Jump to content

System Fix Hell


Recommended Posts

Hi All,

I got infected with system fix last week, what a complete nightmare! I have eventually returned the PC to a semi stable condition where I can backup data files etc but there are still problems lurking. If I run the malwarebytes FULL scan I get a BSOD 0x077.

I had malwarebytes and Mcafee running when I was infected, what gives? Are they conflicting?

Any advice you guys can give would be massively appreciated.

attach.txt

dds.txt

Link to post
Share on other sites

Welcome to the forum.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

Hey MrC,

Thanks for taking the time to help me. I ran combofix (took over an hour). It appears to have eradicated the last traces of system fix. Can you run your expert eye ove the combofix log please?

Many thanks

Ed

ComboFix 11-12-05.04 - Edwin 06/12/2011 12:50:44.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1184 [GMT 0:00]

Running from: c:\documents and settings\Edwin\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\18.tmp

C:\189.tmp

C:\1E.tmp

C:\3D.tmp

C:\75.tmp

C:\79.tmp

C:\A.tmp

C:\D1.tmp

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\C31F31E6.TMP

c:\documents and settings\Edwin\Application Data\inst.exe

c:\documents and settings\Edwin\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

c:\documents and settings\Edwin\Application Data\vso_ts_preview.xml

c:\documents and settings\Edwin\g2mdlhlpx.exe

c:\documents and settings\Edwin\GoToAssistDownloadHelper.exe

c:\documents and settings\Edwin\Start Menu\Programs\System Fix

c:\documents and settings\Edwin\WINDOWS

C:\iexplore.exe

c:\windows\dasetup.log

c:\windows\desktop

c:\windows\desktop\Virtual Pool 3.lnk

c:\windows\EventSystem.log

c:\windows\system32\CddbCdda.dll

c:\windows\system32\drivers\npf.sys

c:\windows\system32\install.exe

c:\windows\system32\kill.exe

c:\windows\system32\Packet.dll

c:\windows\system32\wpcap.dll

F:\install.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2011-11-06 to 2011-12-06 )))))))))))))))))))))))))))))))

.

.

2011-12-06 11:46 . 2011-10-18 14:29 28760 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll

2011-12-02 20:52 . 2011-12-02 20:52 -------- d-----w- c:\program files\Microsoft Small Business

2011-12-01 08:48 . 2011-12-01 08:48 -------- d-----w- c:\documents and settings\Edwin\Application Data\Malwarebytes

2011-11-30 17:17 . 2011-12-01 08:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-11-30 17:17 . 2011-12-01 08:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-29 21:52 . 2011-11-29 21:57 -------- d-----w- c:\documents and settings\Edwin\Application Data\B8940581

2011-11-22 13:58 . 2011-11-22 13:58 -------- d-----w- c:\program files\iPod

2011-11-22 13:56 . 2011-11-22 13:59 -------- d-----w- c:\program files\iTunes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-06 13:37 . 2011-05-16 14:55 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys

2011-11-30 14:18 . 2007-07-20 09:00 98304 ----a-w- c:\windows\DUMP8627.tmp

2011-11-28 19:38 . 2008-11-24 11:24 283 ----a-w- c:\documents and settings\Edwin\Local Settings\Application Data\orgit.bat

2011-11-19 14:38 . 2011-05-17 10:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-24 14:29 . 2011-10-24 14:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 14:29 . 2011-10-24 14:29 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-18 14:32 . 2011-10-10 08:32 150856 ----a-w- c:\windows\system32\mfevtps.exe

2011-10-15 13:16 . 2011-10-10 08:34 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-10-15 13:16 . 2011-10-10 08:34 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-10-15 13:16 . 2011-10-10 08:34 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-10-15 13:16 . 2011-10-10 08:34 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-10-15 13:16 . 2011-10-10 08:34 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-10-15 13:16 . 2011-10-10 08:34 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-10-15 13:16 . 2011-10-10 08:34 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-10-15 13:16 . 2011-10-10 08:34 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-10-15 13:16 . 2011-03-13 10:20 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-10-15 13:16 . 2011-03-13 10:20 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-10-10 14:22 . 2007-07-20 08:51 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2007-07-20 08:51 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 10:41 . 2007-07-20 08:51 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 10:41 . 2007-07-20 08:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-10-31 09:23 . 2011-03-24 10:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 13:01 . 2011-10-10 08:34 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-13 39408]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]

"sbitunesagent"="c:\program files\Songbird\songbirditunesagent.exe" [2011-01-27 266240]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 1867888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-02-28 110592]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"sfagent"="c:\program files\Fighters\sfagent.exe" [2010-10-21 760968]

"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-12-21 28672]

"Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2010-12-21 337224]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-8 113664]

DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st800\DSLMON.exe [2008-3-7 946247]

PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2009-8-3 40960]

Sage ACT! Outlook Sync.lnk - c:\program files\ACT\Act for Windows\Act.Outlook.Sync.exe [2010-12-21 91136]

Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-11-13 00:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2006-09-06 09:44 16262656 -c--a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2006-05-16 16:04 2879488 -c--a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Inertia 3\\System\\PSL.Development.MainApp.exe"=

"c:\\Program Files\\Ares\\Ares.exe"=

"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=

"c:\\Windows\\system32\\jgoisnpc.exe"=

"c:\\Windows\\system32\\lemosixt.exe"=

"c:\\Windows\\system32\\kaneceyp.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Axa\\java\\bin\\java.exe"=

"c:\\Program Files\\FileMaker\\FileMaker Pro 8.5\\FileMaker Pro.exe"=

"c:\\Windows\\system32\\ftp.exe"=

"c:\\Program Files\\O2\\bin\\wificfg.exe"=

"c:\\Program Files\\O2\\agent\\bin\\bcont.exe"=

"c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"=

"c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"=

"c:\\Program Files\\Brother\\Brmfl07b\\FAXRX.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Documents and Settings\\Edwin\\Desktop\\utorrent.exe"=

"c:\\Program Files\\FileMaker\\FileMaker Pro 11\\FileMaker Pro.exe"=

"c:\\Program Files\\drahtwerk\\iWebcamera\\iWebcameraApp.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\WePrint\\WePrint Server.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=

"c:\\Program Files\\Calibre2\\calibre.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Microsoft SQL Server\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"54925:UDP"= 54925:UDP:Brother Network Scanner

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/11/2009 17:51 691696]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/10/2011 08:34 89792]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 11:03 169312]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s [?]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/10/2011 08:34 214904]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/10/2011 08:34 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/10/2011 08:34 214904]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [10/10/2011 08:35 160608]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/10/2011 08:32 150856]

R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [05/05/2010 21:40 42884448]

R2 MSSQL$INERTIA3_SQL2005;SQL Server (INERTIA3_SQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/12/2010 17:29 29293408]

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\sfus.exe [21/10/2010 12:44 189064]

R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 16:19 202280]

R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [21/10/2010 12:44 1130120]

R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [25/06/2009 07:22 185640]

R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [11/02/2010 11:42 172328]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10/10/2011 08:34 57600]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s [?]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10/10/2011 08:34 338176]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [10/10/2011 08:34 83856]

R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [07/08/2011 17:28 19056]

R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25/01/2008 09:12 25088]

S2 gupdate1c9c66e5e4f0d7d;Google Update Service (gupdate1c9c66e5e4f0d7d);c:\program files\Google\Update\GoogleUpdate.exe [26/04/2009 12:56 133104]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [30/11/2011 17:17 366152]

S2 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [21/12/2010 13:38 81920]

S3 Compingo License Service;Compingo License Service;c:\program files\Common Files\Compingo Shared\Service\CompingoLicSvc.exe [27/06/2008 16:59 79360]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [08/07/2009 12:47 13224]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/04/2009 12:56 133104]

S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [10/10/2011 08:34 83856]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/10/2011 08:34 87656]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [09/12/2009 15:52 47360]

S3 SM_ml1600_FUService;ML-2010 Status Monitor Service;"c:\program files\Samsung ML-2010 Series\CommonSM\ssmsrvc /Service --> c:\program files\Samsung ML-2010 Series\CommonSM\ssmsrvc [?]

S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [27/04/2008 10:16 30464]

S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [27/04/2008 10:16 12672]

S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [27/04/2008 10:16 32000]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [04/03/2011 16:03 25704]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [04/03/2011 16:04 25704]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [04/03/2011 16:04 25704]

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [04/03/2011 16:05 25704]

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [04/03/2011 16:05 25704]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [05/05/2010 21:41 44896]

S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [03/04/2010 10:02 240608]

S4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [05/05/2010 21:40 367456]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - BDFILESPY

*Deregistered* - BdFileSpy

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]

2010-02-16 19:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]

.

2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 12:56]

.

2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 12:56]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://exweb.exchange.uk.com/public/default.asp

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

Trusted Zone: o2.co.uk\*.broadband

Trusted Zone: uk.com\exweb.exchange

TCP: DhcpNameServer = 192.168.1.254

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Edwin\Application Data\Mozilla\Firefox\Profiles\lnsnbop1.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddrnw

FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{8486ABFB-DD1E-4749-97CA-3C377EE4D86D} - (no file)

BHO-{E21D0334-593F-46CC-AE01-67A6359622EA} - (no file)

HKLM-Run-RegistryMechanic - (no file)

Notify-ljjgeec - ljjgeec.dll

Notify-ljjkigd - ljjkigd.dll

SafeBoot-AVG Anti-Spyware Driver

AddRemove-mortgage brain - m:\mbl\UNWISE.EXE

AddRemove-PremierBuilder - Test Insurer - Legal & General GIology - c:\program files\Legal & General\GIology\GIology

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-06 13:36

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SM_ml1600_FUService]

"ImagePath"="\"c:\program files\Samsung ML-2010 Series\CommonSM\ssmsrvc /Service"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3508)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\crypserv.exe

c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe

c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\program files\TVersity\Media Server\MediaServer.exe

c:\windows\system32\rundll32.exe

c:\program files\TeamViewer\Version5\TeamViewer.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

c:\program files\Brother\ControlCenter3\brccMCtl.exe

c:\windows\system32\rundll32.exe

c:\program files\Brother\Brmfcmon\BrMfimon.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

c:\program files\iPod\bin\iPodService.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\Common Files\Teleca Shared\Generic.exe

c:\windows\system32\SearchProtocolHost.exe

c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

c:\program files\Internet Explorer\IEXPLORE.EXE

c:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Completion time: 2011-12-06 14:04:50 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-06 14:04

.

Pre-Run: 7,237,976,064 bytes free

Post-Run: 8,483,192,832 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optout /fastdetect

.

- - End Of File - - BEAC9A6E6E81D23C110142846DF27654

Link to post
Share on other sites

Looks Good!

Just update and run a quick scan with MBAM

Post back the log if anything is found.

-------------------------------

Your Java is way out of date: (older versions are vulnerable to malware)

BrowserJavaVersion: 1.6.0_03<--- (should be 29)

Check the link below on how to remove all older versions and install the latest one:

http://forums.whatthetech.com/index.php?showtopic=68632

--------------------------------

We'll uninstall all the programs used when we are done, MrC

Link to post
Share on other sites

Hi MrC,

I ran an MBAM scan and got an almost immediate BSOD ( I have attached a photo of the BSOD). When I reboot the PC it appears to work ok after taking an age to boot up. There is also an error code 2 on MBAM and it doesn't enable real time protection, error 1068. Somethings still screwy, should I reinstall MBAM? I have noticed that skype crashes on bootup too.

Oh what to do? :-(

Ed

post-101852-0-31755600-1323250834.jpg

Link to post
Share on other sites

Hi MrC,

Thanks for all your help so far. I'm not too worried about skype and will sort that out, it's a DEP program closure by microsoft, just wondered if was indicative of the larger problem causing the BSOD?

Any thoughts on why the PC crashes so badly when attempting a scan?

Thanks

Ed

Link to post
Share on other sites

...OK so after some catastrophic crashes I have uninstalled MBAM and reinstalled it. It has allowed a full scan without the dreaded blue screen of death. The browsers all seem to be vulnerable because I get redirected to advert sites all the time, is it adware still?

Thanks for being there MrC

Ed

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8327

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

07/12/2011 19:30:56

mbam-log-2011-12-07 (19-30-56).txt

Scan type: Full scan (C:\|)

Objects scanned: 409614

Time elapsed: 3 hour(s), 12 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\system volume information\_restore{4fd9c42b-f176-44a7-a121-e54c16eccf73}\RP1430\A0183410.dll (Malware.Packer.GenX) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Feels like we are getting there!

Here you go.

20:23:03.0195 2536 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06

20:23:04.0273 2536 ============================================================

20:23:04.0273 2536 Current date / time: 2011/12/07 20:23:04.0273

20:23:04.0273 2536 SystemInfo:

20:23:04.0273 2536

20:23:04.0273 2536 OS Version: 5.1.2600 ServicePack: 3.0

20:23:04.0273 2536 Product type: Workstation

20:23:04.0273 2536 ComputerName: MAXDATA-0EDBA54

20:23:04.0273 2536 UserName: Edwin

20:23:04.0273 2536 Windows directory: C:\WINDOWS

20:23:04.0273 2536 System windows directory: C:\WINDOWS

20:23:04.0273 2536 Processor architecture: Intel x86

20:23:04.0273 2536 Number of processors: 2

20:23:04.0273 2536 Page size: 0x1000

20:23:04.0273 2536 Boot type: Normal boot

20:23:04.0273 2536 ============================================================

20:23:05.0633 2536 Initialize success

20:23:31.0445 1404 ============================================================

20:23:31.0445 1404 Scan started

20:23:31.0445 1404 Mode: Manual; SigCheck; TDLFS;

20:23:31.0445 1404 ============================================================

20:23:33.0961 1404 Abiosdsk - ok

20:23:33.0976 1404 abp480n5 - ok

20:23:34.0008 1404 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:23:34.0945 1404 ACPI - ok

20:23:35.0023 1404 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

20:23:35.0289 1404 ACPIEC - ok

20:23:35.0320 1404 ADILOADER (d7d90016bed47a555136f68010027300) C:\WINDOWS\system32\Drivers\adildr.sys

20:23:35.0320 1404 ADILOADER ( UnsignedFile.Multi.Generic ) - warning

20:23:35.0320 1404 ADILOADER - detected UnsignedFile.Multi.Generic (1)

20:23:35.0351 1404 adiusbaw (6fc1e142f4ea1d5127af592364290e49) C:\WINDOWS\system32\DRIVERS\adiusbaw.sys

20:23:35.0367 1404 adiusbaw ( UnsignedFile.Multi.Generic ) - warning

20:23:35.0367 1404 adiusbaw - detected UnsignedFile.Multi.Generic (1)

20:23:35.0398 1404 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

20:23:35.0633 1404 adpu160m - ok

20:23:35.0664 1404 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

20:23:35.0883 1404 aec - ok

20:23:35.0929 1404 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys

20:23:35.0929 1404 Afc ( UnsignedFile.Multi.Generic ) - warning

20:23:35.0929 1404 Afc - detected UnsignedFile.Multi.Generic (1)

20:23:35.0961 1404 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

20:23:36.0023 1404 AFD - ok

20:23:36.0023 1404 Aha154x - ok

20:23:36.0054 1404 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

20:23:36.0304 1404 aic78u2 - ok

20:23:36.0304 1404 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

20:23:36.0554 1404 aic78xx - ok

20:23:36.0554 1404 AliIde - ok

20:23:36.0570 1404 amsint - ok

20:23:36.0586 1404 asc - ok

20:23:36.0586 1404 asc3350p - ok

20:23:36.0601 1404 asc3550 - ok

20:23:36.0633 1404 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:23:36.0867 1404 AsyncMac - ok

20:23:36.0898 1404 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

20:23:37.0148 1404 atapi - ok

20:23:37.0164 1404 Atdisk - ok

20:23:37.0195 1404 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:23:37.0429 1404 Atmarpc - ok

20:23:37.0445 1404 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

20:23:37.0679 1404 audstub - ok

20:23:37.0711 1404 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\WINDOWS\system32\DRIVERS\avgarkt.sys

20:23:37.0711 1404 AVG Anti-Rootkit ( UnsignedFile.Multi.Generic ) - warning

20:23:37.0711 1404 AVG Anti-Rootkit - detected UnsignedFile.Multi.Generic (1)

20:23:37.0773 1404 AVG Anti-Spyware Driver (d6f4c1450699901048818b0c3aaf7a17) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

20:23:37.0883 1404 AVG Anti-Spyware Driver - ok

20:23:37.0976 1404 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys

20:23:37.0992 1404 AvgArCln ( UnsignedFile.Multi.Generic ) - warning

20:23:37.0992 1404 AvgArCln - detected UnsignedFile.Multi.Generic (1)

20:23:38.0023 1404 AvgAsCln (856b0cee009946bf2d327e6b24fe7e3f) C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys

20:23:38.0039 1404 AvgAsCln - ok

20:23:38.0054 1404 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

20:23:38.0304 1404 Beep - ok

20:23:38.0351 1404 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys

20:23:38.0383 1404 BTHPORT - ok

20:23:38.0414 1404 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys

20:23:38.0601 1404 BTHUSB - ok

20:23:38.0617 1404 catchme - ok

20:23:38.0648 1404 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

20:23:38.0914 1404 cbidf2k - ok

20:23:38.0945 1404 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

20:23:39.0179 1404 CCDECODE - ok

20:23:39.0195 1404 cd20xrnt - ok

20:23:39.0211 1404 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

20:23:39.0461 1404 Cdaudio - ok

20:23:39.0508 1404 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

20:23:39.0742 1404 Cdfs - ok

20:23:39.0758 1404 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:23:39.0976 1404 Cdrom - ok

20:23:40.0008 1404 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys

20:23:40.0023 1404 cfwids - ok

20:23:40.0039 1404 Changer - ok

20:23:40.0039 1404 CmdIde - ok

20:23:40.0054 1404 Cpqarray - ok

20:23:40.0070 1404 dac2w2k - ok

20:23:40.0086 1404 dac960nt - ok

20:23:40.0117 1404 DgiVecp (a5034f77b278f07e224fe07cf98a8b76) C:\WINDOWS\system32\Drivers\DgiVecp.sys

20:23:40.0133 1404 DgiVecp ( UnsignedFile.Multi.Generic ) - warning

20:23:40.0133 1404 DgiVecp - detected UnsignedFile.Multi.Generic (1)

20:23:40.0164 1404 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

20:23:40.0383 1404 Disk - ok

20:23:40.0414 1404 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

20:23:40.0695 1404 dmboot - ok

20:23:40.0711 1404 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

20:23:40.0945 1404 dmio - ok

20:23:40.0992 1404 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

20:23:41.0258 1404 dmload - ok

20:23:41.0289 1404 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

20:23:41.0523 1404 DMusic - ok

20:23:41.0539 1404 dpti2o - ok

20:23:41.0554 1404 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

20:23:41.0773 1404 drmkaud - ok

20:23:41.0836 1404 e1express (6f7ccd3c02b26d530900f06d98171a69) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

20:23:41.0883 1404 e1express - ok

20:23:41.0929 1404 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

20:23:42.0179 1404 Fastfat - ok

20:23:42.0195 1404 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

20:23:42.0429 1404 Fdc - ok

20:23:42.0445 1404 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

20:23:42.0679 1404 Fips - ok

20:23:42.0711 1404 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

20:23:42.0945 1404 Flpydisk - ok

20:23:42.0976 1404 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

20:23:43.0211 1404 FltMgr - ok

20:23:43.0258 1404 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:23:43.0492 1404 Fs_Rec - ok

20:23:43.0508 1404 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:23:43.0742 1404 Ftdisk - ok

20:23:43.0789 1404 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

20:23:43.0804 1404 GEARAspiWDM - ok

20:23:43.0836 1404 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys

20:23:43.0851 1404 ggflt - ok

20:23:43.0898 1404 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys

20:23:43.0914 1404 ggsemc - ok

20:23:43.0945 1404 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:23:44.0179 1404 Gpc - ok

20:23:44.0211 1404 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

20:23:44.0461 1404 HDAudBus - ok

20:23:44.0476 1404 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:23:44.0695 1404 HidUsb - ok

20:23:44.0711 1404 hpn - ok

20:23:44.0742 1404 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

20:23:44.0789 1404 HTTP - ok

20:23:44.0789 1404 i2omgmt - ok

20:23:44.0804 1404 i2omp - ok

20:23:44.0804 1404 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

20:23:45.0054 1404 i8042prt - ok

20:23:45.0117 1404 ialm (81efe1c5542afb2570758f39ae3b1151) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

20:23:45.0226 1404 ialm - ok

20:23:45.0273 1404 IASTOR (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

20:23:45.0367 1404 IASTOR - ok

20:23:45.0398 1404 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

20:23:45.0633 1404 Imapi - ok

20:23:45.0648 1404 ini910u - ok

20:23:45.0758 1404 IntcAzAudAddService (fc3a99650afe0b39fe1d214304a7d0d3) C:\WINDOWS\system32\drivers\RtkHDAud.sys

20:23:45.0976 1404 IntcAzAudAddService - ok

20:23:45.0992 1404 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

20:23:46.0226 1404 IntelIde - ok

20:23:46.0242 1404 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

20:23:46.0461 1404 intelppm - ok

20:23:46.0476 1404 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

20:23:46.0711 1404 Ip6Fw - ok

20:23:46.0742 1404 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:23:46.0976 1404 IpFilterDriver - ok

20:23:47.0008 1404 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:23:47.0242 1404 IpInIp - ok

20:23:47.0258 1404 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:23:47.0492 1404 IpNat - ok

20:23:47.0523 1404 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:23:47.0742 1404 IPSec - ok

20:23:47.0758 1404 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

20:23:47.0992 1404 IRENUM - ok

20:23:48.0008 1404 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:23:48.0242 1404 isapnp - ok

20:23:48.0258 1404 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:23:48.0492 1404 Kbdclass - ok

20:23:48.0523 1404 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

20:23:48.0742 1404 kmixer - ok

20:23:48.0773 1404 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

20:23:48.0836 1404 KSecDD - ok

20:23:48.0836 1404 lbrtfdc - ok

20:23:48.0851 1404 lmimirr - ok

20:23:48.0867 1404 MBAMSwissArmy - ok

20:23:48.0914 1404 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys

20:23:48.0929 1404 mfeapfk - ok

20:23:48.0961 1404 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys

20:23:48.0976 1404 mfeavfk - ok

20:23:48.0992 1404 mfeavfk01 - ok

20:23:49.0023 1404 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys

20:23:49.0023 1404 mfebopk - ok

20:23:49.0070 1404 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys

20:23:49.0086 1404 mfefirek - ok

20:23:49.0133 1404 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys

20:23:49.0148 1404 mfehidk - ok

20:23:49.0195 1404 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

20:23:49.0195 1404 mfendisk - ok

20:23:49.0211 1404 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

20:23:49.0226 1404 mfendiskmp - ok

20:23:49.0273 1404 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys

20:23:49.0289 1404 mferkdet - ok

20:23:49.0320 1404 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys

20:23:49.0336 1404 mfetdi2k - ok

20:23:49.0367 1404 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

20:23:49.0617 1404 mnmdd - ok

20:23:49.0648 1404 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

20:23:49.0883 1404 Modem - ok

20:23:49.0898 1404 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:23:50.0148 1404 Mouclass - ok

20:23:50.0179 1404 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:23:50.0414 1404 mouhid - ok

20:23:50.0429 1404 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

20:23:50.0664 1404 MountMgr - ok

20:23:50.0664 1404 mraid35x - ok

20:23:50.0695 1404 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:23:50.0914 1404 MRxDAV - ok

20:23:50.0945 1404 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:23:51.0023 1404 MRxSmb - ok

20:23:51.0070 1404 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

20:23:51.0304 1404 Msfs - ok

20:23:51.0336 1404 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:23:51.0570 1404 MSKSSRV - ok

20:23:51.0601 1404 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:23:51.0836 1404 MSPCLOCK - ok

20:23:51.0867 1404 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

20:23:52.0086 1404 MSPQM - ok

20:23:52.0133 1404 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:23:52.0351 1404 mssmbios - ok

20:23:52.0383 1404 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

20:23:52.0617 1404 MSTEE - ok

20:23:52.0648 1404 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

20:23:52.0711 1404 MTsensor - ok

20:23:52.0742 1404 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

20:23:52.0789 1404 Mup - ok

20:23:52.0804 1404 n558 (88705dc61b9275b82e48904d53031f5b) C:\WINDOWS\system32\Drivers\n558.sys

20:23:52.0867 1404 n558 - ok

20:23:52.0914 1404 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

20:23:53.0148 1404 NABTSFEC - ok

20:23:53.0179 1404 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

20:23:53.0414 1404 NDIS - ok

20:23:53.0429 1404 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

20:23:53.0664 1404 NdisIP - ok

20:23:53.0695 1404 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:23:53.0726 1404 NdisTapi - ok

20:23:53.0758 1404 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:23:53.0992 1404 Ndisuio - ok

20:23:54.0008 1404 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:23:54.0289 1404 NdisWan - ok

20:23:54.0320 1404 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

20:23:54.0383 1404 NDProxy - ok

20:23:54.0445 1404 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

20:23:54.0679 1404 NetBIOS - ok

20:23:54.0711 1404 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

20:23:54.0929 1404 NetBT - ok

20:23:54.0961 1404 NetworkX (363867d32f78f71d610be7a559578a95) C:\WINDOWS\system32\ckldrv.sys

20:23:54.0976 1404 NetworkX ( UnsignedFile.Multi.Generic ) - warning

20:23:54.0976 1404 NetworkX - detected UnsignedFile.Multi.Generic (1)

20:23:55.0039 1404 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\WINDOWS\system32\drivers\ccdcmb.sys

20:23:55.0289 1404 nmwcd - ok

20:23:55.0398 1404 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\WINDOWS\system32\drivers\ccdcmbo.sys

20:23:55.0492 1404 nmwcdc - ok

20:23:55.0523 1404 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

20:23:55.0758 1404 Npfs - ok

20:23:55.0789 1404 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

20:23:56.0023 1404 Ntfs - ok

20:23:56.0054 1404 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

20:23:56.0289 1404 Null - ok

20:23:56.0304 1404 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:23:56.0554 1404 NwlnkFlt - ok

20:23:56.0554 1404 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:23:56.0820 1404 NwlnkFwd - ok

20:23:56.0867 1404 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

20:23:57.0164 1404 Parport - ok

20:23:57.0179 1404 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

20:23:57.0429 1404 PartMgr - ok

20:23:57.0461 1404 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

20:23:57.0742 1404 ParVdm - ok

20:23:57.0789 1404 pbfilter (61a5701e3f543861b21bbe0932c4cc03) C:\Program Files\PeerBlock\pbfilter.sys

20:23:57.0804 1404 pbfilter - ok

20:23:57.0851 1404 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

20:23:57.0914 1404 pccsmcfd - ok

20:23:57.0945 1404 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

20:23:58.0164 1404 PCI - ok

20:23:58.0179 1404 PCIDump - ok

20:23:58.0211 1404 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

20:23:58.0445 1404 PCIIde - ok

20:23:58.0476 1404 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

20:23:58.0695 1404 Pcmcia - ok

20:23:58.0726 1404 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

20:23:58.0742 1404 pcouffin ( UnsignedFile.Multi.Generic ) - warning

20:23:58.0742 1404 pcouffin - detected UnsignedFile.Multi.Generic (1)

20:23:58.0758 1404 PDCOMP - ok

20:23:58.0773 1404 PDFRAME - ok

20:23:58.0773 1404 PDRELI - ok

20:23:58.0789 1404 PDRFRAME - ok

20:23:58.0804 1404 perc2 - ok

20:23:58.0804 1404 perc2hib - ok

20:23:58.0851 1404 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:23:59.0086 1404 PptpMiniport - ok

20:23:59.0086 1404 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

20:23:59.0320 1404 PSched - ok

20:23:59.0336 1404 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:23:59.0586 1404 Ptilink - ok

20:23:59.0601 1404 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

20:23:59.0617 1404 PxHelp20 - ok

20:23:59.0633 1404 ql1080 - ok

20:23:59.0633 1404 Ql10wnt - ok

20:23:59.0648 1404 ql12160 - ok

20:23:59.0664 1404 ql1240 - ok

20:23:59.0664 1404 ql1280 - ok

20:23:59.0679 1404 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:23:59.0929 1404 RasAcd - ok

20:23:59.0945 1404 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:24:00.0179 1404 Rasl2tp - ok

20:24:00.0195 1404 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:24:00.0414 1404 RasPppoe - ok

20:24:00.0429 1404 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

20:24:00.0679 1404 Raspti - ok

20:24:00.0695 1404 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:24:00.0914 1404 Rdbss - ok

20:24:00.0929 1404 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:24:01.0179 1404 RDPCDD - ok

20:24:01.0226 1404 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

20:24:01.0273 1404 RDPWD - ok

20:24:01.0304 1404 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

20:24:01.0523 1404 redbook - ok

20:24:01.0570 1404 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\WINDOWS\system32\DRIVERS\RsFx0150.sys

20:24:01.0586 1404 RsFx0150 - ok

20:24:01.0633 1404 se59bus (7c38fc284136981ebe002252fa0900d3) C:\WINDOWS\system32\DRIVERS\se59bus.sys

20:24:01.0820 1404 se59bus - ok

20:24:01.0898 1404 se59mdfl (3ced539f4373ccf8d3fe71ae51053d5d) C:\WINDOWS\system32\DRIVERS\se59mdfl.sys

20:24:01.0976 1404 se59mdfl - ok

20:24:02.0008 1404 se59mdm (c6a6aa039d14f2ea1998e5f922014067) C:\WINDOWS\system32\DRIVERS\se59mdm.sys

20:24:02.0086 1404 se59mdm - ok

20:24:02.0101 1404 se59mgmt (7eecfa334292b1cd8de4990b63e02360) C:\WINDOWS\system32\DRIVERS\se59mgmt.sys

20:24:02.0195 1404 se59mgmt - ok

20:24:02.0195 1404 se59nd5 (555895a241611c59ce057c42bc8b6e85) C:\WINDOWS\system32\DRIVERS\se59nd5.sys

20:24:02.0273 1404 se59nd5 - ok

20:24:02.0289 1404 se59obex (729dfa6451b7356834bfa6faec9e3092) C:\WINDOWS\system32\DRIVERS\se59obex.sys

20:24:02.0367 1404 se59obex - ok

20:24:02.0383 1404 se59unic (5f453e3e797dbeefe35869dc0239effa) C:\WINDOWS\system32\DRIVERS\se59unic.sys

20:24:02.0445 1404 se59unic - ok

20:24:02.0476 1404 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:24:02.0695 1404 Secdrv - ok

20:24:02.0742 1404 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

20:24:02.0976 1404 serenum - ok

20:24:02.0992 1404 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

20:24:03.0242 1404 Serial - ok

20:24:03.0258 1404 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

20:24:03.0523 1404 Sfloppy - ok

20:24:03.0539 1404 Simbad - ok

20:24:03.0554 1404 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

20:24:03.0758 1404 SLIP - ok

20:24:03.0773 1404 Sparrow - ok

20:24:03.0804 1404 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

20:24:04.0039 1404 splitter - ok

20:24:04.0070 1404 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys

20:24:04.0070 1404 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

20:24:04.0086 1404 sptd ( LockedFile.Multi.Generic ) - warning

20:24:04.0086 1404 sptd - detected LockedFile.Multi.Generic (1)

20:24:04.0117 1404 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

20:24:04.0351 1404 sr - ok

20:24:04.0383 1404 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

20:24:04.0461 1404 Srv - ok

20:24:04.0492 1404 ST330 (c9fa6a70c051fc59d22c2e4cd211ad9b) C:\WINDOWS\system32\drivers\st330.sys

20:24:04.0570 1404 ST330 - ok

20:24:04.0586 1404 STBUS (0017202eb0224f82706f04ed35ab23c2) C:\WINDOWS\system32\drivers\stbus.sys

20:24:04.0617 1404 STBUS - ok

20:24:04.0648 1404 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

20:24:04.0883 1404 StillCam - ok

20:24:04.0914 1404 stppp (0a9484e3cdafb529b392b5e9ebbc4aa6) C:\WINDOWS\system32\DRIVERS\stppp.sys

20:24:04.0961 1404 stppp - ok

20:24:04.0992 1404 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

20:24:05.0179 1404 streamip - ok

20:24:05.0211 1404 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

20:24:05.0445 1404 swenum - ok

20:24:05.0476 1404 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

20:24:05.0695 1404 swmidi - ok

20:24:05.0711 1404 symc810 - ok

20:24:05.0742 1404 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

20:24:05.0976 1404 symc8xx - ok

20:24:05.0992 1404 sym_hi - ok

20:24:06.0008 1404 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

20:24:06.0258 1404 sym_u3 - ok

20:24:06.0273 1404 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

20:24:06.0508 1404 sysaudio - ok

20:24:06.0539 1404 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys

20:24:06.0554 1404 tbhsd - ok

20:24:06.0586 1404 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:24:06.0648 1404 Tcpip - ok

20:24:06.0679 1404 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

20:24:06.0914 1404 TDPIPE - ok

20:24:06.0929 1404 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

20:24:07.0164 1404 TDTCP - ok

20:24:07.0195 1404 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys

20:24:07.0258 1404 teamviewervpn - ok

20:24:07.0304 1404 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

20:24:07.0539 1404 TermDD - ok

20:24:07.0539 1404 TosIde - ok

20:24:07.0570 1404 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

20:24:07.0804 1404 Udfs - ok

20:24:07.0820 1404 ultra - ok

20:24:07.0851 1404 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

20:24:08.0086 1404 Update - ok

20:24:08.0133 1404 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys

20:24:08.0226 1404 upperdev - ok

20:24:08.0273 1404 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

20:24:08.0320 1404 USBAAPL - ok

20:24:08.0351 1404 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

20:24:08.0586 1404 usbaudio - ok

20:24:08.0617 1404 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:24:08.0836 1404 usbccgp - ok

20:24:08.0867 1404 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:24:09.0101 1404 usbehci - ok

20:24:09.0117 1404 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:24:09.0351 1404 usbhub - ok

20:24:09.0383 1404 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

20:24:09.0617 1404 usbprint - ok

20:24:09.0633 1404 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

20:24:09.0867 1404 usbscan - ok

20:24:09.0883 1404 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys

20:24:10.0101 1404 usbser - ok

20:24:10.0148 1404 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys

20:24:10.0242 1404 UsbserFilt - ok

20:24:10.0242 1404 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:24:10.0476 1404 USBSTOR - ok

20:24:10.0492 1404 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:24:10.0695 1404 usbuhci - ok

20:24:10.0742 1404 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

20:24:10.0976 1404 usbvideo - ok

20:24:11.0008 1404 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

20:24:11.0226 1404 VgaSave - ok

20:24:11.0258 1404 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

20:24:11.0476 1404 ViaIde - ok

20:24:11.0492 1404 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

20:24:11.0711 1404 VolSnap - ok

20:24:11.0742 1404 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:24:11.0961 1404 Wanarp - ok

20:24:11.0992 1404 wceusbsh (4c0b8ef721783f52f8e531fbdc4b1f74) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

20:24:12.0226 1404 wceusbsh - ok

20:24:12.0273 1404 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

20:24:12.0289 1404 Wdf01000 - ok

20:24:12.0304 1404 WDICA - ok

20:24:12.0336 1404 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

20:24:12.0570 1404 wdmaud - ok

20:24:12.0617 1404 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

20:24:12.0648 1404 WpdUsb - ok

20:24:12.0679 1404 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys

20:24:12.0679 1404 WsAudio_DeviceS(1) - ok

20:24:12.0711 1404 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys

20:24:12.0711 1404 WsAudio_DeviceS(2) - ok

20:24:12.0742 1404 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys

20:24:12.0758 1404 WsAudio_DeviceS(3) - ok

20:24:12.0789 1404 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys

20:24:12.0789 1404 WsAudio_DeviceS(4) - ok

20:24:12.0804 1404 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys

20:24:12.0820 1404 WsAudio_DeviceS(5) - ok

20:24:12.0851 1404 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

20:24:13.0086 1404 WSTCODEC - ok

20:24:13.0117 1404 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

20:24:13.0164 1404 WudfPf - ok

20:24:13.0195 1404 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

20:24:13.0242 1404 WudfRd - ok

20:24:13.0273 1404 ZY202_XP (bd6354de4d081de96c79bdb53f55ca82) C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys

20:24:13.0351 1404 ZY202_XP - ok

20:24:13.0398 1404 MBR (0x1B8) (74d61e5aef3de3d05fdefb2e1da465d0) \Device\Harddisk0\DR0

20:24:13.0398 1404 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected

20:24:13.0398 1404 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)

20:24:13.0492 1404 Boot (0x1200) (44f8fccc4a2c861ee7cb234553244d1f) \Device\Harddisk0\DR0\Partition0

20:24:13.0492 1404 \Device\Harddisk0\DR0\Partition0 - ok

20:24:13.0492 1404 Boot (0x1200) (69e7c763bee3c31e82462af69b0c5a08) \Device\Harddisk0\DR0\Partition1

20:24:13.0492 1404 \Device\Harddisk0\DR0\Partition1 - ok

20:24:13.0508 1404 Boot (0x1200) (43c7d74f15cf0cedb707e60dcc4ba9dd) \Device\Harddisk0\DR0\Partition2

20:24:13.0508 1404 \Device\Harddisk0\DR0\Partition2 - ok

20:24:13.0523 1404 Boot (0x1200) (581fe5733b5a935c9e5f7d9de52b0bc0) \Device\Harddisk0\DR0\Partition3

20:24:13.0523 1404 \Device\Harddisk0\DR0\Partition3 - ok

20:24:13.0539 1404 Boot (0x1200) (f6725267403040298bf73ea555cd6733) \Device\Harddisk0\DR0\Partition4

20:24:13.0539 1404 \Device\Harddisk0\DR0\Partition4 - ok

20:24:13.0539 1404 ============================================================

20:24:13.0539 1404 Scan finished

20:24:13.0539 1404 ============================================================

20:24:13.0648 2148 Detected object count: 10

20:24:13.0648 2148 Actual detected object count: 10

20:31:54.0679 2148 ADILOADER ( UnsignedFile.Multi.Generic ) - skipped by user

20:31:54.0679 2148 ADILOADER ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:31:54.0679 2148 adiusbaw ( UnsignedFile.Multi.Generic ) - skipped by user

20:31:54.0679 2148 adiusbaw ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:31:54.0679 2148 Afc ( UnsignedFile.Multi.Generic ) - skipped by user

20:31:54.0679 2148 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:31:54.0679 2148 AVG Anti-Rootkit ( UnsignedFile.Multi.Generic ) - skipped by user

20:31:54.0679 2148 AVG Anti-Rootkit ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:31:54.0679 2148 AvgArCln ( UnsignedFile.Multi.Generic ) - skipped by user

20:31:54.0679 2148 AvgArCln ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:31:54.0679 2148 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user

20:31:54.0679 2148 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:31:54.0679 2148 NetworkX ( UnsignedFile.Multi.Generic ) - skipped by user

20:31:54.0679 2148 NetworkX ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:31:54.0679 2148 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user

20:31:54.0679 2148 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:31:54.0679 2148 sptd ( LockedFile.Multi.Generic ) - skipped by user

20:31:54.0679 2148 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

20:31:54.0711 2148 \Device\Harddisk0\DR0 - processing error

20:32:05.0523 2148 \Device\Harddisk0\DR0 - will be restored on reboot

20:32:05.0523 2148 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore

20:32:08.0414 4280 Deinitialize success

Link to post
Share on other sites

Hi Mr c, all was going so well i did a TDSS killer scan and you can see the results below, it found nothing. I then did MBAM quick scan and i got a BSOD.

11:40:57.0750 1480 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06

11:40:58.0687 1480 ============================================================

11:40:58.0687 1480 Current date / time: 2011/12/08 11:40:58.0687

11:40:58.0687 1480 SystemInfo:

11:40:58.0687 1480

11:40:58.0687 1480 OS Version: 5.1.2600 ServicePack: 3.0

11:40:58.0687 1480 Product type: Workstation

11:40:58.0687 1480 ComputerName: MAXDATA-0EDBA54

11:40:58.0687 1480 UserName: Edwin

11:40:58.0687 1480 Windows directory: C:\WINDOWS

11:40:58.0687 1480 System windows directory: C:\WINDOWS

11:40:58.0687 1480 Processor architecture: Intel x86

11:40:58.0687 1480 Number of processors: 2

11:40:58.0687 1480 Page size: 0x1000

11:40:58.0687 1480 Boot type: Normal boot

11:40:58.0687 1480 ============================================================

11:40:59.0468 1480 Initialize success

11:41:03.0984 2956 ============================================================

11:41:03.0984 2956 Scan started

11:41:03.0984 2956 Mode: Manual; SigCheck; TDLFS;

11:41:03.0984 2956 ============================================================

11:41:06.0875 2956 Abiosdsk - ok

11:41:06.0890 2956 abp480n5 - ok

11:41:06.0921 2956 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

11:41:08.0031 2956 ACPI - ok

11:41:08.0109 2956 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

11:41:08.0218 2956 ACPIEC - ok

11:41:08.0250 2956 ADILOADER (d7d90016bed47a555136f68010027300) C:\WINDOWS\system32\Drivers\adildr.sys

11:41:08.0359 2956 ADILOADER ( UnsignedFile.Multi.Generic ) - warning

11:41:08.0359 2956 ADILOADER - detected UnsignedFile.Multi.Generic (1)

11:41:08.0453 2956 adiusbaw (6fc1e142f4ea1d5127af592364290e49) C:\WINDOWS\system32\DRIVERS\adiusbaw.sys

11:41:08.0593 2956 adiusbaw ( UnsignedFile.Multi.Generic ) - warning

11:41:08.0593 2956 adiusbaw - detected UnsignedFile.Multi.Generic (1)

11:41:08.0671 2956 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

11:41:08.0781 2956 adpu160m - ok

11:41:08.0812 2956 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

11:41:08.0921 2956 aec - ok

11:41:08.0968 2956 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys

11:41:09.0078 2956 Afc ( UnsignedFile.Multi.Generic ) - warning

11:41:09.0078 2956 Afc - detected UnsignedFile.Multi.Generic (1)

11:41:09.0125 2956 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

11:41:09.0250 2956 AFD - ok

11:41:09.0265 2956 Aha154x - ok

11:41:09.0296 2956 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

11:41:09.0390 2956 aic78u2 - ok

11:41:09.0390 2956 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

11:41:09.0515 2956 aic78xx - ok

11:41:09.0531 2956 AliIde - ok

11:41:09.0531 2956 amsint - ok

11:41:09.0562 2956 asc - ok

11:41:09.0562 2956 asc3350p - ok

11:41:09.0578 2956 asc3550 - ok

11:41:09.0609 2956 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

11:41:09.0703 2956 AsyncMac - ok

11:41:09.0734 2956 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

11:41:09.0828 2956 atapi - ok

11:41:09.0843 2956 Atdisk - ok

11:41:09.0859 2956 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

11:41:09.0953 2956 Atmarpc - ok

11:41:09.0984 2956 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

11:41:10.0078 2956 audstub - ok

11:41:10.0109 2956 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\WINDOWS\system32\DRIVERS\avgarkt.sys

11:41:10.0109 2956 AVG Anti-Rootkit ( UnsignedFile.Multi.Generic ) - warning

11:41:10.0109 2956 AVG Anti-Rootkit - detected UnsignedFile.Multi.Generic (1)

11:41:10.0171 2956 AVG Anti-Spyware Driver (d6f4c1450699901048818b0c3aaf7a17) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

11:41:10.0468 2956 AVG Anti-Spyware Driver - ok

11:41:10.0578 2956 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys

11:41:10.0718 2956 AvgArCln ( UnsignedFile.Multi.Generic ) - warning

11:41:10.0718 2956 AvgArCln - detected UnsignedFile.Multi.Generic (1)

11:41:10.0750 2956 AvgAsCln (856b0cee009946bf2d327e6b24fe7e3f) C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys

11:41:10.0828 2956 AvgAsCln - ok

11:41:10.0843 2956 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

11:41:10.0968 2956 Beep - ok

11:41:11.0000 2956 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys

11:41:11.0078 2956 BTHPORT - ok

11:41:11.0093 2956 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys

11:41:11.0187 2956 BTHUSB - ok

11:41:11.0218 2956 catchme - ok

11:41:11.0234 2956 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

11:41:11.0343 2956 cbidf2k - ok

11:41:11.0359 2956 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

11:41:11.0468 2956 CCDECODE - ok

11:41:11.0484 2956 cd20xrnt - ok

11:41:11.0515 2956 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

11:41:11.0625 2956 Cdaudio - ok

11:41:11.0656 2956 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

11:41:11.0734 2956 Cdfs - ok

11:41:11.0750 2956 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

11:41:11.0859 2956 Cdrom - ok

11:41:11.0890 2956 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys

11:41:11.0890 2956 cfwids - ok

11:41:11.0906 2956 Changer - ok

11:41:11.0921 2956 CmdIde - ok

11:41:11.0937 2956 Cpqarray - ok

11:41:11.0937 2956 dac2w2k - ok

11:41:11.0953 2956 dac960nt - ok

11:41:11.0984 2956 DgiVecp (a5034f77b278f07e224fe07cf98a8b76) C:\WINDOWS\system32\Drivers\DgiVecp.sys

11:41:12.0093 2956 DgiVecp ( UnsignedFile.Multi.Generic ) - warning

11:41:12.0093 2956 DgiVecp - detected UnsignedFile.Multi.Generic (1)

11:41:12.0125 2956 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

11:41:12.0203 2956 Disk - ok

11:41:12.0250 2956 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

11:41:12.0406 2956 dmboot - ok

11:41:12.0421 2956 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

11:41:12.0531 2956 dmio - ok

11:41:12.0546 2956 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

11:41:12.0656 2956 dmload - ok

11:41:12.0687 2956 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

11:41:12.0781 2956 DMusic - ok

11:41:12.0796 2956 dpti2o - ok

11:41:12.0812 2956 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

11:41:12.0906 2956 drmkaud - ok

11:41:12.0937 2956 e1express (6f7ccd3c02b26d530900f06d98171a69) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

11:41:13.0093 2956 e1express - ok

11:41:13.0140 2956 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

11:41:13.0234 2956 Fastfat - ok

11:41:13.0250 2956 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

11:41:13.0375 2956 Fdc - ok

11:41:13.0390 2956 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

11:41:13.0500 2956 Fips - ok

11:41:13.0531 2956 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

11:41:13.0625 2956 Flpydisk - ok

11:41:13.0640 2956 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

11:41:13.0734 2956 FltMgr - ok

11:41:13.0750 2956 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

11:41:13.0843 2956 Fs_Rec - ok

11:41:13.0843 2956 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

11:41:13.0953 2956 Ftdisk - ok

11:41:13.0984 2956 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

11:41:14.0046 2956 GEARAspiWDM - ok

11:41:14.0078 2956 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys

11:41:14.0140 2956 ggflt - ok

11:41:14.0171 2956 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys

11:41:14.0281 2956 ggsemc - ok

11:41:14.0312 2956 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

11:41:14.0406 2956 Gpc - ok

11:41:14.0453 2956 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

11:41:14.0562 2956 HDAudBus - ok

11:41:14.0593 2956 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

11:41:14.0687 2956 HidUsb - ok

11:41:14.0687 2956 hpn - ok

11:41:14.0718 2956 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

11:41:14.0765 2956 HTTP - ok

11:41:14.0781 2956 i2omgmt - ok

11:41:14.0796 2956 i2omp - ok

11:41:14.0796 2956 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

11:41:14.0906 2956 i8042prt - ok

11:41:14.0953 2956 ialm (81efe1c5542afb2570758f39ae3b1151) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

11:41:15.0218 2956 ialm - ok

11:41:15.0328 2956 IASTOR (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

11:41:15.0421 2956 IASTOR - ok

11:41:15.0453 2956 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

11:41:15.0562 2956 Imapi - ok

11:41:15.0562 2956 ini910u - ok

11:41:15.0671 2956 IntcAzAudAddService (fc3a99650afe0b39fe1d214304a7d0d3) C:\WINDOWS\system32\drivers\RtkHDAud.sys

11:41:15.0828 2956 IntcAzAudAddService - ok

11:41:15.0843 2956 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

11:41:15.0937 2956 IntelIde - ok

11:41:15.0984 2956 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

11:41:16.0062 2956 intelppm - ok

11:41:16.0093 2956 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

11:41:16.0203 2956 Ip6Fw - ok

11:41:16.0234 2956 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

11:41:16.0343 2956 IpFilterDriver - ok

11:41:16.0359 2956 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

11:41:16.0468 2956 IpInIp - ok

11:41:16.0484 2956 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

11:41:16.0593 2956 IpNat - ok

11:41:16.0625 2956 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

11:41:16.0718 2956 IPSec - ok

11:41:16.0734 2956 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

11:41:16.0843 2956 IRENUM - ok

11:41:16.0859 2956 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

11:41:16.0953 2956 isapnp - ok

11:41:16.0968 2956 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

11:41:17.0078 2956 Kbdclass - ok

11:41:17.0109 2956 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

11:41:17.0203 2956 kmixer - ok

11:41:17.0234 2956 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

11:41:17.0312 2956 KSecDD - ok

11:41:17.0312 2956 lbrtfdc - ok

11:41:17.0328 2956 lmimirr - ok

11:41:17.0343 2956 MBAMSwissArmy - ok

11:41:17.0390 2956 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys

11:41:17.0406 2956 mfeapfk - ok

11:41:17.0421 2956 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys

11:41:17.0531 2956 mfeavfk - ok

11:41:17.0546 2956 mfeavfk01 - ok

11:41:17.0562 2956 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys

11:41:17.0671 2956 mfebopk - ok

11:41:17.0718 2956 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys

11:41:17.0828 2956 mfefirek - ok

11:41:17.0875 2956 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys

11:41:17.0906 2956 mfehidk - ok

11:41:17.0937 2956 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

11:41:18.0046 2956 mfendisk - ok

11:41:18.0046 2956 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

11:41:18.0062 2956 mfendiskmp - ok

11:41:18.0078 2956 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys

11:41:18.0140 2956 mferkdet - ok

11:41:18.0156 2956 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys

11:41:18.0250 2956 mfetdi2k - ok

11:41:18.0265 2956 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

11:41:18.0375 2956 mnmdd - ok

11:41:18.0406 2956 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

11:41:18.0500 2956 Modem - ok

11:41:18.0515 2956 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

11:41:18.0640 2956 Mouclass - ok

11:41:18.0671 2956 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

11:41:18.0765 2956 mouhid - ok

11:41:18.0796 2956 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

11:41:18.0890 2956 MountMgr - ok

11:41:18.0890 2956 mraid35x - ok

11:41:18.0921 2956 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

11:41:19.0015 2956 MRxDAV - ok

11:41:19.0046 2956 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

11:41:19.0125 2956 MRxSmb - ok

11:41:19.0156 2956 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

11:41:19.0265 2956 Msfs - ok

11:41:19.0296 2956 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

11:41:19.0390 2956 MSKSSRV - ok

11:41:19.0421 2956 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

11:41:19.0515 2956 MSPCLOCK - ok

11:41:19.0593 2956 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

11:41:19.0687 2956 MSPQM - ok

11:41:19.0718 2956 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

11:41:19.0812 2956 mssmbios - ok

11:41:19.0843 2956 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

11:41:19.0937 2956 MSTEE - ok

11:41:19.0968 2956 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

11:41:20.0000 2956 MTsensor - ok

11:41:20.0031 2956 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

11:41:20.0078 2956 Mup - ok

11:41:20.0109 2956 n558 (88705dc61b9275b82e48904d53031f5b) C:\WINDOWS\system32\Drivers\n558.sys

11:41:20.0234 2956 n558 - ok

11:41:20.0265 2956 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

11:41:20.0359 2956 NABTSFEC - ok

11:41:20.0406 2956 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

11:41:20.0500 2956 NDIS - ok

11:41:20.0531 2956 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

11:41:20.0625 2956 NdisIP - ok

11:41:20.0656 2956 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

11:41:20.0796 2956 NdisTapi - ok

11:41:20.0843 2956 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

11:41:20.0937 2956 Ndisuio - ok

11:41:20.0953 2956 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

11:41:21.0062 2956 NdisWan - ok

11:41:21.0078 2956 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

11:41:21.0187 2956 NDProxy - ok

11:41:21.0203 2956 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

11:41:21.0296 2956 NetBIOS - ok

11:41:21.0312 2956 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

11:41:21.0421 2956 NetBT - ok

11:41:21.0453 2956 NetworkX (363867d32f78f71d610be7a559578a95) C:\WINDOWS\system32\ckldrv.sys

11:41:21.0531 2956 NetworkX ( UnsignedFile.Multi.Generic ) - warning

11:41:21.0531 2956 NetworkX - detected UnsignedFile.Multi.Generic (1)

11:41:21.0578 2956 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\WINDOWS\system32\drivers\ccdcmb.sys

11:41:21.0890 2956 nmwcd - ok

11:41:21.0984 2956 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\WINDOWS\system32\drivers\ccdcmbo.sys

11:41:22.0125 2956 nmwcdc - ok

11:41:22.0156 2956 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

11:41:22.0250 2956 Npfs - ok

11:41:22.0281 2956 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

11:41:22.0390 2956 Ntfs - ok

11:41:22.0421 2956 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

11:41:22.0531 2956 Null - ok

11:41:22.0546 2956 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

11:41:22.0656 2956 NwlnkFlt - ok

11:41:22.0671 2956 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

11:41:22.0765 2956 NwlnkFwd - ok

11:41:22.0812 2956 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

11:41:22.0906 2956 Parport - ok

11:41:22.0921 2956 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

11:41:23.0000 2956 PartMgr - ok

11:41:23.0031 2956 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

11:41:23.0125 2956 ParVdm - ok

11:41:23.0171 2956 pbfilter (61a5701e3f543861b21bbe0932c4cc03) C:\Program Files\PeerBlock\pbfilter.sys

11:41:23.0250 2956 pbfilter - ok

11:41:23.0296 2956 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

11:41:23.0437 2956 pccsmcfd - ok

11:41:23.0468 2956 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

11:41:23.0562 2956 PCI - ok

11:41:23.0562 2956 PCIDump - ok

11:41:23.0593 2956 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

11:41:23.0687 2956 PCIIde - ok

11:41:23.0718 2956 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

11:41:23.0812 2956 Pcmcia - ok

11:41:23.0843 2956 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

11:41:23.0921 2956 pcouffin ( UnsignedFile.Multi.Generic ) - warning

11:41:23.0921 2956 pcouffin - detected UnsignedFile.Multi.Generic (1)

11:41:23.0921 2956 PDCOMP - ok

11:41:23.0937 2956 PDFRAME - ok

11:41:23.0937 2956 PDRELI - ok

11:41:23.0953 2956 PDRFRAME - ok

11:41:23.0968 2956 perc2 - ok

11:41:23.0968 2956 perc2hib - ok

11:41:24.0000 2956 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

11:41:24.0109 2956 PptpMiniport - ok

11:41:24.0125 2956 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

11:41:24.0218 2956 PSched - ok

11:41:24.0250 2956 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

11:41:24.0343 2956 Ptilink - ok

11:41:24.0390 2956 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

11:41:24.0406 2956 PxHelp20 - ok

11:41:24.0406 2956 ql1080 - ok

11:41:24.0421 2956 Ql10wnt - ok

11:41:24.0437 2956 ql12160 - ok

11:41:24.0437 2956 ql1240 - ok

11:41:24.0453 2956 ql1280 - ok

11:41:24.0468 2956 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

11:41:24.0578 2956 RasAcd - ok

11:41:24.0593 2956 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

11:41:24.0687 2956 Rasl2tp - ok

11:41:24.0718 2956 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

11:41:24.0812 2956 RasPppoe - ok

11:41:24.0812 2956 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

11:41:24.0921 2956 Raspti - ok

11:41:24.0953 2956 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

11:41:25.0046 2956 Rdbss - ok

11:41:25.0062 2956 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

11:41:25.0156 2956 RDPCDD - ok

11:41:25.0203 2956 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

11:41:25.0421 2956 RDPWD - ok

11:41:25.0515 2956 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

11:41:25.0625 2956 redbook - ok

11:41:25.0656 2956 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\WINDOWS\system32\DRIVERS\RsFx0150.sys

11:41:25.0843 2956 RsFx0150 - ok

11:41:25.0953 2956 se59bus (7c38fc284136981ebe002252fa0900d3) C:\WINDOWS\system32\DRIVERS\se59bus.sys

11:41:26.0203 2956 se59bus - ok

11:41:26.0281 2956 se59mdfl (3ced539f4373ccf8d3fe71ae51053d5d) C:\WINDOWS\system32\DRIVERS\se59mdfl.sys

11:41:26.0406 2956 se59mdfl - ok

11:41:26.0437 2956 se59mdm (c6a6aa039d14f2ea1998e5f922014067) C:\WINDOWS\system32\DRIVERS\se59mdm.sys

11:41:26.0546 2956 se59mdm - ok

11:41:26.0562 2956 se59mgmt (7eecfa334292b1cd8de4990b63e02360) C:\WINDOWS\system32\DRIVERS\se59mgmt.sys

11:41:26.0656 2956 se59mgmt - ok

11:41:26.0671 2956 se59nd5 (555895a241611c59ce057c42bc8b6e85) C:\WINDOWS\system32\DRIVERS\se59nd5.sys

11:41:26.0812 2956 se59nd5 - ok

11:41:26.0828 2956 se59obex (729dfa6451b7356834bfa6faec9e3092) C:\WINDOWS\system32\DRIVERS\se59obex.sys

11:41:26.0921 2956 se59obex - ok

11:41:26.0968 2956 se59unic (5f453e3e797dbeefe35869dc0239effa) C:\WINDOWS\system32\DRIVERS\se59unic.sys

11:41:27.0109 2956 se59unic - ok

11:41:27.0140 2956 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

11:41:27.0234 2956 Secdrv - ok

11:41:27.0281 2956 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

11:41:27.0375 2956 serenum - ok

11:41:27.0390 2956 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

11:41:27.0484 2956 Serial - ok

11:41:27.0500 2956 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

11:41:27.0609 2956 Sfloppy - ok

11:41:27.0625 2956 Simbad - ok

11:41:27.0640 2956 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

11:41:27.0734 2956 SLIP - ok

11:41:27.0750 2956 Sparrow - ok

11:41:27.0781 2956 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

11:41:27.0890 2956 splitter - ok

11:41:27.0921 2956 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys

11:41:27.0921 2956 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

11:41:27.0937 2956 sptd ( LockedFile.Multi.Generic ) - warning

11:41:27.0937 2956 sptd - detected LockedFile.Multi.Generic (1)

11:41:27.0968 2956 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

11:41:28.0062 2956 sr - ok

11:41:28.0093 2956 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

11:41:28.0171 2956 Srv - ok

11:41:28.0203 2956 ST330 (c9fa6a70c051fc59d22c2e4cd211ad9b) C:\WINDOWS\system32\drivers\st330.sys

11:41:28.0359 2956 ST330 - ok

11:41:28.0359 2956 STBUS (0017202eb0224f82706f04ed35ab23c2) C:\WINDOWS\system32\drivers\stbus.sys

11:41:28.0468 2956 STBUS - ok

11:41:28.0500 2956 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

11:41:28.0656 2956 StillCam - ok

11:41:28.0671 2956 stppp (0a9484e3cdafb529b392b5e9ebbc4aa6) C:\WINDOWS\system32\DRIVERS\stppp.sys

11:41:28.0796 2956 stppp - ok

11:41:28.0828 2956 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

11:41:28.0906 2956 streamip - ok

11:41:28.0921 2956 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

11:41:29.0015 2956 swenum - ok

11:41:29.0046 2956 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

11:41:29.0140 2956 swmidi - ok

11:41:29.0156 2956 symc810 - ok

11:41:29.0187 2956 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

11:41:29.0281 2956 symc8xx - ok

11:41:29.0296 2956 sym_hi - ok

11:41:29.0296 2956 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

11:41:29.0406 2956 sym_u3 - ok

11:41:29.0437 2956 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

11:41:29.0531 2956 sysaudio - ok

11:41:29.0562 2956 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys

11:41:29.0656 2956 tbhsd - ok

11:41:29.0703 2956 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

11:41:29.0781 2956 Tcpip - ok

11:41:29.0812 2956 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

11:41:29.0921 2956 TDPIPE - ok

11:41:29.0937 2956 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

11:41:30.0046 2956 TDTCP - ok

11:41:30.0078 2956 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys

11:41:30.0250 2956 teamviewervpn - ok

11:41:30.0343 2956 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

11:41:30.0453 2956 TermDD - ok

11:41:30.0468 2956 TosIde - ok

11:41:30.0500 2956 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

11:41:30.0609 2956 Udfs - ok

11:41:30.0625 2956 ultra - ok

11:41:30.0671 2956 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

11:41:30.0765 2956 Update - ok

11:41:30.0812 2956 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys

11:41:30.0906 2956 upperdev - ok

11:41:30.0953 2956 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

11:41:31.0140 2956 USBAAPL - ok

11:41:31.0171 2956 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

11:41:31.0265 2956 usbaudio - ok

11:41:31.0296 2956 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

11:41:31.0390 2956 usbccgp - ok

11:41:31.0421 2956 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

11:41:31.0515 2956 usbehci - ok

11:41:31.0546 2956 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

11:41:31.0640 2956 usbhub - ok

11:41:31.0671 2956 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

11:41:31.0781 2956 usbprint - ok

11:41:31.0812 2956 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

11:41:31.0906 2956 usbscan - ok

11:41:31.0921 2956 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys

11:41:32.0031 2956 usbser - ok

11:41:32.0062 2956 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys

11:41:32.0203 2956 UsbserFilt - ok

11:41:32.0218 2956 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

11:41:32.0312 2956 USBSTOR - ok

11:41:32.0328 2956 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

11:41:32.0421 2956 usbuhci - ok

11:41:32.0453 2956 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

11:41:32.0546 2956 usbvideo - ok

11:41:32.0578 2956 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

11:41:32.0687 2956 VgaSave - ok

11:41:32.0703 2956 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

11:41:32.0781 2956 ViaIde - ok

11:41:32.0812 2956 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

11:41:32.0906 2956 VolSnap - ok

11:41:32.0937 2956 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

11:41:33.0046 2956 Wanarp - ok

11:41:33.0078 2956 wceusbsh (4c0b8ef721783f52f8e531fbdc4b1f74) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

11:41:33.0171 2956 wceusbsh - ok

11:41:33.0203 2956 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

11:41:33.0406 2956 Wdf01000 - ok

11:41:33.0421 2956 WDICA - ok

11:41:33.0437 2956 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

11:41:33.0531 2956 wdmaud - ok

11:41:33.0578 2956 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

11:41:33.0640 2956 WpdUsb - ok

11:41:33.0656 2956 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys

11:41:33.0734 2956 WsAudio_DeviceS(1) - ok

11:41:33.0750 2956 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys

11:41:33.0812 2956 WsAudio_DeviceS(2) - ok

11:41:33.0828 2956 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys

11:41:33.0890 2956 WsAudio_DeviceS(3) - ok

11:41:33.0906 2956 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys

11:41:33.0968 2956 WsAudio_DeviceS(4) - ok

11:41:33.0984 2956 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys

11:41:34.0046 2956 WsAudio_DeviceS(5) - ok

11:41:34.0078 2956 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

11:41:34.0171 2956 WSTCODEC - ok

11:41:34.0203 2956 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

11:41:34.0265 2956 WudfPf - ok

11:41:34.0296 2956 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

11:41:34.0484 2956 WudfRd - ok

11:41:34.0593 2956 ZY202_XP (bd6354de4d081de96c79bdb53f55ca82) C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys

11:41:34.0765 2956 ZY202_XP - ok

11:41:34.0781 2956 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

11:41:35.0015 2956 \Device\Harddisk0\DR0 - ok

11:41:35.0015 2956 Boot (0x1200) (44f8fccc4a2c861ee7cb234553244d1f) \Device\Harddisk0\DR0\Partition0

11:41:35.0015 2956 \Device\Harddisk0\DR0\Partition0 - ok

11:41:35.0015 2956 Boot (0x1200) (69e7c763bee3c31e82462af69b0c5a08) \Device\Harddisk0\DR0\Partition1

11:41:35.0015 2956 \Device\Harddisk0\DR0\Partition1 - ok

11:41:35.0031 2956 Boot (0x1200) (43c7d74f15cf0cedb707e60dcc4ba9dd) \Device\Harddisk0\DR0\Partition2

11:41:35.0031 2956 \Device\Harddisk0\DR0\Partition2 - ok

11:41:35.0046 2956 Boot (0x1200) (581fe5733b5a935c9e5f7d9de52b0bc0) \Device\Harddisk0\DR0\Partition3

11:41:35.0046 2956 \Device\Harddisk0\DR0\Partition3 - ok

11:41:35.0062 2956 Boot (0x1200) (f6725267403040298bf73ea555cd6733) \Device\Harddisk0\DR0\Partition4

11:41:35.0062 2956 \Device\Harddisk0\DR0\Partition4 - ok

11:41:35.0062 2956 ============================================================

11:41:35.0062 2956 Scan finished

11:41:35.0062 2956 ============================================================

11:41:35.0171 3048 Detected object count: 9

11:41:35.0171 3048 Actual detected object count: 9

11:42:24.0812 3048 ADILOADER ( UnsignedFile.Multi.Generic ) - skipped by user

11:42:24.0812 3048 ADILOADER ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:42:24.0812 3048 adiusbaw ( UnsignedFile.Multi.Generic ) - skipped by user

11:42:24.0812 3048 adiusbaw ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:42:24.0812 3048 Afc ( UnsignedFile.Multi.Generic ) - skipped by user

11:42:24.0812 3048 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:42:24.0828 3048 AVG Anti-Rootkit ( UnsignedFile.Multi.Generic ) - skipped by user

11:42:24.0828 3048 AVG Anti-Rootkit ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:42:24.0828 3048 AvgArCln ( UnsignedFile.Multi.Generic ) - skipped by user

11:42:24.0828 3048 AvgArCln ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:42:24.0828 3048 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user

11:42:24.0828 3048 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:42:24.0828 3048 NetworkX ( UnsignedFile.Multi.Generic ) - skipped by user

11:42:24.0828 3048 NetworkX ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:42:24.0828 3048 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user

11:42:24.0828 3048 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:42:24.0828 3048 sptd ( LockedFile.Multi.Generic ) - skipped by user

11:42:24.0828 3048 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Have done two restarts then a quick scan with the following results, what do you think I should try next?

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8327

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

08/12/2011 20:34:33

mbam-log-2011-12-08 (20-34-33).txt

Scan type: Quick scan

Objects scanned: 197799

Time elapsed: 10 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi MrC

I have attached the lastest TDSS report. I did one final MBAM quick scan and the PC crashed with a BSOD 0x0077. Everything is running fine now and I'm sure wil continue to do so as long as I don't scan with MBAM, but that doesn't seem right.

Should I just put up with it or look for the answer with this kernal stack problem?

Thanks for all your help with this.

Ed

20:26:53.0453 5536 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06

20:26:54.0343 5536 ============================================================

20:26:54.0343 5536 Current date / time: 2011/12/09 20:26:54.0343

20:26:54.0343 5536 SystemInfo:

20:26:54.0343 5536

20:26:54.0437 5536 OS Version: 5.1.2600 ServicePack: 3.0

20:26:54.0437 5536 Product type: Workstation

20:26:54.0437 5536 ComputerName: MAXDATA-0EDBA54

20:26:54.0437 5536 UserName: Edwin

20:26:54.0437 5536 Windows directory: C:\WINDOWS

20:26:54.0437 5536 System windows directory: C:\WINDOWS

20:26:54.0437 5536 Processor architecture: Intel x86

20:26:54.0437 5536 Number of processors: 2

20:26:54.0437 5536 Page size: 0x1000

20:26:54.0437 5536 Boot type: Normal boot

20:26:54.0437 5536 ============================================================

20:26:55.0359 5536 Initialize success

20:27:00.0625 5332 ============================================================

20:27:00.0625 5332 Scan started

20:27:00.0625 5332 Mode: Manual; SigCheck; TDLFS;

20:27:00.0625 5332 ============================================================

20:27:04.0343 5332 Abiosdsk - ok

20:27:04.0375 5332 abp480n5 - ok

20:27:04.0578 5332 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:27:05.0921 5332 ACPI - ok

20:27:06.0000 5332 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

20:27:06.0281 5332 ACPIEC - ok

20:27:06.0312 5332 ADILOADER (d7d90016bed47a555136f68010027300) C:\WINDOWS\system32\Drivers\adildr.sys

20:27:06.0359 5332 ADILOADER ( UnsignedFile.Multi.Generic ) - warning

20:27:06.0359 5332 ADILOADER - detected UnsignedFile.Multi.Generic (1)

20:27:06.0390 5332 adiusbaw (6fc1e142f4ea1d5127af592364290e49) C:\WINDOWS\system32\DRIVERS\adiusbaw.sys

20:27:06.0484 5332 adiusbaw ( UnsignedFile.Multi.Generic ) - warning

20:27:06.0484 5332 adiusbaw - detected UnsignedFile.Multi.Generic (1)

20:27:06.0515 5332 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

20:27:06.0750 5332 adpu160m - ok

20:27:06.0781 5332 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

20:27:07.0000 5332 aec - ok

20:27:07.0046 5332 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys

20:27:07.0109 5332 Afc ( UnsignedFile.Multi.Generic ) - warning

20:27:07.0109 5332 Afc - detected UnsignedFile.Multi.Generic (1)

20:27:07.0140 5332 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

20:27:07.0250 5332 AFD - ok

20:27:07.0250 5332 Aha154x - ok

20:27:07.0281 5332 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

20:27:07.0500 5332 aic78u2 - ok

20:27:07.0515 5332 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

20:27:07.0734 5332 aic78xx - ok

20:27:07.0750 5332 AliIde - ok

20:27:07.0750 5332 amsint - ok

20:27:07.0781 5332 asc - ok

20:27:07.0781 5332 asc3350p - ok

20:27:07.0796 5332 asc3550 - ok

20:27:07.0828 5332 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:27:08.0046 5332 AsyncMac - ok

20:27:08.0078 5332 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

20:27:08.0312 5332 atapi - ok

20:27:08.0312 5332 Atdisk - ok

20:27:08.0328 5332 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:27:08.0546 5332 Atmarpc - ok

20:27:08.0562 5332 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

20:27:08.0781 5332 audstub - ok

20:27:08.0812 5332 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\WINDOWS\system32\DRIVERS\avgarkt.sys

20:27:08.0812 5332 AVG Anti-Rootkit ( UnsignedFile.Multi.Generic ) - warning

20:27:08.0812 5332 AVG Anti-Rootkit - detected UnsignedFile.Multi.Generic (1)

20:27:08.0875 5332 AVG Anti-Spyware Driver (d6f4c1450699901048818b0c3aaf7a17) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

20:27:09.0015 5332 AVG Anti-Spyware Driver - ok

20:27:09.0171 5332 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys

20:27:09.0281 5332 AvgArCln ( UnsignedFile.Multi.Generic ) - warning

20:27:09.0281 5332 AvgArCln - detected UnsignedFile.Multi.Generic (1)

20:27:09.0312 5332 AvgAsCln (856b0cee009946bf2d327e6b24fe7e3f) C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys

20:27:09.0375 5332 AvgAsCln - ok

20:27:09.0390 5332 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

20:27:09.0625 5332 Beep - ok

20:27:09.0671 5332 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys

20:27:09.0703 5332 BTHPORT - ok

20:27:09.0734 5332 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys

20:27:09.0906 5332 BTHUSB - ok

20:27:09.0937 5332 catchme - ok

20:27:09.0953 5332 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

20:27:10.0187 5332 cbidf2k - ok

20:27:10.0218 5332 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

20:27:10.0437 5332 CCDECODE - ok

20:27:10.0437 5332 cd20xrnt - ok

20:27:10.0468 5332 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

20:27:10.0703 5332 Cdaudio - ok

20:27:10.0718 5332 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

20:27:10.0937 5332 Cdfs - ok

20:27:10.0968 5332 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:27:11.0187 5332 Cdrom - ok

20:27:11.0218 5332 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys

20:27:11.0281 5332 cfwids - ok

20:27:11.0281 5332 Changer - ok

20:27:11.0296 5332 CmdIde - ok

20:27:11.0312 5332 Cpqarray - ok

20:27:11.0328 5332 dac2w2k - ok

20:27:11.0328 5332 dac960nt - ok

20:27:11.0359 5332 DgiVecp (a5034f77b278f07e224fe07cf98a8b76) C:\WINDOWS\system32\Drivers\DgiVecp.sys

20:27:11.0453 5332 DgiVecp ( UnsignedFile.Multi.Generic ) - warning

20:27:11.0453 5332 DgiVecp - detected UnsignedFile.Multi.Generic (1)

20:27:11.0593 5332 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

20:27:11.0796 5332 Disk - ok

20:27:11.0828 5332 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

20:27:12.0093 5332 dmboot - ok

20:27:12.0125 5332 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

20:27:12.0343 5332 dmio - ok

20:27:12.0359 5332 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

20:27:12.0578 5332 dmload - ok

20:27:12.0750 5332 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

20:27:12.0984 5332 DMusic - ok

20:27:13.0062 5332 dpti2o - ok

20:27:13.0078 5332 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

20:27:13.0296 5332 drmkaud - ok

20:27:13.0328 5332 e1express (6f7ccd3c02b26d530900f06d98171a69) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

20:27:13.0453 5332 e1express - ok

20:27:13.0500 5332 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

20:27:13.0718 5332 Fastfat - ok

20:27:13.0906 5332 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

20:27:14.0125 5332 Fdc - ok

20:27:14.0140 5332 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

20:27:14.0343 5332 Fips - ok

20:27:14.0359 5332 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

20:27:14.0578 5332 Flpydisk - ok

20:27:14.0609 5332 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

20:27:14.0828 5332 FltMgr - ok

20:27:14.0843 5332 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:27:15.0093 5332 Fs_Rec - ok

20:27:15.0093 5332 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:27:15.0343 5332 Ftdisk - ok

20:27:15.0375 5332 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

20:27:15.0406 5332 GEARAspiWDM - ok

20:27:15.0437 5332 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys

20:27:15.0500 5332 ggflt - ok

20:27:15.0531 5332 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys

20:27:15.0593 5332 ggsemc - ok

20:27:15.0625 5332 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:27:15.0843 5332 Gpc - ok

20:27:15.0875 5332 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

20:27:16.0109 5332 HDAudBus - ok

20:27:16.0265 5332 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:27:16.0484 5332 HidUsb - ok

20:27:16.0484 5332 hpn - ok

20:27:16.0531 5332 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

20:27:16.0578 5332 HTTP - ok

20:27:16.0578 5332 i2omgmt - ok

20:27:16.0593 5332 i2omp - ok

20:27:16.0609 5332 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

20:27:16.0812 5332 i8042prt - ok

20:27:16.0875 5332 ialm (81efe1c5542afb2570758f39ae3b1151) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

20:27:17.0125 5332 ialm - ok

20:27:17.0375 5332 IASTOR (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

20:27:17.0468 5332 IASTOR - ok

20:27:17.0578 5332 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

20:27:17.0796 5332 Imapi - ok

20:27:17.0812 5332 ini910u - ok

20:27:17.0921 5332 IntcAzAudAddService (fc3a99650afe0b39fe1d214304a7d0d3) C:\WINDOWS\system32\drivers\RtkHDAud.sys

20:27:18.0140 5332 IntcAzAudAddService - ok

20:27:18.0171 5332 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

20:27:18.0390 5332 IntelIde - ok

20:27:18.0453 5332 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

20:27:18.0656 5332 intelppm - ok

20:27:18.0687 5332 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

20:27:18.0921 5332 Ip6Fw - ok

20:27:18.0937 5332 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:27:19.0171 5332 IpFilterDriver - ok

20:27:19.0203 5332 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:27:19.0421 5332 IpInIp - ok

20:27:19.0625 5332 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:27:19.0843 5332 IpNat - ok

20:27:19.0937 5332 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:27:20.0156 5332 IPSec - ok

20:27:20.0171 5332 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

20:27:20.0390 5332 IRENUM - ok

20:27:20.0406 5332 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:27:20.0625 5332 isapnp - ok

20:27:20.0765 5332 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:27:20.0984 5332 Kbdclass - ok

20:27:21.0015 5332 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

20:27:21.0234 5332 kmixer - ok

20:27:21.0265 5332 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

20:27:21.0343 5332 KSecDD - ok

20:27:21.0359 5332 lbrtfdc - ok

20:27:21.0375 5332 lmimirr - ok

20:27:21.0421 5332 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys

20:27:21.0484 5332 mfeapfk - ok

20:27:21.0515 5332 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys

20:27:21.0578 5332 mfeavfk - ok

20:27:21.0578 5332 mfeavfk01 - ok

20:27:21.0609 5332 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys

20:27:21.0671 5332 mfebopk - ok

20:27:21.0843 5332 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys

20:27:21.0921 5332 mfefirek - ok

20:27:22.0000 5332 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys

20:27:22.0031 5332 mfehidk - ok

20:27:22.0078 5332 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

20:27:22.0140 5332 mfendisk - ok

20:27:22.0140 5332 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

20:27:22.0203 5332 mfendiskmp - ok

20:27:22.0234 5332 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys

20:27:22.0296 5332 mferkdet - ok

20:27:22.0312 5332 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys

20:27:22.0375 5332 mfetdi2k - ok

20:27:22.0390 5332 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

20:27:22.0625 5332 mnmdd - ok

20:27:22.0656 5332 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

20:27:22.0875 5332 Modem - ok

20:27:22.0890 5332 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:27:23.0140 5332 Mouclass - ok

20:27:23.0171 5332 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:27:23.0406 5332 mouhid - ok

20:27:23.0421 5332 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

20:27:23.0625 5332 MountMgr - ok

20:27:23.0625 5332 mraid35x - ok

20:27:23.0640 5332 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:27:23.0859 5332 MRxDAV - ok

20:27:23.0890 5332 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:27:24.0093 5332 MRxSmb - ok

20:27:24.0218 5332 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

20:27:24.0421 5332 Msfs - ok

20:27:24.0468 5332 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:27:24.0671 5332 MSKSSRV - ok

20:27:24.0703 5332 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:27:24.0921 5332 MSPCLOCK - ok

20:27:24.0937 5332 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

20:27:25.0156 5332 MSPQM - ok

20:27:25.0203 5332 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:27:25.0406 5332 mssmbios - ok

20:27:25.0453 5332 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

20:27:25.0656 5332 MSTEE - ok

20:27:25.0687 5332 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

20:27:25.0750 5332 MTsensor - ok

20:27:25.0781 5332 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

20:27:25.0875 5332 Mup - ok

20:27:25.0906 5332 n558 (88705dc61b9275b82e48904d53031f5b) C:\WINDOWS\system32\Drivers\n558.sys

20:27:26.0031 5332 n558 - ok

20:27:26.0062 5332 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

20:27:26.0281 5332 NABTSFEC - ok

20:27:26.0312 5332 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

20:27:26.0546 5332 NDIS - ok

20:27:26.0562 5332 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

20:27:26.0781 5332 NdisIP - ok

20:27:26.0812 5332 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:27:26.0890 5332 NdisTapi - ok

20:27:26.0921 5332 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:27:27.0140 5332 Ndisuio - ok

20:27:27.0156 5332 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:27:27.0375 5332 NdisWan - ok

20:27:27.0468 5332 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

20:27:27.0562 5332 NDProxy - ok

20:27:27.0593 5332 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

20:27:27.0812 5332 NetBIOS - ok

20:27:27.0828 5332 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

20:27:28.0046 5332 NetBT - ok

20:27:28.0093 5332 NetworkX (363867d32f78f71d610be7a559578a95) C:\WINDOWS\system32\ckldrv.sys

20:27:28.0156 5332 NetworkX ( UnsignedFile.Multi.Generic ) - warning

20:27:28.0156 5332 NetworkX - detected UnsignedFile.Multi.Generic (1)

20:27:28.0187 5332 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\WINDOWS\system32\drivers\ccdcmb.sys

20:27:28.0640 5332 nmwcd - ok

20:27:28.0734 5332 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\WINDOWS\system32\drivers\ccdcmbo.sys

20:27:28.0859 5332 nmwcdc - ok

20:27:28.0890 5332 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

20:27:29.0109 5332 Npfs - ok

20:27:29.0140 5332 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

20:27:29.0390 5332 Ntfs - ok

20:27:29.0421 5332 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

20:27:29.0656 5332 Null - ok

20:27:29.0765 5332 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:27:30.0015 5332 NwlnkFlt - ok

20:27:30.0015 5332 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:27:30.0265 5332 NwlnkFwd - ok

20:27:30.0296 5332 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

20:27:30.0515 5332 Parport - ok

20:27:30.0531 5332 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

20:27:30.0750 5332 PartMgr - ok

20:27:30.0828 5332 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

20:27:31.0078 5332 ParVdm - ok

20:27:31.0156 5332 pbfilter (61a5701e3f543861b21bbe0932c4cc03) C:\Program Files\PeerBlock\pbfilter.sys

20:27:31.0218 5332 pbfilter - ok

20:27:31.0250 5332 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

20:27:31.0359 5332 pccsmcfd - ok

20:27:31.0390 5332 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

20:27:31.0593 5332 PCI - ok

20:27:31.0609 5332 PCIDump - ok

20:27:31.0625 5332 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

20:27:31.0859 5332 PCIIde - ok

20:27:32.0109 5332 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

20:27:32.0343 5332 Pcmcia - ok

20:27:32.0375 5332 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

20:27:32.0421 5332 pcouffin ( UnsignedFile.Multi.Generic ) - warning

20:27:32.0421 5332 pcouffin - detected UnsignedFile.Multi.Generic (1)

20:27:32.0437 5332 PDCOMP - ok

20:27:32.0453 5332 PDFRAME - ok

20:27:32.0453 5332 PDRELI - ok

20:27:32.0468 5332 PDRFRAME - ok

20:27:32.0484 5332 perc2 - ok

20:27:32.0484 5332 perc2hib - ok

20:27:32.0531 5332 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:27:32.0750 5332 PptpMiniport - ok

20:27:32.0750 5332 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

20:27:32.0984 5332 PSched - ok

20:27:33.0046 5332 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:27:33.0562 5332 Ptilink - ok

20:27:33.0656 5332 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

20:27:33.0671 5332 PxHelp20 - ok

20:27:33.0687 5332 ql1080 - ok

20:27:33.0687 5332 Ql10wnt - ok

20:27:33.0703 5332 ql12160 - ok

20:27:33.0703 5332 ql1240 - ok

20:27:33.0718 5332 ql1280 - ok

20:27:33.0750 5332 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:27:34.0000 5332 RasAcd - ok

20:27:34.0015 5332 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:27:34.0234 5332 Rasl2tp - ok

20:27:34.0390 5332 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:27:34.0625 5332 RasPppoe - ok

20:27:34.0703 5332 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

20:27:34.0937 5332 Raspti - ok

20:27:34.0984 5332 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:27:35.0203 5332 Rdbss - ok

20:27:35.0234 5332 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:27:35.0468 5332 RDPCDD - ok

20:27:35.0578 5332 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

20:27:35.0734 5332 RDPWD - ok

20:27:35.0765 5332 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

20:27:35.0984 5332 redbook - ok

20:27:36.0031 5332 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\WINDOWS\system32\DRIVERS\RsFx0150.sys

20:27:36.0140 5332 RsFx0150 - ok

20:27:36.0203 5332 se59bus (7c38fc284136981ebe002252fa0900d3) C:\WINDOWS\system32\DRIVERS\se59bus.sys

20:27:36.0453 5332 se59bus - ok

20:27:36.0531 5332 se59mdfl (3ced539f4373ccf8d3fe71ae51053d5d) C:\WINDOWS\system32\DRIVERS\se59mdfl.sys

20:27:36.0750 5332 se59mdfl - ok

20:27:36.0781 5332 se59mdm (c6a6aa039d14f2ea1998e5f922014067) C:\WINDOWS\system32\DRIVERS\se59mdm.sys

20:27:36.0890 5332 se59mdm - ok

20:27:36.0906 5332 se59mgmt (7eecfa334292b1cd8de4990b63e02360) C:\WINDOWS\system32\DRIVERS\se59mgmt.sys

20:27:37.0015 5332 se59mgmt - ok

20:27:37.0015 5332 se59nd5 (555895a241611c59ce057c42bc8b6e85) C:\WINDOWS\system32\DRIVERS\se59nd5.sys

20:27:37.0125 5332 se59nd5 - ok

20:27:37.0140 5332 se59obex (729dfa6451b7356834bfa6faec9e3092) C:\WINDOWS\system32\DRIVERS\se59obex.sys

20:27:37.0250 5332 se59obex - ok

20:27:37.0265 5332 se59unic (5f453e3e797dbeefe35869dc0239effa) C:\WINDOWS\system32\DRIVERS\se59unic.sys

20:27:37.0359 5332 se59unic - ok

20:27:37.0390 5332 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:27:37.0609 5332 Secdrv - ok

20:27:37.0796 5332 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

20:27:38.0031 5332 serenum - ok

20:27:38.0046 5332 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

20:27:38.0265 5332 Serial - ok

20:27:38.0265 5332 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

20:27:38.0484 5332 Sfloppy - ok

20:27:38.0500 5332 Simbad - ok

20:27:38.0531 5332 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

20:27:38.0703 5332 SLIP - ok

20:27:38.0718 5332 Sparrow - ok

20:27:39.0046 5332 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

20:27:39.0265 5332 splitter - ok

20:27:39.0375 5332 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys

20:27:39.0375 5332 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

20:27:39.0375 5332 sptd ( LockedFile.Multi.Generic ) - warning

20:27:39.0375 5332 sptd - detected LockedFile.Multi.Generic (1)

20:27:39.0406 5332 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

20:27:39.0625 5332 sr - ok

20:27:39.0656 5332 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

20:27:39.0734 5332 Srv - ok

20:27:39.0781 5332 ST330 (c9fa6a70c051fc59d22c2e4cd211ad9b) C:\WINDOWS\system32\drivers\st330.sys

20:27:39.0875 5332 ST330 - ok

20:27:39.0890 5332 STBUS (0017202eb0224f82706f04ed35ab23c2) C:\WINDOWS\system32\drivers\stbus.sys

20:27:39.0968 5332 STBUS - ok

20:27:40.0000 5332 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

20:27:40.0359 5332 StillCam - ok

20:27:40.0453 5332 stppp (0a9484e3cdafb529b392b5e9ebbc4aa6) C:\WINDOWS\system32\DRIVERS\stppp.sys

20:27:40.0531 5332 stppp - ok

20:27:40.0562 5332 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

20:27:40.0734 5332 streamip - ok

20:27:40.0765 5332 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

20:27:40.0984 5332 swenum - ok

20:27:41.0015 5332 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

20:27:41.0218 5332 swmidi - ok

20:27:41.0234 5332 symc810 - ok

20:27:41.0437 5332 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

20:27:41.0671 5332 symc8xx - ok

20:27:41.0718 5332 sym_hi - ok

20:27:41.0734 5332 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

20:27:41.0953 5332 sym_u3 - ok

20:27:41.0984 5332 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

20:27:42.0203 5332 sysaudio - ok

20:27:42.0234 5332 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys

20:27:42.0296 5332 tbhsd - ok

20:27:42.0593 5332 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:27:42.0687 5332 Tcpip - ok

20:27:42.0765 5332 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

20:27:42.0984 5332 TDPIPE - ok

20:27:43.0000 5332 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

20:27:43.0218 5332 TDTCP - ok

20:27:43.0250 5332 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys

20:27:43.0359 5332 teamviewervpn - ok

20:27:43.0390 5332 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

20:27:43.0609 5332 TermDD - ok

20:27:43.0625 5332 TosIde - ok

20:27:43.0687 5332 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

20:27:43.0890 5332 Udfs - ok

20:27:43.0906 5332 ultra - ok

20:27:43.0937 5332 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

20:27:44.0187 5332 Update - ok

20:27:44.0218 5332 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys

20:27:44.0343 5332 upperdev - ok

20:27:44.0390 5332 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

20:27:44.0515 5332 USBAAPL - ok

20:27:44.0546 5332 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

20:27:44.0765 5332 usbaudio - ok

20:27:45.0046 5332 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:27:45.0265 5332 usbccgp - ok

20:27:45.0375 5332 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:27:47.0609 5332 usbehci - ok

20:27:49.0750 5332 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:27:51.0062 5332 usbhub - ok

20:27:51.0109 5332 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

20:27:51.0328 5332 usbprint - ok

20:27:51.0359 5332 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

20:27:51.0578 5332 usbscan - ok

20:27:51.0593 5332 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys

20:27:51.0796 5332 usbser - ok

20:27:51.0828 5332 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys

20:27:52.0203 5332 UsbserFilt - ok

20:27:52.0296 5332 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:27:52.0515 5332 USBSTOR - ok

20:27:52.0531 5332 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:27:52.0750 5332 usbuhci - ok

20:27:52.0781 5332 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

20:27:53.0015 5332 usbvideo - ok

20:27:53.0250 5332 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

20:27:53.0484 5332 VgaSave - ok

20:27:53.0562 5332 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

20:27:53.0765 5332 ViaIde - ok

20:27:53.0796 5332 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

20:27:54.0000 5332 VolSnap - ok

20:27:54.0031 5332 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:27:54.0250 5332 Wanarp - ok

20:27:54.0421 5332 wceusbsh (4c0b8ef721783f52f8e531fbdc4b1f74) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

20:27:54.0640 5332 wceusbsh - ok

20:27:54.0687 5332 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

20:27:54.0812 5332 Wdf01000 - ok

20:27:54.0828 5332 WDICA - ok

20:27:54.0859 5332 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

20:27:55.0078 5332 wdmaud - ok

20:27:55.0109 5332 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

20:27:55.0171 5332 WpdUsb - ok

20:27:55.0203 5332 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys

20:27:55.0265 5332 WsAudio_DeviceS(1) - ok

20:27:55.0468 5332 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys

20:27:55.0515 5332 WsAudio_DeviceS(2) - ok

20:27:55.0609 5332 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys

20:27:55.0671 5332 WsAudio_DeviceS(3) - ok

20:27:55.0687 5332 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys

20:27:55.0750 5332 WsAudio_DeviceS(4) - ok

20:27:55.0765 5332 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys

20:27:55.0828 5332 WsAudio_DeviceS(5) - ok

20:27:55.0859 5332 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

20:27:56.0078 5332 WSTCODEC - ok

20:27:56.0125 5332 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

20:27:56.0218 5332 WudfPf - ok

20:27:56.0250 5332 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

20:27:56.0390 5332 WudfRd - ok

20:27:56.0718 5332 ZY202_XP (bd6354de4d081de96c79bdb53f55ca82) C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys

20:27:56.0875 5332 ZY202_XP - ok

20:27:56.0890 5332 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

20:27:57.0125 5332 \Device\Harddisk0\DR0 - ok

20:27:57.0125 5332 Boot (0x1200) (44f8fccc4a2c861ee7cb234553244d1f) \Device\Harddisk0\DR0\Partition0

20:27:57.0125 5332 \Device\Harddisk0\DR0\Partition0 - ok

20:27:57.0125 5332 Boot (0x1200) (69e7c763bee3c31e82462af69b0c5a08) \Device\Harddisk0\DR0\Partition1

20:27:57.0125 5332 \Device\Harddisk0\DR0\Partition1 - ok

20:27:57.0156 5332 Boot (0x1200) (43c7d74f15cf0cedb707e60dcc4ba9dd) \Device\Harddisk0\DR0\Partition2

20:27:57.0156 5332 \Device\Harddisk0\DR0\Partition2 - ok

20:27:57.0156 5332 Boot (0x1200) (581fe5733b5a935c9e5f7d9de52b0bc0) \Device\Harddisk0\DR0\Partition3

20:27:57.0156 5332 \Device\Harddisk0\DR0\Partition3 - ok

20:27:57.0171 5332 Boot (0x1200) (f6725267403040298bf73ea555cd6733) \Device\Harddisk0\DR0\Partition4

20:27:57.0171 5332 \Device\Harddisk0\DR0\Partition4 - ok

20:27:57.0171 5332 ============================================================

20:27:57.0171 5332 Scan finished

20:27:57.0171 5332 ============================================================

20:27:57.0281 5068 Detected object count: 9

20:27:57.0281 5068 Actual detected object count: 9

20:28:04.0671 5068 ADILOADER ( UnsignedFile.Multi.Generic ) - skipped by user

20:28:04.0671 5068 ADILOADER ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:28:04.0671 5068 adiusbaw ( UnsignedFile.Multi.Generic ) - skipped by user

20:28:04.0671 5068 adiusbaw ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:28:04.0671 5068 Afc ( UnsignedFile.Multi.Generic ) - skipped by user

20:28:04.0671 5068 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:28:04.0671 5068 AVG Anti-Rootkit ( UnsignedFile.Multi.Generic ) - skipped by user

20:28:04.0671 5068 AVG Anti-Rootkit ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:28:04.0671 5068 AvgArCln ( UnsignedFile.Multi.Generic ) - skipped by user

20:28:04.0671 5068 AvgArCln ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:28:04.0671 5068 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user

20:28:04.0671 5068 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:28:04.0671 5068 NetworkX ( UnsignedFile.Multi.Generic ) - skipped by user

20:28:04.0671 5068 NetworkX ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:28:04.0671 5068 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user

20:28:04.0671 5068 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:28:04.0671 5068 sptd ( LockedFile.Multi.Generic ) - skipped by user

20:28:04.0671 5068 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Morning MrC

I tried to scan those two files but on the ckldrv search produced a return. The first search (sptd.sys) just returns to the analyse page, most odd! I can't attach the file to an email either. Here is the report on the ckldrv file.

VirusTotal - Free Online Virus, Malware and URL Scanner Page 1

http://www.virustotal.com/file-scan/report.html?id=0cc0d8b6fcd3d96754fd4edc9f56261f81ce72293d7ce992b97935eb3f50d... 10/12/2011 13:37:14

File name:

Submission date:

Current status:

Result:

VT Community Sign in Languages

Virustotal is a service that analyzes suspicious

files and URLs and facilitates the quick detection

of viruses, worms, trojans, and all kinds of

malware detected by antivirus engines. More

information...

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT

Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

Ckldrv.sys

2011-12-10 13:29:04 (UTC)

finished

0/ 43 (0.0%)

VT Community

not reviewed

Safety score: -

Print results

Antivirus Version Last Update Result

AhnLab-V3 2011.12.10.00 2011.12.09 -

AntiVir 7.11.19.57 2011.12.09 -

Antiy-AVL 2.0.3.7 2011.12.10 -

Avast 6.0.1289.0 2011.12.09 -

AVG 10.0.0.1190 2011.12.10 -

BitDefender 7.2 2011.12.10 -

ByteHero 1.0.0.1 2011.12.07 -

CAT-QuickHeal 12.00 2011.12.10 -

ClamAV 0.97.3.0 2011.12.10 -

Commtouch 5.3.2.6 2011.12.10 -

Comodo 10906 2011.12.10 -

DrWeb 5.0.2.03300 2011.12.10 -

Emsisoft 5.1.0.11 2011.12.10 -

eSafe 7.0.17.0 2011.12.08 -

eTrust-Vet 37.0.9616 2011.12.09 -

F-Prot 4.6.5.141 2011.11.29 -

F-Secure 9.0.16440.0 2011.12.10 -

Fortinet 4.3.388.0 2011.12.10 -

GData 22 2011.12.10 -

Ikarus T3.1.1.109.0 2011.12.10 -

Jiangmin 13.0.900 2011.12.09 -

K7AntiVirus 9.119.5640 2011.12.09 -

Kaspersky 9.0.0.837 2011.12.10 -

McAfee 5.400.0.1158 2011.12.10 -

McAfee-GW-Edition 2010.1E 2011.12.10 -

Microsoft 1.7903 2011.12.10 -

NOD32 6691 2011.12.07 -

Norman 6.07.13 2011.12.10 -

nProtect 2011-12-10.01 2011.12.10 -

Panda 10.0.3.5 2011.12.10 -

PCTools 8.0.0.5 2011.12.10 -

Prevx 3.0 2011.12.10 -

Rising 23.87.03.02 2011.12.08 -

Sophos 4.72.0 2011.12.10 -

SUPERAntiSpyware 4.40.0.1006 2011.12.10 -

Symantec 20111.2.0.82 2011.12.10 -

TheHacker 6.7.0.1.354 2011.12.09 -

TrendMicro 9.500.0.1008 2011.12.10 -

Compact

VirusTotal - Free Online Virus, Malware and URL Scanner Page 2

http://www.virustotal.com/file-scan/report.html?id=0cc0d8b6fcd3d96754fd4edc9f56261f81ce72293d7ce992b97935eb3f50d... 10/12/2011 13:37:14

Additional information Show all

Goodware Malware Spam attachment/link

P2P download Propagating via IM Network worm

Drive-by-download

Preview comment Post comment

TrendMicro-HouseCall 9.500.0.1008 2011.12.10 -

VBA32 3.12.16.4 2011.12.09 -

VIPRE 11229 2011.12.10 -

ViRobot 2011.12.10.4819 2011.12.10 -

VirusBuster 14.1.108.0 2011.12.09 -

MD5 : 363867d32f78f71d610be7a559578a95

SHA1 : 9a79a5d101ef871e4f470558ebd22585a6c7c2e6

SHA256: 0cc0d8b6fcd3d96754fd4edc9f56261f81ce72293d7ce992b97935eb3f50dee8

VT Community

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible

reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the

availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines

is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file.

Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

VirusTotal ©

Link to post
Share on other sites

Hi MrC

ComboFix 11-12-10.01 - Edwin 10/12/2011 16:45:48.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1345 [GMT 0:00]

Running from: c:\documents and settings\Edwin\Local Settings\Application Data\Opera\Opera\temporary_downloads\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))

.

.

2011-12-09 20:28 . 2011-12-09 20:28 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-12-07 16:01 . 2011-12-10 11:28 -------- d-----w- c:\documents and settings\Edwin\Application Data\Skype

2011-12-07 16:01 . 2011-12-07 16:01 -------- d-----w- c:\program files\Common Files\Skype

2011-12-07 16:01 . 2011-12-07 16:01 -------- d-----r- c:\program files\Skype

2011-12-07 13:31 . 2011-12-07 13:31 -------- d-----w- c:\documents and settings\Edwin\Application Data\Malwarebytes

2011-12-07 13:30 . 2011-12-07 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-12-07 13:30 . 2011-12-07 13:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-06 15:39 . 2011-12-06 15:38 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-12-06 15:39 . 2011-12-06 15:38 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-12-06 11:46 . 2011-10-18 14:29 28760 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll

2011-12-02 20:52 . 2011-12-02 20:52 -------- d-----w- c:\program files\Microsoft Small Business

2011-11-29 21:52 . 2011-11-29 21:57 -------- d-----w- c:\documents and settings\Edwin\Application Data\B8940581

2011-11-22 13:58 . 2011-11-22 13:58 -------- d-----w- c:\program files\iPod

2011-11-22 13:56 . 2011-11-22 13:59 -------- d-----w- c:\program files\iTunes

2011-11-14 09:27 . 2011-11-14 09:27 4335776 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 16:21 . 2011-05-16 14:55 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys

2011-12-09 15:49 . 2008-11-24 11:24 283 ----a-w- c:\documents and settings\Edwin\Local Settings\Application Data\orgit.bat

2011-12-06 15:44 . 2007-07-20 09:00 98304 ----a-w- c:\windows\DUMP8433.tmp

2011-12-06 15:38 . 2007-08-22 18:51 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-30 14:18 . 2007-07-20 09:00 98304 ----a-w- c:\windows\DUMP8627.tmp

2011-11-19 14:38 . 2011-05-17 10:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-24 14:29 . 2011-10-24 14:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 14:29 . 2011-10-24 14:29 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-18 14:32 . 2011-10-10 08:32 150856 ----a-w- c:\windows\system32\mfevtps.exe

2011-10-15 13:16 . 2011-10-10 08:34 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-10-15 13:16 . 2011-10-10 08:34 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-10-15 13:16 . 2011-10-10 08:34 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-10-15 13:16 . 2011-10-10 08:34 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-10-15 13:16 . 2011-10-10 08:34 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-10-15 13:16 . 2011-10-10 08:34 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-10-15 13:16 . 2011-10-10 08:34 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-10-15 13:16 . 2011-10-10 08:34 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-10-15 13:16 . 2011-03-13 10:20 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-10-15 13:16 . 2011-03-13 10:20 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-10-10 14:22 . 2007-07-20 08:51 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2007-07-20 08:51 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 10:41 . 2007-07-20 08:51 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 10:41 . 2007-07-20 08:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-12-09 14:48 . 2011-03-24 10:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 13:01 . 2011-10-10 08:34 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-06_13.40.29 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-10 11:24 . 2011-12-10 11:24 16384 c:\windows\Temp\Perflib_Perfdata_634.dat

+ 2011-12-06 15:47 . 2011-12-06 15:47 16384 c:\windows\Temp\Perflib_Perfdata_174.dat

+ 2007-07-20 08:54 . 2011-12-10 11:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2007-07-20 08:54 . 2011-12-06 13:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2007-07-20 08:54 . 2011-12-10 11:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2007-07-20 08:54 . 2011-12-06 13:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2011-12-06 17:24 . 2011-12-10 11:41 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2007-07-20 08:54 . 2011-12-06 13:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2011-12-06 15:39 . 2011-12-06 15:38 157472 c:\windows\system32\javaws.exe

+ 2011-12-06 15:39 . 2011-12-06 15:38 145184 c:\windows\system32\javaw.exe

+ 2011-12-06 15:39 . 2011-12-06 15:38 145184 c:\windows\system32\java.exe

+ 2011-12-06 15:40 . 2011-12-06 15:40 203776 c:\windows\Installer\b41d6.msi

+ 2011-12-06 15:38 . 2011-12-06 15:38 901120 c:\windows\Installer\b41cd.msi

+ 2011-12-07 16:01 . 2011-12-07 16:01 371272 c:\windows\Installer\{D0197E45-D866-44D0-90AF-529F28F15ABA}\SkypeIcon.exe

+ 2011-12-07 16:01 . 2011-12-07 16:01 1252864 c:\windows\Installer\395646.msi

+ 2011-12-07 16:01 . 2011-12-07 16:01 1620480 c:\windows\Installer\39563d.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-13 39408]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]

"sbitunesagent"="c:\program files\Songbird\songbirditunesagent.exe" [2011-01-27 266240]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 1867888]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-11-09 17049736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-02-28 110592]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"sfagent"="c:\program files\Fighters\sfagent.exe" [2010-10-21 760968]

"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-12-21 28672]

"Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2010-12-21 337224]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-8 113664]

DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st800\DSLMON.exe [2008-3-7 946247]

PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2009-8-3 40960]

Sage ACT! Outlook Sync.lnk - c:\program files\ACT\Act for Windows\Act.Outlook.Sync.exe [2010-12-21 91136]

Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-11-13 00:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2006-09-06 09:44 16262656 -c--a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2006-05-16 16:04 2879488 -c--a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Inertia 3\\System\\PSL.Development.MainApp.exe"=

"c:\\Program Files\\Ares\\Ares.exe"=

"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=

"c:\\Windows\\system32\\jgoisnpc.exe"=

"c:\\Windows\\system32\\lemosixt.exe"=

"c:\\Windows\\system32\\kaneceyp.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Axa\\java\\bin\\java.exe"=

"c:\\Program Files\\FileMaker\\FileMaker Pro 8.5\\FileMaker Pro.exe"=

"c:\\Windows\\system32\\ftp.exe"=

"c:\\Program Files\\O2\\bin\\wificfg.exe"=

"c:\\Program Files\\O2\\agent\\bin\\bcont.exe"=

"c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"=

"c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"=

"c:\\Program Files\\Brother\\Brmfl07b\\FAXRX.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Documents and Settings\\Edwin\\Desktop\\utorrent.exe"=

"c:\\Program Files\\FileMaker\\FileMaker Pro 11\\FileMaker Pro.exe"=

"c:\\Program Files\\drahtwerk\\iWebcamera\\iWebcameraApp.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\WePrint\\WePrint Server.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=

"c:\\Program Files\\Calibre2\\calibre.exe"=

"c:\\Program Files\\Microsoft SQL Server\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"54925:UDP"= 54925:UDP:Brother Network Scanner

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/11/2009 17:51 691696]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/10/2011 08:34 89792]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 11:03 169312]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s [?]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/10/2011 08:34 214904]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/10/2011 08:34 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/10/2011 08:34 214904]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [10/10/2011 08:35 160608]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/10/2011 08:32 150856]

R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [05/05/2010 21:40 42884448]

R2 MSSQL$INERTIA3_SQL2005;SQL Server (INERTIA3_SQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/12/2010 17:29 29293408]

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\sfus.exe [21/10/2010 12:44 189064]

R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 16:19 202280]

R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [21/10/2010 12:44 1130120]

R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [25/06/2009 07:22 185640]

R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [11/02/2010 11:42 172328]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10/10/2011 08:34 57600]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s [?]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10/10/2011 08:34 338176]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [10/10/2011 08:34 83856]

R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [07/08/2011 17:28 19056]

R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25/01/2008 09:12 25088]

S2 gupdate1c9c66e5e4f0d7d;Google Update Service (gupdate1c9c66e5e4f0d7d);c:\program files\Google\Update\GoogleUpdate.exe [26/04/2009 12:56 133104]

S2 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [21/12/2010 13:38 81920]

S3 Compingo License Service;Compingo License Service;c:\program files\Common Files\Compingo Shared\Service\CompingoLicSvc.exe [27/06/2008 16:59 79360]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [08/07/2009 12:47 13224]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/04/2009 12:56 133104]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [10/10/2011 08:34 83856]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/10/2011 08:34 87656]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [09/12/2009 15:52 47360]

S3 SM_ml1600_FUService;ML-2010 Status Monitor Service;"c:\program files\Samsung ML-2010 Series\CommonSM\ssmsrvc /Service --> c:\program files\Samsung ML-2010 Series\CommonSM\ssmsrvc [?]

S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [27/04/2008 10:16 30464]

S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [27/04/2008 10:16 12672]

S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [27/04/2008 10:16 32000]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [04/03/2011 16:03 25704]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [04/03/2011 16:04 25704]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [04/03/2011 16:04 25704]

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [04/03/2011 16:05 25704]

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [04/03/2011 16:05 25704]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [05/05/2010 21:41 44896]

S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [03/04/2010 10:02 240608]

S4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [05/05/2010 21:40 367456]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - BDFILESPY

*Deregistered* - BdFileSpy

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]

2010-02-16 19:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]

.

2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 12:56]

.

2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 12:56]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://exweb.exchange.uk.com/public/default.asp

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

Trusted Zone: o2.co.uk\*.broadband

Trusted Zone: uk.com\exweb.exchange

TCP: DhcpNameServer = 192.168.1.254

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Edwin\Application Data\Mozilla\Firefox\Profiles\lnsnbop1.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddrnw

FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-10 16:57

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SM_ml1600_FUService]

"ImagePath"="\"c:\program files\Samsung ML-2010 Series\CommonSM\ssmsrvc /Service"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2512)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-12-10 17:02:48

ComboFix-quarantined-files.txt 2011-12-10 17:02

ComboFix2.txt 2011-12-06 14:05

.

Pre-Run: 8,860,344,320 bytes free

Post-Run: 9,019,572,224 bytes free

.

- - End Of File - - B93B3C67102AB732192121E6B85F2B2B

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.