Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

firefox redirecting


  • This topic is locked This topic is locked
35 replies to this topic

#1 katiecalf

katiecalf

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:07 PM

Posted 02 December 2011 - 04:58 PM

I know the laptop hasn't enough memory but somewhere my son had to pick up malware. first it was loading internet explorer in the task manager when it was not even being used as a browser. I worked on it a bit and it doesn't seem to be doing that but it is still redirecting pages in firefox. It is a Gateway dual processorT2450 with 1gb and running Vista Home Premium
I have the DDS logs but when I ran the GMER first it gave error message (LoadDriver(c:\Users\AppData\Local\Temp\pxlcypow.sys") error 0xC000010E: An instance of the service is already running when I clicked okay it went right to a scan and then at end there was nothing to save a box popped up with ( GMER hasn't found any system modification)Also there were only 5 things checked when I installed Services,Registry, Files,Ads, c:

so I am including the dds file and I did a hijackthis log and will post that also.
thanks

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_13
Run by LLS at 22:49:36 on 2011-12-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.99 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\LLS\Desktop\gmer\gmer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741}
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: DhcpNameServer = 66.254.202.19 66.254.195.3
TCP: Interfaces\{F00AA1BB-482B-4851-9A5A-B4A624B4020F} : DhcpNameServer = 66.254.202.19 66.254.195.3
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lls\appdata\roaming\mozilla\firefox\profiles\wg231qdp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?.home=ytff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/web?fr=
FF - component: c:\users\lls\appdata\roaming\mozilla\firefox\profiles\wg231qdp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\lls\appdata\roaming\mozilla\firefox\profiles\wg231qdp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol305.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-3-2 28544]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2011-12-1 17904]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl48a83aff;MpKsl48a83aff;c:\programdata\microsoft\microsoft antimalware\definition updates\{f60a2c96-99ad-48cc-ae7c-c05856348501}\MpKsl48a83aff.sys [2011-12-1 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_0\bin\fbguard.exe -s --> c:\program files\firebird\firebird_2_0\bin\fbguard.exe -s [?]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-23 21504]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_0\bin\fbserver.exe -s --> c:\program files\firebird\firebird_2_0\bin\fbserver.exe -s [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 pxldypow;pxldypow;c:\users\lls\appdata\local\temp\pxldypow.sys [2011-12-1 100864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-9 135664]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-12-1 51632]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-9 135664]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S4 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\aawservice.exe [?]
.
=============== Created Last 30 ================
.
2011-12-01 14:35:12 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f60a2c96-99ad-48cc-ae7c-c05856348501}\MpKsl48a83aff.sys
2011-12-01 14:35:09 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f60a2c96-99ad-48cc-ae7c-c05856348501}\offreg.dll
2011-11-30 20:31:44 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-30 14:24:00 388096 ----a-r- c:\users\lls\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-29 15:34:20 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-11-29 04:46:47 -------- d-----w- c:\program files\SecurityXploded
2011-11-28 18:09:30 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f60a2c96-99ad-48cc-ae7c-c05856348501}\mpengine.dll
2011-11-27 19:53:26 -------- d-----w- c:\users\lls\appdata\local\Opera
2011-11-27 13:51:32 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-27 13:51:30 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-27 13:51:24 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-27 13:51:24 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-27 02:40:58 -------- d-----w- c:\users\lls\appdata\local\VSO
2011-11-26 22:15:25 -------- d-----w- C:\$RECYCLE(0).BIN
2011-11-26 18:10:26 -------- d--h--w- c:\users\lls\appdata\local\ElevatedDiagnostics
2011-11-26 15:11:38 0 ---ha-w- c:\users\lls\appdata\local\BIT63A2.tmp
.
==================== Find3M ====================
.
2011-11-30 19:18:25 691 ----a-w- c:\users\lls\appdata\roaming\GetValue.vbs
2011-11-30 19:18:25 35 ----a-w- c:\users\lls\appdata\roaming\SetValue.bat
2011-11-30 19:18:20 1892 ----a-w- c:\windows\system32\tmp.reg
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 22:59:01.56 ===============


Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:53:22 PM, on 12/1/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\LLS\Desktop\gmer\gmer.exe
C:\Users\LLS\Desktop\dds.scr
C:\Windows\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\LLS\AppData\Local\Temp\nsqAC18.tmp\PEV.DAT

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBaseGuardian - Unknown owner - C:\Program Files\Borland\InterBase\bin\ibguard.exe (file missing)
O23 - Service: InterBaseServer - Unknown owner - C:\Program Files\Borland\InterBase\bin\ibserver.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6390 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:07 PM

Posted 04 December 2011 - 12:18 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 katiecalf

katiecalf
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:07 PM

Posted 04 December 2011 - 10:02 PM

Thanks Gringo
here is combofix log:

ComboFix 11-12-04.04 - LLS 12/04/2011 19:08:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.320 [GMT -6:00]
Running from: c:\users\LLS\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\INSTALL.LOG
c:\programdata\ntuser.dat
c:\users\LLS\GoToAssistDownloadHelper.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\AutoRun.inf
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\tmp.reg
D:\Autorun.inf
.
c:\windows\System32\irftp.exe . . . is infected!!
.
c:\windows\System32\SystemPropertiesPerformance.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))
.
.
2011-12-05 02:30 . 2011-12-05 02:32 -------- d-----w- c:\users\LLS\AppData\Local\temp
2011-12-05 02:30 . 2011-12-05 02:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-04 12:40 . 2011-12-04 12:40 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1DC8FE5E-3D52-42A4-A9F7-230CC4195E26}\MpKsl4b822202.sys
2011-12-04 12:40 . 2011-12-04 12:40 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1DC8FE5E-3D52-42A4-A9F7-230CC4195E26}\offreg.dll
2011-12-03 22:30 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1DC8FE5E-3D52-42A4-A9F7-230CC4195E26}\mpengine.dll
2011-12-03 20:13 . 2011-12-03 21:57 -------- d-----w- c:\users\LLS\DoctorWeb
2011-11-30 20:31 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-30 20:06 . 2011-12-03 19:11 -------- d-----w- c:\users\Public\SpyWareTools
2011-11-30 14:24 . 2011-11-30 14:24 388096 ----a-r- c:\users\LLS\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-29 15:34 . 2011-12-03 22:03 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-11-29 04:46 . 2011-11-29 04:46 -------- d-----w- c:\program files\SecurityXploded
2011-11-27 19:53 . 2011-11-27 19:53 -------- d-----w- c:\users\LLS\AppData\Local\Opera
2011-11-27 13:51 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-27 13:51 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-27 13:51 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-27 13:51 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-27 02:40 . 2011-11-27 02:40 -------- d-----w- c:\users\LLS\AppData\Local\VSO
2011-11-26 22:15 . 2011-11-26 22:15 -------- d-----w- C:\$RECYCLE(0).BIN
2011-11-26 18:10 . 2011-11-26 22:15 -------- d--h--w- c:\users\LLS\AppData\Local\ElevatedDiagnostics
2011-11-26 15:11 . 2011-11-26 15:11 0 ---ha-w- c:\users\LLS\AppData\Local\BIT63A2.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-30 19:18 . 2009-02-25 18:59 691 ----a-w- c:\users\LLS\AppData\Roaming\GetValue.vbs
2011-11-30 19:18 . 2009-02-25 18:59 35 ----a-w- c:\users\LLS\AppData\Roaming\SetValue.bat
2011-11-21 10:47 . 2011-04-24 15:36 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-12 23:14 . 2011-10-15 13:53 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-09-06 13:30 . 2011-10-12 21:50 2043392 ----a-w- c:\windows\system32\win32k.sys
2009-03-12 17:50 . 2009-03-12 17:50 113504 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll
2009-03-12 17:50 . 2009-03-12 17:50 232288 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzrcv01.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK
backup=c:\windows\pss\hpzrcv01.LNK.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 17:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
2006-11-16 23:04 2348584 ----a-w- c:\program files\BigFix\bigfix.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 04:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-09-29 17:39 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-12-12 02:02 98304 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 22:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]
2007-04-17 21:58 40072 ----a-w- c:\windows\SMINST\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-12-12 02:02 81920 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 19:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-10 22:47 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-11-12 13:15 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-04-08 10:38 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 04:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl3853c77f;MpKsl3853c77f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F60A2C96-99AD-48CC-AE7C-C05856348501}\MpKsl3853c77f.sys [x]
R1 MpKsl75167e26;MpKsl75167e26;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E5630E32-3406-4EFD-8E9D-01AE4870F5BF}\MpKsl75167e26.sys [x]
R1 MpKsl7c70b3f6;MpKsl7c70b3f6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F60A2C96-99AD-48CC-AE7C-C05856348501}\MpKsl7c70b3f6.sys [x]
R1 MpKsl898a9f46;MpKsl898a9f46;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F2E2427-742F-48F5-82AC-1CB4015DD87A}\MpKsl898a9f46.sys [x]
R1 MpKsla947c418;MpKsla947c418;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F60A2C96-99AD-48CC-AE7C-C05856348501}\MpKsla947c418.sys [x]
R1 MpKslc2d328c5;MpKslc2d328c5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B962D624-C5DF-45FB-9514-840EC761AA46}\MpKslc2d328c5.sys [x]
R1 MpKslc3fc86fc;MpKslc3fc86fc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{467B586D-C328-4505-B18D-AC6BB481B693}\MpKslc3fc86fc.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 135664]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-11-02 51632]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 135664]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2008-10-21 77312]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S1 MpKsl4b822202;MpKsl4b822202;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1DC8FE5E-3D52-42A4-A9F7-230CC4195E26}\MpKsl4b822202.sys [2011-12-04 29904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-11-16 2996784]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe [2007-09-03 81920]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-08 92008]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe [2007-09-03 2002944]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-02-26 3668480]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL4B822202
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
rsmsvcs REG_MULTI_SZ ntmssvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 14:43]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 14:43]
.
2011-11-29 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-29 21:31]
.
2008-09-02 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-07-29 21:31]
.
2009-05-30 c:\windows\Tasks\User_Feed_Synchronization-{12141F76-B8B9-4F1C-A4E2-2B4AB0C575DA}.job
- c:\windows\system32\msfeedssync.exe [2011-04-23 00:59]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 66.254.202.19 66.254.195.3
FF - ProfilePath - c:\users\LLS\AppData\Roaming\Mozilla\Firefox\Profiles\wg231qdp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?.home=ytff
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-ImgTask - c:\windows\Imgtask.exe
MSConfigStartUp-NSLU2 Flash Map Utility - c:\program files\NSLU2 Flash Map Utility\StorageLink.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-04 20:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Tcpip6\Parameters\Interfaces\{5adca6a0-67e8-44b2-8d1d-6a234c29ee7f}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c00e0b8
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Tcpip6\Parameters\Interfaces\{7657d251-a5a0-4418-8a8f-41161b84432a}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:12020054
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Tcpip6\Parameters\Interfaces\{855c6cf6-fdaf-4fcf-8a2b-42c0aad7bc32}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:12000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Tcpip6\Parameters\Interfaces\{9e2abaab-b374-4d78-8acc-ef80511f5363}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001b77
"Dhcpv6State"=dword:00000000
"NameServer"=""
"Domain"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Tcpip6\Parameters\Interfaces\{aa89b56d-2d05-4cc9-a49a-80c6e5a6f37e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c00e0b8
"Dhcpv6State"=dword:00000000
"Dhcpv6InterfaceOptions"=hex:02,00,00,00,00,00,00,00,0e,00,00,00,00,00,00,00,
ff,ff,ff,7f,00,01,00,01,0e,9b,e4,23,00,1b,77,38,f0,09,00,00,17,00,00,00,00,\
"NameServer"=""
"Domain"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Completion time: 2011-12-04 20:53:17
ComboFix-quarantined-files.txt 2011-12-05 02:52
.
Pre-Run: 86,025,342,976 bytes free
Post-Run: 85,912,137,728 bytes free
.
- - End Of File - - 8C2F7C21668215816DA4ADFD399B9DB3


at first couldn't get combofix to work kept getting error message and not one you had mentioned in post so deleted it closed down firefox cleared cookies history etc and then redownloaded from link in your post. 2nd time worked fine. took quite a long time and I noticed towards the end it did find a couple things in system files.
I had no problem bringing up firefox to post this and started task manager to check to see if IE was running and not there so we will see.
I will wait for your next post

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:07 PM

Posted 04 December 2011 - 10:55 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
irftp.exe 
SystemPropertiesPerformance.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 katiecalf

katiecalf
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:07 PM

Posted 05 December 2011 - 09:03 AM

Came on to tell you it is still misdirecting although Firefox search tries to stop it and found your post so here is SystemLook Scan results


SystemLook 30.07.11 by jpshortstuff
Log created at 07:51 on 05/12/2011 by LLS
Administrator - Elevation successful

========== filefind ==========

Searching for "irftp.exe "
C:\Windows\System32\irftp.exe --a---- 165888 bytes [08:57 02/11/2006] [09:45 02/11/2006] 92A904939D83FE3FA1211CB1F1BCFCF7
C:\Windows\winsxs\x86_microsoft-windows-irftp_31bf3856ad364e35_6.0.6000.16386_none_54837ef0815687e5\irftp.exe --a---- 165888 bytes [08:57 02/11/2006] [09:45 02/11/2006] 92A904939D83FE3FA1211CB1F1BCFCF7

Searching for "SystemPropertiesPerformance.exe"
C:\Windows\System32\SystemPropertiesPerformance.exe --a---- 81920 bytes [08:47 02/11/2006] [09:45 02/11/2006] 64EC66AFAC1DDBFBAAE5F2C901300E30
C:\Windows\winsxs\x86_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_6.0.6000.16386_none_589feb3405ef2c5a\SystemPropertiesPerformance.exe --a---- 81920 bytes [08:47 02/11/2006] [09:45 02/11/2006] 64EC66AFAC1DDBFBAAE5F2C901300E30

-= EOF =-

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:07 PM

Posted 05 December 2011 - 02:51 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 katiecalf

katiecalf
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:07 PM

Posted 06 December 2011 - 09:07 PM

had problems when trying run ComboFix with dragging the CFScriot.txt file into it
midway it threw the blue screen and rebooted, so when it rebooted I went in to safemode and dragged the file into ComboFix and it did run then but I am not sure if I did it right by running safe mode? I can try running again in regular mode.

here is the log:

ComboFix 11-12-05.04 - LLS 12/06/2011 17:44:18.3.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.229 [GMT -6:00]
Running from: c:\users\LLS\Desktop\ComboFix.exe
Command switches used :: c:\users\LLS\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\irftp.exe . . . is infected!!
.
c:\windows\System32\SystemPropertiesPerformance.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-11-07 to 2011-12-07 )))))))))))))))))))))))))))))))
.
.
2011-12-07 01:08 . 2011-12-07 01:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-06 23:03 . 2011-12-06 23:29 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE49E965-5F62-4063-BEBE-6A3FA33A94C2}\offreg.dll
2011-12-06 16:36 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE49E965-5F62-4063-BEBE-6A3FA33A94C2}\mpengine.dll
2011-12-05 02:53 . 2011-12-07 01:11 -------- d-----w- c:\users\LLS\AppData\Local\temp
2011-12-03 20:13 . 2011-12-03 21:57 -------- d-----w- c:\users\LLS\DoctorWeb
2011-11-30 20:31 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-30 20:06 . 2011-12-03 19:11 -------- d-----w- c:\users\Public\SpyWareTools
2011-11-30 14:24 . 2011-11-30 14:24 388096 ----a-r- c:\users\LLS\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-29 15:34 . 2011-12-03 22:03 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-11-29 04:46 . 2011-11-29 04:46 -------- d-----w- c:\program files\SecurityXploded
2011-11-27 19:53 . 2011-11-27 19:53 -------- d-----w- c:\users\LLS\AppData\Local\Opera
2011-11-27 13:51 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-27 13:51 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-27 13:51 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-27 13:51 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-27 02:40 . 2011-11-27 02:40 -------- d-----w- c:\users\LLS\AppData\Local\VSO
2011-11-26 22:15 . 2011-11-26 22:15 -------- d-----w- C:\$RECYCLE(0).BIN
2011-11-26 18:10 . 2011-11-26 22:15 -------- d--h--w- c:\users\LLS\AppData\Local\ElevatedDiagnostics
2011-11-26 15:11 . 2011-11-26 15:11 0 ---ha-w- c:\users\LLS\AppData\Local\BIT63A2.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-30 19:18 . 2009-02-25 18:59 691 ----a-w- c:\users\LLS\AppData\Roaming\GetValue.vbs
2011-11-30 19:18 . 2009-02-25 18:59 35 ----a-w- c:\users\LLS\AppData\Roaming\SetValue.bat
2011-11-21 10:47 . 2011-04-24 15:36 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-12 23:14 . 2011-10-15 13:53 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2009-03-12 17:50 . 2009-03-12 17:50 113504 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll
2009-03-12 17:50 . 2009-03-12 17:50 232288 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-05_02.33.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-06-12 00:05 . 2011-12-06 23:08 84746 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2011-12-06 23:09 88030 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-10-07 23:45 . 2011-12-06 16:08 20266 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-803311626-1204641325-531688224-1000_UserData.bin
- 2007-05-22 22:12 . 2011-11-28 01:16 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-05-22 22:12 . 2011-12-05 11:10 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-05 11:10 . 2011-12-05 11:10 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-05-22 22:12 . 2011-12-05 11:10 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-05-22 22:12 . 2011-11-28 01:16 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-04 12:40 . 2011-12-04 12:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-06 23:03 . 2011-12-06 23:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-06 23:03 . 2011-12-06 23:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-04 12:40 . 2011-12-04 12:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-24 00:32 . 2011-12-06 04:15 240448 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2011-11-30 14:29 614930 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2011-12-06 03:11 614930 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2011-11-30 14:29 108860 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2011-12-06 03:11 108860 c:\windows\System32\perfc009.dat
+ 2009-02-10 22:22 . 2011-12-05 11:10 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-02-10 22:22 . 2011-11-27 03:36 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-03-05 04:18 . 2011-12-06 20:38 424268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-03-05 04:18 . 2011-12-04 03:02 424268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-23 01:21 . 2011-12-06 13:23 8489732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-803311626-1204641325-531688224-1000-12288.dat
- 2011-04-23 01:21 . 2011-11-30 20:20 8489732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-803311626-1204641325-531688224-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzrcv01.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK
backup=c:\windows\pss\hpzrcv01.LNK.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 17:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
2006-11-16 23:04 2348584 ----a-w- c:\program files\BigFix\bigfix.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 04:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-09-29 17:39 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-12-12 02:02 98304 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 22:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]
2007-04-17 21:58 40072 ----a-w- c:\windows\SMINST\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-12-12 02:02 81920 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 19:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-10 22:47 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-11-12 13:15 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-04-08 10:38 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 04:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
R1 MpKsl3853c77f;MpKsl3853c77f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F60A2C96-99AD-48CC-AE7C-C05856348501}\MpKsl3853c77f.sys [x]
R1 MpKsl75167e26;MpKsl75167e26;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E5630E32-3406-4EFD-8E9D-01AE4870F5BF}\MpKsl75167e26.sys [x]
R1 MpKsl7c70b3f6;MpKsl7c70b3f6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F60A2C96-99AD-48CC-AE7C-C05856348501}\MpKsl7c70b3f6.sys [x]
R1 MpKsl898a9f46;MpKsl898a9f46;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F2E2427-742F-48F5-82AC-1CB4015DD87A}\MpKsl898a9f46.sys [x]
R1 MpKsla947c418;MpKsla947c418;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F60A2C96-99AD-48CC-AE7C-C05856348501}\MpKsla947c418.sys [x]
R1 MpKslc2d328c5;MpKslc2d328c5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B962D624-C5DF-45FB-9514-840EC761AA46}\MpKslc2d328c5.sys [x]
R1 MpKslc3fc86fc;MpKslc3fc86fc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{467B586D-C328-4505-B18D-AC6BB481B693}\MpKslc3fc86fc.sys [x]
R1 MpKslcabfbea0;MpKslcabfbea0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE49E965-5F62-4063-BEBE-6A3FA33A94C2}\MpKslcabfbea0.sys [2011-12-06 29904]
R1 MpKslf1b319e2;MpKslf1b319e2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB36D7-1041-4678-9843-54FDF3E6A1C4}\MpKslf1b319e2.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-11-16 2996784]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe [2007-09-03 81920]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 135664]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-08 92008]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-11-02 51632]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe [2007-09-03 2002944]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2008-10-21 77312]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-02-26 3668480]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
rsmsvcs REG_MULTI_SZ ntmssvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 14:43]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 14:43]
.
2011-12-05 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-29 21:31]
.
2008-09-02 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-07-29 21:31]
.
2009-05-30 c:\windows\Tasks\User_Feed_Synchronization-{12141F76-B8B9-4F1C-A4E2-2B4AB0C575DA}.job
- c:\windows\system32\msfeedssync.exe [2011-04-23 00:59]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 66.254.202.19 66.254.195.3 64.135.192.8 64.135.192.9
FF - ProfilePath - c:\users\LLS\AppData\Roaming\Mozilla\Firefox\Profiles\wg231qdp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?.home=ytff
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-06 19:09
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-06 19:29:35
ComboFix-quarantined-files.txt 2011-12-07 01:29
ComboFix2.txt 2011-12-05 02:53
.
Pre-Run: 87,147,974,656 bytes free
Post-Run: 87,077,203,968 bytes free
.
- - End Of File - - 1BA007BC5B52118C05A454CBE28B9A6D

#8 katiecalf

katiecalf
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:07 PM

Posted 06 December 2011 - 09:26 PM

Gringo just added note as to how computer is doing........ Internet Explorer is still starting on its own in task manager. I end process and it starts itself again. It does this randomly. when I was working on the things you asked yesterday I didn't have one instance of it starting up but tonight it repeatedly is starting again. Also searches from the google toolbar keep redirecting.
thanks again

Edited by katiecalf, 06 December 2011 - 09:29 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:07 PM

Posted 07 December 2011 - 07:42 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 katiecalf

katiecalf
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:07 PM

Posted 07 December 2011 - 08:50 AM

Good Morning


here is log from TEDSSKiller scan:

07:36:58.0865 3292 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
07:36:58.0970 3292 ============================================================
07:36:58.0970 3292 Current date / time: 2011/12/07 07:36:58.0970
07:36:58.0970 3292 SystemInfo:
07:36:58.0971 3292
07:36:58.0971 3292 OS Version: 6.0.6002 ServicePack: 2.0
07:36:58.0971 3292 Product type: Workstation
07:36:58.0971 3292 ComputerName: JAS
07:36:58.0971 3292 UserName: LLS
07:36:58.0971 3292 Windows directory: C:\Windows
07:36:58.0971 3292 System windows directory: C:\Windows
07:36:58.0971 3292 Processor architecture: Intel x86
07:36:58.0971 3292 Number of processors: 2
07:36:58.0971 3292 Page size: 0x1000
07:36:58.0971 3292 Boot type: Normal boot
07:36:58.0971 3292 ============================================================
07:37:00.0570 3292 Initialize success
07:37:18.0136 2852 ============================================================
07:37:18.0136 2852 Scan started
07:37:18.0136 2852 Mode: Manual;
07:37:18.0136 2852 ============================================================
07:37:18.0797 2852 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
07:37:18.0799 2852 a2acc - ok
07:37:18.0835 2852 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
07:37:18.0836 2852 A2DDA - ok
07:37:18.0998 2852 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
07:37:19.0001 2852 ac97intc - ok
07:37:19.0063 2852 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
07:37:19.0068 2852 ACPI - ok
07:37:19.0137 2852 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
07:37:19.0145 2852 adp94xx - ok
07:37:19.0216 2852 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
07:37:19.0222 2852 adpahci - ok
07:37:19.0292 2852 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
07:37:19.0294 2852 adpu160m - ok
07:37:19.0343 2852 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
07:37:19.0346 2852 adpu320 - ok
07:37:19.0401 2852 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
07:37:19.0406 2852 AFD - ok
07:37:19.0441 2852 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
07:37:19.0442 2852 agp440 - ok
07:37:19.0536 2852 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
07:37:19.0539 2852 aic78xx - ok
07:37:19.0568 2852 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
07:37:19.0569 2852 aliide - ok
07:37:19.0623 2852 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
07:37:19.0625 2852 amdagp - ok
07:37:19.0669 2852 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
07:37:19.0670 2852 amdide - ok
07:37:19.0721 2852 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
07:37:19.0723 2852 AmdK7 - ok
07:37:19.0778 2852 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
07:37:19.0779 2852 AmdK8 - ok
07:37:19.0858 2852 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
07:37:19.0861 2852 arc - ok
07:37:19.0937 2852 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
07:37:19.0939 2852 arcsas - ok
07:37:20.0005 2852 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
07:37:20.0007 2852 AsyncMac - ok
07:37:20.0084 2852 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
07:37:20.0085 2852 atapi - ok
07:37:20.0141 2852 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
07:37:20.0142 2852 bcm4sbxp - ok
07:37:20.0180 2852 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
07:37:20.0181 2852 Beep - ok
07:37:20.0232 2852 blbdrive - ok
07:37:20.0287 2852 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
07:37:20.0289 2852 bowser - ok
07:37:20.0327 2852 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
07:37:20.0328 2852 BrFiltLo - ok
07:37:20.0351 2852 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
07:37:20.0352 2852 BrFiltUp - ok
07:37:20.0409 2852 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
07:37:20.0412 2852 Brserid - ok
07:37:20.0467 2852 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
07:37:20.0469 2852 BrSerWdm - ok
07:37:20.0507 2852 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
07:37:20.0508 2852 BrUsbMdm - ok
07:37:20.0530 2852 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
07:37:20.0531 2852 BrUsbSer - ok
07:37:20.0573 2852 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
07:37:20.0574 2852 BTHMODEM - ok
07:37:20.0689 2852 catchme - ok
07:37:20.0829 2852 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
07:37:20.0832 2852 cdfs - ok
07:37:20.0889 2852 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\Windows\system32\drivers\Cdralw2k.sys
07:37:20.0890 2852 Cdralw2k - ok
07:37:20.0948 2852 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
07:37:20.0950 2852 cdrom - ok
07:37:20.0997 2852 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
07:37:20.0999 2852 circlass - ok
07:37:21.0083 2852 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
07:37:21.0088 2852 CLFS - ok
07:37:21.0194 2852 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
07:37:21.0196 2852 CmBatt - ok
07:37:21.0235 2852 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
07:37:21.0237 2852 cmdide - ok
07:37:21.0324 2852 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
07:37:21.0326 2852 Compbatt - ok
07:37:21.0447 2852 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
07:37:21.0448 2852 crcdisk - ok
07:37:21.0505 2852 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
07:37:21.0507 2852 Crusoe - ok
07:37:21.0564 2852 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
07:37:21.0566 2852 DfsC - ok
07:37:21.0658 2852 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
07:37:21.0660 2852 disk - ok
07:37:21.0739 2852 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
07:37:21.0742 2852 dot4 - ok
07:37:21.0800 2852 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
07:37:21.0801 2852 Dot4Print - ok
07:37:21.0855 2852 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
07:37:21.0856 2852 dot4usb - ok
07:37:21.0925 2852 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
07:37:21.0925 2852 drmkaud - ok
07:37:22.0011 2852 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
07:37:22.0023 2852 DXGKrnl - ok
07:37:22.0138 2852 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
07:37:22.0141 2852 E1G60 - ok
07:37:22.0218 2852 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
07:37:22.0222 2852 Ecache - ok
07:37:22.0344 2852 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
07:37:22.0352 2852 elxstor - ok
07:37:22.0538 2852 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
07:37:22.0542 2852 exfat - ok
07:37:22.0594 2852 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
07:37:22.0597 2852 fastfat - ok
07:37:22.0639 2852 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
07:37:22.0640 2852 fdc - ok
07:37:22.0707 2852 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
07:37:22.0709 2852 FileInfo - ok
07:37:22.0746 2852 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
07:37:22.0748 2852 Filetrace - ok
07:37:22.0828 2852 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
07:37:22.0829 2852 flpydisk - ok
07:37:22.0895 2852 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
07:37:22.0898 2852 FltMgr - ok
07:37:22.0942 2852 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
07:37:22.0943 2852 Fs_Rec - ok
07:37:22.0973 2852 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
07:37:22.0975 2852 gagp30kx - ok
07:37:23.0020 2852 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
07:37:23.0021 2852 GEARAspiWDM - ok
07:37:23.0125 2852 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
07:37:23.0130 2852 HdAudAddService - ok
07:37:23.0207 2852 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:37:23.0218 2852 HDAudBus - ok
07:37:23.0259 2852 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
07:37:23.0260 2852 HidBth - ok
07:37:23.0279 2852 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
07:37:23.0280 2852 HidIr - ok
07:37:23.0377 2852 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
07:37:23.0378 2852 HidUsb - ok
07:37:23.0421 2852 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
07:37:23.0422 2852 HpCISSs - ok
07:37:23.0501 2852 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
07:37:23.0509 2852 HTTP - ok
07:37:23.0582 2852 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
07:37:23.0583 2852 i2omp - ok
07:37:23.0667 2852 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
07:37:23.0668 2852 i8042prt - ok
07:37:23.0770 2852 ialm (5f43e40c46d98e5e1e7d8a77d7bbf738) C:\Windows\system32\DRIVERS\igdkmd32.sys
07:37:23.0827 2852 ialm - ok
07:37:23.0893 2852 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\DRIVERS\iaStor.sys
07:37:23.0896 2852 iaStor - ok
07:37:23.0938 2852 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
07:37:23.0943 2852 iaStorV - ok
07:37:24.0149 2852 igfx (5f43e40c46d98e5e1e7d8a77d7bbf738) C:\Windows\system32\DRIVERS\igdkmd32.sys
07:37:24.0161 2852 igfx - ok
07:37:24.0198 2852 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
07:37:24.0200 2852 iirsp - ok
07:37:24.0220 2852 Inspect - ok
07:37:24.0283 2852 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
07:37:24.0284 2852 intelide - ok
07:37:24.0312 2852 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
07:37:24.0314 2852 intelppm - ok
07:37:24.0367 2852 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:37:24.0395 2852 IpFilterDriver - ok
07:37:24.0412 2852 IpInIp - ok
07:37:24.0457 2852 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
07:37:24.0458 2852 IPMIDRV - ok
07:37:24.0477 2852 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
07:37:24.0480 2852 IPNAT - ok
07:37:24.0556 2852 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
07:37:24.0557 2852 IRENUM - ok
07:37:24.0610 2852 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
07:37:24.0612 2852 isapnp - ok
07:37:24.0672 2852 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
07:37:24.0676 2852 iScsiPrt - ok
07:37:24.0697 2852 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
07:37:24.0699 2852 iteatapi - ok
07:37:24.0743 2852 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
07:37:24.0744 2852 iteraid - ok
07:37:24.0802 2852 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
07:37:24.0804 2852 kbdclass - ok
07:37:24.0827 2852 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
07:37:24.0828 2852 kbdhid - ok
07:37:24.0934 2852 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
07:37:24.0943 2852 KSecDD - ok
07:37:25.0085 2852 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
07:37:25.0086 2852 lltdio - ok
07:37:25.0173 2852 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
07:37:25.0175 2852 LSI_FC - ok
07:37:25.0209 2852 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
07:37:25.0211 2852 LSI_SAS - ok
07:37:25.0264 2852 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
07:37:25.0267 2852 LSI_SCSI - ok
07:37:25.0318 2852 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
07:37:25.0321 2852 luafv - ok
07:37:25.0396 2852 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
07:37:25.0397 2852 megasas - ok
07:37:25.0450 2852 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
07:37:25.0452 2852 Modem - ok
07:37:25.0505 2852 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
07:37:25.0506 2852 MODEMCSA - ok
07:37:25.0551 2852 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
07:37:25.0552 2852 monitor - ok
07:37:25.0599 2852 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
07:37:25.0600 2852 motmodem - ok
07:37:25.0642 2852 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
07:37:25.0643 2852 mouclass - ok
07:37:25.0694 2852 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
07:37:25.0695 2852 mouhid - ok
07:37:25.0764 2852 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
07:37:25.0766 2852 MountMgr - ok
07:37:25.0806 2852 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
07:37:25.0810 2852 MpFilter - ok
07:37:25.0873 2852 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
07:37:25.0876 2852 mpio - ok
07:37:25.0925 2852 MpKsl3853c77f - ok
07:37:25.0932 2852 MpKsl75167e26 - ok
07:37:25.0942 2852 MpKsl7c70b3f6 - ok
07:37:25.0966 2852 MpKsl898a9f46 - ok
07:37:25.0976 2852 MpKsla947c418 - ok
07:37:26.0058 2852 MpKslc278a69d (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{27C850E2-44F0-4780-81DE-56EA7318F8F4}\MpKslc278a69d.sys
07:37:26.0059 2852 MpKslc278a69d - ok
07:37:26.0064 2852 MpKslc2d328c5 - ok
07:37:26.0104 2852 MpKslc3fc86fc - ok
07:37:26.0145 2852 MpKslcabfbea0 - ok
07:37:26.0154 2852 MpKslf1b319e2 - ok
07:37:26.0280 2852 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
07:37:26.0282 2852 MpNWMon - ok
07:37:26.0341 2852 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
07:37:26.0343 2852 mpsdrv - ok
07:37:26.0413 2852 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
07:37:26.0415 2852 Mraid35x - ok
07:37:26.0454 2852 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
07:37:26.0457 2852 MRxDAV - ok
07:37:26.0491 2852 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:37:26.0493 2852 mrxsmb - ok
07:37:26.0537 2852 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:37:26.0541 2852 mrxsmb10 - ok
07:37:26.0600 2852 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:37:26.0602 2852 mrxsmb20 - ok
07:37:26.0683 2852 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
07:37:26.0684 2852 msahci - ok
07:37:26.0718 2852 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
07:37:26.0721 2852 msdsm - ok
07:37:26.0772 2852 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
07:37:26.0774 2852 Msfs - ok
07:37:26.0806 2852 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
07:37:26.0807 2852 msisadrv - ok
07:37:26.0861 2852 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
07:37:26.0862 2852 MSKSSRV - ok
07:37:26.0904 2852 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
07:37:26.0905 2852 MSPCLOCK - ok
07:37:26.0926 2852 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
07:37:26.0927 2852 MSPQM - ok
07:37:26.0996 2852 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
07:37:27.0000 2852 MsRPC - ok
07:37:27.0069 2852 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
07:37:27.0071 2852 mssmbios - ok
07:37:27.0099 2852 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
07:37:27.0100 2852 MSTEE - ok
07:37:27.0148 2852 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
07:37:27.0150 2852 Mup - ok
07:37:27.0232 2852 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
07:37:27.0236 2852 NativeWifiP - ok
07:37:27.0293 2852 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
07:37:27.0303 2852 NDIS - ok
07:37:27.0346 2852 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
07:37:27.0348 2852 NdisTapi - ok
07:37:27.0388 2852 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
07:37:27.0389 2852 Ndisuio - ok
07:37:27.0450 2852 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
07:37:27.0453 2852 NdisWan - ok
07:37:27.0500 2852 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
07:37:27.0501 2852 NDProxy - ok
07:37:27.0566 2852 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
07:37:27.0568 2852 NetBIOS - ok
07:37:27.0642 2852 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
07:37:27.0647 2852 netbt - ok
07:37:27.0940 2852 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
07:37:28.0041 2852 NETw2v32 - ok
07:37:28.0146 2852 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
07:37:28.0203 2852 NETw3v32 - ok
07:37:28.0327 2852 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
07:37:28.0394 2852 NETw4v32 - ok
07:37:28.0722 2852 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
07:37:28.0832 2852 NETw5v32 - ok
07:37:28.0896 2852 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
07:37:28.0898 2852 nfrd960 - ok
07:37:28.0958 2852 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
07:37:28.0960 2852 NisDrv - ok
07:37:29.0022 2852 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
07:37:29.0024 2852 Npfs - ok
07:37:29.0054 2852 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
07:37:29.0055 2852 nsiproxy - ok
07:37:29.0189 2852 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
07:37:29.0234 2852 Ntfs - ok
07:37:29.0299 2852 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
07:37:29.0300 2852 ntrigdigi - ok
07:37:29.0349 2852 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
07:37:29.0350 2852 Null - ok
07:37:29.0397 2852 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
07:37:29.0400 2852 nvraid - ok
07:37:29.0432 2852 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
07:37:29.0433 2852 nvstor - ok
07:37:29.0467 2852 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
07:37:29.0469 2852 nv_agp - ok
07:37:29.0506 2852 NwlnkFlt - ok
07:37:29.0550 2852 NwlnkFwd - ok
07:37:29.0597 2852 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
07:37:29.0600 2852 ohci1394 - ok
07:37:29.0787 2852 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
07:37:29.0789 2852 Parport - ok
07:37:29.0829 2852 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
07:37:29.0831 2852 partmgr - ok
07:37:29.0863 2852 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
07:37:29.0864 2852 Parvdm - ok
07:37:29.0917 2852 pavboot (210a628a0d7b3f45257850efbff27538) C:\Windows\system32\drivers\pavboot.sys
07:37:29.0918 2852 pavboot - ok
07:37:29.0962 2852 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
07:37:29.0966 2852 pci - ok
07:37:30.0030 2852 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
07:37:30.0032 2852 pciide - ok
07:37:30.0061 2852 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
07:37:30.0065 2852 pcmcia - ok
07:37:30.0120 2852 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
07:37:30.0165 2852 PEAUTH - ok
07:37:30.0282 2852 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
07:37:30.0284 2852 PptpMiniport - ok
07:37:30.0364 2852 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
07:37:30.0366 2852 Processor - ok
07:37:30.0474 2852 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
07:37:30.0476 2852 PSched - ok
07:37:30.0584 2852 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
07:37:30.0601 2852 ql2300 - ok
07:37:30.0664 2852 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
07:37:30.0666 2852 ql40xx - ok
07:37:30.0776 2852 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
07:37:30.0777 2852 QWAVEdrv - ok
07:37:30.0804 2852 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
07:37:30.0805 2852 RasAcd - ok
07:37:30.0862 2852 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:37:30.0865 2852 Rasl2tp - ok
07:37:31.0004 2852 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
07:37:31.0006 2852 RasPppoe - ok
07:37:31.0055 2852 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
07:37:31.0058 2852 RasSstp - ok
07:37:31.0093 2852 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
07:37:31.0098 2852 rdbss - ok
07:37:31.0184 2852 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:37:31.0186 2852 RDPCDD - ok
07:37:31.0246 2852 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
07:37:31.0251 2852 rdpdr - ok
07:37:31.0307 2852 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
07:37:31.0318 2852 RDPENCDD - ok
07:37:31.0374 2852 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
07:37:31.0380 2852 RDPWD - ok
07:37:31.0595 2852 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
07:37:31.0597 2852 rspndr - ok
07:37:31.0682 2852 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
07:37:31.0683 2852 SASDIFSV - ok
07:37:31.0701 2852 SASENUM (7f1085895e499907f68df7731924122b) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
07:37:31.0702 2852 SASENUM - ok
07:37:31.0718 2852 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
07:37:31.0721 2852 SASKUTIL - ok
07:37:31.0842 2852 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
07:37:31.0845 2852 sbp2port - ok
07:37:31.0908 2852 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
07:37:31.0910 2852 sdbus - ok
07:37:31.0960 2852 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
07:37:31.0961 2852 secdrv - ok
07:37:32.0008 2852 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
07:37:32.0009 2852 Serenum - ok
07:37:32.0049 2852 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
07:37:32.0051 2852 Serial - ok
07:37:32.0095 2852 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
07:37:32.0097 2852 sermouse - ok
07:37:32.0153 2852 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
07:37:32.0155 2852 sffdisk - ok
07:37:32.0170 2852 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
07:37:32.0172 2852 sffp_mmc - ok
07:37:32.0242 2852 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
07:37:32.0243 2852 sffp_sd - ok
07:37:32.0262 2852 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
07:37:32.0264 2852 sfloppy - ok
07:37:32.0342 2852 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
07:37:32.0344 2852 sisagp - ok
07:37:32.0376 2852 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
07:37:32.0378 2852 SiSRaid2 - ok
07:37:32.0430 2852 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
07:37:32.0433 2852 SiSRaid4 - ok
07:37:32.0538 2852 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
07:37:32.0540 2852 Smb - ok
07:37:32.0632 2852 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
07:37:32.0677 2852 smserial - ok
07:37:32.0791 2852 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
07:37:32.0792 2852 spldr - ok
07:37:32.0852 2852 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
07:37:32.0858 2852 srv - ok
07:37:32.0899 2852 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
07:37:32.0903 2852 srv2 - ok
07:37:32.0953 2852 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
07:37:32.0956 2852 srvnet - ok
07:37:33.0054 2852 STHDA (569758fbaba0330d1b7f1e141b8bc2a0) C:\Windows\system32\drivers\stwrt.sys
07:37:33.0067 2852 STHDA - ok
07:37:33.0113 2852 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
07:37:33.0115 2852 StillCam - ok
07:37:33.0175 2852 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
07:37:33.0176 2852 swenum - ok
07:37:33.0281 2852 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
07:37:33.0283 2852 Symc8xx - ok
07:37:33.0349 2852 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
07:37:33.0350 2852 Sym_hi - ok
07:37:33.0404 2852 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
07:37:33.0406 2852 Sym_u3 - ok
07:37:33.0474 2852 SynTP (1f452f22df0c00dd2529867e1ea0dc25) C:\Windows\system32\DRIVERS\SynTP.sys
07:37:33.0478 2852 SynTP - ok
07:37:33.0624 2852 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
07:37:33.0658 2852 Tcpip - ok
07:37:33.0724 2852 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
07:37:33.0732 2852 Tcpip6 - ok
07:37:33.0763 2852 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
07:37:33.0765 2852 tcpipreg - ok
07:37:33.0814 2852 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
07:37:33.0816 2852 TDPIPE - ok
07:37:33.0864 2852 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
07:37:33.0865 2852 TDTCP - ok
07:37:33.0934 2852 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
07:37:33.0937 2852 tdx - ok
07:37:34.0008 2852 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
07:37:34.0010 2852 TermDD - ok
07:37:34.0137 2852 tifm21 (c424f991494e5674f2e9b3cf9f5f55d1) C:\Windows\system32\drivers\tifm21.sys
07:37:34.0143 2852 tifm21 - ok
07:37:34.0237 2852 tmcomm (eb2283c0a4dfbd2e53d14f2c4d5a1e89) C:\Windows\system32\drivers\tmcomm.sys
07:37:34.0241 2852 tmcomm - ok
07:37:34.0314 2852 TSP - ok
07:37:34.0406 2852 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:37:34.0408 2852 tssecsrv - ok
07:37:34.0495 2852 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
07:37:34.0496 2852 tunmp - ok
07:37:34.0560 2852 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
07:37:34.0562 2852 tunnel - ok
07:37:34.0599 2852 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
07:37:34.0601 2852 uagp35 - ok
07:37:34.0648 2852 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
07:37:34.0653 2852 udfs - ok
07:37:34.0724 2852 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
07:37:34.0726 2852 uliagpkx - ok
07:37:34.0759 2852 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
07:37:34.0765 2852 uliahci - ok
07:37:34.0820 2852 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
07:37:34.0822 2852 UlSata - ok
07:37:34.0872 2852 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
07:37:34.0875 2852 ulsata2 - ok
07:37:34.0988 2852 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
07:37:34.0990 2852 umbus - ok
07:37:35.0082 2852 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
07:37:35.0084 2852 USBAAPL - ok
07:37:35.0152 2852 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
07:37:35.0155 2852 usbccgp - ok
07:37:35.0201 2852 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
07:37:35.0203 2852 usbcir - ok
07:37:35.0303 2852 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
07:37:35.0304 2852 usbehci - ok
07:37:35.0333 2852 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
07:37:35.0337 2852 usbhub - ok
07:37:35.0384 2852 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
07:37:35.0386 2852 usbohci - ok
07:37:35.0443 2852 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
07:37:35.0444 2852 usbprint - ok
07:37:35.0494 2852 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
07:37:35.0496 2852 usbscan - ok
07:37:35.0561 2852 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:37:35.0564 2852 USBSTOR - ok
07:37:35.0609 2852 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
07:37:35.0611 2852 usbuhci - ok
07:37:35.0789 2852 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
07:37:35.0791 2852 vga - ok
07:37:35.0847 2852 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
07:37:35.0848 2852 VgaSave - ok
07:37:35.0897 2852 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
07:37:35.0899 2852 viaagp - ok
07:37:35.0951 2852 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
07:37:35.0953 2852 ViaC7 - ok
07:37:36.0007 2852 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
07:37:36.0008 2852 viaide - ok
07:37:36.0046 2852 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
07:37:36.0048 2852 volmgr - ok
07:37:36.0110 2852 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
07:37:36.0116 2852 volmgrx - ok
07:37:36.0230 2852 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
07:37:36.0235 2852 volsnap - ok
07:37:36.0299 2852 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
07:37:36.0302 2852 vsmraid - ok
07:37:36.0407 2852 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
07:37:36.0409 2852 WacomPen - ok
07:37:36.0471 2852 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:37:36.0473 2852 Wanarp - ok
07:37:36.0479 2852 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:37:36.0480 2852 Wanarpv6 - ok
07:37:36.0648 2852 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
07:37:36.0650 2852 Wd - ok
07:37:36.0738 2852 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
07:37:36.0772 2852 Wdf01000 - ok
07:37:37.0046 2852 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
07:37:37.0047 2852 WmiAcpi - ok
07:37:37.0165 2852 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
07:37:37.0187 2852 WpdUsb - ok
07:37:37.0277 2852 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
07:37:37.0278 2852 ws2ifsl - ok
07:37:37.0344 2852 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:37:37.0347 2852 WUDFRd - ok
07:37:37.0410 2852 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
07:37:37.0441 2852 yukonwlh - ok
07:37:37.0473 2852 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
07:37:37.0503 2852 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
07:37:37.0503 2852 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
07:37:37.0508 2852 Boot (0x1200) (06b9d4d01b5748d5fb34f7bbc6324cea) \Device\Harddisk0\DR0\Partition0
07:37:37.0509 2852 \Device\Harddisk0\DR0\Partition0 - ok
07:37:37.0538 2852 Boot (0x1200) (b5eed435737b70fd7e4f284066f63b7b) \Device\Harddisk0\DR0\Partition1
07:37:37.0539 2852 \Device\Harddisk0\DR0\Partition1 - ok
07:37:37.0542 2852 ============================================================
07:37:37.0542 2852 Scan finished
07:37:37.0542 2852 ============================================================
07:37:37.0555 0516 Detected object count: 1
07:37:37.0555 0516 Actual detected object count: 1
07:38:05.0805 0516 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
07:38:05.0805 0516 \Device\Harddisk0\DR0 - ok
07:38:05.0805 0516 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
07:38:21.0515 4020 Deinitialize success


Gringo just a note: I had run TDSSKiller on 11/27 and it found same object but it never gave me the option of curing it so must have been something I missed, so sorry.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:07 PM

Posted 07 December 2011 - 09:03 AM

Hello


restart the computer and run once more and lets see if it comes back clean


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 katiecalf

katiecalf
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:07 PM

Posted 09 December 2011 - 10:46 AM

good morning
I posted on Wednesday but have no idea where the post went to?
I ran it again and came back clean the log is below:


21:28:01.0043 3460 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
21:28:01.0090 3460 ============================================================
21:28:01.0090 3460 Current date / time: 2011/12/07 21:28:01.0090
21:28:01.0090 3460 SystemInfo:
21:28:01.0090 3460
21:28:01.0090 3460 OS Version: 6.0.6002 ServicePack: 2.0
21:28:01.0090 3460 Product type: Workstation
21:28:01.0090 3460 ComputerName: JAS
21:28:01.0090 3460 UserName: LLS
21:28:01.0090 3460 Windows directory: C:\Windows
21:28:01.0090 3460 System windows directory: C:\Windows
21:28:01.0090 3460 Processor architecture: Intel x86
21:28:01.0090 3460 Number of processors: 2
21:28:01.0090 3460 Page size: 0x1000
21:28:01.0090 3460 Boot type: Normal boot
21:28:01.0090 3460 ============================================================
21:28:02.0790 3460 Initialize success
21:28:05.0489 3500 ============================================================
21:28:05.0489 3500 Scan started
21:28:05.0489 3500 Mode: Manual;
21:28:05.0489 3500 ============================================================
21:28:14.0787 3500 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
21:28:14.0787 3500 a2acc - ok
21:28:14.0911 3500 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
21:28:14.0927 3500 A2DDA - ok
21:28:15.0052 3500 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
21:28:15.0052 3500 ac97intc - ok
21:28:15.0114 3500 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:28:15.0130 3500 ACPI - ok
21:28:15.0270 3500 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:28:15.0301 3500 adp94xx - ok
21:28:15.0411 3500 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:28:15.0489 3500 adpahci - ok
21:28:15.0582 3500 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:28:15.0629 3500 adpu160m - ok
21:28:15.0707 3500 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:28:15.0707 3500 adpu320 - ok
21:28:15.0863 3500 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:28:15.0894 3500 AFD - ok
21:28:16.0050 3500 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
21:28:16.0050 3500 agp440 - ok
21:28:16.0175 3500 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:28:16.0191 3500 aic78xx - ok
21:28:16.0206 3500 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
21:28:16.0222 3500 aliide - ok
21:28:16.0269 3500 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
21:28:16.0269 3500 amdagp - ok
21:28:16.0331 3500 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
21:28:16.0347 3500 amdide - ok
21:28:16.0393 3500 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:28:16.0409 3500 AmdK7 - ok
21:28:16.0456 3500 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:28:16.0456 3500 AmdK8 - ok
21:28:16.0549 3500 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:28:16.0549 3500 arc - ok
21:28:16.0596 3500 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:28:16.0596 3500 arcsas - ok
21:28:16.0643 3500 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:28:16.0643 3500 AsyncMac - ok
21:28:16.0690 3500 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:28:16.0690 3500 atapi - ok
21:28:16.0752 3500 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
21:28:16.0752 3500 bcm4sbxp - ok
21:28:16.0799 3500 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:28:16.0799 3500 Beep - ok
21:28:16.0861 3500 blbdrive - ok
21:28:16.0939 3500 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:28:16.0939 3500 bowser - ok
21:28:16.0986 3500 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:28:16.0986 3500 BrFiltLo - ok
21:28:17.0002 3500 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:28:17.0017 3500 BrFiltUp - ok
21:28:17.0049 3500 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:28:17.0049 3500 Brserid - ok
21:28:17.0064 3500 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:28:17.0064 3500 BrSerWdm - ok
21:28:17.0080 3500 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:28:17.0095 3500 BrUsbMdm - ok
21:28:17.0111 3500 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:28:17.0111 3500 BrUsbSer - ok
21:28:17.0158 3500 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:28:17.0158 3500 BTHMODEM - ok
21:28:17.0298 3500 catchme - ok
21:28:17.0392 3500 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:28:17.0407 3500 cdfs - ok
21:28:17.0439 3500 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\Windows\system32\drivers\Cdralw2k.sys
21:28:17.0439 3500 Cdralw2k - ok
21:28:17.0485 3500 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:28:17.0485 3500 cdrom - ok
21:28:17.0548 3500 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:28:17.0548 3500 circlass - ok
21:28:17.0626 3500 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:28:17.0626 3500 CLFS - ok
21:28:17.0688 3500 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:28:17.0688 3500 CmBatt - ok
21:28:17.0719 3500 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
21:28:17.0735 3500 cmdide - ok
21:28:17.0766 3500 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:28:17.0766 3500 Compbatt - ok
21:28:17.0875 3500 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:28:17.0875 3500 crcdisk - ok
21:28:18.0016 3500 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:28:18.0047 3500 Crusoe - ok
21:28:18.0328 3500 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:28:18.0328 3500 DfsC - ok
21:28:18.0952 3500 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:28:18.0967 3500 disk - ok
21:28:19.0077 3500 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
21:28:19.0077 3500 dot4 - ok
21:28:19.0217 3500 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:28:19.0217 3500 Dot4Print - ok
21:28:19.0498 3500 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
21:28:19.0545 3500 dot4usb - ok
21:28:19.0810 3500 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:28:19.0825 3500 drmkaud - ok
21:28:20.0122 3500 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:28:20.0309 3500 DXGKrnl - ok
21:28:20.0527 3500 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:28:20.0574 3500 E1G60 - ok
21:28:20.0871 3500 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:28:20.0902 3500 Ecache - ok
21:28:21.0339 3500 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:28:21.0479 3500 elxstor - ok
21:28:21.0931 3500 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:28:22.0009 3500 exfat - ok
21:28:22.0306 3500 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:28:22.0337 3500 fastfat - ok
21:28:22.0602 3500 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:28:22.0618 3500 fdc - ok
21:28:22.0758 3500 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:28:22.0774 3500 FileInfo - ok
21:28:22.0914 3500 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:28:22.0914 3500 Filetrace - ok
21:28:23.0179 3500 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:28:23.0195 3500 flpydisk - ok
21:28:23.0445 3500 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:28:23.0476 3500 FltMgr - ok
21:28:23.0819 3500 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:28:23.0819 3500 Fs_Rec - ok
21:28:24.0131 3500 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:28:24.0162 3500 gagp30kx - ok
21:28:24.0459 3500 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:28:24.0459 3500 GEARAspiWDM - ok
21:28:24.0739 3500 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:28:24.0786 3500 HdAudAddService - ok
21:28:25.0067 3500 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:28:25.0285 3500 HDAudBus - ok
21:28:25.0707 3500 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:28:25.0722 3500 HidBth - ok
21:28:26.0237 3500 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:28:26.0253 3500 HidIr - ok
21:28:26.0533 3500 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:28:26.0565 3500 HidUsb - ok
21:28:26.0767 3500 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:28:26.0767 3500 HpCISSs - ok
21:28:27.0157 3500 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:28:27.0251 3500 HTTP - ok
21:28:27.0516 3500 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:28:27.0516 3500 i2omp - ok
21:28:27.0625 3500 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:28:27.0641 3500 i8042prt - ok
21:28:28.0125 3500 ialm (5f43e40c46d98e5e1e7d8a77d7bbf738) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:28:28.0624 3500 ialm - ok
21:28:28.0936 3500 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\DRIVERS\iaStor.sys
21:28:28.0936 3500 iaStor - ok
21:28:29.0139 3500 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:28:29.0217 3500 iaStorV - ok
21:28:29.0841 3500 igfx (5f43e40c46d98e5e1e7d8a77d7bbf738) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:28:29.0856 3500 igfx - ok
21:28:30.0231 3500 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:28:30.0246 3500 iirsp - ok
21:28:30.0527 3500 Inspect - ok
21:28:30.0808 3500 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:28:30.0808 3500 intelide - ok
21:28:31.0135 3500 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:28:31.0167 3500 intelppm - ok
21:28:31.0619 3500 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:28:31.0635 3500 IpFilterDriver - ok
21:28:31.0837 3500 IpInIp - ok
21:28:31.0978 3500 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:28:32.0009 3500 IPMIDRV - ok
21:28:32.0212 3500 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:28:32.0227 3500 IPNAT - ok
21:28:32.0368 3500 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:28:32.0383 3500 IRENUM - ok
21:28:32.0664 3500 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
21:28:32.0680 3500 isapnp - ok
21:28:33.0007 3500 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:28:33.0085 3500 iScsiPrt - ok
21:28:33.0460 3500 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:28:33.0475 3500 iteatapi - ok
21:28:33.0787 3500 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:28:33.0803 3500 iteraid - ok
21:28:33.0912 3500 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:28:33.0912 3500 kbdclass - ok
21:28:34.0068 3500 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
21:28:34.0084 3500 kbdhid - ok
21:28:34.0287 3500 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:28:34.0302 3500 KSecDD - ok
21:28:34.0583 3500 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:28:34.0599 3500 lltdio - ok
21:28:34.0848 3500 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:28:34.0879 3500 LSI_FC - ok
21:28:35.0176 3500 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:28:35.0207 3500 LSI_SAS - ok
21:28:35.0566 3500 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:28:35.0581 3500 LSI_SCSI - ok
21:28:35.0847 3500 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:28:35.0878 3500 luafv - ok
21:28:36.0190 3500 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:28:36.0221 3500 megasas - ok
21:28:36.0455 3500 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:28:36.0455 3500 Modem - ok
21:28:36.0549 3500 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
21:28:36.0564 3500 MODEMCSA - ok
21:28:36.0814 3500 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:28:36.0814 3500 monitor - ok
21:28:37.0126 3500 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
21:28:37.0141 3500 motmodem - ok
21:28:37.0500 3500 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:28:37.0516 3500 mouclass - ok
21:28:37.0968 3500 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:28:37.0984 3500 mouhid - ok
21:28:38.0140 3500 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:28:38.0155 3500 MountMgr - ok
21:28:38.0249 3500 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
21:28:38.0249 3500 MpFilter - ok
21:28:38.0327 3500 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:28:38.0343 3500 mpio - ok
21:28:38.0389 3500 MpKsl3853c77f - ok
21:28:38.0421 3500 MpKsl75167e26 - ok
21:28:38.0467 3500 MpKsl7c70b3f6 - ok
21:28:38.0483 3500 MpKsl898a9f46 - ok
21:28:38.0499 3500 MpKsla947c418 - ok
21:28:38.0514 3500 MpKslc2d328c5 - ok
21:28:38.0545 3500 MpKslc3fc86fc - ok
21:28:38.0639 3500 MpKslcabfbea0 - ok
21:28:38.0733 3500 MpKsleb690201 - ok
21:28:38.0764 3500 MpKslf1b319e2 - ok
21:28:39.0123 3500 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:28:39.0123 3500 MpNWMon - ok
21:28:39.0403 3500 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:28:39.0419 3500 mpsdrv - ok
21:28:39.0903 3500 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:28:39.0934 3500 Mraid35x - ok
21:28:40.0230 3500 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:28:40.0230 3500 MRxDAV - ok
21:28:40.0371 3500 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:28:40.0386 3500 mrxsmb - ok
21:28:40.0605 3500 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:28:40.0651 3500 mrxsmb10 - ok
21:28:40.0995 3500 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:28:41.0026 3500 mrxsmb20 - ok
21:28:41.0322 3500 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
21:28:41.0322 3500 msahci - ok
21:28:41.0634 3500 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:28:41.0650 3500 msdsm - ok
21:28:41.0915 3500 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:28:41.0931 3500 Msfs - ok
21:28:42.0165 3500 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:28:42.0165 3500 msisadrv - ok
21:28:42.0445 3500 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:28:42.0461 3500 MSKSSRV - ok
21:28:42.0695 3500 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:28:42.0711 3500 MSPCLOCK - ok
21:28:43.0007 3500 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:28:43.0007 3500 MSPQM - ok
21:28:43.0413 3500 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:28:43.0569 3500 MsRPC - ok
21:28:44.0130 3500 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:28:44.0161 3500 mssmbios - ok
21:28:44.0302 3500 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:28:44.0317 3500 MSTEE - ok
21:28:44.0427 3500 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:28:44.0427 3500 Mup - ok
21:28:44.0505 3500 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:28:44.0520 3500 NativeWifiP - ok
21:28:44.0598 3500 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:28:44.0614 3500 NDIS - ok
21:28:44.0661 3500 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:28:44.0676 3500 NdisTapi - ok
21:28:44.0770 3500 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:28:44.0770 3500 Ndisuio - ok
21:28:44.0817 3500 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:28:44.0832 3500 NdisWan - ok
21:28:44.0863 3500 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:28:44.0863 3500 NDProxy - ok
21:28:44.0926 3500 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:28:44.0926 3500 NetBIOS - ok
21:28:44.0957 3500 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:28:44.0973 3500 netbt - ok
21:28:45.0269 3500 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
21:28:45.0363 3500 NETw2v32 - ok
21:28:45.0862 3500 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
21:28:45.0940 3500 NETw3v32 - ok
21:28:46.0829 3500 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
21:28:46.0923 3500 NETw4v32 - ok
21:28:47.0422 3500 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
21:28:47.0578 3500 NETw5v32 - ok
21:28:47.0827 3500 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:28:47.0859 3500 nfrd960 - ok
21:28:47.0952 3500 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:28:47.0952 3500 NisDrv - ok
21:28:48.0186 3500 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:28:48.0217 3500 Npfs - ok
21:28:48.0327 3500 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:28:48.0342 3500 nsiproxy - ok
21:28:48.0436 3500 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:28:48.0498 3500 Ntfs - ok
21:28:48.0592 3500 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:28:48.0592 3500 ntrigdigi - ok
21:28:48.0623 3500 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:28:48.0623 3500 Null - ok
21:28:48.0701 3500 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:28:48.0701 3500 nvraid - ok
21:28:48.0748 3500 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:28:48.0748 3500 nvstor - ok
21:28:48.0795 3500 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
21:28:48.0810 3500 nv_agp - ok
21:28:48.0826 3500 NwlnkFlt - ok
21:28:48.0841 3500 NwlnkFwd - ok
21:28:48.0935 3500 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:28:48.0935 3500 ohci1394 - ok
21:28:49.0263 3500 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:28:49.0263 3500 Parport - ok
21:28:49.0387 3500 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:28:49.0403 3500 partmgr - ok
21:28:49.0434 3500 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:28:49.0434 3500 Parvdm - ok
21:28:49.0543 3500 pavboot (210a628a0d7b3f45257850efbff27538) C:\Windows\system32\drivers\pavboot.sys
21:28:49.0543 3500 pavboot - ok
21:28:49.0855 3500 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:28:49.0855 3500 pci - ok
21:28:50.0245 3500 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
21:28:50.0277 3500 pciide - ok
21:28:50.0417 3500 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
21:28:50.0635 3500 pcmcia - ok
21:28:51.0384 3500 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:28:51.0525 3500 PEAUTH - ok
21:28:52.0024 3500 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:28:52.0039 3500 PptpMiniport - ok
21:28:52.0305 3500 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:28:52.0305 3500 Processor - ok
21:28:52.0429 3500 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:28:52.0429 3500 PSched - ok
21:28:52.0819 3500 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:28:52.0866 3500 ql2300 - ok
21:28:53.0319 3500 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:28:53.0319 3500 ql40xx - ok
21:28:53.0880 3500 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:28:53.0896 3500 QWAVEdrv - ok
21:28:54.0161 3500 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:28:54.0177 3500 RasAcd - ok
21:28:54.0255 3500 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:28:54.0270 3500 Rasl2tp - ok
21:28:54.0395 3500 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:28:54.0411 3500 RasPppoe - ok
21:28:54.0457 3500 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:28:54.0473 3500 RasSstp - ok
21:28:54.0567 3500 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:28:54.0582 3500 rdbss - ok
21:28:54.0676 3500 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:28:54.0676 3500 RDPCDD - ok
21:28:54.0769 3500 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
21:28:54.0785 3500 rdpdr - ok
21:28:54.0910 3500 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:28:54.0925 3500 RDPENCDD - ok
21:28:55.0035 3500 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:28:55.0066 3500 RDPWD - ok
21:28:55.0347 3500 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:28:55.0347 3500 rspndr - ok
21:28:55.0518 3500 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:28:55.0518 3500 SASDIFSV - ok
21:28:55.0565 3500 SASENUM (7f1085895e499907f68df7731924122b) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
21:28:55.0612 3500 SASENUM - ok
21:28:55.0643 3500 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:28:55.0674 3500 SASKUTIL - ok
21:28:56.0158 3500 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:28:56.0189 3500 sbp2port - ok
21:28:56.0392 3500 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
21:28:56.0392 3500 sdbus - ok
21:28:56.0548 3500 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:28:56.0563 3500 secdrv - ok
21:28:56.0751 3500 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:28:56.0797 3500 Serenum - ok
21:28:56.0969 3500 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:28:56.0985 3500 Serial - ok
21:28:57.0375 3500 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:28:57.0375 3500 sermouse - ok
21:28:57.0577 3500 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
21:28:57.0577 3500 sffdisk - ok
21:28:57.0624 3500 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
21:28:57.0624 3500 sffp_mmc - ok
21:28:57.0671 3500 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
21:28:57.0671 3500 sffp_sd - ok
21:28:57.0687 3500 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:28:57.0687 3500 sfloppy - ok
21:28:57.0765 3500 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
21:28:57.0765 3500 sisagp - ok
21:28:57.0827 3500 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:28:57.0827 3500 SiSRaid2 - ok
21:28:57.0874 3500 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:28:57.0889 3500 SiSRaid4 - ok
21:28:58.0201 3500 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:28:58.0217 3500 Smb - ok
21:28:58.0451 3500 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
21:28:58.0529 3500 smserial - ok
21:28:58.0857 3500 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:28:58.0857 3500 spldr - ok
21:28:59.0403 3500 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:28:59.0434 3500 srv - ok
21:28:59.0668 3500 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:28:59.0699 3500 srv2 - ok
21:28:59.0995 3500 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:29:00.0027 3500 srvnet - ok
21:29:00.0510 3500 STHDA (569758fbaba0330d1b7f1e141b8bc2a0) C:\Windows\system32\drivers\stwrt.sys
21:29:00.0744 3500 STHDA - ok
21:29:01.0041 3500 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
21:29:01.0072 3500 StillCam - ok
21:29:01.0415 3500 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:29:01.0415 3500 swenum - ok
21:29:01.0633 3500 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:29:01.0649 3500 Symc8xx - ok
21:29:01.0696 3500 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:29:01.0696 3500 Sym_hi - ok
21:29:01.0774 3500 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:29:01.0774 3500 Sym_u3 - ok
21:29:01.0852 3500 SynTP (1f452f22df0c00dd2529867e1ea0dc25) C:\Windows\system32\DRIVERS\SynTP.sys
21:29:01.0883 3500 SynTP - ok
21:29:02.0429 3500 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
21:29:02.0460 3500 Tcpip - ok
21:29:02.0850 3500 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
21:29:02.0850 3500 Tcpip6 - ok
21:29:03.0271 3500 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
21:29:03.0271 3500 tcpipreg - ok
21:29:03.0630 3500 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:29:03.0646 3500 TDPIPE - ok
21:29:03.0973 3500 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:29:03.0989 3500 TDTCP - ok
21:29:04.0098 3500 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:29:04.0098 3500 tdx - ok
21:29:04.0161 3500 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:29:04.0176 3500 TermDD - ok
21:29:04.0644 3500 tifm21 (c424f991494e5674f2e9b3cf9f5f55d1) C:\Windows\system32\drivers\tifm21.sys
21:29:04.0753 3500 tifm21 - ok
21:29:05.0065 3500 tmcomm (eb2283c0a4dfbd2e53d14f2c4d5a1e89) C:\Windows\system32\drivers\tmcomm.sys
21:29:05.0081 3500 tmcomm - ok
21:29:05.0424 3500 TSP - ok
21:29:05.0518 3500 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:29:05.0518 3500 tssecsrv - ok
21:29:05.0580 3500 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:29:05.0580 3500 tunmp - ok
21:29:05.0658 3500 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:29:05.0658 3500 tunnel - ok
21:29:05.0721 3500 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:29:05.0721 3500 uagp35 - ok
21:29:05.0814 3500 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:29:05.0830 3500 udfs - ok
21:29:06.0142 3500 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
21:29:06.0189 3500 uliagpkx - ok
21:29:06.0407 3500 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:29:06.0407 3500 uliahci - ok
21:29:06.0516 3500 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:29:06.0532 3500 UlSata - ok
21:29:06.0766 3500 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:29:06.0813 3500 ulsata2 - ok
21:29:07.0171 3500 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:29:07.0203 3500 umbus - ok
21:29:07.0655 3500 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:29:07.0686 3500 USBAAPL - ok
21:29:07.0998 3500 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:29:08.0029 3500 usbccgp - ok
21:29:08.0466 3500 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:29:08.0466 3500 usbcir - ok
21:29:08.0747 3500 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:29:08.0763 3500 usbehci - ok
21:29:08.0841 3500 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:29:08.0841 3500 usbhub - ok
21:29:08.0903 3500 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:29:08.0903 3500 usbohci - ok
21:29:08.0950 3500 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:29:08.0950 3500 usbprint - ok
21:29:09.0231 3500 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:29:09.0262 3500 usbscan - ok
21:29:09.0574 3500 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:29:09.0574 3500 USBSTOR - ok
21:29:09.0745 3500 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:29:09.0745 3500 usbuhci - ok
21:29:09.0855 3500 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:29:09.0855 3500 vga - ok
21:29:09.0917 3500 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:29:09.0917 3500 VgaSave - ok
21:29:09.0948 3500 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
21:29:09.0948 3500 viaagp - ok
21:29:10.0011 3500 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:29:10.0011 3500 ViaC7 - ok
21:29:10.0057 3500 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
21:29:10.0057 3500 viaide - ok
21:29:10.0167 3500 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:29:10.0167 3500 volmgr - ok
21:29:10.0291 3500 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:29:10.0291 3500 volmgrx - ok
21:29:10.0572 3500 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:29:10.0588 3500 volsnap - ok
21:29:10.0681 3500 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:29:10.0697 3500 vsmraid - ok
21:29:11.0056 3500 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:29:11.0071 3500 WacomPen - ok
21:29:11.0337 3500 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:11.0352 3500 Wanarp - ok
21:29:11.0368 3500 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:11.0368 3500 Wanarpv6 - ok
21:29:11.0602 3500 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:29:11.0602 3500 Wd - ok
21:29:11.0773 3500 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:29:11.0820 3500 Wdf01000 - ok
21:29:12.0195 3500 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
21:29:12.0210 3500 WmiAcpi - ok
21:29:12.0569 3500 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:29:12.0585 3500 WpdUsb - ok
21:29:12.0725 3500 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:29:12.0772 3500 ws2ifsl - ok
21:29:13.0068 3500 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:29:13.0099 3500 WUDFRd - ok
21:29:13.0583 3500 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
21:29:13.0599 3500 yukonwlh - ok
21:29:13.0645 3500 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:29:13.0677 3500 \Device\Harddisk0\DR0 - ok
21:29:13.0692 3500 Boot (0x1200) (06b9d4d01b5748d5fb34f7bbc6324cea) \Device\Harddisk0\DR0\Partition0
21:29:13.0723 3500 \Device\Harddisk0\DR0\Partition0 - ok
21:29:13.0755 3500 Boot (0x1200) (b5eed435737b70fd7e4f284066f63b7b) \Device\Harddisk0\DR0\Partition1
21:29:13.0786 3500 \Device\Harddisk0\DR0\Partition1 - ok
21:29:13.0786 3500 ============================================================
21:29:13.0786 3500 Scan finished
21:29:13.0786 3500 ============================================================
21:29:13.0817 3492 Detected object count: 0
21:29:13.0817 3492 Actual detected object count: 0
21:29:37.0023 3436 Deinitialize success


when I couldn't find the post last night not remembering about the log I ran combofix by mistake instead of TDSSKiller and it said it was still infected :
here is that log: I realized I had run wrong one so ran the TDSSKiller after this and that log is following this one:
hope I didn't do something wrong by running wrong program. I will leave a donation for you and hope you have a happy holidays
thanks for your help
Linda

ComboFix 11-12-08.01 - LLS 12/08/2011 21:28:20.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.408 [GMT -6:00]
Running from: c:\users\LLS\Desktop\anti-spyware\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\irftp.exe . . . is infected!!
.
c:\windows\System32\SystemPropertiesPerformance.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-11-09 to 2011-12-09 )))))))))))))))))))))))))))))))
.
.
2011-12-09 04:34 . 2011-12-09 04:35 -------- d-----w- c:\users\LLS\AppData\Local\temp
2011-12-09 04:34 . 2011-12-09 04:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-08 11:11 . 2011-12-08 11:11 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38C1ED53-AAB3-478A-9DF1-66ECB3272477}\MpKsl25906044.sys
2011-12-08 11:10 . 2011-12-08 11:10 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38C1ED53-AAB3-478A-9DF1-66ECB3272477}\offreg.dll
2011-12-07 15:08 . 2011-11-21 10:47 6823496 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38C1ED53-AAB3-478A-9DF1-66ECB3272477}\mpengine.dll
2011-12-03 20:13 . 2011-12-03 21:57 -------- d-----w- c:\users\LLS\DoctorWeb
2011-11-30 20:31 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-30 20:06 . 2011-12-03 19:11 -------- d-----w- c:\users\Public\SpyWareTools
2011-11-30 14:24 . 2011-11-30 14:24 388096 ----a-r- c:\users\LLS\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-29 15:34 . 2011-12-03 22:03 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-11-29 04:46 . 2011-11-29 04:46 -------- d-----w- c:\program files\SecurityXploded
2011-11-27 19:53 . 2011-11-27 19:53 -------- d-----w- c:\users\LLS\AppData\Local\Opera
2011-11-27 13:51 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-27 13:51 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-27 13:51 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-27 13:51 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-27 02:40 . 2011-11-27 02:40 -------- d-----w- c:\users\LLS\AppData\Local\VSO
2011-11-26 22:15 . 2011-11-26 22:15 -------- d-----w- C:\$RECYCLE(0).BIN
2011-11-26 18:10 . 2011-11-26 22:15 -------- d--h--w- c:\users\LLS\AppData\Local\ElevatedDiagnostics
2011-11-26 15:11 . 2011-11-26 15:11 0 ---ha-w- c:\users\LLS\AppData\Local\BIT63A2.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-30 19:18 . 2009-02-25 18:59 691 ----a-w- c:\users\LLS\AppData\Roaming\GetValue.vbs
2011-11-30 19:18 . 2009-02-25 18:59 35 ----a-w- c:\users\LLS\AppData\Roaming\SetValue.bat
2011-11-21 10:47 . 2011-04-24 15:36 6823496 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-12 23:14 . 2011-10-15 13:53 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2009-03-12 17:50 . 2009-03-12 17:50 113504 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll
2009-03-12 17:50 . 2009-03-12 17:50 232288 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzrcv01.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK
backup=c:\windows\pss\hpzrcv01.LNK.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 17:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
2006-11-16 23:04 2348584 ----a-w- c:\program files\BigFix\bigfix.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 04:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-09-29 17:39 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-12-12 02:02 98304 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 22:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]
2007-04-17 21:58 40072 ----a-w- c:\windows\SMINST\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-12-12 02:02 81920 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 19:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-10 22:47 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-11-12 13:15 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-04-08 10:38 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 04:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl3853c77f;MpKsl3853c77f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F60A2C96-99AD-48CC-AE7C-C05856348501}\MpKsl3853c77f.sys [x]
R1 MpKsl75167e26;MpKsl75167e26;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E5630E32-3406-4EFD-8E9D-01AE4870F5BF}\MpKsl75167e26.sys [x]
R1 MpKsl7c70b3f6;MpKsl7c70b3f6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F60A2C96-99AD-48CC-AE7C-C05856348501}\MpKsl7c70b3f6.sys [x]
R1 MpKsl898a9f46;MpKsl898a9f46;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F2E2427-742F-48F5-82AC-1CB4015DD87A}\MpKsl898a9f46.sys [x]
R1 MpKsla947c418;MpKsla947c418;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F60A2C96-99AD-48CC-AE7C-C05856348501}\MpKsla947c418.sys [x]
R1 MpKslc2d328c5;MpKslc2d328c5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B962D624-C5DF-45FB-9514-840EC761AA46}\MpKslc2d328c5.sys [x]
R1 MpKslc3fc86fc;MpKslc3fc86fc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{467B586D-C328-4505-B18D-AC6BB481B693}\MpKslc3fc86fc.sys [x]
R1 MpKslcabfbea0;MpKslcabfbea0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE49E965-5F62-4063-BEBE-6A3FA33A94C2}\MpKslcabfbea0.sys [x]
R1 MpKsleb690201;MpKsleb690201;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38C1ED53-AAB3-478A-9DF1-66ECB3272477}\MpKsleb690201.sys [x]
R1 MpKslf1b319e2;MpKslf1b319e2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB36D7-1041-4678-9843-54FDF3E6A1C4}\MpKslf1b319e2.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 135664]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-11-02 51632]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 135664]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2008-10-21 77312]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S1 MpKsl25906044;MpKsl25906044;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38C1ED53-AAB3-478A-9DF1-66ECB3272477}\MpKsl25906044.sys [2011-12-08 29904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-11-16 2996784]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe [2007-09-03 81920]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-08 92008]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe [2007-09-03 2002944]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-02-26 3668480]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL25906044
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
rsmsvcs REG_MULTI_SZ ntmssvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 14:43]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 14:43]
.
2011-12-05 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-29 21:31]
.
2008-09-02 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-07-29 21:31]
.
2009-05-30 c:\windows\Tasks\User_Feed_Synchronization-{12141F76-B8B9-4F1C-A4E2-2B4AB0C575DA}.job
- c:\windows\system32\msfeedssync.exe [2011-04-23 00:59]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 66.254.202.19 66.254.195.3
FF - ProfilePath - c:\users\LLS\AppData\Roaming\Mozilla\Firefox\Profiles\wg231qdp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?.home=ytff
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-08 22:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-08 22:45:22
ComboFix-quarantined-files.txt 2011-12-09 04:45
ComboFix2.txt 2011-12-07 01:29
ComboFix3.txt 2011-12-05 02:53
.
Pre-Run: 84,644,065,280 bytes free
Post-Run: 84,583,526,400 bytes free

2nd TSDDKiller Scan

22:45:47.0598 3860 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
22:45:47.0881 3860 ============================================================
22:45:47.0882 3860 Current date / time: 2011/12/08 22:45:47.0881
22:45:47.0882 3860 SystemInfo:
22:45:47.0882 3860
22:45:47.0882 3860 OS Version: 6.0.6002 ServicePack: 2.0
22:45:47.0882 3860 Product type: Workstation
22:45:47.0882 3860 ComputerName: JAS
22:45:47.0882 3860 UserName: LLS
22:45:47.0882 3860 Windows directory: C:\Windows
22:45:47.0882 3860 System windows directory: C:\Windows
22:45:47.0882 3860 Processor architecture: Intel x86
22:45:47.0882 3860 Number of processors: 2
22:45:47.0882 3860 Page size: 0x1000
22:45:47.0882 3860 Boot type: Normal boot
22:45:47.0882 3860 ============================================================
22:45:49.0380 3860 Initialize success
22:45:50.0774 3376 ============================================================
22:45:50.0774 3376 Scan started
22:45:50.0774 3376 Mode: Manual;
22:45:50.0774 3376 ============================================================
22:45:53.0230 3376 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
22:45:53.0268 3376 a2acc - ok
22:45:53.0399 3376 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
22:45:53.0420 3376 A2DDA - ok
22:45:53.0764 3376 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
22:45:53.0792 3376 ac97intc - ok
22:45:54.0010 3376 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:45:54.0018 3376 ACPI - ok
22:45:54.0460 3376 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:45:54.0494 3376 adp94xx - ok
22:45:55.0150 3376 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:45:55.0195 3376 adpahci - ok
22:45:55.0701 3376 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:45:55.0727 3376 adpu160m - ok
22:45:56.0019 3376 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:45:56.0069 3376 adpu320 - ok
22:45:56.0161 3376 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:45:56.0168 3376 AFD - ok
22:45:56.0227 3376 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
22:45:56.0231 3376 agp440 - ok
22:45:56.0290 3376 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:45:56.0313 3376 aic78xx - ok
22:45:56.0410 3376 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
22:45:56.0436 3376 aliide - ok
22:45:56.0498 3376 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
22:45:56.0501 3376 amdagp - ok
22:45:56.0545 3376 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
22:45:56.0547 3376 amdide - ok
22:45:56.0575 3376 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:45:56.0594 3376 AmdK7 - ok
22:45:56.0642 3376 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
22:45:56.0644 3376 AmdK8 - ok
22:45:56.0689 3376 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:45:56.0691 3376 arc - ok
22:45:56.0745 3376 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:45:56.0747 3376 arcsas - ok
22:45:56.0825 3376 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:45:56.0865 3376 AsyncMac - ok
22:45:56.0915 3376 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:45:56.0916 3376 atapi - ok
22:45:56.0994 3376 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
22:45:57.0045 3376 bcm4sbxp - ok
22:45:57.0088 3376 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:45:57.0089 3376 Beep - ok
22:45:57.0559 3376 blbdrive - ok
22:45:57.0996 3376 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:45:58.0010 3376 bowser - ok
22:45:58.0147 3376 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:45:58.0149 3376 BrFiltLo - ok
22:45:58.0248 3376 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:45:58.0270 3376 BrFiltUp - ok
22:45:58.0683 3376 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:45:58.0712 3376 Brserid - ok
22:45:58.0764 3376 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:45:58.0766 3376 BrSerWdm - ok
22:45:58.0803 3376 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:45:58.0806 3376 BrUsbMdm - ok
22:45:58.0860 3376 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:45:58.0862 3376 BrUsbSer - ok
22:45:59.0225 3376 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:45:59.0259 3376 BTHMODEM - ok
22:45:59.0342 3376 catchme - ok
22:45:59.0926 3376 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:45:59.0929 3376 cdfs - ok
22:46:00.0218 3376 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\Windows\system32\drivers\Cdralw2k.sys
22:46:00.0258 3376 Cdralw2k - ok
22:46:00.0373 3376 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:46:00.0403 3376 cdrom - ok
22:46:00.0482 3376 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
22:46:00.0485 3376 circlass - ok
22:46:00.0636 3376 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:46:00.0671 3376 CLFS - ok
22:46:00.0822 3376 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:46:00.0847 3376 CmBatt - ok
22:46:00.0942 3376 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
22:46:00.0960 3376 cmdide - ok
22:46:01.0053 3376 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:46:01.0084 3376 Compbatt - ok
22:46:01.0165 3376 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:46:01.0182 3376 crcdisk - ok
22:46:01.0468 3376 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:46:01.0490 3376 Crusoe - ok
22:46:01.0593 3376 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:46:01.0631 3376 DfsC - ok
22:46:01.0920 3376 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:46:01.0923 3376 disk - ok
22:46:02.0600 3376 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
22:46:02.0625 3376 dot4 - ok
22:46:02.0983 3376 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:46:02.0985 3376 Dot4Print - ok
22:46:03.0049 3376 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
22:46:03.0076 3376 dot4usb - ok
22:46:03.0218 3376 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:46:03.0228 3376 drmkaud - ok
22:46:03.0498 3376 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:46:03.0665 3376 DXGKrnl - ok
22:46:03.0811 3376 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:46:03.0892 3376 E1G60 - ok
22:46:04.0546 3376 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:46:04.0586 3376 Ecache - ok
22:46:05.0072 3376 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:46:05.0128 3376 elxstor - ok
22:46:05.0699 3376 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:46:05.0703 3376 exfat - ok
22:46:05.0855 3376 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:46:05.0860 3376 fastfat - ok
22:46:05.0921 3376 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:46:05.0923 3376 fdc - ok
22:46:06.0000 3376 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:46:06.0003 3376 FileInfo - ok
22:46:06.0057 3376 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:46:06.0059 3376 Filetrace - ok
22:46:06.0143 3376 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:46:06.0145 3376 flpydisk - ok
22:46:06.0222 3376 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:46:06.0228 3376 FltMgr - ok
22:46:06.0290 3376 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:46:06.0292 3376 Fs_Rec - ok
22:46:06.0355 3376 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:46:06.0358 3376 gagp30kx - ok
22:46:06.0401 3376 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
22:46:06.0403 3376 GEARAspiWDM - ok
22:46:06.0475 3376 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:46:06.0481 3376 HdAudAddService - ok
22:46:06.0600 3376 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:46:06.0610 3376 HDAudBus - ok
22:46:06.0663 3376 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:46:06.0664 3376 HidBth - ok
22:46:06.0694 3376 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:46:06.0695 3376 HidIr - ok
22:46:06.0747 3376 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:46:06.0749 3376 HidUsb - ok
22:46:06.0791 3376 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:46:06.0793 3376 HpCISSs - ok
22:46:06.0849 3376 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:46:06.0856 3376 HTTP - ok
22:46:06.0875 3376 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:46:06.0877 3376 i2omp - ok
22:46:06.0915 3376 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:46:06.0937 3376 i8042prt - ok
22:46:07.0041 3376 ialm (5f43e40c46d98e5e1e7d8a77d7bbf738) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:46:07.0096 3376 ialm - ok
22:46:07.0152 3376 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\DRIVERS\iaStor.sys
22:46:07.0154 3376 iaStor - ok
22:46:07.0198 3376 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:46:07.0202 3376 iaStorV - ok
22:46:07.0286 3376 igfx (5f43e40c46d98e5e1e7d8a77d7bbf738) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:46:07.0298 3376 igfx - ok
22:46:07.0335 3376 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:46:07.0337 3376 iirsp - ok
22:46:07.0360 3376 Inspect - ok
22:46:07.0431 3376 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:46:07.0433 3376 intelide - ok
22:46:07.0460 3376 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:46:07.0462 3376 intelppm - ok
22:46:07.0527 3376 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:46:07.0529 3376 IpFilterDriver - ok
22:46:07.0570 3376 IpInIp - ok
22:46:07.0639 3376 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:46:07.0643 3376 IPMIDRV - ok
22:46:07.0693 3376 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:46:07.0695 3376 IPNAT - ok
22:46:07.0737 3376 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:46:07.0739 3376 IRENUM - ok
22:46:07.0770 3376 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
22:46:07.0772 3376 isapnp - ok
22:46:07.0810 3376 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:46:07.0814 3376 iScsiPrt - ok
22:46:07.0857 3376 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:46:07.0859 3376 iteatapi - ok
22:46:07.0902 3376 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:46:07.0904 3376 iteraid - ok
22:46:07.0951 3376 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:46:07.0953 3376 kbdclass - ok
22:46:07.0998 3376 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
22:46:07.0999 3376 kbdhid - ok
22:46:08.0073 3376 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:46:08.0083 3376 KSecDD - ok
22:46:08.0211 3376 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:46:08.0213 3376 lltdio - ok
22:46:08.0288 3376 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:46:08.0292 3376 LSI_FC - ok
22:46:08.0357 3376 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:46:08.0360 3376 LSI_SAS - ok
22:46:08.0424 3376 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:46:08.0427 3376 LSI_SCSI - ok
22:46:08.0489 3376 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:46:08.0493 3376 luafv - ok
22:46:08.0567 3376 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:46:08.0569 3376 megasas - ok
22:46:08.0632 3376 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:46:08.0634 3376 Modem - ok
22:46:08.0686 3376 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
22:46:08.0688 3376 MODEMCSA - ok
22:46:08.0755 3376 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:46:08.0757 3376 monitor - ok
22:46:08.0814 3376 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
22:46:08.0816 3376 motmodem - ok
22:46:08.0879 3376 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:46:08.0881 3376 mouclass - ok
22:46:08.0931 3376 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:46:08.0933 3376 mouhid - ok
22:46:08.0980 3376 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:46:08.0983 3376 MountMgr - ok
22:46:09.0034 3376 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
22:46:09.0039 3376 MpFilter - ok
22:46:09.0122 3376 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:46:09.0126 3376 mpio - ok
22:46:09.0268 3376 MpKsl25906044 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38C1ED53-AAB3-478A-9DF1-66ECB3272477}\MpKsl25906044.sys
22:46:09.0270 3376 MpKsl25906044 - ok
22:46:09.0301 3376 MpKsl3853c77f - ok
22:46:09.0313 3376 MpKsl75167e26 - ok
22:46:09.0325 3376 MpKsl7c70b3f6 - ok
22:46:09.0333 3376 MpKsl898a9f46 - ok
22:46:09.0346 3376 MpKsla947c418 - ok
22:46:09.0362 3376 MpKslc2d328c5 - ok
22:46:09.0394 3376 MpKslc3fc86fc - ok
22:46:09.0403 3376 MpKslcabfbea0 - ok
22:46:09.0452 3376 MpKsleb690201 - ok
22:46:09.0459 3376 MpKslf1b319e2 - ok
22:46:09.0595 3376 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
22:46:09.0597 3376 MpNWMon - ok
22:46:09.0656 3376 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:46:09.0658 3376 mpsdrv - ok
22:46:09.0728 3376 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:46:09.0730 3376 Mraid35x - ok
22:46:09.0802 3376 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:46:09.0805 3376 MRxDAV - ok
22:46:09.0862 3376 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:46:09.0865 3376 mrxsmb - ok
22:46:09.0907 3376 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:46:09.0912 3376 mrxsmb10 - ok
22:46:09.0937 3376 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:46:09.0939 3376 mrxsmb20 - ok
22:46:09.0987 3376 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
22:46:09.0988 3376 msahci - ok
22:46:10.0045 3376 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:46:10.0047 3376 msdsm - ok
22:46:10.0363 3376 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:46:10.0364 3376 Msfs - ok
22:46:10.0421 3376 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:46:10.0422 3376 msisadrv - ok
22:46:10.0453 3376 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:46:10.0455 3376 MSKSSRV - ok
22:46:10.0486 3376 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:46:10.0487 3376 MSPCLOCK - ok
22:46:10.0541 3376 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:46:10.0542 3376 MSPQM - ok
22:46:10.0589 3376 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:46:10.0593 3376 MsRPC - ok
22:46:10.0673 3376 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:46:10.0675 3376 mssmbios - ok
22:46:10.0724 3376 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:46:10.0726 3376 MSTEE - ok
22:46:10.0774 3376 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:46:10.0777 3376 Mup - ok
22:46:10.0842 3376 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:46:10.0847 3376 NativeWifiP - ok
22:46:10.0920 3376 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:46:10.0933 3376 NDIS - ok
22:46:10.0988 3376 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:46:10.0989 3376 NdisTapi - ok
22:46:11.0030 3376 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:46:11.0032 3376 Ndisuio - ok
22:46:11.0077 3376 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:46:11.0081 3376 NdisWan - ok
22:46:11.0126 3376 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:46:11.0129 3376 NDProxy - ok
22:46:11.0214 3376 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:46:11.0217 3376 NetBIOS - ok
22:46:11.0293 3376 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:46:11.0299 3376 netbt - ok
22:46:11.0483 3376 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
22:46:11.0584 3376 NETw2v32 - ok
22:46:11.0727 3376 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
22:46:11.0796 3376 NETw3v32 - ok
22:46:11.0945 3376 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
22:46:12.0022 3376 NETw4v32 - ok
22:46:12.0260 3376 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
22:46:12.0405 3376 NETw5v32 - ok
22:46:12.0489 3376 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:46:12.0492 3376 nfrd960 - ok
22:46:12.0540 3376 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:46:12.0543 3376 NisDrv - ok
22:46:12.0626 3376 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:46:12.0627 3376 Npfs - ok
22:46:12.0718 3376 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:46:12.0719 3376 nsiproxy - ok
22:46:12.0815 3376 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:46:12.0860 3376 Ntfs - ok
22:46:12.0925 3376 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:46:12.0926 3376 ntrigdigi - ok
22:46:12.0975 3376 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:46:12.0976 3376 Null - ok
22:46:13.0001 3376 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
22:46:13.0004 3376 nvraid - ok
22:46:13.0035 3376 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
22:46:13.0037 3376 nvstor - ok
22:46:13.0070 3376 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
22:46:13.0073 3376 nv_agp - ok
22:46:13.0087 3376 NwlnkFlt - ok
22:46:13.0106 3376 NwlnkFwd - ok
22:46:13.0179 3376 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:46:13.0181 3376 ohci1394 - ok
22:46:13.0246 3376 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:46:13.0248 3376 Parport - ok
22:46:13.0289 3376 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:46:13.0291 3376 partmgr - ok
22:46:13.0311 3376 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:46:13.0312 3376 Parvdm - ok
22:46:13.0376 3376 pavboot (210a628a0d7b3f45257850efbff27538) C:\Windows\system32\drivers\pavboot.sys
22:46:13.0377 3376 pavboot - ok
22:46:13.0444 3376 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:46:13.0447 3376 pci - ok
22:46:13.0490 3376 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
22:46:13.0491 3376 pciide - ok
22:46:13.0553 3376 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
22:46:13.0557 3376 pcmcia - ok
22:46:13.0636 3376 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:46:13.0680 3376 PEAUTH - ok
22:46:13.0797 3376 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:46:13.0800 3376 PptpMiniport - ok
22:46:13.0867 3376 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:46:13.0869 3376 Processor - ok
22:46:13.0942 3376 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:46:13.0944 3376 PSched - ok
22:46:14.0021 3376 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:46:14.0065 3376 ql2300 - ok
22:46:14.0112 3376 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:46:14.0115 3376 ql40xx - ok
22:46:14.0157 3376 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:46:14.0159 3376 QWAVEdrv - ok
22:46:14.0202 3376 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:46:14.0203 3376 RasAcd - ok
22:46:14.0266 3376 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:46:14.0268 3376 Rasl2tp - ok
22:46:14.0342 3376 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:46:14.0343 3376 RasPppoe - ok
22:46:14.0392 3376 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:46:14.0394 3376 RasSstp - ok
22:46:14.0441 3376 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:46:14.0446 3376 rdbss - ok
22:46:14.0498 3376 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:46:14.0500 3376 RDPCDD - ok
22:46:14.0538 3376 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
22:46:14.0543 3376 rdpdr - ok
22:46:14.0576 3376 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:46:14.0578 3376 RDPENCDD - ok
22:46:14.0655 3376 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:46:14.0659 3376 RDPWD - ok
22:46:14.0722 3376 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:46:14.0724 3376 rspndr - ok
22:46:14.0808 3376 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:46:14.0809 3376 SASDIFSV - ok
22:46:14.0827 3376 SASENUM (7f1085895e499907f68df7731924122b) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
22:46:14.0828 3376 SASENUM - ok
22:46:14.0844 3376 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:46:14.0847 3376 SASKUTIL - ok
22:46:14.0969 3376 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:46:14.0971 3376 sbp2port - ok
22:46:15.0012 3376 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
22:46:15.0015 3376 sdbus - ok
22:46:15.0042 3376 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:46:15.0044 3376 secdrv - ok
22:46:15.0079 3376 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:46:15.0080 3376 Serenum - ok
22:46:15.0119 3376 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:46:15.0122 3376 Serial - ok
22:46:15.0166 3376 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:46:15.0168 3376 sermouse - ok
22:46:15.0224 3376 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
22:46:15.0225 3376 sffdisk - ok
22:46:15.0241 3376 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
22:46:15.0242 3376 sffp_mmc - ok
22:46:15.0335 3376 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
22:46:15.0337 3376 sffp_sd - ok
22:46:15.0353 3376 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:46:15.0355 3376 sfloppy - ok
22:46:15.0435 3376 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
22:46:15.0436 3376 sisagp - ok
22:46:15.0480 3376 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
22:46:15.0482 3376 SiSRaid2 - ok
22:46:15.0523 3376 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:46:15.0526 3376 SiSRaid4 - ok
22:46:15.0579 3376 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:46:15.0581 3376 Smb - ok
22:46:15.0670 3376 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
22:46:15.0704 3376 smserial - ok
22:46:15.0762 3376 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:46:15.0764 3376 spldr - ok
22:46:15.0824 3376 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:46:15.0830 3376 srv - ok
22:46:15.0870 3376 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:46:15.0874 3376 srv2 - ok
22:46:15.0946 3376 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:46:15.0949 3376 srvnet - ok
22:46:16.0038 3376 STHDA (569758fbaba0330d1b7f1e141b8bc2a0) C:\Windows\system32\drivers\stwrt.sys
22:46:16.0052 3376 STHDA - ok
22:46:16.0095 3376 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
22:46:16.0096 3376 StillCam - ok
22:46:16.0179 3376 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:46:16.0181 3376 swenum - ok
22:46:16.0275 3376 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:46:16.0277 3376 Symc8xx - ok
22:46:16.0319 3376 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:46:16.0322 3376 Sym_hi - ok
22:46:16.0352 3376 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:46:16.0355 3376 Sym_u3 - ok
22:46:16.0424 3376 SynTP (1f452f22df0c00dd2529867e1ea0dc25) C:\Windows\system32\DRIVERS\SynTP.sys
22:46:16.0429 3376 SynTP - ok
22:46:16.0532 3376 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
22:46:16.0566 3376 Tcpip - ok
22:46:16.0654 3376 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
22:46:16.0665 3376 Tcpip6 - ok
22:46:16.0718 3376 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
22:46:16.0720 3376 tcpipreg - ok
22:46:16.0762 3376 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:46:16.0764 3376 TDPIPE - ok
22:46:16.0790 3376 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:46:16.0792 3376 TDTCP - ok
22:46:16.0860 3376 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:46:16.0863 3376 tdx - ok
22:46:16.0923 3376 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:46:16.0926 3376 TermDD - ok
22:46:17.0020 3376 tifm21 (c424f991494e5674f2e9b3cf9f5f55d1) C:\Windows\system32\drivers\tifm21.sys
22:46:17.0043 3376 tifm21 - ok
22:46:17.0086 3376 tmcomm (eb2283c0a4dfbd2e53d14f2c4d5a1e89) C:\Windows\system32\drivers\tmcomm.sys
22:46:17.0097 3376 tmcomm - ok
22:46:17.0143 3376 TSP - ok
22:46:17.0199 3376 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:46:17.0202 3376 tssecsrv - ok
22:46:17.0244 3376 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:46:17.0246 3376 tunmp - ok
22:46:17.0298 3376 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:46:17.0301 3376 tunnel - ok
22:46:17.0371 3376 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:46:17.0374 3376 uagp35 - ok
22:46:17.0454 3376 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:46:17.0461 3376 udfs - ok
22:46:17.0540 3376 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
22:46:17.0543 3376 uliagpkx - ok
22:46:17.0610 3376 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:46:17.0617 3376 uliahci - ok
22:46:17.0669 3376 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:46:17.0673 3376 UlSata - ok
22:46:17.0710 3376 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:46:17.0715 3376 ulsata2 - ok
22:46:17.0770 3376 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:46:17.0773 3376 umbus - ok
22:46:17.0897 3376 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
22:46:17.0899 3376 USBAAPL - ok
22:46:17.0938 3376 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:46:17.0941 3376 usbccgp - ok
22:46:17.0994 3376 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:46:17.0996 3376 usbcir - ok
22:46:18.0051 3376 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:46:18.0053 3376 usbehci - ok
22:46:18.0104 3376 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:46:18.0108 3376 usbhub - ok
22:46:18.0144 3376 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:46:18.0146 3376 usbohci - ok
22:46:18.0180 3376 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:46:18.0182 3376 usbprint - ok
22:46:18.0232 3376 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:46:18.0233 3376 usbscan - ok
22:46:18.0295 3376 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:46:18.0297 3376 USBSTOR - ok
22:46:18.0336 3376 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:46:18.0338 3376 usbuhci - ok
22:46:18.0405 3376 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
22:46:18.0406 3376 vga - ok
22:46:18.0451 3376 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:46:18.0453 3376 VgaSave - ok
22:46:18.0490 3376 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
22:46:18.0492 3376 viaagp - ok
22:46:18.0544 3376 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:46:18.0547 3376 ViaC7 - ok
22:46:18.0600 3376 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
22:46:18.0602 3376 viaide - ok
22:46:18.0650 3376 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:46:18.0653 3376 volmgr - ok
22:46:18.0726 3376 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:46:18.0733 3376 volmgrx - ok
22:46:18.0813 3376 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:46:18.0819 3376 volsnap - ok
22:46:18.0881 3376 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:46:18.0885 3376 vsmraid - ok
22:46:18.0934 3376 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:46:18.0936 3376 WacomPen - ok
22:46:18.0987 3376 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:46:18.0990 3376 Wanarp - ok
22:46:18.0997 3376 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:46:18.0999 3376 Wanarpv6 - ok
22:46:19.0075 3376 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:46:19.0077 3376 Wd - ok
22:46:19.0133 3376 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:46:19.0145 3376 Wdf01000 - ok
22:46:19.0361 3376 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
22:46:19.0364 3376 WmiAcpi - ok
22:46:19.0450 3376 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:46:19.0453 3376 WpdUsb - ok
22:46:19.0562 3376 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:46:19.0564 3376 ws2ifsl - ok
22:46:19.0656 3376 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:46:19.0660 3376 WUDFRd - ok
22:46:19.0794 3376 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
22:46:19.0804 3376 yukonwlh - ok
22:46:19.0844 3376 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:46:19.0876 3376 \Device\Harddisk0\DR0 - ok
22:46:19.0884 3376 Boot (0x1200) (06b9d4d01b5748d5fb34f7bbc6324cea) \Device\Harddisk0\DR0\Partition0
22:46:19.0886 3376 \Device\Harddisk0\DR0\Partition0 - ok
22:46:19.0897 3376 Boot (0x1200) (b5eed435737b70fd7e4f284066f63b7b) \Device\Harddisk0\DR0\Partition1
22:46:19.0900 3376 \Device\Harddisk0\DR0\Partition1 - ok
22:46:19.0909 3376 ============================================================
22:46:19.0909 3376 Scan finished
22:46:19.0909 3376 ============================================================
22:46:19.0932 2472 Detected object count: 0
22:46:19.0932 2472 Actual detected object count: 0
22:46:33.0792 1032 Deinitialize success

.
- - End Of File - - 570FD95500340071C802B76686B9BECB

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:07 PM

Posted 09 December 2011 - 01:28 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 katiecalf

katiecalf
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:07 PM

Posted 09 December 2011 - 02:14 PM

am running combofix right now but have a question. I made a donation but it went to a ladies name and you from your profile are a guy. Did it go to the right person or do I need to get a hold of paypal?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:07 PM

Posted 09 December 2011 - 03:14 PM

That is my better half and I do receive it



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users