Jump to content

Recommended Posts

Thank you for your help.

Obviously I have a virus on my computer. I was not able to run some of the logs because they were shut down. Malwarebytes will install, but always shuts down within a couple seconds of starting a scan. Then I am not able to access Malwarebytes again. I receive a message saying I don't have the appropriate permission. I receive the same message when trying to run my antivirus software (defender pro.) In addition, I can't search anything online, I am always redirected to "sales" sites.

Malwarebytes won't run a scan so I don't have that log. Here is the DDS.txt log.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Powell at 20:48:26 on 2011-10-04

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.979 [GMT -4:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\1223665537:2119700663.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Windows\system32\atashost.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

c:\Toshiba\IVP\swupdate\swupdtmr.exe

C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Defender Pro\Defender Pro 5-in-1\updatesrv.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Defender Pro\Defender Pro 5-in-1\downloader.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Powell\Desktop\Defogger.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://att.my.yahoo.com/

mStart Page = about:blank

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [startCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Defender Pro Antiphishing Helper] "c:\program files\defender pro\defender pro 5-in-1\ieshow.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\powell\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.254

TCP: Interfaces\{1465216A-A6C4-4A28-8252-4D12070E89E2} : DhcpNameServer = 192.168.0.254

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\powell\appdata\roaming\mozilla\firefox\profiles\i45h6srx.default\

FF - prefs.js: network.proxy.type - 0

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\totalrecipesearch_14ei\installr\1.bin\NP14EISb.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-7-26 43912]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-7-14 21504]

R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\defender pro\defender pro 5-in-1\updatesrv.exe [2010-8-20 43424]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-8-22 7168]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-10-3 41272]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1cc14e15248beb0;Google Update Service (gupdate1cc14e15248beb0);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 135664]

S3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-5-13 152528]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-28 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 135664]

S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2010-6-28 633424]

S4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2010-6-28 970320]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-10-05 00:37:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-05 00:35:26 -------- d-----w- c:\users\powell\appdata\local\{635F0531-CC89-4EB3-8BDE-763B1773F10B}

2011-10-05 00:34:25 -------- d-----w- c:\users\powell\appdata\local\{BF91CE5B-3428-4229-AB4D-BD51B14027A5}

2011-10-04 23:18:30 -------- d-----w- c:\users\powell\appdata\local\{D86C01D9-AFAB-459F-8125-7EA9355CF6DE}

2011-10-04 23:18:08 -------- d-----w- c:\users\powell\appdata\local\{AFF56666-D8F9-4578-A26C-F052D2541A28}

2011-10-04 22:21:58 306104 ----a-w- c:\windows\system32\drivers\trufos.sys

2011-10-04 21:05:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 3

2011-10-04 21:00:27 -------- d-----w- c:\users\powell\appdata\local\{698E28B3-D0C3-4E90-A885-2C65A149B465}

2011-10-04 21:00:04 -------- d-----w- c:\users\powell\appdata\local\{B17589FE-72BE-45CF-BD9C-F0F247131A3C}

2011-10-04 02:04:44 -------- d-----w- c:\users\powell\appdata\local\{D9BDE238-9D7E-4CAE-94BC-CEDAC35E54A3}

2011-10-04 02:04:05 -------- d-----w- c:\users\powell\appdata\local\{939D128E-2760-482A-BDB7-3072092B6AF5}

2011-10-04 01:39:29 -------- d-----w- c:\users\powell\appdata\local\{667F0CB6-7948-4F2F-877B-2E21FBEFC10F}

2011-10-04 01:10:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-04 01:07:43 -------- d-----w- c:\users\powell\appdata\local\{4F302490-A7B9-4C0B-B55D-5B3DB283970B}

2011-10-04 01:07:18 -------- d-----w- c:\users\powell\appdata\local\{7D969951-D33E-4097-92EB-31AC244B4329}

2011-10-03 23:36:09 -------- d-----w- c:\users\powell\appdata\local\{9468274E-7ED7-4C94-B5A1-BC09B07283D4}

2011-10-03 23:35:45 -------- d-----w- c:\users\powell\appdata\local\{7068C449-E34C-4DCA-9F4D-2B1D3D1E57B9}

2011-10-03 23:25:11 -------- d-----w- c:\users\powell\appdata\local\{2668782C-A0FC-4E36-952F-706A1AE3D50B}

2011-10-03 22:42:16 -------- d-----w- c:\users\powell\appdata\local\{1E520682-4DE8-4A2E-B606-79EF787ADAAC}

2011-10-03 22:41:55 -------- d-----w- c:\users\powell\appdata\local\{635D86BA-E0F1-4BA0-A2F3-8AA35BC8F8CE}

2011-10-03 22:36:22 -------- d-----w- c:\users\powell\appdata\local\{257C54CE-AA53-48D7-B5A6-AC7A2969886D}

2011-10-03 22:35:54 -------- d-----w- c:\users\powell\appdata\local\{C7313355-3797-4364-A574-660EA738D8D9}

2011-10-03 22:11:30 -------- d-----w- c:\users\powell\appdata\local\{91D5E796-2CB1-4C6C-854A-648EC5CE02A4}

2011-10-03 22:11:00 -------- d-----w- c:\users\powell\appdata\local\{646C2CE0-1C9F-4FD9-B0F5-28C0574BA0AE}

2011-10-03 21:56:50 -------- d-----w- c:\users\powell\appdata\local\{6E9D3C7F-A9BA-42FB-9506-C8E5222A65B0}

2011-10-03 21:56:27 -------- d-----w- c:\users\powell\appdata\local\{40623046-B07D-4A7B-B8F9-39266110B9BF}

2011-10-03 14:07:21 -------- d-----w- c:\users\powell\appdata\local\{3505C470-DB7A-4AAF-A669-BF0E3558F5CE}

2011-10-03 14:06:58 -------- d-----w- c:\users\powell\appdata\local\{E505381A-7ECF-4DC0-BE95-F0D29ACCC70F}

2011-10-03 02:39:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-27 23:55:47 -------- d-----w- c:\users\powell\appdata\local\{EBF531AA-EB6E-4E9C-9DC1-D84B72A12E2E}

2011-09-27 23:55:31 -------- d-----w- c:\users\powell\appdata\local\{29113AB9-1CB5-495C-B4AB-73506E760C4E}

2011-09-26 00:50:58 -------- d-----w- c:\users\powell\appdata\local\{355089DE-E7AB-4DB8-B94B-8506B13EDE63}

2011-09-26 00:50:39 -------- d-----w- c:\users\powell\appdata\local\{A737BEB1-9DB6-4063-B33F-BCAEDE556FA7}

2011-09-20 20:57:07 -------- d-----w- c:\users\powell\appdata\local\{F32345BD-F05B-4216-BA41-CDC031F0B3AF}

2011-09-20 20:56:47 -------- d-----w- c:\users\powell\appdata\local\{EC9F32ED-58EF-411D-80A6-84BB3E60D99D}

2011-09-15 19:43:36 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-09-09 16:37:51 -------- d-----w- c:\users\powell\appdata\local\{C6DDB97B-ED6C-44FA-B91F-581228F56E48}

2011-09-09 16:37:38 -------- d-----w- c:\users\powell\appdata\local\{B1149653-9DC4-4B1C-B4D3-44C4588D75B7}

2011-09-09 12:47:46 -------- d-----w- c:\users\powell\appdata\local\{6B81597A-400B-46DE-932F-71B6DD31642D}

.

==================== Find3M ====================

.

2011-10-04 22:22:37 503337 ----a-w- c:\programdata\bdinstall.bin

2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-11 13:25:35 2048 ----a-w- c:\windows\system32\tzres.dll

2010-07-08 14:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe

.

============= FINISH: 20:49:37.11 ===============

The gmer log would not run and when I tried, I got the same weird message about not having the appropriate permission.

attach.txt is attached, the "ark.txt" would not run either...with the same message as above

Thank you for your help, I'm loosing my mind....

Sally

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Thank you for your help.

Here is the TDSSkiller log

14:11:08.0689 5188 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06

14:11:09.0937 5188 ============================================================

14:11:09.0937 5188 Current date / time: 2011/10/10 14:11:09.0937

14:11:09.0937 5188 SystemInfo:

14:11:09.0937 5188

14:11:09.0937 5188 OS Version: 6.0.6002 ServicePack: 2.0

14:11:09.0937 5188 Product type: Workstation

14:11:09.0937 5188 ComputerName: POWELL-PC

14:11:09.0937 5188 UserName: Powell

14:11:09.0937 5188 Windows directory: C:\Windows

14:11:09.0937 5188 System windows directory: C:\Windows

14:11:09.0937 5188 Processor architecture: Intel x86

14:11:09.0937 5188 Number of processors: 2

14:11:09.0937 5188 Page size: 0x1000

14:11:09.0937 5188 Boot type: Normal boot

14:11:09.0937 5188 ============================================================

14:11:12.0730 5188 Initialize success

14:11:15.0834 2644 ============================================================

14:11:15.0834 2644 Scan started

14:11:15.0834 2644 Mode: Manual;

14:11:15.0834 2644 ============================================================

14:11:25.0069 2644 81a7ef48 (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\1223665537:2119700663.exe

14:11:25.0069 2644 Suspicious file (Hidden): C:\Windows\1223665537:2119700663.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

14:11:25.0069 2644 81a7ef48 ( HiddenFile.Multi.Generic ) - warning

14:11:25.0069 2644 81a7ef48 - detected HiddenFile.Multi.Generic (1)

14:11:25.0568 2644 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

14:11:25.0615 2644 ACPI - ok

14:11:25.0834 2644 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

14:11:25.0834 2644 adp94xx - ok

14:11:25.0880 2644 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

14:11:25.0896 2644 adpahci - ok

14:11:25.0927 2644 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

14:11:25.0943 2644 adpu160m - ok

14:11:25.0958 2644 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

14:11:25.0958 2644 adpu320 - ok

14:11:26.0052 2644 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

14:11:26.0052 2644 AFD - ok

14:11:26.0161 2644 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys

14:11:26.0208 2644 AgereSoftModem - ok

14:11:26.0286 2644 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

14:11:26.0286 2644 agp440 - ok

14:11:26.0317 2644 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

14:11:26.0317 2644 aic78xx - ok

14:11:26.0364 2644 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

14:11:26.0380 2644 aliide - ok

14:11:26.0411 2644 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

14:11:26.0426 2644 amdagp - ok

14:11:26.0442 2644 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

14:11:26.0442 2644 amdide - ok

14:11:26.0489 2644 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

14:11:26.0504 2644 AmdK7 - ok

14:11:26.0536 2644 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

14:11:26.0551 2644 AmdK8 - ok

14:11:26.0598 2644 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

14:11:26.0598 2644 arc - ok

14:11:26.0629 2644 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

14:11:26.0629 2644 arcsas - ok

14:11:26.0692 2644 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

14:11:26.0707 2644 AsyncMac - ok

14:11:26.0738 2644 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

14:11:26.0738 2644 atapi - ok

14:11:27.0316 2644 atikmdag (22d300f835600c9c634860cf2912f9cf) C:\Windows\system32\DRIVERS\atikmdag.sys

14:11:27.0565 2644 atikmdag - ok

14:11:27.0690 2644 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys

14:11:27.0706 2644 AtiPcie - ok

14:11:27.0862 2644 avc3 (c6cf76384dfc739b0be55abb79ad4dc0) C:\Windows\system32\DRIVERS\avc3.sys

14:11:27.0877 2644 avc3 - ok

14:11:28.0033 2644 avckf (b758a219e95c085405b1e356a8267610) C:\Windows\system32\DRIVERS\avckf.sys

14:11:28.0127 2644 avckf - ok

14:11:28.0220 2644 BDFM (8d4efc5c378bffe34c298c92f37d3b14) C:\Windows\system32\DRIVERS\bdfm.sys

14:11:28.0236 2644 BDFM - ok

14:11:28.0298 2644 bdfsfltr (4c44d82e372a87b3cb439a7f14cfef03) C:\Windows\system32\DRIVERS\bdfsfltr.sys

14:11:28.0330 2644 bdfsfltr - ok

14:11:28.0392 2644 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

14:11:28.0392 2644 Beep - ok

14:11:28.0517 2644 blbdrive - ok

14:11:28.0798 2644 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

14:11:28.0798 2644 bowser - ok

14:11:28.0922 2644 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

14:11:28.0938 2644 BrFiltLo - ok

14:11:29.0000 2644 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

14:11:29.0032 2644 BrFiltUp - ok

14:11:29.0156 2644 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

14:11:29.0219 2644 Brserid - ok

14:11:29.0344 2644 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

14:11:29.0344 2644 BrSerWdm - ok

14:11:29.0453 2644 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

14:11:29.0531 2644 BrUsbMdm - ok

14:11:29.0718 2644 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

14:11:29.0718 2644 BrUsbSer - ok

14:11:29.0812 2644 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

14:11:29.0827 2644 BTHMODEM - ok

14:11:29.0936 2644 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

14:11:29.0999 2644 cdfs - ok

14:11:30.0186 2644 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

14:11:30.0186 2644 cdrom - ok

14:11:30.0685 2644 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

14:11:30.0685 2644 circlass - ok

14:11:31.0184 2644 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

14:11:31.0200 2644 CLFS - ok

14:11:31.0372 2644 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

14:11:31.0403 2644 CmBatt - ok

14:11:31.0512 2644 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

14:11:31.0528 2644 cmdide - ok

14:11:31.0668 2644 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

14:11:31.0684 2644 Compbatt - ok

14:11:31.0824 2644 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

14:11:31.0855 2644 crcdisk - ok

14:11:31.0949 2644 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

14:11:31.0949 2644 Crusoe - ok

14:11:32.0120 2644 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

14:11:32.0152 2644 DfsC - ok

14:11:32.0370 2644 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

14:11:32.0401 2644 disk - ok

14:11:32.0542 2644 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

14:11:32.0557 2644 drmkaud - ok

14:11:32.0932 2644 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

14:11:33.0056 2644 DXGKrnl - ok

14:11:33.0602 2644 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

14:11:33.0680 2644 E1G60 - ok

14:11:34.0273 2644 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

14:11:34.0289 2644 Ecache - ok

14:11:34.0882 2644 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

14:11:35.0350 2644 elxstor - ok

14:11:35.0818 2644 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

14:11:35.0833 2644 exfat - ok

14:11:35.0989 2644 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

14:11:36.0005 2644 fastfat - ok

14:11:36.0379 2644 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

14:11:36.0410 2644 fdc - ok

14:11:37.0066 2644 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

14:11:37.0081 2644 FileInfo - ok

14:11:37.0175 2644 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

14:11:37.0206 2644 Filetrace - ok

14:11:37.0534 2644 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

14:11:37.0580 2644 flpydisk - ok

14:11:38.0095 2644 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

14:11:38.0126 2644 FltMgr - ok

14:11:38.0906 2644 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

14:11:38.0984 2644 fssfltr - ok

14:11:39.0312 2644 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

14:11:39.0312 2644 Fs_Rec - ok

14:11:39.0390 2644 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys

14:11:39.0390 2644 FwLnk - ok

14:11:39.0764 2644 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

14:11:39.0780 2644 gagp30kx - ok

14:11:40.0607 2644 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

14:11:40.0669 2644 HdAudAddService - ok

14:11:41.0044 2644 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:11:41.0246 2644 HDAudBus - ok

14:11:41.0839 2644 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

14:11:41.0855 2644 HidBth - ok

14:11:41.0995 2644 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\DRIVERS\hidir.sys

14:11:41.0995 2644 HidIr - ok

14:11:42.0058 2644 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys

14:11:42.0058 2644 HidUsb - ok

14:11:42.0182 2644 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

14:11:42.0214 2644 HpCISSs - ok

14:11:42.0432 2644 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

14:11:42.0510 2644 HTTP - ok

14:11:42.0775 2644 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

14:11:42.0806 2644 i2omp - ok

14:11:42.0869 2644 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

14:11:42.0900 2644 i8042prt - ok

14:11:42.0962 2644 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

14:11:42.0978 2644 iaStorV - ok

14:11:43.0118 2644 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

14:11:43.0150 2644 iirsp - ok

14:11:44.0179 2644 IntcAzAudAddService (97cac2a7e92ffcb30c15101ab002ed30) C:\Windows\system32\drivers\RTKVHDA.sys

14:11:45.0178 2644 IntcAzAudAddService - ok

14:11:45.0334 2644 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

14:11:45.0334 2644 intelide - ok

14:11:45.0692 2644 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

14:11:45.0739 2644 intelppm - ok

14:11:46.0114 2644 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:11:46.0145 2644 IpFilterDriver - ok

14:11:46.0379 2644 IpInIp - ok

14:11:46.0519 2644 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

14:11:46.0535 2644 IPMIDRV - ok

14:11:46.0940 2644 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

14:11:46.0972 2644 IPNAT - ok

14:11:47.0471 2644 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

14:11:47.0486 2644 IRENUM - ok

14:11:47.0954 2644 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

14:11:47.0970 2644 isapnp - ok

14:11:48.0485 2644 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

14:11:48.0500 2644 iScsiPrt - ok

14:11:49.0000 2644 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

14:11:49.0234 2644 iteatapi - ok

14:11:49.0702 2644 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

14:11:49.0717 2644 iteraid - ok

14:11:50.0762 2644 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

14:11:50.0762 2644 kbdclass - ok

14:11:50.0918 2644 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys

14:11:50.0934 2644 kbdhid - ok

14:11:51.0028 2644 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys

14:11:51.0043 2644 KR10I - ok

14:11:51.0277 2644 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys

14:11:51.0324 2644 KR10N - ok

14:11:51.0823 2644 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys

14:11:52.0088 2644 KR3NPXP - ok

14:11:53.0352 2644 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

14:11:53.0383 2644 KSecDD - ok

14:11:53.0929 2644 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

14:11:53.0960 2644 lltdio - ok

14:11:54.0070 2644 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

14:11:54.0101 2644 LSI_FC - ok

14:11:54.0210 2644 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

14:11:54.0210 2644 LSI_SAS - ok

14:11:54.0319 2644 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

14:11:54.0382 2644 LSI_SCSI - ok

14:11:55.0099 2644 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

14:11:55.0146 2644 luafv - ok

14:11:55.0286 2644 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys

14:11:55.0318 2644 MBAMProtector - ok

14:11:56.0300 2644 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

14:11:56.0425 2644 megasas - ok

14:11:57.0392 2644 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

14:11:57.0595 2644 Modem - ok

14:11:58.0313 2644 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

14:11:58.0313 2644 monitor - ok

14:11:58.0687 2644 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

14:11:58.0703 2644 mouclass - ok

14:11:58.0859 2644 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys

14:11:58.0890 2644 mouhid - ok

14:11:59.0327 2644 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

14:11:59.0358 2644 MountMgr - ok

14:11:59.0717 2644 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

14:11:59.0748 2644 mpio - ok

14:12:00.0232 2644 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

14:12:00.0278 2644 mpsdrv - ok

14:12:00.0778 2644 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

14:12:00.0778 2644 Mraid35x - ok

14:12:01.0012 2644 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

14:12:01.0012 2644 MRxDAV - ok

14:12:01.0074 2644 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:12:01.0074 2644 mrxsmb - ok

14:12:01.0168 2644 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:12:01.0168 2644 mrxsmb10 - ok

14:12:01.0277 2644 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:12:01.0277 2644 mrxsmb20 - ok

14:12:01.0339 2644 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

14:12:01.0339 2644 msahci - ok

14:12:01.0464 2644 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

14:12:01.0464 2644 msdsm - ok

14:12:01.0776 2644 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

14:12:01.0792 2644 Msfs - ok

14:12:01.0948 2644 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

14:12:01.0963 2644 msisadrv - ok

14:12:03.0258 2644 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

14:12:03.0289 2644 MSKSSRV - ok

14:12:03.0383 2644 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

14:12:03.0383 2644 MSPCLOCK - ok

14:12:03.0445 2644 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

14:12:03.0461 2644 MSPQM - ok

14:12:03.0508 2644 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

14:12:03.0508 2644 MsRPC - ok

14:12:03.0570 2644 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

14:12:03.0586 2644 mssmbios - ok

14:12:03.0601 2644 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

14:12:03.0601 2644 MSTEE - ok

14:12:03.0632 2644 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

14:12:03.0664 2644 Mup - ok

14:12:03.0742 2644 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

14:12:03.0757 2644 NativeWifiP - ok

14:12:03.0820 2644 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

14:12:03.0835 2644 NDIS - ok

14:12:03.0913 2644 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

14:12:03.0913 2644 NdisTapi - ok

14:12:03.0960 2644 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

14:12:03.0976 2644 Ndisuio - ok

14:12:04.0022 2644 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

14:12:04.0038 2644 NdisWan - ok

14:12:04.0085 2644 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

14:12:04.0100 2644 NDProxy - ok

14:12:04.0147 2644 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

14:12:04.0147 2644 NetBIOS - ok

14:12:04.0194 2644 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

14:12:04.0194 2644 netbt - ok

14:12:04.0303 2644 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

14:12:04.0334 2644 nfrd960 - ok

14:12:04.0397 2644 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

14:12:04.0428 2644 Npfs - ok

14:12:04.0459 2644 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

14:12:04.0475 2644 nsiproxy - ok

14:12:04.0724 2644 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

14:12:04.0756 2644 Ntfs - ok

14:12:04.0787 2644 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

14:12:04.0802 2644 ntrigdigi - ok

14:12:04.0849 2644 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

14:12:04.0849 2644 Null - ok

14:12:04.0880 2644 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

14:12:04.0896 2644 nvraid - ok

14:12:04.0943 2644 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

14:12:04.0943 2644 nvstor - ok

14:12:04.0974 2644 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

14:12:04.0974 2644 nv_agp - ok

14:12:04.0990 2644 NwlnkFlt - ok

14:12:05.0036 2644 NwlnkFwd - ok

14:12:05.0099 2644 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

14:12:05.0114 2644 ohci1394 - ok

14:12:05.0239 2644 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

14:12:05.0239 2644 Parport - ok

14:12:05.0302 2644 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

14:12:05.0317 2644 partmgr - ok

14:12:05.0364 2644 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

14:12:05.0395 2644 Parvdm - ok

14:12:05.0442 2644 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

14:12:05.0442 2644 pci - ok

14:12:05.0520 2644 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

14:12:05.0520 2644 pciide - ok

14:12:05.0582 2644 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

14:12:05.0598 2644 pcmcia - ok

14:12:05.0785 2644 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

14:12:05.0816 2644 PEAUTH - ok

14:12:06.0269 2644 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

14:12:06.0269 2644 PptpMiniport - ok

14:12:06.0394 2644 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

14:12:06.0409 2644 Processor - ok

14:12:06.0518 2644 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

14:12:06.0518 2644 PSched - ok

14:12:06.0581 2644 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

14:12:06.0612 2644 ql2300 - ok

14:12:06.0659 2644 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

14:12:06.0659 2644 ql40xx - ok

14:12:06.0706 2644 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

14:12:06.0706 2644 QWAVEdrv - ok

14:12:06.0815 2644 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

14:12:06.0815 2644 RasAcd - ok

14:12:06.0877 2644 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:12:06.0893 2644 Rasl2tp - ok

14:12:06.0924 2644 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

14:12:06.0940 2644 RasPppoe - ok

14:12:06.0971 2644 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

14:12:06.0971 2644 RasSstp - ok

14:12:07.0002 2644 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

14:12:07.0033 2644 rdbss - ok

14:12:07.0080 2644 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:12:07.0080 2644 RDPCDD - ok

14:12:07.0127 2644 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

14:12:07.0127 2644 rdpdr - ok

14:12:07.0158 2644 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

14:12:07.0174 2644 RDPENCDD - ok

14:12:07.0205 2644 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

14:12:07.0220 2644 RDPWD - ok

14:12:07.0267 2644 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys

14:12:07.0283 2644 rimmptsk - ok

14:12:07.0330 2644 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys

14:12:07.0345 2644 rimsptsk - ok

14:12:07.0361 2644 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys

14:12:07.0361 2644 rismxdp - ok

14:12:07.0423 2644 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

14:12:07.0439 2644 rspndr - ok

14:12:07.0501 2644 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys

14:12:07.0532 2644 RTL8169 - ok

14:12:07.0626 2644 RTL8187B (7fe5089eb5f624899de08c30db4377fc) C:\Windows\system32\DRIVERS\RTL8187B.sys

14:12:07.0673 2644 RTL8187B - ok

14:12:07.0720 2644 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

14:12:07.0751 2644 sbp2port - ok

14:12:07.0798 2644 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

14:12:07.0798 2644 sdbus - ok

14:12:07.0829 2644 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

14:12:07.0829 2644 secdrv - ok

14:12:07.0876 2644 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

14:12:07.0891 2644 Serenum - ok

14:12:07.0938 2644 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

14:12:07.0954 2644 Serial - ok

14:12:08.0000 2644 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

14:12:08.0016 2644 sermouse - ok

14:12:08.0110 2644 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

14:12:08.0110 2644 sffdisk - ok

14:12:08.0141 2644 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

14:12:08.0156 2644 sffp_mmc - ok

14:12:08.0188 2644 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

14:12:08.0219 2644 sffp_sd - ok

14:12:08.0234 2644 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

14:12:08.0234 2644 sfloppy - ok

14:12:08.0281 2644 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

14:12:08.0297 2644 sisagp - ok

14:12:08.0578 2644 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

14:12:08.0593 2644 SiSRaid2 - ok

14:12:08.0734 2644 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

14:12:08.0749 2644 SiSRaid4 - ok

14:12:08.0780 2644 Smb (7a436f2e9704cf4c6f54eb19f0b1cd1a) C:\Windows\system32\DRIVERS\smb.sys

14:12:08.0780 2644 Smb ( Rootkit.Win32.ZAccess.h ) - infected

14:12:08.0780 2644 Smb - detected Rootkit.Win32.ZAccess.h (0)

14:12:08.0843 2644 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

14:12:08.0858 2644 spldr - ok

14:12:08.0890 2644 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

14:12:08.0921 2644 srv - ok

14:12:08.0968 2644 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

14:12:08.0968 2644 srv2 - ok

14:12:08.0999 2644 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

14:12:08.0999 2644 srvnet - ok

14:12:09.0092 2644 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

14:12:09.0092 2644 swenum - ok

14:12:09.0311 2644 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

14:12:09.0311 2644 Symc8xx - ok

14:12:09.0358 2644 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

14:12:09.0358 2644 Sym_hi - ok

14:12:09.0404 2644 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

14:12:09.0404 2644 Sym_u3 - ok

14:12:09.0436 2644 SynTP (11f730bf0d0aa4fe7de7138a32a52422) C:\Windows\system32\DRIVERS\SynTP.sys

14:12:09.0436 2644 SynTP - ok

14:12:09.0607 2644 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys

14:12:09.0623 2644 Tcpip - ok

14:12:09.0919 2644 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys

14:12:09.0935 2644 Tcpip6 - ok

14:12:10.0309 2644 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

14:12:10.0325 2644 tcpipreg - ok

14:12:10.0450 2644 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys

14:12:10.0465 2644 tdcmdpst - ok

14:12:10.0574 2644 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

14:12:10.0621 2644 TDPIPE - ok

14:12:10.0684 2644 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

14:12:10.0684 2644 TDTCP - ok

14:12:10.0886 2644 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

14:12:10.0918 2644 tdx - ok

14:12:11.0089 2644 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

14:12:11.0105 2644 TermDD - ok

14:12:11.0276 2644 Tosrfcom - ok

14:12:11.0370 2644 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys

14:12:11.0370 2644 tosrfec - ok

14:12:11.0464 2644 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys

14:12:11.0464 2644 tos_sps32 - ok

14:12:11.0713 2644 Trufos (6d4bc090afc77f3fd3cbc32817096a01) C:\Windows\system32\DRIVERS\Trufos.sys

14:12:11.0729 2644 Trufos - ok

14:12:11.0791 2644 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:12:11.0791 2644 tssecsrv - ok

14:12:11.0854 2644 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

14:12:11.0854 2644 tunmp - ok

14:12:11.0916 2644 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

14:12:11.0916 2644 tunnel - ok

14:12:11.0978 2644 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

14:12:11.0994 2644 TVALZ - ok

14:12:12.0041 2644 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

14:12:12.0056 2644 uagp35 - ok

14:12:12.0134 2644 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

14:12:12.0150 2644 udfs - ok

14:12:12.0228 2644 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

14:12:12.0228 2644 uliagpkx - ok

14:12:12.0275 2644 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

14:12:12.0290 2644 uliahci - ok

14:12:12.0337 2644 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

14:12:12.0337 2644 UlSata - ok

14:12:12.0368 2644 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

14:12:12.0368 2644 ulsata2 - ok

14:12:12.0415 2644 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

14:12:12.0415 2644 umbus - ok

14:12:12.0509 2644 usbccgp (0adb101083dfa5039b1e65fb36551ab1) C:\Windows\system32\DRIVERS\usbccgp.sys

14:12:12.0540 2644 usbccgp - ok

14:12:12.0556 2644 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

14:12:12.0571 2644 usbcir - ok

14:12:12.0602 2644 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

14:12:12.0618 2644 usbehci - ok

14:12:12.0649 2644 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

14:12:12.0712 2644 usbhub - ok

14:12:12.0821 2644 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

14:12:12.0852 2644 usbohci - ok

14:12:13.0414 2644 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

14:12:13.0445 2644 usbprint - ok

14:12:14.0428 2644 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:12:14.0443 2644 USBSTOR - ok

14:12:14.0802 2644 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

14:12:14.0849 2644 usbuhci - ok

14:12:15.0410 2644 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys

14:12:15.0442 2644 usbvideo - ok

14:12:15.0613 2644 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

14:12:15.0629 2644 vga - ok

14:12:15.0754 2644 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

14:12:15.0800 2644 VgaSave - ok

14:12:15.0956 2644 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

14:12:15.0988 2644 viaagp - ok

14:12:16.0081 2644 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

14:12:16.0081 2644 ViaC7 - ok

14:12:16.0222 2644 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

14:12:16.0237 2644 viaide - ok

14:12:16.0346 2644 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

14:12:16.0362 2644 volmgr - ok

14:12:16.0518 2644 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

14:12:16.0580 2644 volmgrx - ok

14:12:16.0752 2644 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

14:12:16.0814 2644 volsnap - ok

14:12:17.0267 2644 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

14:12:17.0314 2644 vsmraid - ok

14:12:17.0891 2644 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

14:12:17.0922 2644 WacomPen - ok

14:12:18.0499 2644 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:12:18.0546 2644 Wanarp - ok

14:12:18.0608 2644 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:12:18.0608 2644 Wanarpv6 - ok

14:12:19.0139 2644 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

14:12:19.0139 2644 Wd - ok

14:12:20.0293 2644 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

14:12:20.0356 2644 Wdf01000 - ok

14:12:20.0964 2644 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys

14:12:21.0011 2644 winbondcir - ok

14:12:21.0167 2644 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

14:12:21.0182 2644 WmiAcpi - ok

14:12:21.0697 2644 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

14:12:21.0697 2644 ws2ifsl - ok

14:12:21.0838 2644 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:12:21.0838 2644 WUDFRd - ok

14:12:21.0884 2644 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

14:12:21.0900 2644 \Device\Harddisk0\DR0 - ok

14:12:21.0900 2644 Boot (0x1200) (b236898dee8bffa614a2fd41d39d7203) \Device\Harddisk0\DR0\Partition0

14:12:21.0900 2644 \Device\Harddisk0\DR0\Partition0 - ok

14:12:21.0916 2644 ============================================================

14:12:21.0916 2644 Scan finished

14:12:21.0916 2644 ============================================================

14:12:22.0025 2728 Detected object count: 2

14:12:22.0025 2728 Actual detected object count: 2

14:12:43.0085 2728 81a7ef48 ( HiddenFile.Multi.Generic ) - skipped by user

14:12:43.0085 2728 81a7ef48 ( HiddenFile.Multi.Generic ) - User select action: Skip

14:12:43.0350 2728 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\smb.sys) error 1813

14:12:54.0223 2728 Backup copy found, using it..

14:12:54.0239 2728 C:\Windows\system32\DRIVERS\smb.sys - will be cured on reboot

14:12:54.0239 2728 Smb ( Rootkit.Win32.ZAccess.h ) - User select action: Cure

14:13:11.0461 2436 Deinitialize success

The Combo Fix log

ComboFix 11-10-10.02 - Powell 10/10/2011 15:34:41.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.1322 [GMT -4:00]

Running from: c:\users\Powell\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\TotalRecipeSearch_14EI

c:\program files\TotalRecipeSearch_14EI\Installr\1.bin\14EIPlug.dll

c:\program files\TotalRecipeSearch_14EI\Installr\1.bin\14EZSETP.dll

c:\program files\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISb.dll

c:\users\Powell\AppData\Roaming\Adobe\plugs

c:\users\Powell\AppData\Roaming\Adobe\plugs\mmc149.exe

c:\users\Powell\AppData\Roaming\Adobe\plugs\mmc195.exe

c:\users\Powell\AppData\Roaming\Adobe\plugs\mmc23.exe

c:\users\Powell\AppData\Roaming\Adobe\plugs\mmc231.exe

c:\users\Powell\AppData\Roaming\Adobe\plugs\mmc247.exe

c:\users\Powell\AppData\Roaming\Adobe\plugs\mmc53.exe

c:\users\Powell\AppData\Roaming\Adobe\plugs\mmc84259150.txt

c:\users\Powell\AppData\Roaming\Adobe\plugs\mmc84289493.txt

c:\users\Powell\AppData\Roaming\Adobe\plugs\mmc84303486.txt

c:\users\Powell\AppData\Roaming\Adobe\shed

c:\users\Powell\AppData\Roaming\Adobe\shed\thr1.chm

c:\windows\$NtUninstallKB37136$

c:\windows\$NtUninstallKB37136$\2175266632\@

c:\windows\$NtUninstallKB37136$\2175266632\click.tlb

c:\windows\$NtUninstallKB37136$\2175266632\L\qnbwvoto

c:\windows\$NtUninstallKB37136$\2175266632\loader.tlb

c:\windows\$NtUninstallKB37136$\2175266632\U\@00000001

c:\windows\$NtUninstallKB37136$\2175266632\U\@000000c0

c:\windows\$NtUninstallKB37136$\2175266632\U\@000000cb

c:\windows\$NtUninstallKB37136$\2175266632\U\@000000cf

c:\windows\$NtUninstallKB37136$\2175266632\U\@80000000

c:\windows\$NtUninstallKB37136$\2175266632\U\@800000c0

c:\windows\$NtUninstallKB37136$\2175266632\U\@800000cb

c:\windows\$NtUninstallKB37136$\2175266632\U\@800000cf

c:\windows\$NtUninstallKB37136$\2351199650

c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}

c:\windows\system32\

c:\windows\system32\c_06192.nls

.

Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected

Restored copy from - The cat found it :)

Infected copy of c:\windows\system32\agrsmsvc.exe was found and disinfected

Restored copy from - c:\windows\System32\DriverStore\FileRepository\agrmdv32.inf_3aa25efe\agrsmsvc.exe

.

Infected copy of c:\windows\system32\atashost.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!atashost.exe

.

Infected copy of c:\windows\system32\Ati2evxx.exe was found and disinfected

Restored copy from - c:\windows\System32\DriverStore\FileRepository\cl_51583.inf_60f31906\B_51322\Ati2evxx.exe

.

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe . . . is infected!!

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Malwarebytes' Anti-Malware!mbamservice.exe

.

Infected copy of c:\toshiba\IVP\ISM\pinger.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Toshiba!IVP!ISM!pinger.exe

.

Infected copy of c:\toshiba\IVP\swupdate\swupdtmr.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Toshiba!IVP!swupdate!swupdtmr.exe

.

c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe . . . is infected!!

c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\windows\system32\TODDSrv.exe . . . is infected!!

c:\windows\system32\TODDSrv.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Toshiba!Bluetooth Toshiba Stack!TosBtSrv.exe

.

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe . . . is infected!!

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe . . . was deleted!! You should re-install the program it pertains to

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_81a7ef48

.

.

((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 )))))))))))))))))))))))))))))))

.

.

2011-10-10 20:51 . 2011-10-10 21:05 -------- d-----w- c:\users\Powell\AppData\Local\temp

2011-10-10 20:51 . 2011-10-10 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-10 19:48 . 2010-07-26 16:05 43912 ----a-w- c:\windows\system32\atashost.exe

2011-10-10 19:25 . 2009-04-11 01:39 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-10-10 18:33 . 2011-10-10 18:33 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\250edd611cc877b02\MeshBetaRemover.exe

2011-10-10 18:32 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-10 18:15 . 2011-10-10 18:15 48016 --sha-w- c:\windows\system32\c_06192.nl_

2011-10-04 22:21 . 2011-10-04 23:47 306104 ----a-w- c:\windows\system32\drivers\trufos.sys

2011-10-04 21:05 . 2011-10-04 22:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 3

2011-10-04 01:10 . 2011-10-10 18:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-03 02:39 . 2011-10-03 02:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-15 19:43 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-10 18:14 . 2010-07-14 17:17 66560 ----a-w- c:\windows\system32\drivers\smb.sys

2011-10-04 22:22 . 2011-07-10 02:05 503337 ----a-w- c:\programdata\bdinstall.bin

2011-07-22 02:54 . 2011-08-12 17:25 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48 . 2011-08-12 17:25 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44 . 2011-08-12 17:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe

2011-09-30 22:14 . 2011-06-08 19:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-07-26 18:20 . 2010-07-26 18:38 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-26 39408]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-08-10 4702208]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-07 273544]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Defender Pro Antiphishing Helper"="c:\program files\Defender Pro\Defender Pro 5-in-1\ieshow.exe" [2011-07-10 80504]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\users\Powell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2679664129-4054042628-1753285185-1000]

"EnableNotificationsRef"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1cc14e15248beb0;Google Update Service (gupdate1cc14e15248beb0);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 135664]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648]

R3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-05-13 152528]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 135664]

R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2010-06-28 633424]

R4 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2010-06-28 970320]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-07-26 43912]

S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\Defender Pro\Defender Pro 5-in-1\updatesrv.exe [2011-07-10 43424]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 02:15]

.

2011-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 02:15]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://att.my.yahoo.com/

mStart Page = about:blank

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.0.254

FF - ProfilePath - c:\users\Powell\AppData\Roaming\Mozilla\Firefox\Profiles\i45h6srx.default\

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-03923793.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-10 17:06

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\agrsmsvc.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\toshiba\IVP\ISM\pinger.exe

c:\toshiba\IVP\swupdate\swupdtmr.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\RtHDVCpl.exe

c:\program files\Synaptics\SynTP\SynTPEnh.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

c:\program files\Synaptics\SynTP\SynToshiba.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Defender Pro\Defender Pro 5-in-1\downloader.exe

c:\program files\real\realplayer\RealPlay.exe

.

**************************************************************************

.

Completion time: 2011-10-10 17:12:05 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-10 21:11

.

Pre-Run: 68,841,443,328 bytes free

Post-Run: 68,794,785,792 bytes free

.

- - End Of File - - 6FA8C435ADA6E83C8C7B08613B455910

dds log

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Powell at 17:30:55 on 2011-10-10

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.897 [GMT -4:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Windows\system32\atashost.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Toshiba\IVP\ISM\pinger.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

c:\Toshiba\IVP\swupdate\swupdtmr.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Defender Pro\Defender Pro 5-in-1\updatesrv.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Explorer.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Defender Pro\Defender Pro 5-in-1\downloader.exe

C:\Toshiba\IVP\ISM\ivpsvmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://att.my.yahoo.com/

mStart Page = about:blank

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [startCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Defender Pro Antiphishing Helper] "c:\program files\defender pro\defender pro 5-in-1\ieshow.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\powell\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.254

TCP: Interfaces\{1465216A-A6C4-4A28-8252-4D12070E89E2} : DhcpNameServer = 192.168.0.254

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\powell\appdata\roaming\mozilla\firefox\profiles\i45h6srx.default\

FF - prefs.js: network.proxy.type - 0

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-10-10 43912]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-7-14 21504]

R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\defender pro\defender pro 5-in-1\updatesrv.exe [2010-8-20 43424]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-8-22 7168]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]

R4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-10 22216]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1cc14e15248beb0;Google Update Service (gupdate1cc14e15248beb0);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 135664]

S3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-5-13 152528]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-28 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 135664]

S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2010-6-28 633424]

S4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2010-6-28 970320]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-10-10 21:19:18 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-10 21:12:14 -------- d-----w- c:\users\powell\appdata\local\temp

2011-10-10 21:10:36 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-10 21:07:09 -------- d-----w- c:\users\powell\appdata\local\{36F40C27-FE73-4661-9EB4-56AF4658C565}

2011-10-10 21:06:37 -------- d-----w- c:\users\powell\appdata\local\{443B602F-EE2D-4EFC-85C3-7EFE9EF2982C}

2011-10-10 19:48:28 43912 ----a-w- c:\windows\system32\atashost.exe

2011-10-10 19:25:35 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-10-10 19:21:11 98816 ----a-w- c:\windows\sed.exe

2011-10-10 19:21:11 518144 ----a-w- c:\windows\SWREG.exe

2011-10-10 19:21:11 256000 ----a-w- c:\windows\PEV.exe

2011-10-10 19:21:11 208896 ----a-w- c:\windows\MBR.exe

2011-10-10 19:21:00 -------- d-----w- C:\ComboFix

2011-10-10 19:15:23 -------- d-----w- c:\users\powell\appdata\local\{CFEA8100-1D9C-41B5-8E13-B76B5C380CA8}

2011-10-10 19:14:56 -------- d-----w- c:\users\powell\appdata\local\{93C04EC9-978B-4FE4-AA1D-8D577B8D28A8}

2011-10-10 18:33:46 15712 ----a-w- c:\program files\common files\windows live\.cache\250edd611cc877b02\MeshBetaRemover.exe

2011-10-10 18:26:22 -------- d-----w- c:\users\powell\appdata\local\{99345FAE-8DB6-4089-A44E-877A365EEFDE}

2011-10-10 18:25:30 -------- d-----w- c:\users\powell\appdata\local\{0C880A74-FCAA-4F4B-B5D3-3DB9EA36DD7C}

2011-10-10 18:17:38 -------- d-----w- c:\users\powell\appdata\local\{D9C695BC-231A-40EE-ACE7-DA4DCD18D6EA}

2011-10-10 18:16:17 -------- d-----w- c:\users\powell\appdata\local\{EADA0A6F-E8B8-4E3C-A66B-7B110F25F153}

2011-10-10 18:15:16 48016 --sha-w- c:\windows\system32\c_06192.nl_

2011-10-10 18:05:33 -------- d-----w- c:\users\powell\appdata\local\{201E4E18-3186-4825-8FC4-5B89C7AC3416}

2011-10-10 18:04:23 -------- d-----w- c:\users\powell\appdata\local\{193953D9-2494-4E8E-B3C8-76AC164CD45B}

2011-10-05 00:35:26 -------- d-----w- c:\users\powell\appdata\local\{635F0531-CC89-4EB3-8BDE-763B1773F10B}

2011-10-05 00:34:25 -------- d-----w- c:\users\powell\appdata\local\{BF91CE5B-3428-4229-AB4D-BD51B14027A5}

2011-10-04 23:18:30 -------- d-----w- c:\users\powell\appdata\local\{D86C01D9-AFAB-459F-8125-7EA9355CF6DE}

2011-10-04 23:18:08 -------- d-----w- c:\users\powell\appdata\local\{AFF56666-D8F9-4578-A26C-F052D2541A28}

2011-10-04 22:21:58 306104 ----a-w- c:\windows\system32\drivers\trufos.sys

2011-10-04 21:05:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 3

2011-10-04 21:00:27 -------- d-----w- c:\users\powell\appdata\local\{698E28B3-D0C3-4E90-A885-2C65A149B465}

2011-10-04 21:00:04 -------- d-----w- c:\users\powell\appdata\local\{B17589FE-72BE-45CF-BD9C-F0F247131A3C}

2011-10-04 02:04:44 -------- d-----w- c:\users\powell\appdata\local\{D9BDE238-9D7E-4CAE-94BC-CEDAC35E54A3}

2011-10-04 02:04:05 -------- d-----w- c:\users\powell\appdata\local\{939D128E-2760-482A-BDB7-3072092B6AF5}

2011-10-04 01:39:29 -------- d-----w- c:\users\powell\appdata\local\{667F0CB6-7948-4F2F-877B-2E21FBEFC10F}

2011-10-04 01:10:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-04 01:07:43 -------- d-----w- c:\users\powell\appdata\local\{4F302490-A7B9-4C0B-B55D-5B3DB283970B}

2011-10-04 01:07:18 -------- d-----w- c:\users\powell\appdata\local\{7D969951-D33E-4097-92EB-31AC244B4329}

2011-10-03 23:36:09 -------- d-----w- c:\users\powell\appdata\local\{9468274E-7ED7-4C94-B5A1-BC09B07283D4}

2011-10-03 23:35:45 -------- d-----w- c:\users\powell\appdata\local\{7068C449-E34C-4DCA-9F4D-2B1D3D1E57B9}

2011-10-03 23:25:11 -------- d-----w- c:\users\powell\appdata\local\{2668782C-A0FC-4E36-952F-706A1AE3D50B}

2011-10-03 22:42:16 -------- d-----w- c:\users\powell\appdata\local\{1E520682-4DE8-4A2E-B606-79EF787ADAAC}

2011-10-03 22:41:55 -------- d-----w- c:\users\powell\appdata\local\{635D86BA-E0F1-4BA0-A2F3-8AA35BC8F8CE}

2011-10-03 22:36:22 -------- d-----w- c:\users\powell\appdata\local\{257C54CE-AA53-48D7-B5A6-AC7A2969886D}

2011-10-03 22:35:54 -------- d-----w- c:\users\powell\appdata\local\{C7313355-3797-4364-A574-660EA738D8D9}

2011-10-03 22:11:30 -------- d-----w- c:\users\powell\appdata\local\{91D5E796-2CB1-4C6C-854A-648EC5CE02A4}

2011-10-03 22:11:00 -------- d-----w- c:\users\powell\appdata\local\{646C2CE0-1C9F-4FD9-B0F5-28C0574BA0AE}

2011-10-03 21:56:50 -------- d-----w- c:\users\powell\appdata\local\{6E9D3C7F-A9BA-42FB-9506-C8E5222A65B0}

2011-10-03 21:56:27 -------- d-----w- c:\users\powell\appdata\local\{40623046-B07D-4A7B-B8F9-39266110B9BF}

2011-10-03 14:07:21 -------- d-----w- c:\users\powell\appdata\local\{3505C470-DB7A-4AAF-A669-BF0E3558F5CE}

2011-10-03 14:06:58 -------- d-----w- c:\users\powell\appdata\local\{E505381A-7ECF-4DC0-BE95-F0D29ACCC70F}

2011-10-03 02:39:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-27 23:55:47 -------- d-----w- c:\users\powell\appdata\local\{EBF531AA-EB6E-4E9C-9DC1-D84B72A12E2E}

2011-09-27 23:55:31 -------- d-----w- c:\users\powell\appdata\local\{29113AB9-1CB5-495C-B4AB-73506E760C4E}

2011-09-26 00:50:58 -------- d-----w- c:\users\powell\appdata\local\{355089DE-E7AB-4DB8-B94B-8506B13EDE63}

2011-09-26 00:50:39 -------- d-----w- c:\users\powell\appdata\local\{A737BEB1-9DB6-4063-B33F-BCAEDE556FA7}

2011-09-20 20:57:07 -------- d-----w- c:\users\powell\appdata\local\{F32345BD-F05B-4216-BA41-CDC031F0B3AF}

2011-09-20 20:56:47 -------- d-----w- c:\users\powell\appdata\local\{EC9F32ED-58EF-411D-80A6-84BB3E60D99D}

2011-09-15 19:43:36 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

.

==================== Find3M ====================

.

2011-10-10 18:14:53 66560 ----a-w- c:\windows\system32\drivers\smb.sys

2011-10-04 22:22:37 503337 ----a-w- c:\programdata\bdinstall.bin

2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2010-07-08 14:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe

.

============= FINISH: 17:31:46.27 ===============

MBAM wouldn't run before I did the combo fix. But I tried it again later and here is that log.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7918

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

10/10/2011 5:41:31 PM

mbam-log-2011-10-10 (17-41-31).txt

Scan type: Quick scan

Objects scanned: 168516

Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Powell\downloads\totalrecipesearch.exe (Adware.FunWeb) -> Quarantined and deleted successfully.

Link to post
Share on other sites

I was unable to uninstall defender pro. I uninstalled it (or thought I did) when the virus was giving me a lot of trouble. Now I am unable to find it anywhere to uninstall. Here are the the logs though.

Combo Fix:

ComboFix 11-10-19.06 - Powell 10/19/2011 18:02:17.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.854 [GMT -4:00]

Running from: c:\users\Powell\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))

.

.

2011-10-19 22:15 . 2011-10-19 22:16 -------- d-----w- c:\users\Powell\AppData\Local\temp

2011-10-19 22:15 . 2011-10-19 22:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-10 21:19 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-10 19:48 . 2010-07-26 16:05 43912 ----a-w- c:\windows\system32\atashost.exe

2011-10-10 19:25 . 2009-04-11 01:39 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-10-10 18:33 . 2011-10-10 18:33 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\250edd611cc877b02\MeshBetaRemover.exe

2011-10-10 18:15 . 2011-10-10 18:15 48016 --sha-w- c:\windows\system32\c_06192.nl_

2011-10-04 22:21 . 2011-10-04 23:47 306104 ----a-w- c:\windows\system32\drivers\trufos.sys

2011-10-04 21:05 . 2011-10-04 22:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 3

2011-10-03 02:39 . 2011-10-03 02:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-10 18:14 . 2010-07-14 17:17 66560 ----a-w- c:\windows\system32\drivers\smb.sys

2011-10-04 22:22 . 2011-07-10 02:05 503337 ----a-w- c:\programdata\bdinstall.bin

2011-07-22 02:54 . 2011-08-12 17:25 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48 . 2011-08-12 17:25 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44 . 2011-08-12 17:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe

2011-09-30 22:14 . 2011-06-08 19:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-07-26 18:20 . 2010-07-26 18:38 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-26 39408]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-08-10 4702208]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-07 273544]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Defender Pro Antiphishing Helper"="c:\program files\Defender Pro\Defender Pro 5-in-1\ieshow.exe" [2011-07-10 80504]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\users\Powell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2679664129-4054042628-1753285185-1000]

"EnableNotificationsRef"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1cc14e15248beb0;Google Update Service (gupdate1cc14e15248beb0);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 135664]

R3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-05-13 152528]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 135664]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2010-06-28 633424]

R4 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2010-06-28 970320]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-07-26 43912]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\Defender Pro\Defender Pro 5-in-1\updatesrv.exe [2011-07-10 43424]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 60236537

*NewlyCreated* - 80125985

*Deregistered* - 60236537

*Deregistered* - 80125985

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 02:15]

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 02:15]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://att.my.yahoo.com/

mStart Page = about:blank

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.0.254

FF - ProfilePath - c:\users\Powell\AppData\Roaming\Mozilla\Firefox\Profiles\i45h6srx.default\

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-19 18:15

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Completion time: 2011-10-19 18:27:04

ComboFix-quarantined-files.txt 2011-10-19 22:26

ComboFix2.txt 2011-10-10 21:12

.

Pre-Run: 69,302,845,440 bytes free

Post-Run: 70,794,305,536 bytes free

.

- - End Of File - - A731C86AB6BE3DFFBD6A1AFA23AD4998

TDSSKiller:

17:51:46.0747 3160 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27

17:51:47.0215 3160 ============================================================

17:51:47.0215 3160 Current date / time: 2011/10/19 17:51:47.0215

17:51:47.0215 3160 SystemInfo:

17:51:47.0215 3160

17:51:47.0215 3160 OS Version: 6.0.6002 ServicePack: 2.0

17:51:47.0215 3160 Product type: Workstation

17:51:47.0215 3160 ComputerName: POWELL-PC

17:51:47.0215 3160 UserName: Powell

17:51:47.0215 3160 Windows directory: C:\Windows

17:51:47.0215 3160 System windows directory: C:\Windows

17:51:47.0215 3160 Processor architecture: Intel x86

17:51:47.0215 3160 Number of processors: 2

17:51:47.0215 3160 Page size: 0x1000

17:51:47.0215 3160 Boot type: Normal boot

17:51:47.0215 3160 ============================================================

17:51:48.0682 3160 Initialize success

17:52:33.0563 2144 ============================================================

17:52:33.0563 2144 Scan started

17:52:33.0563 2144 Mode: Manual;

17:52:33.0563 2144 ============================================================

17:52:35.0981 2144 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

17:52:35.0981 2144 ACPI - ok

17:52:36.0074 2144 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

17:52:36.0074 2144 adp94xx - ok

17:52:36.0293 2144 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

17:52:36.0293 2144 adpahci - ok

17:52:36.0340 2144 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

17:52:36.0340 2144 adpu160m - ok

17:52:36.0371 2144 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

17:52:36.0371 2144 adpu320 - ok

17:52:36.0714 2144 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

17:52:36.0730 2144 AFD - ok

17:52:37.0010 2144 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys

17:52:37.0026 2144 AgereSoftModem - ok

17:52:37.0166 2144 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

17:52:37.0166 2144 agp440 - ok

17:52:37.0276 2144 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

17:52:37.0276 2144 aic78xx - ok

17:52:37.0354 2144 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

17:52:37.0354 2144 aliide - ok

17:52:37.0510 2144 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

17:52:37.0510 2144 amdagp - ok

17:52:37.0603 2144 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

17:52:37.0603 2144 amdide - ok

17:52:37.0822 2144 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

17:52:37.0822 2144 AmdK7 - ok

17:52:37.0868 2144 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

17:52:37.0868 2144 AmdK8 - ok

17:52:38.0040 2144 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

17:52:38.0040 2144 arc - ok

17:52:38.0102 2144 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

17:52:38.0102 2144 arcsas - ok

17:52:38.0165 2144 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

17:52:38.0165 2144 AsyncMac - ok

17:52:38.0258 2144 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

17:52:38.0258 2144 atapi - ok

17:52:38.0664 2144 atikmdag (22d300f835600c9c634860cf2912f9cf) C:\Windows\system32\DRIVERS\atikmdag.sys

17:52:38.0695 2144 atikmdag - ok

17:52:38.0898 2144 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys

17:52:38.0898 2144 AtiPcie - ok

17:52:39.0101 2144 avc3 (c6cf76384dfc739b0be55abb79ad4dc0) C:\Windows\system32\DRIVERS\avc3.sys

17:52:39.0101 2144 avc3 - ok

17:52:39.0210 2144 avckf (b758a219e95c085405b1e356a8267610) C:\Windows\system32\DRIVERS\avckf.sys

17:52:39.0226 2144 avckf - ok

17:52:39.0460 2144 BDFM (8d4efc5c378bffe34c298c92f37d3b14) C:\Windows\system32\DRIVERS\bdfm.sys

17:52:39.0460 2144 BDFM - ok

17:52:39.0787 2144 bdfsfltr (4c44d82e372a87b3cb439a7f14cfef03) C:\Windows\system32\DRIVERS\bdfsfltr.sys

17:52:39.0787 2144 bdfsfltr - ok

17:52:40.0052 2144 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

17:52:40.0068 2144 Beep - ok

17:52:40.0193 2144 blbdrive - ok

17:52:40.0318 2144 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

17:52:40.0333 2144 bowser - ok

17:52:40.0489 2144 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

17:52:40.0489 2144 BrFiltLo - ok

17:52:40.0552 2144 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

17:52:40.0552 2144 BrFiltUp - ok

17:52:40.0614 2144 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

17:52:40.0614 2144 Brserid - ok

17:52:40.0676 2144 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

17:52:40.0676 2144 BrSerWdm - ok

17:52:40.0770 2144 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

17:52:40.0770 2144 BrUsbMdm - ok

17:52:40.0848 2144 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

17:52:40.0848 2144 BrUsbSer - ok

17:52:41.0004 2144 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

17:52:41.0004 2144 BTHMODEM - ok

17:52:41.0300 2144 catchme - ok

17:52:41.0612 2144 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

17:52:41.0612 2144 cdfs - ok

17:52:42.0346 2144 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

17:52:42.0346 2144 cdrom - ok

17:52:42.0548 2144 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

17:52:42.0548 2144 circlass - ok

17:52:42.0626 2144 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

17:52:42.0642 2144 CLFS - ok

17:52:42.0798 2144 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

17:52:42.0798 2144 CmBatt - ok

17:52:42.0876 2144 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

17:52:42.0876 2144 cmdide - ok

17:52:43.0032 2144 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

17:52:43.0032 2144 Compbatt - ok

17:52:43.0094 2144 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

17:52:43.0094 2144 crcdisk - ok

17:52:43.0391 2144 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

17:52:43.0391 2144 Crusoe - ok

17:52:43.0796 2144 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

17:52:43.0796 2144 DfsC - ok

17:52:44.0093 2144 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

17:52:44.0093 2144 disk - ok

17:52:44.0218 2144 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

17:52:44.0218 2144 drmkaud - ok

17:52:44.0561 2144 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

17:52:44.0561 2144 DXGKrnl - ok

17:52:44.0623 2144 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

17:52:44.0623 2144 E1G60 - ok

17:52:44.0701 2144 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

17:52:44.0717 2144 Ecache - ok

17:52:44.0779 2144 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

17:52:44.0779 2144 elxstor - ok

17:52:44.0888 2144 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

17:52:44.0888 2144 exfat - ok

17:52:44.0982 2144 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

17:52:44.0982 2144 fastfat - ok

17:52:45.0247 2144 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

17:52:45.0247 2144 fdc - ok

17:52:45.0434 2144 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

17:52:45.0450 2144 FileInfo - ok

17:52:45.0481 2144 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

17:52:45.0481 2144 Filetrace - ok

17:52:45.0512 2144 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

17:52:45.0512 2144 flpydisk - ok

17:52:45.0528 2144 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

17:52:45.0528 2144 FltMgr - ok

17:52:45.0622 2144 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

17:52:45.0622 2144 fssfltr - ok

17:52:45.0700 2144 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

17:52:45.0700 2144 Fs_Rec - ok

17:52:45.0715 2144 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys

17:52:45.0715 2144 FwLnk - ok

17:52:45.0762 2144 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

17:52:45.0762 2144 gagp30kx - ok

17:52:45.0949 2144 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

17:52:45.0949 2144 HdAudAddService - ok

17:52:46.0199 2144 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:52:46.0214 2144 HDAudBus - ok

17:52:46.0339 2144 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

17:52:46.0355 2144 HidBth - ok

17:52:46.0433 2144 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\DRIVERS\hidir.sys

17:52:46.0433 2144 HidIr - ok

17:52:46.0526 2144 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys

17:52:46.0526 2144 HidUsb - ok

17:52:46.0604 2144 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

17:52:46.0620 2144 HpCISSs - ok

17:52:46.0698 2144 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

17:52:46.0698 2144 HTTP - ok

17:52:46.0776 2144 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

17:52:46.0776 2144 i2omp - ok

17:52:46.0948 2144 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

17:52:46.0948 2144 i8042prt - ok

17:52:47.0104 2144 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

17:52:47.0119 2144 iaStorV - ok

17:52:47.0260 2144 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

17:52:47.0260 2144 iirsp - ok

17:52:47.0634 2144 IntcAzAudAddService (97cac2a7e92ffcb30c15101ab002ed30) C:\Windows\system32\drivers\RTKVHDA.sys

17:52:47.0650 2144 IntcAzAudAddService - ok

17:52:47.0915 2144 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

17:52:47.0915 2144 intelide - ok

17:52:48.0055 2144 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

17:52:48.0055 2144 intelppm - ok

17:52:48.0242 2144 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:52:48.0242 2144 IpFilterDriver - ok

17:52:48.0305 2144 IpInIp - ok

17:52:48.0383 2144 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

17:52:48.0383 2144 IPMIDRV - ok

17:52:48.0695 2144 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

17:52:48.0695 2144 IPNAT - ok

17:52:48.0960 2144 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

17:52:48.0960 2144 IRENUM - ok

17:52:49.0100 2144 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

17:52:49.0100 2144 isapnp - ok

17:52:49.0272 2144 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

17:52:49.0272 2144 iScsiPrt - ok

17:52:49.0350 2144 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

17:52:49.0350 2144 iteatapi - ok

17:52:49.0475 2144 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

17:52:49.0475 2144 iteraid - ok

17:52:49.0537 2144 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

17:52:49.0537 2144 kbdclass - ok

17:52:49.0662 2144 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys

17:52:49.0662 2144 kbdhid - ok

17:52:49.0787 2144 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys

17:52:49.0787 2144 KR10I - ok

17:52:49.0912 2144 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys

17:52:49.0912 2144 KR10N - ok

17:52:50.0177 2144 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys

17:52:50.0177 2144 KR3NPXP - ok

17:52:50.0333 2144 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

17:52:50.0333 2144 KSecDD - ok

17:52:50.0426 2144 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

17:52:50.0442 2144 lltdio - ok

17:52:50.0489 2144 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

17:52:50.0489 2144 LSI_FC - ok

17:52:50.0598 2144 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

17:52:50.0614 2144 LSI_SAS - ok

17:52:50.0738 2144 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

17:52:50.0738 2144 LSI_SCSI - ok

17:52:50.0863 2144 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

17:52:50.0863 2144 luafv - ok

17:52:51.0035 2144 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys

17:52:51.0035 2144 MBAMProtector - ok

17:52:51.0128 2144 MBAMSwissArmy - ok

17:52:51.0316 2144 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

17:52:51.0316 2144 megasas - ok

17:52:51.0425 2144 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

17:52:51.0425 2144 Modem - ok

17:52:51.0550 2144 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

17:52:51.0550 2144 monitor - ok

17:52:51.0643 2144 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

17:52:51.0643 2144 mouclass - ok

17:52:51.0768 2144 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys

17:52:51.0768 2144 mouhid - ok

17:52:51.0862 2144 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

17:52:51.0862 2144 MountMgr - ok

17:52:52.0018 2144 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

17:52:52.0033 2144 mpio - ok

17:52:52.0096 2144 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

17:52:52.0111 2144 mpsdrv - ok

17:52:52.0158 2144 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

17:52:52.0158 2144 Mraid35x - ok

17:52:52.0220 2144 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

17:52:52.0220 2144 MRxDAV - ok

17:52:52.0314 2144 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:52:52.0314 2144 mrxsmb - ok

17:52:52.0408 2144 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:52:52.0408 2144 mrxsmb10 - ok

17:52:52.0470 2144 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:52:52.0470 2144 mrxsmb20 - ok

17:52:52.0579 2144 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

17:52:52.0579 2144 msahci - ok

17:52:52.0688 2144 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

17:52:52.0688 2144 msdsm - ok

17:52:52.0829 2144 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

17:52:52.0829 2144 Msfs - ok

17:52:52.0969 2144 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

17:52:52.0969 2144 msisadrv - ok

17:52:53.0094 2144 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

17:52:53.0094 2144 MSKSSRV - ok

17:52:53.0266 2144 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

17:52:53.0266 2144 MSPCLOCK - ok

17:52:53.0390 2144 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

17:52:53.0390 2144 MSPQM - ok

17:52:53.0515 2144 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

17:52:53.0515 2144 MsRPC - ok

17:52:53.0609 2144 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

17:52:53.0609 2144 mssmbios - ok

17:52:53.0734 2144 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

17:52:53.0734 2144 MSTEE - ok

17:52:53.0812 2144 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

17:52:53.0812 2144 Mup - ok

17:52:54.0046 2144 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

17:52:54.0046 2144 NativeWifiP - ok

17:52:54.0420 2144 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

17:52:54.0420 2144 NDIS - ok

17:52:54.0545 2144 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

17:52:54.0545 2144 NdisTapi - ok

17:52:54.0592 2144 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

17:52:54.0592 2144 Ndisuio - ok

17:52:54.0701 2144 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

17:52:54.0701 2144 NdisWan - ok

17:52:54.0763 2144 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

17:52:54.0763 2144 NDProxy - ok

17:52:54.0888 2144 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

17:52:54.0888 2144 NetBIOS - ok

17:52:54.0966 2144 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

17:52:54.0966 2144 netbt - ok

17:52:55.0106 2144 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

17:52:55.0106 2144 nfrd960 - ok

17:52:55.0169 2144 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

17:52:55.0169 2144 Npfs - ok

17:52:55.0262 2144 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

17:52:55.0262 2144 nsiproxy - ok

17:52:55.0450 2144 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

17:52:55.0465 2144 Ntfs - ok

17:52:55.0528 2144 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

17:52:55.0528 2144 ntrigdigi - ok

17:52:55.0590 2144 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

17:52:55.0590 2144 Null - ok

17:52:55.0668 2144 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

17:52:55.0684 2144 nvraid - ok

17:52:55.0808 2144 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

17:52:55.0808 2144 nvstor - ok

17:52:55.0886 2144 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

17:52:55.0886 2144 nv_agp - ok

17:52:55.0964 2144 NwlnkFlt - ok

17:52:56.0027 2144 NwlnkFwd - ok

17:52:56.0167 2144 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

17:52:56.0167 2144 ohci1394 - ok

17:52:56.0354 2144 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

17:52:56.0354 2144 Parport - ok

17:52:56.0495 2144 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

17:52:56.0495 2144 partmgr - ok

17:52:56.0588 2144 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

17:52:56.0588 2144 Parvdm - ok

17:52:56.0682 2144 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

17:52:56.0682 2144 pci - ok

17:52:56.0807 2144 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

17:52:56.0822 2144 pciide - ok

17:52:56.0900 2144 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

17:52:56.0900 2144 pcmcia - ok

17:52:57.0025 2144 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

17:52:57.0041 2144 PEAUTH - ok

17:52:57.0244 2144 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

17:52:57.0259 2144 PptpMiniport - ok

17:52:57.0368 2144 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

17:52:57.0368 2144 Processor - ok

17:52:57.0540 2144 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

17:52:57.0540 2144 PSched - ok

17:52:57.0821 2144 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

17:52:57.0836 2144 ql2300 - ok

17:52:58.0086 2144 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

17:52:58.0086 2144 ql40xx - ok

17:52:58.0195 2144 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

17:52:58.0195 2144 QWAVEdrv - ok

17:52:58.0336 2144 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

17:52:58.0336 2144 RasAcd - ok

17:52:58.0492 2144 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:52:58.0492 2144 Rasl2tp - ok

17:52:58.0694 2144 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

17:52:58.0694 2144 RasPppoe - ok

17:52:58.0819 2144 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

17:52:58.0819 2144 RasSstp - ok

17:52:58.0960 2144 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

17:52:58.0975 2144 rdbss - ok

17:52:59.0162 2144 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:52:59.0162 2144 RDPCDD - ok

17:52:59.0350 2144 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

17:52:59.0350 2144 rdpdr - ok

17:52:59.0833 2144 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

17:52:59.0833 2144 RDPENCDD - ok

17:53:00.0036 2144 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

17:53:00.0036 2144 RDPWD - ok

17:53:00.0161 2144 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys

17:53:00.0161 2144 rimmptsk - ok

17:53:00.0301 2144 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys

17:53:00.0301 2144 rimsptsk - ok

17:53:00.0348 2144 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys

17:53:00.0348 2144 rismxdp - ok

17:53:00.0442 2144 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

17:53:00.0442 2144 rspndr - ok

17:53:00.0582 2144 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys

17:53:00.0582 2144 RTL8169 - ok

17:53:00.0707 2144 RTL8187B (7fe5089eb5f624899de08c30db4377fc) C:\Windows\system32\DRIVERS\RTL8187B.sys

17:53:00.0707 2144 RTL8187B - ok

17:53:00.0832 2144 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

17:53:00.0832 2144 sbp2port - ok

17:53:00.0941 2144 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

17:53:00.0956 2144 sdbus - ok

17:53:01.0034 2144 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

17:53:01.0034 2144 secdrv - ok

17:53:01.0112 2144 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

17:53:01.0112 2144 Serenum - ok

17:53:01.0190 2144 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

17:53:01.0190 2144 Serial - ok

17:53:01.0284 2144 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

17:53:01.0284 2144 sermouse - ok

17:53:01.0518 2144 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

17:53:01.0518 2144 sffdisk - ok

17:53:01.0658 2144 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

17:53:01.0658 2144 sffp_mmc - ok

17:53:01.0783 2144 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

17:53:01.0783 2144 sffp_sd - ok

17:53:01.0846 2144 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

17:53:01.0861 2144 sfloppy - ok

17:53:02.0002 2144 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

17:53:02.0002 2144 sisagp - ok

17:53:02.0095 2144 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

17:53:02.0095 2144 SiSRaid2 - ok

17:53:02.0267 2144 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

17:53:02.0267 2144 SiSRaid4 - ok

17:53:02.0360 2144 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

17:53:02.0360 2144 Smb - ok

17:53:02.0470 2144 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

17:53:02.0470 2144 spldr - ok

17:53:02.0610 2144 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

17:53:02.0610 2144 srv - ok

17:53:02.0688 2144 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

17:53:02.0688 2144 srv2 - ok

17:53:02.0766 2144 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

17:53:02.0766 2144 srvnet - ok

17:53:02.0938 2144 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

17:53:02.0938 2144 swenum - ok

17:53:03.0062 2144 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

17:53:03.0062 2144 Symc8xx - ok

17:53:03.0156 2144 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

17:53:03.0156 2144 Sym_hi - ok

17:53:03.0234 2144 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

17:53:03.0234 2144 Sym_u3 - ok

17:53:03.0312 2144 SynTP (11f730bf0d0aa4fe7de7138a32a52422) C:\Windows\system32\DRIVERS\SynTP.sys

17:53:03.0312 2144 SynTP - ok

17:53:03.0499 2144 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys

17:53:03.0515 2144 Tcpip - ok

17:53:03.0608 2144 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys

17:53:03.0624 2144 Tcpip6 - ok

17:53:03.0718 2144 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

17:53:03.0718 2144 tcpipreg - ok

17:53:03.0827 2144 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys

17:53:03.0827 2144 tdcmdpst - ok

17:53:03.0905 2144 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

17:53:03.0905 2144 TDPIPE - ok

17:53:03.0983 2144 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

17:53:03.0983 2144 TDTCP - ok

17:53:04.0061 2144 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

17:53:04.0076 2144 tdx - ok

17:53:04.0154 2144 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

17:53:04.0170 2144 TermDD - ok

17:53:04.0357 2144 Tosrfcom - ok

17:53:04.0466 2144 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys

17:53:04.0482 2144 tosrfec - ok

17:53:04.0654 2144 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys

17:53:04.0685 2144 tos_sps32 - ok

17:53:05.0278 2144 Trufos (6d4bc090afc77f3fd3cbc32817096a01) C:\Windows\system32\DRIVERS\Trufos.sys

17:53:05.0418 2144 Trufos - ok

17:53:05.0683 2144 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:53:05.0714 2144 tssecsrv - ok

17:53:05.0824 2144 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

17:53:05.0824 2144 tunmp - ok

17:53:05.0948 2144 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

17:53:05.0948 2144 tunnel - ok

17:53:06.0151 2144 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

17:53:06.0167 2144 TVALZ - ok

17:53:06.0229 2144 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

17:53:06.0245 2144 uagp35 - ok

17:53:06.0370 2144 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

17:53:06.0401 2144 udfs - ok

17:53:06.0479 2144 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

17:53:06.0494 2144 uliagpkx - ok

17:53:06.0588 2144 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

17:53:06.0588 2144 uliahci - ok

17:53:06.0650 2144 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

17:53:06.0682 2144 UlSata - ok

17:53:06.0791 2144 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

17:53:06.0822 2144 ulsata2 - ok

17:53:06.0916 2144 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

17:53:06.0931 2144 umbus - ok

17:53:07.0134 2144 usbccgp (0adb101083dfa5039b1e65fb36551ab1) C:\Windows\system32\DRIVERS\usbccgp.sys

17:53:07.0150 2144 usbccgp - ok

17:53:07.0243 2144 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

17:53:07.0243 2144 usbcir - ok

17:53:07.0321 2144 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

17:53:07.0321 2144 usbehci - ok

17:53:07.0430 2144 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

17:53:07.0462 2144 usbhub - ok

17:53:07.0524 2144 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

17:53:07.0540 2144 usbohci - ok

17:53:07.0649 2144 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

17:53:07.0664 2144 usbprint - ok

17:53:07.0758 2144 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:53:07.0774 2144 USBSTOR - ok

17:53:07.0914 2144 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

17:53:07.0914 2144 usbuhci - ok

17:53:07.0992 2144 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys

17:53:08.0023 2144 usbvideo - ok

17:53:08.0164 2144 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

17:53:08.0179 2144 vga - ok

17:53:08.0242 2144 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

17:53:08.0242 2144 VgaSave - ok

17:53:08.0335 2144 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

17:53:08.0351 2144 viaagp - ok

17:53:08.0444 2144 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

17:53:08.0460 2144 ViaC7 - ok

17:53:08.0507 2144 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

17:53:08.0522 2144 viaide - ok

17:53:08.0585 2144 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

17:53:08.0600 2144 volmgr - ok

17:53:08.0663 2144 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

17:53:08.0694 2144 volmgrx - ok

17:53:08.0788 2144 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

17:53:08.0803 2144 volsnap - ok

17:53:08.0912 2144 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

17:53:08.0928 2144 vsmraid - ok

17:53:09.0068 2144 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

17:53:09.0084 2144 WacomPen - ok

17:53:09.0193 2144 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

17:53:09.0193 2144 Wanarp - ok

17:53:09.0271 2144 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

17:53:09.0271 2144 Wanarpv6 - ok

17:53:09.0521 2144 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

17:53:09.0536 2144 Wd - ok

17:53:09.0677 2144 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

17:53:09.0755 2144 Wdf01000 - ok

17:53:09.0942 2144 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys

17:53:09.0973 2144 winbondcir - ok

17:53:10.0223 2144 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

17:53:10.0238 2144 WmiAcpi - ok

17:53:10.0504 2144 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

17:53:10.0504 2144 ws2ifsl - ok

17:53:10.0987 2144 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:53:11.0034 2144 WUDFRd - ok

17:53:11.0096 2144 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

17:53:11.0128 2144 \Device\Harddisk0\DR0 - ok

17:53:11.0143 2144 Boot (0x1200) (b236898dee8bffa614a2fd41d39d7203) \Device\Harddisk0\DR0\Partition0

17:53:11.0143 2144 \Device\Harddisk0\DR0\Partition0 - ok

17:53:11.0143 2144 ============================================================

17:53:11.0143 2144 Scan finished

17:53:11.0143 2144 ============================================================

17:53:11.0174 3416 Detected object count: 0

17:53:11.0174 3416 Actual detected object count: 0

17:53:21.0283 3756 Deinitialize success

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

Thank you so much for your help!

Eset log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=b9b53d283fff584882929373a5cf406a

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-10-23 05:01:51

# local_time=2011-10-23 01:01:51 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776574 100 100 39333288 155993017 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=144107

# found=21

# cleaned=20

# scan_time=3822

C:\Qoobox\Quarantine\C\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Toshiba\ConfigFree\CFSvcs.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\14EIPlug.dll.vir a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Toshiba\IVP\ISM\pinger.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Toshiba\IVP\swupdate\swupdtmr.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\system32\agrsmsvc.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\system32\atashost.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\system32\Ati2evxx.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\system32\TODDSrv.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\system32\Drivers\cdrom.sys.vir a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\system32\Drivers\cdrom.sys.vir_ a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Toshiba\IVP\ISM\Ivpsvmgr.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I

C:\Users\Powell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\136065a0-3a8e4da4 Win32/TrojanDownloader.Karagany.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Powell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\136065a0-680b5af3 Win32/TrojanDownloader.Karagany.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Powell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\136065a0-6b6030b9 Win32/TrojanDownloader.Karagany.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Powell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\99b3e71-69c09edf a variant of Win32/Kryptik.TPJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\c_06192.nl_ a variant of Win32/Sirefef.CR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Security Check:

Results of screen317's Security Check version 0.99.24

Windows Vista Service Pack 2 x86 (UAC is disabled!)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 2

Out of date Java installed!

Adobe Flash Player ( 10.2.152.32) Flash Player Out of Date!

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Defender Pro Defender Pro 5-in-1 updatesrv.exe

``````````End of Log````````````

I am able to search through google without ad sites popping up so that is better. Should I try to run Defender Pro and see if it lets my run the antivirus stuff?

Thanks again!

Link to post
Share on other sites

  • Staff

Defender Pro sounds like a rogue antivirus program. I would not install it again.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Java™ 6 Update 2

Adobe Flash Player ( 10.2.152.32)

Restart your computer.

Get the latest version of Java and Adobe Flash Player.

All of the following are excellent free antiviruses. Be sure to only install one.

Microsoft Security Essentials (what I use)

AntiVir

avast!.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

Ok, I followed your directions and will let you know how things go.

Defender pro is antivirus software that I purchased from Target. :( I hope it's not a rogue antivirus program, but I didn't reinstall it....cause I don't know if it's any good after all of this. The customer support directed me here and then refused to help me any more. Nice.

Thank you, Thank you, Thank you for your help. I've never come across a virus so intense before. I'll let you know if I encounter any issues.

Link to post
Share on other sites

  • Staff

Definitely sounds like a rogue.

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.