:27.0948 4824 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 11:02:28.0038 4824 nsiproxy - ok 11:02:28.0156 4824 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 11:02:28.0399 4824 Ntfs - ok 11:02:28.0442 4824 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 11:02:28.0526 4824 ntrigdigi - ok 11:02:28.0538 4824 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 11:02:28.0568 4824 Null - ok 11:02:28.0612 4824 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys 11:02:28.0700 4824 nvraid - ok 11:02:28.0732 4824 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys 11:02:28.0897 4824 nvstor - ok 11:02:28.0923 4824 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 11:02:28.0996 4824 nv_agp - ok 11:02:29.0015 4824 NwlnkFlt - ok 11:02:29.0024 4824 NwlnkFwd - ok 11:02:29.0076 4824 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 11:02:29.0155 4824 ohci1394 - ok 11:02:29.0169 4824 OMCI - ok 11:02:29.0238 4824 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 11:02:29.0367 4824 Parport - ok 11:02:29.0417 4824 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 11:02:29.0468 4824 partmgr - ok 11:02:29.0485 4824 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 11:02:29.0539 4824 Parvdm - ok 11:02:29.0587 4824 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 11:02:29.0599 4824 pci - ok 11:02:29.0635 4824 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 11:02:29.0661 4824 pciide - ok 11:02:29.0687 4824 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 11:02:29.0724 4824 pcmcia - ok 11:02:29.0793 4824 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys 11:02:29.0911 4824 pcouffin - ok 11:02:29.0974 4824 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys 11:02:30.0004 4824 PdiPorts - ok 11:02:30.0048 4824 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 11:02:30.0170 4824 PEAUTH - ok 11:02:30.0297 4824 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 11:02:30.0383 4824 PptpMiniport - ok 11:02:30.0416 4824 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 11:02:30.0488 4824 Processor - ok 11:02:30.0544 4824 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 11:02:30.0631 4824 PSched - ok 11:02:30.0659 4824 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys 11:02:30.0705 4824 PxHelp20 - ok 11:02:30.0775 4824 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 11:02:30.0848 4824 ql2300 - ok 11:02:30.0905 4824 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 11:02:31.0093 4824 ql40xx - ok 11:02:31.0126 4824 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 11:02:31.0227 4824 QWAVEdrv - ok 11:02:31.0350 4824 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 11:02:31.0424 4824 RasAcd - ok 11:02:31.0453 4824 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 11:02:31.0554 4824 Rasl2tp - ok 11:02:31.0618 4824 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 11:02:31.0674 4824 RasPppoe - ok 11:02:31.0700 4824 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 11:02:31.0790 4824 RasSstp - ok 11:02:31.0944 4824 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 11:02:32.0036 4824 rdbss - ok 11:02:32.0077 4824 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 11:02:32.0121 4824 RDPCDD - ok 11:02:32.0355 4824 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 11:02:32.0448 4824 rdpdr - ok 11:02:32.0521 4824 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 11:02:32.0553 4824 RDPENCDD - ok 11:02:32.0590 4824 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 11:02:32.0695 4824 RDPWD - ok 11:02:32.0848 4824 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys 11:02:32.0960 4824 RimUsb - ok 11:02:33.0139 4824 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys 11:02:33.0264 4824 RimVSerPort - ok 11:02:33.0322 4824 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys 11:02:33.0353 4824 ROOTMODEM - ok 11:02:33.0499 4824 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 11:02:33.0609 4824 rspndr - ok 11:02:33.0659 4824 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 11:02:33.0744 4824 sbp2port - ok 11:02:33.0765 4824 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 11:02:33.0845 4824 secdrv - ok 11:02:33.0910 4824 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\Windows\System32\Drivers\SENTINEL.SYS 11:02:34.0164 4824 Sentinel - ok 11:02:34.0236 4824 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 11:02:34.0327 4824 Serenum - ok 11:02:34.0599 4824 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 11:02:34.0700 4824 Serial - ok 11:02:34.0956 4824 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 11:02:35.0042 4824 sermouse - ok 11:02:35.0260 4824 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 11:02:35.0417 4824 sffdisk - ok 11:02:35.0730 4824 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 11:02:35.0831 4824 sffp_mmc - ok 11:02:35.0912 4824 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 11:02:35.0996 4824 sffp_sd - ok 11:02:36.0291 4824 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 11:02:36.0357 4824 sfloppy - ok 11:02:36.0414 4824 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 11:02:36.0460 4824 sisagp - ok 11:02:36.0513 4824 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 11:02:36.0547 4824 SiSRaid2 - ok 11:02:36.0584 4824 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 11:02:36.0632 4824 SiSRaid4 - ok 11:02:36.0761 4824 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 11:02:36.0853 4824 Smb - ok 11:02:37.0043 4824 SNTNLUSB (ce724fc3ef8468bbab146ca1793c66dc) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS 11:02:37.0083 4824 SNTNLUSB - ok 11:02:37.0113 4824 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 11:02:37.0142 4824 spldr - ok 11:02:37.0233 4824 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys 11:02:37.0233 4824 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9 11:02:37.0235 4824 sptd ( LockedFile.Multi.Generic ) - warning 11:02:37.0235 4824 sptd - detected LockedFile.Multi.Generic (1) 11:02:37.0387 4824 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 11:02:37.0486 4824 srv - ok 11:02:37.0554 4824 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 11:02:37.0597 4824 srv2 - ok 11:02:37.0624 4824 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 11:02:37.0711 4824 srvnet - ok 11:02:37.0780 4824 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys 11:02:37.0877 4824 SSPORT ( UnsignedFile.Multi.Generic ) - warning 11:02:37.0877 4824 SSPORT - detected UnsignedFile.Multi.Generic (1) 11:02:37.0975 4824 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 11:02:37.0999 4824 swenum - ok 11:02:38.0121 4824 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 11:02:38.0163 4824 Symc8xx - ok 11:02:38.0200 4824 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 11:02:38.0245 4824 Sym_hi - ok 11:02:38.0333 4824 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 11:02:38.0367 4824 Sym_u3 - ok 11:02:38.0551 4824 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 11:02:38.0651 4824 Tcpip - ok 11:02:38.0686 4824 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 11:02:38.0728 4824 Tcpip6 - ok 11:02:38.0762 4824 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 11:02:38.0839 4824 tcpipreg - ok 11:02:38.0885 4824 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 11:02:38.0968 4824 TDPIPE - ok 11:02:39.0107 4824 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 11:02:39.0156 4824 TDTCP - ok 11:02:39.0215 4824 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 11:02:39.0308 4824 tdx - ok 11:02:39.0375 4824 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 11:02:39.0426 4824 TermDD - ok 11:02:39.0473 4824 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 11:02:39.0519 4824 tssecsrv - ok 11:02:39.0550 4824 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 11:02:39.0651 4824 tunmp - ok 11:02:39.0706 4824 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 11:02:39.0766 4824 tunnel - ok 11:02:39.0843 4824 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 11:02:39.0903 4824 uagp35 - ok 11:02:39.0948 4824 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 11:02:39.0991 4824 udfs - ok 11:02:40.0015 4824 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 11:02:40.0067 4824 uliagpkx - ok 11:02:40.0171 4824 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 11:02:40.0286 4824 uliahci - ok 11:02:40.0311 4824 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 11:02:40.0348 4824 UlSata - ok 11:02:40.0371 4824 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 11:02:40.0408 4824 ulsata2 - ok 11:02:40.0436 4824 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 11:02:40.0509 4824 umbus - ok 11:02:40.0617 4824 USB28xxBGA (48bfa9c9145b7527aa8849c974756461) C:\Windows\system32\DRIVERS\emBDA.sys 11:02:40.0877 4824 USB28xxBGA - ok 11:02:40.0921 4824 USB28xxOEM (9053737716744587b748cf7aaa424758) C:\Windows\system32\DRIVERS\emOEM.sys 11:02:40.0978 4824 USB28xxOEM - ok 11:02:41.0047 4824 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 11:02:41.0140 4824 USBAAPL - ok 11:02:41.0186 4824 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 11:02:41.0273 4824 usbaudio - ok 11:02:41.0369 4824 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 11:02:41.0453 4824 usbccgp - ok 11:02:41.0488 4824 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 11:02:41.0587 4824 usbcir - ok 11:02:41.0608 4824 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 11:02:41.0663 4824 usbehci - ok 11:02:41.0699 4824 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 11:02:41.0763 4824 usbhub - ok 11:02:41.0788 4824 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 11:02:41.0837 4824 usbohci - ok 11:02:41.0861 4824 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 11:02:41.0943 4824 usbprint - ok 11:02:41.0974 4824 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 11:02:42.0025 4824 usbscan - ok 11:02:42.0033 4824 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:02:42.0099 4824 USBSTOR - ok 11:02:42.0133 4824 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 11:02:42.0171 4824 usbuhci - ok 11:02:42.0210 4824 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys 11:02:42.0305 4824 usbvideo - ok 11:02:42.0487 4824 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 11:02:42.0549 4824 vga - ok 11:02:42.0685 4824 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 11:02:42.0735 4824 VgaSave - ok 11:02:42.0770 4824 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 11:02:42.0817 4824 viaagp - ok 11:02:42.0834 4824 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 11:02:42.0925 4824 ViaC7 - ok 11:02:42.0967 4824 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys 11:02:43.0010 4824 viaide - ok 11:02:43.0068 4824 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 11:02:43.0115 4824 volmgr - ok 11:02:43.0268 4824 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 11:02:43.0313 4824 volmgrx - ok 11:02:43.0352 4824 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 11:02:43.0399 4824 volsnap - ok 11:02:43.0440 4824 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 11:02:43.0502 4824 vsmraid - ok 11:02:43.0543 4824 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS 11:02:43.0629 4824 VSTHWBS2 - ok 11:02:43.0670 4824 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 11:02:43.0758 4824 VST_DPV - ok 11:02:43.0819 4824 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 11:02:43.0878 4824 WacomPen - ok 11:02:43.0920 4824 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 11:02:44.0003 4824 Wanarp - ok 11:02:44.0007 4824 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 11:02:44.0048 4824 Wanarpv6 - ok 11:02:44.0073 4824 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 11:02:44.0101 4824 Wd - ok 11:02:44.0146 4824 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 11:02:44.0236 4824 Wdf01000 - ok 11:02:44.0291 4824 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 11:02:44.0388 4824 winachsf - ok 11:02:44.0459 4824 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS 11:02:44.0521 4824 WinUsb - ok 11:02:44.0559 4824 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 11:02:44.0613 4824 WmiAcpi - ok 11:02:44.0746 4824 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 11:02:44.0810 4824 WpdUsb - ok 11:02:44.0880 4824 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 11:02:44.0937 4824 ws2ifsl - ok 11:02:44.0985 4824 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 11:02:45.0065 4824 WUDFRd - ok 11:02:45.0095 4824 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 11:02:45.0235 4824 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 11:02:45.0235 4824 \Device\Harddisk0\DR0 - detected TDSS File System (1) 11:02:45.0239 4824 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5 11:02:45.0708 4824 \Device\Harddisk5\DR5 - ok 11:02:45.0728 4824 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR6 11:02:45.0845 4824 \Device\Harddisk6\DR6 - ok 11:02:45.0855 4824 Boot (0x1200) (72c9b9c4bb3bbf1d1f668a4fea4533af) \Device\Harddisk0\DR0\Partition0 11:02:45.0856 4824 \Device\Harddisk0\DR0\Partition0 - ok 11:02:45.0859 4824 Boot (0x1200) (1b3678f513eb38e152e46d7d2f1d7091) \Device\Harddisk5\DR5\Partition0 11:02:45.0860 4824 \Device\Harddisk5\DR5\Partition0 - ok 11:02:45.0863 4824 Boot (0x1200) (19270f5db212c5652859b65ba4ab0cb3) \Device\Harddisk6\DR6\Partition0 11:02:45.0864 4824 \Device\Harddisk6\DR6\Partition0 - ok 11:02:45.0864 4824 ============================================================ 11:02:45.0864 4824 Scan finished 11:02:45.0864 4824 ============================================================ 11:02:45.0872 5640 Detected object count: 7 11:02:45.0872 5640 Actual detected object count: 7 11:03:33.0049 5640 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user 11:03:33.0049 5640 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:03:33.0050 5640 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user 11:03:33.0050 5640 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:03:33.0051 5640 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user 11:03:33.0051 5640 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:03:33.0052 5640 N5SG ( UnsignedFile.Multi.Generic ) - skipped by user 11:03:33.0052 5640 N5SG ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:03:33.0053 5640 sptd ( LockedFile.Multi.Generic ) - skipped by user 11:03:33.0053 5640 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 11:03:33.0054 5640 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user 11:03:33.0054 5640 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:03:33.0055 5640 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 11:03:33.0055 5640 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 11:03:48.0518 4108 Deinitialize success
  6. texaswilly
    Here is the first one, I finally figured out it was on the c:\ directory: 10:48:44.0644 2268 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49 10:48:45.0035 2268 ============================================================ 10:48:45.0035 2268 Current date / time: 2012/02/04 10:48:45.0035 10:48:45.0035 2268 SystemInfo: 10:48:45.0035 2268 10:48:45.0035 2268 OS Version: 6.0.6002 ServicePack: 2.0 10:48:45.0035 2268 Product type: Workstation 10:48:45.0035 2268 ComputerName: HOMEOFFICE-PC 10:48:45.0035 2268 UserName: Willy 10:48:45.0035 2268 Windows directory: C:\Windows 10:48:45.0035 2268 System windows directory: C:\Windows 10:48:45.0035 2268 Processor architecture: Intel x86 10:48:45.0035 2268 Number of processors: 4 10:48:45.0035 2268 Page size: 0x1000 10:48:45.0035 2268 Boot type: Normal boot 10:48:45.0035 2268 ============================================================ 10:48:46.0425 2268 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 10:48:56.0809 2268 Drive \Device\Harddisk5\DR5 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 10:49:06.0013 2268 Drive \Device\Harddisk6\DR6 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 10:49:06.0014 2268 \Device\Harddisk0\DR0: 10:49:06.0014 2268 MBR used 10:49:06.0014 2268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800 10:49:06.0014 2268 \Device\Harddisk5\DR5: 10:49:06.0014 2268 MBR used 10:49:06.0014 2268 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000 10:49:06.0014 2268 \Device\Harddisk6\DR6: 10:49:06.0015 2268 MBR used 10:49:06.0015 2268 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2 10:49:06.0516 2268 Initialize success 10:49:06.0516 2268 ============================================================ 10:49:27.0739 6200 ============================================================ 10:49:27.0739 6200 Scan started 10:49:27.0739 6200 Mode: Manual; SigCheck; TDLFS; 10:49:27.0739 6200 ============================================================ 10:49:28.0612 6200 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys 10:49:28.0796 6200 61883 - ok 10:49:28.0835 6200 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 10:49:28.0866 6200 ACPI - ok 10:49:28.0920 6200 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 10:49:28.0949 6200 adp94xx - ok 10:49:28.0983 6200 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 10:49:29.0051 6200 adpahci - ok 10:49:29.0088 6200 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 10:49:29.0117 6200 adpu160m - ok 10:49:29.0153 6200 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 10:49:29.0185 6200 adpu320 - ok 10:49:29.0217 6200 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys 10:49:29.0286 6200 Afc - ok 10:49:29.0350 6200 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 10:49:29.0414 6200 AFD - ok 10:49:29.0478 6200 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 10:49:29.0506 6200 agp440 - ok 10:49:29.0540 6200 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 10:49:29.0566 6200 aic78xx - ok 10:49:29.0608 6200 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys 10:49:29.0623 6200 aliide - ok 10:49:29.0653 6200 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 10:49:29.0682 6200 amdagp - ok 10:49:29.0713 6200 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys 10:49:29.0729 6200 amdide - ok 10:49:29.0762 6200 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 10:49:29.0911 6200 AmdK7 - ok 10:49:29.0943 6200 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 10:49:30.0016 6200 AmdK8 - ok 10:49:30.0076 6200 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 10:49:30.0103 6200 arc - ok 10:49:30.0138 6200 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 10:49:30.0164 6200 arcsas - ok 10:49:30.0217 6200 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys 10:49:30.0284 6200 ASPI32 ( UnsignedFile.Multi.Generic ) - warning 10:49:30.0284 6200 ASPI32 - detected UnsignedFile.Multi.Generic (1) 10:49:30.0326 6200 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 10:49:30.0392 6200 AsyncMac - ok 10:49:30.0440 6200 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 10:49:30.0458 6200 atapi - ok 10:49:30.0519 6200 atikmdag (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys 10:49:30.0641 6200 atikmdag - ok 10:49:30.0685 6200 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys 10:49:30.0754 6200 Avc - ok 10:49:30.0787 6200 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 10:49:30.0841 6200 Beep - ok 10:49:30.0864 6200 blbdrive - ok 10:49:30.0919 6200 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 10:49:31.0002 6200 bowser - ok 10:49:31.0026 6200 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 10:49:31.0075 6200 BrFiltLo - ok 10:49:31.0108 6200 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 10:49:31.0178 6200 BrFiltUp - ok 10:49:31.0208 6200 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 10:49:31.0269 6200 Brserid - ok 10:49:31.0300 6200 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 10:49:31.0380 6200 BrSerWdm - ok 10:49:31.0412 6200 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 10:49:31.0468 6200 BrUsbMdm - ok 10:49:31.0507 6200 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 10:49:31.0568 6200 BrUsbSer - ok 10:49:31.0606 6200 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 10:49:31.0689 6200 BTHMODEM - ok 10:49:31.0746 6200 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 10:49:31.0847 6200 cdfs - ok 10:49:31.0899 6200 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 10:49:31.0941 6200 cdrom - ok 10:49:31.0978 6200 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 10:49:32.0031 6200 circlass - ok 10:49:32.0083 6200 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 10:49:32.0115 6200 CLFS - ok 10:49:32.0211 6200 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys 10:49:32.0228 6200 cmdide - ok 10:49:32.0277 6200 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 10:49:32.0295 6200 Compbatt - ok 10:49:32.0318 6200 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 10:49:32.0336 6200 crcdisk - ok 10:49:32.0398 6200 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 10:49:32.0452 6200 Crusoe - ok 10:49:32.0493 6200 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys 10:49:32.0548 6200 CVirtA - ok 10:49:32.0645 6200 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys 10:49:32.0701 6200 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning 10:49:32.0701 6200 CVPNDRVA - detected UnsignedFile.Multi.Generic (1) 10:49:32.0846 6200 dbhjcjpf - ok 10:49:32.0925 6200 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 10:49:33.0013 6200 DfsC - ok 10:49:33.0047 6200 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys 10:49:33.0117 6200 DgiVecp ( UnsignedFile.Multi.Generic ) - warning 10:49:33.0117 6200 DgiVecp - detected UnsignedFile.Multi.Generic (1) 10:49:33.0157 6200 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 10:49:33.0188 6200 disk - ok 10:49:33.0237 6200 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys 10:49:33.0268 6200 DNE - ok 10:49:33.0290 6200 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 10:49:33.0340 6200 drmkaud - ok 10:49:33.0410 6200 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 10:49:33.0475 6200 DXGKrnl - ok 10:49:33.0553 6200 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys 10:49:33.0607 6200 e1express - ok 10:49:33.0649 6200 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 10:49:33.0744 6200 E1G60 - ok 10:49:33.0788 6200 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 10:49:33.0820 6200 Ecache - ok 10:49:33.0845 6200 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 10:49:33.0871 6200 elxstor - ok 10:49:33.0907 6200 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 10:49:33.0952 6200 exfat - ok 10:49:33.0994 6200 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 10:49:34.0057 6200 fastfat - ok 10:49:34.0099 6200 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 10:49:34.0188 6200 fdc - ok 10:49:34.0216 6200 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 10:49:34.0246 6200 FileInfo - ok 10:49:34.0273 6200 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 10:49:34.0326 6200 Filetrace - ok 10:49:34.0361 6200 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 10:49:34.0409 6200 flpydisk - ok 10:49:34.0437 6200 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 10:49:34.0467 6200 FltMgr - ok 10:49:34.0531 6200 FlyUsb (85e5ad3a9d56fd6f92db5fc9ca62e2e4) C:\Windows\system32\DRIVERS\FlyUsb.sys 10:49:34.0599 6200 FlyUsb - ok 10:49:34.0660 6200 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys 10:49:34.0684 6200 fssfltr - ok 10:49:34.0732 6200 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 10:49:34.0797 6200 Fs_Rec - ok 10:49:34.0835 6200 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 10:49:34.0863 6200 gagp30kx - ok 10:49:34.0892 6200 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 10:49:34.0914 6200 GEARAspiWDM - ok 10:49:34.0991 6200 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 10:49:35.0077 6200 HdAudAddService - ok 10:49:35.0133 6200 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 10:49:35.0207 6200 HDAudBus - ok 10:49:35.0252 6200 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 10:49:35.0304 6200 HidBth - ok 10:49:35.0334 6200 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 10:49:35.0476 6200 HidIr - ok 10:49:35.0512 6200 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 10:49:35.0539 6200 HidUsb - ok 10:49:35.0574 6200 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 10:49:35.0595 6200 HpCISSs - ok 10:49:35.0638 6200 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 10:49:35.0718 6200 HTTP - ok 10:49:35.0771 6200 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 10:49:35.0790 6200 i2omp - ok 10:49:35.0850 6200 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 10:49:35.0887 6200 i8042prt - ok 10:49:35.0919 6200 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 10:49:35.0948 6200 iaStorV - ok 10:49:35.0974 6200 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 10:49:35.0997 6200 iirsp - ok 10:49:36.0042 6200 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys 10:49:36.0059 6200 intelide - ok 10:49:36.0084 6200 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 10:49:36.0171 6200 intelppm - ok 10:49:36.0200 6200 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:49:36.0242 6200 IpFilterDriver - ok 10:49:36.0251 6200 IpInIp - ok 10:49:36.0273 6200 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 10:49:36.0359 6200 IPMIDRV - ok 10:49:36.0413 6200 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 10:49:36.0448 6200 IPNAT - ok 10:49:36.0510 6200 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 10:49:36.0572 6200 IRENUM - ok 10:49:36.0596 6200 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 10:49:36.0622 6200 isapnp - ok 10:49:36.0664 6200 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 10:49:36.0689 6200 iScsiPrt - ok 10:49:36.0713 6200 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 10:49:36.0734 6200 iteatapi - ok 10:49:36.0757 6200 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 10:49:36.0780 6200 iteraid - ok 10:49:36.0812 6200 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 10:49:36.0836 6200 kbdclass - ok 10:49:36.0847 6200 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 10:49:36.0911 6200 kbdhid - ok 10:49:36.0990 6200 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 10:49:37.0064 6200 KSecDD - ok 10:49:37.0125 6200 LHidFilt (8b30311241f97b35167afe68d79e8530) C:\Windows\system32\DRIVERS\LHidFilt.Sys 10:49:37.0148 6200 LHidFilt - ok 10:49:37.0204 6200 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 10:49:37.0248 6200 lltdio - ok 10:49:37.0285 6200 LMouFilt (48d7422a6c4eec886b56ac534cfa3acf) C:\Windows\system32\DRIVERS\LMouFilt.Sys 10:49:37.0292 6200 LMouFilt - ok 10:49:37.0315 6200 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 10:49:37.0342 6200 LSI_FC - ok 10:49:37.0376 6200 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 10:49:37.0404 6200 LSI_SAS - ok 10:49:37.0439 6200 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 10:49:37.0466 6200 LSI_SCSI - ok 10:49:37.0501 6200 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 10:49:37.0573 6200 luafv - ok 10:49:37.0639 6200 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\Drivers\LVPr2Mon.sys 10:49:37.0661 6200 LVPr2Mon - ok 10:49:37.0715 6200 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys 10:49:37.0754 6200 LVRS - ok 10:49:37.0802 6200 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\Windows\system32\drivers\LVUSBSta.sys 10:49:37.0824 6200 LVUSBSta - ok 10:49:37.0938 6200 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys 10:49:38.0124 6200 LVUVC - ok 10:49:38.0157 6200 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys 10:49:38.0183 6200 MBAMProtector - ok 10:49:38.0211 6200 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 10:49:38.0231 6200 megasas - ok 10:49:38.0265 6200 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 10:49:38.0324 6200 Modem - ok 10:49:38.0395 6200 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 10:49:38.0470 6200 monitor - ok 10:49:38.0510 6200 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 10:49:38.0532 6200 mouclass - ok 10:49:38.0548 6200 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 10:49:38.0626 6200 mouhid - ok 10:49:38.0662 6200 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 10:49:38.0691 6200 MountMgr - ok 10:49:38.0737 6200 MpFilter (356842aac621ab40f18992c01a590f71) C:\Windows\system32\DRIVERS\MpFilter.sys 10:49:38.0757 6200 MpFilter - ok 10:49:38.0792 6200 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 10:49:38.0822 6200 mpio - ok 10:49:38.0850 6200 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 10:49:38.0895 6200 mpsdrv - ok 10:49:38.0974 6200 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 10:49:38.0994 6200 Mraid35x - ok 10:49:39.0050 6200 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 10:49:39.0094 6200 MRxDAV - ok 10:49:39.0151 6200 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 10:49:39.0281 6200 mrxsmb - ok 10:49:39.0347 6200 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:49:39.0377 6200 mrxsmb10 - ok 10:49:39.0393 6200 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:49:39.0465 6200 mrxsmb20 - ok 10:49:39.0533 6200 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys 10:49:39.0550 6200 msahci - ok 10:49:39.0588 6200 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 10:49:39.0622 6200 msdsm - ok 10:49:39.0707 6200 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys 10:49:39.0767 6200 MSDV - ok 10:49:39.0791 6200 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 10:49:39.0870 6200 Msfs - ok 10:49:39.0894 6200 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 10:49:39.0912 6200 msisadrv - ok 10:49:39.0937 6200 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 10:49:40.0011 6200 MSKSSRV - ok 10:49:40.0058 6200 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 10:49:40.0086 6200 MSPCLOCK - ok 10:49:40.0101 6200 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 10:49:40.0130 6200 MSPQM - ok 10:49:40.0181 6200 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 10:49:40.0230 6200 MsRPC - ok 10:49:40.0244 6200 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 10:49:40.0269 6200 mssmbios - ok 10:49:40.0302 6200 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 10:49:40.0367 6200 MSTEE - ok 10:49:40.0388 6200 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 10:49:40.0418 6200 Mup - ok 10:49:40.0463 6200 N5SG (77dad453144952e7cec56ac6e2061fd7) C:\Windows\system32\DRIVERS\N5SG.sys 10:49:40.0507 6200 N5SG ( UnsignedFile.Multi.Generic ) - warning 10:49:40.0507 6200 N5SG - detected UnsignedFile.Multi.Generic (1) 10:49:40.0563 6200 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 10:49:40.0613 6200 NativeWifiP - ok 10:49:40.0670 6200 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 10:49:40.0709 6200 NDIS - ok 10:49:40.0726 6200 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 10:49:40.0758 6200 NdisTapi - ok 10:49:40.0782 6200 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 10:49:40.0847 6200 Ndisuio - ok 10:49:40.0882 6200 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 10:49:40.0930 6200 NdisWan - ok 10:49:40.0988 6200 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 10:49:41.0047 6200 NDProxy - ok 10:49:41.0074 6200 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 10:49:41.0136 6200 NetBIOS - ok 10:49:41.0165 6200 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 10:49:41.0243 6200 netbt - ok 10:49:41.0321 6200 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 10:49:41.0345 6200 nfrd960 - ok 10:49:41.0361 6200 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 10:49:41.0397 6200 Npfs - ok 10:49:41.0406 6200 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 10:49:41.0455 6200 nsiproxy - ok 10:49:41.0515 6200 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 10:49:41.0642 6200 Ntfs - ok 10:49:41.0669 6200 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 10:49:41.0737 6200 ntrigdigi - ok 10:49:41.0768 6200 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 10:49:41.0790 6200 Null - ok 10:49:41.0855 6200 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys 10:49:41.0911 6200 nvraid - ok 10:49:41.0942 6200 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys 10:49:42.0009 6200 nvstor - ok 10:49:42.0033 6200 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 10:49:42.0056 6200 nv_agp - ok 10:49:42.0072 6200 NwlnkFlt - ok 10:49:42.0082 6200 NwlnkFwd - ok 10:49:42.0129 6200 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 10:49:42.0190 6200 ohci1394 - ok 10:49:42.0200 6200 OMCI - ok 10:49:42.0274 6200 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 10:49:42.0353 6200 Parport - ok 10:49:42.0361 6200 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 10:49:42.0392 6200 partmgr - ok 10:49:42.0413 6200 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 10:49:42.0458 6200 Parvdm - ok 10:49:42.0499 6200 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 10:49:42.0524 6200 pci - ok 10:49:42.0538 6200 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 10:49:42.0557 6200 pciide - ok 10:49:42.0590 6200 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 10:49:42.0614 6200 pcmcia - ok 10:49:42.0680 6200 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys 10:49:42.0724 6200 pcouffin - ok 10:49:42.0787 6200 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys 10:49:42.0806 6200 PdiPorts - ok 10:49:42.0835 6200 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 10:49:42.0949 6200 PEAUTH - ok 10:49:43.0059 6200 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 10:49:43.0129 6200 PptpMiniport - ok 10:49:43.0154 6200 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 10:49:43.0207 6200 Processor - ok 10:49:43.0265 6200 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 10:49:43.0342 6200 PSched - ok 10:49:43.0372 6200 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys 10:49:43.0398 6200 PxHelp20 - ok 10:49:43.0438 6200 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 10:49:43.0497 6200 ql2300 - ok 10:49:43.0535 6200 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 10:49:43.0574 6200 ql40xx - ok 10:49:43.0607 6200 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 10:49:43.0681 6200 QWAVEdrv - ok 10:49:43.0706 6200 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 10:49:43.0759 6200 RasAcd - ok 10:49:43.0785 6200 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 10:49:43.0833 6200 Rasl2tp - ok 10:49:43.0874 6200 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 10:49:43.0930 6200 RasPppoe - ok 10:49:43.0963 6200 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 10:49:44.0053 6200 RasSstp - ok 10:49:44.0101 6200 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 10:49:44.0149 6200 rdbss - ok 10:49:44.0168 6200 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 10:49:44.0197 6200 RDPCDD - ok 10:49:44.0221 6200 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 10:49:44.0321 6200 rdpdr - ok 10:49:44.0347 6200 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 10:49:44.0376 6200 RDPENCDD - ok 10:49:44.0399 6200 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 10:49:44.0451 6200 RDPWD - ok 10:49:44.0516 6200 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys 10:49:44.0563 6200 RimUsb - ok 10:49:44.0619 6200 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys 10:49:44.0684 6200 RimVSerPort - ok 10:49:44.0724 6200 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys 10:49:44.0789 6200 ROOTMODEM - ok 10:49:44.0827 6200 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 10:49:44.0871 6200 rspndr - ok 10:49:44.0895 6200 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 10:49:44.0930 6200 sbp2port - ok 10:49:44.0960 6200 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 10:49:45.0033 6200 secdrv - ok 10:49:45.0088 6200 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\Windows\System32\Drivers\SENTINEL.SYS 10:49:45.0212 6200 Sentinel - ok 10:49:45.0257 6200 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 10:49:45.0323 6200 Serenum - ok 10:49:45.0355 6200 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 10:49:45.0420 6200 Serial - ok 10:49:45.0472 6200 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 10:49:45.0504 6200 sermouse - ok 10:49:45.0526 6200 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 10:49:45.0587 6200 sffdisk - ok 10:49:45.0615 6200 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 10:49:45.0692 6200 sffp_mmc - ok 10:49:45.0714 6200 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 10:49:45.0790 6200 sffp_sd - ok 10:49:45.0811 6200 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 10:49:45.0858 6200 sfloppy - ok 10:49:45.0917 6200 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 10:49:45.0945 6200 sisagp - ok 10:49:45.0975 6200 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 10:49:45.0996 6200 SiSRaid2 - ok 10:49:46.0029 6200 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 10:49:46.0057 6200 SiSRaid4 - ok 10:49:46.0107 6200 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 10:49:46.0152 6200 Smb - ok 10:49:46.0190 6200 SNTNLUSB (ce724fc3ef8468bbab146ca1793c66dc) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS 10:49:46.0213 6200 SNTNLUSB - ok 10:49:46.0243 6200 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 10:49:46.0263 6200 spldr - ok 10:49:46.0322 6200 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys 10:49:46.0322 6200 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9 10:49:46.0325 6200 sptd ( LockedFile.Multi.Generic ) - warning 10:49:46.0325 6200 sptd - detected LockedFile.Multi.Generic (1) 10:49:46.0384 6200 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 10:49:46.0470 6200 srv - ok 10:49:46.0535 6200 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 10:49:46.0586 6200 srv2 - ok 10:49:46.0605 6200 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 10:49:46.0668 6200 srvnet - ok 10:49:46.0703 6200 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys 10:49:46.0715 6200 SSPORT ( UnsignedFile.Multi.Generic ) - warning 10:49:46.0715 6200 SSPORT - detected UnsignedFile.Multi.Generic (1) 10:49:46.0741 6200 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 10:49:46.0758 6200 swenum - ok 10:49:46.0787 6200 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 10:49:46.0810 6200 Symc8xx - ok 10:49:46.0841 6200 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 10:49:46.0861 6200 Sym_hi - ok 10:49:46.0892 6200 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 10:49:46.0913 6200 Sym_u3 - ok 10:49:46.0968 6200 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 10:49:47.0018 6200 Tcpip - ok 10:49:47.0090 6200 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 10:49:47.0187 6200 Tcpip6 - ok 10:49:47.0254 6200 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 10:49:47.0331 6200 tcpipreg - ok 10:49:47.0393 6200 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 10:49:47.0444 6200 TDPIPE - ok 10:49:47.0466 6200 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 10:49:47.0501 6200 TDTCP - ok 10:49:47.0541 6200 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 10:49:47.0586 6200 tdx - ok 10:49:47.0607 6200 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 10:49:47.0638 6200 TermDD - ok 10:49:47.0683 6200 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 10:49:47.0717 6200 tssecsrv - ok 10:49:47.0751 6200 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 10:49:47.0812 6200 tunmp - ok 10:49:47.0850 6200 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 10:49:47.0892 6200 tunnel - ok 10:49:47.0928 6200 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 10:49:47.0957 6200 uagp35 - ok 10:49:47.0984 6200 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 10:49:48.0016 6200 udfs - ok 10:49:48.0051 6200 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 10:49:48.0081 6200 uliagpkx - ok 10:49:48.0107 6200 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 10:49:48.0160 6200 uliahci - ok 10:49:48.0198 6200 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 10:49:48.0218 6200 UlSata - ok 10:49:48.0250 6200 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 10:49:48.0276 6200 ulsata2 - ok 10:49:48.0297 6200 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 10:49:48.0354 6200 umbus - ok 10:49:48.0413 6200 USB28xxBGA (48bfa9c9145b7527aa8849c974756461) C:\Windows\system32\DRIVERS\emBDA.sys 10:49:48.0542 6200 USB28xxBGA - ok 10:49:48.0609 6200 USB28xxOEM (9053737716744587b748cf7aaa424758) C:\Windows\system32\DRIVERS\emOEM.sys 10:49:48.0666 6200 USB28xxOEM - ok 10:49:48.0726 6200 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 10:49:48.0835 6200 USBAAPL - ok 10:49:48.0881 6200 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 10:49:48.0945 6200 usbaudio - ok 10:49:48.0982 6200 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 10:49:49.0058 6200 usbccgp - ok 10:49:49.0079 6200 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 10:49:49.0151 6200 usbcir - ok 10:49:49.0180 6200 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 10:49:49.0212 6200 usbehci - ok 10:49:49.0237 6200 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 10:49:49.0274 6200 usbhub - ok 10:49:49.0293 6200 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 10:49:49.0322 6200 usbohci - ok 10:49:49.0341 6200 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 10:49:49.0407 6200 usbprint - ok 10:49:49.0446 6200 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 10:49:49.0480 6200 usbscan - ok 10:49:49.0503 6200 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 10:49:49.0545 6200 USBSTOR - ok 10:49:49.0563 6200 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 10:49:49.0593 6200 usbuhci - ok 10:49:49.0618 6200 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys 10:49:49.0700 6200 usbvideo - ok 10:49:49.0743 6200 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 10:49:49.0825 6200 vga - ok 10:49:49.0867 6200 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 10:49:49.0902 6200 VgaSave - ok 10:49:49.0960 6200 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 10:49:49.0988 6200 viaagp - ok 10:49:50.0024 6200 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 10:49:50.0078 6200 ViaC7 - ok 10:49:50.0116 6200 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys 10:49:50.0133 6200 viaide - ok 10:49:50.0166 6200 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 10:49:50.0194 6200 volmgr - ok 10:49:50.0246 6200 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 10:49:50.0278 6200 volmgrx - ok 10:49:50.0288 6200 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 10:49:50.0315 6200 volsnap - ok 10:49:50.0339 6200 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 10:49:50.0375 6200 vsmraid - ok 10:49:50.0410 6200 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS 10:49:50.0470 6200 VSTHWBS2 - ok 10:49:50.0512 6200 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 10:49:50.0570 6200 VST_DPV - ok 10:49:50.0594 6200 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 10:49:50.0642 6200 WacomPen - ok 10:49:50.0679 6200 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 10:49:50.0746 6200 Wanarp - ok 10:49:50.0749 6200 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 10:49:50.0792 6200 Wanarpv6 - ok 10:49:50.0815 6200 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 10:49:50.0834 6200 Wd - ok 10:49:50.0888 6200 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 10:49:50.0945 6200 Wdf01000 - ok 10:49:51.0017 6200 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 10:49:51.0106 6200 winachsf - ok 10:49:51.0185 6200 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS 10:49:51.0239 6200 WinUsb - ok 10:49:51.0309 6200 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 10:49:51.0355 6200 WmiAcpi - ok 10:49:51.0438 6200 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 10:49:51.0505 6200 WpdUsb - ok 10:49:51.0572 6200 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 10:49:51.0639 6200 ws2ifsl - ok 10:49:51.0686 6200 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 10:49:51.0736 6200 WUDFRd - ok 10:49:51.0774 6200 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0 10:49:51.0896 6200 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 10:49:51.0896 6200 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 10:49:52.0194 6200 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 10:49:52.0194 6200 \Device\Harddisk0\DR0 - detected TDSS File System (1) 10:49:52.0197 6200 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5 10:49:52.0677 6200 \Device\Harddisk5\DR5 - ok 10:49:52.0702 6200 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR6 10:49:52.0819 6200 \Device\Harddisk6\DR6 - ok 10:49:52.0864 6200 Boot (0x1200) (72c9b9c4bb3bbf1d1f668a4fea4533af) \Device\Harddisk0\DR0\Partition0 10:49:52.0957 6200 \Device\Harddisk0\DR0\Partition0 - ok 10:49:52.0960 6200 Boot (0x1200) (1b3678f513eb38e152e46d7d2f1d7091) \Device\Harddisk5\DR5\Partition0 10:49:52.0961 6200 \Device\Harddisk5\DR5\Partition0 - ok 10:49:52.0964 6200 Boot (0x1200) (19270f5db212c5652859b65ba4ab0cb3) \Device\Harddisk6\DR6\Partition0 10:49:52.0965 6200 \Device\Harddisk6\DR6\Partition0 - ok 10:49:52.0965 6200 ============================================================ 10:49:52.0965 6200 Scan finished 10:49:52.0965 6200 ============================================================ 10:49:52.0973 7928 Detected object count: 8 10:49:52.0973 7928 Actual detected object count: 8 10:50:38.0204 7928 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user 10:50:38.0204 7928 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:50:38.0205 7928 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user 10:50:38.0205 7928 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:50:38.0206 7928 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user 10:50:38.0206 7928 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:50:38.0207 7928 N5SG ( UnsignedFile.Multi.Generic ) - skipped by user 10:50:38.0207 7928 N5SG ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:50:38.0208 7928 sptd ( LockedFile.Multi.Generic ) - skipped by user 10:50:38.0208 7928 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 10:50:38.0209 7928 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user 10:50:38.0209 7928 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:50:38.0244 7928 \Device\Harddisk0\DR0\# - copied to quarantine 10:50:38.0250 7928 \Device\Harddisk0\DR0 - copied to quarantine 10:50:38.0877 7928 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 10:50:38.0879 7928 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 10:50:38.0888 7928 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 10:50:38.0971 7928 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 10:50:38.0982 7928 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 10:50:39.0262 7928 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 10:50:39.0316 7928 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 10:50:40.0730 7928 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 10:50:40.0731 7928 \Device\Harddisk0\DR0 - ok 10:50:40.0731 7928 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 10:50:40.0732 7928 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 10:50:40.0732 7928 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 10:50:44.0928 7232 Deinitialize success
  7. texaswilly
    Daniel, Here is a copy of log from TDSSKiller. However, unfortunately, I cannot tell you for sure if this is the one from the first run that found the malware or a second one. I am just not sure if I ran it more than once. Sorry. 17:25:32.0940 7200 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49 17:25:37.0683 7200 ============================================================ 17:25:37.0684 7200 Current date / time: 2012/02/07 17:25:37.0683 17:25:37.0684 7200 SystemInfo: 17:25:37.0684 7200 17:25:37.0684 7200 OS Version: 6.0.6002 ServicePack: 2.0 17:25:37.0684 7200 Product type: Workstation 17:25:37.0684 7200 ComputerName: HOMEOFFICE-PC 17:25:37.0684 7200 UserName: Willy 17:25:37.0684 7200 Windows directory: C:\Windows 17:25:37.0684 7200 System windows directory: C:\Windows 17:25:37.0684 7200 Processor architecture: Intel x86 17:25:37.0684 7200 Number of processors: 4 17:25:37.0684 7200 Page size: 0x1000 17:25:37.0684 7200 Boot type: Normal boot 17:25:37.0684 7200 ============================================================ 17:25:39.0449 7200 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 17:25:39.0966 7200 Drive \Device\Harddisk5\DR5 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 17:25:39.0970 7200 Drive \Device\Harddisk6\DR6 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 17:25:39.0971 7200 \Device\Harddisk0\DR0: 17:25:39.0971 7200 MBR used 17:25:39.0971 7200 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800 17:25:39.0971 7200 \Device\Harddisk5\DR5: 17:25:39.0971 7200 MBR used 17:25:39.0971 7200 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000 17:25:39.0971 7200 \Device\Harddisk6\DR6: 17:25:39.0972 7200 MBR used 17:25:39.0972 7200 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2 17:25:40.0434 7200 Initialize success 17:25:40.0435 7200 ============================================================
  8. texaswilly
    Here are the results (finally!) GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-07 06:43:11 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103UJ rev.1AA01113 Running: ndcvirhm.exe; Driver: C:\Users\Willy\AppData\Local\Temp\kxliraob.sys ---- System - GMER 1.0.15 ---- INT 0x51 ? 87310E58 INT 0x51 ? 87310E58 INT 0x51 ? 87310E58 INT 0x61 ? 867C8BF8 INT 0x61 ? 867C8BF8 INT 0x61 ? 867C8BF8 INT 0x61 ? 867C8BF8 INT 0x61 ? 867C8BF8 INT 0x71 ? 87310E58 INT 0x71 ? 87310E58 INT 0x71 ? 87310E58 INT 0x92 ? 87310E58 INT 0xA2 ? 87310E58 INT 0xB2 ? 87310E58 INT 0xB2 ? 87310E58 INT 0xB2 ? 87310E58 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 867CE1F8 Device \Driver\usbohci \Device\USBFDO-9 873B31F8 Device \Driver\netbt \Device\NetBT_Tcpip_{980025DD-A381-4517-8823-EF080FA4120A} 880351F8 Device \Driver\usbehci \Device\USBFDO-10 873961F8 Device \Driver\volmgr \Device\VolMgrControl 867CA1F8 Device \Driver\usbuhci \Device\USBPDO-0 873951F8 Device \Driver\usbuhci \Device\USBPDO-1 873951F8 Device \Driver\usbuhci \Device\USBPDO-2 873951F8 Device \Driver\usbehci \Device\USBPDO-3 873961F8 Device \Driver\netbt \Device\NetBT_Tcpip_{887CFC8D-C164-45AE-B383-319BF35F3F3E} 880351F8 Device \Driver\usbuhci \Device\USBPDO-4 873951F8 Device \Driver\usbuhci \Device\USBPDO-5 873951F8 Device \Driver\USBSTOR \Device\00000070 8803D1F8 Device \Driver\usbuhci \Device\USBPDO-6 873951F8 Device \Driver\volmgr \Device\HarddiskVolume1 867CA1F8 Device \Driver\USBSTOR \Device\00000071 8803D1F8 Device \Driver\usbehci \Device\USBPDO-7 873961F8 Device \Driver\USBSTOR \Device\00000072 8803D1F8 Device \Driver\volmgr \Device\HarddiskVolume2 867CA1F8 Device \Driver\cdrom \Device\CdRom0 8743A500 Device \Driver\usbohci \Device\USBPDO-8 873B31F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 867CC1F8 Device \Driver\atapi \Device\Ide\IdePort0 867CC1F8 Device \Driver\atapi \Device\Ide\IdePort1 867CC1F8 Device \Driver\atapi \Device\Ide\IdePort2 867CC1F8 Device \Driver\atapi \Device\Ide\IdePort3 867CC1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 867CC1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-6 867CC1F8 Device \Driver\USBSTOR \Device\00000073 8803D1F8 Device \Driver\volmgr \Device\HarddiskVolume3 867CA1F8 Device \Driver\cdrom \Device\CdRom1 8743A500 Device \Driver\usbohci \Device\USBPDO-9 873B31F8 Device \Driver\volmgr \Device\HarddiskVolume4 867CA1F8 Device \Driver\cdrom \Device\CdRom2 8743A500 Device \Driver\volmgr \Device\HarddiskVolume5 867CA1F8 Device \Driver\USBSTOR \Device\00000081 8803D1F8 Device \Driver\usbehci \Device\USBPDO-10 873961F8 Device \Driver\volmgr \Device\HarddiskVolume6 867CA1F8 Device \Driver\USBSTOR \Device\00000083 8803D1F8 Device \Driver\volmgr \Device\HarddiskVolume7 867CA1F8 Device \Driver\netbt \Device\NetBt_Wins_Export 880351F8 Device \Driver\USBSTOR \Device\00000084 8803D1F8 Device \Driver\Smb \Device\NetbiosSmb 8808E1F8 Device \Driver\USBSTOR \Device\00000085 8803D1F8 Device \Driver\iScsiPrt \Device\RaidPort0 878111F8 Device \Driver\usbuhci \Device\USBFDO-0 873951F8 Device \Driver\usbuhci \Device\USBFDO-1 873951F8 Device \Driver\USBSTOR \Device\0000006e 8803D1F8 Device \Driver\usbuhci \Device\USBFDO-2 873951F8 Device \Driver\usbehci \Device\USBFDO-3 873961F8 Device \Driver\usbuhci \Device\USBFDO-4 873951F8 Device \Driver\usbuhci \Device\USBFDO-5 873951F8 Device \Driver\USBSTOR \Device\0000007f 8803D1F8 Device \Driver\usbuhci \Device\USBFDO-6 873951F8 Device \Driver\USBSTOR \Device\0000008c 8803D1F8 Device \Driver\usbehci \Device\USBFDO-7 873961F8 Device \Driver\usbohci \Device\USBFDO-8 873B31F8 Device \FileSystem\cdfs \Cdfs 872F81F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 ---- EOF - GMER 1.0.15 ----
  9. texaswilly
    I understand, that is why i wanted you to know. I have not run any other removal tool since that one and before your first communication. I will be posting the results hopefully today since the gmer program ran overnight and it was still going when I left home for work.
  10. texaswilly
    Daniel, Thank you for the reply; I am in the process of running the indicated tool, it will take all night but I will send the results tomorrow morning CST. Just wanted to let you know that between my first posting and this one, I read in the forum that some people had run Karspersky TDDSkiller and I did that. It found one critical threat that I allowed to be removed. Just wanted you to know that there will be a difference between the condition of the PC during first posting and now.
  11. texaswilly
    I am having a lot of popups about two IP address that the svchost.exe is trying to connect to. I have run the sanner in full mode at it indicates that the system is clean. Here are the requested dds and attach files. HELP!! Attach.txt DDS.txt
  12. texaswilly
    I am getting this popup every minute or so, I am giving examples from the log file as reference but by no means is the full log. All it tells me is the IP and that it is related to the svchost process. The popup shows every minute or less and I want to find out what is creating it (other than just the svchost indication, since they are a number of those running at one time) so I can take it out. The scanner states that the system is clean and checking this one for blacklisting shows that it is not blacklisted is the services I have checked. I cannot seem to be able to stop the popups unless I add this IP to the ignore list and I do not want to do that unitl I am sure it is not malware. Please help. 2012/02/03 11:59:56 -0600 IP-BLOCK 178.238.233.156 (Type: outgoing, Port: 50120, Process: svchost.exe) 2012/02/04 00:00:52 -0600 IP-BLOCK 178.238.233.156 (Type: outgoing, Port: 50121, Process: svchost.exe) 2012/02/04 00:01:48 -0600 IP-BLOCK 178.238.233.156 (Type: outgoing, Port: 50124, Process: svchost.exe)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.