Jump to content

Recommended Posts

I acquired a fake anti-virus malware program on 11-25 called AV 2011. I thought a combination of MSE and Malware bites would remove it, but since then I have been getting repeated browser redirects. The browser will open a new tab with some kind of product or service being advertised (seems random) in addition to the page I requested, but the new tab will be selected. In addition Firefox has been crashing and MSE has been detecting and notifying me that it removed multiple real-time threats such as:

TrojanDownloader:Win32/Unruy.H

TrojanDownloader:Win32/Karajany.G

PWS:Win32/Fareite.Gen!C

Backdoor:Win32/Cycbot.G

And more

I don't know if it's detecting something already on the machine, or something arriving via internet. I suppose it could be some latent file repeatedly trying to plant something in the Win32 folder.

I also find that when I restart my machine my wireless network connection startup can't seem to get off "Acquiring network Address" for several minutes. Also on startup I get a new blank white screen prior to the the normal motherboard splash screen. I continue to run MSE with no fix. Oddly, no fake anti virus messages appear except for the initial infection. I also here audible alerts like I'm receiving an email, but can find no evidence of an error message or new email (obviously something is happening in the background). Help would be greatly appreciated. These are all new symptoms since the infection.

attach.txt

dds.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Doug at 12:39:35 on 2011-11-27

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2311 [GMT -8:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\astsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\svcs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Atomic Clock Sync\Atomic.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\EzDesk.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\System32\ping.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uWindow Title = Internet Explorer, optimized for Bing and MSN

uDefault_Page_URL = hxxp://www.msn.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [Logitech Utility] Logi_MwX.Exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Atomic.exe] c:\program files\atomic clock sync\Atomic.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\doug\startm~1\programs\startup\ezware~1.lnk - c:\windows\EzDesk.exe

uPolicies-explorer: MaxRecentDocs = 20 (0x14)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\micros~2\office\1033\phdintl.dll/phdContext.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: c:\progra~1\speedb~1\sblsp.dll

LSP: mswsock.dll

Trusted Zone: kingcounty.gov\king

Trusted Zone: spl.org\catalog

DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://queen.kingcounty.gov/vdesk/terminal/f5tunsrv.cab#version=7000,2011,104,2309

DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} - hxxp://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB

DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://king.kingcounty.gov/vdesk/terminal/InstallerControl.cab#version=7000,2010,1020,1507

DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://king.kingcounty.gov/vdesk/terminal/f5InspectionHost.cab#version=7000,2010,1020,1407

DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - hxxps://queen.kingcounty.gov/vdesk/terminal/vdeskctrl.cab#version=7000,2011,0328,1843

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://queen.kingcounty.gov/vdesk/terminal/urxshost.cab#version=7000,2010,1020,1428

DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://queen.kingcounty.gov/vdesk/terminal/urxhost.cab#version=7000,2011,124,911

DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - hxxps://king.kingcounty.gov/policy/download_binary.php/win32/f5syschk.cab#Version=7000,2010,1020,1432

TCP: Interfaces\{CFEFDD35-2CF2-4720-978F-EA98CF31A225} : NameServer = 8.8.4.4,66.119.7.12,131.191.7.12

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

IFEO: taskmgr.exe - c:\program files\tuneup utilities 2012\PMLauncher.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\doug\application data\mozilla\firefox\profiles\mke5o1ev.browser2\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\doug\application data\mozilla\firefox\profiles\mke5o1ev.browser2\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll

FF - plugin: c:\documents and settings\doug\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165648]

R1 MpKsle1825d5c;MpKsle1825d5c;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d4772a02-ba8f-48c9-82fb-de3eebf6ecb3}\MpKsle1825d5c.sys [2011-11-27 28752]

R2 NetworkLog;NetworkLog;c:\windows\svcs.exe [2011-11-27 508928]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-7-15 35088]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2011-11-18 1510720]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]

R3 CX88VID;Conexant 2388x AvStream Video Capture;c:\windows\system32\drivers\cxavsvid.sys [2009-5-7 280576]

R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2009-5-8 80256]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-11-8 10064]

S1 MpKsl9f8a4f26;MpKsl9f8a4f26;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9a610270-9fa8-4f7f-bcd4-c56b076a8358}\mpksl9f8a4f26.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9a610270-9fa8-4f7f-bcd4-c56b076a8358}\MpKsl9f8a4f26.sys [?]

S1 MpKsle0ff58c0;MpKsle0ff58c0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{427688bc-08ea-4df8-bd4a-8b6ed3a2e0ee}\mpksle0ff58c0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{427688bc-08ea-4df8-bd4a-8b6ed3a2e0ee}\MpKsle0ff58c0.sys [?]

S1 MpKslefa96b6e;MpKslefa96b6e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e84e0321-4a9c-4729-80f9-2b7ec05e8ee9}\mpkslefa96b6e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e84e0321-4a9c-4729-80f9-2b7ec05e8ee9}\MpKslefa96b6e.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c9cff4315cce0;Google Update Service (gupdate1c9cff4315cce0);c:\program files\google\update\GoogleUpdate.exe [2009-5-8 133104]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2007-5-23 547744]

S3 GSService;GSService;c:\windows\system32\GSService.exe [2011-9-4 450048]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-8 133104]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2006-6-29 2383152]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-11-27 18:05:02 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d4772a02-ba8f-48c9-82fb-de3eebf6ecb3}\MpKsle1825d5c.sys

2011-11-27 18:04:33 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d4772a02-ba8f-48c9-82fb-de3eebf6ecb3}\offreg.dll

2011-11-27 14:23:35 508928 ----a-w- c:\windows\svcs.exe

2011-11-27 10:09:02 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d4772a02-ba8f-48c9-82fb-de3eebf6ecb3}\mpengine.dll

2011-11-26 22:12:56 31552 ----a-w- c:\windows\system32\TURegOpt.exe

2011-11-26 22:12:21 -------- d-----w- c:\program files\TuneUp Utilities 2012

2011-11-26 21:18:50 -------- d-sh--w- c:\documents and settings\all users\application data\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2011-11-25 06:32:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-25 05:23:19 -------- d-----w- c:\program files\60A98

2011-11-25 05:22:37 -------- d-----w- c:\documents and settings\doug\application data\ptzP0ycA1v3n

2011-11-25 05:22:37 -------- d-----w- c:\documents and settings\doug\application data\DC360

2011-11-25 05:22:36 -------- d-----w- c:\program files\LP

2011-11-25 05:22:36 -------- d-----w- c:\documents and settings\doug\application data\OibF3pnG5Q6W8R9

2011-11-25 05:22:32 -------- d-----w- c:\documents and settings\doug\application data\libD3pnG5

2011-11-25 05:22:31 -------- d-----w- c:\documents and settings\doug\application data\o3onG4aQHsKfLgX

2011-11-07 01:12:23 -------- d-----w- C:\Garmin

2011-11-06 23:54:30 -------- d-----w- c:\program files\Garmin

2011-11-06 23:54:29 -------- d-----w- c:\documents and settings\all users\application data\Garmin

.

==================== Find3M ====================

.

2011-11-27 01:26:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-07 19:16:29 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-09-07 19:16:29 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-02 00:12:50 450048 ----a-w- c:\windows\system32\GSService.exe

.

============= FINISH: 12:40:03.37 ===============

Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps

This infection can also disable access to the internet when it's been removed.

It will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

Thanks for the response. We'll take the steps you recommend in addition to attempt cleaning. I'll hold the reformatting option as a last step. Let me know how and when we will begin. FYI, another new symptom has taken first place in frequency the last few days, a script error message (even when nothing is open) and repeated attempts to install an unknown feature of my MS Office suite.

Thanks,

db

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps

This infection can also disable access to the internet when it's been removed.

It will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

OK. Lets see what we can do.

There's no need to quote what I post, just reply ;)

Next:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

I ran killer and have the results (10 medium risk objects. However "cure" is not one of the action options. I have Skip, copy to quarantine and delete. I suspect delete should be my choice, but because it doesn't match your instructions I thought I should check before going ahead.

Link to post
Share on other sites

OK, here it is

15:08:39.0130 5008 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

15:08:39.0395 5008 ============================================================

15:08:39.0395 5008 Current date / time: 2011/12/02 15:08:39.0395

15:08:39.0395 5008 SystemInfo:

15:08:39.0395 5008

15:08:39.0395 5008 OS Version: 5.1.2600 ServicePack: 3.0

15:08:39.0395 5008 Product type: Workstation

15:08:39.0395 5008 ComputerName: DOUG-13D0571567

15:08:39.0395 5008 UserName: Doug

15:08:39.0395 5008 Windows directory: C:\WINDOWS

15:08:39.0395 5008 System windows directory: C:\WINDOWS

15:08:39.0395 5008 Processor architecture: Intel x86

15:08:39.0395 5008 Number of processors: 4

15:08:39.0395 5008 Page size: 0x1000

15:08:39.0395 5008 Boot type: Normal boot

15:08:39.0395 5008 ============================================================

15:08:40.0583 5008 Initialize success

15:08:43.0911 3528 ============================================================

15:08:43.0911 3528 Scan started

15:08:43.0911 3528 Mode: Manual;

15:08:43.0911 3528 ============================================================

15:08:44.0583 3528 A3AB (21af8e9c727c6d7643ad497268f55bf1) C:\WINDOWS\system32\DRIVERS\A3AB.sys

15:08:44.0598 3528 A3AB - ok

15:08:44.0614 3528 Abiosdsk - ok

15:08:44.0614 3528 abp480n5 - ok

15:08:44.0645 3528 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:08:44.0645 3528 ACPI - ok

15:08:44.0661 3528 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

15:08:44.0661 3528 ACPIEC - ok

15:08:44.0677 3528 adpu160m - ok

15:08:44.0692 3528 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:08:44.0708 3528 aec - ok

15:08:44.0723 3528 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

15:08:44.0739 3528 AegisP - ok

15:08:44.0770 3528 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

15:08:44.0770 3528 AFD - ok

15:08:44.0770 3528 Aha154x - ok

15:08:44.0786 3528 aic78u2 - ok

15:08:44.0786 3528 aic78xx - ok

15:08:44.0802 3528 AliIde - ok

15:08:44.0817 3528 amsint - ok

15:08:44.0817 3528 asc - ok

15:08:44.0833 3528 asc3350p - ok

15:08:44.0833 3528 asc3550 - ok

15:08:44.0864 3528 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys

15:08:44.0864 3528 AsIO - ok

15:08:44.0895 3528 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:08:44.0895 3528 AsyncMac - ok

15:08:44.0911 3528 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:08:44.0911 3528 atapi - ok

15:08:44.0927 3528 Atdisk - ok

15:08:44.0942 3528 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:08:44.0942 3528 Atmarpc - ok

15:08:44.0958 3528 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:08:44.0958 3528 audstub - ok

15:08:44.0989 3528 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:08:44.0989 3528 Beep - ok

15:08:45.0005 3528 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:08:45.0005 3528 cbidf2k - ok

15:08:45.0020 3528 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

15:08:45.0020 3528 CCDECODE - ok

15:08:45.0036 3528 cd20xrnt - ok

15:08:45.0052 3528 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:08:45.0052 3528 Cdaudio - ok

15:08:45.0067 3528 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:08:45.0067 3528 Cdfs - ok

15:08:45.0083 3528 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:08:45.0098 3528 Cdrom - ok

15:08:45.0114 3528 Changer - ok

15:08:45.0130 3528 CmdIde - ok

15:08:45.0145 3528 Cpqarray - ok

15:08:45.0177 3528 CX88VID (d80756a19defdb09c42290f3a0b037c5) C:\WINDOWS\system32\drivers\cxavsvid.sys

15:08:45.0192 3528 CX88VID - ok

15:08:45.0192 3528 dac2w2k - ok

15:08:45.0208 3528 dac960nt - ok

15:08:45.0223 3528 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:08:45.0223 3528 Disk - ok

15:08:45.0302 3528 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

15:08:45.0380 3528 dmboot - ok

15:08:45.0427 3528 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

15:08:45.0442 3528 dmio - ok

15:08:45.0442 3528 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:08:45.0442 3528 dmload - ok

15:08:45.0473 3528 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:08:45.0473 3528 DMusic - ok

15:08:45.0489 3528 dpti2o - ok

15:08:45.0505 3528 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:08:45.0505 3528 drmkaud - ok

15:08:45.0536 3528 EIO_XP (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO_XP.sys

15:08:45.0536 3528 EIO_XP - ok

15:08:45.0552 3528 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:08:45.0552 3528 Fastfat - ok

15:08:45.0567 3528 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

15:08:45.0567 3528 Fdc - ok

15:08:45.0583 3528 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

15:08:45.0583 3528 Fips - ok

15:08:45.0598 3528 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

15:08:45.0598 3528 Flpydisk - ok

15:08:45.0598 3528 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

15:08:45.0614 3528 FltMgr - ok

15:08:45.0614 3528 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:08:45.0614 3528 Fs_Rec - ok

15:08:45.0630 3528 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:08:45.0630 3528 Ftdisk - ok

15:08:45.0661 3528 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

15:08:45.0661 3528 GEARAspiWDM - ok

15:08:45.0661 3528 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:08:45.0661 3528 Gpc - ok

15:08:45.0692 3528 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys

15:08:45.0692 3528 grmnusb - ok

15:08:45.0723 3528 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS

15:08:45.0723 3528 GTNDIS5 - ok

15:08:45.0770 3528 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

15:08:45.0770 3528 HDAudBus - ok

15:08:45.0802 3528 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:08:45.0802 3528 HidUsb - ok

15:08:45.0817 3528 hpn - ok

15:08:45.0833 3528 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

15:08:45.0848 3528 HTTP - ok

15:08:45.0848 3528 i2omgmt - ok

15:08:45.0864 3528 i2omp - ok

15:08:45.0880 3528 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:08:45.0911 3528 i8042prt - ok

15:08:45.0927 3528 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:08:45.0927 3528 Imapi - ok

15:08:45.0942 3528 InCDfs (6577f49cc833974fdc5f5f061fc85488) C:\WINDOWS\system32\drivers\InCDfs.sys

15:08:45.0973 3528 InCDfs - ok

15:08:45.0989 3528 InCDPass (5499f13bbccec1bd084d02b107c72740) C:\WINDOWS\system32\DRIVERS\InCDPass.sys

15:08:46.0005 3528 InCDPass - ok

15:08:46.0005 3528 InCDrec (d7a79ea851e67d6c9eddf516aa23cb34) C:\WINDOWS\system32\drivers\InCDrec.sys

15:08:46.0036 3528 InCDrec - ok

15:08:46.0036 3528 ini910u - ok

15:08:46.0130 3528 IntcAzAudAddService (fb4293b1eab313c28d4a1b8db61aca72) C:\WINDOWS\system32\drivers\RtkHDAud.sys

15:08:46.0208 3528 IntcAzAudAddService - ok

15:08:46.0208 3528 IntelIde - ok

15:08:46.0223 3528 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:08:46.0223 3528 intelppm - ok

15:08:46.0255 3528 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

15:08:46.0255 3528 Ip6Fw - ok

15:08:46.0270 3528 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:08:46.0270 3528 IpFilterDriver - ok

15:08:46.0286 3528 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:08:46.0286 3528 IpInIp - ok

15:08:46.0302 3528 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:08:46.0302 3528 IpNat - ok

15:08:46.0317 3528 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:08:46.0348 3528 IPSec - ok

15:08:46.0380 3528 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:08:46.0380 3528 IRENUM - ok

15:08:46.0395 3528 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:08:46.0395 3528 isapnp - ok

15:08:46.0411 3528 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:08:46.0411 3528 Kbdclass - ok

15:08:46.0427 3528 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:08:46.0427 3528 kmixer - ok

15:08:46.0442 3528 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

15:08:46.0442 3528 KSecDD - ok

15:08:46.0489 3528 L1e (080cf8720a306a64f7a09d1226491791) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys

15:08:46.0489 3528 L1e - ok

15:08:46.0505 3528 L8042PR2 (4103dbb6caa85e40d271c1ad12bbf776) C:\WINDOWS\system32\Drivers\l8042pr2.sys

15:08:46.0505 3528 L8042PR2 - ok

15:08:46.0520 3528 lbrtfdc - ok

15:08:46.0552 3528 LHidFlt2 (b97d05e656818572b6b04ba682d3aa8f) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys

15:08:46.0552 3528 LHidFlt2 - ok

15:08:46.0567 3528 LHidUsb (826aacb98a2ca5c51e982c748a60d645) C:\WINDOWS\system32\Drivers\LHidUsb.Sys

15:08:46.0567 3528 LHidUsb - ok

15:08:46.0583 3528 LMouFlt2 (b666f835c18974f392a387c6e863072f) C:\WINDOWS\system32\Drivers\LMouFlt2.sys

15:08:46.0583 3528 LMouFlt2 - ok

15:08:46.0598 3528 MBAMSwissArmy - ok

15:08:46.0630 3528 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys

15:08:46.0630 3528 mf - ok

15:08:46.0630 3528 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:08:46.0645 3528 mnmdd - ok

15:08:46.0661 3528 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

15:08:46.0661 3528 Modem - ok

15:08:46.0661 3528 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:08:46.0677 3528 Mouclass - ok

15:08:46.0692 3528 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:08:46.0692 3528 mouhid - ok

15:08:46.0692 3528 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:08:46.0692 3528 MountMgr - ok

15:08:46.0708 3528 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

15:08:46.0708 3528 MPE - ok

15:08:46.0739 3528 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

15:08:46.0770 3528 MpFilter - ok

15:08:46.0848 3528 MpKsl016ef129 - ok

15:08:46.0848 3528 MpKsl150f0143 - ok

15:08:46.0895 3528 MpKsl3f104911 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDEA9195-E1D5-4154-9C9D-16444C9A7565}\MpKsl3f104911.sys

15:08:46.0895 3528 MpKsl3f104911 - ok

15:08:46.0895 3528 MpKsl9f8a4f26 - ok

15:08:46.0895 3528 MpKsle0ff58c0 - ok

15:08:46.0911 3528 MpKslefa96b6e - ok

15:08:46.0911 3528 mraid35x - ok

15:08:46.0942 3528 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:08:46.0942 3528 MRxDAV - ok

15:08:46.0958 3528 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:08:46.0973 3528 MRxSmb - ok

15:08:46.0989 3528 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:08:46.0989 3528 Msfs - ok

15:08:47.0020 3528 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:08:47.0020 3528 MSKSSRV - ok

15:08:47.0036 3528 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:08:47.0036 3528 MSPCLOCK - ok

15:08:47.0052 3528 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:08:47.0052 3528 MSPQM - ok

15:08:47.0067 3528 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:08:47.0067 3528 mssmbios - ok

15:08:47.0083 3528 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

15:08:47.0083 3528 MSTEE - ok

15:08:47.0098 3528 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

15:08:47.0098 3528 MTsensor - ok

15:08:47.0114 3528 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

15:08:47.0114 3528 Mup - ok

15:08:47.0130 3528 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

15:08:47.0130 3528 NABTSFEC - ok

15:08:47.0130 3528 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:08:47.0145 3528 NDIS - ok

15:08:47.0161 3528 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

15:08:47.0161 3528 NdisIP - ok

15:08:47.0177 3528 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:08:47.0177 3528 NdisTapi - ok

15:08:47.0192 3528 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:08:47.0192 3528 Ndisuio - ok

15:08:47.0208 3528 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:08:47.0208 3528 NdisWan - ok

15:08:47.0223 3528 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

15:08:47.0223 3528 NDProxy - ok

15:08:47.0223 3528 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:08:47.0223 3528 NetBIOS - ok

15:08:47.0239 3528 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:08:47.0270 3528 NetBT - ok

15:08:47.0317 3528 NmPar (241c985de3ab9f73568fe3b181dc70f4) C:\WINDOWS\system32\DRIVERS\NmPar.sys

15:08:47.0317 3528 NmPar - ok

15:08:47.0333 3528 npf (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys

15:08:49.0942 3528 npf - ok

15:08:49.0958 3528 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:08:49.0958 3528 Npfs - ok

15:08:49.0973 3528 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:08:49.0973 3528 Ntfs - ok

15:08:50.0005 3528 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:08:50.0005 3528 Null - ok

15:08:50.0177 3528 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

15:08:50.0317 3528 nv - ok

15:08:50.0333 3528 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:08:50.0333 3528 NwlnkFlt - ok

15:08:50.0348 3528 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:08:50.0348 3528 NwlnkFwd - ok

15:08:50.0380 3528 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

15:08:50.0380 3528 Parport - ok

15:08:50.0380 3528 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:08:50.0380 3528 PartMgr - ok

15:08:50.0411 3528 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

15:08:50.0411 3528 ParVdm - ok

15:08:50.0427 3528 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

15:08:50.0427 3528 PCI - ok

15:08:50.0442 3528 PCIDump - ok

15:08:50.0442 3528 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:08:50.0442 3528 PCIIde - ok

15:08:50.0458 3528 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

15:08:50.0473 3528 Pcmcia - ok

15:08:50.0473 3528 PDCOMP - ok

15:08:50.0489 3528 PDFRAME - ok

15:08:50.0489 3528 PDRELI - ok

15:08:50.0505 3528 PDRFRAME - ok

15:08:50.0505 3528 perc2 - ok

15:08:50.0520 3528 perc2hib - ok

15:08:50.0552 3528 pfc (20f2f0f204d7ce28c5498268928e39b8) C:\WINDOWS\system32\drivers\pfc.sys

15:08:50.0567 3528 pfc - ok

15:08:50.0583 3528 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:08:50.0583 3528 PptpMiniport - ok

15:08:50.0583 3528 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:08:50.0598 3528 PSched - ok

15:08:50.0598 3528 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:08:50.0598 3528 Ptilink - ok

15:08:50.0614 3528 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

15:08:50.0614 3528 PxHelp20 - ok

15:08:50.0630 3528 ql1080 - ok

15:08:50.0630 3528 Ql10wnt - ok

15:08:50.0645 3528 ql12160 - ok

15:08:50.0661 3528 ql1240 - ok

15:08:50.0661 3528 ql1280 - ok

15:08:50.0677 3528 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:08:50.0677 3528 RasAcd - ok

15:08:50.0692 3528 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:08:50.0692 3528 Rasl2tp - ok

15:08:50.0692 3528 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:08:50.0708 3528 RasPppoe - ok

15:08:50.0708 3528 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:08:50.0708 3528 Raspti - ok

15:08:50.0723 3528 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:08:50.0755 3528 Rdbss - ok

15:08:50.0755 3528 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:08:50.0755 3528 RDPCDD - ok

15:08:50.0786 3528 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

15:08:50.0786 3528 RDPWD - ok

15:08:50.0817 3528 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys

15:08:50.0817 3528 RimUsb - ok

15:08:50.0848 3528 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys

15:08:50.0848 3528 RT61 - ok

15:08:50.0880 3528 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:08:50.0880 3528 Secdrv - ok

15:08:50.0895 3528 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

15:08:50.0895 3528 serenum - ok

15:08:50.0895 3528 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

15:08:50.0942 3528 Serial - ok

15:08:50.0958 3528 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:08:50.0973 3528 Sfloppy - ok

15:08:50.0973 3528 Simbad - ok

15:08:50.0989 3528 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

15:08:50.0989 3528 SLIP - ok

15:08:51.0005 3528 Sparrow - ok

15:08:51.0020 3528 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:08:51.0020 3528 splitter - ok

15:08:51.0036 3528 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

15:08:51.0036 3528 sr - ok

15:08:51.0067 3528 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

15:08:51.0067 3528 Srv - ok

15:08:51.0083 3528 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

15:08:51.0083 3528 streamip - ok

15:08:51.0098 3528 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:08:51.0098 3528 swenum - ok

15:08:51.0130 3528 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:08:51.0130 3528 swmidi - ok

15:08:51.0130 3528 symc810 - ok

15:08:51.0145 3528 symc8xx - ok

15:08:51.0145 3528 sym_hi - ok

15:08:51.0161 3528 sym_u3 - ok

15:08:51.0177 3528 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:08:51.0177 3528 sysaudio - ok

15:08:51.0208 3528 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:08:51.0208 3528 Tcpip - ok

15:08:51.0223 3528 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:08:51.0223 3528 TDPIPE - ok

15:08:51.0255 3528 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:08:51.0255 3528 TDTCP - ok

15:08:51.0270 3528 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:08:51.0270 3528 TermDD - ok

15:08:51.0286 3528 TosIde - ok

15:08:51.0317 3528 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys

15:08:51.0317 3528 TuneUpUtilitiesDrv - ok

15:08:51.0333 3528 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:08:51.0348 3528 Udfs - ok

15:08:51.0364 3528 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\WINDOWS\system32\Drivers\ULCDRHlp.sys

15:08:51.0380 3528 ULCDRHlp - ok

15:08:51.0380 3528 ultra - ok

15:08:51.0411 3528 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:08:51.0411 3528 Update - ok

15:08:51.0442 3528 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

15:08:51.0442 3528 usbaudio - ok

15:08:51.0645 3528 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:08:51.0645 3528 usbccgp - ok

15:08:51.0708 3528 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:08:51.0708 3528 usbehci - ok

15:08:51.0723 3528 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:08:51.0723 3528 usbhub - ok

15:08:51.0739 3528 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

15:08:51.0755 3528 usbprint - ok

15:08:51.0755 3528 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

15:08:51.0755 3528 usbscan - ok

15:08:51.0770 3528 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:08:51.0770 3528 USBSTOR - ok

15:08:51.0786 3528 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:08:51.0786 3528 usbuhci - ok

15:08:51.0802 3528 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:08:51.0802 3528 VgaSave - ok

15:08:51.0817 3528 ViaIde - ok

15:08:51.0833 3528 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

15:08:51.0833 3528 VolSnap - ok

15:08:51.0880 3528 VX6000 (b21c075fa69897acce0c93b9c3c5eb44) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys

15:08:51.0911 3528 VX6000 - ok

15:08:51.0927 3528 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:08:51.0927 3528 Wanarp - ok

15:08:51.0942 3528 WDICA - ok

15:08:51.0958 3528 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:08:51.0958 3528 wdmaud - ok

15:08:52.0020 3528 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

15:08:52.0020 3528 WS2IFSL - ok

15:08:52.0036 3528 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

15:08:52.0036 3528 WSTCODEC - ok

15:08:52.0067 3528 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:08:52.0067 3528 WudfPf - ok

15:08:52.0083 3528 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

15:08:52.0083 3528 WudfRd - ok

15:08:52.0114 3528 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

15:08:52.0208 3528 \Device\Harddisk0\DR0 - ok

15:08:52.0223 3528 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

15:08:52.0364 3528 \Device\Harddisk1\DR1 - ok

15:08:52.0364 3528 Boot (0x1200) (938374d908406e5a5b4b8a5d82fcae1e) \Device\Harddisk0\DR0\Partition0

15:08:52.0364 3528 \Device\Harddisk0\DR0\Partition0 - ok

15:08:52.0364 3528 Boot (0x1200) (fe8e60f9da8d2e61193f7cfcf8d3bcf1) \Device\Harddisk1\DR1\Partition0

15:08:52.0364 3528 \Device\Harddisk1\DR1\Partition0 - ok

15:08:52.0364 3528 ============================================================

15:08:52.0364 3528 Scan finished

15:08:52.0364 3528 ============================================================

15:08:52.0380 1944 Detected object count: 0

15:08:52.0380 1944 Actual detected object count: 0

15:10:25.0880 5240 ============================================================

15:10:25.0880 5240 Scan started

15:10:25.0880 5240 Mode: Manual; SigCheck; TDLFS;

15:10:25.0880 5240 ============================================================

15:10:26.0223 5240 A3AB (21af8e9c727c6d7643ad497268f55bf1) C:\WINDOWS\system32\DRIVERS\A3AB.sys

15:10:26.0364 5240 A3AB ( UnsignedFile.Multi.Generic ) - warning

15:10:26.0364 5240 A3AB - detected UnsignedFile.Multi.Generic (1)

15:10:26.0364 5240 Abiosdsk - ok

15:10:26.0380 5240 abp480n5 - ok

15:10:26.0411 5240 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:10:26.0786 5240 ACPI - ok

15:10:26.0817 5240 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

15:10:26.0958 5240 ACPIEC - ok

15:10:26.0958 5240 adpu160m - ok

15:10:26.0989 5240 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:10:27.0130 5240 aec - ok

15:10:27.0145 5240 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

15:10:27.0161 5240 AegisP ( UnsignedFile.Multi.Generic ) - warning

15:10:27.0161 5240 AegisP - detected UnsignedFile.Multi.Generic (1)

15:10:27.0192 5240 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

15:10:27.0239 5240 AFD - ok

15:10:27.0239 5240 Aha154x - ok

15:10:27.0255 5240 aic78u2 - ok

15:10:27.0255 5240 aic78xx - ok

15:10:27.0270 5240 AliIde - ok

15:10:27.0270 5240 amsint - ok

15:10:27.0286 5240 asc - ok

15:10:27.0286 5240 asc3350p - ok

15:10:27.0302 5240 asc3550 - ok

15:10:27.0317 5240 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys

15:10:27.0411 5240 AsIO - ok

15:10:27.0458 5240 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:10:27.0739 5240 AsyncMac - ok

15:10:27.0755 5240 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:10:27.0927 5240 atapi - ok

15:10:27.0927 5240 Atdisk - ok

15:10:27.0942 5240 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:10:28.0083 5240 Atmarpc - ok

15:10:28.0114 5240 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:10:28.0255 5240 audstub - ok

15:10:28.0286 5240 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:10:28.0442 5240 Beep - ok

15:10:28.0473 5240 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:10:28.0598 5240 cbidf2k - ok

15:10:28.0630 5240 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

15:10:28.0755 5240 CCDECODE - ok

15:10:28.0755 5240 cd20xrnt - ok

15:10:28.0770 5240 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:10:28.0927 5240 Cdaudio - ok

15:10:28.0958 5240 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:10:29.0114 5240 Cdfs - ok

15:10:29.0130 5240 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:10:29.0286 5240 Cdrom - ok

15:10:29.0302 5240 Changer - ok

15:10:29.0317 5240 CmdIde - ok

15:10:29.0317 5240 Cpqarray - ok

15:10:29.0348 5240 CX88VID (d80756a19defdb09c42290f3a0b037c5) C:\WINDOWS\system32\drivers\cxavsvid.sys

15:10:29.0380 5240 CX88VID ( UnsignedFile.Multi.Generic ) - warning

15:10:29.0380 5240 CX88VID - detected UnsignedFile.Multi.Generic (1)

15:10:29.0395 5240 dac2w2k - ok

15:10:29.0395 5240 dac960nt - ok

15:10:29.0427 5240 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:10:29.0552 5240 Disk - ok

15:10:29.0583 5240 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

15:10:29.0755 5240 dmboot - ok

15:10:29.0770 5240 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

15:10:29.0911 5240 dmio - ok

15:10:29.0927 5240 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:10:30.0067 5240 dmload - ok

15:10:30.0083 5240 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:10:30.0223 5240 DMusic - ok

15:10:30.0239 5240 dpti2o - ok

15:10:30.0270 5240 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:10:30.0395 5240 drmkaud - ok

15:10:30.0427 5240 EIO_XP (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO_XP.sys

15:10:30.0458 5240 EIO_XP ( UnsignedFile.Multi.Generic ) - warning

15:10:30.0458 5240 EIO_XP - detected UnsignedFile.Multi.Generic (1)

15:10:30.0489 5240 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:10:30.0630 5240 Fastfat - ok

15:10:30.0661 5240 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

15:10:30.0802 5240 Fdc - ok

15:10:30.0817 5240 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

15:10:30.0958 5240 Fips - ok

15:10:30.0973 5240 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

15:10:31.0114 5240 Flpydisk - ok

15:10:31.0130 5240 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

15:10:31.0270 5240 FltMgr - ok

15:10:31.0302 5240 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:10:31.0442 5240 Fs_Rec - ok

15:10:31.0458 5240 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:10:31.0583 5240 Ftdisk - ok

15:10:31.0614 5240 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

15:10:31.0630 5240 GEARAspiWDM - ok

15:10:31.0645 5240 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:10:31.0786 5240 Gpc - ok

15:10:31.0817 5240 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys

15:10:31.0864 5240 grmnusb - ok

15:10:31.0895 5240 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS

15:10:31.0911 5240 GTNDIS5 ( UnsignedFile.Multi.Generic ) - warning

15:10:31.0911 5240 GTNDIS5 - detected UnsignedFile.Multi.Generic (1)

15:10:31.0942 5240 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

15:10:32.0098 5240 HDAudBus - ok

15:10:32.0130 5240 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:10:32.0255 5240 HidUsb - ok

15:10:32.0270 5240 hpn - ok

15:10:32.0317 5240 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

15:10:32.0348 5240 HTTP - ok

15:10:32.0364 5240 i2omgmt - ok

15:10:32.0364 5240 i2omp - ok

15:10:32.0395 5240 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:10:32.0552 5240 i8042prt - ok

15:10:32.0583 5240 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:10:32.0723 5240 Imapi - ok

15:10:32.0755 5240 InCDfs (6577f49cc833974fdc5f5f061fc85488) C:\WINDOWS\system32\drivers\InCDfs.sys

15:10:32.0802 5240 InCDfs ( UnsignedFile.Multi.Generic ) - warning

15:10:32.0802 5240 InCDfs - detected UnsignedFile.Multi.Generic (1)

15:10:32.0817 5240 InCDPass (5499f13bbccec1bd084d02b107c72740) C:\WINDOWS\system32\DRIVERS\InCDPass.sys

15:10:32.0848 5240 InCDPass ( UnsignedFile.Multi.Generic ) - warning

15:10:32.0848 5240 InCDPass - detected UnsignedFile.Multi.Generic (1)

15:10:32.0848 5240 InCDrec (d7a79ea851e67d6c9eddf516aa23cb34) C:\WINDOWS\system32\drivers\InCDrec.sys

15:10:32.0864 5240 InCDrec ( UnsignedFile.Multi.Generic ) - warning

15:10:32.0864 5240 InCDrec - detected UnsignedFile.Multi.Generic (1)

15:10:32.0880 5240 ini910u - ok

15:10:32.0973 5240 IntcAzAudAddService (fb4293b1eab313c28d4a1b8db61aca72) C:\WINDOWS\system32\drivers\RtkHDAud.sys

15:10:33.0208 5240 IntcAzAudAddService - ok

15:10:33.0208 5240 IntelIde - ok

15:10:33.0239 5240 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:10:33.0536 5240 intelppm - ok

15:10:33.0567 5240 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

15:10:33.0708 5240 Ip6Fw - ok

15:10:33.0739 5240 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:10:33.0895 5240 IpFilterDriver - ok

15:10:33.0911 5240 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:10:34.0052 5240 IpInIp - ok

15:10:34.0067 5240 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:10:34.0208 5240 IpNat - ok

15:10:34.0239 5240 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:10:34.0411 5240 IPSec - ok

15:10:34.0442 5240 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:10:34.0536 5240 IRENUM - ok

15:10:34.0552 5240 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:10:34.0692 5240 isapnp - ok

15:10:34.0723 5240 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:10:34.0864 5240 Kbdclass - ok

15:10:34.0895 5240 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:10:35.0020 5240 kmixer - ok

15:10:35.0036 5240 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

15:10:35.0098 5240 KSecDD - ok

15:10:35.0114 5240 L1e (080cf8720a306a64f7a09d1226491791) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys

15:10:35.0161 5240 L1e - ok

15:10:35.0177 5240 L8042PR2 (4103dbb6caa85e40d271c1ad12bbf776) C:\WINDOWS\system32\Drivers\l8042pr2.sys

15:10:35.0223 5240 L8042PR2 - ok

15:10:35.0239 5240 lbrtfdc - ok

15:10:35.0255 5240 LHidFlt2 (b97d05e656818572b6b04ba682d3aa8f) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys

15:10:35.0286 5240 LHidFlt2 - ok

15:10:35.0302 5240 LHidUsb (826aacb98a2ca5c51e982c748a60d645) C:\WINDOWS\system32\Drivers\LHidUsb.Sys

15:10:35.0364 5240 LHidUsb - ok

15:10:35.0395 5240 LMouFlt2 (b666f835c18974f392a387c6e863072f) C:\WINDOWS\system32\Drivers\LMouFlt2.sys

15:10:35.0442 5240 LMouFlt2 - ok

15:10:35.0442 5240 MBAMSwissArmy - ok

15:10:35.0473 5240 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys

15:10:35.0770 5240 mf - ok

15:10:35.0770 5240 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:10:35.0911 5240 mnmdd - ok

15:10:35.0927 5240 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

15:10:36.0067 5240 Modem - ok

15:10:36.0067 5240 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:10:36.0192 5240 Mouclass - ok

15:10:36.0223 5240 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:10:36.0364 5240 mouhid - ok

15:10:36.0380 5240 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:10:36.0520 5240 MountMgr - ok

15:10:36.0536 5240 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

15:10:36.0677 5240 MPE - ok

15:10:36.0692 5240 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

15:10:36.0739 5240 MpFilter - ok

15:10:36.0770 5240 MpKsl016ef129 - ok

15:10:36.0786 5240 MpKsl150f0143 - ok

15:10:36.0817 5240 MpKsl3f104911 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDEA9195-E1D5-4154-9C9D-16444C9A7565}\MpKsl3f104911.sys

15:10:36.0848 5240 MpKsl3f104911 - ok

15:10:36.0848 5240 MpKsl9f8a4f26 - ok

15:10:36.0848 5240 MpKsle0ff58c0 - ok

15:10:36.0864 5240 MpKslefa96b6e - ok

15:10:36.0864 5240 mraid35x - ok

15:10:36.0880 5240 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:10:37.0036 5240 MRxDAV - ok

15:10:37.0067 5240 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:10:37.0130 5240 MRxSmb - ok

15:10:37.0145 5240 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:10:37.0286 5240 Msfs - ok

15:10:37.0333 5240 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:10:37.0458 5240 MSKSSRV - ok

15:10:37.0473 5240 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:10:37.0598 5240 MSPCLOCK - ok

15:10:37.0614 5240 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:10:37.0755 5240 MSPQM - ok

15:10:37.0770 5240 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:10:37.0895 5240 mssmbios - ok

15:10:37.0927 5240 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

15:10:38.0052 5240 MSTEE - ok

15:10:38.0067 5240 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

15:10:38.0098 5240 MTsensor - ok

15:10:38.0114 5240 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

15:10:38.0161 5240 Mup - ok

15:10:38.0161 5240 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

15:10:38.0317 5240 NABTSFEC - ok

15:10:38.0348 5240 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:10:38.0505 5240 NDIS - ok

15:10:38.0520 5240 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

15:10:38.0645 5240 NdisIP - ok

15:10:38.0677 5240 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:10:38.0723 5240 NdisTapi - ok

15:10:38.0739 5240 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:10:38.0864 5240 Ndisuio - ok

15:10:38.0880 5240 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:10:39.0036 5240 NdisWan - ok

15:10:39.0052 5240 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

15:10:39.0114 5240 NDProxy - ok

15:10:39.0114 5240 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:10:39.0255 5240 NetBIOS - ok

15:10:39.0270 5240 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:10:39.0427 5240 NetBT - ok

15:10:39.0473 5240 NmPar (241c985de3ab9f73568fe3b181dc70f4) C:\WINDOWS\system32\DRIVERS\NmPar.sys

15:10:39.0552 5240 NmPar - ok

15:10:39.0567 5240 npf (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys

15:10:42.0177 5240 npf - ok

15:10:42.0177 5240 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:10:42.0333 5240 Npfs - ok

15:10:42.0348 5240 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:10:42.0505 5240 Ntfs - ok

15:10:42.0536 5240 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:10:42.0677 5240 Null - ok

15:10:42.0848 5240 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

15:10:43.0239 5240 nv - ok

15:10:43.0270 5240 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:10:43.0411 5240 NwlnkFlt - ok

15:10:43.0427 5240 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:10:43.0567 5240 NwlnkFwd - ok

15:10:43.0598 5240 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

15:10:43.0755 5240 Parport - ok

15:10:43.0770 5240 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:10:43.0927 5240 PartMgr - ok

15:10:43.0958 5240 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

15:10:44.0083 5240 ParVdm - ok

15:10:44.0098 5240 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

15:10:44.0239 5240 PCI - ok

15:10:44.0255 5240 PCIDump - ok

15:10:44.0255 5240 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:10:44.0395 5240 PCIIde - ok

15:10:44.0427 5240 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

15:10:44.0552 5240 Pcmcia - ok

15:10:44.0567 5240 PDCOMP - ok

15:10:44.0567 5240 PDFRAME - ok

15:10:44.0583 5240 PDRELI - ok

15:10:44.0583 5240 PDRFRAME - ok

15:10:44.0598 5240 perc2 - ok

15:10:44.0598 5240 perc2hib - ok

15:10:44.0645 5240 pfc (20f2f0f204d7ce28c5498268928e39b8) C:\WINDOWS\system32\drivers\pfc.sys

15:10:44.0661 5240 pfc ( UnsignedFile.Multi.Generic ) - warning

15:10:44.0661 5240 pfc - detected UnsignedFile.Multi.Generic (1)

15:10:44.0677 5240 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:10:44.0833 5240 PptpMiniport - ok

15:10:44.0848 5240 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:10:44.0989 5240 PSched - ok

15:10:45.0020 5240 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:10:45.0161 5240 Ptilink - ok

15:10:45.0177 5240 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

15:10:45.0208 5240 PxHelp20 - ok

15:10:45.0208 5240 ql1080 - ok

15:10:45.0223 5240 Ql10wnt - ok

15:10:45.0223 5240 ql12160 - ok

15:10:45.0239 5240 ql1240 - ok

15:10:45.0239 5240 ql1280 - ok

15:10:45.0255 5240 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:10:45.0395 5240 RasAcd - ok

15:10:45.0411 5240 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:10:45.0552 5240 Rasl2tp - ok

15:10:45.0567 5240 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:10:45.0692 5240 RasPppoe - ok

15:10:45.0708 5240 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:10:45.0848 5240 Raspti - ok

15:10:45.0864 5240 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:10:46.0020 5240 Rdbss - ok

15:10:46.0020 5240 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:10:46.0161 5240 RDPCDD - ok

15:10:46.0192 5240 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

15:10:46.0255 5240 RDPWD - ok

15:10:46.0270 5240 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys

15:10:46.0333 5240 RimUsb - ok

15:10:46.0380 5240 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys

15:10:46.0427 5240 RT61 - ok

15:10:46.0473 5240 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:10:46.0708 5240 Secdrv - ok

15:10:46.0739 5240 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

15:10:46.0895 5240 serenum - ok

15:10:46.0911 5240 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

15:10:47.0067 5240 Serial - ok

15:10:47.0083 5240 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:10:47.0208 5240 Sfloppy - ok

15:10:47.0223 5240 Simbad - ok

15:10:47.0255 5240 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

15:10:47.0395 5240 SLIP - ok

15:10:47.0411 5240 Sparrow - ok

15:10:47.0427 5240 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:10:47.0552 5240 splitter - ok

15:10:47.0583 5240 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

15:10:47.0692 5240 sr - ok

15:10:47.0708 5240 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

15:10:47.0755 5240 Srv - ok

15:10:47.0802 5240 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

15:10:47.0927 5240 streamip - ok

15:10:47.0942 5240 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:10:48.0083 5240 swenum - ok

15:10:48.0114 5240 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:10:48.0255 5240 swmidi - ok

15:10:48.0270 5240 symc810 - ok

15:10:48.0270 5240 symc8xx - ok

15:10:48.0286 5240 sym_hi - ok

15:10:48.0302 5240 sym_u3 - ok

15:10:48.0317 5240 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:10:48.0458 5240 sysaudio - ok

15:10:48.0505 5240 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:10:48.0552 5240 Tcpip - ok

15:10:48.0583 5240 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:10:48.0723 5240 TDPIPE - ok

15:10:48.0739 5240 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:10:48.0895 5240 TDTCP - ok

15:10:48.0911 5240 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:10:49.0067 5240 TermDD - ok

15:10:49.0067 5240 TosIde - ok

15:10:49.0130 5240 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys

15:10:49.0145 5240 TuneUpUtilitiesDrv - ok

15:10:49.0177 5240 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:10:49.0317 5240 Udfs - ok

15:10:49.0333 5240 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\WINDOWS\system32\Drivers\ULCDRHlp.sys

15:10:49.0364 5240 ULCDRHlp ( UnsignedFile.Multi.Generic ) - warning

15:10:49.0364 5240 ULCDRHlp - detected UnsignedFile.Multi.Generic (1)

15:10:49.0364 5240 ultra - ok

15:10:49.0395 5240 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:10:49.0536 5240 Update - ok

15:10:49.0567 5240 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

15:10:49.0723 5240 usbaudio - ok

15:10:49.0739 5240 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:10:49.0880 5240 usbccgp - ok

15:10:49.0895 5240 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:10:50.0036 5240 usbehci - ok

15:10:50.0052 5240 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:10:50.0192 5240 usbhub - ok

15:10:50.0223 5240 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

15:10:50.0364 5240 usbprint - ok

15:10:50.0380 5240 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

15:10:50.0505 5240 usbscan - ok

15:10:50.0520 5240 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:10:50.0645 5240 USBSTOR - ok

15:10:50.0661 5240 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:10:50.0786 5240 usbuhci - ok

15:10:50.0802 5240 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:10:50.0942 5240 VgaSave - ok

15:10:50.0942 5240 ViaIde - ok

15:10:50.0958 5240 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

15:10:51.0114 5240 VolSnap - ok

15:10:51.0177 5240 VX6000 (b21c075fa69897acce0c93b9c3c5eb44) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys

15:10:51.0302 5240 VX6000 - ok

15:10:51.0317 5240 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:10:51.0442 5240 Wanarp - ok

15:10:51.0458 5240 WDICA - ok

15:10:51.0489 5240 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:10:51.0645 5240 wdmaud - ok

15:10:51.0692 5240 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

15:10:51.0833 5240 WS2IFSL - ok

15:10:51.0848 5240 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

15:10:51.0989 5240 WSTCODEC - ok

15:10:52.0005 5240 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:10:52.0067 5240 WudfPf - ok

15:10:52.0083 5240 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

15:10:52.0130 5240 WudfRd - ok

15:10:52.0145 5240 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

15:10:52.0333 5240 \Device\Harddisk0\DR0 - ok

15:10:52.0348 5240 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

15:10:52.0786 5240 \Device\Harddisk1\DR1 - ok

15:10:52.0802 5240 Boot (0x1200) (938374d908406e5a5b4b8a5d82fcae1e) \Device\Harddisk0\DR0\Partition0

15:10:52.0802 5240 \Device\Harddisk0\DR0\Partition0 - ok

15:10:52.0802 5240 Boot (0x1200) (fe8e60f9da8d2e61193f7cfcf8d3bcf1) \Device\Harddisk1\DR1\Partition0

15:10:52.0802 5240 \Device\Harddisk1\DR1\Partition0 - ok

15:10:52.0802 5240 ============================================================

15:10:52.0802 5240 Scan finished

15:10:52.0802 5240 ============================================================

15:10:52.0911 5496 Detected object count: 10

15:10:52.0911 5496 Actual detected object count: 10

15:12:34.0317 5496 A3AB ( UnsignedFile.Multi.Generic ) - skipped by user

15:12:34.0317 5496 A3AB ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:12:34.0317 5496 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

15:12:34.0317 5496 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:12:34.0317 5496 CX88VID ( UnsignedFile.Multi.Generic ) - skipped by user

15:12:34.0317 5496 CX88VID ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:12:34.0317 5496 EIO_XP ( UnsignedFile.Multi.Generic ) - skipped by user

15:12:34.0317 5496 EIO_XP ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:12:34.0317 5496 GTNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user

15:12:34.0317 5496 GTNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:12:34.0317 5496 InCDfs ( UnsignedFile.Multi.Generic ) - skipped by user

15:12:34.0317 5496 InCDfs ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:12:34.0317 5496 InCDPass ( UnsignedFile.Multi.Generic ) - skipped by user

15:12:34.0317 5496 InCDPass ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:12:34.0317 5496 InCDrec ( UnsignedFile.Multi.Generic ) - skipped by user

15:12:34.0317 5496 InCDrec ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:12:34.0317 5496 pfc ( UnsignedFile.Multi.Generic ) - skipped by user

15:12:34.0317 5496 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:12:34.0317 5496 ULCDRHlp ( UnsignedFile.Multi.Generic ) - skipped by user

15:12:34.0317 5496 ULCDRHlp ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:13:16.0145 2768 ============================================================

15:13:16.0145 2768 Scan started

15:13:16.0145 2768 Mode: Manual; SigCheck; TDLFS;

15:13:16.0145 2768 ============================================================

15:13:16.0567 2768 A3AB (21af8e9c727c6d7643ad497268f55bf1) C:\WINDOWS\system32\DRIVERS\A3AB.sys

15:13:16.0614 2768 A3AB ( UnsignedFile.Multi.Generic ) - warning

15:13:16.0614 2768 A3AB - detected UnsignedFile.Multi.Generic (1)

15:13:16.0630 2768 Abiosdsk - ok

15:13:16.0630 2768 abp480n5 - ok

15:13:16.0661 2768 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:13:16.0989 2768 ACPI - ok

15:13:17.0020 2768 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

15:13:17.0161 2768 ACPIEC - ok

15:13:17.0161 2768 adpu160m - ok

15:13:17.0192 2768 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:13:17.0333 2768 aec - ok

15:13:17.0348 2768 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

15:13:17.0364 2768 AegisP ( UnsignedFile.Multi.Generic ) - warning

15:13:17.0364 2768 AegisP - detected UnsignedFile.Multi.Generic (1)

15:13:17.0395 2768 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

15:13:17.0427 2768 AFD - ok

15:13:17.0427 2768 Aha154x - ok

15:13:17.0442 2768 aic78u2 - ok

15:13:17.0442 2768 aic78xx - ok

15:13:17.0458 2768 AliIde - ok

15:13:17.0473 2768 amsint - ok

15:13:17.0473 2768 asc - ok

15:13:17.0489 2768 asc3350p - ok

15:13:17.0489 2768 asc3550 - ok

15:13:17.0520 2768 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys

15:13:17.0536 2768 AsIO - ok

15:13:17.0567 2768 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:13:17.0692 2768 AsyncMac - ok

15:13:17.0723 2768 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:13:17.0864 2768 atapi - ok

15:13:17.0880 2768 Atdisk - ok

15:13:17.0895 2768 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:13:18.0036 2768 Atmarpc - ok

15:13:18.0067 2768 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:13:18.0177 2768 audstub - ok

15:13:18.0208 2768 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:13:18.0333 2768 Beep - ok

15:13:18.0348 2768 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:13:18.0473 2768 cbidf2k - ok

15:13:18.0505 2768 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

15:13:18.0645 2768 CCDECODE - ok

15:13:18.0645 2768 cd20xrnt - ok

15:13:18.0661 2768 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:13:18.0786 2768 Cdaudio - ok

15:13:18.0802 2768 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:13:18.0958 2768 Cdfs - ok

15:13:18.0973 2768 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:13:19.0114 2768 Cdrom - ok

15:13:19.0114 2768 Changer - ok

15:13:19.0130 2768 CmdIde - ok

15:13:19.0145 2768 Cpqarray - ok

15:13:19.0177 2768 CX88VID (d80756a19defdb09c42290f3a0b037c5) C:\WINDOWS\system32\drivers\cxavsvid.sys

15:13:19.0192 2768 CX88VID ( UnsignedFile.Multi.Generic ) - warning

15:13:19.0192 2768 CX88VID - detected UnsignedFile.Multi.Generic (1)

15:13:19.0192 2768 dac2w2k - ok

15:13:19.0208 2768 dac960nt - ok

15:13:19.0223 2768 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:13:19.0364 2768 Disk - ok

15:13:19.0395 2768 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

15:13:19.0536 2768 dmboot - ok

15:13:19.0567 2768 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

15:13:19.0708 2768 dmio - ok

15:13:19.0708 2768 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:13:19.0833 2768 dmload - ok

15:13:19.0864 2768 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:13:20.0005 2768 DMusic - ok

15:13:20.0020 2768 dpti2o - ok

15:13:20.0036 2768 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:13:20.0161 2768 drmkaud - ok

15:13:20.0192 2768 EIO_XP (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO_XP.sys

15:13:20.0192 2768 EIO_XP ( UnsignedFile.Multi.Generic ) - warning

15:13:20.0192 2768 EIO_XP - detected UnsignedFile.Multi.Generic (1)

15:13:20.0223 2768 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:13:20.0348 2768 Fastfat - ok

15:13:20.0380 2768 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

15:13:20.0505 2768 Fdc - ok

15:13:20.0520 2768 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

15:13:20.0661 2768 Fips - ok

15:13:20.0661 2768 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

15:13:20.0802 2768 Flpydisk - ok

15:13:20.0817 2768 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

15:13:20.0942 2768 FltMgr - ok

15:13:20.0958 2768 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:13:21.0083 2768 Fs_Rec - ok

15:13:21.0083 2768 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:13:21.0223 2768 Ftdisk - ok

15:13:21.0239 2768 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

15:13:21.0255 2768 GEARAspiWDM - ok

15:13:21.0270 2768 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:13:21.0411 2768 Gpc - ok

15:13:21.0442 2768 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys

15:13:21.0489 2768 grmnusb - ok

15:13:21.0505 2768 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS

15:13:21.0520 2768 GTNDIS5 ( UnsignedFile.Multi.Generic ) - warning

15:13:21.0520 2768 GTNDIS5 - detected UnsignedFile.Multi.Generic (1)

15:13:21.0552 2768 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

15:13:21.0692 2768 HDAudBus - ok

15:13:21.0708 2768 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:13:21.0848 2768 HidUsb - ok

15:13:21.0848 2768 hpn - ok

15:13:21.0880 2768 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

15:13:21.0911 2768 HTTP - ok

15:13:21.0911 2768 i2omgmt - ok

15:13:21.0927 2768 i2omp - ok

15:13:21.0958 2768 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:13:22.0098 2768 i8042prt - ok

15:13:22.0114 2768 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:13:22.0255 2768 Imapi - ok

15:13:22.0270 2768 InCDfs (6577f49cc833974fdc5f5f061fc85488) C:\WINDOWS\system32\drivers\InCDfs.sys

15:13:22.0302 2768 InCDfs ( UnsignedFile.Multi.Generic ) - warning

15:13:22.0302 2768 InCDfs - detected UnsignedFile.Multi.Generic (1)

15:13:22.0333 2768 InCDPass (5499f13bbccec1bd084d02b107c72740) C:\WINDOWS\system32\DRIVERS\InCDPass.sys

15:13:22.0348 2768 InCDPass ( UnsignedFile.Multi.Generic ) - warning

15:13:22.0348 2768 InCDPass - detected UnsignedFile.Multi.Generic (1)

15:13:22.0348 2768 InCDrec (d7a79ea851e67d6c9eddf516aa23cb34) C:\WINDOWS\system32\drivers\InCDrec.sys

15:13:22.0348 2768 InCDrec ( UnsignedFile.Multi.Generic ) - warning

15:13:22.0348 2768 InCDrec - detected UnsignedFile.Multi.Generic (1)

15:13:22.0364 2768 ini910u - ok

15:13:22.0458 2768 IntcAzAudAddService (fb4293b1eab313c28d4a1b8db61aca72) C:\WINDOWS\system32\drivers\RtkHDAud.sys

15:13:22.0692 2768 IntcAzAudAddService - ok

15:13:22.0708 2768 IntelIde - ok

15:13:22.0739 2768 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:13:23.0020 2768 intelppm - ok

15:13:23.0036 2768 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

15:13:23.0192 2768 Ip6Fw - ok

15:13:23.0223 2768 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:13:23.0348 2768 IpFilterDriver - ok

15:13:23.0380 2768 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:13:23.0505 2768 IpInIp - ok

15:13:23.0520 2768 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:13:23.0661 2768 IpNat - ok

15:13:23.0677 2768 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:13:23.0833 2768 IPSec - ok

15:13:23.0848 2768 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:13:23.0942 2768 IRENUM - ok

15:13:23.0958 2768 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:13:24.0098 2768 isapnp - ok

15:13:24.0130 2768 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:13:24.0255 2768 Kbdclass - ok

15:13:24.0286 2768 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:13:24.0411 2768 kmixer - ok

15:13:24.0427 2768 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

15:13:24.0473 2768 KSecDD - ok

15:13:24.0505 2768 L1e (080cf8720a306a64f7a09d1226491791) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys

15:13:24.0536 2768 L1e - ok

15:13:24.0567 2768 L8042PR2 (4103dbb6caa85e40d271c1ad12bbf776) C:\WINDOWS\system32\Drivers\l8042pr2.sys

15:13:24.0598 2768 L8042PR2 - ok

15:13:24.0614 2768 lbrtfdc - ok

15:13:24.0630 2768 LHidFlt2 (b97d05e656818572b6b04ba682d3aa8f) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys

15:13:24.0661 2768 LHidFlt2 - ok

15:13:24.0692 2768 LHidUsb (826aacb98a2ca5c51e982c748a60d645) C:\WINDOWS\system32\Drivers\LHidUsb.Sys

15:13:24.0723 2768 LHidUsb - ok

15:13:24.0755 2768 LMouFlt2 (b666f835c18974f392a387c6e863072f) C:\WINDOWS\system32\Drivers\LMouFlt2.sys

15:13:24.0786 2768 LMouFlt2 - ok

15:13:24.0802 2768 MBAMSwissArmy - ok

15:13:24.0817 2768 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys

15:13:25.0130 2768 mf - ok

15:13:25.0130 2768 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:13:25.0255 2768 mnmdd - ok

15:13:25.0286 2768 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

15:13:25.0427 2768 Modem - ok

15:13:25.0442 2768 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:13:25.0567 2768 Mouclass - ok

15:13:25.0583 2768 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:13:25.0723 2768 mouhid - ok

15:13:25.0739 2768 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:13:25.0880 2768 MountMgr - ok

15:13:25.0895 2768 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

15:13:26.0020 2768 MPE - ok

15:13:26.0036 2768 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

15:13:26.0083 2768 MpFilter - ok

15:13:26.0114 2768 MpKsl016ef129 - ok

15:13:26.0130 2768 MpKsl150f0143 - ok

15:13:26.0161 2768 MpKsl3f104911 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDEA9195-E1D5-4154-9C9D-16444C9A7565}\MpKsl3f104911.sys

15:13:26.0192 2768 MpKsl3f104911 - ok

15:13:26.0192 2768 MpKsl9f8a4f26 - ok

15:13:26.0192 2768 MpKsle0ff58c0 - ok

15:13:26.0208 2768 MpKslefa96b6e - ok

15:13:26.0208 2768 mraid35x - ok

15:13:26.0223 2768 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:13:26.0364 2768 MRxDAV - ok

15:13:26.0395 2768 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:13:26.0442 2768 MRxSmb - ok

15:13:26.0458 2768 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:13:26.0583 2768 Msfs - ok

15:13:26.0614 2768 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:13:26.0739 2768 MSKSSRV - ok

15:13:26.0755 2768 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:13:26.0880 2768 MSPCLOCK - ok

15:13:26.0880 2768 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:13:27.0005 2768 MSPQM - ok

15:13:27.0020 2768 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:13:27.0161 2768 mssmbios - ok

15:13:27.0177 2768 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

15:13:27.0286 2768 MSTEE - ok

15:13:27.0348 2768 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

15:13:27.0364 2768 MTsensor - ok

15:13:27.0380 2768 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

15:13:27.0411 2768 Mup - ok

15:13:27.0427 2768 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

15:13:27.0552 2768 NABTSFEC - ok

15:13:27.0583 2768 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:13:27.0723 2768 NDIS - ok

15:13:27.0739 2768 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

15:13:27.0864 2768 NdisIP - ok

15:13:27.0880 2768 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:13:27.0927 2768 NdisTapi - ok

15:13:27.0942 2768 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:13:28.0067 2768 Ndisuio - ok

15:13:28.0083 2768 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:13:28.0286 2768 NdisWan - ok

15:13:28.0364 2768 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

15:13:28.0411 2768 NDProxy - ok

15:13:28.0442 2768 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:13:29.0614 2768 NetBIOS - ok

15:13:29.0802 2768 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:13:30.0473 2768 NetBT - ok

15:13:30.0520 2768 NmPar (241c985de3ab9f73568fe3b181dc70f4) C:\WINDOWS\system32\DRIVERS\NmPar.sys

15:13:30.0598 2768 NmPar - ok

15:13:30.0630 2768 npf (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys

15:13:33.0255 2768 npf - ok

15:13:33.0270 2768 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:13:33.0489 2768 Npfs - ok

15:13:33.0520 2768 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:13:33.0661 2768 Ntfs - ok

15:13:33.0692 2768 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:13:33.0802 2768 Null - ok

15:13:33.0989 2768 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

15:13:34.0348 2768 nv - ok

15:13:34.0380 2768 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:13:34.0505 2768 NwlnkFlt - ok

15:13:34.0520 2768 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:13:34.0645 2768 NwlnkFwd - ok

15:13:34.0677 2768 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

15:13:34.0817 2768 Parport - ok

15:13:34.0833 2768 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:13:34.0958 2768 PartMgr - ok

15:13:34.0989 2768 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

15:13:35.0098 2768 ParVdm - ok

15:13:35.0130 2768 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

15:13:35.0270 2768 PCI - ok

15:13:35.0270 2768 PCIDump - ok

15:13:35.0286 2768 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:13:35.0411 2768 PCIIde - ok

15:13:35.0427 2768 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

15:13:35.0567 2768 Pcmcia - ok

15:13:35.0567 2768 PDCOMP - ok

15:13:35.0583 2768 PDFRAME - ok

15:13:35.0583 2768 PDRELI - ok

15:13:35.0598 2768 PDRFRAME - ok

15:13:35.0614 2768 perc2 - ok

15:13:35.0614 2768 perc2hib - ok

15:13:35.0645 2768 pfc (20f2f0f204d7ce28c5498268928e39b8) C:\WINDOWS\system32\drivers\pfc.sys

15:13:35.0661 2768 pfc ( UnsignedFile.Multi.Generic ) - warning

15:13:35.0661 2768 pfc - detected UnsignedFile.Multi.Generic (1)

15:13:35.0692 2768 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:13:35.0817 2768 PptpMiniport - ok

15:13:35.0833 2768 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:13:35.0973 2768 PSched - ok

15:13:35.0989 2768 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:13:36.0114 2768 Ptilink - ok

15:13:36.0130 2768 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

15:13:36.0161 2768 PxHelp20 - ok

15:13:36.0161 2768 ql1080 - ok

15:13:36.0177 2768 Ql10wnt - ok

15:13:36.0177 2768 ql12160 - ok

15:13:36.0192 2768 ql1240 - ok

15:13:36.0192 2768 ql1280 - ok

15:13:36.0208 2768 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:13:36.0317 2768 RasAcd - ok

15:13:36.0333 2768 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:13:36.0473 2768 Rasl2tp - ok

15:13:36.0473 2768 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:13:36.0614 2768 RasPppoe - ok

15:13:36.0630 2768 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:13:36.0755 2768 Raspti - ok

15:13:36.0786 2768 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:13:36.0927 2768 Rdbss - ok

15:13:36.0927 2768 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:13:37.0052 2768 RDPCDD - ok

15:13:37.0083 2768 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

15:13:37.0130 2768 RDPWD - ok

15:13:37.0161 2768 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys

15:13:37.0177 2768 RimUsb - ok

15:13:37.0223 2768 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys

15:13:37.0255 2768 RT61 - ok

15:13:37.0302 2768 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:13:37.0395 2768 Secdrv - ok

15:13:37.0411 2768 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

15:13:37.0536 2768 serenum - ok

15:13:37.0552 2768 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

15:13:37.0708 2768 Serial - ok

15:13:37.0723 2768 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:13:37.0848 2768 Sfloppy - ok

15:13:37.0864 2768 Simbad - ok

15:13:37.0880 2768 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

15:13:38.0005 2768 SLIP - ok

15:13:38.0005 2768 Sparrow - ok

15:13:38.0036 2768 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:13:38.0145 2768 splitter - ok

15:13:38.0161 2768 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

15:13:38.0270 2768 sr - ok

15:13:38.0302 2768 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

15:13:38.0348 2768 Srv - ok

15:13:38.0380 2768 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

15:13:38.0520 2768 streamip - ok

15:13:38.0536 2768 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:13:38.0661 2768 swenum - ok

15:13:38.0677 2768 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:13:38.0802 2768 swmidi - ok

15:13:38.0817 2768 symc810 - ok

15:13:38.0833 2768 symc8xx - ok

15:13:38.0833 2768 sym_hi - ok

15:13:38.0848 2768 sym_u3 - ok

15:13:38.0864 2768 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:13:39.0005 2768 sysaudio - ok

15:13:39.0020 2768 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:13:39.0067 2768 Tcpip - ok

15:13:39.0098 2768 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:13:39.0223 2768 TDPIPE - ok

15:13:39.0255 2768 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:13:39.0380 2768 TDTCP - ok

15:13:39.0411 2768 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:13:39.0536 2768 TermDD - ok

15:13:39.0552 2768 TosIde - ok

15:13:39.0598 2768 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys

15:13:39.0614 2768 TuneUpUtilitiesDrv - ok

15:13:39.0645 2768 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:13:39.0786 2768 Udfs - ok

15:13:39.0802 2768 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\WINDOWS\system32\Drivers\ULCDRHlp.sys

15:13:39.0817 2768 ULCDRHlp ( UnsignedFile.Multi.Generic ) - warning

15:13:39.0817 2768 ULCDRHlp - detected UnsignedFile.Multi.Generic (1)

15:13:39.0833 2768 ultra - ok

15:13:39.0864 2768 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:13:39.0989 2768 Update - ok

15:13:40.0036 2768 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

15:13:40.0177 2768 usbaudio - ok

15:13:40.0208 2768 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:13:40.0333 2768 usbccgp - ok

15:13:40.0348 2768 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:13:40.0473 2768 usbehci - ok

15:13:40.0489 2768 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:13:40.0630 2768 usbhub - ok

15:13:40.0645 2768 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

15:13:40.0770 2768 usbprint - ok

15:13:40.0786 2768 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

15:13:40.0911 2768 usbscan - ok

15:13:40.0927 2768 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:13:41.0052 2768 USBSTOR - ok

15:13:41.0067 2768 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:13:41.0192 2768 usbuhci - ok

15:13:41.0208 2768 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:13:41.0333 2768 VgaSave - ok

15:13:41.0348 2768 ViaIde - ok

15:13:41.0364 2768 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

15:13:41.0505 2768 VolSnap - ok

15:13:41.0567 2768 VX6000 (b21c075fa69897acce0c93b9c3c5eb44) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys

15:13:41.0677 2768 VX6000 - ok

15:13:41.0677 2768 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:13:41.0817 2768 Wanarp - ok

15:13:41.0833 2768 WDICA - ok

15:13:41.0848 2768 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:13:42.0005 2768 wdmaud - ok

15:13:42.0036 2768 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

15:13:42.0161 2768 WS2IFSL - ok

15:13:42.0192 2768 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

15:13:42.0317 2768 WSTCODEC - ok

15:13:42.0348 2768 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:13:42.0411 2768 WudfPf - ok

15:13:42.0411 2768 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

15:13:42.0458 2768 WudfRd - ok

15:13:42.0489 2768 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

15:13:42.0677 2768 \Device\Harddisk0\DR0 - ok

15:13:42.0692 2768 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

15:13:43.0145 2768 \Device\Harddisk1\DR1 - ok

15:13:43.0145 2768 Boot (0x1200) (938374d908406e5a5b4b8a5d82fcae1e) \Device\Harddisk0\DR0\Partition0

15:13:43.0145 2768 \Device\Harddisk0\DR0\Partition0 - ok

15:13:43.0145 2768 Boot (0x1200) (fe8e60f9da8d2e61193f7cfcf8d3bcf1) \Device\Harddisk1\DR1\Partition0

15:13:43.0145 2768 \Device\Harddisk1\DR1\Partition0 - ok

15:13:43.0145 2768 ============================================================

15:13:43.0145 2768 Scan finished

15:13:43.0145 2768 ============================================================

15:13:43.0161 3120 Detected object count: 10

15:13:43.0161 3120 Actual detected object count: 10

15:23:22.0880 3120 A3AB ( UnsignedFile.Multi.Generic ) - skipped by user

15:23:22.0880 3120 A3AB ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:23:22.0880 3120 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

15:23:22.0880 3120 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:23:22.0880 3120 CX88VID ( UnsignedFile.Multi.Generic ) - skipped by user

15:23:22.0880 3120 CX88VID ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:23:22.0880 3120 EIO_XP ( UnsignedFile.Multi.Generic ) - skipped by user

15:23:22.0880 3120 EIO_XP ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:23:22.0895 3120 GTNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user

15:23:22.0895 3120 GTNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:23:22.0895 3120 InCDfs ( UnsignedFile.Multi.Generic ) - skipped by user

15:23:22.0895 3120 InCDfs ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:23:22.0895 3120 InCDPass ( UnsignedFile.Multi.Generic ) - skipped by user

15:23:22.0895 3120 InCDPass ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:23:22.0895 3120 InCDrec ( UnsignedFile.Multi.Generic ) - skipped by user

15:23:22.0895 3120 InCDrec ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:23:22.0895 3120 pfc ( UnsignedFile.Multi.Generic ) - skipped by user

15:23:22.0895 3120 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:23:22.0895 3120 ULCDRHlp ( UnsignedFile.Multi.Generic ) - skipped by user

15:23:22.0895 3120 ULCDRHlp ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:23:35.0208 2596 Deinitialize success

TDSSKiller.2.6.21.0_02.12.2011_15.08.39_log.txt

Link to post
Share on other sites

I think those are OK.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix 11-12-02.02 - Doug 12/02/2011 16:08:23.1.4 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2863 [GMT -8:00]

Running from: c:\documents and settings\Doug\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Doug\Application Data\ptzP0ycA1v3n

c:\documents and settings\Doug\Application Data\ptzP0ycA1v3n\Cloud AV 2012.ico

c:\documents and settings\Doug\WINDOWS

c:\program files\Internet Explorer\SET10.tmp

c:\program files\Internet Explorer\SET11.tmp

c:\program files\Internet Explorer\SET12.tmp

c:\program files\Internet Explorer\SET13.tmp

c:\program files\Internet Explorer\SET14.tmp

c:\program files\Internet Explorer\SET15.tmp

c:\program files\Internet Explorer\SET16.tmp

c:\program files\Internet Explorer\SET17.tmp

c:\program files\Internet Explorer\SET18.tmp

c:\program files\Internet Explorer\SET19.tmp

c:\program files\Internet Explorer\SET1A.tmp

c:\program files\Internet Explorer\SET1B.tmp

c:\program files\Internet Explorer\SET1C.tmp

c:\program files\Internet Explorer\SET1D.tmp

c:\program files\Internet Explorer\SET22.tmp

c:\program files\Internet Explorer\SET23.tmp

c:\program files\Internet Explorer\SET2A.tmp

c:\program files\Internet Explorer\SET2B.tmp

c:\program files\Internet Explorer\SET6.tmp

c:\program files\Internet Explorer\SET7.tmp

c:\program files\Internet Explorer\SET79.tmp

c:\program files\Internet Explorer\SET7A.tmp

c:\program files\Internet Explorer\SET8.tmp

c:\program files\Internet Explorer\SET9.tmp

c:\program files\Internet Explorer\SETA.tmp

c:\program files\Internet Explorer\SETB.tmp

c:\program files\Internet Explorer\SETC.tmp

c:\program files\Internet Explorer\SETD.tmp

c:\program files\Internet Explorer\SETD3.tmp

c:\program files\Internet Explorer\SETD4.tmp

c:\program files\Internet Explorer\SETE.tmp

c:\program files\Internet Explorer\SETF.tmp

c:\program files\LP

c:\program files\LP\C08D\E71.tmp

c:\program files\LP\C08D\E73.tmp

c:\windows\$NtUninstallKB60158$

c:\windows\$NtUninstallKB60158$\1996135428\@

c:\windows\$NtUninstallKB60158$\1996135428\bckfg.tmp

c:\windows\$NtUninstallKB60158$\1996135428\cfg.ini

c:\windows\$NtUninstallKB60158$\1996135428\Desktop.ini

c:\windows\$NtUninstallKB60158$\1996135428\keywords

c:\windows\$NtUninstallKB60158$\1996135428\kwrd.dll

c:\windows\$NtUninstallKB60158$\1996135428\L\gihfsxea

c:\windows\$NtUninstallKB60158$\1996135428\lsflt7.ver

c:\windows\$NtUninstallKB60158$\1996135428\U\00000001.@

c:\windows\$NtUninstallKB60158$\1996135428\U\00000002.@

c:\windows\$NtUninstallKB60158$\1996135428\U\00000004.@

c:\windows\$NtUninstallKB60158$\1996135428\U\80000000.@

c:\windows\$NtUninstallKB60158$\1996135428\U\80000004.@

c:\windows\$NtUninstallKB60158$\1996135428\U\80000032.@

c:\windows\$NtUninstallKB60158$\4168914228

c:\windows\Downloaded Program Files\ODCTOOLS

c:\windows\svcs.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NetworkLog

-------\Service_NetworkLog

.

.

((((((((((((((((((((((((( Files Created from 2011-11-03 to 2011-12-03 )))))))))))))))))))))))))))))))

.

.

2011-12-03 00:26 . 2011-12-03 00:26 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDEA9195-E1D5-4154-9C9D-16444C9A7565}\offreg.dll

2011-12-02 15:44 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDEA9195-E1D5-4154-9C9D-16444C9A7565}\mpengine.dll

2011-11-30 00:21 . 2011-11-30 00:21 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2011-11-27 18:11 . 2011-11-27 18:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2011-11-26 22:12 . 2011-11-18 22:37 31552 ----a-w- c:\windows\system32\TURegOpt.exe

2011-11-26 22:12 . 2011-11-27 01:11 -------- d-----w- c:\program files\TuneUp Utilities 2012

2011-11-26 21:18 . 2011-11-26 21:18 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2011-11-26 12:29 . 2011-11-26 12:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2011-11-25 06:32 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-25 05:23 . 2011-11-25 12:01 -------- d-----w- c:\program files\60A98

2011-11-25 05:22 . 2011-11-25 12:01 -------- d-----w- c:\documents and settings\Doug\Application Data\DC360

2011-11-25 05:22 . 2011-11-25 05:22 -------- d-----w- c:\documents and settings\Doug\Application Data\OibF3pnG5Q6W8R9

2011-11-25 05:22 . 2011-11-25 05:22 -------- d-----w- c:\documents and settings\Doug\Application Data\libD3pnG5

2011-11-25 05:22 . 2011-11-25 05:22 -------- d-----w- c:\documents and settings\Doug\Application Data\o3onG4aQHsKfLgX

2011-11-07 01:12 . 2011-11-07 01:12 -------- d-----w- C:\Garmin

2011-11-07 01:03 . 2011-11-07 01:03 -------- d-----w- c:\program files\DIFX

2011-11-06 23:54 . 2011-11-07 01:03 -------- d-----w- c:\program files\Garmin

2011-11-06 23:54 . 2011-11-06 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Garmin

2011-11-06 23:31 . 2011-11-06 23:31 -------- d-----w- c:\program files\Microsoft.NET

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-27 01:26 . 2011-05-30 00:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-21 10:47 . 2009-11-01 09:00 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-10-10 14:22 . 2009-05-06 23:57 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41 . 2008-04-14 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-07 19:16 . 2009-05-09 15:59 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-09-07 19:16 . 2009-05-09 15:59 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-09-06 13:20 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-11-24 02:51 . 2011-06-24 05:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-08 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]

"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-09-07 273528]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]

"Atomic.exe"="c:\program files\Atomic Clock Sync\Atomic.exe" [2004-06-17 524288]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

c:\documents and settings\Doug\Start Menu\Programs\Startup\

EzWare EzDesk.lnk - c:\windows\EzDesk.exe [2009-5-8 61440]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MaxRecentDocs"= 20 (0x14)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk

backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]

2008-10-17 00:50 1171456 ----a-w- c:\program files\ASUS\SmartDoctor\SmartDoctor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-03-02 05:45 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

2006-10-14 01:01 277296 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]

2003-11-07 09:50 19968 ------w- c:\windows\LOGI_MWX.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 09:50 155648 ----a-r- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]

2002-06-03 18:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-05-08 15:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

"Google Update"="c:\documents and settings\Doug\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

"Adobe_ID0EYTHM"=c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

"VX6000"=c:\windows\vVX6000.exe

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"OrderReminder"=c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe

"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot

"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

"InCD"=c:\program files\Ahead\InCD\InCD.exe

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\Downloaded Program Files\\TunnelServer.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Documents and Settings\\Doug\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\WINDOWS\\system32\\mshta.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

.

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/15/2010 4:45 PM 35088]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [11/18/2011 2:37 PM 1510720]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]

R3 CX88VID;Conexant 2388x AvStream Video Capture;c:\windows\system32\drivers\cxavsvid.sys [5/7/2009 11:15 AM 280576]

R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [5/8/2009 11:04 AM 80256]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [11/8/2011 9:25 PM 10064]

S1 MpKsl016ef129;MpKsl016ef129;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5F2E7D48-668A-43A9-8250-34E04E95F86A}\MpKsl016ef129.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5F2E7D48-668A-43A9-8250-34E04E95F86A}\MpKsl016ef129.sys [?]

S1 MpKsl9f8a4f26;MpKsl9f8a4f26;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A610270-9FA8-4F7F-BCD4-C56B076A8358}\MpKsl9f8a4f26.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A610270-9FA8-4F7F-BCD4-C56B076A8358}\MpKsl9f8a4f26.sys [?]

S1 MpKsle0ff58c0;MpKsle0ff58c0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{427688BC-08EA-4DF8-BD4A-8B6ED3A2E0EE}\MpKsle0ff58c0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{427688BC-08EA-4DF8-BD4A-8B6ED3A2E0EE}\MpKsle0ff58c0.sys [?]

S1 MpKslefa96b6e;MpKslefa96b6e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E84E0321-4A9C-4729-80F9-2B7EC05E8EE9}\MpKslefa96b6e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E84E0321-4A9C-4729-80F9-2B7EC05E8EE9}\MpKslefa96b6e.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate1c9cff4315cce0;Google Update Service (gupdate1c9cff4315cce0);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2009 7:45 AM 133104]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [5/23/2007 3:15 AM 547744]

S3 GSService;GSService;c:\windows\system32\GSService.exe [9/4/2011 9:51 AM 450048]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2009 7:45 AM 133104]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]

S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [6/29/2006 3:56 PM 2383152]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-02 c:\windows\Tasks\AdobeAAMUpdater-1.0-DOUG-13D0571567-Doug.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-29 00:42]

.

2011-12-02 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-08 18:35]

.

2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 15:45]

.

2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 15:45]

.

2011-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-261478967-1801674531-1004Core.job

- c:\documents and settings\Doug\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-11 08:05]

.

2011-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-261478967-1801674531-1004UA.job

- c:\documents and settings\Doug\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-11 08:05]

.

2011-12-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 22:22]

.

2011-12-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-682003330-261478967-1801674531-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 22:22]

.

2011-11-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 22:22]

.

2011-12-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-682003330-261478967-1801674531-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 22:22]

.

2011-12-02 c:\windows\Tasks\User_Feed_Synchronization-{F3829FD9-EFFC-4DC2-93F6-7FEC8A5F9748}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm

LSP: c:\progra~1\SPEEDB~1\sblsp.dll

Trusted Zone: kingcounty.gov\king

Trusted Zone: spl.org\catalog

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{CFEFDD35-2CF2-4720-978F-EA98CF31A225}: NameServer = 8.8.4.4,66.119.7.12,131.191.7.12

FF - ProfilePath - c:\documents and settings\Doug\Application Data\Mozilla\Firefox\Profiles\mke5o1ev.browser2\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-Acrobat Assistant 7 - c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-02 16:27

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,00,20,e6,ea,f7,b9,48,a3,3a,f8,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,00,20,e6,ea,f7,b9,48,a3,3a,f8,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(644)

c:\windows\system32\CLBCATQ.DLL

.

- - - - - - - > 'explorer.exe'(2964)

c:\windows\system32\WININET.dll

c:\program files\Logitech\MouseWare\System\LgWndHk.dll

c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\system32\astsrv.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft LifeCam\MSCamS32.exe

c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe

c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe

c:\windows\RTHDCPL.EXE

c:\program files\Logitech\MouseWare\system\em_exec.exe

.

**************************************************************************

.

Completion time: 2011-12-02 16:31:12 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-03 00:31

.

Pre-Run: 352,936,325,120 bytes free

Post-Run: 354,325,680,128 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=9MNXTW

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=9MNXTW-BAK

.

- - End Of File - - BDE57F7CD5CB78A5A2E29A695E8BDF2D

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.