Jump to content

Recommended Posts

Hi, Windows Security Center has not been the same on my computer ever since I was infected with the Vista Antivirus 2012 spyware. Will my machine return to normal?

dds.txt

attach.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21

Run by Justin at 1:01:57 on 2012-01-10

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.234 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\STacSV.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Dwm.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\STOPzilla!\STOPzilla.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\STOPzilla!\SZOptionsFlash.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Windows\System32\ping.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: mswsock.dll

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{7FD72EAF-DA33-4C85-AB4D-6FC4095FB8DD} : DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\justin\appdata\roaming\mozilla\firefox\profiles\pbgnzxnz.default\

FF - prefs.js: network.proxy.type - 2

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\justin\appdata\roaming\mozilla\firefox\profiles\pbgnzxnz.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2011-9-26 61328]

R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2011-8-16 59080]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKsl3982c62f;MpKsl3982c62f;c:\programdata\microsoft\microsoft antimalware\definition updates\{86ddc117-1d57-4dde-b50f-1fd90182b2f3}\MpKsl3982c62f.sys [2012-1-10 29904]

R1 MpKsl5c0c19ed;MpKsl5c0c19ed;c:\programdata\microsoft\microsoft antimalware\definition updates\{86ddc117-1d57-4dde-b50f-1fd90182b2f3}\MpKsl5c0c19ed.sys [2012-1-10 29904]

R1 MpKslbd3318b5;MpKslbd3318b5;c:\programdata\microsoft\microsoft antimalware\definition updates\{86ddc117-1d57-4dde-b50f-1fd90182b2f3}\MpKslbd3318b5.sys [2012-1-10 29904]

R1 MpKslf5bc46b6;MpKslf5bc46b6;c:\programdata\microsoft\microsoft antimalware\definition updates\{86ddc117-1d57-4dde-b50f-1fd90182b2f3}\MpKslf5bc46b6.sys [2012-1-10 29904]

R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-8-11 179712]

R3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\drivers\BthFilt.sys [2009-8-11 13824]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-12 20464]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2011-9-26 61328]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-8-11 55280]

S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

S3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2010-12-29 20480]

.

=============== Created Last 30 ================

.

2012-01-10 05:38:42 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{86ddc117-1d57-4dde-b50f-1fd90182b2f3}\MpKslbd3318b5.sys

2012-01-10 05:38:33 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{86ddc117-1d57-4dde-b50f-1fd90182b2f3}\offreg.dll

2012-01-10 05:22:10 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{86ddc117-1d57-4dde-b50f-1fd90182b2f3}\MpKslf5bc46b6.sys

2012-01-10 05:19:11 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{86ddc117-1d57-4dde-b50f-1fd90182b2f3}\MpKsl3982c62f.sys

2012-01-10 05:11:26 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{86ddc117-1d57-4dde-b50f-1fd90182b2f3}\MpKsl5c0c19ed.sys

2012-01-10 05:10:21 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{86ddc117-1d57-4dde-b50f-1fd90182b2f3}\mpengine.dll

2012-01-03 21:32:25 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll

2012-01-03 21:32:25 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5918f51e-9e3f-4ed3-a785-41922f85806c}\gapaengine.dll

2011-12-18 06:29:33 -------- d-----w- c:\program files\Free Window Registry Repair

2011-12-16 08:59:04 -------- d-----w- c:\program files\STOPzilla!

2011-12-16 08:58:51 -------- d-----w- c:\program files\common files\iS3

2011-12-16 08:58:41 -------- d-----w- c:\programdata\STOPzilla!

2011-12-16 04:20:29 -------- d-----w- c:\users\justin\appdata\local\ElevatedDiagnostics

2011-12-15 20:36:49 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-12-15 20:36:48 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-12-15 20:36:44 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-12-15 20:36:42 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-12-15 20:36:40 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-12-15 20:36:03 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-15 20:35:50 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-13 03:03:17 -------- d-----w- c:\users\justin\appdata\roaming\Malwarebytes

2011-12-13 03:03:00 -------- d-----w- c:\programdata\Malwarebytes

2011-12-13 03:02:53 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-13 03:02:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-12-07 22:12:22 68648 ----a-r- c:\windows\system32\IS3Hks5.dll

2011-12-07 22:12:22 547880 ----a-r- c:\windows\system32\SZComp5.dll

2011-12-07 22:12:22 482344 ----a-r- c:\windows\system32\SZBase5.dll

2011-12-07 22:12:22 457768 ----a-r- c:\windows\system32\IS3DBA5.dll

2011-12-07 22:12:22 30248 ----a-r- c:\windows\system32\IS3XDat5.dll

2011-12-07 22:12:22 24616 ----a-r- c:\windows\system32\SZIO5.dll

2011-12-07 22:12:22 134184 ----a-r- c:\windows\system32\IS3HTUI5.dll

2011-12-07 22:12:20 740392 ----a-r- c:\windows\system32\IS3Base5.dll

2011-12-07 22:12:20 392232 ----a-r- c:\windows\system32\IS3UI5.dll

2011-12-07 22:12:20 232488 ----a-r- c:\windows\system32\IS3Win325.dll

2011-12-07 22:12:20 105512 ----a-r- c:\windows\system32\IS3Inet5.dll

2011-12-07 22:12:20 101416 ----a-r- c:\windows\system32\IS3Svc5.dll

2011-11-23 15:28:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 1:07:13.37 ===============

Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Download TDSSKiller from "]http://support.kaspersky.com/downloads/utils/tdsskiller.exe"]here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.


    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
      tdss_1.jpg
    • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
      tdss_2.jpg
    • Click the Start Scan button.
      tdss_3.jpg
    • If a suspicious object is detected, the default action will be Skip, click on Continue.
      tdss_4.jpg
    • If malicious objects are found, they will show in the Scan results and offer three (3) options.
    • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
      tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Logs will be closed if you haven't replied within 3 days

Link to post
Share on other sites

Great, here we go:

17:48:31.0753 2720 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27

17:48:32.0330 2720 ============================================================

17:48:32.0330 2720 Current date / time: 2012/01/24 17:48:32.0330

17:48:32.0330 2720 SystemInfo:

17:48:32.0330 2720

17:48:32.0330 2720 OS Version: 6.0.6002 ServicePack: 2.0

17:48:32.0330 2720 Product type: Workstation

17:48:32.0330 2720 ComputerName: HAGERMJM

17:48:32.0330 2720 UserName: Justin

17:48:32.0330 2720 Windows directory: C:\Windows

17:48:32.0330 2720 System windows directory: C:\Windows

17:48:32.0330 2720 Processor architecture: Intel x86

17:48:32.0330 2720 Number of processors: 2

17:48:32.0330 2720 Page size: 0x1000

17:48:32.0330 2720 Boot type: Normal boot

17:48:32.0330 2720 ============================================================

17:48:37.0042 2720 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

17:48:37.0104 2720 Initialize success

17:48:46.0230 1088 ============================================================

17:48:46.0230 1088 Scan started

17:48:46.0230 1088 Mode: Manual; SigCheck; TDLFS;

17:48:46.0230 1088 ============================================================

17:48:49.0132 1088 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

17:48:52.0439 1088 ACPI - ok

17:48:53.0687 1088 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

17:48:54.0170 1088 adp94xx - ok

17:48:55.0574 1088 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

17:48:56.0261 1088 adpahci - ok

17:48:57.0415 1088 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

17:48:57.0727 1088 adpu160m - ok

17:48:58.0903 1088 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

17:48:59.0340 1088 adpu320 - ok

17:49:00.0105 1088 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

17:49:00.0354 1088 AFD - ok

17:49:00.0885 1088 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

17:49:01.0072 1088 agp440 - ok

17:49:01.0961 1088 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

17:49:02.0257 1088 aic78xx - ok

17:49:03.0365 1088 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

17:49:04.0207 1088 aliide - ok

17:49:04.0629 1088 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

17:49:05.0221 1088 amdagp - ok

17:49:06.0001 1088 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

17:49:06.0204 1088 amdide - ok

17:49:06.0766 1088 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

17:49:09.0262 1088 AmdK7 - ok

17:49:09.0886 1088 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

17:49:10.0323 1088 AmdK8 - ok

17:49:10.0557 1088 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys

17:49:10.0884 1088 ApfiltrService - ok

17:49:11.0290 1088 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

17:49:11.0368 1088 arc - ok

17:49:11.0430 1088 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

17:49:11.0633 1088 arcsas - ok

17:49:11.0961 1088 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

17:49:12.0382 1088 AsyncMac - ok

17:49:12.0881 1088 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

17:49:13.0037 1088 atapi - ok

17:49:13.0848 1088 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys

17:49:14.0644 1088 b57nd60x - ok

17:49:15.0751 1088 BCM43XV (5420b33fdb36cb051533b4ff23b7f0e5) C:\Windows\system32\DRIVERS\bcmwl6.sys

17:49:22.0787 1088 BCM43XV - ok

17:49:23.0505 1088 BCM43XX (5420b33fdb36cb051533b4ff23b7f0e5) C:\Windows\system32\DRIVERS\bcmwl6.sys

17:49:23.0895 1088 BCM43XX - ok

17:49:24.0051 1088 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

17:49:24.0441 1088 Beep - ok

17:49:25.0548 1088 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

17:49:26.0141 1088 blbdrive - ok

17:49:28.0138 1088 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

17:49:28.0949 1088 bowser - ok

17:49:30.0571 1088 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

17:49:31.0445 1088 BrFiltLo - ok

17:49:32.0755 1088 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

17:49:32.0989 1088 BrFiltUp - ok

17:49:34.0050 1088 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

17:49:37.0170 1088 Brserid - ok

17:49:38.0153 1088 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

17:49:38.0465 1088 BrSerWdm - ok

17:49:38.0793 1088 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

17:49:38.0949 1088 BrUsbMdm - ok

17:49:39.0339 1088 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

17:49:39.0604 1088 BrUsbSer - ok

17:49:40.0431 1088 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys

17:49:40.0649 1088 BthEnum - ok

17:49:41.0211 1088 BTHFILT (43c96c1ac278bc22e7799c23405635a0) C:\Windows\system32\DRIVERS\BthFilt.sys

17:49:41.0445 1088 BTHFILT - ok

17:49:42.0381 1088 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

17:49:42.0552 1088 BTHMODEM - ok

17:49:43.0145 1088 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

17:49:43.0395 1088 BthPan - ok

17:49:44.0112 1088 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys

17:49:44.0689 1088 BTHPORT - ok

17:49:45.0173 1088 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys

17:49:45.0469 1088 BTHUSB - ok

17:49:46.0171 1088 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

17:49:46.0483 1088 cdfs - ok

17:49:47.0014 1088 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

17:49:47.0310 1088 cdrom - ok

17:49:47.0529 1088 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

17:49:47.0872 1088 circlass - ok

17:49:48.0433 1088 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

17:49:48.0621 1088 CLFS - ok

17:49:49.0416 1088 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

17:49:49.0619 1088 CmBatt - ok

17:49:49.0775 1088 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

17:49:50.0009 1088 cmdide - ok

17:49:50.0149 1088 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

17:49:50.0290 1088 Compbatt - ok

17:49:50.0742 1088 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

17:49:50.0851 1088 crcdisk - ok

17:49:51.0085 1088 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

17:49:51.0226 1088 Crusoe - ok

17:49:51.0319 1088 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys

17:49:51.0756 1088 CSC - ok

17:49:52.0006 1088 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys

17:49:52.0177 1088 CVirtA - ok

17:49:52.0411 1088 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

17:49:52.0723 1088 DfsC - ok

17:49:52.0833 1088 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

17:49:53.0004 1088 disk - ok

17:49:53.0254 1088 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

17:49:53.0379 1088 drmkaud - ok

17:49:53.0628 1088 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

17:49:53.0940 1088 DXGKrnl - ok

17:49:54.0580 1088 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

17:49:55.0516 1088 E1G60 - ok

17:49:55.0921 1088 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

17:49:56.0124 1088 Ecache - ok

17:49:56.0436 1088 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

17:49:56.0577 1088 eeCtrl - ok

17:49:56.0935 1088 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

17:49:57.0107 1088 elxstor - ok

17:49:57.0419 1088 EraserUtilDrv11120 (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11120.sys

17:49:57.0575 1088 EraserUtilDrv11120 - ok

17:49:57.0731 1088 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

17:49:57.0903 1088 ErrDev - ok

17:49:57.0981 1088 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

17:49:58.0121 1088 exfat - ok

17:49:58.0246 1088 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

17:49:59.0182 1088 fastfat - ok

17:49:59.0353 1088 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

17:49:59.0603 1088 fdc - ok

17:49:59.0650 1088 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

17:50:00.0024 1088 FileInfo - ok

17:50:00.0133 1088 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

17:50:00.0321 1088 Filetrace - ok

17:50:00.0492 1088 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

17:50:00.0695 1088 flpydisk - ok

17:50:00.0882 1088 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

17:50:01.0288 1088 FltMgr - ok

17:50:01.0584 1088 fssfltr (574cea4d3510ec905c0163c42d305ba5) C:\Windows\system32\DRIVERS\fssfltr.sys

17:50:01.0818 1088 fssfltr - ok

17:50:01.0990 1088 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

17:50:02.0239 1088 Fs_Rec - ok

17:50:02.0364 1088 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

17:50:02.0442 1088 gagp30kx - ok

17:50:02.0536 1088 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:50:02.0676 1088 GEARAspiWDM - ok

17:50:02.0817 1088 guardian2 (c0bdab85f3e8b2138c513255e2bcc4d8) C:\Windows\system32\Drivers\oz776.sys

17:50:02.0957 1088 guardian2 - ok

17:50:03.0144 1088 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

17:50:03.0285 1088 HdAudAddService - ok

17:50:03.0378 1088 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:50:03.0940 1088 HDAudBus - ok

17:50:04.0143 1088 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

17:50:04.0595 1088 HidBth - ok

17:50:04.0829 1088 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

17:50:05.0359 1088 HidIr - ok

17:50:05.0874 1088 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

17:50:06.0171 1088 HidUsb - ok

17:50:06.0264 1088 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

17:50:06.0327 1088 HpCISSs - ok

17:50:06.0451 1088 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

17:50:06.0685 1088 HSFHWAZL - ok

17:50:06.0826 1088 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys

17:50:07.0263 1088 HSF_DPV - ok

17:50:07.0356 1088 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

17:50:07.0668 1088 HSXHWAZL - ok

17:50:07.0809 1088 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

17:50:07.0933 1088 HTTP - ok

17:50:08.0058 1088 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

17:50:08.0105 1088 i2omp - ok

17:50:08.0230 1088 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

17:50:08.0323 1088 i8042prt - ok

17:50:08.0448 1088 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

17:50:08.0620 1088 iaStorV - ok

17:50:08.0682 1088 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

17:50:08.0838 1088 iirsp - ok

17:50:08.0916 1088 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

17:50:08.0963 1088 intelide - ok

17:50:09.0010 1088 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

17:50:09.0228 1088 intelppm - ok

17:50:09.0275 1088 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:50:09.0571 1088 IpFilterDriver - ok

17:50:09.0681 1088 IpInIp - ok

17:50:09.0727 1088 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

17:50:09.0977 1088 IPMIDRV - ok

17:50:10.0024 1088 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

17:50:10.0195 1088 IPNAT - ok

17:50:10.0305 1088 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

17:50:10.0461 1088 IRENUM - ok

17:50:10.0617 1088 is3srv (447e6a7c3e7e1cd550a8af889a8209e9) C:\Windows\system32\drivers\is3srv.sys

17:50:10.0773 1088 is3srv - ok

17:50:10.0913 1088 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

17:50:11.0163 1088 isapnp - ok

17:50:11.0365 1088 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

17:50:11.0506 1088 iScsiPrt - ok

17:50:11.0880 1088 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

17:50:11.0958 1088 iteatapi - ok

17:50:12.0005 1088 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

17:50:12.0099 1088 iteraid - ok

17:50:12.0130 1088 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

17:50:12.0208 1088 kbdclass - ok

17:50:12.0317 1088 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

17:50:12.0567 1088 kbdhid - ok

17:50:12.0769 1088 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

17:50:13.0050 1088 KSecDD - ok

17:50:13.0191 1088 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

17:50:13.0331 1088 lltdio - ok

17:50:13.0393 1088 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

17:50:13.0783 1088 LSI_FC - ok

17:50:13.0955 1088 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

17:50:14.0314 1088 LSI_SAS - ok

17:50:14.0361 1088 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

17:50:14.0532 1088 LSI_SCSI - ok

17:50:14.0938 1088 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

17:50:15.0328 1088 luafv - ok

17:50:15.0484 1088 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\Windows\system32\DRIVERS\lvpopflt.sys

17:50:15.0765 1088 lvpopflt - ok

17:50:15.0858 1088 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\Drivers\LVPr2Mon.sys

17:50:15.0983 1088 LVPr2Mon - ok

17:50:16.0201 1088 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys

17:50:16.0389 1088 LVRS - ok

17:50:17.0200 1088 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys

17:50:19.0509 1088 LVUVC - ok

17:50:19.0696 1088 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

17:50:19.0914 1088 MBAMProtector - ok

17:50:20.0055 1088 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

17:50:20.0429 1088 mdmxsdk - ok

17:50:21.0037 1088 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

17:50:21.0225 1088 megasas - ok

17:50:21.0412 1088 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

17:50:21.0630 1088 MegaSR - ok

17:50:22.0020 1088 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

17:50:22.0519 1088 Modem - ok

17:50:22.0769 1088 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

17:50:23.0393 1088 monitor - ok

17:50:23.0487 1088 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

17:50:23.0767 1088 mouclass - ok

17:50:24.0033 1088 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

17:50:24.0189 1088 mouhid - ok

17:50:24.0501 1088 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

17:50:24.0813 1088 MountMgr - ok

17:50:25.0078 1088 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

17:50:25.0327 1088 MpFilter - ok

17:50:25.0702 1088 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

17:50:25.0858 1088 mpio - ok

17:50:26.0092 1088 MpKsl29ec920b - ok

17:50:26.0217 1088 MpKsl824f36f9 - ok

17:50:26.0248 1088 MpKsl9457916f - ok

17:50:26.0263 1088 MpKslb00612ca - ok

17:50:26.0310 1088 MpKslc4ad9028 - ok

17:50:26.0575 1088 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

17:50:26.0716 1088 MpNWMon - ok

17:50:26.0965 1088 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

17:50:27.0121 1088 mpsdrv - ok

17:50:27.0402 1088 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

17:50:27.0465 1088 Mraid35x - ok

17:50:28.0369 1088 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

17:50:28.0541 1088 MRxDAV - ok

17:50:29.0025 1088 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:50:29.0259 1088 mrxsmb - ok

17:50:29.0758 1088 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:50:30.0210 1088 mrxsmb10 - ok

17:50:30.0397 1088 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:50:30.0569 1088 mrxsmb20 - ok

17:50:30.0709 1088 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

17:50:31.0131 1088 msahci - ok

17:50:31.0333 1088 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

17:50:31.0411 1088 msdsm - ok

17:50:31.0552 1088 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

17:50:32.0020 1088 Msfs - ok

17:50:32.0191 1088 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

17:50:32.0238 1088 msisadrv - ok

17:50:32.0706 1088 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

17:50:33.0159 1088 MSKSSRV - ok

17:50:33.0439 1088 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

17:50:33.0876 1088 MSPCLOCK - ok

17:50:34.0017 1088 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

17:50:34.0375 1088 MSPQM - ok

17:50:34.0656 1088 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

17:50:35.0717 1088 MsRPC - ok

17:50:35.0733 1088 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

17:50:35.0811 1088 mssmbios - ok

17:50:36.0045 1088 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

17:50:36.0481 1088 MSTEE - ok

17:50:36.0591 1088 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

17:50:36.0778 1088 Mup - ok

17:50:36.0856 1088 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

17:50:37.0261 1088 NativeWifiP - ok

17:50:37.0558 1088 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111207.003\NAVENG.SYS

17:50:37.0683 1088 NAVENG - ok

17:50:37.0839 1088 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111207.003\NAVEX15.SYS

17:50:38.0104 1088 NAVEX15 - ok

17:50:38.0307 1088 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

17:50:38.0993 1088 NDIS - ok

17:50:39.0055 1088 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

17:50:39.0742 1088 NdisTapi - ok

17:50:39.0976 1088 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

17:50:40.0366 1088 Ndisuio - ok

17:50:40.0615 1088 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

17:50:40.0709 1088 NdisWan - ok

17:50:40.0803 1088 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

17:50:41.0380 1088 NDProxy - ok

17:50:41.0692 1088 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

17:50:41.0895 1088 NetBIOS - ok

17:50:41.0941 1088 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

17:50:42.0378 1088 netbt - ok

17:50:42.0581 1088 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

17:50:42.0643 1088 nfrd960 - ok

17:50:42.0721 1088 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

17:50:43.0002 1088 NisDrv - ok

17:50:43.0267 1088 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

17:50:43.0361 1088 Npfs - ok

17:50:43.0392 1088 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

17:50:43.0564 1088 nsiproxy - ok

17:50:43.0673 1088 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

17:50:44.0359 1088 Ntfs - ok

17:50:44.0671 1088 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

17:50:45.0264 1088 ntrigdigi - ok

17:50:45.0311 1088 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

17:50:45.0451 1088 Null - ok

17:50:46.0294 1088 nvlddmkm (99a7cd6662db4e32f75a641c5d080db3) C:\Windows\system32\DRIVERS\nvlddmkm.sys

17:50:49.0133 1088 nvlddmkm - ok

17:50:49.0866 1088 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

17:50:49.0991 1088 nvraid - ok

17:50:50.0615 1088 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

17:50:50.0693 1088 nvstor - ok

17:50:51.0333 1088 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

17:50:51.0395 1088 nv_agp - ok

17:50:51.0816 1088 NwlnkFlt - ok

17:50:52.0019 1088 NwlnkFwd - ok

17:50:52.0799 1088 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

17:50:53.0439 1088 ohci1394 - ok

17:50:53.0595 1088 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

17:50:54.0874 1088 Parport - ok

17:50:54.0967 1088 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

17:50:55.0451 1088 partmgr - ok

17:50:55.0560 1088 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

17:50:56.0231 1088 Parvdm - ok

17:50:56.0434 1088 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

17:50:56.0917 1088 pci - ok

17:50:57.0011 1088 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys

17:50:57.0557 1088 pciide - ok

17:50:57.0651 1088 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys

17:50:58.0243 1088 pcmcia - ok

17:50:58.0649 1088 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

17:50:59.0460 1088 PEAUTH - ok

17:50:59.0694 1088 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

17:51:00.0318 1088 PptpMiniport - ok

17:51:00.0459 1088 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

17:51:00.0739 1088 Processor - ok

17:51:01.0051 1088 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

17:51:01.0239 1088 PSched - ok

17:51:01.0551 1088 PulseUsb (82749a87e49fdc46e6d1b9627507dd75) C:\Windows\system32\DRIVERS\PulseUsb.sys

17:51:02.0830 1088 PulseUsb ( UnsignedFile.Multi.Generic ) - warning

17:51:02.0830 1088 PulseUsb - detected UnsignedFile.Multi.Generic (1)

17:51:03.0485 1088 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

17:51:04.0530 1088 ql2300 - ok

17:51:04.0827 1088 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

17:51:05.0622 1088 ql40xx - ok

17:51:05.0919 1088 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

17:51:06.0558 1088 QWAVEdrv - ok

17:51:06.0870 1088 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

17:51:07.0338 1088 RasAcd - ok

17:51:07.0869 1088 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:51:08.0243 1088 Rasl2tp - ok

17:51:08.0446 1088 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

17:51:08.0883 1088 RasPppoe - ok

17:51:09.0023 1088 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

17:51:09.0522 1088 RasSstp - ok

17:51:09.0897 1088 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

17:51:10.0333 1088 rdbss - ok

17:51:10.0645 1088 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:51:10.0879 1088 RDPCDD - ok

17:51:11.0285 1088 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys

17:51:11.0581 1088 rdpdr - ok

17:51:12.0018 1088 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

17:51:12.0159 1088 RDPENCDD - ok

17:51:12.0861 1088 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

17:51:13.0282 1088 RDPWD - ok

17:51:13.0953 1088 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys

17:51:14.0124 1088 RFCOMM - ok

17:51:14.0701 1088 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

17:51:14.0998 1088 rspndr - ok

17:51:15.0435 1088 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

17:51:15.0669 1088 sbp2port - ok

17:51:16.0090 1088 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

17:51:16.0417 1088 secdrv - ok

17:51:16.0636 1088 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

17:51:16.0823 1088 Serenum - ok

17:51:17.0151 1088 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

17:51:17.0899 1088 Serial - ok

17:51:18.0383 1088 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

17:51:18.0617 1088 sermouse - ok

17:51:18.0960 1088 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

17:51:19.0225 1088 sffdisk - ok

17:51:19.0553 1088 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

17:51:20.0068 1088 sffp_mmc - ok

17:51:20.0427 1088 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

17:51:20.0614 1088 sffp_sd - ok

17:51:21.0394 1088 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

17:51:21.0909 1088 sfloppy - ok

17:51:22.0470 1088 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

17:51:22.0626 1088 sisagp - ok

17:51:23.0172 1088 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

17:51:23.0313 1088 SiSRaid2 - ok

17:51:23.0406 1088 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

17:51:23.0687 1088 SiSRaid4 - ok

17:51:24.0327 1088 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

17:51:24.0483 1088 Smb - ok

17:51:25.0247 1088 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

17:51:25.0481 1088 SPBBCDrv - ok

17:51:25.0965 1088 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

17:51:26.0058 1088 spldr - ok

17:51:26.0651 1088 SRTSP (e0e54a571d4323567e95e11fe76a5ff3) C:\Windows\system32\Drivers\SRTSP.SYS

17:51:26.0838 1088 SRTSP - ok

17:51:27.0478 1088 SRTSPL (4e44f0e22df824d318988caa6f321c30) C:\Windows\system32\Drivers\SRTSPL.SYS

17:51:27.0696 1088 SRTSPL - ok

17:51:28.0523 1088 SRTSPX (d3bb40427cf3d02e56bba97feda0a3aa) C:\Windows\system32\Drivers\SRTSPX.SYS

17:51:29.0053 1088 SRTSPX - ok

17:51:29.0521 1088 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

17:51:29.0958 1088 srv - ok

17:51:30.0629 1088 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

17:51:31.0331 1088 srv2 - ok

17:51:32.0158 1088 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

17:51:32.0423 1088 srvnet - ok

17:51:33.0187 1088 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys

17:51:33.0562 1088 STHDA - ok

17:51:34.0092 1088 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

17:51:34.0186 1088 swenum - ok

17:51:34.0295 1088 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

17:51:34.0825 1088 Symc8xx - ok

17:51:35.0044 1088 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\Windows\system32\Drivers\SYMEVENT.SYS

17:51:35.0247 1088 SymEvent - ok

17:51:35.0325 1088 SYMREDRV (829830a3ca1c5e329d68e26c9cd2de8d) C:\Windows\System32\Drivers\SYMREDRV.SYS

17:51:35.0574 1088 SYMREDRV - ok

17:51:36.0417 1088 SYMTDI (b1aa9704124b494c34e8d372e6654196) C:\Windows\System32\Drivers\SYMTDI.SYS

17:51:36.0588 1088 SYMTDI - ok

17:51:36.0978 1088 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

17:51:37.0431 1088 Sym_hi - ok

17:51:37.0805 1088 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

17:51:38.0086 1088 Sym_u3 - ok

17:51:38.0507 1088 szkg5 (447e6a7c3e7e1cd550a8af889a8209e9) C:\Windows\system32\DRIVERS\szkg.sys

17:51:38.0632 1088 szkg5 - ok

17:51:39.0365 1088 szkgfs (2b8581dc75d6d043e273eb0244632bcb) C:\Windows\system32\drivers\szkgfs.sys

17:51:39.0490 1088 szkgfs - ok

17:51:40.0582 1088 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys

17:51:40.0909 1088 Tcpip - ok

17:51:42.0204 1088 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys

17:51:42.0797 1088 Tcpip6 - ok

17:51:43.0749 1088 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys

17:51:44.0919 1088 tcpipreg - ok

17:51:46.0198 1088 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

17:51:47.0415 1088 TDPIPE - ok

17:51:48.0226 1088 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

17:51:48.0491 1088 TDTCP - ok

17:51:48.0865 1088 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

17:51:49.0193 1088 tdx - ok

17:51:49.0833 1088 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

17:51:49.0942 1088 TermDD - ok

17:51:50.0706 1088 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:51:50.0862 1088 tssecsrv - ok

17:51:51.0767 1088 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

17:51:51.0923 1088 tunmp - ok

17:51:52.0563 1088 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

17:51:52.0672 1088 tunnel - ok

17:51:53.0046 1088 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

17:51:53.0171 1088 uagp35 - ok

17:51:53.0623 1088 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

17:51:53.0764 1088 udfs - ok

17:51:54.0372 1088 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

17:51:54.0497 1088 uliagpkx - ok

17:51:54.0996 1088 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

17:51:55.0199 1088 uliahci - ok

17:51:55.0714 1088 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

17:51:55.0807 1088 UlSata - ok

17:51:56.0572 1088 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

17:51:56.0681 1088 ulsata2 - ok

17:51:57.0601 1088 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

17:51:58.0132 1088 umbus - ok

17:51:58.0335 1088 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

17:51:58.0522 1088 usbaudio - ok

17:51:58.0678 1088 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

17:51:58.0959 1088 usbccgp - ok

17:51:59.0442 1088 USBCCID (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys

17:51:59.0629 1088 USBCCID - ok

17:51:59.0848 1088 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

17:52:00.0300 1088 usbcir - ok

17:52:00.0503 1088 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

17:52:00.0737 1088 usbehci - ok

17:52:00.0831 1088 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

17:52:01.0143 1088 usbhub - ok

17:52:01.0361 1088 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

17:52:01.0595 1088 usbohci - ok

17:52:01.0704 1088 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

17:52:01.0891 1088 usbprint - ok

17:52:02.0016 1088 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:52:02.0235 1088 USBSTOR - ok

17:52:02.0469 1088 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

17:52:02.0593 1088 usbuhci - ok

17:52:02.0718 1088 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

17:52:02.0952 1088 usbvideo - ok

17:52:03.0015 1088 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

17:52:03.0139 1088 vga - ok

17:52:03.0327 1088 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

17:52:03.0514 1088 VgaSave - ok

17:52:03.0654 1088 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

17:52:03.0779 1088 viaagp - ok

17:52:03.0810 1088 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

17:52:03.0966 1088 ViaC7 - ok

17:52:04.0434 1088 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

17:52:04.0512 1088 viaide - ok

17:52:04.0809 1088 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

17:52:04.0902 1088 volmgr - ok

17:52:05.0682 1088 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

17:52:05.0791 1088 volmgrx - ok

17:52:06.0509 1088 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

17:52:06.0587 1088 volsnap - ok

17:52:07.0227 1088 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

17:52:07.0383 1088 vsmraid - ok

17:52:08.0287 1088 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

17:52:08.0553 1088 WacomPen - ok

17:52:09.0957 1088 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

17:52:10.0097 1088 Wanarp - ok

17:52:10.0300 1088 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

17:52:11.0220 1088 Wanarpv6 - ok

17:52:12.0063 1088 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

17:52:12.0187 1088 Wd - ok

17:52:13.0545 1088 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

17:52:13.0763 1088 Wdf01000 - ok

17:52:15.0573 1088 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

17:52:15.0807 1088 winachsf - ok

17:52:16.0805 1088 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

17:52:16.0961 1088 WmiAcpi - ok

17:52:17.0897 1088 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

17:52:18.0100 1088 ws2ifsl - ok

17:52:19.0597 1088 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:52:19.0769 1088 WUDFRd - ok

17:52:20.0221 1088 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

17:52:20.0331 1088 XAudio - ok

17:52:20.0487 1088 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

17:52:21.0220 1088 \Device\Harddisk0\DR0 - ok

17:52:21.0235 1088 Boot (0x1200) (db63065a191d686fe4f6a0579078934e) \Device\Harddisk0\DR0\Partition0

17:52:21.0251 1088 \Device\Harddisk0\DR0\Partition0 - ok

17:52:21.0251 1088 ============================================================

17:52:21.0251 1088 Scan finished

17:52:21.0251 1088 ============================================================

17:52:21.0282 1764 Detected object count: 1

17:52:21.0282 1764 Actual detected object count: 1

17:57:06.0118 1764 PulseUsb ( UnsignedFile.Multi.Generic ) - skipped by user

17:57:06.0180 1764 PulseUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix 12-01-23.02 - Justin 01/24/2012 22:10:22.1.2 - x86

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.1069 [GMT -5:00]

Running from: c:\users\Justin\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\$NtUninstallKB54723$

c:\windows\$NtUninstallKB54723$\3618177642\@

c:\windows\$NtUninstallKB54723$\3618177642\bckfg.tmp

c:\windows\$NtUninstallKB54723$\3618177642\cfg.ini

c:\windows\$NtUninstallKB54723$\3618177642\Desktop.ini

c:\windows\$NtUninstallKB54723$\3618177642\keywords

c:\windows\$NtUninstallKB54723$\3618177642\kwrd.dll

c:\windows\$NtUninstallKB54723$\3618177642\L\vhtmwbun

c:\windows\$NtUninstallKB54723$\3618177642\lsflt7.ver

c:\windows\$NtUninstallKB54723$\3618177642\U\00000001.@

c:\windows\$NtUninstallKB54723$\3618177642\U\00000002.@

c:\windows\$NtUninstallKB54723$\3618177642\U\00000004.@

c:\windows\$NtUninstallKB54723$\3618177642\U\80000000.@

c:\windows\$NtUninstallKB54723$\3618177642\U\80000004.@

c:\windows\$NtUninstallKB54723$\3618177642\U\80000032.@

c:\windows\$NtUninstallKB54723$\3694237297

.

.

((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))

.

.

2012-01-25 03:39 . 2012-01-25 03:39 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS

2012-01-25 03:39 . 2012-01-25 03:39 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS

2012-01-25 03:39 . 2012-01-25 03:39 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS

2012-01-25 03:39 . 2012-01-25 03:39 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS

2012-01-25 03:39 . 2012-01-25 03:39 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS

2012-01-25 03:39 . 2012-01-25 03:39 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS

2012-01-25 03:39 . 2012-01-25 03:39 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS

2012-01-25 03:39 . 2012-01-25 03:39 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS

2012-01-25 03:39 . 2012-01-25 03:39 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS

2012-01-25 03:39 . 2012-01-25 03:39 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS

2012-01-25 03:39 . 2012-01-25 03:39 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS

2012-01-25 03:39 . 2012-01-25 03:39 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS

2012-01-25 03:38 . 2012-01-25 03:38 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS

2012-01-25 03:38 . 2012-01-25 03:38 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS

2012-01-25 03:38 . 2012-01-25 03:38 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS

2012-01-25 03:38 . 2012-01-25 03:38 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS

2012-01-25 03:38 . 2012-01-25 03:38 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS

2012-01-25 03:25 . 2012-01-25 03:41 -------- d-----w- c:\users\Justin\AppData\Local\temp

2012-01-25 02:41 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20AE02B6-EDD6-495C-A74F-5DC12184C3F5}\mpengine.dll

2012-01-22 00:18 . 2011-10-04 22:22 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA58D4F4-5CA7-4AA4-B196-A73ED3AD93E4}\gapaengine.dll

2012-01-12 03:47 . 2012-01-12 03:47 -------- d-----w- c:\programdata\CPA_VA

2012-01-12 03:27 . 2012-01-12 03:47 -------- d-----w- c:\users\Justin\AppData\Local\Comodo

2012-01-12 03:26 . 2012-01-12 03:26 -------- d-----w- c:\programdata\Comodo

2012-01-12 03:26 . 2012-01-12 03:47 -------- d-----w- c:\program files\Comodo

2012-01-12 03:26 . 2012-01-12 03:26 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2012-01-12 02:59 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll

2012-01-12 02:59 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll

2012-01-12 02:59 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll

2012-01-12 02:59 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll

2012-01-12 02:58 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll

2012-01-12 02:58 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2012-01-12 02:58 . 2012-01-12 02:58 -------- d-----w- C:\c99ddb55d09817b35d13

2012-01-12 02:57 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll

2012-01-12 02:57 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll

2012-01-12 02:53 . 2012-01-12 02:53 -------- d-----w- c:\program files\Microsoft ATS

2012-01-03 21:32 . 2011-10-04 22:22 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-24 22:45 . 2008-02-04 16:26 279088 ----a-w- c:\windows\system32\drivers\srtsp.sys

2012-01-06 04:19 . 2011-11-21 18:02 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-12-10 20:24 . 2011-12-13 03:02 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-07 22:12 . 2011-12-07 22:12 68648 ----a-r- c:\windows\system32\IS3Hks5.dll

2011-12-07 22:12 . 2011-12-07 22:12 547880 ----a-r- c:\windows\system32\SZComp5.dll

2011-12-07 22:12 . 2011-12-07 22:12 482344 ----a-r- c:\windows\system32\SZBase5.dll

2011-12-07 22:12 . 2011-12-07 22:12 457768 ----a-r- c:\windows\system32\IS3DBA5.dll

2011-12-07 22:12 . 2011-12-07 22:12 30248 ----a-r- c:\windows\system32\IS3XDat5.dll

2011-12-07 22:12 . 2011-12-07 22:12 24616 ----a-r- c:\windows\system32\SZIO5.dll

2011-12-07 22:12 . 2011-12-07 22:12 134184 ----a-r- c:\windows\system32\IS3HTUI5.dll

2011-12-07 22:12 . 2011-12-07 22:12 740392 ----a-r- c:\windows\system32\IS3Base5.dll

2011-12-07 22:12 . 2011-12-07 22:12 392232 ----a-r- c:\windows\system32\IS3UI5.dll

2011-12-07 22:12 . 2011-12-07 22:12 232488 ----a-r- c:\windows\system32\IS3Win325.dll

2011-12-07 22:12 . 2011-12-07 22:12 105512 ----a-r- c:\windows\system32\IS3Inet5.dll

2011-12-07 22:12 . 2011-12-07 22:12 101416 ----a-r- c:\windows\system32\IS3Svc5.dll

2011-11-23 15:28 . 2011-11-23 15:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 13:37 . 2011-12-15 20:36 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-11-19 02:57 . 2011-11-19 02:57 161792 ----a-w- c:\windows\system32\msls31.dll

2011-11-19 02:57 . 2011-11-19 02:57 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-11-19 02:57 . 2011-11-19 02:57 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-11-19 02:57 . 2011-11-19 02:57 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-11-19 02:57 . 2011-11-19 02:57 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-11-19 02:57 . 2011-11-19 02:57 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-11-19 02:57 . 2011-11-19 02:57 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-11-19 02:57 . 2011-11-19 02:57 367104 ----a-w- c:\windows\system32\html.iec

2011-11-19 02:57 . 2011-11-19 02:57 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-19 02:57 . 2011-11-19 02:57 152064 ----a-w- c:\windows\system32\wextract.exe

2011-11-19 02:57 . 2011-11-19 02:57 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-11-19 02:57 . 2011-11-19 02:57 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-11-19 02:57 . 2011-11-19 02:57 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-11-19 02:57 . 2011-11-19 02:57 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-11-19 02:57 . 2011-11-19 02:57 11776 ----a-w- c:\windows\system32\mshta.exe

2011-11-19 02:57 . 2011-11-19 02:57 101888 ----a-w- c:\windows\system32\admparse.dll

2011-11-19 02:57 . 2011-11-19 02:57 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-11-08 14:42 . 2011-12-15 20:36 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-03 22:47 . 2011-12-16 08:14 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-11-03 22:40 . 2011-12-16 08:14 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-03 22:39 . 2011-12-16 08:14 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-11-03 22:31 . 2011-12-16 08:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-10-27 08:01 . 2011-12-15 20:36 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-27 08:01 . 2011-12-15 20:36 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-12-11 20:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2007-07-02 17:29 159744 ----a-w- c:\program files\DellTPad\Apoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2008-02-01 05:25 115560 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]

2009-07-16 19:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

2011-06-15 20:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2008-11-22 02:07 13601312 ----a-w- c:\windows\System32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]

2008-11-22 02:07 96800 ----a-w- c:\windows\System32\nvhotkey.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2008-11-22 02:07 92704 ----a-w- c:\windows\System32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2008-11-20 02:07 1657376 ----a-w- c:\windows\System32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2008-02-26 14:57 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-09-13 18:44 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-12-03 21:46 14944136 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]

2008-04-03 16:33 136080 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

xmlpros REG_MULTI_SZ XMLProvS

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\pbgnzxnz.default\

FF - prefs.js: network.proxy.type - 2

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-02612584.sys

MSConfigStartUp-DirectMainlog - c:\users\Justin\AppData\Local\uniobjmon2\DirectMainlog.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-24 22:40

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\windows\system32\WLANExt.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Microsoft\BingBar\SeaPort.EXE

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\STacSV.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Spybot - Search & Destroy\SDWinSec.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe

c:\program files\STOPzilla!\STOPzilla.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2012-01-24 22:55:55 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-25 03:55

.

Pre-Run: 113,701,609,472 bytes free

Post-Run: 113,827,082,240 bytes free

.

- - End Of File - - 00AC561389711F6AD9C82D269D26F142

Note: My computer seems to be functioning normally at this point in time. Upon clicking on Firefox and IE, a message box notes that the registry key has been marked for deletion. I ran Internet Explorer as Adminstrator and it allowed me to open the web browser.

Link to post
Share on other sites

registry key has been marked

I'm sure that's Search & Destroy\TeaTimer letting you know. Please allow the change.

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.