Jump to content

xp home security 2012 - MWB run as admin/full scan doesn't find it


AmyA

Recommended Posts

Hello,

I'm the second lucky person in my household to end up with this in the last month. I already had MWB so when I saw it I wasn't too worried. I updated to the latest & greatest then ran a full scan as admin. It found nothing and the admin account works fine - no pop-ups, FF works. When I log on as user I get all the pop-ups and FF doesn't work. The user account is useless. Here are dds.txt & attach.txt

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20

Run by PowerAmy at 21:01:16 on 2012-01-12

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.328 [GMT -8:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\IDriveWindows\idwservice_501.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\xampp\mysql\bin\mysqld-nt.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\IDriveWindows\idw_web.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\IDriveWindows\idwbg_501.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: CKeyScramblerBHO Object: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start

mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [iDriveforWindows] "c:\program files\idrivewindows\idwindows_501.exe"

mRun: [iDrive Background process] "c:\program files\idrivewindows\idwbg_501.exe"

mRun: [iDrive Monitor] "c:\program files\idrivewindows\idwmonitor.exe" Min

dRunOnce: [KeyScrambler] c:\program files\keyscrambler\getting_started.html

dRunOnce: [RunNarrator] Narrator.exe

dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~1.lnk - c:\program files\common files\panasonic\photofunstudio autostart\AutoStartupService.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

Trusted Zone: intuit.com\ttlc

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{19E6BE33-2100-4972-A844-738958696E44} : DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\poweramy\application data\mozilla\firefox\profiles\p1cikkm4.default\

FF - component: c:\documents and settings\poweramy\application data\mozilla\firefox\profiles\p1cikkm4.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPUploader.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-18 64160]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-13 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-13 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-13 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-13 66616]

R2 IDriveService;IDriveService;c:\program files\idrivewindows\idwservice_501.exe [2011-12-23 181728]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-5-24 652872]

R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-3-2 1245064]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-4-27 113896]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-5-24 20464]

S2 gupdate1c9d81a1f056e6e;Google Update Service (gupdate1c9d81a1f056e6e);c:\program files\google\update\GoogleUpdate.exe [2009-5-18 133104]

S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2006-8-23 114016]

S2 mrtRate;mrtRate; [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-21 102448]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-18 133104]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1036104]

S4 Herofsl;Herofsl; [x]

.

=============== Created Last 30 ================

.

2011-12-27 18:17:40 -------- d-----w- C:\IBWINTEMP

2011-12-23 19:52:19 -------- d-----w- C:\IDrive

2011-12-23 19:12:29 24064 ----a-w- c:\windows\system32\msxml3a.dll

2011-12-23 19:12:29 108336 ----a-w- c:\windows\system32\MSWINSCK.OCX

2011-12-23 19:12:27 94208 ----a-w- c:\windows\system32\IBColIml.ocx

2011-12-23 19:12:27 40960 ----a-w- c:\windows\system32\IBSSubTmr.dll

2011-12-23 18:49:08 -------- d-----w- c:\program files\cygdrive

2011-12-23 18:19:08 -------- d-----w- c:\windows\system32\IBCOMMON

2011-12-23 18:18:30 -------- d-----w- c:\program files\IDriveWindows

.

==================== Find3M ====================

.

2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-22 05:35:52 709968 ----a-w- c:\windows\is-NNALE.exe

2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll

2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll

2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-31 23:43:21 832512 ----a-w- c:\windows\system32\wininet.dll

2011-10-31 23:43:21 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-10-31 23:43:21 1830912 ------w- c:\windows\system32\inetcpl.cpl

2011-10-31 23:43:20 17408 ------w- c:\windows\system32\corpol.dll

2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll

.

============= FINISH: 21:01:40.51 ===============

************************************

I attached the attach log rather than posting it. Sorry if that's not kosher - I can paste it in as needed.

Any help is very much appreicated!

And I poked around and saw the next step may be combofix. Here's that log:

ComboFix 12-01-12.04 - PowerAmy 01/12/2012 21:51:05.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.582 [GMT -8:00]

Running from: c:\documents and settings\PowerAmy\My Documents\Downloads\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\system32\SET36.tmp

c:\windows\system32\SET3B.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-12-13 to 2012-01-13 )))))))))))))))))))))))))))))))

.

.

2011-12-27 18:17 . 2011-12-27 18:17 -------- d-----w- C:\IBWINTEMP

2011-12-23 19:52 . 2011-12-23 19:52 -------- d-----w- C:\IDrive

2011-12-23 19:12 . 2009-02-09 21:15 24064 ----a-w- c:\windows\system32\msxml3a.dll

2011-12-23 19:12 . 2009-02-09 21:15 108336 ----a-w- c:\windows\system32\MSWINSCK.OCX

2011-12-23 19:12 . 2009-02-09 21:15 94208 ----a-w- c:\windows\system32\IBColIml.ocx

2011-12-23 19:12 . 2009-02-09 21:15 40960 ----a-w- c:\windows\system32\IBSSubTmr.dll

2011-12-23 18:49 . 2011-12-23 18:49 -------- d-----w- c:\program files\cygdrive

2011-12-23 18:19 . 2011-12-23 18:19 -------- d-----w- c:\windows\system32\IBCOMMON

2011-12-23 18:18 . 2012-01-13 03:43 -------- d-----w- c:\program files\IDriveWindows

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 23:24 . 2009-05-24 16:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-25 21:57 . 2004-08-04 08:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25 . 2004-08-04 08:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-22 05:35 . 2011-11-22 05:35 709968 ----a-w- c:\windows\is-NNALE.exe

2011-11-18 12:35 . 2004-08-04 08:00 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-03 15:28 . 2004-08-04 08:00 386048 ----a-w- c:\windows\system32\qdvd.dll

2011-11-03 15:28 . 2004-08-04 08:00 1292288 ----a-w- c:\windows\system32\quartz.dll

2011-11-01 16:07 . 2004-08-04 08:00 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-31 23:43 . 2004-08-04 08:00 832512 ----a-w- c:\windows\system32\wininet.dll

2011-10-31 23:43 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-10-31 23:43 . 2004-08-04 08:00 1830912 ------w- c:\windows\system32\inetcpl.cpl

2011-10-31 23:43 . 2004-08-04 08:00 17408 ------w- c:\windows\system32\corpol.dll

2011-10-28 05:31 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:33 . 2004-08-04 08:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2004-08-04 08:00 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]

"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2011-06-13 528832]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 790528]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]

"IDriveforWindows"="c:\program files\IDriveWindows\idwindows_501.exe" [2011-12-17 8111584]

"IDrive Background process"="c:\program files\IDriveWindows\idwbg_501.exe" [2011-12-17 42464]

"IDrive Monitor"="c:\program files\IDriveWindows\idwmonitor.exe" [2011-12-17 2037216]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"KeyScrambler"="c:\program files\KeyScrambler\getting_started.html" [X]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-06-13 669936]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

PHOTOfunSTUDIO 5.0 HD Edition.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-7-22 170480]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-11-17 389120]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk

backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk

backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk

backup=c:\windows\pss\BTTray.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pandion.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Pandion.lnk

backup=c:\windows\pss\Pandion.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Loader supervisory.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk

backup=c:\windows\pss\Photo Loader supervisory.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk

backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Amy Asdorian^Start Menu^Programs^Startup^Picaboo.lnk]

path=c:\documents and settings\Amy Asdorian\Start Menu\Programs\Startup\Picaboo.lnk

backup=c:\windows\pss\Picaboo.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Amy Asdorian^Start Menu^Programs^Startup^WinMySQLadmin.lnk]

path=c:\documents and settings\Amy Asdorian\Start Menu\Programs\Startup\WinMySQLadmin.lnk

backup=c:\windows\pss\WinMySQLadmin.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2005-01-22 18:31 126976 ------w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2005-01-22 18:36 155648 ------w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-09-21 23:36 305440 ------w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]

2004-10-14 20:54 253952 ------w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-05 08:54 417792 ------w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-04-16 20:36 24264488 ------r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"btwdins"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\\setup\\hpznui01.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"=

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/18/2009 2:07 PM 64160]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/13/2010 6:48 PM 136360]

R2 IDriveService;IDriveService;c:\program files\IDriveWindows\idwservice_501.exe [12/23/2011 11:12 AM 181728]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/24/2009 8:55 AM 652872]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [4/27/2010 3:43 PM 113896]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/24/2009 8:55 AM 20464]

S2 gupdate1c9d81a1f056e6e;Google Update Service (gupdate1c9d81a1f056e6e);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2009 4:36 PM 133104]

S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [8/23/2006 8:41 AM 114016]

S2 mrtRate;mrtRate; [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/21/2010 5:33 PM 102448]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2009 4:36 PM 133104]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 11:06 AM 1036104]

S4 Herofsl;Herofsl; [x]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 22:10]

.

2011-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

.

2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 00:35]

.

2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 00:35]

.

2011-12-05 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 05:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\documents and settings\PowerAmy\Application Data\Mozilla\Firefox\Profiles\p1cikkm4.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_09\bin\jusched.exe

MSConfigStartUp-TCOYFReminder - c:\progra~1\TCOYF\tcoyftray.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-12 22:01

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?3?3?7??????? ?,?B?????????????hLC? ??????

IDrive Monitor = "c:\program files\IDriveWindows\idwmonitor.exe" Min?

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]

"ImagePath"="C:/Program Files/xampp/mysql/bin/mysqld-nt.exe"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]

"ImagePath"="C:/Program Files/xampp/mysql/bin/mysqld-nt.exe"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAVRT]

"ImagePath"="-"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNDSrvc]

"ImagePath"="-"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

attach.txt

Link to post
Share on other sites

Hi - I must not have alerts set up because I didn't get an email letting me know there was a response. Sorry for the lag time! If you know, let me know how to set up alerts - I'll start checking this through the day now that we've made initial contact.

I thought I was clean BUT today I udpated MWB and ran a quick scan. This time it found Trojan.FakeMS/qkm.exe. I removed it and now I'm running a full scan. Any tips before it finishes? I'll be back on in a few hours.

Many thanks!

Link to post
Share on other sites

Ran it as admin (full scan) & user account (quick scan) and they both came back clean this time. The first time I had the virus, the admin scan didn't find it but the user scan did. Do you know if it runs differently depending on the account? Also, is the virus one that keeps coming back (as has been my experience so far)? I'm also going to run an Avira scan too. Any suggestions? Thanks for your help.

Link to post
Share on other sites

Yes, MB came back clean and Avira scan found something. So critters are still lurking. Both posted here. Got another tool that you think will find all of it?

MWB admin account:

Malwarebytes Anti-Malware (PRO) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.17.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.11

PowerAmy :: MRSGNOME [administrator]

Protection: Enabled

1/17/2012 9:31:08 PM

mbam-log-2012-01-17 (21-31-08).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 424769

Time elapsed: 3 hour(s), 51 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

============================================================

Avira user account:

Avira AntiVir Personal

Report file date: Wednesday, January 18, 2012 08:12

Scanning for 3157445 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : MRSGNOME

Version information:

BUILD.DAT : 10.2.0.704 35934 Bytes 9/28/2011 13:34:00

AVSCAN.EXE : 10.3.0.7 484008 Bytes 6/30/2011 15:27:59

AVSCAN.DLL : 10.0.5.0 47464 Bytes 6/30/2011 15:27:59

LUKE.DLL : 10.3.0.5 45416 Bytes 6/30/2011 15:28:22

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49

AVSCPLR.DLL : 10.3.0.7 119656 Bytes 6/30/2011 15:28:31

AVREG.DLL : 10.3.0.9 88833 Bytes 7/15/2011 04:30:58

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36

VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 23:02:42

VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 18:08:12

VBASE003.VDF : 7.11.19.171 2048 Bytes 12/20/2011 18:08:12

VBASE004.VDF : 7.11.19.172 2048 Bytes 12/20/2011 18:08:12

VBASE005.VDF : 7.11.19.173 2048 Bytes 12/20/2011 18:08:12

VBASE006.VDF : 7.11.19.174 2048 Bytes 12/20/2011 18:08:12

VBASE007.VDF : 7.11.19.175 2048 Bytes 12/20/2011 18:08:12

VBASE008.VDF : 7.11.19.176 2048 Bytes 12/20/2011 18:08:12

VBASE009.VDF : 7.11.19.177 2048 Bytes 12/20/2011 18:08:12

VBASE010.VDF : 7.11.19.178 2048 Bytes 12/20/2011 18:08:12

VBASE011.VDF : 7.11.19.179 2048 Bytes 12/20/2011 18:08:12

VBASE012.VDF : 7.11.19.180 2048 Bytes 12/20/2011 18:08:12

VBASE013.VDF : 7.11.19.217 182784 Bytes 12/22/2011 18:08:12

VBASE014.VDF : 7.11.19.255 148480 Bytes 12/24/2011 19:58:24

VBASE015.VDF : 7.11.20.29 164352 Bytes 12/27/2011 21:38:43

VBASE016.VDF : 7.11.20.70 180224 Bytes 12/29/2011 21:38:30

VBASE017.VDF : 7.11.20.102 240640 Bytes 1/2/2012 21:49:55

VBASE018.VDF : 7.11.20.139 164864 Bytes 1/4/2012 23:14:14

VBASE019.VDF : 7.11.20.178 167424 Bytes 1/6/2012 23:14:17

VBASE020.VDF : 7.11.20.207 230400 Bytes 1/10/2012 20:47:08

VBASE021.VDF : 7.11.20.236 150528 Bytes 1/11/2012 16:27:39

VBASE022.VDF : 7.11.21.13 135168 Bytes 1/13/2012 19:59:05

VBASE023.VDF : 7.11.21.40 163840 Bytes 1/16/2012 23:05:19

VBASE024.VDF : 7.11.21.65 1001472 Bytes 1/17/2012 05:25:28

VBASE025.VDF : 7.11.21.66 2048 Bytes 1/17/2012 05:25:28

VBASE026.VDF : 7.11.21.67 2048 Bytes 1/17/2012 05:25:28

VBASE027.VDF : 7.11.21.68 2048 Bytes 1/17/2012 05:25:28

VBASE028.VDF : 7.11.21.69 2048 Bytes 1/17/2012 05:25:29

VBASE029.VDF : 7.11.21.70 2048 Bytes 1/17/2012 05:25:29

VBASE030.VDF : 7.11.21.71 2048 Bytes 1/17/2012 05:25:29

VBASE031.VDF : 7.11.21.76 14848 Bytes 1/18/2012 05:25:29

Engineversion : 8.2.8.28

AEVDF.DLL : 8.1.2.2 106868 Bytes 10/25/2011 16:05:47

AESCRIPT.DLL : 8.1.3.97 426363 Bytes 1/13/2012 20:00:06

AESCN.DLL : 8.1.7.2 127349 Bytes 11/23/2010 01:30:15

AESBX.DLL : 8.2.4.5 434549 Bytes 12/2/2011 19:08:22

AERDL.DLL : 8.1.9.15 639348 Bytes 9/9/2011 16:45:56

AEPACK.DLL : 8.2.16.1 799094 Bytes 1/18/2012 05:25:34

AEOFFICE.DLL : 8.1.2.25 201084 Bytes 12/29/2011 21:39:24

AEHEUR.DLL : 8.1.3.18 4297079 Bytes 1/13/2012 19:59:59

AEHELP.DLL : 8.1.18.0 254327 Bytes 10/25/2011 16:05:17

AEGEN.DLL : 8.1.5.17 405877 Bytes 12/9/2011 04:23:06

AEEMU.DLL : 8.1.3.0 393589 Bytes 11/23/2010 01:29:51

AECORE.DLL : 8.1.24.3 201079 Bytes 12/28/2011 21:38:51

AEBB.DLL : 8.1.1.0 53618 Bytes 4/27/2010 23:41:19

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 19:03:38

AVPREF.DLL : 10.0.3.2 44904 Bytes 6/30/2011 15:27:59

AVREP.DLL : 10.0.0.10 174120 Bytes 5/17/2011 18:26:11

AVARKT.DLL : 10.0.26.1 255336 Bytes 6/30/2011 15:27:51

AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 6/30/2011 15:27:55

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 19:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 22:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 21:41:00

RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 6/30/2011 15:27:37

RCTEXT.DLL : 10.0.64.0 97640 Bytes 6/30/2011 15:27:38

Configuration settings for the scan:

Jobname.............................: avguard_async_scan

Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4f4e8d4a\guard_slideup.avp

Logging.............................: Default

Primary action......................: repair

Secondary action....................: quarantine

Scan master boot sector.............: on

Scan boot sector....................: off

Process scan........................: on

Scan registry.......................: off

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: Complete

Start of the scan: Wednesday, January 18, 2012 08:12

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'notepad.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned

Scan process 'symlcsvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'mysqld-nt.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'mbamservice.exe' - '1' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'IntuitUpdateService.exe' - '1' Module(s) have been scanned

Scan process 'avshadow.exe' - '1' Module(s) have been scanned

Scan process 'idwservice_501.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'idw_web.exe' - '1' Module(s) have been scanned

Scan process 'FolderSizeSvc.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'bgsvcgen.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'idwmonitor.exe' - '1' Module(s) have been scanned

Scan process 'idwbg_501.exe' - '1' Module(s) have been scanned

Scan process 'mbamgui.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'hpqSRMon.exe' - '1' Module(s) have been scanned

Scan process 'HPWuSchd2.exe' - '1' Module(s) have been scanned

Scan process 'EabServr.exe' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned

Scan process 'Explorer.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP466\A0048257.exe'

C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP466\A0048257.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '4dbd4ee6.qua'.

End of the scan: Wednesday, January 18, 2012 08:12

Used time: 00:03 Minute(s)

The scan has been done completely.

0 Scanned directories

50 Files were scanned

1 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

1 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

49 Files not concerned

0 Archives were scanned

0 Warnings

1 Notes

Cheers!

Link to post
Share on other sites

Didn't change font size so I'll post again. MWB is from admin account, Avira is from user account (ran Avira on admin account and it didn't find anything).

Malwarebytes Anti-Malware (PRO) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.17.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.11

PowerAmy :: MRSGNOME [administrator]

Protection: Enabled

1/17/2012 9:31:08 PM

mbam-log-2012-01-17 (21-31-08).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 424769

Time elapsed: 3 hour(s), 51 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

=============================================

AVScan:

Avira AntiVir Personal

Report file date: Wednesday, January 18, 2012 08:12

Scanning for 3157445 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : MRSGNOME

Version information:

BUILD.DAT : 10.2.0.704 35934 Bytes 9/28/2011 13:34:00

AVSCAN.EXE : 10.3.0.7 484008 Bytes 6/30/2011 15:27:59

AVSCAN.DLL : 10.0.5.0 47464 Bytes 6/30/2011 15:27:59

LUKE.DLL : 10.3.0.5 45416 Bytes 6/30/2011 15:28:22

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49

AVSCPLR.DLL : 10.3.0.7 119656 Bytes 6/30/2011 15:28:31

AVREG.DLL : 10.3.0.9 88833 Bytes 7/15/2011 04:30:58

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36

VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 23:02:42

VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 18:08:12

VBASE003.VDF : 7.11.19.171 2048 Bytes 12/20/2011 18:08:12

VBASE004.VDF : 7.11.19.172 2048 Bytes 12/20/2011 18:08:12

VBASE005.VDF : 7.11.19.173 2048 Bytes 12/20/2011 18:08:12

VBASE006.VDF : 7.11.19.174 2048 Bytes 12/20/2011 18:08:12

VBASE007.VDF : 7.11.19.175 2048 Bytes 12/20/2011 18:08:12

VBASE008.VDF : 7.11.19.176 2048 Bytes 12/20/2011 18:08:12

VBASE009.VDF : 7.11.19.177 2048 Bytes 12/20/2011 18:08:12

VBASE010.VDF : 7.11.19.178 2048 Bytes 12/20/2011 18:08:12

VBASE011.VDF : 7.11.19.179 2048 Bytes 12/20/2011 18:08:12

VBASE012.VDF : 7.11.19.180 2048 Bytes 12/20/2011 18:08:12

VBASE013.VDF : 7.11.19.217 182784 Bytes 12/22/2011 18:08:12

VBASE014.VDF : 7.11.19.255 148480 Bytes 12/24/2011 19:58:24

VBASE015.VDF : 7.11.20.29 164352 Bytes 12/27/2011 21:38:43

VBASE016.VDF : 7.11.20.70 180224 Bytes 12/29/2011 21:38:30

VBASE017.VDF : 7.11.20.102 240640 Bytes 1/2/2012 21:49:55

VBASE018.VDF : 7.11.20.139 164864 Bytes 1/4/2012 23:14:14

VBASE019.VDF : 7.11.20.178 167424 Bytes 1/6/2012 23:14:17

VBASE020.VDF : 7.11.20.207 230400 Bytes 1/10/2012 20:47:08

VBASE021.VDF : 7.11.20.236 150528 Bytes 1/11/2012 16:27:39

VBASE022.VDF : 7.11.21.13 135168 Bytes 1/13/2012 19:59:05

VBASE023.VDF : 7.11.21.40 163840 Bytes 1/16/2012 23:05:19

VBASE024.VDF : 7.11.21.65 1001472 Bytes 1/17/2012 05:25:28

VBASE025.VDF : 7.11.21.66 2048 Bytes 1/17/2012 05:25:28

VBASE026.VDF : 7.11.21.67 2048 Bytes 1/17/2012 05:25:28

VBASE027.VDF : 7.11.21.68 2048 Bytes 1/17/2012 05:25:28

VBASE028.VDF : 7.11.21.69 2048 Bytes 1/17/2012 05:25:29

VBASE029.VDF : 7.11.21.70 2048 Bytes 1/17/2012 05:25:29

VBASE030.VDF : 7.11.21.71 2048 Bytes 1/17/2012 05:25:29

VBASE031.VDF : 7.11.21.76 14848 Bytes 1/18/2012 05:25:29

Engineversion : 8.2.8.28

AEVDF.DLL : 8.1.2.2 106868 Bytes 10/25/2011 16:05:47

AESCRIPT.DLL : 8.1.3.97 426363 Bytes 1/13/2012 20:00:06

AESCN.DLL : 8.1.7.2 127349 Bytes 11/23/2010 01:30:15

AESBX.DLL : 8.2.4.5 434549 Bytes 12/2/2011 19:08:22

AERDL.DLL : 8.1.9.15 639348 Bytes 9/9/2011 16:45:56

AEPACK.DLL : 8.2.16.1 799094 Bytes 1/18/2012 05:25:34

AEOFFICE.DLL : 8.1.2.25 201084 Bytes 12/29/2011 21:39:24

AEHEUR.DLL : 8.1.3.18 4297079 Bytes 1/13/2012 19:59:59

AEHELP.DLL : 8.1.18.0 254327 Bytes 10/25/2011 16:05:17

AEGEN.DLL : 8.1.5.17 405877 Bytes 12/9/2011 04:23:06

AEEMU.DLL : 8.1.3.0 393589 Bytes 11/23/2010 01:29:51

AECORE.DLL : 8.1.24.3 201079 Bytes 12/28/2011 21:38:51

AEBB.DLL : 8.1.1.0 53618 Bytes 4/27/2010 23:41:19

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 19:03:38

AVPREF.DLL : 10.0.3.2 44904 Bytes 6/30/2011 15:27:59

AVREP.DLL : 10.0.0.10 174120 Bytes 5/17/2011 18:26:11

AVARKT.DLL : 10.0.26.1 255336 Bytes 6/30/2011 15:27:51

AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 6/30/2011 15:27:55

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 19:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 22:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 21:41:00

RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 6/30/2011 15:27:37

RCTEXT.DLL : 10.0.64.0 97640 Bytes 6/30/2011 15:27:38

Configuration settings for the scan:

Jobname.............................: avguard_async_scan

Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4f4e8d4a\guard_slideup.avp

Logging.............................: Default

Primary action......................: repair

Secondary action....................: quarantine

Scan master boot sector.............: on

Scan boot sector....................: off

Process scan........................: on

Scan registry.......................: off

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: Complete

Start of the scan: Wednesday, January 18, 2012 08:12

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'notepad.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned

Scan process 'symlcsvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'mysqld-nt.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'mbamservice.exe' - '1' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'IntuitUpdateService.exe' - '1' Module(s) have been scanned

Scan process 'avshadow.exe' - '1' Module(s) have been scanned

Scan process 'idwservice_501.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'idw_web.exe' - '1' Module(s) have been scanned

Scan process 'FolderSizeSvc.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'bgsvcgen.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'idwmonitor.exe' - '1' Module(s) have been scanned

Scan process 'idwbg_501.exe' - '1' Module(s) have been scanned

Scan process 'mbamgui.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'hpqSRMon.exe' - '1' Module(s) have been scanned

Scan process 'HPWuSchd2.exe' - '1' Module(s) have been scanned

Scan process 'EabServr.exe' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned

Scan process 'Explorer.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP466\A0048257.exe'

C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP466\A0048257.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '4dbd4ee6.qua'.

End of the scan: Wednesday, January 18, 2012 08:12

Used time: 00:03 Minute(s)

The scan has been done completely.

0 Scanned directories

50 Files were scanned

1 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

1 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

49 Files not concerned

0 Archives were scanned

0 Warnings

1 Notes

Link to post
Share on other sites

Download TDSSKiller from "]http://support.kaspersky.com/downloads/utils/tdsskiller.exe"]here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.


    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
      tdss_1.jpg
    • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
      tdss_2.jpg
    • Click the Start Scan button.
      tdss_3.jpg
    • If a suspicious object is detected, the default action will be Skip, click on Continue.
      tdss_4.jpg
    • If malicious objects are found, they will show in the Scan results and offer three (3) options.
    • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
      tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

When it gets to 10% initialization it gives a "can't intiate log" error. I click okay (only option). Then at 40% I get a "Can't load driver" error. I click okay. It looks like it installed okay, I click on start scan and it finishes immediately with "No threats found" because it processed 0 objects. Any ideas? My bet is it will install correctly as admin but probably won't find anything like the other tools.
Link to post
Share on other sites

It found 4 threats - however, after clicking contintue on the skip option, it didn't give me the reboot option.

16:01:37.0750 0732 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24

16:01:38.0140 0732 ============================================================

16:01:38.0140 0732 Current date / time: 2012/01/18 16:01:38.0140

16:01:38.0140 0732 SystemInfo:

16:01:38.0140 0732

16:01:38.0140 0732 OS Version: 5.1.2600 ServicePack: 3.0

16:01:38.0140 0732 Product type: Workstation

16:01:38.0140 0732 ComputerName: MRSGNOME

16:01:38.0140 0732 UserName: PowerAmy

16:01:38.0140 0732 Windows directory: C:\WINDOWS

16:01:38.0140 0732 System windows directory: C:\WINDOWS

16:01:38.0140 0732 Processor architecture: Intel x86

16:01:38.0140 0732 Number of processors: 1

16:01:38.0140 0732 Page size: 0x1000

16:01:38.0140 0732 Boot type: Normal boot

16:01:38.0140 0732 ============================================================

16:01:42.0906 0732 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

16:01:42.0921 0732 Initialize success

16:02:09.0000 0616 ============================================================

16:02:09.0000 0616 Scan started

16:02:09.0000 0616 Mode: Manual; SigCheck; TDLFS;

16:02:09.0000 0616 ============================================================

16:02:09.0562 0616 Abiosdsk - ok

16:02:09.0593 0616 abp480n5 - ok

16:02:09.0656 0616 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

16:02:12.0625 0616 ACPI - ok

16:02:12.0828 0616 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

16:02:13.0046 0616 ACPIEC - ok

16:02:13.0109 0616 adpu160m - ok

16:02:13.0171 0616 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

16:02:13.0531 0616 aec - ok

16:02:13.0703 0616 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

16:02:13.0781 0616 AFD - ok

16:02:13.0859 0616 Aha154x - ok

16:02:13.0875 0616 aic78u2 - ok

16:02:13.0906 0616 aic78xx - ok

16:02:13.0968 0616 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

16:02:14.0281 0616 AliIde - ok

16:02:14.0312 0616 amsint - ok

16:02:14.0375 0616 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

16:02:14.0578 0616 Arp1394 - ok

16:02:14.0593 0616 asc - ok

16:02:14.0609 0616 asc3350p - ok

16:02:14.0640 0616 asc3550 - ok

16:02:14.0703 0616 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

16:02:14.0906 0616 AsyncMac - ok

16:02:14.0937 0616 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

16:02:15.0125 0616 atapi - ok

16:02:15.0156 0616 Atdisk - ok

16:02:15.0187 0616 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

16:02:15.0390 0616 Atmarpc - ok

16:02:15.0453 0616 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

16:02:15.0671 0616 audstub - ok

16:02:15.0781 0616 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

16:02:15.0875 0616 avgio - ok

16:02:16.0031 0616 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

16:02:16.0078 0616 avgntflt - ok

16:02:16.0140 0616 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

16:02:16.0234 0616 avipbb - ok

16:02:16.0281 0616 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

16:02:16.0687 0616 Beep - ok

16:02:16.0890 0616 BTKRNL (b637f1d425e13c206ef3c2028dd72e6a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

16:02:17.0093 0616 BTKRNL ( UnsignedFile.Multi.Generic ) - warning

16:02:17.0093 0616 BTKRNL - detected UnsignedFile.Multi.Generic (1)

16:02:17.0156 0616 BTWUSB (a93097a2962b14809939ff3259684327) C:\WINDOWS\system32\Drivers\btwusb.sys

16:02:17.0234 0616 BTWUSB ( UnsignedFile.Multi.Generic ) - warning

16:02:17.0234 0616 BTWUSB - detected UnsignedFile.Multi.Generic (1)

16:02:17.0281 0616 CAMCAUD (23913c28ac89875bbfa03bccdc3a41e5) C:\WINDOWS\system32\drivers\camc6aud.sys

16:02:17.0390 0616 CAMCAUD - ok

16:02:17.0531 0616 CAMCHALA (e6edb12a44dafcef05dbddf3ed652388) C:\WINDOWS\system32\drivers\camc6hal.sys

16:02:17.0640 0616 CAMCHALA - ok

16:02:17.0765 0616 catchme - ok

16:02:17.0921 0616 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

16:02:18.0203 0616 cbidf2k - ok

16:02:18.0234 0616 cd20xrnt - ok

16:02:18.0265 0616 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

16:02:18.0468 0616 Cdaudio - ok

16:02:18.0515 0616 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

16:02:18.0718 0616 Cdfs - ok

16:02:18.0765 0616 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

16:02:19.0015 0616 Cdrom - ok

16:02:19.0031 0616 Changer - ok

16:02:19.0078 0616 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

16:02:19.0359 0616 CmBatt - ok

16:02:19.0375 0616 CmdIde - ok

16:02:19.0406 0616 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

16:02:19.0671 0616 Compbatt - ok

16:02:19.0718 0616 Cpqarray - ok

16:02:19.0734 0616 dac2w2k - ok

16:02:19.0765 0616 dac960nt - ok

16:02:19.0812 0616 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

16:02:20.0000 0616 Disk - ok

16:02:20.0078 0616 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

16:02:20.0343 0616 dmboot - ok

16:02:20.0375 0616 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

16:02:20.0625 0616 dmio - ok

16:02:20.0671 0616 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

16:02:20.0906 0616 dmload - ok

16:02:20.0953 0616 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

16:02:21.0203 0616 DMusic - ok

16:02:21.0234 0616 dpti2o - ok

16:02:21.0265 0616 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

16:02:21.0531 0616 drmkaud - ok

16:02:21.0578 0616 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys

16:02:21.0656 0616 eabfiltr - ok

16:02:21.0703 0616 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys

16:02:21.0765 0616 eabusb - ok

16:02:21.0890 0616 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

16:02:22.0046 0616 eeCtrl - ok

16:02:22.0078 0616 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

16:02:22.0125 0616 EraserUtilRebootDrv - ok

16:02:22.0421 0616 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

16:02:22.0671 0616 Fastfat - ok

16:02:22.0718 0616 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

16:02:22.0921 0616 Fdc - ok

16:02:22.0953 0616 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

16:02:23.0140 0616 Fips - ok

16:02:23.0171 0616 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

16:02:23.0390 0616 Flpydisk - ok

16:02:23.0453 0616 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

16:02:23.0656 0616 FltMgr - ok

16:02:23.0718 0616 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

16:02:23.0937 0616 Fs_Rec - ok

16:02:23.0984 0616 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

16:02:24.0234 0616 Ftdisk - ok

16:02:24.0281 0616 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

16:02:24.0328 0616 GEARAspiWDM - ok

16:02:24.0390 0616 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

16:02:24.0625 0616 Gpc - ok

16:02:24.0671 0616 Herofsl - ok

16:02:24.0703 0616 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

16:02:24.0953 0616 HidUsb - ok

16:02:24.0984 0616 hpn - ok

16:02:25.0046 0616 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

16:02:25.0281 0616 HPZid412 - ok

16:02:25.0421 0616 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

16:02:25.0500 0616 HPZipr12 - ok

16:02:25.0578 0616 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

16:02:25.0703 0616 HPZius12 - ok

16:02:25.0796 0616 HSFHWICH (a4877a17e87d6e6ab959b36b9ef3de8a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

16:02:25.0906 0616 HSFHWICH - ok

16:02:26.0078 0616 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

16:02:26.0296 0616 HSF_DP - ok

16:02:26.0468 0616 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

16:02:26.0531 0616 HTTP - ok

16:02:26.0625 0616 i2omgmt - ok

16:02:26.0656 0616 i2omp - ok

16:02:26.0703 0616 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

16:02:27.0062 0616 i8042prt - ok

16:02:27.0234 0616 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

16:02:27.0390 0616 ialm - ok

16:02:27.0609 0616 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

16:02:27.0937 0616 Imapi - ok

16:02:27.0968 0616 ini910u - ok

16:02:28.0000 0616 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

16:02:28.0218 0616 IntelIde - ok

16:02:28.0265 0616 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

16:02:28.0437 0616 intelppm - ok

16:02:28.0500 0616 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

16:02:28.0718 0616 Ip6Fw - ok

16:02:28.0765 0616 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

16:02:29.0000 0616 IpFilterDriver - ok

16:02:29.0078 0616 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

16:02:29.0328 0616 IpInIp - ok

16:02:29.0390 0616 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

16:02:29.0656 0616 IpNat - ok

16:02:29.0703 0616 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

16:02:29.0984 0616 IPSec - ok

16:02:30.0046 0616 IPSECEXT (b68ccab2a72f3ac0191cbf9c3377e053) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys

16:02:30.0109 0616 IPSECEXT ( UnsignedFile.Multi.Generic ) - warning

16:02:30.0109 0616 IPSECEXT - detected UnsignedFile.Multi.Generic (1)

16:02:30.0156 0616 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

16:02:30.0437 0616 IRENUM - ok

16:02:30.0609 0616 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

16:02:30.0890 0616 isapnp - ok

16:02:30.0937 0616 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

16:02:31.0296 0616 Kbdclass - ok

16:02:31.0343 0616 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

16:02:31.0515 0616 kbdhid - ok

16:02:31.0578 0616 KeyScrambler (2fcdff8a230ae5e992239594cf0286a0) C:\WINDOWS\system32\drivers\keyscrambler.sys

16:02:31.0640 0616 KeyScrambler - ok

16:02:32.0281 0616 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

16:02:32.0500 0616 kmixer - ok

16:02:32.0593 0616 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

16:02:32.0656 0616 KSecDD - ok

16:02:32.0734 0616 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys

16:02:32.0828 0616 Lbd - ok

16:02:32.0890 0616 lbrtfdc - ok

16:02:33.0000 0616 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

16:02:33.0046 0616 MBAMProtector - ok

16:02:33.0234 0616 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

16:02:33.0281 0616 mdmxsdk - ok

16:02:33.0328 0616 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

16:02:33.0640 0616 mnmdd - ok

16:02:33.0687 0616 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

16:02:33.0890 0616 Modem - ok

16:02:33.0921 0616 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

16:02:34.0093 0616 Mouclass - ok

16:02:34.0156 0616 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

16:02:34.0359 0616 mouhid - ok

16:02:34.0406 0616 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

16:02:34.0625 0616 MountMgr - ok

16:02:34.0640 0616 mraid35x - ok

16:02:34.0656 0616 mrtRate - ok

16:02:34.0703 0616 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

16:02:34.0921 0616 MRxDAV - ok

16:02:34.0984 0616 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

16:02:35.0093 0616 MRxSmb - ok

16:02:35.0265 0616 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

16:02:35.0515 0616 Msfs - ok

16:02:35.0578 0616 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

16:02:35.0859 0616 MSKSSRV - ok

16:02:35.0921 0616 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

16:02:36.0125 0616 MSPCLOCK - ok

16:02:36.0171 0616 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

16:02:36.0390 0616 MSPQM - ok

16:02:36.0421 0616 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

16:02:36.0781 0616 mssmbios - ok

16:02:36.0859 0616 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

16:02:36.0921 0616 Mup - ok

16:02:36.0984 0616 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

16:02:37.0265 0616 NDIS - ok

16:02:37.0328 0616 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

16:02:37.0406 0616 NdisTapi - ok

16:02:37.0453 0616 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

16:02:37.0812 0616 Ndisuio - ok

16:02:37.0953 0616 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

16:02:38.0140 0616 NdisWan - ok

16:02:38.0203 0616 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

16:02:38.0250 0616 NDProxy - ok

16:02:38.0296 0616 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

16:02:38.0578 0616 NetBIOS - ok

16:02:38.0625 0616 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

16:02:38.0921 0616 NetBT - ok

16:02:38.0984 0616 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

16:02:39.0234 0616 NIC1394 - ok

16:02:39.0296 0616 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

16:02:39.0515 0616 Npfs - ok

16:02:39.0562 0616 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

16:02:39.0812 0616 Ntfs - ok

16:02:39.0968 0616 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

16:02:40.0218 0616 Null - ok

16:02:40.0265 0616 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

16:02:40.0500 0616 NwlnkFlt - ok

16:02:40.0562 0616 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

16:02:40.0828 0616 NwlnkFwd - ok

16:02:40.0875 0616 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

16:02:41.0062 0616 ohci1394 - ok

16:02:41.0109 0616 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

16:02:41.0328 0616 Parport - ok

16:02:41.0359 0616 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

16:02:41.0578 0616 PartMgr - ok

16:02:41.0625 0616 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

16:02:41.0843 0616 ParVdm - ok

16:02:42.0203 0616 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

16:02:42.0421 0616 PCI - ok

16:02:42.0468 0616 PCIDump - ok

16:02:42.0546 0616 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

16:02:42.0828 0616 PCIIde - ok

16:02:42.0875 0616 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

16:02:43.0203 0616 Pcmcia - ok

16:02:43.0250 0616 PDCOMP - ok

16:02:43.0296 0616 PDFRAME - ok

16:02:43.0343 0616 PDRELI - ok

16:02:43.0375 0616 PDRFRAME - ok

16:02:43.0421 0616 perc2 - ok

16:02:43.0468 0616 perc2hib - ok

16:02:43.0562 0616 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

16:02:43.0828 0616 PptpMiniport - ok

16:02:43.0921 0616 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

16:02:44.0203 0616 PSched - ok

16:02:44.0265 0616 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

16:02:44.0562 0616 Ptilink - ok

16:02:44.0625 0616 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

16:02:44.0687 0616 PxHelp20 - ok

16:02:44.0703 0616 ql1080 - ok

16:02:44.0734 0616 Ql10wnt - ok

16:02:44.0750 0616 ql12160 - ok

16:02:44.0796 0616 ql1240 - ok

16:02:44.0812 0616 ql1280 - ok

16:02:44.0875 0616 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

16:02:45.0140 0616 RasAcd - ok

16:02:45.0203 0616 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

16:02:45.0406 0616 Rasirda - ok

16:02:45.0453 0616 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

16:02:45.0640 0616 Rasl2tp - ok

16:02:45.0671 0616 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

16:02:45.0859 0616 RasPppoe - ok

16:02:45.0906 0616 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

16:02:46.0093 0616 Raspti - ok

16:02:46.0156 0616 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

16:02:46.0343 0616 Rdbss - ok

16:02:46.0390 0616 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

16:02:46.0593 0616 RDPCDD - ok

16:02:46.0656 0616 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

16:02:46.0890 0616 rdpdr - ok

16:02:46.0968 0616 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

16:02:47.0031 0616 RDPWD - ok

16:02:47.0078 0616 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

16:02:47.0328 0616 redbook - ok

16:02:47.0421 0616 RTL8023xp (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

16:02:47.0500 0616 RTL8023xp - ok

16:02:47.0578 0616 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

16:02:47.0765 0616 sdbus - ok

16:02:47.0828 0616 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

16:02:48.0031 0616 Secdrv - ok

16:02:48.0093 0616 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

16:02:48.0343 0616 serenum - ok

16:02:48.0390 0616 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

16:02:48.0593 0616 Serial - ok

16:02:48.0625 0616 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

16:02:48.0859 0616 Sfloppy - ok

16:02:48.0890 0616 Simbad - ok

16:02:48.0937 0616 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys

16:02:49.0093 0616 SMCIRDA - ok

16:02:49.0125 0616 Sparrow - ok

16:02:49.0171 0616 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

16:02:49.0390 0616 splitter - ok

16:02:49.0421 0616 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

16:02:49.0656 0616 sr - ok

16:02:49.0750 0616 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

16:02:49.0843 0616 Srv - ok

16:02:49.0921 0616 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

16:02:49.0953 0616 ssmdrv - ok

16:02:50.0015 0616 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

16:02:50.0250 0616 StillCam - ok

16:02:50.0281 0616 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

16:02:50.0562 0616 swenum - ok

16:02:50.0609 0616 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

16:02:50.0890 0616 swmidi - ok

16:02:50.0921 0616 symc810 - ok

16:02:50.0953 0616 symc8xx - ok

16:02:51.0000 0616 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

16:02:51.0062 0616 symlcbrd - ok

16:02:51.0078 0616 sym_hi - ok

16:02:51.0109 0616 sym_u3 - ok

16:02:51.0187 0616 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys

16:02:51.0296 0616 SynTP - ok

16:02:51.0343 0616 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

16:02:51.0625 0616 sysaudio - ok

16:02:51.0718 0616 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

16:02:51.0953 0616 Tcpip - ok

16:02:52.0093 0616 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

16:02:52.0468 0616 TDPIPE - ok

16:02:52.0515 0616 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

16:02:52.0718 0616 TDTCP - ok

16:02:52.0750 0616 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

16:02:52.0953 0616 TermDD - ok

16:02:53.0015 0616 tifm21 (8778a553003a3d37a550a1f9cff6be28) C:\WINDOWS\system32\drivers\tifm21.sys

16:02:53.0109 0616 tifm21 - ok

16:02:53.0140 0616 TosIde - ok

16:02:53.0187 0616 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

16:02:53.0421 0616 Udfs - ok

16:02:53.0437 0616 ultra - ok

16:02:53.0515 0616 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

16:02:53.0843 0616 Update - ok

16:02:53.0906 0616 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

16:02:54.0203 0616 usbccgp - ok

16:02:54.0250 0616 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

16:02:54.0531 0616 usbehci - ok

16:02:54.0593 0616 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

16:02:54.0890 0616 usbhub - ok

16:02:54.0921 0616 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

16:02:55.0203 0616 usbprint - ok

16:02:55.0234 0616 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

16:02:55.0515 0616 usbscan - ok

16:02:55.0562 0616 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

16:02:55.0796 0616 USBSTOR - ok

16:02:55.0843 0616 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

16:02:56.0125 0616 usbuhci - ok

16:02:56.0156 0616 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

16:02:56.0437 0616 VgaSave - ok

16:02:56.0468 0616 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

16:02:56.0734 0616 ViaIde - ok

16:02:56.0781 0616 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

16:02:57.0046 0616 VolSnap - ok

16:02:57.0203 0616 w29n51 (a22abd73e0d6ba666cba4e86eeb001b3) C:\WINDOWS\system32\DRIVERS\w29n51.sys

16:02:57.0625 0616 w29n51 - ok

16:02:57.0781 0616 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

16:02:58.0125 0616 Wanarp - ok

16:02:58.0171 0616 WDICA - ok

16:02:58.0234 0616 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

16:02:58.0421 0616 wdmaud - ok

16:02:58.0484 0616 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

16:02:58.0625 0616 winachsf - ok

16:02:58.0812 0616 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

16:02:59.0046 0616 WmiAcpi - ok

16:02:59.0125 0616 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

16:02:59.0421 0616 WS2IFSL - ok

16:02:59.0484 0616 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

16:02:59.0593 0616 WudfPf - ok

16:02:59.0625 0616 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

16:02:59.0703 0616 WudfRd - ok

16:02:59.0750 0616 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0

16:02:59.0953 0616 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

16:02:59.0953 0616 \Device\Harddisk0\DR0 - detected TDSS File System (1)

16:02:59.0953 0616 Boot (0x1200) (9f5a158481cb7b52bb2d40ece3eeb204) \Device\Harddisk0\DR0\Partition0

16:02:59.0953 0616 \Device\Harddisk0\DR0\Partition0 - ok

16:02:59.0953 0616 ============================================================

16:02:59.0953 0616 Scan finished

16:02:59.0953 0616 ============================================================

16:03:00.0078 0420 Detected object count: 4

16:03:00.0078 0420 Actual detected object count: 4

16:03:45.0031 0420 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user

16:03:45.0031 0420 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:03:45.0031 0420 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user

16:03:45.0031 0420 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:03:45.0031 0420 IPSECEXT ( UnsignedFile.Multi.Generic ) - skipped by user

16:03:45.0031 0420 IPSECEXT ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:03:45.0031 0420 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

16:03:45.0031 0420 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

16:04:20.0718 3800 ============================================================

16:04:20.0734 3800 Scan started

16:04:20.0734 3800 Mode: Manual; SigCheck; TDLFS;

16:04:20.0734 3800 ============================================================

16:04:21.0343 3800 Abiosdsk - ok

16:04:21.0390 3800 abp480n5 - ok

16:04:21.0437 3800 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

16:04:21.0781 3800 ACPI - ok

16:04:21.0937 3800 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

16:04:22.0156 3800 ACPIEC - ok

16:04:22.0187 3800 adpu160m - ok

16:04:22.0250 3800 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

16:04:22.0500 3800 aec - ok

16:04:22.0578 3800 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

16:04:22.0609 3800 AFD - ok

16:04:22.0640 3800 Aha154x - ok

16:04:22.0656 3800 aic78u2 - ok

16:04:22.0687 3800 aic78xx - ok

16:04:22.0750 3800 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

16:04:23.0000 3800 AliIde - ok

16:04:23.0015 3800 amsint - ok

16:04:23.0078 3800 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

16:04:23.0328 3800 Arp1394 - ok

16:04:23.0359 3800 asc - ok

16:04:23.0375 3800 asc3350p - ok

16:04:23.0406 3800 asc3550 - ok

16:04:23.0468 3800 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

16:04:23.0703 3800 AsyncMac - ok

16:04:23.0734 3800 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

16:04:23.0937 3800 atapi - ok

16:04:24.0031 3800 Atdisk - ok

16:04:24.0093 3800 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

16:04:24.0234 3800 Atmarpc - ok

16:04:24.0281 3800 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

16:04:24.0437 3800 audstub - ok

16:04:24.0546 3800 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

16:04:24.0562 3800 avgio - ok

16:04:24.0687 3800 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

16:04:24.0703 3800 avgntflt - ok

16:04:24.0750 3800 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

16:04:24.0765 3800 avipbb - ok

16:04:24.0828 3800 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

16:04:25.0000 3800 Beep - ok

16:04:25.0156 3800 BTKRNL (b637f1d425e13c206ef3c2028dd72e6a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

16:04:25.0265 3800 BTKRNL ( UnsignedFile.Multi.Generic ) - warning

16:04:25.0265 3800 BTKRNL - detected UnsignedFile.Multi.Generic (1)

16:04:25.0343 3800 BTWUSB (a93097a2962b14809939ff3259684327) C:\WINDOWS\system32\Drivers\btwusb.sys

16:04:25.0359 3800 BTWUSB ( UnsignedFile.Multi.Generic ) - warning

16:04:25.0359 3800 BTWUSB - detected UnsignedFile.Multi.Generic (1)

16:04:25.0421 3800 CAMCAUD (23913c28ac89875bbfa03bccdc3a41e5) C:\WINDOWS\system32\drivers\camc6aud.sys

16:04:25.0468 3800 CAMCAUD - ok

16:04:25.0625 3800 CAMCHALA (e6edb12a44dafcef05dbddf3ed652388) C:\WINDOWS\system32\drivers\camc6hal.sys

16:04:25.0687 3800 CAMCHALA - ok

16:04:25.0828 3800 catchme - ok

16:04:25.0968 3800 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

16:04:26.0281 3800 cbidf2k - ok

16:04:26.0312 3800 cd20xrnt - ok

16:04:26.0359 3800 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

16:04:26.0500 3800 Cdaudio - ok

16:04:26.0562 3800 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

16:04:26.0718 3800 Cdfs - ok

16:04:26.0750 3800 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

16:04:26.0906 3800 Cdrom - ok

16:04:26.0921 3800 Changer - ok

16:04:26.0968 3800 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

16:04:27.0140 3800 CmBatt - ok

16:04:27.0156 3800 CmdIde - ok

16:04:27.0203 3800 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

16:04:27.0359 3800 Compbatt - ok

16:04:27.0390 3800 Cpqarray - ok

16:04:27.0421 3800 dac2w2k - ok

16:04:27.0453 3800 dac960nt - ok

16:04:27.0484 3800 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

16:04:27.0640 3800 Disk - ok

16:04:27.0718 3800 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

16:04:27.0953 3800 dmboot - ok

16:04:27.0984 3800 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

16:04:28.0171 3800 dmio - ok

16:04:28.0218 3800 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

16:04:28.0406 3800 dmload - ok

16:04:28.0468 3800 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

16:04:28.0671 3800 DMusic - ok

16:04:28.0687 3800 dpti2o - ok

16:04:28.0718 3800 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

16:04:28.0921 3800 drmkaud - ok

16:04:28.0968 3800 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys

16:04:28.0984 3800 eabfiltr - ok

16:04:29.0031 3800 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys

16:04:29.0046 3800 eabusb - ok

16:04:29.0171 3800 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

16:04:29.0187 3800 eeCtrl - ok

16:04:29.0234 3800 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

16:04:29.0250 3800 EraserUtilRebootDrv - ok

16:04:29.0406 3800 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

16:04:29.0562 3800 Fastfat - ok

16:04:29.0625 3800 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

16:04:29.0875 3800 Fdc - ok

16:04:29.0937 3800 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

16:04:30.0093 3800 Fips - ok

16:04:30.0125 3800 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

16:04:30.0281 3800 Flpydisk - ok

16:04:30.0328 3800 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

16:04:30.0468 3800 FltMgr - ok

16:04:30.0531 3800 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

16:04:30.0687 3800 Fs_Rec - ok

16:04:30.0718 3800 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

16:04:30.0890 3800 Ftdisk - ok

16:04:30.0937 3800 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

16:04:30.0953 3800 GEARAspiWDM - ok

16:04:30.0984 3800 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

16:04:31.0125 3800 Gpc - ok

16:04:31.0156 3800 Herofsl - ok

16:04:31.0203 3800 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

16:04:31.0343 3800 HidUsb - ok

16:04:31.0375 3800 hpn - ok

16:04:31.0421 3800 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

16:04:31.0468 3800 HPZid412 - ok

16:04:31.0515 3800 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

16:04:31.0546 3800 HPZipr12 - ok

16:04:31.0578 3800 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

16:04:31.0609 3800 HPZius12 - ok

16:04:31.0671 3800 HSFHWICH (a4877a17e87d6e6ab959b36b9ef3de8a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

16:04:31.0687 3800 HSFHWICH - ok

16:04:31.0750 3800 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

16:04:31.0796 3800 HSF_DP - ok

16:04:31.0906 3800 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

16:04:31.0921 3800 HTTP - ok

16:04:31.0953 3800 i2omgmt - ok

16:04:31.0968 3800 i2omp - ok

16:04:32.0015 3800 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

16:04:32.0250 3800 i8042prt - ok

16:04:32.0328 3800 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

16:04:32.0421 3800 ialm - ok

16:04:32.0484 3800 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

16:04:32.0718 3800 Imapi - ok

16:04:32.0750 3800 ini910u - ok

16:04:32.0796 3800 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

16:04:33.0031 3800 IntelIde - ok

16:04:33.0078 3800 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

16:04:33.0218 3800 intelppm - ok

16:04:33.0265 3800 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

16:04:33.0406 3800 Ip6Fw - ok

16:04:33.0468 3800 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

16:04:33.0609 3800 IpFilterDriver - ok

16:04:33.0671 3800 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

16:04:33.0812 3800 IpInIp - ok

16:04:33.0875 3800 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

16:04:34.0015 3800 IpNat - ok

16:04:34.0046 3800 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

16:04:34.0203 3800 IPSec - ok

16:04:34.0234 3800 IPSECEXT (b68ccab2a72f3ac0191cbf9c3377e053) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys

16:04:34.0250 3800 IPSECEXT ( UnsignedFile.Multi.Generic ) - warning

16:04:34.0250 3800 IPSECEXT - detected UnsignedFile.Multi.Generic (1)

16:04:34.0296 3800 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

16:04:34.0453 3800 IRENUM - ok

16:04:34.0500 3800 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

16:04:34.0656 3800 isapnp - ok

16:04:34.0703 3800 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

16:04:34.0859 3800 Kbdclass - ok

16:04:34.0890 3800 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

16:04:35.0031 3800 kbdhid - ok

16:04:35.0093 3800 KeyScrambler (2fcdff8a230ae5e992239594cf0286a0) C:\WINDOWS\system32\drivers\keyscrambler.sys

16:04:35.0109 3800 KeyScrambler - ok

16:04:35.0187 3800 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

16:04:35.0328 3800 kmixer - ok

16:04:35.0406 3800 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

16:04:35.0437 3800 KSecDD - ok

16:04:35.0515 3800 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys

16:04:35.0531 3800 Lbd - ok

16:04:35.0546 3800 lbrtfdc - ok

16:04:35.0625 3800 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

16:04:35.0625 3800 MBAMProtector - ok

16:04:35.0687 3800 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

16:04:35.0703 3800 mdmxsdk - ok

16:04:35.0765 3800 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

16:04:35.0968 3800 mnmdd - ok

16:04:36.0015 3800 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

16:04:36.0203 3800 Modem - ok

16:04:36.0265 3800 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

16:04:36.0453 3800 Mouclass - ok

16:04:36.0500 3800 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

16:04:36.0703 3800 mouhid - ok

16:04:36.0765 3800 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

16:04:36.0953 3800 MountMgr - ok

16:04:36.0968 3800 mraid35x - ok

16:04:37.0000 3800 mrtRate - ok

16:04:37.0046 3800 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

16:04:37.0234 3800 MRxDAV - ok

16:04:37.0296 3800 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

16:04:37.0375 3800 MRxSmb - ok

16:04:37.0437 3800 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

16:04:37.0625 3800 Msfs - ok

16:04:37.0671 3800 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

16:04:37.0859 3800 MSKSSRV - ok

16:04:37.0890 3800 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

16:04:38.0078 3800 MSPCLOCK - ok

16:04:38.0109 3800 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

16:04:38.0296 3800 MSPQM - ok

16:04:38.0343 3800 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

16:04:38.0531 3800 mssmbios - ok

16:04:38.0609 3800 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

16:04:38.0640 3800 Mup - ok

16:04:38.0718 3800 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

16:04:38.0906 3800 NDIS - ok

16:04:38.0968 3800 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

16:04:39.0000 3800 NdisTapi - ok

16:04:39.0062 3800 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

16:04:39.0250 3800 Ndisuio - ok

16:04:39.0281 3800 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

16:04:39.0500 3800 NdisWan - ok

16:04:39.0546 3800 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

16:04:39.0593 3800 NDProxy - ok

16:04:39.0640 3800 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

16:04:39.0843 3800 NetBIOS - ok

16:04:39.0890 3800 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

16:04:40.0078 3800 NetBT - ok

16:04:40.0140 3800 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

16:04:40.0281 3800 NIC1394 - ok

16:04:40.0312 3800 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

16:04:40.0468 3800 Npfs - ok

16:04:40.0515 3800 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

16:04:40.0718 3800 Ntfs - ok

16:04:40.0781 3800 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

16:04:40.0937 3800 Null - ok

16:04:40.0968 3800 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

16:04:41.0125 3800 NwlnkFlt - ok

16:04:41.0156 3800 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

16:04:41.0312 3800 NwlnkFwd - ok

16:04:41.0359 3800 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

16:04:41.0515 3800 ohci1394 - ok

16:04:41.0578 3800 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

16:04:41.0734 3800 Parport - ok

16:04:41.0765 3800 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

16:04:41.0906 3800 PartMgr - ok

16:04:41.0953 3800 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

16:04:42.0109 3800 ParVdm - ok

16:04:42.0140 3800 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

16:04:42.0296 3800 PCI - ok

16:04:42.0312 3800 PCIDump - ok

16:04:42.0375 3800 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

16:04:42.0531 3800 PCIIde - ok

16:04:42.0578 3800 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

16:04:42.0734 3800 Pcmcia - ok

16:04:42.0750 3800 PDCOMP - ok

16:04:42.0781 3800 PDFRAME - ok

16:04:42.0796 3800 PDRELI - ok

16:04:42.0828 3800 PDRFRAME - ok

16:04:42.0843 3800 perc2 - ok

16:04:42.0859 3800 perc2hib - ok

16:04:42.0937 3800 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

16:04:43.0078 3800 PptpMiniport - ok

16:04:43.0109 3800 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

16:04:43.0250 3800 PSched - ok

16:04:43.0265 3800 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

16:04:43.0453 3800 Ptilink - ok

16:04:43.0515 3800 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

16:04:43.0531 3800 PxHelp20 - ok

16:04:43.0546 3800 ql1080 - ok

16:04:43.0578 3800 Ql10wnt - ok

16:04:43.0593 3800 ql12160 - ok

16:04:43.0625 3800 ql1240 - ok

16:04:43.0640 3800 ql1280 - ok

16:04:43.0671 3800 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

16:04:43.0859 3800 RasAcd - ok

16:04:43.0890 3800 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

16:04:44.0015 3800 Rasirda - ok

16:04:44.0062 3800 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

16:04:44.0250 3800 Rasl2tp - ok

16:04:44.0296 3800 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

16:04:44.0562 3800 RasPppoe - ok

16:04:44.0625 3800 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

16:04:44.0828 3800 Raspti - ok

16:04:44.0875 3800 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

16:04:45.0078 3800 Rdbss - ok

16:04:45.0125 3800 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

16:04:45.0312 3800 RDPCDD - ok

16:04:45.0375 3800 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

16:04:45.0578 3800 rdpdr - ok

16:04:45.0640 3800 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

16:04:45.0671 3800 RDPWD - ok

16:04:45.0734 3800 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

16:04:45.0921 3800 redbook - ok

16:04:46.0000 3800 RTL8023xp (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

16:04:46.0031 3800 RTL8023xp - ok

16:04:46.0125 3800 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

16:04:46.0328 3800 sdbus - ok

16:04:46.0375 3800 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

16:04:46.0609 3800 Secdrv - ok

16:04:46.0671 3800 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

16:04:46.0875 3800 serenum - ok

16:04:46.0906 3800 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

16:04:47.0078 3800 Serial - ok

16:04:47.0125 3800 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

16:04:47.0281 3800 Sfloppy - ok

16:04:47.0296 3800 Simbad - ok

16:04:47.0359 3800 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys

16:04:47.0453 3800 SMCIRDA - ok

16:04:47.0484 3800 Sparrow - ok

16:04:47.0515 3800 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

16:04:47.0656 3800 splitter - ok

16:04:47.0703 3800 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

16:04:47.0859 3800 sr - ok

16:04:47.0921 3800 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

16:04:47.0984 3800 Srv - ok

16:04:48.0046 3800 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

16:04:48.0046 3800 ssmdrv - ok

16:04:48.0109 3800 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

16:04:48.0281 3800 StillCam - ok

16:04:48.0328 3800 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

16:04:48.0500 3800 swenum - ok

16:04:48.0578 3800 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

16:04:48.0765 3800 swmidi - ok

16:04:48.0812 3800 symc810 - ok

16:04:48.0828 3800 symc8xx - ok

16:04:48.0890 3800 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

16:04:48.0906 3800 symlcbrd - ok

16:04:48.0921 3800 sym_hi - ok

16:04:48.0953 3800 sym_u3 - ok

16:04:49.0000 3800 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys

16:04:49.0031 3800 SynTP - ok

16:04:49.0078 3800 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

16:04:49.0281 3800 sysaudio - ok

16:04:49.0453 3800 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

16:04:49.0578 3800 Tcpip - ok

16:04:49.0625 3800 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

16:04:49.0828 3800 TDPIPE - ok

16:04:49.0859 3800 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

16:04:50.0109 3800 TDTCP - ok

16:04:50.0140 3800 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

16:04:50.0375 3800 TermDD - ok

16:04:50.0453 3800 tifm21 (8778a553003a3d37a550a1f9cff6be28) C:\WINDOWS\system32\drivers\tifm21.sys

16:04:50.0468 3800 tifm21 - ok

16:04:50.0500 3800 TosIde - ok

16:04:50.0578 3800 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

16:04:50.0796 3800 Udfs - ok

16:04:50.0828 3800 ultra - ok

16:04:50.0906 3800 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

16:04:51.0156 3800 Update - ok

16:04:51.0218 3800 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

16:04:51.0453 3800 usbccgp - ok

16:04:51.0515 3800 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

16:04:51.0656 3800 usbehci - ok

16:04:51.0703 3800 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

16:04:51.0859 3800 usbhub - ok

16:04:51.0890 3800 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

16:04:52.0031 3800 usbprint - ok

16:04:52.0078 3800 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

16:04:52.0218 3800 usbscan - ok

16:04:52.0250 3800 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

16:04:52.0390 3800 USBSTOR - ok

16:04:52.0421 3800 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

16:04:52.0578 3800 usbuhci - ok

16:04:52.0609 3800 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

16:04:52.0765 3800 VgaSave - ok

16:04:52.0812 3800 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

16:04:52.0953 3800 ViaIde - ok

16:04:53.0000 3800 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

16:04:53.0140 3800 VolSnap - ok

16:04:53.0312 3800 w29n51 (a22abd73e0d6ba666cba4e86eeb001b3) C:\WINDOWS\system32\DRIVERS\w29n51.sys

16:04:53.0484 3800 w29n51 - ok

16:04:53.0546 3800 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

16:04:53.0750 3800 Wanarp - ok

16:04:53.0765 3800 WDICA - ok

16:04:53.0828 3800 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

16:04:54.0031 3800 wdmaud - ok

16:04:54.0125 3800 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

16:04:54.0187 3800 winachsf - ok

16:04:54.0281 3800 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

16:04:54.0500 3800 WmiAcpi - ok

16:04:54.0562 3800 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

16:04:54.0718 3800 WS2IFSL - ok

16:04:54.0765 3800 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

16:04:54.0812 3800 WudfPf - ok

16:04:54.0843 3800 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

16:04:54.0875 3800 WudfRd - ok

16:04:54.0906 3800 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0

16:04:55.0078 3800 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

16:04:55.0078 3800 \Device\Harddisk0\DR0 - detected TDSS File System (1)

16:04:55.0093 3800 Boot (0x1200) (9f5a158481cb7b52bb2d40ece3eeb204) \Device\Harddisk0\DR0\Partition0

16:04:55.0093 3800 \Device\Harddisk0\DR0\Partition0 - ok

16:04:55.0093 3800 ============================================================

16:04:55.0093 3800 Scan finished

16:04:55.0093 3800 ============================================================

16:04:55.0109 2588 Detected object count: 4

16:04:55.0109 2588 Actual detected object count: 4

16:05:58.0078 2588 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user

16:05:58.0078 2588 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:05:58.0078 2588 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user

16:05:58.0078 2588 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:05:58.0078 2588 IPSECEXT ( UnsignedFile.Multi.Generic ) - skipped by user

16:05:58.0078 2588 IPSECEXT ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:05:58.0078 2588 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

16:05:58.0078 2588 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Link to post
Share on other sites

I think those are the same two files. At the end of the scan it shows these 4 files:

BTKRNL

BTWUSB

IPSECEXT

\Device\Harddisk0\DR0

So by fix you mean delete the DR0 file, yes? Options are skip, copy to quarantine & delete. No cure.

Link to post
Share on other sites

That's not a good sign

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Log would help. Seems to append to the existing one so coped just the new stuff

16:21:55.0921 2724 ============================================================

16:21:55.0921 2724 Scan started

16:21:55.0921 2724 Mode: Manual; SigCheck; TDLFS;

16:21:55.0921 2724 ============================================================

16:21:56.0500 2724 Abiosdsk - ok

16:21:56.0515 2724 abp480n5 - ok

16:21:56.0578 2724 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

16:21:57.0000 2724 ACPI - ok

16:21:57.0171 2724 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

16:21:57.0484 2724 ACPIEC - ok

16:21:57.0531 2724 adpu160m - ok

16:21:57.0718 2724 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

16:21:57.0859 2724 aec - ok

16:21:57.0937 2724 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

16:21:57.0968 2724 AFD - ok

16:21:58.0000 2724 Aha154x - ok

16:21:58.0015 2724 aic78u2 - ok

16:21:58.0046 2724 aic78xx - ok

16:21:58.0093 2724 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

16:21:58.0250 2724 AliIde - ok

16:21:58.0265 2724 amsint - ok

16:21:58.0328 2724 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

16:21:58.0531 2724 Arp1394 - ok

16:21:58.0546 2724 asc - ok

16:21:58.0562 2724 asc3350p - ok

16:21:58.0593 2724 asc3550 - ok

16:21:58.0656 2724 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

16:21:58.0796 2724 AsyncMac - ok

16:21:58.0828 2724 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

16:21:58.0984 2724 atapi - ok

16:21:59.0000 2724 Atdisk - ok

16:21:59.0078 2724 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

16:21:59.0250 2724 Atmarpc - ok

16:21:59.0296 2724 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

16:21:59.0484 2724 audstub - ok

16:21:59.0593 2724 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

16:21:59.0609 2724 avgio - ok

16:21:59.0750 2724 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

16:21:59.0750 2724 avgntflt - ok

16:21:59.0812 2724 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

16:21:59.0828 2724 avipbb - ok

16:21:59.0875 2724 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

16:22:00.0062 2724 Beep - ok

16:22:00.0218 2724 BTKRNL (b637f1d425e13c206ef3c2028dd72e6a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

16:22:00.0296 2724 BTKRNL ( UnsignedFile.Multi.Generic ) - warning

16:22:00.0296 2724 BTKRNL - detected UnsignedFile.Multi.Generic (1)

16:22:00.0375 2724 BTWUSB (a93097a2962b14809939ff3259684327) C:\WINDOWS\system32\Drivers\btwusb.sys

16:22:00.0390 2724 BTWUSB ( UnsignedFile.Multi.Generic ) - warning

16:22:00.0390 2724 BTWUSB - detected UnsignedFile.Multi.Generic (1)

16:22:00.0437 2724 CAMCAUD (23913c28ac89875bbfa03bccdc3a41e5) C:\WINDOWS\system32\drivers\camc6aud.sys

16:22:00.0468 2724 CAMCAUD - ok

16:22:00.0625 2724 CAMCHALA (e6edb12a44dafcef05dbddf3ed652388) C:\WINDOWS\system32\drivers\camc6hal.sys

16:22:00.0703 2724 CAMCHALA - ok

16:22:00.0828 2724 catchme - ok

16:22:00.0968 2724 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

16:22:01.0281 2724 cbidf2k - ok

16:22:01.0328 2724 cd20xrnt - ok

16:22:01.0375 2724 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

16:22:01.0515 2724 Cdaudio - ok

16:22:01.0578 2724 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

16:22:01.0734 2724 Cdfs - ok

16:22:01.0750 2724 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

16:22:01.0906 2724 Cdrom - ok

16:22:01.0921 2724 Changer - ok

16:22:01.0953 2724 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

16:22:02.0109 2724 CmBatt - ok

16:22:02.0125 2724 CmdIde - ok

16:22:02.0171 2724 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

16:22:02.0312 2724 Compbatt - ok

16:22:02.0343 2724 Cpqarray - ok

16:22:02.0375 2724 dac2w2k - ok

16:22:02.0390 2724 dac960nt - ok

16:22:02.0437 2724 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

16:22:02.0593 2724 Disk - ok

16:22:02.0656 2724 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

16:22:02.0859 2724 dmboot - ok

16:22:02.0890 2724 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

16:22:03.0093 2724 dmio - ok

16:22:03.0140 2724 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

16:22:03.0343 2724 dmload - ok

16:22:03.0390 2724 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

16:22:03.0546 2724 DMusic - ok

16:22:03.0578 2724 dpti2o - ok

16:22:03.0609 2724 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

16:22:03.0765 2724 drmkaud - ok

16:22:03.0796 2724 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys

16:22:03.0828 2724 eabfiltr - ok

16:22:03.0859 2724 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys

16:22:03.0890 2724 eabusb - ok

16:22:04.0000 2724 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

16:22:04.0015 2724 eeCtrl - ok

16:22:04.0046 2724 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

16:22:04.0062 2724 EraserUtilRebootDrv - ok

16:22:04.0234 2724 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

16:22:04.0406 2724 Fastfat - ok

16:22:04.0453 2724 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

16:22:04.0687 2724 Fdc - ok

16:22:04.0734 2724 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

16:22:04.0968 2724 Fips - ok

16:22:05.0000 2724 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

16:22:05.0156 2724 Flpydisk - ok

16:22:05.0187 2724 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

16:22:05.0343 2724 FltMgr - ok

16:22:05.0390 2724 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

16:22:05.0546 2724 Fs_Rec - ok

16:22:05.0593 2724 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

16:22:05.0734 2724 Ftdisk - ok

16:22:05.0781 2724 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

16:22:05.0796 2724 GEARAspiWDM - ok

16:22:05.0843 2724 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

16:22:05.0984 2724 Gpc - ok

16:22:06.0015 2724 Herofsl - ok

16:22:06.0062 2724 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

16:22:06.0187 2724 HidUsb - ok

16:22:06.0218 2724 hpn - ok

16:22:06.0281 2724 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

16:22:06.0328 2724 HPZid412 - ok

16:22:06.0359 2724 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

16:22:06.0390 2724 HPZipr12 - ok

16:22:06.0421 2724 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

16:22:06.0468 2724 HPZius12 - ok

16:22:06.0515 2724 HSFHWICH (a4877a17e87d6e6ab959b36b9ef3de8a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

16:22:06.0531 2724 HSFHWICH - ok

16:22:06.0593 2724 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

16:22:06.0640 2724 HSF_DP - ok

16:22:06.0703 2724 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

16:22:06.0765 2724 HTTP - ok

16:22:06.0781 2724 i2omgmt - ok

16:22:06.0812 2724 i2omp - ok

16:22:06.0875 2724 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

16:22:07.0109 2724 i8042prt - ok

16:22:07.0187 2724 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

16:22:07.0281 2724 ialm - ok

16:22:07.0343 2724 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

16:22:07.0578 2724 Imapi - ok

16:22:07.0609 2724 ini910u - ok

16:22:07.0656 2724 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

16:22:07.0796 2724 IntelIde - ok

16:22:07.0859 2724 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

16:22:07.0984 2724 intelppm - ok

16:22:08.0031 2724 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

16:22:08.0171 2724 Ip6Fw - ok

16:22:08.0218 2724 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

16:22:08.0375 2724 IpFilterDriver - ok

16:22:08.0421 2724 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

16:22:08.0562 2724 IpInIp - ok

16:22:08.0609 2724 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

16:22:08.0750 2724 IpNat - ok

16:22:08.0781 2724 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

16:22:08.0921 2724 IPSec - ok

16:22:08.0984 2724 IPSECEXT (b68ccab2a72f3ac0191cbf9c3377e053) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys

16:22:09.0000 2724 IPSECEXT ( UnsignedFile.Multi.Generic ) - warning

16:22:09.0000 2724 IPSECEXT - detected UnsignedFile.Multi.Generic (1)

16:22:09.0031 2724 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

16:22:09.0203 2724 IRENUM - ok

16:22:09.0234 2724 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

16:22:09.0406 2724 isapnp - ok

16:22:09.0437 2724 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

16:22:09.0609 2724 Kbdclass - ok

16:22:09.0640 2724 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

16:22:09.0781 2724 kbdhid - ok

16:22:09.0828 2724 KeyScrambler (2fcdff8a230ae5e992239594cf0286a0) C:\WINDOWS\system32\drivers\keyscrambler.sys

16:22:09.0843 2724 KeyScrambler - ok

16:22:09.0875 2724 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

16:22:10.0031 2724 kmixer - ok

16:22:10.0093 2724 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

16:22:10.0125 2724 KSecDD - ok

16:22:10.0203 2724 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys

16:22:10.0218 2724 Lbd - ok

16:22:10.0234 2724 lbrtfdc - ok

16:22:10.0312 2724 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

16:22:10.0328 2724 MBAMProtector - ok

16:22:10.0375 2724 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

16:22:10.0390 2724 mdmxsdk - ok

16:22:10.0453 2724 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

16:22:10.0609 2724 mnmdd - ok

16:22:10.0687 2724 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

16:22:10.0875 2724 Modem - ok

16:22:10.0906 2724 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

16:22:11.0109 2724 Mouclass - ok

16:22:11.0156 2724 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

16:22:11.0312 2724 mouhid - ok

16:22:11.0359 2724 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

16:22:11.0515 2724 MountMgr - ok

16:22:11.0546 2724 mraid35x - ok

16:22:11.0562 2724 mrtRate - ok

16:22:11.0609 2724 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

16:22:11.0781 2724 MRxDAV - ok

16:22:11.0859 2724 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

16:22:11.0921 2724 MRxSmb - ok

16:22:11.0984 2724 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

16:22:12.0125 2724 Msfs - ok

16:22:12.0171 2724 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

16:22:12.0312 2724 MSKSSRV - ok

16:22:12.0328 2724 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

16:22:12.0531 2724 MSPCLOCK - ok

16:22:12.0578 2724 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

16:22:12.0781 2724 MSPQM - ok

16:22:12.0828 2724 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

16:22:13.0015 2724 mssmbios - ok

16:22:13.0078 2724 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

16:22:13.0109 2724 Mup - ok

16:22:13.0187 2724 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

16:22:13.0390 2724 NDIS - ok

16:22:13.0453 2724 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

16:22:13.0500 2724 NdisTapi - ok

16:22:13.0546 2724 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

16:22:13.0765 2724 Ndisuio - ok

16:22:13.0796 2724 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

16:22:13.0953 2724 NdisWan - ok

16:22:13.0984 2724 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

16:22:14.0015 2724 NDProxy - ok

16:22:14.0078 2724 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

16:22:14.0234 2724 NetBIOS - ok

16:22:14.0265 2724 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

16:22:14.0406 2724 NetBT - ok

16:22:14.0468 2724 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

16:22:14.0609 2724 NIC1394 - ok

16:22:14.0640 2724 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

16:22:14.0796 2724 Npfs - ok

16:22:14.0859 2724 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

16:22:15.0046 2724 Ntfs - ok

16:22:15.0093 2724 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

16:22:15.0250 2724 Null - ok

16:22:15.0281 2724 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

16:22:15.0437 2724 NwlnkFlt - ok

16:22:15.0468 2724 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

16:22:15.0640 2724 NwlnkFwd - ok

16:22:15.0703 2724 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

16:22:15.0875 2724 ohci1394 - ok

16:22:15.0906 2724 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

16:22:16.0078 2724 Parport - ok

16:22:16.0109 2724 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

16:22:16.0281 2724 PartMgr - ok

16:22:16.0328 2724 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

16:22:16.0500 2724 ParVdm - ok

16:22:16.0562 2724 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

16:22:16.0734 2724 PCI - ok

16:22:16.0750 2724 PCIDump - ok

16:22:16.0812 2724 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

16:22:16.0984 2724 PCIIde - ok

16:22:17.0046 2724 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

16:22:17.0203 2724 Pcmcia - ok

16:22:17.0234 2724 PDCOMP - ok

16:22:17.0250 2724 PDFRAME - ok

16:22:17.0281 2724 PDRELI - ok

16:22:17.0296 2724 PDRFRAME - ok

16:22:17.0328 2724 perc2 - ok

16:22:17.0343 2724 perc2hib - ok

16:22:17.0406 2724 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

16:22:17.0562 2724 PptpMiniport - ok

16:22:17.0593 2724 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

16:22:17.0734 2724 PSched - ok

16:22:17.0781 2724 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

16:22:17.0937 2724 Ptilink - ok

16:22:18.0000 2724 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

16:22:18.0015 2724 PxHelp20 - ok

16:22:18.0031 2724 ql1080 - ok

16:22:18.0046 2724 Ql10wnt - ok

16:22:18.0078 2724 ql12160 - ok

16:22:18.0093 2724 ql1240 - ok

16:22:18.0125 2724 ql1280 - ok

16:22:18.0140 2724 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

16:22:18.0296 2724 RasAcd - ok

16:22:18.0359 2724 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

16:22:18.0453 2724 Rasirda - ok

16:22:18.0515 2724 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

16:22:18.0671 2724 Rasl2tp - ok

16:22:18.0718 2724 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

16:22:18.0875 2724 RasPppoe - ok

16:22:18.0937 2724 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

16:22:19.0140 2724 Raspti - ok

16:22:19.0203 2724 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

16:22:19.0390 2724 Rdbss - ok

16:22:19.0453 2724 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

16:22:19.0640 2724 RDPCDD - ok

16:22:19.0687 2724 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

16:22:19.0890 2724 rdpdr - ok

16:22:19.0968 2724 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

16:22:19.0984 2724 RDPWD - ok

16:22:20.0031 2724 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

16:22:20.0218 2724 redbook - ok

16:22:20.0296 2724 RTL8023xp (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

16:22:20.0343 2724 RTL8023xp - ok

16:22:20.0453 2724 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

16:22:20.0671 2724 sdbus - ok

16:22:20.0734 2724 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

16:22:20.0968 2724 Secdrv - ok

16:22:21.0031 2724 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

16:22:21.0171 2724 serenum - ok

16:22:21.0203 2724 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

16:22:21.0359 2724 Serial - ok

16:22:21.0390 2724 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

16:22:21.0531 2724 Sfloppy - ok

16:22:21.0562 2724 Simbad - ok

16:22:21.0609 2724 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys

16:22:21.0718 2724 SMCIRDA - ok

16:22:21.0750 2724 Sparrow - ok

16:22:21.0796 2724 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

16:22:21.0937 2724 splitter - ok

16:22:21.0984 2724 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

16:22:22.0140 2724 sr - ok

16:22:22.0218 2724 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

16:22:22.0265 2724 Srv - ok

16:22:22.0343 2724 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

16:22:22.0343 2724 ssmdrv - ok

16:22:22.0437 2724 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

16:22:22.0593 2724 StillCam - ok

16:22:22.0656 2724 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

16:22:22.0921 2724 swenum - ok

16:22:22.0953 2724 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

16:22:23.0093 2724 swmidi - ok

16:22:23.0140 2724 symc810 - ok

16:22:23.0156 2724 symc8xx - ok

16:22:23.0203 2724 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

16:22:23.0218 2724 symlcbrd - ok

16:22:23.0234 2724 sym_hi - ok

16:22:23.0265 2724 sym_u3 - ok

16:22:23.0312 2724 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys

16:22:23.0328 2724 SynTP - ok

16:22:23.0390 2724 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

16:22:23.0546 2724 sysaudio - ok

16:22:23.0703 2724 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

16:22:23.0859 2724 Tcpip - ok

16:22:23.0921 2724 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

16:22:24.0156 2724 TDPIPE - ok

16:22:24.0203 2724 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

16:22:24.0437 2724 TDTCP - ok

16:22:24.0484 2724 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

16:22:24.0625 2724 TermDD - ok

16:22:24.0687 2724 tifm21 (8778a553003a3d37a550a1f9cff6be28) C:\WINDOWS\system32\drivers\tifm21.sys

16:22:24.0703 2724 tifm21 - ok

16:22:24.0734 2724 TosIde - ok

16:22:24.0781 2724 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

16:22:24.0921 2724 Udfs - ok

16:22:24.0953 2724 ultra - ok

16:22:25.0015 2724 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

16:22:25.0203 2724 Update - ok

16:22:25.0265 2724 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

16:22:25.0437 2724 usbccgp - ok

16:22:25.0484 2724 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

16:22:25.0640 2724 usbehci - ok

16:22:25.0687 2724 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

16:22:25.0859 2724 usbhub - ok

16:22:25.0906 2724 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

16:22:26.0078 2724 usbprint - ok

16:22:26.0109 2724 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

16:22:26.0281 2724 usbscan - ok

16:22:26.0312 2724 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

16:22:26.0468 2724 USBSTOR - ok

16:22:26.0515 2724 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

16:22:26.0671 2724 usbuhci - ok

16:22:26.0718 2724 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

16:22:26.0890 2724 VgaSave - ok

16:22:26.0921 2724 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

16:22:27.0093 2724 ViaIde - ok

16:22:27.0125 2724 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

16:22:27.0281 2724 VolSnap - ok

16:22:27.0453 2724 w29n51 (a22abd73e0d6ba666cba4e86eeb001b3) C:\WINDOWS\system32\DRIVERS\w29n51.sys

16:22:27.0609 2724 w29n51 - ok

16:22:27.0656 2724 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

16:22:27.0812 2724 Wanarp - ok

16:22:27.0828 2724 WDICA - ok

16:22:27.0890 2724 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

16:22:28.0140 2724 wdmaud - ok

16:22:28.0218 2724 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

16:22:28.0281 2724 winachsf - ok

16:22:28.0359 2724 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

16:22:28.0500 2724 WmiAcpi - ok

16:22:28.0562 2724 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

16:22:28.0703 2724 WS2IFSL - ok

16:22:28.0765 2724 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

16:22:28.0796 2724 WudfPf - ok

16:22:28.0843 2724 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

16:22:28.0875 2724 WudfRd - ok

16:22:28.0937 2724 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0

16:22:29.0125 2724 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

16:22:29.0125 2724 \Device\Harddisk0\DR0 - detected TDSS File System (1)

16:22:29.0140 2724 Boot (0x1200) (9f5a158481cb7b52bb2d40ece3eeb204) \Device\Harddisk0\DR0\Partition0

16:22:29.0140 2724 \Device\Harddisk0\DR0\Partition0 - ok

16:22:29.0140 2724 ============================================================

16:22:29.0140 2724 Scan finished

16:22:29.0140 2724 ============================================================

16:22:29.0156 2080 Detected object count: 4

16:22:29.0156 2080 Actual detected object count: 4

16:30:03.0625 2080 C:\WINDOWS\system32\DRIVERS\btkrnl.sys - copied to quarantine

16:30:03.0687 2080 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

16:30:03.0750 2080 C:\WINDOWS\system32\Drivers\btwusb.sys - copied to quarantine

16:30:03.0781 2080 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

16:30:03.0968 2080 C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys - copied to quarantine

16:30:03.0984 2080 IPSECEXT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

16:30:04.0031 2080 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

16:30:04.0046 2080 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine

16:30:04.0046 2080 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine

16:30:04.0046 2080 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine

16:30:04.0093 2080 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine

16:30:04.0093 2080 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine

16:30:15.0312 2804 ============================================================

16:30:15.0312 2804 Scan started

16:30:15.0312 2804 Mode: Manual; SigCheck; TDLFS;

16:30:15.0312 2804 ============================================================

16:30:15.0828 2804 Abiosdsk - ok

16:30:15.0859 2804 abp480n5 - ok

16:30:15.0906 2804 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

16:30:16.0250 2804 ACPI - ok

16:30:16.0390 2804 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

16:30:16.0609 2804 ACPIEC - ok

16:30:16.0656 2804 adpu160m - ok

16:30:16.0734 2804 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

16:30:17.0000 2804 aec - ok

16:30:17.0093 2804 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

16:30:17.0125 2804 AFD - ok

16:30:17.0140 2804 Aha154x - ok

16:30:17.0171 2804 aic78u2 - ok

16:30:17.0187 2804 aic78xx - ok

16:30:17.0250 2804 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

16:30:17.0406 2804 AliIde - ok

16:30:17.0421 2804 amsint - ok

16:30:17.0484 2804 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

16:30:17.0656 2804 Arp1394 - ok

16:30:17.0687 2804 asc - ok

16:30:17.0703 2804 asc3350p - ok

16:30:17.0734 2804 asc3550 - ok

16:30:17.0796 2804 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

16:30:17.0984 2804 AsyncMac - ok

16:30:18.0031 2804 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

16:30:18.0218 2804 atapi - ok

16:30:18.0250 2804 Atdisk - ok

16:30:18.0312 2804 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

16:30:18.0531 2804 Atmarpc - ok

16:30:18.0671 2804 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

16:30:18.0875 2804 audstub - ok

16:30:18.0984 2804 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

16:30:18.0984 2804 avgio - ok

16:30:19.0125 2804 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

16:30:19.0140 2804 avgntflt - ok

16:30:19.0234 2804 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

16:30:19.0250 2804 avipbb - ok

16:30:19.0312 2804 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

16:30:19.0609 2804 Beep - ok

16:30:19.0765 2804 BTKRNL (b637f1d425e13c206ef3c2028dd72e6a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

16:30:19.0859 2804 BTKRNL ( UnsignedFile.Multi.Generic ) - warning

16:30:19.0859 2804 BTKRNL - detected UnsignedFile.Multi.Generic (1)

16:30:19.0921 2804 BTWUSB (a93097a2962b14809939ff3259684327) C:\WINDOWS\system32\Drivers\btwusb.sys

16:30:19.0937 2804 BTWUSB ( UnsignedFile.Multi.Generic ) - warning

16:30:19.0937 2804 BTWUSB - detected UnsignedFile.Multi.Generic (1)

16:30:20.0046 2804 CAMCAUD (23913c28ac89875bbfa03bccdc3a41e5) C:\WINDOWS\system32\drivers\camc6aud.sys

16:30:20.0078 2804 CAMCAUD - ok

16:30:20.0140 2804 CAMCHALA (e6edb12a44dafcef05dbddf3ed652388) C:\WINDOWS\system32\drivers\camc6hal.sys

16:30:20.0218 2804 CAMCHALA - ok

16:30:20.0343 2804 catchme - ok

16:30:20.0500 2804 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

16:30:20.0796 2804 cbidf2k - ok

16:30:20.0812 2804 cd20xrnt - ok

16:30:20.0843 2804 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

16:30:21.0000 2804 Cdaudio - ok

16:30:21.0062 2804 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

16:30:21.0234 2804 Cdfs - ok

16:30:21.0265 2804 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

16:30:21.0421 2804 Cdrom - ok

16:30:21.0453 2804 Changer - ok

16:30:21.0500 2804 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

16:30:21.0656 2804 CmBatt - ok

16:30:21.0671 2804 CmdIde - ok

16:30:21.0703 2804 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

16:30:21.0843 2804 Compbatt - ok

16:30:21.0875 2804 Cpqarray - ok

16:30:21.0906 2804 dac2w2k - ok

16:30:21.0921 2804 dac960nt - ok

16:30:21.0953 2804 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

16:30:22.0093 2804 Disk - ok

16:30:22.0171 2804 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

16:30:22.0375 2804 dmboot - ok

16:30:22.0406 2804 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

16:30:22.0562 2804 dmio - ok

16:30:22.0609 2804 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

16:30:22.0765 2804 dmload - ok

16:30:22.0828 2804 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

16:30:23.0000 2804 DMusic - ok

16:30:23.0015 2804 dpti2o - ok

16:30:23.0046 2804 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

16:30:23.0234 2804 drmkaud - ok

16:30:23.0265 2804 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys

16:30:23.0281 2804 eabfiltr - ok

16:30:23.0328 2804 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys

16:30:23.0343 2804 eabusb - ok

16:30:23.0453 2804 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

16:30:23.0484 2804 eeCtrl - ok

16:30:23.0531 2804 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

16:30:23.0531 2804 EraserUtilRebootDrv - ok

16:30:23.0703 2804 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

16:30:23.0875 2804 Fastfat - ok

16:30:23.0937 2804 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

16:30:24.0171 2804 Fdc - ok

16:30:24.0203 2804 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

16:30:24.0375 2804 Fips - ok

16:30:24.0421 2804 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

16:30:24.0562 2804 Flpydisk - ok

16:30:24.0625 2804 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

16:30:24.0765 2804 FltMgr - ok

16:30:24.0812 2804 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

16:30:24.0984 2804 Fs_Rec - ok

16:30:25.0015 2804 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

16:30:25.0171 2804 Ftdisk - ok

16:30:25.0234 2804 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

16:30:25.0234 2804 GEARAspiWDM - ok

16:30:25.0265 2804 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

16:30:25.0421 2804 Gpc - ok

16:30:25.0453 2804 Herofsl - ok

16:30:25.0500 2804 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

16:30:25.0656 2804 HidUsb - ok

16:30:25.0687 2804 hpn - ok

16:30:25.0734 2804 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

16:30:25.0781 2804 HPZid412 - ok

16:30:25.0828 2804 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

16:30:25.0859 2804 HPZipr12 - ok

16:30:25.0890 2804 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

16:30:25.0937 2804 HPZius12 - ok

16:30:26.0000 2804 HSFHWICH (a4877a17e87d6e6ab959b36b9ef3de8a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

16:30:26.0000 2804 HSFHWICH - ok

16:30:26.0062 2804 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

16:30:26.0109 2804 HSF_DP - ok

16:30:26.0187 2804 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

16:30:26.0234 2804 HTTP - ok

16:30:26.0250 2804 i2omgmt - ok

16:30:26.0281 2804 i2omp - ok

16:30:26.0328 2804 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

16:30:26.0531 2804 i8042prt - ok

16:30:26.0625 2804 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

16:30:26.0718 2804 ialm - ok

16:30:26.0796 2804 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

16:30:26.0984 2804 Imapi - ok

16:30:27.0015 2804 ini910u - ok

16:30:27.0062 2804 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

16:30:27.0296 2804 IntelIde - ok

16:30:27.0343 2804 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

16:30:27.0484 2804 intelppm - ok

16:30:27.0531 2804 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

16:30:27.0656 2804 Ip6Fw - ok

16:30:27.0703 2804 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

16:30:27.0859 2804 IpFilterDriver - ok

16:30:27.0906 2804 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

16:30:28.0046 2804 IpInIp - ok

16:30:28.0093 2804 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

16:30:28.0234 2804 IpNat - ok

16:30:28.0281 2804 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

16:30:28.0421 2804 IPSec - ok

16:30:28.0468 2804 IPSECEXT (b68ccab2a72f3ac0191cbf9c3377e053) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys

16:30:28.0484 2804 IPSECEXT ( UnsignedFile.Multi.Generic ) - warning

16:30:28.0484 2804 IPSECEXT - detected UnsignedFile.Multi.Generic (1)

16:30:28.0531 2804 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

16:30:28.0703 2804 IRENUM - ok

16:30:28.0734 2804 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

16:30:28.0890 2804 isapnp - ok

16:30:28.0921 2804 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

16:30:29.0093 2804 Kbdclass - ok

16:30:29.0125 2804 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

16:30:29.0265 2804 kbdhid - ok

16:30:29.0328 2804 KeyScrambler (2fcdff8a230ae5e992239594cf0286a0) C:\WINDOWS\system32\drivers\keyscrambler.sys

16:30:29.0343 2804 KeyScrambler - ok

16:30:29.0375 2804 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

16:30:29.0531 2804 kmixer - ok

16:30:29.0593 2804 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

16:30:29.0625 2804 KSecDD - ok

16:30:29.0703 2804 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys

16:30:29.0718 2804 Lbd - ok

16:30:29.0734 2804 lbrtfdc - ok

16:30:29.0812 2804 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

16:30:29.0812 2804 MBAMProtector - ok

16:30:29.0875 2804 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

16:30:29.0890 2804 mdmxsdk - ok

16:30:29.0937 2804 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

16:30:30.0109 2804 mnmdd - ok

16:30:30.0156 2804 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

16:30:30.0359 2804 Modem - ok

16:30:30.0390 2804 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

16:30:30.0578 2804 Mouclass - ok

16:30:30.0609 2804 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

16:30:30.0781 2804 mouhid - ok

16:30:30.0828 2804 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

16:30:30.0984 2804 MountMgr - ok

16:30:31.0000 2804 mraid35x - ok

16:30:31.0031 2804 mrtRate - ok

16:30:31.0062 2804 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

16:30:31.0218 2804 MRxDAV - ok

16:30:31.0281 2804 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

16:30:31.0359 2804 MRxSmb - ok

16:30:31.0406 2804 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

16:30:31.0578 2804 Msfs - ok

16:30:31.0609 2804 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

16:30:31.0765 2804 MSKSSRV - ok

16:30:31.0796 2804 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

16:30:31.0953 2804 MSPCLOCK - ok

16:30:32.0000 2804 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

16:30:32.0156 2804 MSPQM - ok

16:30:32.0218 2804 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

16:30:32.0375 2804 mssmbios - ok

16:30:32.0453 2804 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

16:30:32.0468 2804 Mup - ok

16:30:32.0546 2804 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

16:30:32.0703 2804 NDIS - ok

16:30:32.0765 2804 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

16:30:32.0796 2804 NdisTapi - ok

16:30:32.0828 2804 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

16:30:33.0000 2804 Ndisuio - ok

16:30:33.0046 2804 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

16:30:33.0250 2804 NdisWan - ok

16:30:33.0296 2804 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

16:30:33.0343 2804 NDProxy - ok

16:30:33.0375 2804 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

16:30:33.0578 2804 NetBIOS - ok

16:30:33.0609 2804 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

16:30:33.0812 2804 NetBT - ok

16:30:33.0875 2804 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

16:30:34.0062 2804 NIC1394 - ok

16:30:34.0109 2804 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

16:30:34.0312 2804 Npfs - ok

16:30:34.0359 2804 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

16:30:34.0546 2804 Ntfs - ok

16:30:34.0609 2804 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

16:30:34.0765 2804 Null - ok

16:30:34.0781 2804 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

16:30:34.0921 2804 NwlnkFlt - ok

16:30:34.0953 2804 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

16:30:35.0109 2804 NwlnkFwd - ok

16:30:35.0156 2804 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

16:30:35.0312 2804 ohci1394 - ok

16:30:35.0359 2804 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

16:30:35.0515 2804 Parport - ok

16:30:35.0562 2804 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

16:30:35.0718 2804 PartMgr - ok

16:30:35.0765 2804 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

16:30:35.0921 2804 ParVdm - ok

16:30:35.0984 2804 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

16:30:36.0140 2804 PCI - ok

16:30:36.0156 2804 PCIDump - ok

16:30:36.0218 2804 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

16:30:36.0375 2804 PCIIde - ok

16:30:36.0437 2804 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

16:30:36.0593 2804 Pcmcia - ok

16:30:36.0625 2804 PDCOMP - ok

16:30:36.0640 2804 PDFRAME - ok

16:30:36.0671 2804 PDRELI - ok

16:30:36.0687 2804 PDRFRAME - ok

16:30:36.0718 2804 perc2 - ok

16:30:36.0734 2804 perc2hib - ok

16:30:36.0796 2804 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

16:30:36.0953 2804 PptpMiniport - ok

16:30:36.0984 2804 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

16:30:37.0125 2804 PSched - ok

16:30:37.0171 2804 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

16:30:37.0328 2804 Ptilink - ok

16:30:37.0390 2804 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

16:30:37.0406 2804 PxHelp20 - ok

16:30:37.0421 2804 ql1080 - ok

16:30:37.0453 2804 Ql10wnt - ok

16:30:37.0468 2804 ql12160 - ok

16:30:37.0500 2804 ql1240 - ok

16:30:37.0515 2804 ql1280 - ok

16:30:37.0562 2804 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

16:30:37.0718 2804 RasAcd - ok

16:30:37.0765 2804 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

16:30:37.0843 2804 Rasirda - ok

16:30:37.0890 2804 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

16:30:38.0062 2804 Rasl2tp - ok

16:30:38.0093 2804 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

16:30:38.0265 2804 RasPppoe - ok

16:30:38.0328 2804 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

16:30:38.0484 2804 Raspti - ok

16:30:38.0546 2804 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

16:30:38.0687 2804 Rdbss - ok

16:30:38.0734 2804 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

16:30:38.0875 2804 RDPCDD - ok

16:30:38.0921 2804 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

16:30:39.0078 2804 rdpdr - ok

16:30:39.0140 2804 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

16:30:39.0156 2804 RDPWD - ok

16:30:39.0218 2804 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

16:30:39.0359 2804 redbook - ok

16:30:39.0437 2804 RTL8023xp (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

16:30:39.0468 2804 RTL8023xp - ok

16:30:39.0562 2804 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

16:30:39.0718 2804 sdbus - ok

16:30:39.0765 2804 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

16:30:39.0953 2804 Secdrv - ok

16:30:40.0015 2804 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

16:30:40.0203 2804 serenum - ok

16:30:40.0250 2804 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

16:30:40.0453 2804 Serial - ok

16:30:40.0500 2804 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

16:30:40.0640 2804 Sfloppy - ok

16:30:40.0671 2804 Simbad - ok

16:30:40.0718 2804 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys

16:30:40.0812 2804 SMCIRDA - ok

16:30:40.0843 2804 Sparrow - ok

16:30:40.0875 2804 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

16:30:41.0031 2804 splitter - ok

16:30:41.0062 2804 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

16:30:41.0218 2804 sr - ok

16:30:41.0296 2804 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

16:30:41.0343 2804 Srv - ok

16:30:41.0406 2804 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

16:30:41.0421 2804 ssmdrv - ok

16:30:41.0484 2804 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

16:30:41.0625 2804 StillCam - ok

16:30:41.0671 2804 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

16:30:41.0859 2804 swenum - ok

16:30:41.0921 2804 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

16:30:42.0109 2804 swmidi - ok

16:30:42.0171 2804 symc810 - ok

16:30:42.0187 2804 symc8xx - ok

16:30:42.0250 2804 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

16:30:42.0250 2804 symlcbrd - ok

16:30:42.0281 2804 sym_hi - ok

16:30:42.0296 2804 sym_u3 - ok

16:30:42.0359 2804 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys

16:30:42.0390 2804 SynTP - ok

16:30:42.0437 2804 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

16:30:42.0640 2804 sysaudio - ok

16:30:42.0812 2804 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

16:30:42.0937 2804 Tcpip - ok

16:30:42.0984 2804 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

16:30:43.0218 2804 TDPIPE - ok

16:30:43.0265 2804 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

16:30:43.0515 2804 TDTCP - ok

16:30:43.0562 2804 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

16:30:43.0718 2804 TermDD - ok

16:30:43.0781 2804 tifm21 (8778a553003a3d37a550a1f9cff6be28) C:\WINDOWS\system32\drivers\tifm21.sys

16:30:43.0796 2804 tifm21 - ok

16:30:43.0859 2804 TosIde - ok

16:30:43.0921 2804 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

16:30:44.0062 2804 Udfs - ok

16:30:44.0093 2804 ultra - ok

16:30:44.0140 2804 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

16:30:44.0328 2804 Update - ok

16:30:44.0375 2804 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

16:30:44.0546 2804 usbccgp - ok

16:30:44.0593 2804 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

16:30:44.0734 2804 usbehci - ok

16:30:44.0781 2804 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

16:30:44.0937 2804 usbhub - ok

16:30:44.0968 2804 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

16:30:45.0125 2804 usbprint - ok

16:30:45.0156 2804 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

16:30:45.0296 2804 usbscan - ok

16:30:45.0343 2804 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

16:30:45.0484 2804 USBSTOR - ok

16:30:45.0515 2804 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

16:30:45.0671 2804 usbuhci - ok

16:30:45.0703 2804 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

16:30:45.0859 2804 VgaSave - ok

16:30:45.0906 2804 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

16:30:46.0062 2804 ViaIde - ok

16:30:46.0109 2804 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

16:30:46.0265 2804 VolSnap - ok

16:30:46.0453 2804 w29n51 (a22abd73e0d6ba666cba4e86eeb001b3) C:\WINDOWS\system32\DRIVERS\w29n51.sys

16:30:46.0625 2804 w29n51 - ok

16:30:46.0687 2804 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

16:30:46.0937 2804 Wanarp - ok

16:30:46.0968 2804 WDICA - ok

16:30:47.0031 2804 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

16:30:47.0265 2804 wdmaud - ok

16:30:47.0359 2804 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

16:30:47.0437 2804 winachsf - ok

16:30:47.0515 2804 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

16:30:47.0750 2804 WmiAcpi - ok

16:30:47.0812 2804 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

16:30:47.0953 2804 WS2IFSL - ok

16:30:48.0078 2804 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

16:30:48.0109 2804 WudfPf - ok

16:30:48.0156 2804 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

16:30:48.0187 2804 WudfRd - ok

16:30:48.0218 2804 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0

16:30:48.0390 2804 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

16:30:48.0390 2804 \Device\Harddisk0\DR0 - detected TDSS File System (1)

16:30:48.0406 2804 Boot (0x1200) (9f5a158481cb7b52bb2d40ece3eeb204) \Device\Harddisk0\DR0\Partition0

16:30:48.0406 2804 \Device\Harddisk0\DR0\Partition0 - ok

16:30:48.0406 2804 ============================================================

16:30:48.0406 2804 Scan finished

16:30:48.0406 2804 ============================================================

16:30:48.0421 1708 Detected object count: 4

16:30:48.0421 1708 Actual detected object count: 4

16:31:22.0062 1708 C:\WINDOWS\system32\DRIVERS\btkrnl.sys - copied to quarantine

16:31:22.0062 1708 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

16:31:22.0156 1708 C:\WINDOWS\system32\Drivers\btwusb.sys - copied to quarantine

16:31:22.0156 1708 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

16:31:22.0234 1708 C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys - copied to quarantine

16:31:22.0234 1708 IPSECEXT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

16:31:22.0281 1708 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

16:31:22.0296 1708 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine

16:31:22.0296 1708 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine

16:31:22.0343 1708 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine

16:31:22.0343 1708 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine

16:31:22.0359 1708 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.