Jump to content

Cannot find the source of the malware


Recommended Posts

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Please download Gmer from here and save it to your Desktop.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    th_Gmer_initScan.gif
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

    [*] Then click the Scan button & wait for it to finish.

    [*] Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.

    [*]Save it where you can easily find it, such as your desktop

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please post in your next reply

ark.txt

Link to post
Share on other sites

Daniel,

Thank you for the reply; I am in the process of running the indicated tool, it will take all night but I will send the results tomorrow morning CST. Just wanted to let you know that between my first posting and this one, I read in the forum that some people had run Karspersky TDDSkiller and I did that. It found one critical threat that I allowed to be removed. Just wanted you to know that there will be a difference between the condition of the PC during first posting and now.

Link to post
Share on other sites

Hy there,

Please note this from my first answer

Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.

If you have troubles with Gmer, simply let me know.

Please also post me the logfile from TDSSKiller, saved in C:\TDSSKiller.<version_date_time>log.txt

Link to post
Share on other sites

Here are the results (finally!)

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-02-07 06:43:11

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103UJ rev.1AA01113

Running: ndcvirhm.exe; Driver: C:\Users\Willy\AppData\Local\Temp\kxliraob.sys

---- System - GMER 1.0.15 ----

INT 0x51 ? 87310E58

INT 0x51 ? 87310E58

INT 0x51 ? 87310E58

INT 0x61 ? 867C8BF8

INT 0x61 ? 867C8BF8

INT 0x61 ? 867C8BF8

INT 0x61 ? 867C8BF8

INT 0x61 ? 867C8BF8

INT 0x71 ? 87310E58

INT 0x71 ? 87310E58

INT 0x71 ? 87310E58

INT 0x92 ? 87310E58

INT 0xA2 ? 87310E58

INT 0xB2 ? 87310E58

INT 0xB2 ? 87310E58

INT 0xB2 ? 87310E58

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 867CE1F8

Device \Driver\usbohci \Device\USBFDO-9 873B31F8

Device \Driver\netbt \Device\NetBT_Tcpip_{980025DD-A381-4517-8823-EF080FA4120A} 880351F8

Device \Driver\usbehci \Device\USBFDO-10 873961F8

Device \Driver\volmgr \Device\VolMgrControl 867CA1F8

Device \Driver\usbuhci \Device\USBPDO-0 873951F8

Device \Driver\usbuhci \Device\USBPDO-1 873951F8

Device \Driver\usbuhci \Device\USBPDO-2 873951F8

Device \Driver\usbehci \Device\USBPDO-3 873961F8

Device \Driver\netbt \Device\NetBT_Tcpip_{887CFC8D-C164-45AE-B383-319BF35F3F3E} 880351F8

Device \Driver\usbuhci \Device\USBPDO-4 873951F8

Device \Driver\usbuhci \Device\USBPDO-5 873951F8

Device \Driver\USBSTOR \Device\00000070 8803D1F8

Device \Driver\usbuhci \Device\USBPDO-6 873951F8

Device \Driver\volmgr \Device\HarddiskVolume1 867CA1F8

Device \Driver\USBSTOR \Device\00000071 8803D1F8

Device \Driver\usbehci \Device\USBPDO-7 873961F8

Device \Driver\USBSTOR \Device\00000072 8803D1F8

Device \Driver\volmgr \Device\HarddiskVolume2 867CA1F8

Device \Driver\cdrom \Device\CdRom0 8743A500

Device \Driver\usbohci \Device\USBPDO-8 873B31F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 867CC1F8

Device \Driver\atapi \Device\Ide\IdePort0 867CC1F8

Device \Driver\atapi \Device\Ide\IdePort1 867CC1F8

Device \Driver\atapi \Device\Ide\IdePort2 867CC1F8

Device \Driver\atapi \Device\Ide\IdePort3 867CC1F8

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 867CC1F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-6 867CC1F8

Device \Driver\USBSTOR \Device\00000073 8803D1F8

Device \Driver\volmgr \Device\HarddiskVolume3 867CA1F8

Device \Driver\cdrom \Device\CdRom1 8743A500

Device \Driver\usbohci \Device\USBPDO-9 873B31F8

Device \Driver\volmgr \Device\HarddiskVolume4 867CA1F8

Device \Driver\cdrom \Device\CdRom2 8743A500

Device \Driver\volmgr \Device\HarddiskVolume5 867CA1F8

Device \Driver\USBSTOR \Device\00000081 8803D1F8

Device \Driver\usbehci \Device\USBPDO-10 873961F8

Device \Driver\volmgr \Device\HarddiskVolume6 867CA1F8

Device \Driver\USBSTOR \Device\00000083 8803D1F8

Device \Driver\volmgr \Device\HarddiskVolume7 867CA1F8

Device \Driver\netbt \Device\NetBt_Wins_Export 880351F8

Device \Driver\USBSTOR \Device\00000084 8803D1F8

Device \Driver\Smb \Device\NetbiosSmb 8808E1F8

Device \Driver\USBSTOR \Device\00000085 8803D1F8

Device \Driver\iScsiPrt \Device\RaidPort0 878111F8

Device \Driver\usbuhci \Device\USBFDO-0 873951F8

Device \Driver\usbuhci \Device\USBFDO-1 873951F8

Device \Driver\USBSTOR \Device\0000006e 8803D1F8

Device \Driver\usbuhci \Device\USBFDO-2 873951F8

Device \Driver\usbehci \Device\USBFDO-3 873961F8

Device \Driver\usbuhci \Device\USBFDO-4 873951F8

Device \Driver\usbuhci \Device\USBFDO-5 873951F8

Device \Driver\USBSTOR \Device\0000007f 8803D1F8

Device \Driver\usbuhci \Device\USBFDO-6 873951F8

Device \Driver\USBSTOR \Device\0000008c 8803D1F8

Device \Driver\usbehci \Device\USBFDO-7 873961F8

Device \Driver\usbohci \Device\USBFDO-8 873B31F8

Device \FileSystem\cdfs \Cdfs 872F81F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Daniel,

Here is a copy of log from TDSSKiller. However, unfortunately, I cannot tell you for sure if this is the one from the first run that found the malware or a second one. I am just not sure if I ran it more than once. Sorry.

17:25:32.0940 7200 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49

17:25:37.0683 7200 ============================================================

17:25:37.0684 7200 Current date / time: 2012/02/07 17:25:37.0683

17:25:37.0684 7200 SystemInfo:

17:25:37.0684 7200

17:25:37.0684 7200 OS Version: 6.0.6002 ServicePack: 2.0

17:25:37.0684 7200 Product type: Workstation

17:25:37.0684 7200 ComputerName: HOMEOFFICE-PC

17:25:37.0684 7200 UserName: Willy

17:25:37.0684 7200 Windows directory: C:\Windows

17:25:37.0684 7200 System windows directory: C:\Windows

17:25:37.0684 7200 Processor architecture: Intel x86

17:25:37.0684 7200 Number of processors: 4

17:25:37.0684 7200 Page size: 0x1000

17:25:37.0684 7200 Boot type: Normal boot

17:25:37.0684 7200 ============================================================

17:25:39.0449 7200 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

17:25:39.0966 7200 Drive \Device\Harddisk5\DR5 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

17:25:39.0970 7200 Drive \Device\Harddisk6\DR6 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

17:25:39.0971 7200 \Device\Harddisk0\DR0:

17:25:39.0971 7200 MBR used

17:25:39.0971 7200 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

17:25:39.0971 7200 \Device\Harddisk5\DR5:

17:25:39.0971 7200 MBR used

17:25:39.0971 7200 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000

17:25:39.0971 7200 \Device\Harddisk6\DR6:

17:25:39.0972 7200 MBR used

17:25:39.0972 7200 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2

17:25:40.0434 7200 Initialize success

17:25:40.0435 7200 ============================================================

Link to post
Share on other sites

Here is the first one, I finally figured out it was on the c:\ directory:

10:48:44.0644 2268 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49

10:48:45.0035 2268 ============================================================

10:48:45.0035 2268 Current date / time: 2012/02/04 10:48:45.0035

10:48:45.0035 2268 SystemInfo:

10:48:45.0035 2268

10:48:45.0035 2268 OS Version: 6.0.6002 ServicePack: 2.0

10:48:45.0035 2268 Product type: Workstation

10:48:45.0035 2268 ComputerName: HOMEOFFICE-PC

10:48:45.0035 2268 UserName: Willy

10:48:45.0035 2268 Windows directory: C:\Windows

10:48:45.0035 2268 System windows directory: C:\Windows

10:48:45.0035 2268 Processor architecture: Intel x86

10:48:45.0035 2268 Number of processors: 4

10:48:45.0035 2268 Page size: 0x1000

10:48:45.0035 2268 Boot type: Normal boot

10:48:45.0035 2268 ============================================================

10:48:46.0425 2268 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

10:48:56.0809 2268 Drive \Device\Harddisk5\DR5 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

10:49:06.0013 2268 Drive \Device\Harddisk6\DR6 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

10:49:06.0014 2268 \Device\Harddisk0\DR0:

10:49:06.0014 2268 MBR used

10:49:06.0014 2268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

10:49:06.0014 2268 \Device\Harddisk5\DR5:

10:49:06.0014 2268 MBR used

10:49:06.0014 2268 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000

10:49:06.0014 2268 \Device\Harddisk6\DR6:

10:49:06.0015 2268 MBR used

10:49:06.0015 2268 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2

10:49:06.0516 2268 Initialize success

10:49:06.0516 2268 ============================================================

10:49:27.0739 6200 ============================================================

10:49:27.0739 6200 Scan started

10:49:27.0739 6200 Mode: Manual; SigCheck; TDLFS;

10:49:27.0739 6200 ============================================================

10:49:28.0612 6200 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys

10:49:28.0796 6200 61883 - ok

10:49:28.0835 6200 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

10:49:28.0866 6200 ACPI - ok

10:49:28.0920 6200 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

10:49:28.0949 6200 adp94xx - ok

10:49:28.0983 6200 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

10:49:29.0051 6200 adpahci - ok

10:49:29.0088 6200 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

10:49:29.0117 6200 adpu160m - ok

10:49:29.0153 6200 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

10:49:29.0185 6200 adpu320 - ok

10:49:29.0217 6200 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys

10:49:29.0286 6200 Afc - ok

10:49:29.0350 6200 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

10:49:29.0414 6200 AFD - ok

10:49:29.0478 6200 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

10:49:29.0506 6200 agp440 - ok

10:49:29.0540 6200 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

10:49:29.0566 6200 aic78xx - ok

10:49:29.0608 6200 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys

10:49:29.0623 6200 aliide - ok

10:49:29.0653 6200 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

10:49:29.0682 6200 amdagp - ok

10:49:29.0713 6200 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys

10:49:29.0729 6200 amdide - ok

10:49:29.0762 6200 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

10:49:29.0911 6200 AmdK7 - ok

10:49:29.0943 6200 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

10:49:30.0016 6200 AmdK8 - ok

10:49:30.0076 6200 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

10:49:30.0103 6200 arc - ok

10:49:30.0138 6200 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

10:49:30.0164 6200 arcsas - ok

10:49:30.0217 6200 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys

10:49:30.0284 6200 ASPI32 ( UnsignedFile.Multi.Generic ) - warning

10:49:30.0284 6200 ASPI32 - detected UnsignedFile.Multi.Generic (1)

10:49:30.0326 6200 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

10:49:30.0392 6200 AsyncMac - ok

10:49:30.0440 6200 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

10:49:30.0458 6200 atapi - ok

10:49:30.0519 6200 atikmdag (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys

10:49:30.0641 6200 atikmdag - ok

10:49:30.0685 6200 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys

10:49:30.0754 6200 Avc - ok

10:49:30.0787 6200 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

10:49:30.0841 6200 Beep - ok

10:49:30.0864 6200 blbdrive - ok

10:49:30.0919 6200 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

10:49:31.0002 6200 bowser - ok

10:49:31.0026 6200 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

10:49:31.0075 6200 BrFiltLo - ok

10:49:31.0108 6200 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

10:49:31.0178 6200 BrFiltUp - ok

10:49:31.0208 6200 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

10:49:31.0269 6200 Brserid - ok

10:49:31.0300 6200 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

10:49:31.0380 6200 BrSerWdm - ok

10:49:31.0412 6200 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

10:49:31.0468 6200 BrUsbMdm - ok

10:49:31.0507 6200 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

10:49:31.0568 6200 BrUsbSer - ok

10:49:31.0606 6200 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

10:49:31.0689 6200 BTHMODEM - ok

10:49:31.0746 6200 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

10:49:31.0847 6200 cdfs - ok

10:49:31.0899 6200 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

10:49:31.0941 6200 cdrom - ok

10:49:31.0978 6200 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

10:49:32.0031 6200 circlass - ok

10:49:32.0083 6200 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

10:49:32.0115 6200 CLFS - ok

10:49:32.0211 6200 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys

10:49:32.0228 6200 cmdide - ok

10:49:32.0277 6200 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

10:49:32.0295 6200 Compbatt - ok

10:49:32.0318 6200 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

10:49:32.0336 6200 crcdisk - ok

10:49:32.0398 6200 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

10:49:32.0452 6200 Crusoe - ok

10:49:32.0493 6200 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys

10:49:32.0548 6200 CVirtA - ok

10:49:32.0645 6200 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys

10:49:32.0701 6200 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

10:49:32.0701 6200 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

10:49:32.0846 6200 dbhjcjpf - ok

10:49:32.0925 6200 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

10:49:33.0013 6200 DfsC - ok

10:49:33.0047 6200 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys

10:49:33.0117 6200 DgiVecp ( UnsignedFile.Multi.Generic ) - warning

10:49:33.0117 6200 DgiVecp - detected UnsignedFile.Multi.Generic (1)

10:49:33.0157 6200 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

10:49:33.0188 6200 disk - ok

10:49:33.0237 6200 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys

10:49:33.0268 6200 DNE - ok

10:49:33.0290 6200 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

10:49:33.0340 6200 drmkaud - ok

10:49:33.0410 6200 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

10:49:33.0475 6200 DXGKrnl - ok

10:49:33.0553 6200 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys

10:49:33.0607 6200 e1express - ok

10:49:33.0649 6200 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

10:49:33.0744 6200 E1G60 - ok

10:49:33.0788 6200 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

10:49:33.0820 6200 Ecache - ok

10:49:33.0845 6200 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

10:49:33.0871 6200 elxstor - ok

10:49:33.0907 6200 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

10:49:33.0952 6200 exfat - ok

10:49:33.0994 6200 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

10:49:34.0057 6200 fastfat - ok

10:49:34.0099 6200 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

10:49:34.0188 6200 fdc - ok

10:49:34.0216 6200 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

10:49:34.0246 6200 FileInfo - ok

10:49:34.0273 6200 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

10:49:34.0326 6200 Filetrace - ok

10:49:34.0361 6200 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

10:49:34.0409 6200 flpydisk - ok

10:49:34.0437 6200 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

10:49:34.0467 6200 FltMgr - ok

10:49:34.0531 6200 FlyUsb (85e5ad3a9d56fd6f92db5fc9ca62e2e4) C:\Windows\system32\DRIVERS\FlyUsb.sys

10:49:34.0599 6200 FlyUsb - ok

10:49:34.0660 6200 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

10:49:34.0684 6200 fssfltr - ok

10:49:34.0732 6200 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

10:49:34.0797 6200 Fs_Rec - ok

10:49:34.0835 6200 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

10:49:34.0863 6200 gagp30kx - ok

10:49:34.0892 6200 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

10:49:34.0914 6200 GEARAspiWDM - ok

10:49:34.0991 6200 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

10:49:35.0077 6200 HdAudAddService - ok

10:49:35.0133 6200 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

10:49:35.0207 6200 HDAudBus - ok

10:49:35.0252 6200 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

10:49:35.0304 6200 HidBth - ok

10:49:35.0334 6200 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

10:49:35.0476 6200 HidIr - ok

10:49:35.0512 6200 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

10:49:35.0539 6200 HidUsb - ok

10:49:35.0574 6200 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

10:49:35.0595 6200 HpCISSs - ok

10:49:35.0638 6200 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

10:49:35.0718 6200 HTTP - ok

10:49:35.0771 6200 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

10:49:35.0790 6200 i2omp - ok

10:49:35.0850 6200 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

10:49:35.0887 6200 i8042prt - ok

10:49:35.0919 6200 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

10:49:35.0948 6200 iaStorV - ok

10:49:35.0974 6200 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

10:49:35.0997 6200 iirsp - ok

10:49:36.0042 6200 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys

10:49:36.0059 6200 intelide - ok

10:49:36.0084 6200 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

10:49:36.0171 6200 intelppm - ok

10:49:36.0200 6200 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:49:36.0242 6200 IpFilterDriver - ok

10:49:36.0251 6200 IpInIp - ok

10:49:36.0273 6200 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

10:49:36.0359 6200 IPMIDRV - ok

10:49:36.0413 6200 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

10:49:36.0448 6200 IPNAT - ok

10:49:36.0510 6200 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

10:49:36.0572 6200 IRENUM - ok

10:49:36.0596 6200 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

10:49:36.0622 6200 isapnp - ok

10:49:36.0664 6200 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

10:49:36.0689 6200 iScsiPrt - ok

10:49:36.0713 6200 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

10:49:36.0734 6200 iteatapi - ok

10:49:36.0757 6200 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

10:49:36.0780 6200 iteraid - ok

10:49:36.0812 6200 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

10:49:36.0836 6200 kbdclass - ok

10:49:36.0847 6200 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

10:49:36.0911 6200 kbdhid - ok

10:49:36.0990 6200 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

10:49:37.0064 6200 KSecDD - ok

10:49:37.0125 6200 LHidFilt (8b30311241f97b35167afe68d79e8530) C:\Windows\system32\DRIVERS\LHidFilt.Sys

10:49:37.0148 6200 LHidFilt - ok

10:49:37.0204 6200 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

10:49:37.0248 6200 lltdio - ok

10:49:37.0285 6200 LMouFilt (48d7422a6c4eec886b56ac534cfa3acf) C:\Windows\system32\DRIVERS\LMouFilt.Sys

10:49:37.0292 6200 LMouFilt - ok

10:49:37.0315 6200 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

10:49:37.0342 6200 LSI_FC - ok

10:49:37.0376 6200 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

10:49:37.0404 6200 LSI_SAS - ok

10:49:37.0439 6200 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

10:49:37.0466 6200 LSI_SCSI - ok

10:49:37.0501 6200 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

10:49:37.0573 6200 luafv - ok

10:49:37.0639 6200 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\Drivers\LVPr2Mon.sys

10:49:37.0661 6200 LVPr2Mon - ok

10:49:37.0715 6200 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys

10:49:37.0754 6200 LVRS - ok

10:49:37.0802 6200 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\Windows\system32\drivers\LVUSBSta.sys

10:49:37.0824 6200 LVUSBSta - ok

10:49:37.0938 6200 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys

10:49:38.0124 6200 LVUVC - ok

10:49:38.0157 6200 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

10:49:38.0183 6200 MBAMProtector - ok

10:49:38.0211 6200 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

10:49:38.0231 6200 megasas - ok

10:49:38.0265 6200 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

10:49:38.0324 6200 Modem - ok

10:49:38.0395 6200 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

10:49:38.0470 6200 monitor - ok

10:49:38.0510 6200 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

10:49:38.0532 6200 mouclass - ok

10:49:38.0548 6200 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

10:49:38.0626 6200 mouhid - ok

10:49:38.0662 6200 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

10:49:38.0691 6200 MountMgr - ok

10:49:38.0737 6200 MpFilter (356842aac621ab40f18992c01a590f71) C:\Windows\system32\DRIVERS\MpFilter.sys

10:49:38.0757 6200 MpFilter - ok

10:49:38.0792 6200 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

10:49:38.0822 6200 mpio - ok

10:49:38.0850 6200 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

10:49:38.0895 6200 mpsdrv - ok

10:49:38.0974 6200 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

10:49:38.0994 6200 Mraid35x - ok

10:49:39.0050 6200 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

10:49:39.0094 6200 MRxDAV - ok

10:49:39.0151 6200 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:49:39.0281 6200 mrxsmb - ok

10:49:39.0347 6200 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:49:39.0377 6200 mrxsmb10 - ok

10:49:39.0393 6200 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:49:39.0465 6200 mrxsmb20 - ok

10:49:39.0533 6200 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys

10:49:39.0550 6200 msahci - ok

10:49:39.0588 6200 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

10:49:39.0622 6200 msdsm - ok

10:49:39.0707 6200 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys

10:49:39.0767 6200 MSDV - ok

10:49:39.0791 6200 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

10:49:39.0870 6200 Msfs - ok

10:49:39.0894 6200 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

10:49:39.0912 6200 msisadrv - ok

10:49:39.0937 6200 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

10:49:40.0011 6200 MSKSSRV - ok

10:49:40.0058 6200 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

10:49:40.0086 6200 MSPCLOCK - ok

10:49:40.0101 6200 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

10:49:40.0130 6200 MSPQM - ok

10:49:40.0181 6200 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

10:49:40.0230 6200 MsRPC - ok

10:49:40.0244 6200 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

10:49:40.0269 6200 mssmbios - ok

10:49:40.0302 6200 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

10:49:40.0367 6200 MSTEE - ok

10:49:40.0388 6200 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

10:49:40.0418 6200 Mup - ok

10:49:40.0463 6200 N5SG (77dad453144952e7cec56ac6e2061fd7) C:\Windows\system32\DRIVERS\N5SG.sys

10:49:40.0507 6200 N5SG ( UnsignedFile.Multi.Generic ) - warning

10:49:40.0507 6200 N5SG - detected UnsignedFile.Multi.Generic (1)

10:49:40.0563 6200 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

10:49:40.0613 6200 NativeWifiP - ok

10:49:40.0670 6200 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

10:49:40.0709 6200 NDIS - ok

10:49:40.0726 6200 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

10:49:40.0758 6200 NdisTapi - ok

10:49:40.0782 6200 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

10:49:40.0847 6200 Ndisuio - ok

10:49:40.0882 6200 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

10:49:40.0930 6200 NdisWan - ok

10:49:40.0988 6200 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

10:49:41.0047 6200 NDProxy - ok

10:49:41.0074 6200 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

10:49:41.0136 6200 NetBIOS - ok

10:49:41.0165 6200 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

10:49:41.0243 6200 netbt - ok

10:49:41.0321 6200 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

10:49:41.0345 6200 nfrd960 - ok

10:49:41.0361 6200 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

10:49:41.0397 6200 Npfs - ok

10:49:41.0406 6200 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

10:49:41.0455 6200 nsiproxy - ok

10:49:41.0515 6200 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

10:49:41.0642 6200 Ntfs - ok

10:49:41.0669 6200 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

10:49:41.0737 6200 ntrigdigi - ok

10:49:41.0768 6200 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

10:49:41.0790 6200 Null - ok

10:49:41.0855 6200 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys

10:49:41.0911 6200 nvraid - ok

10:49:41.0942 6200 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys

10:49:42.0009 6200 nvstor - ok

10:49:42.0033 6200 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

10:49:42.0056 6200 nv_agp - ok

10:49:42.0072 6200 NwlnkFlt - ok

10:49:42.0082 6200 NwlnkFwd - ok

10:49:42.0129 6200 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

10:49:42.0190 6200 ohci1394 - ok

10:49:42.0200 6200 OMCI - ok

10:49:42.0274 6200 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

10:49:42.0353 6200 Parport - ok

10:49:42.0361 6200 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

10:49:42.0392 6200 partmgr - ok

10:49:42.0413 6200 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

10:49:42.0458 6200 Parvdm - ok

10:49:42.0499 6200 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

10:49:42.0524 6200 pci - ok

10:49:42.0538 6200 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

10:49:42.0557 6200 pciide - ok

10:49:42.0590 6200 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

10:49:42.0614 6200 pcmcia - ok

10:49:42.0680 6200 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys

10:49:42.0724 6200 pcouffin - ok

10:49:42.0787 6200 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys

10:49:42.0806 6200 PdiPorts - ok

10:49:42.0835 6200 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

10:49:42.0949 6200 PEAUTH - ok

10:49:43.0059 6200 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

10:49:43.0129 6200 PptpMiniport - ok

10:49:43.0154 6200 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

10:49:43.0207 6200 Processor - ok

10:49:43.0265 6200 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

10:49:43.0342 6200 PSched - ok

10:49:43.0372 6200 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys

10:49:43.0398 6200 PxHelp20 - ok

10:49:43.0438 6200 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

10:49:43.0497 6200 ql2300 - ok

10:49:43.0535 6200 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

10:49:43.0574 6200 ql40xx - ok

10:49:43.0607 6200 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

10:49:43.0681 6200 QWAVEdrv - ok

10:49:43.0706 6200 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

10:49:43.0759 6200 RasAcd - ok

10:49:43.0785 6200 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:49:43.0833 6200 Rasl2tp - ok

10:49:43.0874 6200 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

10:49:43.0930 6200 RasPppoe - ok

10:49:43.0963 6200 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

10:49:44.0053 6200 RasSstp - ok

10:49:44.0101 6200 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

10:49:44.0149 6200 rdbss - ok

10:49:44.0168 6200 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:49:44.0197 6200 RDPCDD - ok

10:49:44.0221 6200 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

10:49:44.0321 6200 rdpdr - ok

10:49:44.0347 6200 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

10:49:44.0376 6200 RDPENCDD - ok

10:49:44.0399 6200 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

10:49:44.0451 6200 RDPWD - ok

10:49:44.0516 6200 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys

10:49:44.0563 6200 RimUsb - ok

10:49:44.0619 6200 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys

10:49:44.0684 6200 RimVSerPort - ok

10:49:44.0724 6200 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

10:49:44.0789 6200 ROOTMODEM - ok

10:49:44.0827 6200 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

10:49:44.0871 6200 rspndr - ok

10:49:44.0895 6200 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

10:49:44.0930 6200 sbp2port - ok

10:49:44.0960 6200 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

10:49:45.0033 6200 secdrv - ok

10:49:45.0088 6200 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\Windows\System32\Drivers\SENTINEL.SYS

10:49:45.0212 6200 Sentinel - ok

10:49:45.0257 6200 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

10:49:45.0323 6200 Serenum - ok

10:49:45.0355 6200 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

10:49:45.0420 6200 Serial - ok

10:49:45.0472 6200 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

10:49:45.0504 6200 sermouse - ok

10:49:45.0526 6200 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

10:49:45.0587 6200 sffdisk - ok

10:49:45.0615 6200 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

10:49:45.0692 6200 sffp_mmc - ok

10:49:45.0714 6200 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

10:49:45.0790 6200 sffp_sd - ok

10:49:45.0811 6200 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

10:49:45.0858 6200 sfloppy - ok

10:49:45.0917 6200 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

10:49:45.0945 6200 sisagp - ok

10:49:45.0975 6200 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

10:49:45.0996 6200 SiSRaid2 - ok

10:49:46.0029 6200 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

10:49:46.0057 6200 SiSRaid4 - ok

10:49:46.0107 6200 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

10:49:46.0152 6200 Smb - ok

10:49:46.0190 6200 SNTNLUSB (ce724fc3ef8468bbab146ca1793c66dc) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS

10:49:46.0213 6200 SNTNLUSB - ok

10:49:46.0243 6200 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

10:49:46.0263 6200 spldr - ok

10:49:46.0322 6200 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys

10:49:46.0322 6200 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9

10:49:46.0325 6200 sptd ( LockedFile.Multi.Generic ) - warning

10:49:46.0325 6200 sptd - detected LockedFile.Multi.Generic (1)

10:49:46.0384 6200 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

10:49:46.0470 6200 srv - ok

10:49:46.0535 6200 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

10:49:46.0586 6200 srv2 - ok

10:49:46.0605 6200 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

10:49:46.0668 6200 srvnet - ok

10:49:46.0703 6200 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys

10:49:46.0715 6200 SSPORT ( UnsignedFile.Multi.Generic ) - warning

10:49:46.0715 6200 SSPORT - detected UnsignedFile.Multi.Generic (1)

10:49:46.0741 6200 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

10:49:46.0758 6200 swenum - ok

10:49:46.0787 6200 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

10:49:46.0810 6200 Symc8xx - ok

10:49:46.0841 6200 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

10:49:46.0861 6200 Sym_hi - ok

10:49:46.0892 6200 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

10:49:46.0913 6200 Sym_u3 - ok

10:49:46.0968 6200 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

10:49:47.0018 6200 Tcpip - ok

10:49:47.0090 6200 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

10:49:47.0187 6200 Tcpip6 - ok

10:49:47.0254 6200 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

10:49:47.0331 6200 tcpipreg - ok

10:49:47.0393 6200 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

10:49:47.0444 6200 TDPIPE - ok

10:49:47.0466 6200 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

10:49:47.0501 6200 TDTCP - ok

10:49:47.0541 6200 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

10:49:47.0586 6200 tdx - ok

10:49:47.0607 6200 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

10:49:47.0638 6200 TermDD - ok

10:49:47.0683 6200 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:49:47.0717 6200 tssecsrv - ok

10:49:47.0751 6200 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

10:49:47.0812 6200 tunmp - ok

10:49:47.0850 6200 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

10:49:47.0892 6200 tunnel - ok

10:49:47.0928 6200 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

10:49:47.0957 6200 uagp35 - ok

10:49:47.0984 6200 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

10:49:48.0016 6200 udfs - ok

10:49:48.0051 6200 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

10:49:48.0081 6200 uliagpkx - ok

10:49:48.0107 6200 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

10:49:48.0160 6200 uliahci - ok

10:49:48.0198 6200 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

10:49:48.0218 6200 UlSata - ok

10:49:48.0250 6200 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

10:49:48.0276 6200 ulsata2 - ok

10:49:48.0297 6200 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

10:49:48.0354 6200 umbus - ok

10:49:48.0413 6200 USB28xxBGA (48bfa9c9145b7527aa8849c974756461) C:\Windows\system32\DRIVERS\emBDA.sys

10:49:48.0542 6200 USB28xxBGA - ok

10:49:48.0609 6200 USB28xxOEM (9053737716744587b748cf7aaa424758) C:\Windows\system32\DRIVERS\emOEM.sys

10:49:48.0666 6200 USB28xxOEM - ok

10:49:48.0726 6200 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

10:49:48.0835 6200 USBAAPL - ok

10:49:48.0881 6200 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

10:49:48.0945 6200 usbaudio - ok

10:49:48.0982 6200 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

10:49:49.0058 6200 usbccgp - ok

10:49:49.0079 6200 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

10:49:49.0151 6200 usbcir - ok

10:49:49.0180 6200 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

10:49:49.0212 6200 usbehci - ok

10:49:49.0237 6200 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

10:49:49.0274 6200 usbhub - ok

10:49:49.0293 6200 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

10:49:49.0322 6200 usbohci - ok

10:49:49.0341 6200 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

10:49:49.0407 6200 usbprint - ok

10:49:49.0446 6200 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

10:49:49.0480 6200 usbscan - ok

10:49:49.0503 6200 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:49:49.0545 6200 USBSTOR - ok

10:49:49.0563 6200 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

10:49:49.0593 6200 usbuhci - ok

10:49:49.0618 6200 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys

10:49:49.0700 6200 usbvideo - ok

10:49:49.0743 6200 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

10:49:49.0825 6200 vga - ok

10:49:49.0867 6200 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

10:49:49.0902 6200 VgaSave - ok

10:49:49.0960 6200 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

10:49:49.0988 6200 viaagp - ok

10:49:50.0024 6200 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

10:49:50.0078 6200 ViaC7 - ok

10:49:50.0116 6200 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys

10:49:50.0133 6200 viaide - ok

10:49:50.0166 6200 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

10:49:50.0194 6200 volmgr - ok

10:49:50.0246 6200 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

10:49:50.0278 6200 volmgrx - ok

10:49:50.0288 6200 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

10:49:50.0315 6200 volsnap - ok

10:49:50.0339 6200 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

10:49:50.0375 6200 vsmraid - ok

10:49:50.0410 6200 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS

10:49:50.0470 6200 VSTHWBS2 - ok

10:49:50.0512 6200 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

10:49:50.0570 6200 VST_DPV - ok

10:49:50.0594 6200 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

10:49:50.0642 6200 WacomPen - ok

10:49:50.0679 6200 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

10:49:50.0746 6200 Wanarp - ok

10:49:50.0749 6200 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

10:49:50.0792 6200 Wanarpv6 - ok

10:49:50.0815 6200 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

10:49:50.0834 6200 Wd - ok

10:49:50.0888 6200 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

10:49:50.0945 6200 Wdf01000 - ok

10:49:51.0017 6200 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

10:49:51.0106 6200 winachsf - ok

10:49:51.0185 6200 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS

10:49:51.0239 6200 WinUsb - ok

10:49:51.0309 6200 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

10:49:51.0355 6200 WmiAcpi - ok

10:49:51.0438 6200 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

10:49:51.0505 6200 WpdUsb - ok

10:49:51.0572 6200 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

10:49:51.0639 6200 ws2ifsl - ok

10:49:51.0686 6200 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:49:51.0736 6200 WUDFRd - ok

10:49:51.0774 6200 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0

10:49:51.0896 6200 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

10:49:51.0896 6200 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

10:49:52.0194 6200 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

10:49:52.0194 6200 \Device\Harddisk0\DR0 - detected TDSS File System (1)

10:49:52.0197 6200 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5

10:49:52.0677 6200 \Device\Harddisk5\DR5 - ok

10:49:52.0702 6200 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR6

10:49:52.0819 6200 \Device\Harddisk6\DR6 - ok

10:49:52.0864 6200 Boot (0x1200) (72c9b9c4bb3bbf1d1f668a4fea4533af) \Device\Harddisk0\DR0\Partition0

10:49:52.0957 6200 \Device\Harddisk0\DR0\Partition0 - ok

10:49:52.0960 6200 Boot (0x1200) (1b3678f513eb38e152e46d7d2f1d7091) \Device\Harddisk5\DR5\Partition0

10:49:52.0961 6200 \Device\Harddisk5\DR5\Partition0 - ok

10:49:52.0964 6200 Boot (0x1200) (19270f5db212c5652859b65ba4ab0cb3) \Device\Harddisk6\DR6\Partition0

10:49:52.0965 6200 \Device\Harddisk6\DR6\Partition0 - ok

10:49:52.0965 6200 ============================================================

10:49:52.0965 6200 Scan finished

10:49:52.0965 6200 ============================================================

10:49:52.0973 7928 Detected object count: 8

10:49:52.0973 7928 Actual detected object count: 8

10:50:38.0204 7928 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user

10:50:38.0204 7928 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:50:38.0205 7928 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

10:50:38.0205 7928 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:50:38.0206 7928 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user

10:50:38.0206 7928 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:50:38.0207 7928 N5SG ( UnsignedFile.Multi.Generic ) - skipped by user

10:50:38.0207 7928 N5SG ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:50:38.0208 7928 sptd ( LockedFile.Multi.Generic ) - skipped by user

10:50:38.0208 7928 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

10:50:38.0209 7928 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user

10:50:38.0209 7928 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:50:38.0244 7928 \Device\Harddisk0\DR0\# - copied to quarantine

10:50:38.0250 7928 \Device\Harddisk0\DR0 - copied to quarantine

10:50:38.0877 7928 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

10:50:38.0879 7928 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

10:50:38.0888 7928 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

10:50:38.0971 7928 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

10:50:38.0982 7928 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

10:50:39.0262 7928 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

10:50:39.0316 7928 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

10:50:40.0730 7928 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

10:50:40.0731 7928 \Device\Harddisk0\DR0 - ok

10:50:40.0731 7928 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

10:50:40.0732 7928 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

10:50:40.0732 7928 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

10:50:44.0928 7232 Deinitialize success

Link to post
Share on other sites

Here is the log from the second run:

11:01:54.0386 1576 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49

11:01:54.0927 1576 ============================================================

11:01:54.0928 1576 Current date / time: 2012/02/04 11:01:54.0927

11:01:54.0928 1576 SystemInfo:

11:01:54.0928 1576

11:01:54.0928 1576 OS Version: 6.0.6002 ServicePack: 2.0

11:01:54.0928 1576 Product type: Workstation

11:01:54.0928 1576 ComputerName: HOMEOFFICE-PC

11:01:54.0928 1576 UserName: Willy

11:01:54.0928 1576 Windows directory: C:\Windows

11:01:54.0928 1576 System windows directory: C:\Windows

11:01:54.0928 1576 Processor architecture: Intel x86

11:01:54.0928 1576 Number of processors: 4

11:01:54.0928 1576 Page size: 0x1000

11:01:54.0928 1576 Boot type: Normal boot

11:01:54.0928 1576 ============================================================

11:01:57.0505 1576 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

11:01:57.0569 1576 Drive \Device\Harddisk5\DR5 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

11:01:57.0612 1576 Drive \Device\Harddisk6\DR6 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

11:01:57.0613 1576 \Device\Harddisk0\DR0:

11:01:57.0619 1576 MBR used

11:01:57.0619 1576 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

11:01:57.0619 1576 \Device\Harddisk5\DR5:

11:01:57.0619 1576 MBR used

11:01:57.0619 1576 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000

11:01:57.0619 1576 \Device\Harddisk6\DR6:

11:01:57.0620 1576 MBR used

11:01:57.0620 1576 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2

11:01:58.0125 1576 Initialize success

11:01:58.0125 1576 ============================================================

11:02:06.0120 4824 ============================================================

11:02:06.0120 4824 Scan started

11:02:06.0120 4824 Mode: Manual; SigCheck; TDLFS;

11:02:06.0120 4824 ============================================================

11:02:07.0665 4824 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys

11:02:07.0848 4824 61883 - ok

11:02:07.0929 4824 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

11:02:07.0958 4824 ACPI - ok

11:02:08.0014 4824 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

11:02:08.0081 4824 adp94xx - ok

11:02:08.0111 4824 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

11:02:08.0260 4824 adpahci - ok

11:02:08.0298 4824 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

11:02:08.0365 4824 adpu160m - ok

11:02:08.0421 4824 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

11:02:08.0500 4824 adpu320 - ok

11:02:08.0536 4824 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys

11:02:08.0616 4824 Afc - ok

11:02:08.0692 4824 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

11:02:08.0798 4824 AFD - ok

11:02:08.0855 4824 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

11:02:08.0913 4824 agp440 - ok

11:02:09.0115 4824 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

11:02:09.0207 4824 aic78xx - ok

11:02:09.0242 4824 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys

11:02:09.0264 4824 aliide - ok

11:02:09.0304 4824 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

11:02:09.0350 4824 amdagp - ok

11:02:09.0388 4824 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys

11:02:09.0412 4824 amdide - ok

11:02:09.0445 4824 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

11:02:09.0526 4824 AmdK7 - ok

11:02:09.0568 4824 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

11:02:09.0649 4824 AmdK8 - ok

11:02:09.0709 4824 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

11:02:09.0755 4824 arc - ok

11:02:09.0788 4824 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

11:02:09.0825 4824 arcsas - ok

11:02:09.0892 4824 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys

11:02:09.0949 4824 ASPI32 ( UnsignedFile.Multi.Generic ) - warning

11:02:09.0949 4824 ASPI32 - detected UnsignedFile.Multi.Generic (1)

11:02:09.0993 4824 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

11:02:10.0049 4824 AsyncMac - ok

11:02:10.0099 4824 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

11:02:10.0117 4824 atapi - ok

11:02:10.0211 4824 atikmdag (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys

11:02:10.0358 4824 atikmdag - ok

11:02:10.0443 4824 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys

11:02:10.0505 4824 Avc - ok

11:02:10.0536 4824 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

11:02:10.0591 4824 Beep - ok

11:02:10.0604 4824 blbdrive - ok

11:02:10.0669 4824 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

11:02:10.0731 4824 bowser - ok

11:02:10.0751 4824 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

11:02:10.0832 4824 BrFiltLo - ok

11:02:10.0865 4824 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

11:02:10.0919 4824 BrFiltUp - ok

11:02:10.0983 4824 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

11:02:11.0072 4824 Brserid - ok

11:02:11.0150 4824 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

11:02:11.0308 4824 BrSerWdm - ok

11:02:11.0352 4824 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

11:02:11.0425 4824 BrUsbMdm - ok

11:02:11.0456 4824 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

11:02:11.0541 4824 BrUsbSer - ok

11:02:11.0580 4824 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

11:02:11.0672 4824 BTHMODEM - ok

11:02:11.0731 4824 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

11:02:11.0837 4824 cdfs - ok

11:02:11.0889 4824 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

11:02:11.0977 4824 cdrom - ok

11:02:12.0018 4824 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

11:02:12.0093 4824 circlass - ok

11:02:12.0164 4824 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

11:02:12.0215 4824 CLFS - ok

11:02:12.0284 4824 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys

11:02:12.0310 4824 cmdide - ok

11:02:12.0350 4824 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

11:02:12.0413 4824 Compbatt - ok

11:02:12.0474 4824 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

11:02:12.0500 4824 crcdisk - ok

11:02:12.0529 4824 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

11:02:12.0767 4824 Crusoe - ok

11:02:12.0815 4824 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys

11:02:12.0970 4824 CVirtA - ok

11:02:13.0083 4824 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys

11:02:13.0147 4824 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

11:02:13.0147 4824 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

11:02:13.0178 4824 dbhjcjpf - ok

11:02:13.0230 4824 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

11:02:13.0407 4824 DfsC - ok

11:02:13.0676 4824 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys

11:02:13.0816 4824 DgiVecp ( UnsignedFile.Multi.Generic ) - warning

11:02:13.0816 4824 DgiVecp - detected UnsignedFile.Multi.Generic (1)

11:02:13.0868 4824 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

11:02:13.0913 4824 disk - ok

11:02:13.0940 4824 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys

11:02:13.0958 4824 DNE - ok

11:02:13.0985 4824 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

11:02:14.0036 4824 drmkaud - ok

11:02:14.0139 4824 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

11:02:14.0176 4824 DXGKrnl - ok

11:02:14.0374 4824 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys

11:02:14.0481 4824 e1express - ok

11:02:14.0510 4824 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

11:02:14.0630 4824 E1G60 - ok

11:02:14.0674 4824 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

11:02:14.0725 4824 Ecache - ok

11:02:14.0780 4824 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

11:02:14.0968 4824 elxstor - ok

11:02:15.0042 4824 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

11:02:15.0180 4824 exfat - ok

11:02:15.0211 4824 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

11:02:15.0302 4824 fastfat - ok

11:02:15.0366 4824 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

11:02:15.0464 4824 fdc - ok

11:02:15.0557 4824 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

11:02:15.0609 4824 FileInfo - ok

11:02:15.0756 4824 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

11:02:15.0828 4824 Filetrace - ok

11:02:15.0852 4824 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

11:02:15.0912 4824 flpydisk - ok

11:02:16.0014 4824 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

11:02:16.0088 4824 FltMgr - ok

11:02:16.0147 4824 FlyUsb (85e5ad3a9d56fd6f92db5fc9ca62e2e4) C:\Windows\system32\DRIVERS\FlyUsb.sys

11:02:16.0271 4824 FlyUsb - ok

11:02:16.0333 4824 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

11:02:16.0367 4824 fssfltr - ok

11:02:16.0405 4824 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

11:02:16.0442 4824 Fs_Rec - ok

11:02:16.0541 4824 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

11:02:16.0591 4824 gagp30kx - ok

11:02:16.0623 4824 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

11:02:16.0665 4824 GEARAspiWDM - ok

11:02:16.0764 4824 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

11:02:16.0858 4824 HdAudAddService - ok

11:02:17.0031 4824 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

11:02:17.0114 4824 HDAudBus - ok

11:02:17.0282 4824 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

11:02:17.0346 4824 HidBth - ok

11:02:17.0438 4824 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

11:02:17.0553 4824 HidIr - ok

11:02:17.0622 4824 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

11:02:17.0658 4824 HidUsb - ok

11:02:17.0820 4824 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

11:02:17.0853 4824 HpCISSs - ok

11:02:17.0993 4824 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

11:02:18.0171 4824 HTTP - ok

11:02:18.0191 4824 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

11:02:18.0242 4824 i2omp - ok

11:02:18.0294 4824 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

11:02:18.0350 4824 i8042prt - ok

11:02:18.0380 4824 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

11:02:18.0430 4824 iaStorV - ok

11:02:18.0451 4824 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

11:02:18.0488 4824 iirsp - ok

11:02:18.0536 4824 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys

11:02:18.0560 4824 intelide - ok

11:02:18.0587 4824 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

11:02:18.0643 4824 intelppm - ok

11:02:18.0703 4824 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:02:18.0778 4824 IpFilterDriver - ok

11:02:18.0797 4824 IpInIp - ok

11:02:18.0859 4824 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

11:02:18.0963 4824 IPMIDRV - ok

11:02:18.0999 4824 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

11:02:19.0156 4824 IPNAT - ok

11:02:19.0369 4824 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

11:02:19.0473 4824 IRENUM - ok

11:02:19.0622 4824 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

11:02:19.0756 4824 isapnp - ok

11:02:19.0805 4824 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

11:02:19.0829 4824 iScsiPrt - ok

11:02:19.0854 4824 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

11:02:19.0876 4824 iteatapi - ok

11:02:19.0915 4824 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

11:02:19.0949 4824 iteraid - ok

11:02:19.0986 4824 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

11:02:20.0024 4824 kbdclass - ok

11:02:20.0063 4824 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

11:02:20.0152 4824 kbdhid - ok

11:02:20.0231 4824 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

11:02:20.0304 4824 KSecDD - ok

11:02:20.0365 4824 LHidFilt (8b30311241f97b35167afe68d79e8530) C:\Windows\system32\DRIVERS\LHidFilt.Sys

11:02:20.0405 4824 LHidFilt - ok

11:02:20.0519 4824 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

11:02:20.0580 4824 lltdio - ok

11:02:20.0617 4824 LMouFilt (48d7422a6c4eec886b56ac534cfa3acf) C:\Windows\system32\DRIVERS\LMouFilt.Sys

11:02:20.0654 4824 LMouFilt - ok

11:02:20.0688 4824 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

11:02:20.0715 4824 LSI_FC - ok

11:02:20.0741 4824 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

11:02:20.0786 4824 LSI_SAS - ok

11:02:20.0837 4824 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

11:02:20.0893 4824 LSI_SCSI - ok

11:02:20.0966 4824 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

11:02:21.0063 4824 luafv - ok

11:02:21.0129 4824 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\Drivers\LVPr2Mon.sys

11:02:21.0165 4824 LVPr2Mon - ok

11:02:21.0221 4824 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys

11:02:21.0292 4824 LVRS - ok

11:02:21.0399 4824 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\Windows\system32\drivers\LVUSBSta.sys

11:02:21.0473 4824 LVUSBSta - ok

11:02:21.0644 4824 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys

11:02:21.0886 4824 LVUVC - ok

11:02:21.0920 4824 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

11:02:21.0940 4824 MBAMProtector - ok

11:02:21.0983 4824 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

11:02:22.0047 4824 megasas - ok

11:02:22.0085 4824 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

11:02:22.0130 4824 Modem - ok

11:02:22.0216 4824 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

11:02:22.0273 4824 monitor - ok

11:02:22.0298 4824 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

11:02:22.0335 4824 mouclass - ok

11:02:22.0510 4824 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

11:02:22.0611 4824 mouhid - ok

11:02:22.0690 4824 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

11:02:22.0801 4824 MountMgr - ok

11:02:22.0881 4824 MpFilter (356842aac621ab40f18992c01a590f71) C:\Windows\system32\DRIVERS\MpFilter.sys

11:02:22.0913 4824 MpFilter - ok

11:02:22.0945 4824 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

11:02:22.0997 4824 mpio - ok

11:02:23.0185 4824 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

11:02:23.0255 4824 mpsdrv - ok

11:02:23.0301 4824 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

11:02:23.0454 4824 Mraid35x - ok

11:02:23.0526 4824 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

11:02:23.0561 4824 MRxDAV - ok

11:02:23.0619 4824 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:02:23.0714 4824 mrxsmb - ok

11:02:23.0799 4824 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:02:23.0852 4824 mrxsmb10 - ok

11:02:23.0870 4824 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:02:23.0965 4824 mrxsmb20 - ok

11:02:24.0042 4824 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys

11:02:24.0168 4824 msahci - ok

11:02:24.0213 4824 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

11:02:24.0408 4824 msdsm - ok

11:02:24.0482 4824 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys

11:02:24.0624 4824 MSDV - ok

11:02:24.0897 4824 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

11:02:24.0997 4824 Msfs - ok

11:02:25.0150 4824 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

11:02:25.0175 4824 msisadrv - ok

11:02:25.0268 4824 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

11:02:25.0390 4824 MSKSSRV - ok

11:02:25.0446 4824 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

11:02:25.0475 4824 MSPCLOCK - ok

11:02:25.0548 4824 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

11:02:25.0668 4824 MSPQM - ok

11:02:25.0743 4824 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

11:02:25.0831 4824 MsRPC - ok

11:02:25.0980 4824 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

11:02:26.0004 4824 mssmbios - ok

11:02:26.0047 4824 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

11:02:26.0165 4824 MSTEE - ok

11:02:26.0172 4824 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

11:02:26.0221 4824 Mup - ok

11:02:26.0324 4824 N5SG (77dad453144952e7cec56ac6e2061fd7) C:\Windows\system32\DRIVERS\N5SG.sys

11:02:26.0385 4824 N5SG ( UnsignedFile.Multi.Generic ) - warning

11:02:26.0385 4824 N5SG - detected UnsignedFile.Multi.Generic (1)

11:02:26.0582 4824 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

11:02:26.0731 4824 NativeWifiP - ok

11:02:26.0855 4824 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

11:02:26.0966 4824 NDIS - ok

11:02:26.0986 4824 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

11:02:27.0071 4824 NdisTapi - ok

11:02:27.0132 4824 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

11:02:27.0197 4824 Ndisuio - ok

11:02:27.0224 4824 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

11:02:27.0273 4824 NdisWan - ok

11:02:27.0322 4824 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

11:02:27.0405 4824 NDProxy - ok

11:02:27.0433 4824 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

11:02:27.0502 4824 NetBIOS - ok

11:02:27.0532 4824 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

11:02:27.0651 4824 netbt - ok

11:02:27.0779 4824 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

11:02:27.0834 4824 nfrd960 - ok

11:02:27.0843 4824 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

11:02:27.0917 4824 Npfs - ok

11:02:27.0948 4824 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

11:02:28.0038 4824 nsiproxy - ok

11:02:28.0156 4824 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

11:02:28.0399 4824 Ntfs - ok

11:02:28.0442 4824 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

11:02:28.0526 4824 ntrigdigi - ok

11:02:28.0538 4824 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

11:02:28.0568 4824 Null - ok

11:02:28.0612 4824 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys

11:02:28.0700 4824 nvraid - ok

11:02:28.0732 4824 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys

11:02:28.0897 4824 nvstor - ok

11:02:28.0923 4824 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

11:02:28.0996 4824 nv_agp - ok

11:02:29.0015 4824 NwlnkFlt - ok

11:02:29.0024 4824 NwlnkFwd - ok

11:02:29.0076 4824 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

11:02:29.0155 4824 ohci1394 - ok

11:02:29.0169 4824 OMCI - ok

11:02:29.0238 4824 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

11:02:29.0367 4824 Parport - ok

11:02:29.0417 4824 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

11:02:29.0468 4824 partmgr - ok

11:02:29.0485 4824 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

11:02:29.0539 4824 Parvdm - ok

11:02:29.0587 4824 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

11:02:29.0599 4824 pci - ok

11:02:29.0635 4824 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

11:02:29.0661 4824 pciide - ok

11:02:29.0687 4824 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

11:02:29.0724 4824 pcmcia - ok

11:02:29.0793 4824 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys

11:02:29.0911 4824 pcouffin - ok

11:02:29.0974 4824 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys

11:02:30.0004 4824 PdiPorts - ok

11:02:30.0048 4824 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

11:02:30.0170 4824 PEAUTH - ok

11:02:30.0297 4824 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

11:02:30.0383 4824 PptpMiniport - ok

11:02:30.0416 4824 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

11:02:30.0488 4824 Processor - ok

11:02:30.0544 4824 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

11:02:30.0631 4824 PSched - ok

11:02:30.0659 4824 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys

11:02:30.0705 4824 PxHelp20 - ok

11:02:30.0775 4824 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

11:02:30.0848 4824 ql2300 - ok

11:02:30.0905 4824 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

11:02:31.0093 4824 ql40xx - ok

11:02:31.0126 4824 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

11:02:31.0227 4824 QWAVEdrv - ok

11:02:31.0350 4824 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

11:02:31.0424 4824 RasAcd - ok

11:02:31.0453 4824 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:02:31.0554 4824 Rasl2tp - ok

11:02:31.0618 4824 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

11:02:31.0674 4824 RasPppoe - ok

11:02:31.0700 4824 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

11:02:31.0790 4824 RasSstp - ok

11:02:31.0944 4824 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

11:02:32.0036 4824 rdbss - ok

11:02:32.0077 4824 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:02:32.0121 4824 RDPCDD - ok

11:02:32.0355 4824 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

11:02:32.0448 4824 rdpdr - ok

11:02:32.0521 4824 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

11:02:32.0553 4824 RDPENCDD - ok

11:02:32.0590 4824 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

11:02:32.0695 4824 RDPWD - ok

11:02:32.0848 4824 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys

11:02:32.0960 4824 RimUsb - ok

11:02:33.0139 4824 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys

11:02:33.0264 4824 RimVSerPort - ok

11:02:33.0322 4824 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

11:02:33.0353 4824 ROOTMODEM - ok

11:02:33.0499 4824 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

11:02:33.0609 4824 rspndr - ok

11:02:33.0659 4824 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

11:02:33.0744 4824 sbp2port - ok

11:02:33.0765 4824 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

11:02:33.0845 4824 secdrv - ok

11:02:33.0910 4824 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\Windows\System32\Drivers\SENTINEL.SYS

11:02:34.0164 4824 Sentinel - ok

11:02:34.0236 4824 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

11:02:34.0327 4824 Serenum - ok

11:02:34.0599 4824 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

11:02:34.0700 4824 Serial - ok

11:02:34.0956 4824 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

11:02:35.0042 4824 sermouse - ok

11:02:35.0260 4824 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

11:02:35.0417 4824 sffdisk - ok

11:02:35.0730 4824 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

11:02:35.0831 4824 sffp_mmc - ok

11:02:35.0912 4824 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

11:02:35.0996 4824 sffp_sd - ok

11:02:36.0291 4824 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

11:02:36.0357 4824 sfloppy - ok

11:02:36.0414 4824 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

11:02:36.0460 4824 sisagp - ok

11:02:36.0513 4824 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

11:02:36.0547 4824 SiSRaid2 - ok

11:02:36.0584 4824 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

11:02:36.0632 4824 SiSRaid4 - ok

11:02:36.0761 4824 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

11:02:36.0853 4824 Smb - ok

11:02:37.0043 4824 SNTNLUSB (ce724fc3ef8468bbab146ca1793c66dc) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS

11:02:37.0083 4824 SNTNLUSB - ok

11:02:37.0113 4824 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

11:02:37.0142 4824 spldr - ok

11:02:37.0233 4824 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys

11:02:37.0233 4824 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9

11:02:37.0235 4824 sptd ( LockedFile.Multi.Generic ) - warning

11:02:37.0235 4824 sptd - detected LockedFile.Multi.Generic (1)

11:02:37.0387 4824 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

11:02:37.0486 4824 srv - ok

11:02:37.0554 4824 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

11:02:37.0597 4824 srv2 - ok

11:02:37.0624 4824 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

11:02:37.0711 4824 srvnet - ok

11:02:37.0780 4824 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys

11:02:37.0877 4824 SSPORT ( UnsignedFile.Multi.Generic ) - warning

11:02:37.0877 4824 SSPORT - detected UnsignedFile.Multi.Generic (1)

11:02:37.0975 4824 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

11:02:37.0999 4824 swenum - ok

11:02:38.0121 4824 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

11:02:38.0163 4824 Symc8xx - ok

11:02:38.0200 4824 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

11:02:38.0245 4824 Sym_hi - ok

11:02:38.0333 4824 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

11:02:38.0367 4824 Sym_u3 - ok

11:02:38.0551 4824 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

11:02:38.0651 4824 Tcpip - ok

11:02:38.0686 4824 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

11:02:38.0728 4824 Tcpip6 - ok

11:02:38.0762 4824 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

11:02:38.0839 4824 tcpipreg - ok

11:02:38.0885 4824 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

11:02:38.0968 4824 TDPIPE - ok

11:02:39.0107 4824 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

11:02:39.0156 4824 TDTCP - ok

11:02:39.0215 4824 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

11:02:39.0308 4824 tdx - ok

11:02:39.0375 4824 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

11:02:39.0426 4824 TermDD - ok

11:02:39.0473 4824 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:02:39.0519 4824 tssecsrv - ok

11:02:39.0550 4824 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

11:02:39.0651 4824 tunmp - ok

11:02:39.0706 4824 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

11:02:39.0766 4824 tunnel - ok

11:02:39.0843 4824 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

11:02:39.0903 4824 uagp35 - ok

11:02:39.0948 4824 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

11:02:39.0991 4824 udfs - ok

11:02:40.0015 4824 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

11:02:40.0067 4824 uliagpkx - ok

11:02:40.0171 4824 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

11:02:40.0286 4824 uliahci - ok

11:02:40.0311 4824 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

11:02:40.0348 4824 UlSata - ok

11:02:40.0371 4824 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

11:02:40.0408 4824 ulsata2 - ok

11:02:40.0436 4824 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

11:02:40.0509 4824 umbus - ok

11:02:40.0617 4824 USB28xxBGA (48bfa9c9145b7527aa8849c974756461) C:\Windows\system32\DRIVERS\emBDA.sys

11:02:40.0877 4824 USB28xxBGA - ok

11:02:40.0921 4824 USB28xxOEM (9053737716744587b748cf7aaa424758) C:\Windows\system32\DRIVERS\emOEM.sys

11:02:40.0978 4824 USB28xxOEM - ok

11:02:41.0047 4824 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

11:02:41.0140 4824 USBAAPL - ok

11:02:41.0186 4824 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

11:02:41.0273 4824 usbaudio - ok

11:02:41.0369 4824 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

11:02:41.0453 4824 usbccgp - ok

11:02:41.0488 4824 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

11:02:41.0587 4824 usbcir - ok

11:02:41.0608 4824 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

11:02:41.0663 4824 usbehci - ok

11:02:41.0699 4824 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

11:02:41.0763 4824 usbhub - ok

11:02:41.0788 4824 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

11:02:41.0837 4824 usbohci - ok

11:02:41.0861 4824 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

11:02:41.0943 4824 usbprint - ok

11:02:41.0974 4824 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

11:02:42.0025 4824 usbscan - ok

11:02:42.0033 4824 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:02:42.0099 4824 USBSTOR - ok

11:02:42.0133 4824 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

11:02:42.0171 4824 usbuhci - ok

11:02:42.0210 4824 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys

11:02:42.0305 4824 usbvideo - ok

11:02:42.0487 4824 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

11:02:42.0549 4824 vga - ok

11:02:42.0685 4824 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

11:02:42.0735 4824 VgaSave - ok

11:02:42.0770 4824 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

11:02:42.0817 4824 viaagp - ok

11:02:42.0834 4824 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

11:02:42.0925 4824 ViaC7 - ok

11:02:42.0967 4824 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys

11:02:43.0010 4824 viaide - ok

11:02:43.0068 4824 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

11:02:43.0115 4824 volmgr - ok

11:02:43.0268 4824 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

11:02:43.0313 4824 volmgrx - ok

11:02:43.0352 4824 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

11:02:43.0399 4824 volsnap - ok

11:02:43.0440 4824 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

11:02:43.0502 4824 vsmraid - ok

11:02:43.0543 4824 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS

11:02:43.0629 4824 VSTHWBS2 - ok

11:02:43.0670 4824 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

11:02:43.0758 4824 VST_DPV - ok

11:02:43.0819 4824 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

11:02:43.0878 4824 WacomPen - ok

11:02:43.0920 4824 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

11:02:44.0003 4824 Wanarp - ok

11:02:44.0007 4824 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

11:02:44.0048 4824 Wanarpv6 - ok

11:02:44.0073 4824 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

11:02:44.0101 4824 Wd - ok

11:02:44.0146 4824 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

11:02:44.0236 4824 Wdf01000 - ok

11:02:44.0291 4824 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

11:02:44.0388 4824 winachsf - ok

11:02:44.0459 4824 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS

11:02:44.0521 4824 WinUsb - ok

11:02:44.0559 4824 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

11:02:44.0613 4824 WmiAcpi - ok

11:02:44.0746 4824 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

11:02:44.0810 4824 WpdUsb - ok

11:02:44.0880 4824 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

11:02:44.0937 4824 ws2ifsl - ok

11:02:44.0985 4824 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:02:45.0065 4824 WUDFRd - ok

11:02:45.0095 4824 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

11:02:45.0235 4824 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

11:02:45.0235 4824 \Device\Harddisk0\DR0 - detected TDSS File System (1)

11:02:45.0239 4824 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5

11:02:45.0708 4824 \Device\Harddisk5\DR5 - ok

11:02:45.0728 4824 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR6

11:02:45.0845 4824 \Device\Harddisk6\DR6 - ok

11:02:45.0855 4824 Boot (0x1200) (72c9b9c4bb3bbf1d1f668a4fea4533af) \Device\Harddisk0\DR0\Partition0

11:02:45.0856 4824 \Device\Harddisk0\DR0\Partition0 - ok

11:02:45.0859 4824 Boot (0x1200) (1b3678f513eb38e152e46d7d2f1d7091) \Device\Harddisk5\DR5\Partition0

11:02:45.0860 4824 \Device\Harddisk5\DR5\Partition0 - ok

11:02:45.0863 4824 Boot (0x1200) (19270f5db212c5652859b65ba4ab0cb3) \Device\Harddisk6\DR6\Partition0

11:02:45.0864 4824 \Device\Harddisk6\DR6\Partition0 - ok

11:02:45.0864 4824 ============================================================

11:02:45.0864 4824 Scan finished

11:02:45.0864 4824 ============================================================

11:02:45.0872 5640 Detected object count: 7

11:02:45.0872 5640 Actual detected object count: 7

11:03:33.0049 5640 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:33.0049 5640 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:33.0050 5640 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:33.0050 5640 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:33.0051 5640 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:33.0051 5640 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:33.0052 5640 N5SG ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:33.0052 5640 N5SG ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:33.0053 5640 sptd ( LockedFile.Multi.Generic ) - skipped by user

11:03:33.0053 5640 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

11:03:33.0054 5640 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user

11:03:33.0054 5640 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:03:33.0055 5640 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

11:03:33.0055 5640 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

11:03:48.0518 4108 Deinitialize success

Link to post
Share on other sites

Thanks :)

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Execute TDSSKiller.exe and press Start Scan.

  • Select Cure on this entry.
    11:03:33.0055 5640 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

  • Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed
  • Click Continue then click Reboot now.

Once complete, a log will be produced at the root drive which is typically C:\

For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please post the contents of that log in your next reply.

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

Please post in your next reply

TDSSKiller Log

Combofix.txt

Link to post
Share on other sites

On TDSSKiller I was not given the option of cure, just Skip, Quarentine or Delete. Here are the logs:

08:38:35.0684 4856 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46

08:38:36.0049 4856 ============================================================

08:38:36.0049 4856 Current date / time: 2012/02/08 08:38:36.0049

08:38:36.0049 4856 SystemInfo:

08:38:36.0049 4856

08:38:36.0049 4856 OS Version: 6.0.6002 ServicePack: 2.0

08:38:36.0049 4856 Product type: Workstation

08:38:36.0049 4856 ComputerName: HOMEOFFICE-PC

08:38:36.0049 4856 UserName: Willy

08:38:36.0049 4856 Windows directory: C:\Windows

08:38:36.0049 4856 System windows directory: C:\Windows

08:38:36.0049 4856 Processor architecture: Intel x86

08:38:36.0049 4856 Number of processors: 4

08:38:36.0049 4856 Page size: 0x1000

08:38:36.0049 4856 Boot type: Normal boot

08:38:36.0050 4856 ============================================================

08:38:38.0644 4856 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

08:38:38.0700 4856 Drive \Device\Harddisk5\DR5 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

08:38:38.0745 4856 Drive \Device\Harddisk6\DR6 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

08:38:38.0746 4856 \Device\Harddisk0\DR0:

08:38:38.0746 4856 MBR used

08:38:38.0746 4856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

08:38:38.0746 4856 \Device\Harddisk5\DR5:

08:38:38.0746 4856 MBR used

08:38:38.0746 4856 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000

08:38:38.0746 4856 \Device\Harddisk6\DR6:

08:38:38.0747 4856 MBR used

08:38:38.0747 4856 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2

08:38:39.0285 4856 Initialize success

08:38:39.0285 4856 ============================================================

08:38:46.0662 4208 ============================================================

08:38:46.0663 4208 Scan started

08:38:46.0663 4208 Mode: Manual; SigCheck; TDLFS;

08:38:46.0663 4208 ============================================================

08:38:48.0269 4208 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys

08:38:48.0591 4208 61883 - ok

08:38:48.0772 4208 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

08:38:48.0801 4208 ACPI - ok

08:38:48.0894 4208 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

08:38:49.0015 4208 adp94xx - ok

08:38:49.0058 4208 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

08:38:49.0182 4208 adpahci - ok

08:38:49.0211 4208 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

08:38:49.0260 4208 adpu160m - ok

08:38:49.0339 4208 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

08:38:49.0393 4208 adpu320 - ok

08:38:49.0442 4208 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys

08:38:49.0490 4208 Afc - ok

08:38:49.0569 4208 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

08:38:49.0664 4208 AFD - ok

08:38:49.0689 4208 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

08:38:49.0737 4208 agp440 - ok

08:38:49.0772 4208 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

08:38:49.0814 4208 aic78xx - ok

08:38:49.0850 4208 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys

08:38:49.0871 4208 aliide - ok

08:38:49.0911 4208 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

08:38:49.0957 4208 amdagp - ok

08:38:49.0992 4208 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys

08:38:50.0023 4208 amdide - ok

08:38:50.0055 4208 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

08:38:50.0236 4208 AmdK7 - ok

08:38:50.0295 4208 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

08:38:50.0399 4208 AmdK8 - ok

08:38:50.0464 4208 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

08:38:50.0506 4208 arc - ok

08:38:50.0536 4208 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

08:38:50.0585 4208 arcsas - ok

08:38:50.0657 4208 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys

08:38:50.0731 4208 ASPI32 ( UnsignedFile.Multi.Generic ) - warning

08:38:50.0731 4208 ASPI32 - detected UnsignedFile.Multi.Generic (1)

08:38:50.0764 4208 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

08:38:50.0823 4208 AsyncMac - ok

08:38:50.0881 4208 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

08:38:50.0902 4208 atapi - ok

08:38:51.0069 4208 atikmdag (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys

08:38:51.0230 4208 atikmdag - ok

08:38:51.0264 4208 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys

08:38:51.0360 4208 Avc - ok

08:38:51.0410 4208 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

08:38:51.0480 4208 Beep - ok

08:38:51.0490 4208 blbdrive - ok

08:38:51.0576 4208 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

08:38:51.0699 4208 bowser - ok

08:38:51.0739 4208 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

08:38:51.0928 4208 BrFiltLo - ok

08:38:51.0947 4208 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

08:38:51.0981 4208 BrFiltUp - ok

08:38:52.0057 4208 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

08:38:52.0227 4208 Brserid - ok

08:38:52.0334 4208 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

08:38:52.0434 4208 BrSerWdm - ok

08:38:52.0475 4208 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

08:38:52.0580 4208 BrUsbMdm - ok

08:38:52.0602 4208 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

08:38:52.0688 4208 BrUsbSer - ok

08:38:52.0717 4208 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

08:38:52.0809 4208 BTHMODEM - ok

08:38:52.0862 4208 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

08:38:52.0984 4208 cdfs - ok

08:38:53.0049 4208 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

08:38:53.0148 4208 cdrom - ok

08:38:53.0181 4208 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

08:38:53.0262 4208 circlass - ok

08:38:53.0311 4208 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

08:38:53.0342 4208 CLFS - ok

08:38:53.0404 4208 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys

08:38:53.0448 4208 cmdide - ok

08:38:53.0519 4208 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

08:38:53.0560 4208 Compbatt - ok

08:38:53.0604 4208 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

08:38:53.0621 4208 crcdisk - ok

08:38:53.0639 4208 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

08:38:53.0725 4208 Crusoe - ok

08:38:54.0009 4208 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys

08:38:54.0119 4208 CVirtA - ok

08:38:54.0396 4208 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys

08:38:54.0468 4208 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

08:38:54.0468 4208 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

08:38:54.0491 4208 dbhjcjpf - ok

08:38:54.0574 4208 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

08:38:54.0682 4208 DfsC - ok

08:38:54.0873 4208 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys

08:38:54.0957 4208 DgiVecp ( UnsignedFile.Multi.Generic ) - warning

08:38:54.0957 4208 DgiVecp - detected UnsignedFile.Multi.Generic (1)

08:38:55.0025 4208 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

08:38:55.0055 4208 disk - ok

08:38:55.0126 4208 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys

08:38:55.0143 4208 DNE - ok

08:38:55.0224 4208 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

08:38:55.0324 4208 drmkaud - ok

08:38:55.0431 4208 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

08:38:55.0584 4208 DXGKrnl - ok

08:38:55.0660 4208 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys

08:38:55.0757 4208 e1express - ok

08:38:55.0867 4208 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

08:38:56.0033 4208 E1G60 - ok

08:38:56.0141 4208 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

08:38:56.0174 4208 Ecache - ok

08:38:56.0218 4208 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

08:38:56.0269 4208 elxstor - ok

08:38:56.0346 4208 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

08:38:56.0441 4208 exfat - ok

08:38:56.0458 4208 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

08:38:56.0538 4208 fastfat - ok

08:38:56.0599 4208 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

08:38:56.0688 4208 fdc - ok

08:38:56.0715 4208 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

08:38:56.0724 4208 FileInfo - ok

08:38:56.0794 4208 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

08:38:56.0900 4208 Filetrace - ok

08:38:56.0947 4208 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

08:38:57.0019 4208 flpydisk - ok

08:38:57.0125 4208 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

08:38:57.0151 4208 FltMgr - ok

08:38:57.0190 4208 FlyUsb (85e5ad3a9d56fd6f92db5fc9ca62e2e4) C:\Windows\system32\DRIVERS\FlyUsb.sys

08:38:57.0287 4208 FlyUsb - ok

08:38:57.0362 4208 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

08:38:57.0448 4208 fssfltr - ok

08:38:57.0486 4208 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

08:38:57.0521 4208 Fs_Rec - ok

08:38:57.0540 4208 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

08:38:57.0589 4208 gagp30kx - ok

08:38:57.0621 4208 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

08:38:57.0658 4208 GEARAspiWDM - ok

08:38:57.0729 4208 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

08:38:57.0864 4208 HdAudAddService - ok

08:38:58.0037 4208 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

08:38:58.0127 4208 HDAudBus - ok

08:38:58.0170 4208 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

08:38:58.0220 4208 HidBth - ok

08:38:58.0237 4208 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

08:38:58.0344 4208 HidIr - ok

08:38:58.0366 4208 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

08:38:58.0442 4208 HidUsb - ok

08:38:58.0457 4208 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

08:38:58.0489 4208 HpCISSs - ok

08:38:58.0617 4208 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

08:38:58.0729 4208 HTTP - ok

08:38:58.0781 4208 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

08:38:58.0811 4208 i2omp - ok

08:38:58.0842 4208 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

08:38:58.0900 4208 i8042prt - ok

08:38:59.0000 4208 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

08:38:59.0063 4208 iaStorV - ok

08:38:59.0079 4208 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

08:38:59.0109 4208 iirsp - ok

08:38:59.0203 4208 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys

08:38:59.0236 4208 intelide - ok

08:38:59.0344 4208 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

08:38:59.0414 4208 intelppm - ok

08:38:59.0466 4208 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:38:59.0529 4208 IpFilterDriver - ok

08:38:59.0548 4208 IpInIp - ok

08:38:59.0606 4208 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

08:38:59.0720 4208 IPMIDRV - ok

08:38:59.0781 4208 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

08:38:59.0826 4208 IPNAT - ok

08:38:59.0880 4208 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

08:38:59.0947 4208 IRENUM - ok

08:38:59.0984 4208 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

08:39:00.0024 4208 isapnp - ok

08:39:00.0206 4208 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

08:39:00.0229 4208 iScsiPrt - ok

08:39:00.0345 4208 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

08:39:00.0379 4208 iteatapi - ok

08:39:00.0442 4208 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

08:39:00.0481 4208 iteraid - ok

08:39:00.0518 4208 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

08:39:00.0555 4208 kbdclass - ok

08:39:00.0622 4208 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

08:39:00.0694 4208 kbdhid - ok

08:39:00.0790 4208 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

08:39:00.0820 4208 KSecDD - ok

08:39:00.0882 4208 LHidFilt (8b30311241f97b35167afe68d79e8530) C:\Windows\system32\DRIVERS\LHidFilt.Sys

08:39:00.0924 4208 LHidFilt - ok

08:39:00.0968 4208 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

08:39:01.0028 4208 lltdio - ok

08:39:01.0059 4208 LMouFilt (48d7422a6c4eec886b56ac534cfa3acf) C:\Windows\system32\DRIVERS\LMouFilt.Sys

08:39:01.0095 4208 LMouFilt - ok

08:39:01.0124 4208 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

08:39:01.0168 4208 LSI_FC - ok

08:39:01.0262 4208 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

08:39:01.0311 4208 LSI_SAS - ok

08:39:01.0341 4208 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

08:39:01.0397 4208 LSI_SCSI - ok

08:39:01.0433 4208 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

08:39:01.0529 4208 luafv - ok

08:39:01.0557 4208 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\Drivers\LVPr2Mon.sys

08:39:01.0592 4208 LVPr2Mon - ok

08:39:01.0657 4208 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys

08:39:01.0720 4208 LVRS - ok

08:39:01.0775 4208 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\Windows\system32\drivers\LVUSBSta.sys

08:39:01.0842 4208 LVUSBSta - ok

08:39:01.0961 4208 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys

08:39:02.0145 4208 LVUVC - ok

08:39:02.0209 4208 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

08:39:02.0230 4208 MBAMProtector - ok

08:39:02.0337 4208 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

08:39:02.0368 4208 megasas - ok

08:39:02.0398 4208 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

08:39:02.0479 4208 Modem - ok

08:39:02.0704 4208 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

08:39:02.0757 4208 monitor - ok

08:39:02.0873 4208 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

08:39:02.0902 4208 mouclass - ok

08:39:02.0936 4208 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

08:39:03.0002 4208 mouhid - ok

08:39:03.0083 4208 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

08:39:03.0110 4208 MountMgr - ok

08:39:03.0174 4208 MpFilter (356842aac621ab40f18992c01a590f71) C:\Windows\system32\DRIVERS\MpFilter.sys

08:39:03.0204 4208 MpFilter - ok

08:39:03.0281 4208 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

08:39:03.0339 4208 mpio - ok

08:39:03.0370 4208 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

08:39:03.0432 4208 mpsdrv - ok

08:39:03.0466 4208 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

08:39:03.0494 4208 Mraid35x - ok

08:39:03.0562 4208 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

08:39:03.0712 4208 MRxDAV - ok

08:39:03.0776 4208 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

08:39:03.0900 4208 mrxsmb - ok

08:39:03.0959 4208 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:39:04.0030 4208 mrxsmb10 - ok

08:39:04.0051 4208 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:39:04.0142 4208 mrxsmb20 - ok

08:39:04.0186 4208 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys

08:39:04.0204 4208 msahci - ok

08:39:04.0232 4208 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

08:39:04.0289 4208 msdsm - ok

08:39:04.0332 4208 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys

08:39:04.0418 4208 MSDV - ok

08:39:04.0445 4208 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

08:39:04.0519 4208 Msfs - ok

08:39:04.0539 4208 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

08:39:04.0547 4208 msisadrv - ok

08:39:04.0566 4208 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

08:39:04.0695 4208 MSKSSRV - ok

08:39:04.0718 4208 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

08:39:04.0745 4208 MSPCLOCK - ok

08:39:04.0765 4208 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

08:39:04.0793 4208 MSPQM - ok

08:39:04.0851 4208 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

08:39:04.0902 4208 MsRPC - ok

08:39:04.0938 4208 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

08:39:04.0961 4208 mssmbios - ok

08:39:04.0979 4208 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

08:39:05.0038 4208 MSTEE - ok

08:39:05.0046 4208 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

08:39:05.0074 4208 Mup - ok

08:39:05.0116 4208 N5SG (77dad453144952e7cec56ac6e2061fd7) C:\Windows\system32\DRIVERS\N5SG.sys

08:39:05.0160 4208 N5SG ( UnsignedFile.Multi.Generic ) - warning

08:39:05.0160 4208 N5SG - detected UnsignedFile.Multi.Generic (1)

08:39:05.0236 4208 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

08:39:05.0299 4208 NativeWifiP - ok

08:39:05.0373 4208 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

08:39:05.0408 4208 NDIS - ok

08:39:05.0471 4208 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

08:39:05.0515 4208 NdisTapi - ok

08:39:05.0541 4208 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

08:39:05.0614 4208 Ndisuio - ok

08:39:05.0644 4208 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

08:39:05.0725 4208 NdisWan - ok

08:39:05.0769 4208 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

08:39:05.0855 4208 NDProxy - ok

08:39:05.0877 4208 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

08:39:05.0978 4208 NetBIOS - ok

08:39:06.0016 4208 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

08:39:06.0095 4208 netbt - ok

08:39:06.0133 4208 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

08:39:06.0172 4208 nfrd960 - ok

08:39:06.0181 4208 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

08:39:06.0231 4208 Npfs - ok

08:39:06.0240 4208 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

08:39:06.0282 4208 nsiproxy - ok

08:39:06.0360 4208 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

08:39:06.0566 4208 Ntfs - ok

08:39:06.0606 4208 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

08:39:06.0684 4208 ntrigdigi - ok

08:39:06.0717 4208 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

08:39:06.0746 4208 Null - ok

08:39:06.0782 4208 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys

08:39:06.0862 4208 nvraid - ok

08:39:06.0886 4208 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys

08:39:06.0969 4208 nvstor - ok

08:39:06.0996 4208 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

08:39:07.0030 4208 nv_agp - ok

08:39:07.0036 4208 NwlnkFlt - ok

08:39:07.0045 4208 NwlnkFwd - ok

08:39:07.0089 4208 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

08:39:07.0177 4208 ohci1394 - ok

08:39:07.0186 4208 OMCI - ok

08:39:07.0255 4208 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

08:39:07.0362 4208 Parport - ok

08:39:07.0405 4208 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

08:39:07.0435 4208 partmgr - ok

08:39:07.0464 4208 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

08:39:07.0518 4208 Parvdm - ok

08:39:07.0575 4208 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

08:39:07.0598 4208 pci - ok

08:39:07.0623 4208 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

08:39:07.0640 4208 pciide - ok

08:39:07.0681 4208 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

08:39:07.0716 4208 pcmcia - ok

08:39:07.0775 4208 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys

08:39:07.0829 4208 pcouffin - ok

08:39:07.0954 4208 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys

08:39:07.0984 4208 PdiPorts - ok

08:39:08.0020 4208 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

08:39:08.0147 4208 PEAUTH - ok

08:39:08.0201 4208 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

08:39:08.0302 4208 PptpMiniport - ok

08:39:08.0347 4208 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

08:39:08.0423 4208 Processor - ok

08:39:08.0465 4208 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

08:39:08.0566 4208 PSched - ok

08:39:08.0589 4208 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys

08:39:08.0615 4208 PxHelp20 - ok

08:39:08.0657 4208 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

08:39:08.0742 4208 ql2300 - ok

08:39:08.0786 4208 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

08:39:08.0855 4208 ql40xx - ok

08:39:08.0901 4208 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

08:39:08.0988 4208 QWAVEdrv - ok

08:39:09.0048 4208 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

08:39:09.0089 4208 RasAcd - ok

08:39:09.0099 4208 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

08:39:09.0185 4208 Rasl2tp - ok

08:39:09.0242 4208 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

08:39:09.0292 4208 RasPppoe - ok

08:39:09.0300 4208 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

08:39:09.0403 4208 RasSstp - ok

08:39:09.0451 4208 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

08:39:09.0523 4208 rdbss - ok

08:39:09.0531 4208 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

08:39:09.0558 4208 RDPCDD - ok

08:39:09.0585 4208 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

08:39:09.0673 4208 rdpdr - ok

08:39:09.0691 4208 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

08:39:09.0719 4208 RDPENCDD - ok

08:39:09.0757 4208 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

08:39:09.0860 4208 RDPWD - ok

08:39:09.0925 4208 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys

08:39:10.0007 4208 RimUsb - ok

08:39:10.0051 4208 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys

08:39:10.0123 4208 RimVSerPort - ok

08:39:10.0174 4208 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

08:39:10.0202 4208 ROOTMODEM - ok

08:39:10.0241 4208 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

08:39:10.0309 4208 rspndr - ok

08:39:10.0342 4208 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

08:39:10.0399 4208 sbp2port - ok

08:39:10.0430 4208 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

08:39:10.0498 4208 secdrv - ok

08:39:10.0546 4208 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\Windows\System32\Drivers\SENTINEL.SYS

08:39:10.0783 4208 Sentinel - ok

08:39:10.0914 4208 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

08:39:11.0003 4208 Serenum - ok

08:39:11.0027 4208 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

08:39:11.0095 4208 Serial - ok

08:39:11.0133 4208 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

08:39:11.0214 4208 sermouse - ok

08:39:11.0255 4208 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

08:39:11.0315 4208 sffdisk - ok

08:39:11.0352 4208 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

08:39:11.0432 4208 sffp_mmc - ok

08:39:11.0489 4208 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

08:39:11.0570 4208 sffp_sd - ok

08:39:11.0601 4208 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

08:39:11.0669 4208 sfloppy - ok

08:39:11.0700 4208 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

08:39:11.0727 4208 sisagp - ok

08:39:11.0751 4208 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

08:39:11.0781 4208 SiSRaid2 - ok

08:39:11.0798 4208 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

08:39:11.0843 4208 SiSRaid4 - ok

08:39:11.0888 4208 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

08:39:11.0959 4208 Smb - ok

08:39:12.0007 4208 SNTNLUSB (ce724fc3ef8468bbab146ca1793c66dc) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS

08:39:12.0045 4208 SNTNLUSB - ok

08:39:12.0074 4208 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

08:39:12.0091 4208 spldr - ok

08:39:12.0194 4208 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\System32\Drivers\sptd.sys

08:39:13.0876 4208 sptd - ok

08:39:13.0915 4208 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

08:39:14.0007 4208 srv - ok

08:39:14.0049 4208 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

08:39:14.0124 4208 srv2 - ok

08:39:14.0169 4208 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

08:39:14.0222 4208 srvnet - ok

08:39:14.0259 4208 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys

08:39:14.0281 4208 SSPORT ( UnsignedFile.Multi.Generic ) - warning

08:39:14.0281 4208 SSPORT - detected UnsignedFile.Multi.Generic (1)

08:39:14.0330 4208 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

08:39:14.0347 4208 swenum - ok

08:39:14.0373 4208 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

08:39:14.0404 4208 Symc8xx - ok

08:39:14.0419 4208 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

08:39:14.0449 4208 Sym_hi - ok

08:39:14.0475 4208 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

08:39:14.0507 4208 Sym_u3 - ok

08:39:14.0566 4208 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

08:39:14.0664 4208 Tcpip - ok

08:39:14.0718 4208 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

08:39:14.0760 4208 Tcpip6 - ok

08:39:14.0793 4208 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

08:39:14.0827 4208 tcpipreg - ok

08:39:14.0887 4208 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

08:39:14.0956 4208 TDPIPE - ok

08:39:14.0979 4208 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

08:39:15.0027 4208 TDTCP - ok

08:39:15.0072 4208 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

08:39:15.0162 4208 tdx - ok

08:39:15.0179 4208 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

08:39:15.0230 4208 TermDD - ok

08:39:15.0264 4208 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

08:39:15.0308 4208 tssecsrv - ok

08:39:15.0340 4208 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

08:39:15.0420 4208 tunmp - ok

08:39:15.0463 4208 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

08:39:15.0521 4208 tunnel - ok

08:39:15.0557 4208 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

08:39:15.0603 4208 uagp35 - ok

08:39:15.0630 4208 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

08:39:15.0670 4208 udfs - ok

08:39:15.0703 4208 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

08:39:15.0756 4208 uliagpkx - ok

08:39:15.0793 4208 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

08:39:15.0884 4208 uliahci - ok

08:39:15.0914 4208 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

08:39:15.0943 4208 UlSata - ok

08:39:15.0966 4208 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

08:39:15.0998 4208 ulsata2 - ok

08:39:16.0035 4208 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

08:39:16.0141 4208 umbus - ok

08:39:16.0224 4208 USB28xxBGA (48bfa9c9145b7527aa8849c974756461) C:\Windows\system32\DRIVERS\emBDA.sys

08:39:16.0362 4208 USB28xxBGA - ok

08:39:16.0430 4208 USB28xxOEM (9053737716744587b748cf7aaa424758) C:\Windows\system32\DRIVERS\emOEM.sys

08:39:16.0485 4208 USB28xxOEM - ok

08:39:16.0552 4208 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

08:39:16.0678 4208 USBAAPL - ok

08:39:16.0718 4208 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

08:39:16.0822 4208 usbaudio - ok

08:39:16.0855 4208 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

08:39:16.0974 4208 usbccgp - ok

08:39:17.0022 4208 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

08:39:17.0125 4208 usbcir - ok

08:39:17.0183 4208 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

08:39:17.0261 4208 usbehci - ok

08:39:17.0323 4208 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

08:39:17.0370 4208 usbhub - ok

08:39:17.0404 4208 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

08:39:17.0447 4208 usbohci - ok

08:39:17.0474 4208 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

08:39:17.0537 4208 usbprint - ok

08:39:17.0564 4208 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

08:39:17.0648 4208 usbscan - ok

08:39:17.0671 4208 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:39:17.0783 4208 USBSTOR - ok

08:39:17.0816 4208 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

08:39:17.0854 4208 usbuhci - ok

08:39:17.0880 4208 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys

08:39:17.0960 4208 usbvideo - ok

08:39:17.0988 4208 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

08:39:18.0047 4208 vga - ok

08:39:18.0067 4208 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

08:39:18.0122 4208 VgaSave - ok

08:39:18.0160 4208 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

08:39:18.0204 4208 viaagp - ok

08:39:18.0237 4208 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

08:39:18.0373 4208 ViaC7 - ok

08:39:18.0465 4208 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys

08:39:18.0488 4208 viaide - ok

08:39:19.0463 4208 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

08:39:19.0493 4208 volmgr - ok

08:39:19.0560 4208 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

08:39:19.0587 4208 volmgrx - ok

08:39:19.0648 4208 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

08:39:19.0674 4208 volsnap - ok

08:39:19.0711 4208 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

08:39:19.0778 4208 vsmraid - ok

08:39:19.0819 4208 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS

08:39:19.0906 4208 VSTHWBS2 - ok

08:39:19.0970 4208 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

08:39:20.0068 4208 VST_DPV - ok

08:39:20.0104 4208 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

08:39:20.0165 4208 WacomPen - ok

08:39:20.0216 4208 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

08:39:20.0315 4208 Wanarp - ok

08:39:20.0328 4208 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

08:39:20.0369 4208 Wanarpv6 - ok

08:39:20.0401 4208 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

08:39:20.0428 4208 Wd - ok

08:39:20.0525 4208 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

08:39:20.0587 4208 Wdf01000 - ok

08:39:20.0661 4208 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

08:39:20.0774 4208 winachsf - ok

08:39:20.0905 4208 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS

08:39:20.0983 4208 WinUsb - ok

08:39:21.0037 4208 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

08:39:21.0090 4208 WmiAcpi - ok

08:39:21.0224 4208 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

08:39:21.0288 4208 WpdUsb - ok

08:39:21.0346 4208 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

08:39:21.0424 4208 ws2ifsl - ok

08:39:21.0481 4208 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

08:39:21.0558 4208 WUDFRd - ok

08:39:21.0591 4208 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

08:39:21.0847 4208 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

08:39:21.0847 4208 \Device\Harddisk0\DR0 - detected TDSS File System (1)

08:39:21.0851 4208 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5

08:39:22.0324 4208 \Device\Harddisk5\DR5 - ok

08:39:22.0340 4208 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR6

08:39:22.0457 4208 \Device\Harddisk6\DR6 - ok

08:39:22.0485 4208 Boot (0x1200) (72c9b9c4bb3bbf1d1f668a4fea4533af) \Device\Harddisk0\DR0\Partition0

08:39:22.0486 4208 \Device\Harddisk0\DR0\Partition0 - ok

08:39:22.0488 4208 Boot (0x1200) (1b3678f513eb38e152e46d7d2f1d7091) \Device\Harddisk5\DR5\Partition0

08:39:22.0490 4208 \Device\Harddisk5\DR5\Partition0 - ok

08:39:22.0494 4208 Boot (0x1200) (19270f5db212c5652859b65ba4ab0cb3) \Device\Harddisk6\DR6\Partition0

08:39:22.0495 4208 \Device\Harddisk6\DR6\Partition0 - ok

08:39:22.0495 4208 ============================================================

08:39:22.0495 4208 Scan finished

08:39:22.0495 4208 ============================================================

08:39:22.0504 4352 Detected object count: 6

08:39:22.0504 4352 Actual detected object count: 6

08:39:53.0207 4352 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user

08:39:53.0207 4352 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:39:53.0208 4352 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

08:39:53.0208 4352 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:39:53.0209 4352 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user

08:39:53.0209 4352 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:39:53.0210 4352 N5SG ( UnsignedFile.Multi.Generic ) - skipped by user

08:39:53.0210 4352 N5SG ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:39:53.0211 4352 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user

08:39:53.0211 4352 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:39:53.0212 4352 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

08:39:53.0212 4352 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

08:40:06.0768 4056 Deinitialize success

ComboFix 12-02-08.01 - Willy 02/08/2012 8:55.1.4 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2066 [GMT -6:00]

Running from: c:\users\Willy\Desktop\ComboFix.exe

AV: Microsoft Forefront Client Security *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Forefront Client Security *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk

c:\programdata\SPL286D.tmp

c:\programdata\SPL5696.tmp

c:\programdata\SPL6141.tmp

c:\programdata\SPL8625.tmp

c:\programdata\SPLD5D4.tmp

c:\users\Willy\AppData\Roaming\inst.exe

c:\users\Willy\AppData\Roaming\Microsoft\Windows\Recent\ironcad.url

c:\users\Willy\g2mdlhlpx.exe

c:\windows\system32\regobj.dll

c:\windows\system32\setup.ini

c:\windows\system32\vs2005-kb908002-enu-x86.exe

c:\windows\system32\WindowsInstaller-KB893803-v2-x86.exe

M:\autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))

.

.

2012-02-08 14:22 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{DF622446-0653-46DB-BF0D-CBB7518FA040}\mpengine.dll

2012-02-06 18:26 . 2012-02-06 18:27 -------- d-----w- c:\users\Darla.HomeOffice-PC\AppData\Roaming\my_app_files

2012-02-06 18:25 . 2012-02-06 18:25 -------- d-----w- c:\users\Darla.HomeOffice-PC\AppData\Roaming\BirthdayAdventure

2012-02-06 04:34 . 2012-02-06 04:34 -------- d-----w- c:\windows\CheckSur

2012-02-05 04:29 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll

2012-02-05 04:29 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll

2012-02-05 04:29 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll

2012-02-05 04:29 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-02-05 04:29 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll

2012-02-05 04:29 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe

2012-02-05 04:17 . 2012-02-05 04:17 -------- d-----w- c:\programdata\NortonInstaller

2012-02-05 04:17 . 2012-02-05 04:17 -------- d-----w- c:\program files\NortonInstaller

2012-02-05 03:30 . 2012-02-05 03:31 -------- d-----w- c:\users\Willy\AppData\Roaming\my_app_files

2012-02-05 03:30 . 2012-02-05 03:30 -------- d-----w- c:\users\Willy\AppData\Roaming\BirthdayAdventure

2012-02-05 03:23 . 2012-02-05 03:26 -------- d-----w- c:\program files\Dora's Big Birthday Adventure

2012-02-04 16:50 . 2012-02-04 16:50 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-04 03:20 . 2012-02-04 03:20 -------- d-----w- c:\users\Darla.HomeOffice-PC\AppData\Roaming\Malwarebytes

2012-02-03 22:59 . 2012-02-03 22:59 -------- d-----w- c:\users\Willy\AppData\Roaming\Malwarebytes

2012-02-03 22:58 . 2012-02-03 22:58 -------- d-----w- c:\programdata\Malwarebytes

2012-02-03 22:58 . 2012-02-04 04:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-03 22:58 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-03 02:57 . 2012-02-03 02:57 -------- d-----w- c:\windows\Microsoft Antimalware

2012-02-03 02:57 . 2012-02-03 02:57 -------- d-----w- c:\windows\Windows Defender Offline

2012-01-29 04:04 . 2012-01-29 04:04 -------- d-----w- c:\windows\Sun

2012-01-22 18:25 . 2012-01-22 18:25 -------- d-----w- c:\program files\iPod

2012-01-16 04:24 . 2012-01-16 04:24 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll

2012-01-16 04:24 . 2012-01-16 04:24 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll

2012-01-16 04:24 . 2012-01-16 04:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll

2012-01-16 04:24 . 2012-01-16 04:24 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll

2012-01-11 14:04 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll

2012-01-11 14:04 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll

2012-01-11 14:04 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 14:04 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll

2012-01-11 14:04 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll

2012-01-11 14:04 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2012-01-11 14:04 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll

2012-01-11 14:04 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-31 12:44 . 2009-10-02 06:46 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-06 04:19 . 2009-08-24 22:26 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-23 13:37 . 2011-12-15 00:44 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 03:31 . 2011-05-15 13:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-11 05:45 . 2011-11-11 05:45 53248 ----a-r- c:\users\Willy\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-01-16 04:24 . 2011-03-25 07:54 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-05-26 20:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]

2011-05-09 09:49 176936 ----a-w- c:\program files\SmileBox_EN\prxtbSmil.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

"{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

"{F897EB0E-A3A4-46C3-80EB-2729699D8892}"= "c:\program files\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Willy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Willy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Willy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-01-19 2736128]

"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-06-02 6123032]

"Eye-Fi"="c:\program files\Eye-Fi\Helper\EyeFiHelper.exe" [2011-12-22 3961464]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WifiMediaSync"="c:\program files\CCApps\Wifi Media Backup\Wifi Media Backup.exe" [2009-12-15 243200]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"Xvid"="c:\program files\XviD\CheckUpdate.exe" [2011-01-17 8192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"StxTrayMenu"="c:\program files\Seagate\SystemTray\FreeAgentLauncher.exe" [2007-01-18 79416]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2011-02-02 1033600]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]

"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-06-06 251744]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-18 180269]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-11-12 73728]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\Darla.HomeOffice-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\users\Willy\AppData\Local\Temp\ONENOTEM.EXE [N/A]

.

c:\users\Willy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Willy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-5-2 6144]

Windchill ProductPoint Client Manager.lnk - c:\windows\Installer\{129024FF-A6C9-4696-91BC-570C6C05193A}\_F5BCEE176F60B4DABC6DF8.exe [2011-4-30 1406]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]

backup=c:\windows\pss\VPN Client.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2012-01-03 13:10 815512 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]

2012-01-03 13:10 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-09-11 05:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]

2008-07-14 18:42 81920 ----a-w- c:\program files\Common Files\Portrait Displays\Shared\DT_Startup.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-06-16 02:07 136176 ----atw- c:\users\Willy\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iXL_MiddleWare]

2010-04-28 08:36 52280 ----a-w- c:\program files\Fisher-Price\iXL\iXL.Middleware.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]

2007-02-09 17:17 694008 ----a-w- c:\program files\Portrait Displays\Pivot Software\wpCtrl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-05-18 12:42 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-01-19 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:01]

.

2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:01]

.

2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1986106255-517538349-219921657-1000Core.job

- c:\users\Willy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-26 02:07]

.

2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1986106255-517538349-219921657-1000UA.job

- c:\users\Willy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-26 02:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://home.mywebsearch.com/index.jhtml?ptnrS=ZKfox000&ptb=pCCxBptJsv9yBYOF_WrRcA

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1

FF - ProfilePath - c:\users\Willy\AppData\Roaming\Mozilla\Firefox\Profiles\dk6nrk6u.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-SolutoService

AddRemove-_{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150} - c:\program files\Corel\Corel Painter X\MSILauncher {91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-08 09:07

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-02-08 09:11:50

ComboFix-quarantined-files.txt 2012-02-08 15:11

.

Pre-Run: 680,351,715,328 bytes free

Post-Run: 680,265,707,520 bytes free

.

- - End Of File - - 7E74F40922E374C6727B48CC9B46FA3C

Link to post
Share on other sites

Hy there, re run TDSSKiller and choose delete.

Open notepad and copy/paste the text in the Code-box below into it:


Folder::
c:\program files\Ask.com
DDS::
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?ptnrS=ZKfox000&ptb=pCCxBptJsv9yBYOF_WrRcA

  • Save this as CFScript.txt, in the same location as ComboFix.exe.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please post in your next reply

TDSSKiller Log

Combofix.txt

Let me know how your system behaves now

Link to post
Share on other sites

It seems to be running normal after the last steps. The logs are below this paragraph as requested. I have a question, I noticed that you went after the "Ask" toolbar and directory, is Ask.com a bad website or was it just a conincidence that the files there had to be removed?

18:34:41.0369 4704 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46

18:34:41.0739 4704 ============================================================

18:34:41.0739 4704 Current date / time: 2012/02/08 18:34:41.0739

18:34:41.0739 4704 SystemInfo:

18:34:41.0739 4704

18:34:41.0739 4704 OS Version: 6.0.6002 ServicePack: 2.0

18:34:41.0739 4704 Product type: Workstation

18:34:41.0740 4704 ComputerName: HOMEOFFICE-PC

18:34:41.0740 4704 UserName: Willy

18:34:41.0740 4704 Windows directory: C:\Windows

18:34:41.0740 4704 System windows directory: C:\Windows

18:34:41.0740 4704 Processor architecture: Intel x86

18:34:41.0740 4704 Number of processors: 4

18:34:41.0740 4704 Page size: 0x1000

18:34:41.0740 4704 Boot type: Normal boot

18:34:41.0740 4704 ============================================================

18:34:42.0687 4704 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

18:34:42.0725 4704 Drive \Device\Harddisk5\DR5 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

18:34:52.0767 4704 Drive \Device\Harddisk6\DR6 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

18:35:01.0941 4704 \Device\Harddisk0\DR0:

18:35:01.0941 4704 MBR used

18:35:01.0941 4704 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

18:35:01.0941 4704 \Device\Harddisk5\DR5:

18:35:01.0941 4704 MBR used

18:35:01.0942 4704 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000

18:35:01.0942 4704 \Device\Harddisk6\DR6:

18:35:01.0942 4704 MBR used

18:35:01.0942 4704 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2

18:35:02.0409 4704 Initialize success

18:35:02.0409 4704 ============================================================

18:35:10.0931 6136 ============================================================

18:35:10.0932 6136 Scan started

18:35:10.0932 6136 Mode: Manual; SigCheck; TDLFS;

18:35:10.0932 6136 ============================================================

18:35:12.0221 6136 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys

18:35:12.0434 6136 61883 - ok

18:35:12.0507 6136 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

18:35:12.0521 6136 ACPI - ok

18:35:12.0557 6136 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

18:35:12.0572 6136 adp94xx - ok

18:35:12.0603 6136 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

18:35:12.0614 6136 adpahci - ok

18:35:12.0633 6136 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

18:35:12.0641 6136 adpu160m - ok

18:35:12.0661 6136 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

18:35:12.0671 6136 adpu320 - ok

18:35:12.0699 6136 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys

18:35:12.0751 6136 Afc - ok

18:35:12.0823 6136 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

18:35:12.0870 6136 AFD - ok

18:35:12.0896 6136 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

18:35:12.0903 6136 agp440 - ok

18:35:12.0920 6136 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

18:35:12.0929 6136 aic78xx - ok

18:35:12.0965 6136 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys

18:35:12.0973 6136 aliide - ok

18:35:12.0993 6136 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

18:35:13.0001 6136 amdagp - ok

18:35:13.0016 6136 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys

18:35:13.0023 6136 amdide - ok

18:35:13.0037 6136 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

18:35:13.0186 6136 AmdK7 - ok

18:35:13.0228 6136 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

18:35:13.0280 6136 AmdK8 - ok

18:35:13.0338 6136 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

18:35:13.0347 6136 arc - ok

18:35:13.0370 6136 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

18:35:13.0378 6136 arcsas - ok

18:35:13.0516 6136 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys

18:35:13.0536 6136 ASPI32 ( UnsignedFile.Multi.Generic ) - warning

18:35:13.0536 6136 ASPI32 - detected UnsignedFile.Multi.Generic (1)

18:35:13.0564 6136 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

18:35:13.0584 6136 AsyncMac - ok

18:35:13.0623 6136 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

18:35:13.0632 6136 atapi - ok

18:35:13.0694 6136 atikmdag (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys

18:35:13.0869 6136 atikmdag - ok

18:35:13.0890 6136 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys

18:35:13.0930 6136 Avc - ok

18:35:13.0961 6136 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

18:35:13.0983 6136 Beep - ok

18:35:13.0992 6136 blbdrive - ok

18:35:14.0036 6136 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

18:35:14.0090 6136 bowser - ok

18:35:14.0108 6136 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

18:35:14.0158 6136 BrFiltLo - ok

18:35:14.0191 6136 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

18:35:14.0227 6136 BrFiltUp - ok

18:35:14.0260 6136 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

18:35:14.0297 6136 Brserid - ok

18:35:14.0313 6136 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

18:35:14.0367 6136 BrSerWdm - ok

18:35:14.0396 6136 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

18:35:14.0451 6136 BrUsbMdm - ok

18:35:14.0474 6136 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

18:35:14.0526 6136 BrUsbSer - ok

18:35:14.0555 6136 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

18:35:14.0607 6136 BTHMODEM - ok

18:35:14.0712 6136 catchme - ok

18:35:14.0733 6136 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

18:35:14.0775 6136 cdfs - ok

18:35:14.0837 6136 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

18:35:14.0854 6136 cdrom - ok

18:35:14.0870 6136 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

18:35:14.0906 6136 circlass - ok

18:35:14.0951 6136 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

18:35:14.0964 6136 CLFS - ok

18:35:15.0026 6136 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys

18:35:15.0034 6136 cmdide - ok

18:35:15.0051 6136 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

18:35:15.0058 6136 Compbatt - ok

18:35:15.0078 6136 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

18:35:15.0086 6136 crcdisk - ok

18:35:15.0105 6136 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

18:35:15.0164 6136 Crusoe - ok

18:35:15.0201 6136 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys

18:35:15.0235 6136 CVirtA - ok

18:35:15.0314 6136 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys

18:35:15.0349 6136 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

18:35:15.0349 6136 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

18:35:15.0356 6136 dbhjcjpf - ok

18:35:15.0434 6136 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

18:35:15.0496 6136 DfsC - ok

18:35:15.0542 6136 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys

18:35:15.0579 6136 DgiVecp ( UnsignedFile.Multi.Generic ) - warning

18:35:15.0579 6136 DgiVecp - detected UnsignedFile.Multi.Generic (1)

18:35:15.0610 6136 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

18:35:15.0619 6136 disk - ok

18:35:15.0656 6136 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys

18:35:15.0664 6136 DNE - ok

18:35:15.0736 6136 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

18:35:15.0786 6136 drmkaud - ok

18:35:15.0860 6136 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

18:35:15.0884 6136 DXGKrnl - ok

18:35:15.0956 6136 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys

18:35:15.0965 6136 e1express - ok

18:35:15.0997 6136 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

18:35:16.0055 6136 E1G60 - ok

18:35:16.0076 6136 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

18:35:16.0086 6136 Ecache - ok

18:35:16.0116 6136 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

18:35:16.0127 6136 elxstor - ok

18:35:16.0186 6136 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

18:35:16.0265 6136 exfat - ok

18:35:16.0289 6136 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

18:35:16.0342 6136 fastfat - ok

18:35:16.0381 6136 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

18:35:16.0436 6136 fdc - ok

18:35:16.0470 6136 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

18:35:16.0479 6136 FileInfo - ok

18:35:16.0501 6136 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

18:35:16.0521 6136 Filetrace - ok

18:35:16.0538 6136 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

18:35:16.0574 6136 flpydisk - ok

18:35:16.0592 6136 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

18:35:16.0603 6136 FltMgr - ok

18:35:16.0649 6136 FlyUsb (85e5ad3a9d56fd6f92db5fc9ca62e2e4) C:\Windows\system32\DRIVERS\FlyUsb.sys

18:35:16.0692 6136 FlyUsb - ok

18:35:16.0754 6136 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

18:35:16.0762 6136 fssfltr - ok

18:35:16.0804 6136 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

18:35:16.0820 6136 Fs_Rec - ok

18:35:16.0841 6136 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

18:35:16.0849 6136 gagp30kx - ok

18:35:16.0872 6136 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

18:35:16.0878 6136 GEARAspiWDM - ok

18:35:16.0955 6136 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

18:35:17.0012 6136 HdAudAddService - ok

18:35:17.0055 6136 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

18:35:17.0121 6136 HDAudBus - ok

18:35:17.0147 6136 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

18:35:17.0184 6136 HidBth - ok

18:35:17.0206 6136 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

18:35:17.0277 6136 HidIr - ok

18:35:17.0318 6136 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

18:35:17.0335 6136 HidUsb - ok

18:35:17.0360 6136 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

18:35:17.0368 6136 HpCISSs - ok

18:35:17.0403 6136 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

18:35:17.0492 6136 HTTP - ok

18:35:17.0518 6136 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

18:35:17.0526 6136 i2omp - ok

18:35:17.0554 6136 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

18:35:17.0571 6136 i8042prt - ok

18:35:17.0596 6136 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

18:35:17.0606 6136 iaStorV - ok

18:35:17.0625 6136 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

18:35:17.0633 6136 iirsp - ok

18:35:17.0666 6136 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys

18:35:17.0674 6136 intelide - ok

18:35:17.0700 6136 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

18:35:17.0755 6136 intelppm - ok

18:35:17.0796 6136 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:35:17.0848 6136 IpFilterDriver - ok

18:35:17.0860 6136 IpInIp - ok

18:35:17.0895 6136 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

18:35:17.0965 6136 IPMIDRV - ok

18:35:17.0995 6136 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

18:35:18.0017 6136 IPNAT - ok

18:35:18.0044 6136 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

18:35:18.0065 6136 IRENUM - ok

18:35:18.0082 6136 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

18:35:18.0090 6136 isapnp - ok

18:35:18.0122 6136 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

18:35:18.0134 6136 iScsiPrt - ok

18:35:18.0145 6136 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

18:35:18.0153 6136 iteatapi - ok

18:35:18.0192 6136 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

18:35:18.0200 6136 iteraid - ok

18:35:18.0219 6136 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

18:35:18.0228 6136 kbdclass - ok

18:35:18.0264 6136 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

18:35:18.0316 6136 kbdhid - ok

18:35:18.0365 6136 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

18:35:18.0382 6136 KSecDD - ok

18:35:18.0458 6136 LHidFilt (8b30311241f97b35167afe68d79e8530) C:\Windows\system32\DRIVERS\LHidFilt.Sys

18:35:18.0465 6136 LHidFilt - ok

18:35:18.0511 6136 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

18:35:18.0549 6136 lltdio - ok

18:35:18.0577 6136 LMouFilt (48d7422a6c4eec886b56ac534cfa3acf) C:\Windows\system32\DRIVERS\LMouFilt.Sys

18:35:18.0583 6136 LMouFilt - ok

18:35:18.0600 6136 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

18:35:18.0609 6136 LSI_FC - ok

18:35:18.0623 6136 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

18:35:18.0631 6136 LSI_SAS - ok

18:35:18.0652 6136 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

18:35:18.0661 6136 LSI_SCSI - ok

18:35:18.0686 6136 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

18:35:18.0723 6136 luafv - ok

18:35:18.0751 6136 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\Drivers\LVPr2Mon.sys

18:35:18.0758 6136 LVPr2Mon - ok

18:35:18.0810 6136 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys

18:35:18.0824 6136 LVRS - ok

18:35:18.0878 6136 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\Windows\system32\drivers\LVUSBSta.sys

18:35:18.0885 6136 LVUSBSta - ok

18:35:18.0965 6136 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys

18:35:19.0073 6136 LVUVC - ok

18:35:19.0113 6136 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

18:35:19.0120 6136 MBAMProtector - ok

18:35:19.0142 6136 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

18:35:19.0150 6136 megasas - ok

18:35:19.0194 6136 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

18:35:19.0236 6136 Modem - ok

18:35:19.0277 6136 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

18:35:19.0321 6136 monitor - ok

18:35:19.0362 6136 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

18:35:19.0371 6136 mouclass - ok

18:35:19.0384 6136 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

18:35:19.0404 6136 mouhid - ok

18:35:19.0431 6136 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

18:35:19.0440 6136 MountMgr - ok

18:35:19.0486 6136 MpFilter (356842aac621ab40f18992c01a590f71) C:\Windows\system32\DRIVERS\MpFilter.sys

18:35:19.0494 6136 MpFilter - ok

18:35:19.0530 6136 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

18:35:19.0540 6136 mpio - ok

18:35:19.0561 6136 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

18:35:19.0578 6136 mpsdrv - ok

18:35:19.0615 6136 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

18:35:19.0623 6136 Mraid35x - ok

18:35:19.0670 6136 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

18:35:19.0715 6136 MRxDAV - ok

18:35:19.0740 6136 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

18:35:19.0802 6136 mrxsmb - ok

18:35:19.0852 6136 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:35:19.0865 6136 mrxsmb10 - ok

18:35:19.0873 6136 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:35:19.0918 6136 mrxsmb20 - ok

18:35:19.0987 6136 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys

18:35:19.0995 6136 msahci - ok

18:35:20.0017 6136 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

18:35:20.0026 6136 msdsm - ok

18:35:20.0067 6136 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys

18:35:20.0123 6136 MSDV - ok

18:35:20.0163 6136 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

18:35:20.0184 6136 Msfs - ok

18:35:20.0216 6136 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

18:35:20.0224 6136 msisadrv - ok

18:35:20.0243 6136 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

18:35:20.0297 6136 MSKSSRV - ok

18:35:20.0320 6136 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

18:35:20.0341 6136 MSPCLOCK - ok

18:35:20.0359 6136 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

18:35:20.0381 6136 MSPQM - ok

18:35:20.0405 6136 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

18:35:20.0417 6136 MsRPC - ok

18:35:20.0458 6136 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

18:35:20.0466 6136 mssmbios - ok

18:35:20.0482 6136 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

18:35:20.0524 6136 MSTEE - ok

18:35:20.0544 6136 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

18:35:20.0554 6136 Mup - ok

18:35:20.0603 6136 N5SG (77dad453144952e7cec56ac6e2061fd7) C:\Windows\system32\DRIVERS\N5SG.sys

18:35:20.0643 6136 N5SG ( UnsignedFile.Multi.Generic ) - warning

18:35:20.0644 6136 N5SG - detected UnsignedFile.Multi.Generic (1)

18:35:20.0681 6136 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

18:35:20.0721 6136 NativeWifiP - ok

18:35:20.0751 6136 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

18:35:20.0768 6136 NDIS - ok

18:35:20.0776 6136 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

18:35:20.0792 6136 NdisTapi - ok

18:35:20.0812 6136 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

18:35:20.0832 6136 Ndisuio - ok

18:35:20.0873 6136 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

18:35:20.0909 6136 NdisWan - ok

18:35:20.0957 6136 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

18:35:21.0007 6136 NDProxy - ok

18:35:21.0032 6136 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

18:35:21.0075 6136 NetBIOS - ok

18:35:21.0104 6136 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

18:35:21.0159 6136 netbt - ok

18:35:21.0197 6136 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

18:35:21.0205 6136 nfrd960 - ok

18:35:21.0227 6136 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

18:35:21.0245 6136 Npfs - ok

18:35:21.0253 6136 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

18:35:21.0293 6136 nsiproxy - ok

18:35:21.0340 6136 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

18:35:21.0386 6136 Ntfs - ok

18:35:21.0404 6136 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

18:35:21.0474 6136 ntrigdigi - ok

18:35:21.0509 6136 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

18:35:21.0530 6136 Null - ok

18:35:21.0580 6136 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys

18:35:21.0601 6136 nvraid - ok

18:35:21.0618 6136 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys

18:35:21.0702 6136 nvstor - ok

18:35:21.0727 6136 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

18:35:21.0737 6136 nv_agp - ok

18:35:21.0744 6136 NwlnkFlt - ok

18:35:21.0753 6136 NwlnkFwd - ok

18:35:21.0804 6136 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

18:35:21.0855 6136 ohci1394 - ok

18:35:21.0875 6136 OMCI - ok

18:35:21.0945 6136 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

18:35:21.0981 6136 Parport - ok

18:35:21.0993 6136 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

18:35:22.0002 6136 partmgr - ok

18:35:22.0013 6136 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

18:35:22.0073 6136 Parvdm - ok

18:35:22.0116 6136 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

18:35:22.0127 6136 pci - ok

18:35:22.0139 6136 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

18:35:22.0148 6136 pciide - ok

18:35:22.0189 6136 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

18:35:22.0198 6136 pcmcia - ok

18:35:22.0258 6136 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys

18:35:22.0276 6136 pcouffin - ok

18:35:22.0354 6136 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys

18:35:22.0360 6136 PdiPorts - ok

18:35:22.0386 6136 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

18:35:22.0470 6136 PEAUTH - ok

18:35:22.0510 6136 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

18:35:22.0556 6136 PptpMiniport - ok

18:35:22.0581 6136 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

18:35:22.0618 6136 Processor - ok

18:35:22.0658 6136 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

18:35:22.0703 6136 PSched - ok

18:35:22.0732 6136 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys

18:35:22.0739 6136 PxHelp20 - ok

18:35:22.0783 6136 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

18:35:22.0842 6136 ql2300 - ok

18:35:22.0912 6136 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

18:35:22.0921 6136 ql40xx - ok

18:35:22.0953 6136 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

18:35:23.0022 6136 QWAVEdrv - ok

18:35:23.0049 6136 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

18:35:23.0070 6136 RasAcd - ok

18:35:23.0083 6136 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

18:35:23.0146 6136 Rasl2tp - ok

18:35:23.0195 6136 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

18:35:23.0211 6136 RasPppoe - ok

18:35:23.0223 6136 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

18:35:23.0257 6136 RasSstp - ok

18:35:23.0295 6136 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

18:35:23.0314 6136 rdbss - ok

18:35:23.0329 6136 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

18:35:23.0350 6136 RDPCDD - ok

18:35:23.0388 6136 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

18:35:23.0449 6136 rdpdr - ok

18:35:23.0472 6136 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

18:35:23.0494 6136 RDPENCDD - ok

18:35:23.0519 6136 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

18:35:23.0538 6136 RDPWD - ok

18:35:23.0720 6136 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys

18:35:23.0741 6136 RimUsb - ok

18:35:23.0788 6136 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys

18:35:23.0846 6136 RimVSerPort - ok

18:35:23.0885 6136 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

18:35:23.0906 6136 ROOTMODEM - ok

18:35:23.0936 6136 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

18:35:23.0976 6136 rspndr - ok

18:35:24.0020 6136 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

18:35:24.0029 6136 sbp2port - ok

18:35:24.0067 6136 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

18:35:24.0123 6136 secdrv - ok

18:35:24.0208 6136 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\Windows\System32\Drivers\SENTINEL.SYS

18:35:24.0215 6136 Sentinel - ok

18:35:24.0269 6136 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

18:35:24.0305 6136 Serenum - ok

18:35:24.0325 6136 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

18:35:24.0384 6136 Serial - ok

18:35:24.0422 6136 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

18:35:24.0467 6136 sermouse - ok

18:35:24.0502 6136 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

18:35:24.0538 6136 sffdisk - ok

18:35:24.0549 6136 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

18:35:24.0619 6136 sffp_mmc - ok

18:35:24.0645 6136 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

18:35:24.0717 6136 sffp_sd - ok

18:35:24.0741 6136 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

18:35:24.0777 6136 sfloppy - ok

18:35:24.0840 6136 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

18:35:24.0848 6136 sisagp - ok

18:35:24.0865 6136 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

18:35:24.0873 6136 SiSRaid2 - ok

18:35:24.0897 6136 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

18:35:24.0905 6136 SiSRaid4 - ok

18:35:24.0944 6136 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

18:35:24.0962 6136 Smb - ok

18:35:24.0997 6136 SNTNLUSB (ce724fc3ef8468bbab146ca1793c66dc) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS

18:35:25.0004 6136 SNTNLUSB - ok

18:35:25.0031 6136 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

18:35:25.0039 6136 spldr - ok

18:35:25.0102 6136 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\System32\Drivers\sptd.sys

18:35:25.0126 6136 sptd - ok

18:35:25.0181 6136 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

18:35:25.0299 6136 srv - ok

18:35:25.0348 6136 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

18:35:25.0384 6136 srv2 - ok

18:35:25.0410 6136 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

18:35:25.0457 6136 srvnet - ok

18:35:25.0532 6136 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys

18:35:25.0536 6136 SSPORT ( UnsignedFile.Multi.Generic ) - warning

18:35:25.0536 6136 SSPORT - detected UnsignedFile.Multi.Generic (1)

18:35:25.0562 6136 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

18:35:25.0570 6136 swenum - ok

18:35:25.0589 6136 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

18:35:25.0597 6136 Symc8xx - ok

18:35:25.0610 6136 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

18:35:25.0618 6136 Sym_hi - ok

18:35:25.0633 6136 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

18:35:25.0641 6136 Sym_u3 - ok

18:35:25.0690 6136 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

18:35:25.0738 6136 Tcpip - ok

18:35:25.0785 6136 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

18:35:25.0841 6136 Tcpip6 - ok

18:35:25.0909 6136 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

18:35:25.0945 6136 tcpipreg - ok

18:35:25.0995 6136 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

18:35:26.0038 6136 TDPIPE - ok

18:35:26.0062 6136 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

18:35:26.0083 6136 TDTCP - ok

18:35:26.0121 6136 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

18:35:26.0138 6136 tdx - ok

18:35:26.0163 6136 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

18:35:26.0172 6136 TermDD - ok

18:35:26.0206 6136 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

18:35:26.0227 6136 tssecsrv - ok

18:35:26.0249 6136 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

18:35:26.0310 6136 tunmp - ok

18:35:26.0363 6136 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

18:35:26.0392 6136 tunnel - ok

18:35:26.0424 6136 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

18:35:26.0433 6136 uagp35 - ok

18:35:26.0481 6136 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

18:35:26.0501 6136 udfs - ok

18:35:26.0546 6136 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

18:35:26.0554 6136 uliagpkx - ok

18:35:26.0569 6136 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

18:35:26.0579 6136 uliahci - ok

18:35:26.0599 6136 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

18:35:26.0608 6136 UlSata - ok

18:35:26.0626 6136 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

18:35:26.0635 6136 ulsata2 - ok

18:35:26.0659 6136 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

18:35:26.0703 6136 umbus - ok

18:35:26.0785 6136 USB28xxBGA (48bfa9c9145b7527aa8849c974756461) C:\Windows\system32\DRIVERS\emBDA.sys

18:35:26.0870 6136 USB28xxBGA - ok

18:35:26.0899 6136 USB28xxOEM (9053737716744587b748cf7aaa424758) C:\Windows\system32\DRIVERS\emOEM.sys

18:35:26.0942 6136 USB28xxOEM - ok

18:35:26.0980 6136 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

18:35:27.0027 6136 USBAAPL - ok

18:35:27.0080 6136 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

18:35:27.0119 6136 usbaudio - ok

18:35:27.0151 6136 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

18:35:27.0167 6136 usbccgp - ok

18:35:27.0226 6136 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

18:35:27.0263 6136 usbcir - ok

18:35:27.0279 6136 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

18:35:27.0317 6136 usbehci - ok

18:35:27.0345 6136 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

18:35:27.0363 6136 usbhub - ok

18:35:27.0376 6136 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

18:35:27.0415 6136 usbohci - ok

18:35:27.0446 6136 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

18:35:27.0466 6136 usbprint - ok

18:35:27.0494 6136 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

18:35:27.0511 6136 usbscan - ok

18:35:27.0527 6136 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:35:27.0545 6136 USBSTOR - ok

18:35:27.0563 6136 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

18:35:27.0580 6136 usbuhci - ok

18:35:27.0603 6136 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys

18:35:27.0674 6136 usbvideo - ok

18:35:27.0703 6136 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

18:35:27.0739 6136 vga - ok

18:35:27.0756 6136 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

18:35:27.0778 6136 VgaSave - ok

18:35:27.0833 6136 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

18:35:27.0841 6136 viaagp - ok

18:35:27.0852 6136 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

18:35:27.0907 6136 ViaC7 - ok

18:35:27.0948 6136 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys

18:35:27.0957 6136 viaide - ok

18:35:27.0976 6136 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

18:35:27.0984 6136 volmgr - ok

18:35:28.0039 6136 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

18:35:28.0053 6136 volmgrx - ok

18:35:28.0094 6136 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

18:35:28.0106 6136 volsnap - ok

18:35:28.0140 6136 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

18:35:28.0149 6136 vsmraid - ok

18:35:28.0207 6136 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS

18:35:28.0262 6136 VSTHWBS2 - ok

18:35:28.0300 6136 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

18:35:28.0359 6136 VST_DPV - ok

18:35:28.0384 6136 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

18:35:28.0420 6136 WacomPen - ok

18:35:28.0447 6136 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

18:35:28.0488 6136 Wanarp - ok

18:35:28.0491 6136 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

18:35:28.0508 6136 Wanarpv6 - ok

18:35:28.0532 6136 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

18:35:28.0559 6136 Wd - ok

18:35:28.0615 6136 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

18:35:28.0631 6136 Wdf01000 - ok

18:35:28.0676 6136 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

18:35:28.0730 6136 winachsf - ok

18:35:28.0820 6136 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS

18:35:28.0836 6136 WinUsb - ok

18:35:28.0886 6136 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

18:35:28.0922 6136 WmiAcpi - ok

18:35:29.0006 6136 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

18:35:29.0045 6136 WpdUsb - ok

18:35:29.0103 6136 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

18:35:29.0146 6136 ws2ifsl - ok

18:35:29.0189 6136 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

18:35:29.0210 6136 WUDFRd - ok

18:35:29.0257 6136 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

18:35:29.0346 6136 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

18:35:29.0346 6136 \Device\Harddisk0\DR0 - detected TDSS File System (1)

18:35:29.0350 6136 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5

18:35:29.0815 6136 \Device\Harddisk5\DR5 - ok

18:35:29.0841 6136 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR6

18:35:29.0957 6136 \Device\Harddisk6\DR6 - ok

18:35:29.0960 6136 Boot (0x1200) (72c9b9c4bb3bbf1d1f668a4fea4533af) \Device\Harddisk0\DR0\Partition0

18:35:29.0960 6136 \Device\Harddisk0\DR0\Partition0 - ok

18:35:29.0964 6136 Boot (0x1200) (1b3678f513eb38e152e46d7d2f1d7091) \Device\Harddisk5\DR5\Partition0

18:35:29.0965 6136 \Device\Harddisk5\DR5\Partition0 - ok

18:35:29.0967 6136 Boot (0x1200) (19270f5db212c5652859b65ba4ab0cb3) \Device\Harddisk6\DR6\Partition0

18:35:29.0969 6136 \Device\Harddisk6\DR6\Partition0 - ok

18:35:29.0969 6136 ============================================================

18:35:29.0969 6136 Scan finished

18:35:29.0969 6136 ============================================================

18:35:29.0976 5304 Detected object count: 6

18:35:29.0976 5304 Actual detected object count: 6

18:35:45.0305 5304 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user

18:35:45.0305 5304 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:35:45.0306 5304 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

18:35:45.0306 5304 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:35:45.0307 5304 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user

18:35:45.0307 5304 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:35:45.0308 5304 N5SG ( UnsignedFile.Multi.Generic ) - skipped by user

18:35:45.0308 5304 N5SG ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:35:45.0309 5304 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user

18:35:45.0309 5304 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:35:45.0317 5304 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

18:35:45.0319 5304 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

18:35:45.0326 5304 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

18:35:45.0327 5304 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

18:35:45.0329 5304 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

18:35:45.0330 5304 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

18:35:45.0339 5304 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

18:35:45.0340 5304 \Device\Harddisk0\DR0\TDLFS - deleted

18:35:45.0340 5304 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

18:35:57.0897 7304 Deinitialize success

ComboFix 12-02-08.01 - Willy 02/08/2012 18:40:38.2.4 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1739 [GMT -6:00]

Running from: c:\users\Willy\Desktop\ComboFix.exe

Command switches used :: c:\users\Willy\Desktop\CFScript.txt

AV: Microsoft Forefront Client Security *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Forefront Client Security *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Ask.com

c:\program files\Ask.com\cobrand.ico

c:\program files\Ask.com\config.xml

c:\program files\Ask.com\favicon.ico

c:\program files\Ask.com\fv_ebe2.ico

c:\program files\Ask.com\GenericAskToolbar.dll

c:\program files\Ask.com\mupcfg.xml

c:\program files\Ask.com\SaUpdate.exe

c:\program files\Ask.com\UpdateTask.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))

.

.

2012-02-09 00:53 . 2012-02-09 00:53 -------- d-----w- c:\users\Willy\AppData\Local\temp

2012-02-09 00:53 . 2012-02-09 00:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-09 00:53 . 2012-02-09 00:53 -------- d-----w- c:\users\Darla\AppData\Local\temp

2012-02-09 00:53 . 2012-02-09 00:53 -------- d-----w- c:\users\Darla.HomeOffice-PC\AppData\Local\temp

2012-02-08 14:22 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{DF622446-0653-46DB-BF0D-CBB7518FA040}\mpengine.dll

2012-02-06 18:26 . 2012-02-06 18:27 -------- d-----w- c:\users\Darla.HomeOffice-PC\AppData\Roaming\my_app_files

2012-02-06 18:25 . 2012-02-06 18:25 -------- d-----w- c:\users\Darla.HomeOffice-PC\AppData\Roaming\BirthdayAdventure

2012-02-06 04:34 . 2012-02-06 04:34 -------- d-----w- c:\windows\CheckSur

2012-02-05 04:29 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll

2012-02-05 04:29 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll

2012-02-05 04:29 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll

2012-02-05 04:29 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-02-05 04:29 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll

2012-02-05 04:29 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe

2012-02-05 04:17 . 2012-02-05 04:17 -------- d-----w- c:\programdata\NortonInstaller

2012-02-05 04:17 . 2012-02-05 04:17 -------- d-----w- c:\program files\NortonInstaller

2012-02-05 03:30 . 2012-02-05 03:31 -------- d-----w- c:\users\Willy\AppData\Roaming\my_app_files

2012-02-05 03:30 . 2012-02-05 03:30 -------- d-----w- c:\users\Willy\AppData\Roaming\BirthdayAdventure

2012-02-05 03:23 . 2012-02-05 03:26 -------- d-----w- c:\program files\Dora's Big Birthday Adventure

2012-02-04 16:50 . 2012-02-09 00:35 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-04 03:20 . 2012-02-04 03:20 -------- d-----w- c:\users\Darla.HomeOffice-PC\AppData\Roaming\Malwarebytes

2012-02-03 22:59 . 2012-02-03 22:59 -------- d-----w- c:\users\Willy\AppData\Roaming\Malwarebytes

2012-02-03 22:58 . 2012-02-03 22:58 -------- d-----w- c:\programdata\Malwarebytes

2012-02-03 22:58 . 2012-02-04 04:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-03 22:58 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-03 02:57 . 2012-02-03 02:57 -------- d-----w- c:\windows\Microsoft Antimalware

2012-02-03 02:57 . 2012-02-03 02:57 -------- d-----w- c:\windows\Windows Defender Offline

2012-01-29 04:04 . 2012-01-29 04:04 -------- d-----w- c:\windows\Sun

2012-01-22 18:25 . 2012-01-22 18:25 -------- d-----w- c:\program files\iPod

2012-01-16 04:24 . 2012-01-16 04:24 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll

2012-01-16 04:24 . 2012-01-16 04:24 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll

2012-01-16 04:24 . 2012-01-16 04:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll

2012-01-16 04:24 . 2012-01-16 04:24 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll

2012-01-11 14:04 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll

2012-01-11 14:04 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll

2012-01-11 14:04 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 14:04 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll

2012-01-11 14:04 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll

2012-01-11 14:04 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2012-01-11 14:04 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll

2012-01-11 14:04 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-31 12:44 . 2009-10-02 06:46 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-06 04:19 . 2009-08-24 22:26 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-23 13:37 . 2011-12-15 00:44 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 03:31 . 2011-05-15 13:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-11 05:45 . 2011-11-11 05:45 53248 ----a-r- c:\users\Willy\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-01-16 04:24 . 2011-03-25 07:54 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]

2011-05-09 09:49 176936 ----a-w- c:\program files\SmileBox_EN\prxtbSmil.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{F897EB0E-A3A4-46C3-80EB-2729699D8892}"= "c:\program files\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Willy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Willy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Willy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-01-19 2736128]

"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-06-02 6123032]

"Eye-Fi"="c:\program files\Eye-Fi\Helper\EyeFiHelper.exe" [2011-12-22 3961464]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WifiMediaSync"="c:\program files\CCApps\Wifi Media Backup\Wifi Media Backup.exe" [2009-12-15 243200]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"Xvid"="c:\program files\XviD\CheckUpdate.exe" [2011-01-17 8192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"StxTrayMenu"="c:\program files\Seagate\SystemTray\FreeAgentLauncher.exe" [2007-01-18 79416]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2011-02-02 1033600]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]

"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-06-06 251744]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-18 180269]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-11-12 73728]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\Darla.HomeOffice-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\users\Willy\AppData\Local\Temp\ONENOTEM.EXE [N/A]

.

c:\users\Willy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Willy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-5-2 6144]

Windchill ProductPoint Client Manager.lnk - c:\windows\Installer\{129024FF-A6C9-4696-91BC-570C6C05193A}\_F5BCEE176F60B4DABC6DF8.exe [2011-4-30 1406]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]

backup=c:\windows\pss\VPN Client.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2012-01-03 13:10 815512 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]

2012-01-03 13:10 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-09-11 05:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]

2008-07-14 18:42 81920 ----a-w- c:\program files\Common Files\Portrait Displays\Shared\DT_Startup.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-06-16 02:07 136176 ----atw- c:\users\Willy\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iXL_MiddleWare]

2010-04-28 08:36 52280 ----a-w- c:\program files\Fisher-Price\iXL\iXL.Middleware.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]

2007-02-09 17:17 694008 ----a-w- c:\program files\Portrait Displays\Pivot Software\wpCtrl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-05-18 12:42 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 14513384

*Deregistered* - 14513384

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-01-19 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:01]

.

2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:01]

.

2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1986106255-517538349-219921657-1000Core.job

- c:\users\Willy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-26 02:07]

.

2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1986106255-517538349-219921657-1000UA.job

- c:\users\Willy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-26 02:07]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1

FF - ProfilePath - c:\users\Willy\AppData\Roaming\Mozilla\Firefox\Profiles\dk6nrk6u.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-08 18:53

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-02-08 19:04:58

ComboFix-quarantined-files.txt 2012-02-09 01:04

ComboFix2.txt 2012-02-08 15:11

.

Pre-Run: 679,201,697,792 bytes free

Post-Run: 679,142,412,288 bytes free

.

- - End Of File - - D3D934029873E9949C2BB5E138CF995B

Link to post
Share on other sites

Regarding the ASK Toolbar

You may want to read this link about.

Please update Malwarebytes and perform a Quick Scan.Let it delete all detections and post the log in your next reply.

Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Start
  • Wait for the scan to finish
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name.
  • Push the Back button.
  • Push Finish

Please post this logfile in your next reply

Please launch DDS

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop and post both in your next reply

Please post in your next reply

MBAM Log

ESET Log

dds.txt

attach.txt

Link to post
Share on other sites

Here they are:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.09.08

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Willy :: HOMEOFFICE-PC [administrator]

Protection: Disabled

2/10/2012 12:19:39 PM

mbam-log-2012-02-10 (12-19-39).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 245972

Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

C:\TDSSKiller_Quarantine\04.02.2012_10.48.45\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan

C:\TDSSKiller_Quarantine\04.02.2012_10.48.45\mbr0000\tdlfs0000\tsk0005.dta Win32/Olmarik.AWO trojan

C:\TDSSKiller_Quarantine\08.02.2012_18.34.41\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan

C:\TDSSKiller_Quarantine\08.02.2012_18.34.41\tdlfs0000\tsk0005.dta Win32/Olmarik.AWO trojan

M:\Willy Files\Install Programs\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application

M:\Willy Files\My Downloads\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Willy at 12:14:03 on 2012-02-10

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1324 [GMT -6:00]

.

AV: Microsoft Forefront Client Security *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Microsoft Forefront Client Security *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe

C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\PSIService.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\PTC\WindchillSharePointProducts\ClientManager\ProductPointService.exe

C:\Users\Willy\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\WUDFHost.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Logitech\Vid HD\Vid.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

uURLSearchHooks: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\smilebox_en\prxtbSmil.dll

mURLSearchHooks: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\smilebox_en\prxtbSmil.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\smilebox_en\prxtbSmil.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

TB: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\smilebox_en\prxtbSmil.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode

uRun: [Eye-Fi] "c:\program files\eye-fi\helper\EyeFiHelper.exe"

uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [WifiMediaSync] c:\program files\ccapps\wifi media backup\Wifi Media Backup.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe

mRun: [startCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe

mRun: [stxTrayMenu] c:\program files\seagate\systemtray\freeagentlauncher.exe c:\program files\seagate\systemtray\StxMenuMgr.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Microsoft Forefront Client Security Antimalware Service] "c:\program files\microsoft forefront\client security\client\antimalware\MSASCui.exe" -hide

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe

mRun: [uVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"

mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [ArcSoft MediaImpression Monitor] c:\program files\kodak\mediaimpression\ArcMonitor.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\willy\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\willy\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\willy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\windch~1.lnk - c:\windows\installer\{129024ff-a6c9-4696-91bc-570c6c05193a}\_F5BCEE176F60B4DABC6DF8.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: intuit.com\ttlc

DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1

TCP: Interfaces\{980025DD-A381-4517-8823-EF080FA4120A} : DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\willy\appdata\roaming\mozilla\firefox\profiles\dk6nrk6u.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\common files\wolfram research\browser\8.0.1.2063897\npmathplugin.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\willy\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\users\willy\appdata\roaming\mozilla\firefox\profiles\dk6nrk6u.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll

FF - plugin: c:\users\willy\appdata\roaming\mozilla\firefox\profiles\dk6nrk6u.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: c:\users\willy\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll

FF - plugin: c:\users\willy\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\willy\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-2-8 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-2-8 744568]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120207.003\BHDrvx86.sys [2012-2-7 820344]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120209.002\IDSvix86.sys [2012-2-9 368248]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-2-8 136312]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\microsoft forefront\client security\client\ssa\FcsSas.exe [2007-4-6 73120]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-5-17 21504]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-3 652360]

R2 N360;Norton 360;c:\program files\norton 360\engine\5.2.0.13\ccsvchst.exe [2012-2-8 130008]

R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2009-9-17 369952]

R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\common files\safenet sentinel\sentinel security runtime\sntlsrtsrvr.exe [2009-9-17 292128]

R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-5-15 5120]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 450848]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-3 20464]

R3 N5SG;Airlink101 SuperG Wireless Network Adapter Service;c:\windows\system32\drivers\N5SG.sys [2006-11-3 467040]

R3 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2012-2-8 331384]

R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]

R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\microsoft forefront\client security\client\antimalware\MsMpEng.exe [2011-1-8 16896]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 136176]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-11-10 19456]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 136176]

S3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-8-24 71296]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files\sony\sound organizer\sony.earth\PACSPTISVR.exe [2010-11-19 157024]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-02-10 12:58:23 -------- d-----w- c:\program files\ESET

2012-02-10 01:00:32 -------- d-----w- c:\programdata\Protexis

2012-02-10 00:52:14 -------- d-----w- c:\users\willy\appdata\local\WinZip

2012-02-10 00:33:28 -------- d-----w- c:\users\willy\appdata\roaming\proDAD

2012-02-10 00:33:23 -------- d-----w- c:\programdata\proDAD

2012-02-10 00:33:23 -------- d-----w- c:\program files\proDAD

2012-02-10 00:32:16 69632 ----a-w- c:\windows\system32\MtxPreview.dll

2012-02-10 00:32:16 49152 ----a-w- c:\windows\system32\MtxParhBFXPreview.dll

2012-02-10 00:32:16 49152 ----a-w- c:\windows\system32\CvoAPI.dll

2012-02-10 00:32:16 45056 ----a-w- c:\windows\system32\BFXSrcFilter.ax

2012-02-10 00:32:16 237568 ----a-r- c:\windows\system32\qtmlClient.dll

2012-02-10 00:31:22 -------- d-----w- c:\program files\Boris FX, Inc

2012-02-10 00:31:15 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll

2012-02-10 00:31:15 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe

2012-02-10 00:31:15 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll

2012-02-10 00:31:15 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll

2012-02-10 00:31:11 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll

2012-02-10 00:31:09 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll

2012-02-10 00:31:08 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll

2012-02-10 00:30:15 -------- d-----w- c:\programdata\eSellerate

2012-02-10 00:05:48 -------- d-----w- c:\users\willy\appdata\local\Corel PaintShop Pro

2012-02-10 00:04:42 -------- d-----w- c:\program files\common files\Protexis

2012-02-09 03:16:22 744568 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symefa.sys

2012-02-09 03:16:22 340088 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symds.sys

2012-02-09 03:16:22 331384 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys

2012-02-09 03:16:22 299640 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symnets.sys

2012-02-09 03:16:21 516216 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtsp.sys

2012-02-09 03:16:21 50168 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtspx.sys

2012-02-09 03:16:21 136312 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys

2012-02-09 03:16:07 -------- d-----w- c:\windows\system32\drivers\n360\0502000.00D

2012-02-09 01:33:39 331384 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys

2012-02-09 01:33:39 296568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys

2012-02-09 01:33:38 744568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symefa.sys

2012-02-09 01:33:38 516216 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys

2012-02-09 01:33:38 50168 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys

2012-02-09 01:33:38 340088 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symds.sys

2012-02-09 01:33:38 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys

2012-02-09 01:33:22 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D

2012-02-09 01:24:45 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-02-09 01:24:38 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-02-09 01:24:38 -------- d-----w- c:\program files\Symantec

2012-02-09 01:23:35 -------- d-----w- c:\windows\system32\drivers\N360

2012-02-09 01:23:33 -------- d-----w- c:\program files\Norton 360

2012-02-09 01:23:32 -------- d-----w- c:\programdata\Norton

2012-02-09 01:05:33 -------- d-sh--w- C:\$RECYCLE.BIN

2012-02-09 01:05:13 -------- d-----w- c:\users\willy\appdata\local\temp

2012-02-08 14:52:29 98816 ----a-w- c:\windows\sed.exe

2012-02-08 14:52:29 518144 ----a-w- c:\windows\SWREG.exe

2012-02-08 14:52:29 256000 ----a-w- c:\windows\PEV.exe

2012-02-08 14:52:29 208896 ----a-w- c:\windows\MBR.exe

2012-02-08 14:22:23 6557240 ----a-w- c:\programdata\microsoft\microsoft forefront\client security\client\antimalware\definition updates\{df622446-0653-46db-bf0d-cbb7518fa040}\mpengine.dll

2012-02-06 04:34:12 -------- d-----w- c:\windows\CheckSur

2012-02-05 04:29:50 377344 ----a-w- c:\windows\system32\winhttp.dll

2012-02-05 04:29:49 72704 ----a-w- c:\windows\system32\secur32.dll

2012-02-05 04:29:49 278528 ----a-w- c:\windows\system32\schannel.dll

2012-02-05 04:29:48 9728 ----a-w- c:\windows\system32\lsass.exe

2012-02-05 04:29:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-02-05 04:29:48 1259008 ----a-w- c:\windows\system32\lsasrv.dll

2012-02-05 04:17:22 -------- d-----w- c:\programdata\NortonInstaller

2012-02-05 04:17:22 -------- d-----w- c:\program files\NortonInstaller

2012-02-05 03:30:13 -------- d-----w- c:\users\willy\appdata\roaming\my_app_files

2012-02-05 03:30:08 -------- d-----w- c:\users\willy\appdata\roaming\BirthdayAdventure

2012-02-05 03:23:08 -------- d-----w- c:\program files\Dora's Big Birthday Adventure

2012-02-04 16:50:38 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-03 22:59:16 -------- d-----w- c:\users\willy\appdata\roaming\Malwarebytes

2012-02-03 22:58:55 -------- d-----w- c:\programdata\Malwarebytes

2012-02-03 22:58:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-03 22:58:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-03 02:57:55 -------- d-----w- c:\windows\Microsoft Antimalware

2012-02-03 02:57:49 -------- d-----w- c:\windows\Windows Defender Offline

2012-01-22 18:25:23 -------- d-----w- c:\program files\iPod

2012-01-16 04:24:11 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll

2012-01-16 04:24:11 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll

2012-01-16 04:24:11 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll

2012-01-16 04:24:10 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll

.

==================== Find3M ====================

.

2012-02-10 03:27:54 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys

2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe

2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 20:23:34 1205064 ----a-w- c:\windows\system32\ntdll.dll

2011-11-18 17:47:03 66560 ----a-w- c:\windows\system32\packager.dll

2011-11-18 03:31:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 12:15:03.01 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 5/15/2009 12:45:24 AM

System Uptime: 2/8/2012 7:35:47 PM (41 hours ago)

.

Motherboard: Dell Inc. | | 0TP406

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | CPU | 2394/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 932 GiB total, 629.741 GiB free.

D: is CDROM ()

E: is CDROM ()

G: is Removable

H: is CDROM ()

I: is Removable

J: is Removable

K: is Removable

L: is FIXED (NTFS) - 699 GiB total, 352.605 GiB free.

M: is FIXED (NTFS) - 1397 GiB total, 1214.595 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21}

Description: Microsoft Windows SideShow Development Hardware

Device ID: USB\VID_BEEF&PID_0006\AAAAAAAAAAAAAAAAAAAA

Manufacturer: Microsoft

Name: XPS MiniView

PNP Device ID: USB\VID_BEEF&PID_0006\AAAAAAAAAAAAAAAAAAAA

Service: WUDFRd

.

Class GUID:

Description: BT Mini-Receiver

Device ID: USB\VID_413C&PID_8130\00197EE67D86

Manufacturer:

Name: BT Mini-Receiver

PNP Device ID: USB\VID_413C&PID_8130\00197EE67D86

Service:

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

==== System Restore Points ===================

.

RP2460: 1/22/2012 3:06:41 PM - Scheduled Checkpoint

RP2461: 1/22/2012 7:52:34 PM - Windows Update

RP2462: 1/23/2012 7:52:30 AM - Windows Update

RP2463: 1/23/2012 7:09:15 PM - Windows Update

RP2465: 1/23/2012 7:21:44 PM - Microsoft Forefront Client Security Checkpoint

RP2467: 1/23/2012 7:52:38 PM - Microsoft Forefront Client Security Checkpoint

RP2468: 1/24/2012 7:54:49 AM - Windows Update

RP2469: 1/24/2012 7:56:59 AM - Windows Update

RP2470: 1/24/2012 7:55:10 PM - Windows Update

RP2471: 1/25/2012 7:54:37 AM - Windows Update

RP2472: 1/25/2012 10:28:10 AM - Windows Update

RP2473: 1/25/2012 7:54:57 PM - Windows Update

RP2474: 1/26/2012 6:58:32 AM - Windows Update

RP2475: 1/26/2012 7:54:35 AM - Windows Update

RP2476: 1/26/2012 7:54:38 PM - Windows Update

RP2477: 1/27/2012 1:57:31 AM - Windows Update

RP2479: 1/27/2012 7:14:23 AM - Microsoft Forefront Client Security Checkpoint

RP2480: 1/27/2012 7:54:29 AM - Windows Update

RP2481: 1/27/2012 7:54:23 PM - Windows Update

RP2482: 1/28/2012 7:54:54 AM - Windows Update

RP2483: 1/28/2012 4:45:07 PM - Windows Update

RP2535: 1/31/2012 11:11:37 PM - Restore Operation

RP2541: 2/1/2012 6:55:13 AM - Restore Operation

RP2562: 2/4/2012 12:06:41 PM - Scheduled Checkpoint

RP2563: 2/4/2012 7:47:44 PM - Windows Update

RP2564: 2/4/2012 9:22:41 PM - Installed Dora's Big Birthday Adventure.

RP2565: 2/4/2012 10:27:56 PM - Windows Update

RP2566: 2/4/2012 11:23:19 PM - Windows Update

RP2567: 2/5/2012 7:50:37 AM - Windows Update

RP2568: 2/5/2012 5:23:34 PM - Windows Update

RP2569: 2/5/2012 10:33:31 PM - Windows Update

RP2570: 2/6/2012 7:55:11 AM - Windows Update

RP2571: 2/6/2012 8:11:15 AM - Windows Update

RP2572: 2/6/2012 8:24:50 PM - Windows Update

RP2573: 2/7/2012 8:20:41 AM - Windows Update

RP2574: 2/7/2012 8:20:53 PM - Windows Update

RP2575: 2/8/2012 8:20:54 AM - Windows Update

RP2576: 2/8/2012 11:56:41 PM - Scheduled Checkpoint

RP2578: 2/9/2012 6:00:41 PM - Installed DirectX

RP2580: 2/9/2012 6:15:49 PM - Installed DirectX

RP2582: 2/9/2012 6:28:48 PM - Installed SmartSound Common Data

RP2584: 2/9/2012 6:29:53 PM - Installed SmartSound Quicktracks 5

RP2585: 2/9/2012 6:50:49 PM - Installed WinZip 15.5

.

==== Installed Programs ======================

.

.

'PTC Places' Namespace Shell Extension

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office Suite Service Pack 2 (SP2)

ABBYY FineReader 9.0 Sprint

Adobe Acrobat X Pro

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Common File Installer

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Viewer CS3

Adobe Media Player

Adobe PDF Library Files

Adobe Photoshop 6.0

Adobe Photoshop Elements 6.0

Adobe Premiere Elements 4.0

Adobe Premiere Elements 4.0 Templates

Adobe Reader X (10.0.1)

Adobe Setup

Adobe Shockwave Player 11.6

Adobe Soundbooth CS3

Adobe Soundbooth CS3 Codecs

Adobe Soundbooth CS3 Scores

Adobe SVG Viewer

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe XMP DVA Panels CS3

Adobe XMP Panels CS3

ALGOR 23.00

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft MediaImpression for Kodak

ATI Catalyst Install Manager

Audacity 1.3.12 (Unicode)

BlackBerry Desktop Software 6.1

Bonjour

Boris Graffiti for Corel

CameraHelperMsi

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

CAXA Common Component-Info

CAXA Print Tool

CAXADraft Library for IronCAD Design Collaboration Suite 2011

ccc-core-static

ccc-utility

CCC Help English

CCleaner

Cisco Systems VPN Client 5.0.07.0290

Common

Contents

ConvertHelper 2.2

Corel MediaOne

Corel Paint Shop Pro Photo X2

Corel Painter X

Corel PaintShop Pro X4

Corel PaintShop Pro X4 Ultimate Bonus Pack

Corel VideoStudio 12

Corel VideoStudio Pro X4 Ultimate

Coupon Printer for Windows

D3DX10

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Resource CD

DeviceIO

DivX Converter

DivX Plus DirectShow Filters

DivX Setup

DivX Version Checker

Dora's Big Birthday Adventure

Dropbox

DVDFab HD Decrypter 4.0.5.0

Easy DVD Rip

Epson CreativeZone

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup

Epson Event Manager

Epson FAX Utility

Epson PC-FAX Driver

Epson Print CD

EPSON Printer Software

EPSON Scan

EPSON WorkForce 520 Series Printer Uninstall

EpsonNet Print

EpsonNet Setup 3.2

erLT

ESET Online Scanner v3

Eusing Free Registry Cleaner

Eye-Fi Center 3.4

FFmpeg for Audacity on Windows

FileZilla Client 3.5.1

Fine Woodworking Archive

Fisher-Price iXL - Disney Princess

Fisher-Price iXL - Toy Story

Fisher-Price iXL Computer Software

Free Convert MOV AVI to FLV Flash WMV Converter 5.8

FreeAgent Pro Tools

GEO5 for Redi

GEO5 for Redi - Redi Rock Wall

getPlus® for Adobe

Google Calendar Sync

Google Chrome

Google Earth

Google SketchUp Pro 7

Google Talk Plugin

Google Update Helper

HandBrake 0.9.5

Hauppauge MCE XP/Vista Software Encoder (2.0.26057)

Hauppauge WinTV

Hauppauge WinTV Scheduler

Hauppauge WinTV Soft PVR

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP My Display

ICA

iCloud

Intel® PRO Network Connections Drivers

Interactive Mechanics of Materials Tutorial

InterVideo DeviceService

InterVideo FilterSDK for Hauppauge

InterVideo WinDVD 8

iPhone Configuration Utility

IPM_PSP_COM

IPM_VS_Pro

IronCAD 11

IRONCAD 11 Product Update 1 Hotfix 1

IronCAD Design Collaboration Suite 2011

ISCOM

iSEEK AnswerWorks English Runtime

iTunes

Java 6 Update 26

Junk Mail filter update

K-Lite Codec Pack 4.0.0 (Full)

LAME v3.98.2 for Audacity

LeapFrog Connect

LeapFrog Tag Plugin

LightScribe Applications

LightScribe System Software

LightScribe Template Labeler

Logitech QuickCam Driver Package

Logitech Unifying Software 2.00

Logitech Vid HD

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.60.1.1000

Mathcad 15 F000

Mathematica Extras 8.0 (2063897)

Memorex exPressit Label Design Studio

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Forefront Client Security Antimalware Service

Microsoft Forefront Client Security State Assessment Service

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Live Add-in 1.5

Microsoft Office Live Meeting 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Project MUI (English) 2010

Microsoft Office Project Professional 2010

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2007

Microsoft Project 2010 Service Pack 1 (SP1)

Microsoft Project Professional 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MobileMe Control Panel

Mozilla Firefox 9.0.1 (x86 en-US)

Mozilla Thunderbird 9.0.1 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NCMA Masonry Design Software

NOOKstudy

Norton 360

OGA Notifier 2.0.0048.0

OrangeWare USB2.0 Driver

Picasa 3

Pivot Software

proDAD Mercalli 2.0

PSPPContent

PSPPHelp

PureHD

QuickTime

RealPlayer

Roxio Activation Module

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator Premier

Roxio Creator Tools

Roxio EasyArchive

Roxio Express Labeler

Roxio MyDVD Premier

Roxio Update Manager

SDK

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB979332)

Segoe UI

Sentinel Protection Installer 7.6.1

Setup

Share

Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)

Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)

Skins

Skype Click to Call

Skype™ 5.6

SmartSound Common Data

SmartSound Quicktracks 5

SmartSound Quicktracks Plugin

Smilebox

SmileBox EN Toolbar

Sonic CinePlayer Decoder Pack

Sound Organizer

StuffIt 11

swMSM

The Weather Channel Toolbar

TurboCAD Professional 15

TURBOFloorPlan3D Home & Landscape PRO

TurboTax 2009

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

Ulead VideoStudio 11

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)

VC80CRTRedist - 8.0.50727.4053

VideoStudio

VIO

VSClassic

VSUltimate

WebEx

Wifi Media Backup

Windchill ProductPoint Client Manager

Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Encoder 9 Series

Windows Media Player Firefox Plugin

WinZip 15.5

Wolfram Mathematica 8 (M-WIN-L 8.0.1 2063990)

Xilisoft Video Converter 3

XviD & MP3 Codec Pack (remove only)

Xvid Video Codec

Yahoo! Messenger

Yahoo! Toolbar

ZENcast Organizer

Zinio Reader

Zinio Reader 4

.

==== Event Viewer Messages From Past Week ========

.

2/8/2012 8:55:32 AM, Error: Service Control Manager [7034] - The Portrait Displays Display Tune Service service terminated unexpectedly. It has done this 1 time(s).

2/8/2012 8:34:06 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

2/8/2012 8:34:06 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/8/2012 8:28:58 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

2/8/2012 7:43:43 PM, Error: FcsSas [10006] - Forefront Client Security State Assessment Service policy applied with errors. Reverted to the following settings: Schedule Type: Interval Time: 12 Parameter:

2/8/2012 7:39:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: OMCI

2/8/2012 7:39:06 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.

2/8/2012 6:53:32 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

2/6/2012 9:22:23 AM, Error: EventLog [6008] - The previous system shutdown at 9:18:35 AM on 2/6/2012 was unexpected.

2/4/2012 2:18:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

2/4/2012 2:18:19 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/4/2012 2:18:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/4/2012 10:53:58 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

2/4/2012 10:53:58 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

2/4/2012 10:29:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows Vista (KB2585542).

2/4/2012 10:28:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2585542 (Security Update) into Resolving(Resolving) state

2/4/2012 10:28:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2585542 (Security Update) into Absent(Absent) state

2/4/2012 10:28:16 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2585542-8_neutral_GDR from package KB2585542(Security Update) into Resolving(Resolving) state

2/4/2012 10:28:16 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2585542-7_neutral_LDR from package KB2585542(Security Update) into Resolving(Resolving) state

2/4/2012 10:28:16 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2585542-6_neutral_LDR from package KB2585542(Security Update) into Resolving(Resolving) state

2/4/2012 10:28:16 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2585542-5_neutral_GDR from package KB2585542(Security Update) into Resolving(Resolving) state

2/4/2012 10:28:16 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2585542-4_neutral_LDR from package KB2585542(Security Update) into Resolving(Resolving) state

2/4/2012 10:28:16 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2585542-3_neutral_GDR from package KB2585542(Security Update) into Resolving(Resolving) state

2/4/2012 10:28:16 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2585542-2_neutral_LDR from package KB2585542(Security Update) into Resolving(Resolving) state

2/4/2012 10:28:16 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2585542-1_neutral_LDR from package KB2585542(Security Update) into Resolving(Resolving) state

2/3/2012 8:16:36 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

2/3/2012 8:16:36 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.

2/3/2012 8:13:39 PM, Error: Service Control Manager [7034] - The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s).

2/3/2012 8:13:39 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/3/2012 8:13:39 PM, Error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/3/2012 8:13:39 PM, Error: Service Control Manager [7031] - The WebClient service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/3/2012 8:13:39 PM, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

2/3/2012 8:13:39 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

2/3/2012 8:13:39 PM, Error: Service Control Manager [7031] - The Secure Socket Tunneling Protocol Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/3/2012 8:13:39 PM, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/3/2012 8:13:39 PM, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

2/3/2012 8:13:39 PM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/3/2012 8:13:39 PM, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

2/3/2012 7:36:11 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

2/3/2012 7:35:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

2/3/2012 7:34:35 PM, Error: EventLog [6008] - The previous system shutdown at 7:31:31 PM on 2/3/2012 was unexpected.

2/3/2012 7:04:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.

2/3/2012 7:04:24 AM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/3/2012 4:57:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 OMCI spldr Wanarpv6

2/3/2012 4:57:58 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2/3/2012 4:57:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/3/2012 4:57:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

2/3/2012 4:57:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/3/2012 4:57:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2/3/2012 4:56:44 PM, Error: EventLog [6008] - The previous system shutdown at 4:54:02 PM on 2/3/2012 was unexpected.

2/10/2012 11:49:52 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer RAMIREZNB2 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{980025DD-A381-4517-8823-EF080FA. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

Link to post
Share on other sites

Hy

I see more than one Anti Virus Programm installed. In your case Norton 360 and Forefront Security Client

Having 2 AVs may sound great but they can cause conflicts with each other, can lead to system slow-downs, instability, crashes and will provide less protection, not more.

So I highly recommend to uninstall one of them via Start > Control Panel > Add / Remove Programs and let me know which one you have removed.

Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

There is a newer version of Adobe Acrobat Reader available.

  • Please go to this link Adobe Acrobat Reader Download Link
  • Untick Free McAfee® Security Scan Plus if you do not wish to include this in the installation.
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Enviroment 6 Update 30 and save it to your desktop.
  • Scroll down to where it says Java SE 6 Update 30
  • Click the red Download JRE button on the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u30-windows-i586 to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are three options in the window to clear the cache - Make sure all are checked
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Unless you have any open issues, you are good to go. Please follow these last few steps.

Please press the windows.jpg + R Key and Copy/Paste the following single-line command into the Run box and click OK

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

Please delete the following folder

C:\TDSSKiller_Quarantine

Now that you appear to be free from malware lets help you stay that way!

It is vital that you keep your system up to date


  • Please enable Automatic Updates to keep your system up to date.
  • Windows Updates
    • Win XP: Start --> Control Panel and double- click on Automatic Updates.
    • Vista / 7: Start --> Control Panel --> System and Security --> Windows Updates

    [*]Software Updates

    Your installed Software also can have vulnerabilities that malware can use to infect your system.

    To keep your installed Software up to date I recommend File Hippo.

Anti Virus Software


  • Make sure to have one Anti Virus programme installed and update it on a regular basis. It is useless with out of date definitions.

Additional Protection

  • Malwarebytes Anti Malware
    The freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features.
  • WinPatrol
    WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Safer Browsing

Use an alternate browser

Other browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer.

Note: If you use Firefox you may want to have a look on this Add Ons.

Computer Maintenance

Clean out your temp files on a regular basis -I recommend TFC ( Temp File Cleaner ).

Thinking while surfing

There is no software which will protect your system from yourself.

I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preventing infection, and how to stay safe whilst browsing the internet.

If you have any questions kindly ask.

Please respond to this thread one more time so we can mark this thread as resolved.

Link to post
Share on other sites

Yes, thank you very much. The Forefront was the older program I was using and I just got Norton. I had not unistalled Forefront until we had this finished to avoid changing settings on you. I will follow all the other recommendations, thank you very much for your help and I soon as I get my next paycheck I will donate to your efforts. This was of incredible help.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.