Jump to content

Recommended Posts

I have downloaded MBAM installer on the infected computer. I'm able to install it and start a scan, however, it terminates before finishing (or finding any infections). Therefore I'm not able to abort the scan and fix the initial infections found (as directed in the FAQ).

Help is very much appreciated.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

-screen317

Link to post
Share on other sites

Included are two TDSSkiller log files and DDS.txt. i had downloaded and run TDSSKiller during intial troubleshooting. i downloading and executed again per your instructions.

thank you for your help!

21:38:08.0468 1644 TDSS rootkit removing tool 2.6.5.0 Oct 5 2011 20:52:46

21:38:09.0234 1644 ============================================================

21:38:09.0234 1644 Current date / time: 2011/10/06 21:38:09.0234

21:38:09.0234 1644 SystemInfo:

21:38:09.0234 1644

21:38:09.0234 1644 OS Version: 5.1.2600 ServicePack: 3.0

21:38:09.0234 1644 Product type: Workstation

21:38:09.0234 1644 ComputerName: GAINESONE

21:38:09.0250 1644 UserName: Brian

21:38:09.0250 1644 Windows directory: C:\WINDOWS

21:38:09.0250 1644 System windows directory: C:\WINDOWS

21:38:09.0250 1644 Processor architecture: Intel x86

21:38:09.0250 1644 Number of processors: 2

21:38:09.0250 1644 Page size: 0x1000

21:38:09.0250 1644 Boot type: Safe boot with network

21:38:09.0250 1644 ============================================================

21:38:09.0812 1644 Initialize success

21:38:26.0078 1232 ============================================================

21:38:26.0078 1232 Scan started

21:38:26.0078 1232 Mode: Manual;

21:38:26.0078 1232 ============================================================

21:38:28.0890 1232 8c8eec5b (e60e335fcf195eb261b523a91b25bc34) C:\WINDOWS\1542229644:1936790436.exe

21:38:31.0312 1232 Suspicious file (Hidden): C:\WINDOWS\1542229644:1936790436.exe. md5: e60e335fcf195eb261b523a91b25bc34

21:38:31.0312 1232 8c8eec5b ( HiddenFile.Multi.Generic ) - warning

21:38:31.0312 1232 8c8eec5b - detected HiddenFile.Multi.Generic (1)

21:38:31.0375 1232 Abiosdsk - ok

21:38:31.0375 1232 abp480n5 - ok

21:38:31.0421 1232 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

21:38:31.0437 1232 ACPI - ok

21:38:31.0531 1232 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

21:38:31.0531 1232 ACPIEC - ok

21:38:31.0625 1232 adpu160m - ok

21:38:31.0687 1232 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

21:38:31.0687 1232 aec - ok

21:38:31.0750 1232 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

21:38:31.0750 1232 AegisP - ok

21:38:31.0796 1232 AFD (c79561b60d5104ac996898c2257bfdfd) C:\WINDOWS\System32\drivers\afd.sys

21:38:31.0796 1232 AFD - ok

21:38:31.0843 1232 Aha154x - ok

21:38:31.0859 1232 aic78u2 - ok

21:38:32.0687 1232 aic78xx - ok

21:38:32.0703 1232 AliIde - ok

21:38:32.0750 1232 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

21:38:32.0765 1232 AmdK8 - ok

21:38:32.0781 1232 amsint - ok

21:38:32.0796 1232 asc - ok

21:38:32.0812 1232 asc3350p - ok

21:38:32.0812 1232 asc3550 - ok

21:38:32.0921 1232 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

21:38:32.0921 1232 AsyncMac - ok

21:38:32.0968 1232 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

21:38:32.0968 1232 atapi - ok

21:38:32.0984 1232 Atdisk - ok

21:38:33.0812 1232 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

21:38:33.0812 1232 Atmarpc - ok

21:38:33.0843 1232 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

21:38:33.0843 1232 audstub - ok

21:38:33.0890 1232 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

21:38:33.0890 1232 bcm4sbxp - ok

21:38:33.0906 1232 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

21:38:33.0906 1232 Beep - ok

21:38:34.0000 1232 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

21:38:34.0000 1232 cbidf2k - ok

21:38:34.0046 1232 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

21:38:34.0046 1232 CCDECODE - ok

21:38:34.0468 1232 cd20xrnt - ok

21:38:34.0875 1232 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

21:38:34.0875 1232 Cdaudio - ok

21:38:34.0921 1232 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

21:38:34.0921 1232 Cdfs - ok

21:38:34.0921 1232 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

21:38:34.0921 1232 Cdrom - ok

21:38:34.0968 1232 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

21:38:34.0968 1232 cercsr6 - ok

21:38:34.0984 1232 cfwids (142e4e00ad91600a2d20692ed52fafc8) C:\WINDOWS\system32\drivers\cfwids.sys

21:38:35.0000 1232 cfwids - ok

21:38:35.0000 1232 Changer - ok

21:38:35.0046 1232 CmdIde - ok

21:38:35.0062 1232 Cpqarray - ok

21:38:35.0109 1232 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys

21:38:35.0109 1232 ctxusbm - ok

21:38:35.0125 1232 dac2w2k - ok

21:38:35.0140 1232 dac960nt - ok

21:38:35.0171 1232 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

21:38:35.0171 1232 Disk - ok

21:38:35.0234 1232 DLABOIOM (d8d58a84f3ece3359df95fd2e459b330) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

21:38:35.0234 1232 DLABOIOM - ok

21:38:35.0265 1232 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

21:38:35.0265 1232 DLACDBHM - ok

21:38:35.0281 1232 DLADResN (27c78078bd9c4f2de2ad3eb04bfe101b) C:\WINDOWS\system32\DLA\DLADResN.SYS

21:38:35.0281 1232 DLADResN - ok

21:38:35.0312 1232 DLAIFS_M (7f2d93e560b763ef5d11422d78da8ed0) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

21:38:35.0312 1232 DLAIFS_M - ok

21:38:35.0328 1232 DLAOPIOM (f643637de6aac57e38d197aa63d9ea74) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

21:38:35.0328 1232 DLAOPIOM - ok

21:38:35.0343 1232 DLAPoolM (340705474807f57a46d59d18fc2959f1) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

21:38:35.0343 1232 DLAPoolM - ok

21:38:35.0375 1232 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

21:38:35.0375 1232 DLARTL_N - ok

21:38:35.0406 1232 DLAUDFAM (6984ea763907c045ce813468882bc587) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

21:38:35.0406 1232 DLAUDFAM - ok

21:38:35.0437 1232 DLAUDF_M (12b30c449cfd36adbed53eb6560933c6) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

21:38:35.0437 1232 DLAUDF_M - ok

21:38:35.0515 1232 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

21:38:35.0562 1232 dmboot - ok

21:38:35.0671 1232 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

21:38:35.0671 1232 dmio - ok

21:38:35.0750 1232 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

21:38:35.0750 1232 dmload - ok

21:38:35.0781 1232 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

21:38:35.0781 1232 DMusic - ok

21:38:35.0796 1232 dpti2o - ok

21:38:35.0812 1232 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

21:38:35.0812 1232 drmkaud - ok

21:38:35.0843 1232 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

21:38:35.0843 1232 DRVMCDB - ok

21:38:35.0890 1232 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

21:38:35.0890 1232 DRVNDDM - ok

21:38:35.0984 1232 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys

21:38:35.0984 1232 elagopro - ok

21:38:36.0000 1232 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys

21:38:36.0000 1232 elaunidr - ok

21:38:36.0046 1232 Eplpdx02 (bf8bad1fac5c0c73ae97859a3eb428bc) C:\WINDOWS\system32\Drivers\EPLPDX02.SYS

21:38:36.0046 1232 Eplpdx02 - ok

21:38:36.0078 1232 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

21:38:36.0093 1232 Fastfat - ok

21:38:36.0125 1232 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

21:38:36.0125 1232 Fdc - ok

21:38:36.0140 1232 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

21:38:36.0140 1232 Fips - ok

21:38:36.0203 1232 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

21:38:36.0203 1232 Flpydisk - ok

21:38:36.0265 1232 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

21:38:36.0265 1232 FltMgr - ok

21:38:36.0281 1232 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

21:38:36.0281 1232 Fs_Rec - ok

21:38:36.0296 1232 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

21:38:36.0312 1232 Ftdisk - ok

21:38:36.0343 1232 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

21:38:36.0343 1232 GEARAspiWDM - ok

21:38:36.0359 1232 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

21:38:36.0359 1232 Gpc - ok

21:38:36.0406 1232 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS

21:38:36.0406 1232 GTNDIS5 - ok

21:38:36.0421 1232 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

21:38:36.0437 1232 HDAudBus - ok

21:38:36.0453 1232 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

21:38:36.0453 1232 hidusb - ok

21:38:36.0468 1232 hpn - ok

21:38:36.0546 1232 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

21:38:36.0546 1232 HPZid412 - ok

21:38:36.0640 1232 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

21:38:36.0640 1232 HPZipr12 - ok

21:38:36.0671 1232 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

21:38:36.0687 1232 HPZius12 - ok

21:38:36.0765 1232 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

21:38:36.0796 1232 HTTP - ok

21:38:36.0812 1232 i2omgmt - ok

21:38:36.0828 1232 i2omp - ok

21:38:36.0890 1232 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

21:38:36.0890 1232 i8042prt - ok

21:38:36.0921 1232 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

21:38:36.0921 1232 Imapi - ok

21:38:36.0937 1232 ini910u - ok

21:38:36.0953 1232 IntelIde - ok

21:38:37.0000 1232 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

21:38:37.0000 1232 Ip6Fw - ok

21:38:37.0062 1232 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

21:38:37.0062 1232 IpFilterDriver - ok

21:38:37.0109 1232 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

21:38:37.0109 1232 IpInIp - ok

21:38:37.0156 1232 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

21:38:37.0156 1232 IpNat - ok

21:38:37.0234 1232 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) C:\WINDOWS\system32\drivers\iPodDrv.sys

21:38:37.0265 1232 iPodDrv - ok

21:38:37.0328 1232 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

21:38:37.0328 1232 IPSec - ok

21:38:37.0359 1232 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

21:38:37.0359 1232 IRENUM - ok

21:38:37.0390 1232 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

21:38:37.0390 1232 isapnp - ok

21:38:37.0421 1232 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

21:38:37.0421 1232 Kbdclass - ok

21:38:37.0484 1232 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

21:38:37.0484 1232 kbdhid - ok

21:38:37.0531 1232 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

21:38:37.0531 1232 kmixer - ok

21:38:37.0562 1232 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

21:38:37.0562 1232 KSecDD - ok

21:38:37.0578 1232 lbrtfdc - ok

21:38:37.0671 1232 mfeapfk (c373a719d704d12f5a4503f6f10239ff) C:\WINDOWS\system32\drivers\mfeapfk.sys

21:38:37.0671 1232 mfeapfk - ok

21:38:37.0703 1232 mfeavfk (851ad52871b62457152a8acaff0c632d) C:\WINDOWS\system32\drivers\mfeavfk.sys

21:38:37.0703 1232 mfeavfk - ok

21:38:37.0734 1232 mfebopk (5b9ffb027669a8ac30aac0b4996bc603) C:\WINDOWS\system32\drivers\mfebopk.sys

21:38:37.0734 1232 mfebopk - ok

21:38:37.0781 1232 mfefirek (2cabe72e53365834cb9969dde47bd690) C:\WINDOWS\system32\drivers\mfefirek.sys

21:38:37.0796 1232 mfefirek - ok

21:38:37.0828 1232 mfehidk (46db8f041e928bdc17b8daba249a2148) C:\WINDOWS\system32\drivers\mfehidk.sys

21:38:37.0843 1232 mfehidk - ok

21:38:37.0921 1232 mfendisk (348e3db31cf458adaa3798fb8af659c3) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

21:38:37.0921 1232 mfendisk - ok

21:38:37.0937 1232 mfendiskmp (348e3db31cf458adaa3798fb8af659c3) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

21:38:37.0937 1232 mfendiskmp - ok

21:38:37.0984 1232 mferkdet (316fd7c31cd57ca793fb10912aeeb2d2) C:\WINDOWS\system32\drivers\mferkdet.sys

21:38:37.0984 1232 mferkdet - ok

21:38:38.0093 1232 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys

21:38:38.0093 1232 mferkdk - ok

21:38:38.0171 1232 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys

21:38:38.0171 1232 mfesmfk - ok

21:38:38.0218 1232 mfetdi2k (2026fe7c9e6b26ffeb08cd89c6326b91) C:\WINDOWS\system32\drivers\mfetdi2k.sys

21:38:38.0218 1232 mfetdi2k - ok

21:38:38.0296 1232 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

21:38:38.0312 1232 mnmdd - ok

21:38:38.0359 1232 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

21:38:38.0359 1232 Modem - ok

21:38:38.0390 1232 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

21:38:38.0390 1232 Mouclass - ok

21:38:38.0406 1232 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

21:38:38.0406 1232 mouhid - ok

21:38:38.0453 1232 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

21:38:38.0453 1232 MountMgr - ok

21:38:38.0484 1232 MpKsl39dd0895 - ok

21:38:38.0500 1232 mraid35x - ok

21:38:38.0546 1232 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

21:38:38.0546 1232 MRxDAV - ok

21:38:38.0656 1232 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

21:38:38.0671 1232 MRxSmb - ok

21:38:38.0703 1232 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

21:38:38.0703 1232 Msfs - ok

21:38:38.0781 1232 MSHUSBVideo (01446556c149bba152e2ff79e296889f) C:\WINDOWS\system32\Drivers\nx6000.sys

21:38:38.0796 1232 MSHUSBVideo - ok

21:38:38.0859 1232 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

21:38:38.0859 1232 MSKSSRV - ok

21:38:38.0937 1232 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

21:38:38.0937 1232 MSPCLOCK - ok

21:38:39.0000 1232 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

21:38:39.0000 1232 MSPQM - ok

21:38:39.0031 1232 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

21:38:39.0031 1232 mssmbios - ok

21:38:39.0125 1232 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

21:38:39.0125 1232 MSTEE - ok

21:38:39.0156 1232 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

21:38:39.0156 1232 Mup - ok

21:38:39.0203 1232 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

21:38:39.0203 1232 NABTSFEC - ok

21:38:39.0312 1232 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

21:38:39.0312 1232 NDIS - ok

21:38:39.0437 1232 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

21:38:39.0437 1232 NdisIP - ok

21:38:39.0484 1232 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

21:38:39.0484 1232 NdisTapi - ok

21:38:39.0515 1232 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

21:38:39.0515 1232 Ndisuio - ok

21:38:39.0562 1232 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

21:38:39.0562 1232 NdisWan - ok

21:38:39.0625 1232 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

21:38:39.0625 1232 NDProxy - ok

21:38:39.0671 1232 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

21:38:39.0671 1232 NetBIOS - ok

21:38:39.0687 1232 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

21:38:39.0687 1232 NetBT - ok

21:38:39.0718 1232 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

21:38:39.0734 1232 Npfs - ok

21:38:39.0765 1232 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

21:38:39.0781 1232 Ntfs - ok

21:38:39.0812 1232 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

21:38:39.0812 1232 NuidFltr - ok

21:38:39.0828 1232 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

21:38:39.0828 1232 Null - ok

21:38:39.0953 1232 nv (449220e13e94b64ebfdc788e97ec9222) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

21:38:40.0046 1232 nv - ok

21:38:40.0078 1232 nvata (6b37162e91a7005baa753cb611acea2d) C:\WINDOWS\system32\DRIVERS\NVATA.SYS

21:38:40.0078 1232 nvata - ok

21:38:40.0156 1232 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

21:38:40.0156 1232 NwlnkFlt - ok

21:38:40.0171 1232 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

21:38:40.0171 1232 NwlnkFwd - ok

21:38:40.0218 1232 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS

21:38:40.0218 1232 OMCI - ok

21:38:40.0281 1232 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

21:38:40.0281 1232 Parport - ok

21:38:40.0296 1232 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

21:38:40.0296 1232 PartMgr - ok

21:38:40.0328 1232 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

21:38:40.0328 1232 ParVdm - ok

21:38:40.0343 1232 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

21:38:40.0343 1232 PCI - ok

21:38:40.0359 1232 PCIDump - ok

21:38:40.0453 1232 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

21:38:40.0453 1232 PCIIde - ok

21:38:40.0531 1232 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

21:38:40.0531 1232 Pcmcia - ok

21:38:40.0546 1232 PDCOMP - ok

21:38:40.0562 1232 PDFRAME - ok

21:38:40.0578 1232 PDRELI - ok

21:38:40.0578 1232 PDRFRAME - ok

21:38:40.0593 1232 perc2 - ok

21:38:40.0609 1232 perc2hib - ok

21:38:40.0671 1232 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

21:38:40.0671 1232 PptpMiniport - ok

21:38:40.0687 1232 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

21:38:40.0687 1232 Processor - ok

21:38:40.0718 1232 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

21:38:40.0718 1232 PSched - ok

21:38:40.0750 1232 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

21:38:40.0750 1232 Ptilink - ok

21:38:40.0781 1232 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

21:38:40.0781 1232 PxHelp20 - ok

21:38:40.0796 1232 ql1080 - ok

21:38:40.0812 1232 Ql10wnt - ok

21:38:40.0828 1232 ql12160 - ok

21:38:40.0828 1232 ql1240 - ok

21:38:40.0843 1232 ql1280 - ok

21:38:40.0890 1232 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

21:38:40.0890 1232 RasAcd - ok

21:38:40.0906 1232 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

21:38:40.0906 1232 Rasl2tp - ok

21:38:40.0921 1232 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

21:38:40.0921 1232 RasPppoe - ok

21:38:40.0937 1232 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

21:38:40.0937 1232 Raspti - ok

21:38:40.0984 1232 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

21:38:40.0984 1232 Rdbss - ok

21:38:41.0781 1232 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

21:38:41.0781 1232 RDPCDD - ok

21:38:41.0843 1232 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

21:38:41.0859 1232 RDPWD - ok

21:38:41.0906 1232 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

21:38:41.0906 1232 redbook - ok

21:38:42.0812 1232 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys

21:38:42.0828 1232 RT61 - ok

21:38:42.0906 1232 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

21:38:42.0906 1232 Secdrv - ok

21:38:42.0968 1232 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

21:38:42.0968 1232 Serial - ok

21:38:43.0031 1232 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

21:38:43.0031 1232 Sfloppy - ok

21:38:43.0062 1232 Simbad - ok

21:38:43.0093 1232 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

21:38:43.0093 1232 SLIP - ok

21:38:43.0109 1232 Sparrow - ok

21:38:43.0140 1232 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

21:38:43.0140 1232 splitter - ok

21:38:44.0078 1232 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

21:38:44.0078 1232 sr - ok

21:38:44.0125 1232 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

21:38:44.0125 1232 Srv - ok

21:38:45.0031 1232 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys

21:38:45.0046 1232 STHDA - ok

21:38:45.0906 1232 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

21:38:45.0921 1232 streamip - ok

21:38:45.0937 1232 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

21:38:45.0953 1232 swenum - ok

21:38:46.0046 1232 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

21:38:46.0062 1232 swmidi - ok

21:38:46.0859 1232 symc810 - ok

21:38:46.0859 1232 symc8xx - ok

21:38:46.0875 1232 sym_hi - ok

21:38:46.0906 1232 sym_u3 - ok

21:38:46.0953 1232 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

21:38:46.0968 1232 sysaudio - ok

21:38:47.0015 1232 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

21:38:47.0031 1232 Tcpip - ok

21:38:47.0062 1232 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

21:38:47.0062 1232 TDPIPE - ok

21:38:47.0078 1232 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

21:38:47.0078 1232 TDTCP - ok

21:38:47.0125 1232 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

21:38:47.0125 1232 TermDD - ok

21:38:47.0140 1232 TosIde - ok

21:38:48.0000 1232 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

21:38:48.0000 1232 Udfs - ok

21:38:48.0015 1232 ultra - ok

21:38:48.0062 1232 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

21:38:48.0062 1232 Update - ok

21:38:48.0109 1232 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

21:38:48.0109 1232 USBAAPL - ok

21:38:48.0156 1232 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

21:38:48.0156 1232 usbaudio - ok

21:38:48.0187 1232 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

21:38:48.0187 1232 usbccgp - ok

21:38:48.0203 1232 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

21:38:48.0203 1232 usbehci - ok

21:38:48.0250 1232 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

21:38:48.0250 1232 usbhub - ok

21:38:48.0281 1232 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

21:38:48.0281 1232 usbohci - ok

21:38:48.0312 1232 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

21:38:48.0312 1232 usbprint - ok

21:38:48.0781 1232 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

21:38:48.0796 1232 usbscan - ok

21:38:49.0203 1232 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:38:49.0203 1232 USBSTOR - ok

21:38:49.0234 1232 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

21:38:49.0250 1232 usbvideo - ok

21:38:49.0265 1232 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

21:38:49.0265 1232 VgaSave - ok

21:38:49.0281 1232 ViaIde - ok

21:38:49.0312 1232 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

21:38:49.0312 1232 VolSnap - ok

21:38:49.0328 1232 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

21:38:49.0343 1232 Wanarp - ok

21:38:49.0390 1232 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

21:38:49.0406 1232 Wdf01000 - ok

21:38:49.0421 1232 WDICA - ok

21:38:49.0453 1232 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

21:38:49.0453 1232 wdmaud - ok

21:38:49.0609 1232 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

21:38:49.0609 1232 WSTCODEC - ok

21:38:49.0656 1232 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

21:38:49.0703 1232 WudfPf - ok

21:38:49.0750 1232 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

21:38:49.0750 1232 WudfRd - ok

21:38:49.0812 1232 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

21:38:49.0875 1232 \Device\Harddisk0\DR0 - ok

21:38:49.0875 1232 Boot (0x1200) (21de1fb90b102c3c4307d18e18725c54) \Device\Harddisk0\DR0\Partition0

21:38:49.0875 1232 \Device\Harddisk0\DR0\Partition0 - ok

21:38:49.0875 1232 ============================================================

21:38:49.0875 1232 Scan finished

21:38:49.0875 1232 ============================================================

21:38:49.0890 0608 Detected object count: 1

21:38:49.0890 0608 Actual detected object count: 1

21:40:07.0796 0608 8c8eec5b ( HiddenFile.Multi.Generic ) - skipped by user

21:40:07.0796 0608 8c8eec5b ( HiddenFile.Multi.Generic ) - User select action: Skip

21:41:00.0078 1524 ============================================================

21:41:00.0078 1524 Scan started

21:41:00.0078 1524 Mode: Manual;

21:41:00.0078 1524 ============================================================

21:41:00.0281 1524 8c8eec5b (e60e335fcf195eb261b523a91b25bc34) C:\WINDOWS\1542229644:1936790436.exe

21:41:00.0281 1524 Suspicious file (Hidden): C:\WINDOWS\1542229644:1936790436.exe. md5: e60e335fcf195eb261b523a91b25bc34

21:41:00.0281 1524 8c8eec5b ( HiddenFile.Multi.Generic ) - warning

21:41:00.0281 1524 8c8eec5b - detected HiddenFile.Multi.Generic (1)

21:41:00.0328 1524 Abiosdsk - ok

21:41:00.0343 1524 abp480n5 - ok

21:41:00.0390 1524 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

21:41:00.0390 1524 ACPI - ok

21:41:00.0437 1524 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

21:41:00.0437 1524 ACPIEC - ok

21:41:00.0453 1524 adpu160m - ok

21:41:00.0500 1524 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

21:41:00.0500 1524 aec - ok

21:41:00.0531 1524 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

21:41:00.0531 1524 AegisP - ok

21:41:00.0578 1524 AFD (c79561b60d5104ac996898c2257bfdfd) C:\WINDOWS\System32\drivers\afd.sys

21:41:00.0578 1524 AFD - ok

21:41:00.0593 1524 Aha154x - ok

21:41:00.0609 1524 aic78u2 - ok

21:41:00.0640 1524 aic78xx - ok

21:41:00.0671 1524 AliIde - ok

21:41:00.0703 1524 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

21:41:00.0703 1524 AmdK8 - ok

21:41:00.0734 1524 amsint - ok

21:41:00.0765 1524 asc - ok

21:41:00.0796 1524 asc3350p - ok

21:41:00.0812 1524 asc3550 - ok

21:41:00.0890 1524 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

21:41:00.0890 1524 AsyncMac - ok

21:41:00.0921 1524 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

21:41:00.0921 1524 atapi - ok

21:41:00.0937 1524 Atdisk - ok

21:41:00.0968 1524 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

21:41:00.0968 1524 Atmarpc - ok

21:41:01.0000 1524 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

21:41:01.0000 1524 audstub - ok

21:41:01.0046 1524 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

21:41:01.0046 1524 bcm4sbxp - ok

21:41:01.0062 1524 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

21:41:01.0062 1524 Beep - ok

21:41:01.0125 1524 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

21:41:01.0125 1524 cbidf2k - ok

21:41:01.0156 1524 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

21:41:01.0156 1524 CCDECODE - ok

21:41:01.0171 1524 cd20xrnt - ok

21:41:01.0203 1524 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

21:41:01.0203 1524 Cdaudio - ok

21:41:01.0218 1524 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

21:41:01.0218 1524 Cdfs - ok

21:41:01.0250 1524 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

21:41:01.0250 1524 Cdrom - ok

21:41:01.0281 1524 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

21:41:01.0281 1524 cercsr6 - ok

21:41:01.0312 1524 cfwids (142e4e00ad91600a2d20692ed52fafc8) C:\WINDOWS\system32\drivers\cfwids.sys

21:41:01.0312 1524 cfwids - ok

21:41:01.0328 1524 Changer - ok

21:41:01.0375 1524 CmdIde - ok

21:41:01.0437 1524 Cpqarray - ok

21:41:01.0500 1524 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys

21:41:01.0500 1524 ctxusbm - ok

21:41:01.0500 1524 dac2w2k - ok

21:41:01.0531 1524 dac960nt - ok

21:41:01.0562 1524 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

21:41:01.0578 1524 Disk - ok

21:41:01.0640 1524 DLABOIOM (d8d58a84f3ece3359df95fd2e459b330) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

21:41:01.0640 1524 DLABOIOM - ok

21:41:01.0656 1524 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

21:41:01.0656 1524 DLACDBHM - ok

21:41:01.0687 1524 DLADResN (27c78078bd9c4f2de2ad3eb04bfe101b) C:\WINDOWS\system32\DLA\DLADResN.SYS

21:41:01.0687 1524 DLADResN - ok

21:41:01.0718 1524 DLAIFS_M (7f2d93e560b763ef5d11422d78da8ed0) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

21:41:01.0718 1524 DLAIFS_M - ok

21:41:01.0734 1524 DLAOPIOM (f643637de6aac57e38d197aa63d9ea74) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

21:41:01.0734 1524 DLAOPIOM - ok

21:41:01.0765 1524 DLAPoolM (340705474807f57a46d59d18fc2959f1) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

21:41:01.0765 1524 DLAPoolM - ok

21:41:01.0781 1524 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

21:41:01.0781 1524 DLARTL_N - ok

21:41:01.0812 1524 DLAUDFAM (6984ea763907c045ce813468882bc587) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

21:41:01.0828 1524 DLAUDFAM - ok

21:41:01.0843 1524 DLAUDF_M (12b30c449cfd36adbed53eb6560933c6) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

21:41:01.0843 1524 DLAUDF_M - ok

21:41:01.0921 1524 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

21:41:01.0921 1524 dmboot - ok

21:41:01.0968 1524 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

21:41:01.0968 1524 dmio - ok

21:41:02.0000 1524 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

21:41:02.0000 1524 dmload - ok

21:41:02.0031 1524 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

21:41:02.0031 1524 DMusic - ok

21:41:02.0062 1524 dpti2o - ok

21:41:02.0093 1524 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

21:41:02.0109 1524 drmkaud - ok

21:41:02.0140 1524 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

21:41:02.0140 1524 DRVMCDB - ok

21:41:02.0171 1524 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

21:41:02.0171 1524 DRVNDDM - ok

21:41:02.0218 1524 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys

21:41:02.0218 1524 elagopro - ok

21:41:02.0234 1524 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys

21:41:02.0250 1524 elaunidr - ok

21:41:02.0281 1524 Eplpdx02 (bf8bad1fac5c0c73ae97859a3eb428bc) C:\WINDOWS\system32\Drivers\EPLPDX02.SYS

21:41:02.0281 1524 Eplpdx02 - ok

21:41:02.0343 1524 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

21:41:02.0343 1524 Fastfat - ok

21:41:02.0390 1524 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

21:41:02.0390 1524 Fdc - ok

21:41:02.0390 1524 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

21:41:02.0390 1524 Fips - ok

21:41:02.0437 1524 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

21:41:02.0437 1524 Flpydisk - ok

21:41:02.0468 1524 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

21:41:02.0484 1524 FltMgr - ok

21:41:02.0515 1524 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

21:41:02.0515 1524 Fs_Rec - ok

21:41:02.0546 1524 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

21:41:02.0546 1524 Ftdisk - ok

21:41:02.0578 1524 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

21:41:02.0578 1524 GEARAspiWDM - ok

21:41:02.0593 1524 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

21:41:02.0593 1524 Gpc - ok

21:41:02.0625 1524 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS

21:41:02.0625 1524 GTNDIS5 - ok

21:41:02.0671 1524 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

21:41:02.0671 1524 HDAudBus - ok

21:41:02.0703 1524 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

21:41:02.0703 1524 hidusb - ok

21:41:02.0734 1524 hpn - ok

21:41:02.0796 1524 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

21:41:02.0796 1524 HPZid412 - ok

21:41:02.0843 1524 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

21:41:02.0843 1524 HPZipr12 - ok

21:41:02.0875 1524 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

21:41:02.0875 1524 HPZius12 - ok

21:41:02.0906 1524 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

21:41:02.0921 1524 HTTP - ok

21:41:02.0937 1524 i2omgmt - ok

21:41:02.0953 1524 i2omp - ok

21:41:02.0984 1524 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

21:41:02.0984 1524 i8042prt - ok

21:41:03.0015 1524 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

21:41:03.0015 1524 Imapi - ok

21:41:03.0062 1524 ini910u - ok

21:41:03.0093 1524 IntelIde - ok

21:41:03.0140 1524 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

21:41:03.0140 1524 Ip6Fw - ok

21:41:03.0203 1524 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

21:41:03.0203 1524 IpFilterDriver - ok

21:41:03.0234 1524 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

21:41:03.0234 1524 IpInIp - ok

21:41:03.0265 1524 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

21:41:03.0265 1524 IpNat - ok

21:41:03.0343 1524 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) C:\WINDOWS\system32\drivers\iPodDrv.sys

21:41:03.0343 1524 iPodDrv - ok

21:41:03.0359 1524 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

21:41:03.0359 1524 IPSec - ok

21:41:03.0406 1524 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

21:41:03.0406 1524 IRENUM - ok

21:41:03.0437 1524 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

21:41:03.0437 1524 isapnp - ok

21:41:03.0468 1524 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

21:41:03.0468 1524 Kbdclass - ok

21:41:03.0484 1524 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

21:41:03.0484 1524 kbdhid - ok

21:41:03.0515 1524 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

21:41:03.0515 1524 kmixer - ok

21:41:03.0546 1524 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

21:41:03.0546 1524 KSecDD - ok

21:41:03.0593 1524 lbrtfdc - ok

21:41:03.0765 1524 mfeapfk (c373a719d704d12f5a4503f6f10239ff) C:\WINDOWS\system32\drivers\mfeapfk.sys

21:41:03.0765 1524 mfeapfk - ok

21:41:03.0796 1524 mfeavfk (851ad52871b62457152a8acaff0c632d) C:\WINDOWS\system32\drivers\mfeavfk.sys

21:41:03.0796 1524 mfeavfk - ok

21:41:03.0812 1524 mfebopk (5b9ffb027669a8ac30aac0b4996bc603) C:\WINDOWS\system32\drivers\mfebopk.sys

21:41:03.0812 1524 mfebopk - ok

21:41:03.0859 1524 mfefirek (2cabe72e53365834cb9969dde47bd690) C:\WINDOWS\system32\drivers\mfefirek.sys

21:41:03.0859 1524 mfefirek - ok

21:41:03.0875 1524 mfehidk (46db8f041e928bdc17b8daba249a2148) C:\WINDOWS\system32\drivers\mfehidk.sys

21:41:03.0890 1524 mfehidk - ok

21:41:03.0906 1524 mfendisk (348e3db31cf458adaa3798fb8af659c3) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

21:41:03.0906 1524 mfendisk - ok

21:41:03.0921 1524 mfendiskmp (348e3db31cf458adaa3798fb8af659c3) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

21:41:03.0921 1524 mfendiskmp - ok

21:41:03.0953 1524 mferkdet (316fd7c31cd57ca793fb10912aeeb2d2) C:\WINDOWS\system32\drivers\mferkdet.sys

21:41:03.0953 1524 mferkdet - ok

21:41:04.0000 1524 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys

21:41:04.0000 1524 mferkdk - ok

21:41:04.0062 1524 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys

21:41:04.0062 1524 mfesmfk - ok

21:41:04.0109 1524 mfetdi2k (2026fe7c9e6b26ffeb08cd89c6326b91) C:\WINDOWS\system32\drivers\mfetdi2k.sys

21:41:04.0109 1524 mfetdi2k - ok

21:41:04.0140 1524 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

21:41:04.0140 1524 mnmdd - ok

21:41:04.0187 1524 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

21:41:04.0187 1524 Modem - ok

21:41:04.0203 1524 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

21:41:04.0203 1524 Mouclass - ok

21:41:04.0234 1524 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

21:41:04.0234 1524 mouhid - ok

21:41:04.0265 1524 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

21:41:04.0265 1524 MountMgr - ok

21:41:04.0296 1524 MpKsl39dd0895 - ok

21:41:04.0312 1524 mraid35x - ok

21:41:04.0343 1524 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

21:41:04.0343 1524 MRxDAV - ok

21:41:04.0390 1524 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

21:41:04.0406 1524 MRxSmb - ok

21:41:04.0437 1524 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

21:41:04.0437 1524 Msfs - ok

21:41:04.0468 1524 MSHUSBVideo (01446556c149bba152e2ff79e296889f) C:\WINDOWS\system32\Drivers\nx6000.sys

21:41:04.0468 1524 MSHUSBVideo - ok

21:41:04.0515 1524 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

21:41:04.0515 1524 MSKSSRV - ok

21:41:04.0531 1524 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

21:41:04.0531 1524 MSPCLOCK - ok

21:41:04.0562 1524 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

21:41:04.0562 1524 MSPQM - ok

21:41:04.0593 1524 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

21:41:04.0593 1524 mssmbios - ok

21:41:04.0625 1524 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

21:41:04.0625 1524 MSTEE - ok

21:41:04.0671 1524 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

21:41:04.0671 1524 Mup - ok

21:41:04.0703 1524 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

21:41:04.0703 1524 NABTSFEC - ok

21:41:04.0734 1524 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

21:41:04.0734 1524 NDIS - ok

21:41:04.0781 1524 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

21:41:04.0781 1524 NdisIP - ok

21:41:04.0796 1524 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

21:41:04.0796 1524 NdisTapi - ok

21:41:04.0828 1524 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

21:41:04.0828 1524 Ndisuio - ok

21:41:04.0843 1524 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

21:41:04.0843 1524 NdisWan - ok

21:41:04.0890 1524 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

21:41:04.0890 1524 NDProxy - ok

21:41:04.0921 1524 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

21:41:04.0921 1524 NetBIOS - ok

21:41:04.0937 1524 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

21:41:04.0937 1524 NetBT - ok

21:41:05.0015 1524 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

21:41:05.0015 1524 Npfs - ok

21:41:05.0062 1524 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

21:41:05.0062 1524 Ntfs - ok

21:41:05.0109 1524 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

21:41:05.0109 1524 NuidFltr - ok

21:41:05.0140 1524 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

21:41:05.0140 1524 Null - ok

21:41:05.0250 1524 nv (449220e13e94b64ebfdc788e97ec9222) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

21:41:05.0281 1524 nv - ok

21:41:05.0328 1524 nvata (6b37162e91a7005baa753cb611acea2d) C:\WINDOWS\system32\DRIVERS\NVATA.SYS

21:41:05.0328 1524 nvata - ok

21:41:05.0359 1524 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

21:41:05.0359 1524 NwlnkFlt - ok

21:41:05.0375 1524 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

21:41:05.0375 1524 NwlnkFwd - ok

21:41:05.0421 1524 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS

21:41:05.0421 1524 OMCI - ok

21:41:05.0484 1524 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

21:41:05.0484 1524 Parport - ok

21:41:05.0500 1524 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

21:41:05.0500 1524 PartMgr - ok

21:41:05.0531 1524 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

21:41:05.0531 1524 ParVdm - ok

21:41:05.0546 1524 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

21:41:05.0546 1524 PCI - ok

21:41:05.0562 1524 PCIDump - ok

21:41:05.0593 1524 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

21:41:05.0593 1524 PCIIde - ok

21:41:05.0625 1524 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

21:41:05.0625 1524 Pcmcia - ok

21:41:05.0640 1524 PDCOMP - ok

21:41:05.0656 1524 PDFRAME - ok

21:41:05.0687 1524 PDRELI - ok

21:41:05.0703 1524 PDRFRAME - ok

21:41:05.0718 1524 perc2 - ok

21:41:05.0750 1524 perc2hib - ok

21:41:05.0843 1524 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

21:41:05.0843 1524 PptpMiniport - ok

21:41:05.0875 1524 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

21:41:05.0875 1524 Processor - ok

21:41:05.0890 1524 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

21:41:05.0906 1524 PSched - ok

21:41:05.0921 1524 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

21:41:05.0921 1524 Ptilink - ok

21:41:05.0968 1524 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

21:41:05.0968 1524 PxHelp20 - ok

21:41:05.0984 1524 ql1080 - ok

21:41:06.0000 1524 Ql10wnt - ok

21:41:06.0031 1524 ql12160 - ok

21:41:06.0046 1524 ql1240 - ok

21:41:06.0062 1524 ql1280 - ok

21:41:06.0109 1524 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

21:41:06.0109 1524 RasAcd - ok

21:41:06.0125 1524 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

21:41:06.0140 1524 Rasl2tp - ok

21:41:06.0156 1524 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

21:41:06.0156 1524 RasPppoe - ok

21:41:06.0187 1524 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

21:41:06.0187 1524 Raspti - ok

21:41:06.0218 1524 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

21:41:06.0218 1524 Rdbss - ok

21:41:06.0234 1524 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

21:41:06.0234 1524 RDPCDD - ok

21:41:06.0296 1524 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

21:41:06.0296 1524 RDPWD - ok

21:41:06.0328 1524 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

21:41:06.0328 1524 redbook - ok

21:41:06.0421 1524 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys

21:41:06.0421 1524 RT61 - ok

21:41:06.0500 1524 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

21:41:06.0500 1524 Secdrv - ok

21:41:06.0562 1524 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

21:41:06.0562 1524 Serial - ok

21:41:06.0625 1524 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

21:41:06.0625 1524 Sfloppy - ok

21:41:06.0656 1524 Simbad - ok

21:41:06.0703 1524 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

21:41:06.0703 1524 SLIP - ok

21:41:06.0718 1524 Sparrow - ok

21:41:06.0765 1524 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

21:41:06.0765 1524 splitter - ok

21:41:06.0828 1524 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

21:41:06.0828 1524 sr - ok

21:41:06.0875 1524 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

21:41:06.0875 1524 Srv - ok

21:41:06.0968 1524 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys

21:41:06.0968 1524 STHDA - ok

21:41:07.0015 1524 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

21:41:07.0015 1524 streamip - ok

21:41:07.0031 1524 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

21:41:07.0031 1524 swenum - ok

21:41:07.0078 1524 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

21:41:07.0078 1524 swmidi - ok

21:41:07.0109 1524 symc810 - ok

21:41:07.0125 1524 symc8xx - ok

21:41:07.0156 1524 sym_hi - ok

21:41:07.0171 1524 sym_u3 - ok

21:41:07.0203 1524 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

21:41:07.0203 1524 sysaudio - ok

21:41:07.0265 1524 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

21:41:07.0265 1524 Tcpip - ok

21:41:07.0296 1524 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

21:41:07.0296 1524 TDPIPE - ok

21:41:07.0312 1524 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

21:41:07.0312 1524 TDTCP - ok

21:41:07.0343 1524 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

21:41:07.0343 1524 TermDD - ok

21:41:07.0375 1524 TosIde - ok

21:41:07.0421 1524 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

21:41:07.0421 1524 Udfs - ok

21:41:07.0437 1524 ultra - ok

21:41:07.0484 1524 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

21:41:07.0500 1524 Update - ok

21:41:07.0546 1524 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

21:41:07.0546 1524 USBAAPL - ok

21:41:07.0593 1524 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

21:41:07.0593 1524 usbaudio - ok

21:41:07.0609 1524 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

21:41:07.0609 1524 usbccgp - ok

21:41:07.0625 1524 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

21:41:07.0625 1524 usbehci - ok

21:41:07.0671 1524 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

21:41:07.0671 1524 usbhub - ok

21:41:07.0671 1524 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

21:41:07.0671 1524 usbohci - ok

21:41:07.0703 1524 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

21:41:07.0703 1524 usbprint - ok

21:41:07.0734 1524 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

21:41:07.0734 1524 usbscan - ok

21:41:07.0765 1524 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:41:07.0765 1524 USBSTOR - ok

21:41:07.0812 1524 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

21:41:07.0812 1524 usbvideo - ok

21:41:07.0828 1524 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

21:41:07.0843 1524 VgaSave - ok

21:41:07.0843 1524 ViaIde - ok

21:41:07.0875 1524 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

21:41:07.0875 1524 VolSnap - ok

21:41:07.0921 1524 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

21:41:07.0921 1524 Wanarp - ok

21:41:07.0984 1524 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

21:41:07.0984 1524 Wdf01000 - ok

21:41:08.0000 1524 WDICA - ok

21:41:08.0031 1524 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

21:41:08.0031 1524 wdmaud - ok

21:41:08.0218 1524 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

21:41:08.0218 1524 WSTCODEC - ok

21:41:08.0265 1524 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

21:41:08.0265 1524 WudfPf - ok

21:41:08.0312 1524 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

21:41:08.0312 1524 WudfRd - ok

21:41:08.0421 1524 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

21:41:08.0468 1524 \Device\Harddisk0\DR0 - ok

21:41:08.0484 1524 Boot (0x1200) (21de1fb90b102c3c4307d18e18725c54) \Device\Harddisk0\DR0\Partition0

21:41:08.0484 1524 \Device\Harddisk0\DR0\Partition0 - ok

21:41:08.0500 1524 ============================================================

21:41:08.0500 1524 Scan finished

21:41:08.0500 1524 ============================================================

21:41:08.0531 1716 Detected object count: 1

21:41:08.0531 1716 Actual detected object count: 1

21:41:14.0656 1716 8c8eec5b ( HiddenFile.Multi.Generic ) - skipped by user

21:41:14.0656 1716 8c8eec5b ( HiddenFile.Multi.Generic ) - User select action: Skip

21:41:19.0296 1668 Deinitialize success

Link to post
Share on other sites

TDSSKiller and DDS.txt logs from today per instructions

tdsskiller log

**********************************

10:53:48.0218 0996 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06

10:53:49.0578 0996 ============================================================

10:53:49.0578 0996 Current date / time: 2011/10/10 10:53:49.0578

10:53:49.0578 0996 SystemInfo:

10:53:49.0578 0996

10:53:49.0578 0996 OS Version: 5.1.2600 ServicePack: 3.0

10:53:49.0578 0996 Product type: Workstation

10:53:49.0578 0996 ComputerName: GAINESONE

10:53:49.0578 0996 UserName: Brian

10:53:49.0578 0996 Windows directory: C:\WINDOWS

10:53:49.0578 0996 System windows directory: C:\WINDOWS

10:53:49.0578 0996 Processor architecture: Intel x86

10:53:49.0578 0996 Number of processors: 2

10:53:49.0578 0996 Page size: 0x1000

10:53:49.0578 0996 Boot type: Safe boot with network

10:53:49.0578 0996 ============================================================

10:53:49.0984 0996 Initialize success

10:54:12.0000 1508 ============================================================

10:54:12.0000 1508 Scan started

10:54:12.0000 1508 Mode: Manual;

10:54:12.0000 1508 ============================================================

10:54:12.0218 1508 8c8eec5b (e60e335fcf195eb261b523a91b25bc34) C:\WINDOWS\1542229644:1936790436.exe

10:54:12.0359 1508 Suspicious file (Hidden): C:\WINDOWS\1542229644:1936790436.exe. md5: e60e335fcf195eb261b523a91b25bc34

10:54:12.0359 1508 8c8eec5b ( HiddenFile.Multi.Generic ) - warning

10:54:12.0359 1508 8c8eec5b - detected HiddenFile.Multi.Generic (1)

10:54:12.0406 1508 Abiosdsk - ok

10:54:12.0421 1508 abp480n5 - ok

10:54:12.0468 1508 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

10:54:12.0468 1508 ACPI - ok

10:54:12.0500 1508 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

10:54:12.0500 1508 ACPIEC - ok

10:54:12.0546 1508 adpu160m - ok

10:54:12.0609 1508 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

10:54:12.0609 1508 aec - ok

10:54:12.0656 1508 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

10:54:12.0656 1508 AegisP - ok

10:54:12.0687 1508 AFD (c79561b60d5104ac996898c2257bfdfd) C:\WINDOWS\System32\drivers\afd.sys

10:54:12.0687 1508 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: c79561b60d5104ac996898c2257bfdfd, Fake md5: 355556d9e580915118cd7ef736653a89

10:54:12.0687 1508 AFD ( ForgedFile.Multi.Generic ) - warning

10:54:12.0687 1508 AFD - detected ForgedFile.Multi.Generic (1)

10:54:12.0703 1508 Aha154x - ok

10:54:12.0718 1508 aic78u2 - ok

10:54:12.0750 1508 aic78xx - ok

10:54:12.0781 1508 AliIde - ok

10:54:12.0812 1508 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

10:54:12.0812 1508 AmdK8 - ok

10:54:12.0843 1508 amsint - ok

10:54:12.0875 1508 asc - ok

10:54:12.0906 1508 asc3350p - ok

10:54:12.0921 1508 asc3550 - ok

10:54:13.0046 1508 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

10:54:13.0062 1508 AsyncMac - ok

10:54:13.0093 1508 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

10:54:13.0093 1508 atapi - ok

10:54:13.0109 1508 Atdisk - ok

10:54:13.0187 1508 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

10:54:13.0187 1508 Atmarpc - ok

10:54:13.0265 1508 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

10:54:13.0265 1508 audstub - ok

10:54:13.0375 1508 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

10:54:13.0375 1508 bcm4sbxp - ok

10:54:13.0390 1508 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

10:54:13.0390 1508 Beep - ok

10:54:13.0500 1508 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

10:54:13.0500 1508 cbidf2k - ok

10:54:13.0531 1508 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

10:54:13.0531 1508 CCDECODE - ok

10:54:13.0531 1508 cd20xrnt - ok

10:54:13.0578 1508 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

10:54:13.0578 1508 Cdaudio - ok

10:54:13.0609 1508 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

10:54:13.0609 1508 Cdfs - ok

10:54:13.0625 1508 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

10:54:13.0625 1508 Cdrom - ok

10:54:13.0671 1508 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

10:54:13.0671 1508 cercsr6 - ok

10:54:13.0687 1508 cfwids (142e4e00ad91600a2d20692ed52fafc8) C:\WINDOWS\system32\drivers\cfwids.sys

10:54:13.0687 1508 cfwids - ok

10:54:13.0703 1508 Changer - ok

10:54:13.0765 1508 CmdIde - ok

10:54:13.0812 1508 Cpqarray - ok

10:54:13.0875 1508 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys

10:54:13.0875 1508 ctxusbm - ok

10:54:13.0890 1508 dac2w2k - ok

10:54:13.0906 1508 dac960nt - ok

10:54:13.0953 1508 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

10:54:13.0953 1508 Disk - ok

10:54:14.0015 1508 DLABOIOM (d8d58a84f3ece3359df95fd2e459b330) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

10:54:14.0015 1508 DLABOIOM - ok

10:54:14.0031 1508 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

10:54:14.0031 1508 DLACDBHM - ok

10:54:14.0062 1508 DLADResN (27c78078bd9c4f2de2ad3eb04bfe101b) C:\WINDOWS\system32\DLA\DLADResN.SYS

10:54:14.0062 1508 DLADResN - ok

10:54:14.0093 1508 DLAIFS_M (7f2d93e560b763ef5d11422d78da8ed0) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

10:54:14.0093 1508 DLAIFS_M - ok

10:54:14.0109 1508 DLAOPIOM (f643637de6aac57e38d197aa63d9ea74) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

10:54:14.0109 1508 DLAOPIOM - ok

10:54:14.0140 1508 DLAPoolM (340705474807f57a46d59d18fc2959f1) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

10:54:14.0140 1508 DLAPoolM - ok

10:54:14.0156 1508 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

10:54:14.0156 1508 DLARTL_N - ok

10:54:14.0187 1508 DLAUDFAM (6984ea763907c045ce813468882bc587) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

10:54:14.0203 1508 DLAUDFAM - ok

10:54:14.0218 1508 DLAUDF_M (12b30c449cfd36adbed53eb6560933c6) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

10:54:14.0218 1508 DLAUDF_M - ok

10:54:14.0312 1508 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

10:54:14.0343 1508 dmboot - ok

10:54:14.0390 1508 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

10:54:14.0390 1508 dmio - ok

10:54:14.0437 1508 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

10:54:14.0437 1508 dmload - ok

10:54:14.0468 1508 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

10:54:14.0468 1508 DMusic - ok

10:54:14.0500 1508 dpti2o - ok

10:54:14.0531 1508 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

10:54:14.0531 1508 drmkaud - ok

10:54:14.0578 1508 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

10:54:14.0578 1508 DRVMCDB - ok

10:54:14.0609 1508 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

10:54:14.0609 1508 DRVNDDM - ok

10:54:14.0718 1508 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys

10:54:14.0718 1508 elagopro - ok

10:54:14.0734 1508 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys

10:54:14.0750 1508 elaunidr - ok

10:54:14.0781 1508 Eplpdx02 (bf8bad1fac5c0c73ae97859a3eb428bc) C:\WINDOWS\system32\Drivers\EPLPDX02.SYS

10:54:14.0781 1508 Eplpdx02 - ok

10:54:14.0859 1508 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

10:54:14.0859 1508 Fastfat - ok

10:54:14.0890 1508 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

10:54:14.0890 1508 Fdc - ok

10:54:14.0906 1508 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

10:54:14.0906 1508 Fips - ok

10:54:14.0937 1508 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

10:54:14.0937 1508 Flpydisk - ok

10:54:14.0968 1508 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

10:54:14.0984 1508 FltMgr - ok

10:54:15.0000 1508 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

10:54:15.0000 1508 Fs_Rec - ok

10:54:15.0031 1508 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

10:54:15.0031 1508 Ftdisk - ok

10:54:15.0046 1508 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

10:54:15.0062 1508 GEARAspiWDM - ok

10:54:15.0093 1508 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

10:54:15.0093 1508 Gpc - ok

10:54:15.0171 1508 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS

10:54:15.0171 1508 GTNDIS5 - ok

10:54:15.0218 1508 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

10:54:15.0218 1508 HDAudBus - ok

10:54:15.0281 1508 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

10:54:15.0281 1508 hidusb - ok

10:54:15.0296 1508 hpn - ok

10:54:15.0375 1508 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

10:54:15.0375 1508 HPZid412 - ok

10:54:15.0406 1508 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

10:54:15.0406 1508 HPZipr12 - ok

10:54:15.0437 1508 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

10:54:15.0437 1508 HPZius12 - ok

10:54:15.0468 1508 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

10:54:15.0468 1508 HTTP - ok

10:54:15.0500 1508 i2omgmt - ok

10:54:15.0515 1508 i2omp - ok

10:54:15.0562 1508 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

10:54:15.0562 1508 i8042prt - ok

10:54:15.0593 1508 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

10:54:15.0593 1508 Imapi - ok

10:54:15.0640 1508 ini910u - ok

10:54:15.0671 1508 IntelIde - ok

10:54:15.0718 1508 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

10:54:15.0718 1508 Ip6Fw - ok

10:54:15.0765 1508 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

10:54:15.0781 1508 IpFilterDriver - ok

10:54:15.0812 1508 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

10:54:15.0812 1508 IpInIp - ok

10:54:15.0843 1508 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

10:54:15.0843 1508 IpNat - ok

10:54:15.0953 1508 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) C:\WINDOWS\system32\drivers\iPodDrv.sys

10:54:15.0953 1508 iPodDrv - ok

10:54:15.0968 1508 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

10:54:15.0968 1508 IPSec - ok

10:54:16.0000 1508 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

10:54:16.0000 1508 IRENUM - ok

10:54:16.0031 1508 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

10:54:16.0046 1508 isapnp - ok

10:54:16.0062 1508 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

10:54:16.0062 1508 Kbdclass - ok

10:54:16.0093 1508 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

10:54:16.0093 1508 kbdhid - ok

10:54:16.0140 1508 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

10:54:16.0140 1508 kmixer - ok

10:54:16.0171 1508 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

10:54:16.0171 1508 KSecDD - ok

10:54:16.0203 1508 lbrtfdc - ok

10:54:16.0343 1508 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

10:54:16.0343 1508 MBAMSwissArmy - ok

10:54:16.0515 1508 mfeapfk (c373a719d704d12f5a4503f6f10239ff) C:\WINDOWS\system32\drivers\mfeapfk.sys

10:54:16.0515 1508 mfeapfk - ok

10:54:16.0546 1508 mfeavfk (851ad52871b62457152a8acaff0c632d) C:\WINDOWS\system32\drivers\mfeavfk.sys

10:54:16.0546 1508 mfeavfk - ok

10:54:16.0562 1508 mfebopk (5b9ffb027669a8ac30aac0b4996bc603) C:\WINDOWS\system32\drivers\mfebopk.sys

10:54:16.0578 1508 mfebopk - ok

10:54:16.0609 1508 mfefirek (2cabe72e53365834cb9969dde47bd690) C:\WINDOWS\system32\drivers\mfefirek.sys

10:54:16.0609 1508 mfefirek - ok

10:54:16.0640 1508 mfehidk (46db8f041e928bdc17b8daba249a2148) C:\WINDOWS\system32\drivers\mfehidk.sys

10:54:16.0656 1508 mfehidk - ok

10:54:16.0687 1508 mfendisk (348e3db31cf458adaa3798fb8af659c3) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

10:54:16.0687 1508 mfendisk - ok

10:54:16.0703 1508 mfendiskmp (348e3db31cf458adaa3798fb8af659c3) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

10:54:16.0703 1508 mfendiskmp - ok

10:54:16.0718 1508 mferkdet (316fd7c31cd57ca793fb10912aeeb2d2) C:\WINDOWS\system32\drivers\mferkdet.sys

10:54:16.0734 1508 mferkdet - ok

10:54:16.0781 1508 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys

10:54:16.0781 1508 mferkdk - ok

10:54:16.0843 1508 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys

10:54:16.0843 1508 mfesmfk - ok

10:54:16.0890 1508 mfetdi2k (2026fe7c9e6b26ffeb08cd89c6326b91) C:\WINDOWS\system32\drivers\mfetdi2k.sys

10:54:16.0890 1508 mfetdi2k - ok

10:54:16.0921 1508 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

10:54:16.0921 1508 mnmdd - ok

10:54:16.0968 1508 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

10:54:16.0968 1508 Modem - ok

10:54:17.0000 1508 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

10:54:17.0000 1508 Mouclass - ok

10:54:17.0015 1508 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

10:54:17.0031 1508 mouhid - ok

10:54:17.0062 1508 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

10:54:17.0062 1508 MountMgr - ok

10:54:17.0078 1508 MpKsl39dd0895 - ok

10:54:17.0109 1508 mraid35x - ok

10:54:17.0125 1508 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

10:54:17.0125 1508 MRxDAV - ok

10:54:17.0187 1508 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

10:54:17.0203 1508 MRxSmb - ok

10:54:17.0234 1508 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

10:54:17.0234 1508 Msfs - ok

10:54:17.0281 1508 MSHUSBVideo (01446556c149bba152e2ff79e296889f) C:\WINDOWS\system32\Drivers\nx6000.sys

10:54:17.0281 1508 MSHUSBVideo - ok

10:54:17.0312 1508 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

10:54:17.0312 1508 MSKSSRV - ok

10:54:17.0328 1508 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

10:54:17.0328 1508 MSPCLOCK - ok

10:54:17.0359 1508 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

10:54:17.0359 1508 MSPQM - ok

10:54:17.0375 1508 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

10:54:17.0375 1508 mssmbios - ok

10:54:17.0406 1508 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

10:54:17.0406 1508 MSTEE - ok

10:54:17.0437 1508 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

10:54:17.0437 1508 Mup - ok

10:54:17.0484 1508 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

10:54:17.0484 1508 NABTSFEC - ok

10:54:17.0531 1508 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

10:54:17.0531 1508 NDIS - ok

10:54:17.0562 1508 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

10:54:17.0562 1508 NdisIP - ok

10:54:17.0578 1508 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

10:54:17.0578 1508 NdisTapi - ok

10:54:17.0609 1508 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

10:54:17.0609 1508 Ndisuio - ok

10:54:17.0625 1508 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

10:54:17.0625 1508 NdisWan - ok

10:54:17.0671 1508 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

10:54:17.0671 1508 NDProxy - ok

10:54:17.0718 1508 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

10:54:17.0718 1508 NetBIOS - ok

10:54:17.0734 1508 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

10:54:17.0734 1508 NetBT - ok

10:54:17.0812 1508 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

10:54:17.0812 1508 Npfs - ok

10:54:17.0843 1508 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

10:54:17.0859 1508 Ntfs - ok

10:54:17.0906 1508 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

10:54:17.0921 1508 NuidFltr - ok

10:54:17.0937 1508 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

10:54:17.0937 1508 Null - ok

10:54:18.0046 1508 nv (449220e13e94b64ebfdc788e97ec9222) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

10:54:18.0125 1508 nv - ok

10:54:18.0156 1508 nvata (6b37162e91a7005baa753cb611acea2d) C:\WINDOWS\system32\DRIVERS\NVATA.SYS

10:54:18.0156 1508 nvata - ok

10:54:18.0203 1508 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

10:54:18.0203 1508 NwlnkFlt - ok

10:54:18.0218 1508 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

10:54:18.0218 1508 NwlnkFwd - ok

10:54:18.0250 1508 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS

10:54:18.0250 1508 OMCI - ok

10:54:18.0312 1508 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

10:54:18.0312 1508 Parport - ok

10:54:18.0328 1508 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

10:54:18.0328 1508 PartMgr - ok

10:54:18.0359 1508 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

10:54:18.0359 1508 ParVdm - ok

10:54:18.0375 1508 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

10:54:18.0375 1508 PCI - ok

10:54:18.0406 1508 PCIDump - ok

10:54:18.0421 1508 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

10:54:18.0437 1508 PCIIde - ok

10:54:18.0453 1508 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

10:54:18.0468 1508 Pcmcia - ok

10:54:18.0484 1508 PDCOMP - ok

10:54:18.0500 1508 PDFRAME - ok

10:54:18.0531 1508 PDRELI - ok

10:54:18.0546 1508 PDRFRAME - ok

10:54:18.0562 1508 perc2 - ok

10:54:18.0593 1508 perc2hib - ok

10:54:18.0671 1508 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

10:54:18.0687 1508 PptpMiniport - ok

10:54:18.0718 1508 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

10:54:18.0718 1508 Processor - ok

10:54:18.0750 1508 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

10:54:18.0750 1508 PSched - ok

10:54:18.0781 1508 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

10:54:18.0781 1508 Ptilink - ok

10:54:18.0812 1508 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

10:54:18.0828 1508 PxHelp20 - ok

10:54:18.0843 1508 ql1080 - ok

10:54:18.0859 1508 Ql10wnt - ok

10:54:18.0875 1508 ql12160 - ok

10:54:18.0906 1508 ql1240 - ok

10:54:18.0921 1508 ql1280 - ok

10:54:18.0968 1508 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

10:54:18.0968 1508 RasAcd - ok

10:54:19.0000 1508 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

10:54:19.0000 1508 Rasl2tp - ok

10:54:19.0031 1508 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

10:54:19.0031 1508 RasPppoe - ok

10:54:19.0046 1508 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

10:54:19.0046 1508 Raspti - ok

10:54:19.0078 1508 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

10:54:19.0078 1508 Rdbss - ok

10:54:19.0093 1508 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

10:54:19.0093 1508 RDPCDD - ok

10:54:19.0156 1508 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

10:54:19.0156 1508 RDPWD - ok

10:54:19.0187 1508 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

10:54:19.0187 1508 redbook - ok

10:54:19.0328 1508 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys

10:54:19.0343 1508 RT61 - ok

10:54:19.0406 1508 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

10:54:19.0406 1508 Secdrv - ok

10:54:19.0453 1508 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

10:54:19.0453 1508 Serial - ok

10:54:19.0515 1508 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

10:54:19.0515 1508 Sfloppy - ok

10:54:19.0546 1508 Simbad - ok

10:54:19.0593 1508 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

10:54:19.0593 1508 SLIP - ok

10:54:19.0609 1508 Sparrow - ok

10:54:19.0656 1508 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

10:54:19.0656 1508 splitter - ok

10:54:19.0703 1508 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

10:54:19.0703 1508 sr - ok

10:54:19.0750 1508 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

10:54:19.0765 1508 Srv - ok

10:54:19.0828 1508 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys

10:54:19.0859 1508 STHDA - ok

10:54:19.0890 1508 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

10:54:19.0906 1508 streamip - ok

10:54:19.0906 1508 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

10:54:19.0906 1508 swenum - ok

10:54:19.0937 1508 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

10:54:19.0937 1508 swmidi - ok

10:54:19.0968 1508 symc810 - ok

10:54:20.0000 1508 symc8xx - ok

10:54:20.0015 1508 sym_hi - ok

10:54:20.0031 1508 sym_u3 - ok

10:54:20.0062 1508 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

10:54:20.0062 1508 sysaudio - ok

10:54:20.0140 1508 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

10:54:20.0140 1508 Tcpip - ok

10:54:20.0156 1508 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

10:54:20.0171 1508 TDPIPE - ok

10:54:20.0187 1508 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

10:54:20.0187 1508 TDTCP - ok

10:54:20.0203 1508 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

10:54:20.0218 1508 TermDD - ok

10:54:20.0250 1508 TosIde - ok

10:54:20.0296 1508 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

10:54:20.0296 1508 Udfs - ok

10:54:20.0312 1508 ultra - ok

10:54:20.0359 1508 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

10:54:20.0375 1508 Update - ok

10:54:20.0437 1508 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

10:54:20.0437 1508 USBAAPL - ok

10:54:20.0468 1508 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

10:54:20.0468 1508 usbaudio - ok

10:54:20.0484 1508 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

10:54:20.0500 1508 usbccgp - ok

10:54:20.0515 1508 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

10:54:20.0515 1508 usbehci - ok

10:54:20.0546 1508 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

10:54:20.0546 1508 usbhub - ok

10:54:20.0562 1508 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

10:54:20.0562 1508 usbohci - ok

10:54:20.0593 1508 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

10:54:20.0593 1508 usbprint - ok

10:54:20.0625 1508 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

10:54:20.0625 1508 usbscan - ok

10:54:20.0656 1508 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

10:54:20.0656 1508 USBSTOR - ok

10:54:20.0687 1508 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

10:54:20.0687 1508 usbvideo - ok

10:54:20.0734 1508 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

10:54:20.0734 1508 VgaSave - ok

10:54:20.0750 1508 ViaIde - ok

10:54:20.0781 1508 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

10:54:20.0781 1508 VolSnap - ok

10:54:20.0828 1508 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

10:54:20.0828 1508 Wanarp - ok

10:54:20.0875 1508 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

10:54:20.0890 1508 Wdf01000 - ok

10:54:20.0906 1508 WDICA - ok

10:54:20.0937 1508 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

10:54:20.0937 1508 wdmaud - ok

10:54:21.0156 1508 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

10:54:21.0156 1508 WSTCODEC - ok

10:54:21.0218 1508 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

10:54:21.0218 1508 WudfPf - ok

10:54:21.0250 1508 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

10:54:21.0250 1508 WudfRd - ok

10:54:21.0359 1508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

10:54:21.0406 1508 \Device\Harddisk0\DR0 - ok

10:54:21.0421 1508 Boot (0x1200) (21de1fb90b102c3c4307d18e18725c54) \Device\Harddisk0\DR0\Partition0

10:54:21.0421 1508 \Device\Harddisk0\DR0\Partition0 - ok

10:54:21.0437 1508 ============================================================

10:54:21.0437 1508 Scan finished

10:54:21.0437 1508 ============================================================

10:54:21.0468 0928 Detected object count: 2

10:54:21.0468 0928 Actual detected object count: 2

10:54:56.0265 0928 8c8eec5b ( HiddenFile.Multi.Generic ) - skipped by user

10:54:56.0265 0928 8c8eec5b ( HiddenFile.Multi.Generic ) - User select action: Skip

10:54:56.0265 0928 AFD ( ForgedFile.Multi.Generic ) - skipped by user

10:54:56.0265 0928 AFD ( ForgedFile.Multi.Generic ) - User select action: Skip

10:55:11.0484 1000 Deinitialize success

DDS.txt

**********************

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23

Run by Brian at 11:01:25 on 2011-10-10

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.665 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\1542229644:1936790436.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.comcast.net/

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111006210726.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [PhotoshopElements8SyncAgent] c:\program files\adobe\elements 9 organizer\ElementsOrganizerSyncAgent.exe

uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [v1uuvvD2obF4mHs8234A] c:\windows\system32\bUUCCekIBrzPyx.exe

dRunOnce: [RunNarrator] Narrator.exe

mExplorerRun: [NoActiveDesktopChanges] 00000000

mExplorerRun: [NoActiveDesktop] 0 (0x0)

mExplorerRun: [NoSaveSettings] 0 (0x0)

mExplorerRun: [ClassicShell] 0 (0x0)

StartupFolder: c:\documents and settings\brian\start menu\programs\startup\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

mPolicies-explorer: NoSimpleStartMenu = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: mswsock.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: internet

Trusted Zone: intuit.com\ttlc

Trusted Zone: mcafee.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab

DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader5.cab

DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} - hxxp://www.zenfolio.com/zf/code/upload-ie-win-x86.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209674240906

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab

DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab?

TCP: DhcpNameServer = 68.87.73.246 68.87.71.230

TCP: Interfaces\{42C87D08-01A1-443D-82CC-702923BF276A} : DhcpNameServer = 68.87.73.246 68.87.71.230

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\brian\application data\mozilla\firefox\profiles\s5wwn9en.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - plugin: c:\documents and settings\brian\application data\mozilla\firefox\profiles\s5wwn9en.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll

FF - plugin: c:\documents and settings\brian\application data\mozilla\firefox\profiles\s5wwn9en.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: c:\documents and settings\brian\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\progra~1\gradke~1\dbsign~1\lib\npDBsignWeb.dll

FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll

FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 461864]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-15 89624]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-15 214904]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-15 160344]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-15 148520]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-15 338040]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-15 83688]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]

S1 MpKsl39dd0895;MpKsl39dd0895;\??\c:\windows\system32\mpenginestore\mpksl39dd0895.sys --> c:\windows\system32\mpenginestore\MpKsl39dd0895.sys [?]

S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]

S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-4-14 6656]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2009-12-4 94880]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-15 214904]

S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-15 214904]

S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-15 166024]

S2 Winferno Subscription Service;Winferno Subscription Service;c:\program files\common files\winferno\wss\WSS.exe [2010-2-28 139264]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-15 57432]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-10-7 41272]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-10-10 180072]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-10 59288]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-15 83688]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-15 87808]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-10-10 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-10 40552]

S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-3-22 33808]

.

=============== Created Last 30 ================

.

2011-10-10 14:52:56 -------- d-----w- c:\program files\tds

2011-10-08 00:11:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-08 00:07:28 -------- d-----w- c:\program files\4

2011-10-07 23:58:27 -------- d-----w- c:\program files\3

2011-10-07 23:53:27 -------- d-----w- c:\program files\2

2011-10-07 23:28:00 -------- d--h--w- c:\windows\PIF

2011-10-07 23:23:43 -------- d-----w- c:\program files\1

2011-10-07 01:13:12 -------- d-----w- c:\windows\LastGood.Tmp

2011-10-06 21:04:57 -------- d-----w- c:\documents and settings\brian\application data\kJJ77dELLgTZqY

2011-10-06 21:04:57 -------- d-----w- c:\documents and settings\brian\application data\jwwkkIVrrONtx0c

2011-10-06 21:04:52 2397696 ----a-w- c:\windows\system32\bUUCCekIBrzPyx.exe

2011-10-06 21:04:52 -------- d-----w- c:\documents and settings\brian\application data\KH66ssWK7fRLgTq

2011-09-30 11:28:26 -------- d-----w- c:\documents and settings\brian\local settings\application data\LEGO Software

2011-09-30 11:18:40 -------- d-----w- c:\documents and settings\brian\local settings\application data\Chromium

2011-09-30 11:18:18 -------- d-----w- c:\program files\LEGO Software

2011-09-14 03:27:29 28504 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll

.

==================== Find3M ====================

.

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-15 14:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-15 14:00:06 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-08-15 14:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-08-15 14:00:06 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-08-15 14:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-08-15 14:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-08-15 14:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-08-15 14:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-08-15 14:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-15 14:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-08-05 14:13:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

============= FINISH: 11:02:47.60 ===============

Link to post
Share on other sites

ComboFix 11-10-12.04 - Brian 10/12/2011 20:36:48.1.2 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.634 [GMT -4:00]

Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Local Settings\Application Data\{B13EF9CA-29D6-4979-B43E-C7FF9484D243}

c:\documents and settings\Administrator\Local Settings\Application Data\{B13EF9CA-29D6-4979-B43E-C7FF9484D243}\chrome.manifest

c:\documents and settings\Administrator\Local Settings\Application Data\{B13EF9CA-29D6-4979-B43E-C7FF9484D243}\chrome\content\overlay.xul

c:\documents and settings\Administrator\Local Settings\Application Data\{B13EF9CA-29D6-4979-B43E-C7FF9484D243}\install.rdf

c:\documents and settings\Brian\Application Data\ldr.ini

c:\documents and settings\Brian\Desktop\AV Guard Online.lnk

c:\documents and settings\Brian\GoToAssistDownloadHelper.exe

c:\documents and settings\Brian\Local Settings\Application Data\{11D3756D-51D6-41D0-B2AB-2B6E11DC5535}

c:\documents and settings\Brian\Local Settings\Application Data\{11D3756D-51D6-41D0-B2AB-2B6E11DC5535}\chrome.manifest

c:\documents and settings\Brian\Local Settings\Application Data\{11D3756D-51D6-41D0-B2AB-2B6E11DC5535}\chrome\content\overlay.xul

c:\documents and settings\Brian\Local Settings\Application Data\{11D3756D-51D6-41D0-B2AB-2B6E11DC5535}\install.rdf

c:\documents and settings\Brian\Start Menu\Programs\AV Guard Online

c:\documents and settings\Brian\Start Menu\Programs\AV Guard Online\AV Guard Online.lnk

c:\documents and settings\Mason\WINDOWS

c:\program files\1

c:\program files\1\Malwarebytes' Anti-Malware\changes.rtf

c:\program files\1\Malwarebytes' Anti-Malware\Languages\arabic.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\belarusian.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\bosnian.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\bulgarian.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\catalan.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\chineseSI.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\chineseTR.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\croatian.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\czech.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\danish.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\dutch.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\english.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\estonian.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\finnish.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\french.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\german.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\greek.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\hebrew.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\hungarian.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\italian.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\korean.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\latvian.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\lithuanian.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\macedonian.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\norwegian.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\polish.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\romanian.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\russian.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\serbian.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\slovak.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\slovenian.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\spanish.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\swedish.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\thai.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\turkish.lng

c:\program files\1\Malwarebytes' Anti-Malware\Languages\vietnamese.lng

c:\program files\1\Malwarebytes' Anti-Malware\license.txt

c:\program files\1\Malwarebytes' Anti-Malware\mbam.chm

c:\program files\1\Malwarebytes' Anti-Malware\mbam.dll

c:\program files\1\Malwarebytes' Anti-Malware\mbam.exe

c:\program files\1\Malwarebytes' Anti-Malware\mbamcore.dll

c:\program files\1\Malwarebytes' Anti-Malware\mbamext.dll

c:\program files\1\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files\1\Malwarebytes' Anti-Malware\mbamnet.dll

c:\program files\1\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\1\Malwarebytes' Anti-Malware\ssubtmr6.dll

c:\program files\1\Malwarebytes' Anti-Malware\unins000.dat

c:\program files\1\Malwarebytes' Anti-Malware\unins000.exe

c:\program files\1\Malwarebytes' Anti-Malware\unins000.msg

c:\program files\1\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

c:\program files\2

c:\program files\2\Malwarebytes' Anti-Malware\changes.rtf

c:\program files\2\Malwarebytes' Anti-Malware\firefox.com

c:\program files\2\Malwarebytes' Anti-Malware\Languages\arabic.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\belarusian.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\bosnian.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\bulgarian.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\catalan.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\chineseSI.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\chineseTR.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\croatian.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\czech.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\danish.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\dutch.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\english.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\estonian.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\finnish.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\french.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\german.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\greek.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\hebrew.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\hungarian.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\italian.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\korean.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\latvian.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\lithuanian.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\macedonian.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\norwegian.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\polish.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\romanian.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\russian.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\serbian.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\slovak.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\slovenian.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\spanish.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\swedish.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\thai.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\turkish.lng

c:\program files\2\Malwarebytes' Anti-Malware\Languages\vietnamese.lng

c:\program files\2\Malwarebytes' Anti-Malware\license.txt

c:\program files\2\Malwarebytes' Anti-Malware\mbam.chm

c:\program files\2\Malwarebytes' Anti-Malware\mbam.dll

c:\program files\2\Malwarebytes' Anti-Malware\mbamcore.dll

c:\program files\2\Malwarebytes' Anti-Malware\mbamext.dll

c:\program files\2\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files\2\Malwarebytes' Anti-Malware\mbamnet.dll

c:\program files\2\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\2\Malwarebytes' Anti-Malware\ssubtmr6.dll

c:\program files\2\Malwarebytes' Anti-Malware\unins000.dat

c:\program files\2\Malwarebytes' Anti-Malware\unins000.exe

c:\program files\2\Malwarebytes' Anti-Malware\unins000.msg

c:\program files\2\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

c:\program files\3

c:\program files\3\Malwarebytes' Anti-Malware\changes.rtf

c:\program files\3\Malwarebytes' Anti-Malware\iexplore.com

c:\program files\3\Malwarebytes' Anti-Malware\Languages\arabic.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\belarusian.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\bosnian.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\bulgarian.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\catalan.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\chineseSI.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\chineseTR.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\croatian.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\czech.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\danish.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\dutch.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\english.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\estonian.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\finnish.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\french.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\german.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\greek.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\hebrew.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\hungarian.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\italian.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\korean.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\latvian.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\lithuanian.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\macedonian.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\norwegian.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\polish.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\romanian.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\russian.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\serbian.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\slovak.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\slovenian.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\spanish.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\swedish.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\thai.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\turkish.lng

c:\program files\3\Malwarebytes' Anti-Malware\Languages\vietnamese.lng

c:\program files\3\Malwarebytes' Anti-Malware\license.txt

c:\program files\3\Malwarebytes' Anti-Malware\mbam.chm

c:\program files\3\Malwarebytes' Anti-Malware\mbam.dll

c:\program files\3\Malwarebytes' Anti-Malware\mbamcore.dll

c:\program files\3\Malwarebytes' Anti-Malware\mbamext.dll

c:\program files\3\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files\3\Malwarebytes' Anti-Malware\mbamnet.dll

c:\program files\3\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\3\Malwarebytes' Anti-Malware\ssubtmr6.dll

c:\program files\3\Malwarebytes' Anti-Malware\unins000.dat

c:\program files\3\Malwarebytes' Anti-Malware\unins000.exe

c:\program files\3\Malwarebytes' Anti-Malware\unins000.msg

c:\program files\3\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

c:\windows\system32\d3d9caps.dat

c:\windows\wiadebug.log

c:\windows\wiaservc.log

.

Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected

Restored copy from - The cat found it :)

.

((((((((((((((((((((((((( Files Created from 2011-09-13 to 2011-10-13 )))))))))))))))))))))))))))))))

.

.

2011-10-13 00:28 . 2011-02-16 13:25 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-10-10 14:52 . 2011-10-10 14:53 -------- d-----w- c:\program files\tds

2011-10-08 00:11 . 2011-10-08 00:11 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-08 00:07 . 2011-10-08 00:07 -------- d-----w- c:\program files\4

2011-10-07 23:28 . 2011-10-07 23:28 -------- d--h--w- c:\windows\PIF

2011-10-07 01:13 . 2011-10-07 01:13 -------- d-----w- c:\windows\LastGood.Tmp

2011-10-06 21:04 . 2011-10-06 21:04 -------- d-----w- c:\documents and settings\Brian\Application Data\kJJ77dELLgTZqY

2011-10-06 21:04 . 2011-10-06 21:04 -------- d-----w- c:\documents and settings\Brian\Application Data\jwwkkIVrrONtx0c

2011-10-06 21:04 . 2011-10-06 21:04 2397696 ----a-w- c:\windows\system32\bUUCCekIBrzPyx.exe

2011-10-06 21:04 . 2011-10-06 21:04 -------- d-----w- c:\documents and settings\Brian\Application Data\KH66ssWK7fRLgTq

2011-09-30 11:28 . 2011-09-30 11:28 -------- d-----w- c:\documents and settings\Brian\Local Settings\Application Data\LEGO Software

2011-09-30 11:18 . 2011-09-30 11:18 -------- d-----w- c:\documents and settings\Brian\Local Settings\Application Data\Chromium

2011-09-30 11:18 . 2011-09-30 11:18 -------- d-----w- c:\program files\LEGO Software

2011-09-14 03:27 . 2011-08-19 19:56 28504 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 21:00 . 2010-03-01 03:29 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-15 14:00 . 2010-04-15 07:57 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-15 14:00 . 2010-04-15 07:56 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-08-15 14:00 . 2010-04-15 07:56 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-08-15 14:00 . 2010-04-15 07:56 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-08-15 14:00 . 2010-04-15 07:56 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-08-15 14:00 . 2010-04-15 07:56 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-08-15 14:00 . 2010-04-15 07:56 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-08-15 14:00 . 2009-10-10 19:19 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-08-15 14:00 . 2009-10-10 19:19 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-15 14:00 . 2009-07-08 17:44 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-08-05 14:13 . 2011-08-05 14:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-10-04 01:03 . 2011-05-12 22:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 18:01 . 2010-04-15 07:57 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-04 68856]

"PhotoshopElements8SyncAgent"="c:\program files\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe" [2010-09-06 1945536]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-15 2356088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-04 50688]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-10 1317016]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"v1uuvvD2obF4mHs8234A"="c:\windows\system32\bUUCCekIBrzPyx.exe" [2011-10-06 2397696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\Brian\Start Menu\Programs\Startup\

hpqtra08.exe [2007-10-14 214360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoSimpleStartMenu"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-01-12 02:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]

2009-09-13 04:09 103768 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]

2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]

2005-11-07 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]

2007-03-15 22:16 454784 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]

2006-11-23 02:10 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2001-12-06 16:01 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2007-08-22 20:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]

2001-06-15 00:54 254022 ------w- c:\program files\EPSON\Ink Monitor\InkMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]

2011-09-10 04:51 1317016 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

2003-06-18 16:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-06-16 14:39 7323648 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2006-07-27 18:19 282624 ----a-w- c:\windows\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-07-12 08:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-07-04 03:19 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\Brian\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/15/2010 3:56 AM 89624]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/15/2010 3:56 AM 214904]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/15/2010 3:57 AM 160344]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [4/15/2010 3:56 AM 148520]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/15/2010 3:56 AM 338040]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/15/2010 3:56 AM 83688]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 7:13 PM 65584]

S1 MpKsl39dd0895;MpKsl39dd0895;\??\c:\windows\system32\MpEngineStore\MpKsl39dd0895.sys --> c:\windows\system32\MpEngineStore\MpKsl39dd0895.sys [?]

S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/6/2010 3:19 AM 169408]

S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [4/14/2011 8:15 PM 6656]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/4/2009 7:21 PM 94880]

S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/15/2010 3:56 AM 214904]

S2 Winferno Subscription Service;Winferno Subscription Service;c:\program files\Common Files\Winferno\WSS\WSS.exe [2/28/2010 3:13 PM 139264]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/15/2010 3:56 AM 57432]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10/7/2011 8:11 PM 41272]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/15/2010 3:56 AM 83688]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/15/2010 3:56 AM 87808]

S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [3/22/2009 8:38 PM 33808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-06 c:\windows\Tasks\AdobeAAMUpdater-1.0-GAINESONE-Brian.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 06:25]

.

2011-10-07 c:\windows\Tasks\WSSHelper.job

- c:\program files\Common Files\Winferno\WSS\WSSHelper.exe [2010-02-28 22:16]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.comcast.net/

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: internet

Trusted Zone: intuit.com\ttlc

Trusted Zone: mcafee.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 68.87.73.246 68.87.71.230

DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} - hxxp://www.zenfolio.com/zf/code/upload-ie-win-x86.cab

FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\s5wwn9en.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-Nyikojulow - c:\windows\epecitaqun.dll

MSConfigStartUp-odb - c:\windows\odb.exe

MSConfigStartUp-UIUCU - c:\docume~1\Brian\LOCALS~1\Temp\UIUCU.EXE

MSConfigStartUp-userinit - c:\windows\system32\ntos.exe

MSConfigStartUp-Vpecaxitivumejab - c:\windows\Cjoqikufevo.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-12 20:51

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2011-10-12 20:54:22

ComboFix-quarantined-files.txt 2011-10-13 00:54

.

Pre-Run: 3,093,204,992 bytes free

Post-Run: 8,648,175,616 bytes free

.

- - End Of File - - 47F220D337C78486BAD1889C69856FED

DDS.txt

*************************

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23

Run by Brian at 21:12:05 on 2011-10-12

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.605 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.comcast.net/

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111006210726.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [PhotoshopElements8SyncAgent] c:\program files\adobe\elements 9 organizer\ElementsOrganizerSyncAgent.exe

uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [v1uuvvD2obF4mHs8234A] c:\windows\system32\bUUCCekIBrzPyx.exe

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\documents and settings\brian\start menu\programs\startup\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

mPolicies-explorer: NoSimpleStartMenu = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: internet

Trusted Zone: intuit.com\ttlc

Trusted Zone: mcafee.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab

DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader5.cab

DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} - hxxp://www.zenfolio.com/zf/code/upload-ie-win-x86.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209674240906

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab

DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab?

TCP: DhcpNameServer = 68.87.73.246 68.87.71.230

TCP: Interfaces\{42C87D08-01A1-443D-82CC-702923BF276A} : DhcpNameServer = 68.87.73.246 68.87.71.230

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\brian\application data\mozilla\firefox\profiles\s5wwn9en.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 461864]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-15 89624]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-15 214904]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-15 160344]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-15 148520]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-15 338040]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-15 83688]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]

S1 MpKsl39dd0895;MpKsl39dd0895;\??\c:\windows\system32\mpenginestore\mpksl39dd0895.sys --> c:\windows\system32\mpenginestore\MpKsl39dd0895.sys [?]

S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]

S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-4-14 6656]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2009-12-4 94880]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-15 214904]

S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-15 214904]

S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-15 166024]

S2 Winferno Subscription Service;Winferno Subscription Service;c:\program files\common files\winferno\wss\WSS.exe [2010-2-28 139264]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-15 57432]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-10-7 41272]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-10-10 180072]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-10 59288]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-15 83688]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-15 87808]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-10-10 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-10 40552]

S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-3-22 33808]

.

=============== Created Last 30 ================

.

2011-10-13 00:28:29 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-10-13 00:24:52 -------- d-sha-r- C:\cmdcons

2011-10-13 00:05:36 98816 ----a-w- c:\windows\sed.exe

2011-10-13 00:05:36 518144 ----a-w- c:\windows\SWREG.exe

2011-10-13 00:05:36 256000 ----a-w- c:\windows\PEV.exe

2011-10-13 00:05:36 208896 ----a-w- c:\windows\MBR.exe

2011-10-10 14:52:56 -------- d-----w- c:\program files\tds

2011-10-08 00:11:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-08 00:07:28 -------- d-----w- c:\program files\4

2011-10-07 23:28:00 -------- d--h--w- c:\windows\PIF

2011-10-07 01:13:12 -------- d-----w- c:\windows\LastGood.Tmp

2011-10-06 21:04:57 -------- d-----w- c:\documents and settings\brian\application data\kJJ77dELLgTZqY

2011-10-06 21:04:57 -------- d-----w- c:\documents and settings\brian\application data\jwwkkIVrrONtx0c

2011-10-06 21:04:52 2397696 ----a-w- c:\windows\system32\bUUCCekIBrzPyx.exe

2011-10-06 21:04:52 -------- d-----w- c:\documents and settings\brian\application data\KH66ssWK7fRLgTq

2011-09-30 11:28:26 -------- d-----w- c:\documents and settings\brian\local settings\application data\LEGO Software

2011-09-30 11:18:40 -------- d-----w- c:\documents and settings\brian\local settings\application data\Chromium

2011-09-30 11:18:18 -------- d-----w- c:\program files\LEGO Software

2011-09-14 03:27:29 28504 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll

.

==================== Find3M ====================

.

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-15 14:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-15 14:00:06 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-08-15 14:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-08-15 14:00:06 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-08-15 14:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-08-15 14:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-08-15 14:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-08-15 14:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-08-15 14:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-15 14:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-08-05 14:13:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

============= FINISH: 21:12:32.03 ===============

really appreciate your help!

Link to post
Share on other sites

  • Staff

Hi,

Install MBAM (don't create a new folder for it-- just let it install to its default location). Update it, run a Quick Scan, and post its log.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7969

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

10/17/2011 7:31:39 PM

mbam-log-2011-10-17 (19-31-39).txt

Scan type: Quick scan

Objects scanned: 220483

Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\v1uuvvD2obF4mHs8234A (Backdoor.Bot) -> Value: v1uuvvD2obF4mHs8234A -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\buuccekibrzpyx.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\documents and settings\Brian\my documents\downloads\installer_powerdirector_8_0_english.exe (PUP.SmsPay.PGen) -> Not selected for removal.

c:\documents and settings\Kelly\application data\ldr.ini (Malware.Trace) -> Quarantined and deleted successfully.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17099 (vista_gdr.110617-1500)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=a1b5ab68013f17489a3341fd5e00f0d6

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-10-18 01:06:42

# local_time=2011-10-17 09:06:42 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5121 16777190 100 75 6668834 19278505 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=167151

# found=11

# cleaned=11

# scan_time=4961

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\61\592ebcbd-400fe78e a variant of Win32/Kryptik.TQB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\afd.sys.vir Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{92578B25-633E-4622-A759-15FB3A6410FB}\RP1310\A0168273.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{92578B25-633E-4622-A759-15FB3A6410FB}\RP1310\A0168289.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{92578B25-633E-4622-A759-15FB3A6410FB}\RP1310\A0169289.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{92578B25-633E-4622-A759-15FB3A6410FB}\RP1310\A0170289.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{92578B25-633E-4622-A759-15FB3A6410FB}\RP1310\A0171289.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{92578B25-633E-4622-A759-15FB3A6410FB}\RP1310\A0172289.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{92578B25-633E-4622-A759-15FB3A6410FB}\RP1310\A0173289.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{92578B25-633E-4622-A759-15FB3A6410FB}\RP1310\A0173531.exe a variant of Win32/Kryptik.TQJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Results of screen317's Security Check version 0.99.24

Windows XP Service Pack 3 x86

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Disabled!

ESET Online Scanner v3

McAfee Total Protection

McAfee Security Scan Plus

McAfee Virtual Technician

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 23

Java 6 Update 2

Out of date Java installed!

Adobe Flash Player ( 10.3.181.34) Flash Player Out of Date!

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbam.exe

ESET ESET Online Scanner OnlineCmdLineScanner.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.