Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot get rid of Boot.Tidserv


  • This topic is locked This topic is locked
46 replies to this topic

#1 jimnlisastein

jimnlisastein

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 15 January 2012 - 09:42 AM

Hi,

I have a problem with Boot.Tidserv on our computer. Norton blocks and quarantines it every time we reboot, but it's never fully resolved. We have an HP Pavilion laptop running Vista. I've tried multiple malware and virus removal programs without success, so I thought I would try the forum here. Thanks so much for any assistance you can provide.

Here is my DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by Lisa at 17:04:30 on 2012-01-14
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2974.1434 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.3.6\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{5BFB3570-2AFB-445A-B5C0-477C51A83C2F} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.3.6\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008030.006\SymEFA.sys [2011-10-11 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008030.006\BHDrvx86.sys [2011-10-11 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys [2011-10-11 467592]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20120113.002\IDSvix86.sys [2012-1-14 368248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_a7e996cd\AEstSrv.exe [2008-10-18 77824]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 19456]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-17 652872]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.3.6\ccSvcHst.exe [2011-10-11 117648]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-29 361808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-22 24652]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-29 193840]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-10 106104]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-4 113664]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-8 96856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-17 20464]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-10-18 3658752]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008030.006\symndisv.sys [2011-10-11 48760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-6 136176]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-11-10 19456]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-6 136176]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2010-1-18 3200]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-04 21:58:31 -------- d-----w- c:\users\lisa\appdata\local\Adobe
2012-01-03 02:37:36 -------- d-----w- c:\users\lisa\appdata\local\IsolatedStorage
2011-12-18 04:56:23 -------- d-----w- c:\users\lisa\appdata\roaming\SUPERAntiSpyware.com
2011-12-18 04:55:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-18 04:55:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-18 03:14:42 -------- d-----w- c:\users\lisa\appdata\roaming\Malwarebytes
2011-12-18 03:14:35 -------- d-----w- c:\programdata\Malwarebytes
2011-12-18 03:14:28 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-18 03:14:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-17 23:39:04 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-17 23:39:01 -------- d-----w- c:\users\lisa\appdata\local\temp
2011-12-16 23:50:57 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-16 04:17:51 -------- d-----w- c:\users\lisa\appdata\local\CrashDumps
2011-12-16 04:07:13 -------- d-----w- c:\users\lisa\appdata\local\NPE
.
==================== Find3M ====================
.
2011-12-16 03:50:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 17:05:58.75 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:04 AM

Posted 17 January 2012 - 12:21 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jimnlisastein

jimnlisastein
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 17 January 2012 - 10:39 PM

Thanks Gringo. I will follow your instructions, but it may take until this weekend for me to get to it so please do not close the topic if it runs past the 5 day mark. Thanks so much for your help!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:04 AM

Posted 18 January 2012 - 11:43 AM

no problem I will check on you in a couple of days

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jimnlisastein

jimnlisastein
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 18 January 2012 - 10:10 PM

Here is my log from ComboFix:

ComboFix 12-01-18.04 - Lisa 01/18/2012 20:54:07.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2974.2080 [GMT -6:00]
Running from: c:\users\Lisa\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\releaseengineer\Application Data\64dlls.exe
c:\documents and settings\releaseengineer\Application Data\intel64.exe
c:\documents and settings\releaseengineer\Application Data\Kernel32.exe
c:\documents and settings\releaseengineer\Application Data\localsys64.exe
c:\documents and settings\releaseengineer\Application Data\ntos.exe
c:\documents and settings\releaseengineer\Application Data\oembios.exe
c:\documents and settings\releaseengineer\Application Data\sdra64.exe
c:\documents and settings\releaseengineer\Application Data\sdra73.exe
c:\documents and settings\releaseengineer\Application Data\swin32.exe
c:\documents and settings\releaseengineer\Application Data\twex.exe
c:\documents and settings\releaseengineer\Application Data\twext.exe
c:\documents and settings\releaseengineer\Application Data\wsnpoema.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
.
.
2012-01-19 03:03 . 2012-01-19 03:03 -------- d-----w- c:\users\Lisa\AppData\Local\temp
2012-01-19 03:03 . 2012-01-19 03:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-19 03:03 . 2012-01-19 03:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-04 21:58 . 2012-01-04 21:59 -------- d-----w- c:\users\Lisa\AppData\Local\Adobe
2012-01-03 02:37 . 2012-01-03 02:37 -------- d-----w- c:\users\Lisa\AppData\Local\IsolatedStorage
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 03:50 . 2011-08-06 20:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 21:24 . 2011-12-18 03:14 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-06 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-26 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-31 136600]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-03-19 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-11-10 236016]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"MRT"="c:\windows\system32\MRT.exe" [2012-01-15 52128560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-06 20:22]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-06 20:22]
.
2012-01-06 c:\windows\Tasks\Norton Security Scan for Lisa.job
- c:\progra~1\NORTON~3\Engine\360~1.31\Nss.exe [2011-11-19 05:47]
.
2012-01-19 c:\windows\Tasks\User_Feed_Synchronization-{50268393-D392-4AAA-ACF5-B77E1509FEB2}.job
- c:\windows\system32\msfeedssync.exe [2011-07-16 04:32]
.
2012-01-19 c:\windows\Tasks\User_Feed_Synchronization-{67B4013C-0093-4041-8F8E-80C37E4A673B}.job
- c:\windows\system32\msfeedssync.exe [2011-07-16 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-18 21:03
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-18 21:06:06
ComboFix-quarantined-files.txt 2012-01-19 03:06
.
Pre-Run: 260,263,813,120 bytes free
Post-Run: 260,250,103,808 bytes free
.
- - End Of File - - 51625D61C7942080A6E9D2642DADC3C0


I will run a test by restarting my computer and scanning it to see if Norton finds it on my computer. My next post will contain the results.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:04 AM

Posted 18 January 2012 - 10:16 PM

Hello

You shouldn't run the scan at this time

we are not done and the results can be confusing like if something shows up in system restore or if it picks up any of our tools



:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jimnlisastein

jimnlisastein
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 18 January 2012 - 10:39 PM

Ok, I'm sorry...before I saw your post I had already restarted my computer, which kicks off auto-protect and scans for threats. It did find Boot.Tidserv. I'll wait for you on future steps. I don't know if the scan caused this, but I got a blue screen when following your steps for the CFScript.txt/ComboFix run. I started to grab a pen to write down some details, but didn't get it until it had restarted. I thought I saw the file name "catchme.sys", but might have that wrong. Here's what the message said about Windows restarting from an unexpected shutdown:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 50
BCP1: B4CB301C
BCP2: 00000000
BCP3: BDD9CABB
BCP4: 00000000
OS Version: 6_0_6001
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini011812-01.dmp
C:\Users\Lisa\AppData\Local\Temp\WER-158091-0.sysdata.xml
C:\Users\Lisa\AppData\Local\Temp\WER49AC.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409


Don't know if that is any use for you.

One other thing I noticed and don't know if it could have caused the blue screen...when I copied "ClearJavaCache::" from below and pasted it into notebook, the paste put the cursor on the second line, so I might have copied a return in there...don't know if that would have any effect, but wanted to make sure and provide the detail.

So, since I ran that scan before you caught me, do I need to start over and run ComboFix by itself, post the log, and then run the second step you instructed me to do? Let me know how you'd like me to proceed, and thank you so much for your help!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:04 AM

Posted 18 January 2012 - 10:52 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jimnlisastein

jimnlisastein
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 18 January 2012 - 11:39 PM

Here's the log:


22:36:19.0680 2324 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
22:36:20.0120 2324 ============================================================
22:36:20.0120 2324 Current date / time: 2012/01/18 22:36:20.0120
22:36:20.0120 2324 SystemInfo:
22:36:20.0120 2324
22:36:20.0120 2324 OS Version: 6.0.6001 ServicePack: 1.0
22:36:20.0120 2324 Product type: Workstation
22:36:20.0121 2324 ComputerName: LISA-PC
22:36:20.0121 2324 UserName: Lisa
22:36:20.0121 2324 Windows directory: C:\Windows
22:36:20.0121 2324 System windows directory: C:\Windows
22:36:20.0121 2324 Processor architecture: Intel x86
22:36:20.0121 2324 Number of processors: 2
22:36:20.0121 2324 Page size: 0x1000
22:36:20.0121 2324 Boot type: Normal boot
22:36:20.0121 2324 ============================================================
22:36:21.0410 2324 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
22:36:21.0483 2324 Initialize success
22:36:24.0029 3196 ============================================================
22:36:24.0029 3196 Scan started
22:36:24.0029 3196 Mode: Manual;
22:36:24.0029 3196 ============================================================
22:36:24.0819 3196 Accelerometer (3b10711ad8656c097e0d16a41b29c54c) C:\Windows\system32\DRIVERS\Accelerometer.sys
22:36:24.0819 3196 Accelerometer - ok
22:36:24.0993 3196 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
22:36:24.0995 3196 ACPI - ok
22:36:25.0200 3196 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:36:25.0202 3196 adp94xx - ok
22:36:25.0253 3196 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:36:25.0255 3196 adpahci - ok
22:36:25.0336 3196 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:36:25.0337 3196 adpu160m - ok
22:36:25.0369 3196 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:36:25.0370 3196 adpu320 - ok
22:36:25.0570 3196 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
22:36:25.0573 3196 AFD - ok
22:36:25.0707 3196 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:36:25.0708 3196 agp440 - ok
22:36:25.0972 3196 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:36:25.0972 3196 aic78xx - ok
22:36:26.0058 3196 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:36:26.0058 3196 aliide - ok
22:36:26.0141 3196 ALSysIO - ok
22:36:26.0249 3196 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:36:26.0250 3196 amdagp - ok
22:36:26.0286 3196 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:36:26.0286 3196 amdide - ok
22:36:26.0316 3196 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:36:26.0316 3196 AmdK7 - ok
22:36:26.0475 3196 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
22:36:26.0476 3196 AmdK8 - ok
22:36:26.0585 3196 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:36:26.0586 3196 arc - ok
22:36:26.0633 3196 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:36:26.0634 3196 arcsas - ok
22:36:26.0684 3196 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:36:26.0685 3196 AsyncMac - ok
22:36:26.0739 3196 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
22:36:26.0740 3196 atapi - ok
22:36:26.0840 3196 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
22:36:26.0843 3196 BCM43XV - ok
22:36:26.0901 3196 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:36:26.0902 3196 Beep - ok
22:36:27.0022 3196 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\Windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys
22:36:27.0024 3196 BHDrvx86 - ok
22:36:27.0090 3196 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:36:27.0091 3196 blbdrive - ok
22:36:27.0186 3196 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
22:36:27.0187 3196 bowser - ok
22:36:27.0250 3196 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:36:27.0251 3196 BrFiltLo - ok
22:36:27.0322 3196 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:36:27.0322 3196 BrFiltUp - ok
22:36:27.0425 3196 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:36:27.0426 3196 Brserid - ok
22:36:27.0463 3196 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:36:27.0464 3196 BrSerWdm - ok
22:36:27.0491 3196 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:36:27.0492 3196 BrUsbMdm - ok
22:36:27.0567 3196 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:36:27.0567 3196 BrUsbSer - ok
22:36:27.0633 3196 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
22:36:27.0634 3196 BthEnum - ok
22:36:27.0712 3196 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:36:27.0712 3196 BTHMODEM - ok
22:36:27.0787 3196 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
22:36:27.0788 3196 BthPan - ok
22:36:27.0865 3196 BTHPORT (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys
22:36:27.0867 3196 BTHPORT - ok
22:36:27.0936 3196 BTHUSB (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys
22:36:27.0937 3196 BTHUSB - ok
22:36:28.0020 3196 catchme - ok
22:36:28.0253 3196 ccHP (3182b846490dc4d71fabd4a8cb6b73ea) C:\Windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys
22:36:28.0257 3196 ccHP - ok
22:36:28.0427 3196 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:36:28.0428 3196 cdfs - ok
22:36:28.0551 3196 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
22:36:28.0551 3196 cdrom - ok
22:36:28.0578 3196 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
22:36:28.0580 3196 circlass - ok
22:36:28.0717 3196 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
22:36:28.0720 3196 CLFS - ok
22:36:28.0782 3196 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:36:28.0782 3196 CmBatt - ok
22:36:28.0824 3196 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:36:28.0824 3196 cmdide - ok
22:36:28.0865 3196 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:36:28.0865 3196 Compbatt - ok
22:36:28.0901 3196 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:36:28.0901 3196 crcdisk - ok
22:36:28.0957 3196 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:36:28.0957 3196 Crusoe - ok
22:36:29.0034 3196 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
22:36:29.0035 3196 DfsC - ok
22:36:29.0154 3196 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
22:36:29.0155 3196 disk - ok
22:36:29.0223 3196 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
22:36:29.0224 3196 Dot4 - ok
22:36:29.0293 3196 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:36:29.0293 3196 Dot4Print - ok
22:36:29.0320 3196 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
22:36:29.0320 3196 dot4usb - ok
22:36:29.0431 3196 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:36:29.0431 3196 drmkaud - ok
22:36:29.0476 3196 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
22:36:29.0480 3196 DXGKrnl - ok
22:36:29.0577 3196 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:36:29.0578 3196 E1G60 - ok
22:36:29.0628 3196 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
22:36:29.0629 3196 Ecache - ok
22:36:29.0725 3196 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:36:29.0728 3196 eeCtrl - ok
22:36:29.0853 3196 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:36:29.0856 3196 elxstor - ok
22:36:29.0891 3196 enecir (4cd6b056c5fd9e97c06fe74c81479517) C:\Windows\system32\DRIVERS\enecir.sys
22:36:29.0892 3196 enecir - ok
22:36:29.0986 3196 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:36:29.0987 3196 EraserUtilRebootDrv - ok
22:36:30.0094 3196 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:36:30.0095 3196 ErrDev - ok
22:36:30.0147 3196 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
22:36:30.0148 3196 exfat - ok
22:36:30.0177 3196 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
22:36:30.0178 3196 fastfat - ok
22:36:30.0260 3196 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:36:30.0261 3196 fdc - ok
22:36:30.0291 3196 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:36:30.0291 3196 FileInfo - ok
22:36:30.0313 3196 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:36:30.0314 3196 Filetrace - ok
22:36:30.0342 3196 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:36:30.0342 3196 flpydisk - ok
22:36:30.0421 3196 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
22:36:30.0423 3196 FltMgr - ok
22:36:30.0483 3196 FlyUsb (85e5ad3a9d56fd6f92db5fc9ca62e2e4) C:\Windows\system32\DRIVERS\FlyUsb.sys
22:36:30.0484 3196 FlyUsb - ok
22:36:30.0553 3196 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:36:30.0554 3196 Fs_Rec - ok
22:36:30.0584 3196 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:36:30.0585 3196 gagp30kx - ok
22:36:30.0729 3196 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:36:30.0731 3196 HdAudAddService - ok
22:36:30.0754 3196 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:36:30.0755 3196 HDAudBus - ok
22:36:30.0788 3196 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:36:30.0788 3196 HidBth - ok
22:36:30.0865 3196 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
22:36:30.0866 3196 HidIr - ok
22:36:31.0040 3196 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
22:36:31.0041 3196 HidUsb - ok
22:36:31.0205 3196 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:36:31.0205 3196 HpCISSs - ok
22:36:31.0256 3196 hpdskflt (24f3f496c18efc234777723a67a85f81) C:\Windows\system32\DRIVERS\hpdskflt.sys
22:36:31.0257 3196 hpdskflt - ok
22:36:31.0374 3196 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:36:31.0375 3196 HpqKbFiltr - ok
22:36:31.0487 3196 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:36:31.0489 3196 HSFHWAZL - ok
22:36:31.0535 3196 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:36:31.0542 3196 HSF_DPV - ok
22:36:31.0606 3196 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
22:36:31.0608 3196 HTTP - ok
22:36:31.0687 3196 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:36:31.0687 3196 i2omp - ok
22:36:31.0736 3196 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:36:31.0736 3196 i8042prt - ok
22:36:31.0826 3196 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:36:31.0827 3196 iaStorV - ok
22:36:31.0961 3196 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120118.003\IDSvix86.sys
22:36:31.0963 3196 IDSVix86 - ok
22:36:32.0297 3196 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:36:32.0356 3196 igfx - ok
22:36:32.0435 3196 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:36:32.0435 3196 iirsp - ok
22:36:32.0485 3196 IntcHdmiAddService (ab8b0206bcdff0ed03cec500fa03a32a) C:\Windows\system32\drivers\IntcHdmi.sys
22:36:32.0486 3196 IntcHdmiAddService - ok
22:36:32.0505 3196 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:36:32.0506 3196 intelide - ok
22:36:32.0592 3196 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:36:32.0592 3196 intelppm - ok
22:36:32.0615 3196 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:36:32.0616 3196 IpFilterDriver - ok
22:36:32.0630 3196 IpInIp - ok
22:36:32.0657 3196 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:36:32.0658 3196 IPMIDRV - ok
22:36:32.0686 3196 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:36:32.0687 3196 IPNAT - ok
22:36:32.0771 3196 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:36:32.0771 3196 IRENUM - ok
22:36:32.0814 3196 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:36:32.0815 3196 isapnp - ok
22:36:32.0912 3196 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
22:36:32.0913 3196 iScsiPrt - ok
22:36:32.0949 3196 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:36:32.0950 3196 iteatapi - ok
22:36:32.0963 3196 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:36:32.0963 3196 iteraid - ok
22:36:33.0072 3196 JMCR (da971cfc625d13636e04c405948e9d62) C:\Windows\system32\DRIVERS\jmcr.sys
22:36:33.0073 3196 JMCR - ok
22:36:33.0118 3196 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:36:33.0118 3196 kbdclass - ok
22:36:33.0185 3196 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
22:36:33.0185 3196 kbdhid - ok
22:36:33.0247 3196 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
22:36:33.0250 3196 KSecDD - ok
22:36:33.0400 3196 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:36:33.0401 3196 lltdio - ok
22:36:33.0441 3196 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:36:33.0442 3196 LSI_FC - ok
22:36:33.0457 3196 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:36:33.0458 3196 LSI_SAS - ok
22:36:33.0545 3196 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:36:33.0546 3196 LSI_SCSI - ok
22:36:33.0577 3196 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:36:33.0578 3196 luafv - ok
22:36:33.0619 3196 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
22:36:33.0619 3196 MBAMProtector - ok
22:36:33.0701 3196 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:36:33.0701 3196 megasas - ok
22:36:33.0743 3196 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:36:33.0746 3196 MegaSR - ok
22:36:33.0774 3196 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:36:33.0775 3196 Modem - ok
22:36:33.0846 3196 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:36:33.0847 3196 monitor - ok
22:36:33.0877 3196 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:36:33.0878 3196 mouclass - ok
22:36:33.0897 3196 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:36:33.0898 3196 mouhid - ok
22:36:33.0921 3196 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:36:33.0921 3196 MountMgr - ok
22:36:34.0025 3196 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:36:34.0026 3196 mpio - ok
22:36:34.0055 3196 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:36:34.0056 3196 mpsdrv - ok
22:36:34.0083 3196 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:36:34.0083 3196 Mraid35x - ok
22:36:34.0172 3196 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
22:36:34.0173 3196 MRxDAV - ok
22:36:34.0240 3196 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:36:34.0241 3196 mrxsmb - ok
22:36:34.0343 3196 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:36:34.0345 3196 mrxsmb10 - ok
22:36:34.0375 3196 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:36:34.0376 3196 mrxsmb20 - ok
22:36:34.0492 3196 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
22:36:34.0492 3196 msahci - ok
22:36:34.0534 3196 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:36:34.0534 3196 msdsm - ok
22:36:34.0570 3196 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:36:34.0571 3196 Msfs - ok
22:36:34.0670 3196 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:36:34.0671 3196 msisadrv - ok
22:36:34.0705 3196 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:36:34.0706 3196 MSKSSRV - ok
22:36:34.0739 3196 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:36:34.0740 3196 MSPCLOCK - ok
22:36:34.0821 3196 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:36:34.0822 3196 MSPQM - ok
22:36:34.0846 3196 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
22:36:34.0847 3196 MsRPC - ok
22:36:34.0865 3196 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:36:34.0865 3196 mssmbios - ok
22:36:34.0973 3196 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:36:34.0974 3196 MSTEE - ok
22:36:34.0997 3196 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
22:36:34.0998 3196 Mup - ok
22:36:35.0296 3196 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
22:36:35.0297 3196 NativeWifiP - ok
22:36:35.0427 3196 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120118.019\NAVENG.SYS
22:36:35.0427 3196 NAVENG - ok
22:36:35.0631 3196 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120118.019\NAVEX15.SYS
22:36:35.0642 3196 NAVEX15 - ok
22:36:35.0765 3196 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
22:36:35.0769 3196 NDIS - ok
22:36:35.0810 3196 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:36:35.0810 3196 NdisTapi - ok
22:36:35.0889 3196 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:36:35.0889 3196 Ndisuio - ok
22:36:35.0941 3196 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
22:36:35.0942 3196 NdisWan - ok
22:36:35.0967 3196 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:36:35.0968 3196 NDProxy - ok
22:36:36.0064 3196 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:36:36.0065 3196 NetBIOS - ok
22:36:36.0095 3196 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
22:36:36.0097 3196 netbt - ok
22:36:36.0288 3196 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
22:36:36.0313 3196 NETw5v32 - ok
22:36:36.0391 3196 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:36:36.0391 3196 nfrd960 - ok
22:36:36.0421 3196 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
22:36:36.0421 3196 Npfs - ok
22:36:36.0446 3196 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:36:36.0447 3196 nsiproxy - ok
22:36:36.0506 3196 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
22:36:36.0514 3196 Ntfs - ok
22:36:36.0662 3196 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:36:36.0663 3196 ntrigdigi - ok
22:36:36.0689 3196 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:36:36.0689 3196 Null - ok
22:36:36.0799 3196 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
22:36:36.0803 3196 NVENETFD - ok
22:36:36.0846 3196 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:36:36.0847 3196 nvraid - ok
22:36:36.0868 3196 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:36:36.0868 3196 nvstor - ok
22:36:36.0928 3196 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:36:36.0929 3196 nv_agp - ok
22:36:36.0942 3196 NwlnkFlt - ok
22:36:36.0953 3196 NwlnkFwd - ok
22:36:37.0003 3196 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:36:37.0004 3196 ohci1394 - ok
22:36:37.0048 3196 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:36:37.0049 3196 Parport - ok
22:36:37.0113 3196 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
22:36:37.0114 3196 partmgr - ok
22:36:37.0147 3196 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:36:37.0148 3196 Parvdm - ok
22:36:37.0180 3196 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
22:36:37.0181 3196 pci - ok
22:36:37.0260 3196 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
22:36:37.0261 3196 pciide - ok
22:36:37.0300 3196 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:36:37.0302 3196 pcmcia - ok
22:36:37.0411 3196 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:36:37.0418 3196 PEAUTH - ok
22:36:37.0505 3196 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:36:37.0505 3196 PptpMiniport - ok
22:36:37.0615 3196 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:36:37.0616 3196 Processor - ok
22:36:37.0661 3196 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
22:36:37.0662 3196 PSched - ok
22:36:37.0739 3196 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
22:36:37.0740 3196 PxHelp20 - ok
22:36:37.0875 3196 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:36:37.0883 3196 ql2300 - ok
22:36:37.0964 3196 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:36:37.0965 3196 ql40xx - ok
22:36:38.0010 3196 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:36:38.0010 3196 QWAVEdrv - ok
22:36:38.0027 3196 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:36:38.0027 3196 RasAcd - ok
22:36:38.0126 3196 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:36:38.0127 3196 Rasl2tp - ok
22:36:38.0152 3196 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
22:36:38.0153 3196 RasPppoe - ok
22:36:38.0176 3196 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
22:36:38.0177 3196 RasSstp - ok
22:36:38.0305 3196 rcmirror (a7bad9853a70e2e7808be027efe0522a) C:\Windows\system32\DRIVERS\rcmirror.sys
22:36:38.0306 3196 rcmirror - ok
22:36:38.0343 3196 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
22:36:38.0346 3196 rdbss - ok
22:36:38.0414 3196 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:36:38.0415 3196 RDPCDD - ok
22:36:38.0448 3196 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:36:38.0450 3196 rdpdr - ok
22:36:38.0477 3196 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:36:38.0478 3196 RDPENCDD - ok
22:36:38.0521 3196 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
22:36:38.0522 3196 RDPWD - ok
22:36:38.0625 3196 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
22:36:38.0626 3196 RFCOMM - ok
22:36:38.0677 3196 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
22:36:38.0678 3196 RimUsb - ok
22:36:38.0716 3196 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
22:36:38.0716 3196 RimVSerPort - ok
22:36:38.0813 3196 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
22:36:38.0814 3196 ROOTMODEM - ok
22:36:38.0862 3196 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:36:38.0863 3196 rspndr - ok
22:36:38.0958 3196 RTL8169 (2fc33077f85d7dc0d03678c06d43898c) C:\Windows\system32\DRIVERS\Rtlh86.sys
22:36:38.0959 3196 RTL8169 - ok
22:36:39.0016 3196 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:36:39.0016 3196 SASDIFSV - ok
22:36:39.0029 3196 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:36:39.0030 3196 SASKUTIL - ok
22:36:39.0117 3196 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:36:39.0118 3196 sbp2port - ok
22:36:39.0154 3196 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
22:36:39.0155 3196 sdbus - ok
22:36:39.0247 3196 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:36:39.0248 3196 secdrv - ok
22:36:39.0280 3196 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:36:39.0281 3196 Serenum - ok
22:36:39.0307 3196 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:36:39.0308 3196 Serial - ok
22:36:39.0397 3196 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:36:39.0398 3196 sermouse - ok
22:36:39.0432 3196 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:36:39.0432 3196 sffdisk - ok
22:36:39.0456 3196 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:36:39.0457 3196 sffp_mmc - ok
22:36:39.0564 3196 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:36:39.0565 3196 sffp_sd - ok
22:36:39.0578 3196 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:36:39.0578 3196 sfloppy - ok
22:36:39.0642 3196 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:36:39.0643 3196 sisagp - ok
22:36:39.0677 3196 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:36:39.0678 3196 SiSRaid2 - ok
22:36:39.0730 3196 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:36:39.0731 3196 SiSRaid4 - ok
22:36:39.0811 3196 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
22:36:39.0812 3196 Smb - ok
22:36:39.0839 3196 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:36:39.0839 3196 spldr - ok
22:36:39.0951 3196 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\Windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS
22:36:39.0953 3196 SRTSP - ok
22:36:40.0033 3196 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\Windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS
22:36:40.0033 3196 SRTSPX - ok
22:36:40.0125 3196 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
22:36:40.0127 3196 srv - ok
22:36:40.0225 3196 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
22:36:40.0226 3196 srv2 - ok
22:36:40.0273 3196 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
22:36:40.0274 3196 srvnet - ok
22:36:40.0381 3196 STHDA (21cc262ab5f42f7a6b91dc7304c2f267) C:\Windows\system32\DRIVERS\stwrt.sys
22:36:40.0384 3196 STHDA - ok
22:36:40.0496 3196 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:36:40.0497 3196 swenum - ok
22:36:40.0534 3196 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:36:40.0534 3196 Symc8xx - ok
22:36:40.0631 3196 SYMDNS - ok
22:36:40.0757 3196 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\Windows\system32\drivers\NIS\1008030.006\SYMEFA.SYS
22:36:40.0759 3196 SymEFA - ok
22:36:40.0874 3196 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
22:36:40.0875 3196 SymEvent - ok
22:36:41.0039 3196 SYMFW (a8c45c36309ee066f9191e511f88ed76) C:\Windows\System32\Drivers\NIS\1008030.006\SYMFW.SYS
22:36:41.0040 3196 SYMFW - ok
22:36:41.0134 3196 SymIM (34f1c9d5dcc19df1e824d6b73767b8af) C:\Windows\system32\DRIVERS\SymIMv.sys
22:36:41.0135 3196 SymIM - ok
22:36:41.0255 3196 SYMNDISV (d8b16289f39b63456f48ea95243a788a) C:\Windows\System32\Drivers\NIS\1008030.006\SYMNDISV.SYS
22:36:41.0256 3196 SYMNDISV - ok
22:36:41.0316 3196 SYMREDRV - ok
22:36:41.0362 3196 SYMTDI (26bc80ec79d7ba478249c266cbdf17b4) C:\Windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS
22:36:41.0364 3196 SYMTDI - ok
22:36:41.0397 3196 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:36:41.0397 3196 Sym_hi - ok
22:36:41.0415 3196 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:36:41.0416 3196 Sym_u3 - ok
22:36:41.0521 3196 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
22:36:41.0523 3196 SynTP - ok
22:36:41.0614 3196 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
22:36:41.0621 3196 Tcpip - ok
22:36:41.0836 3196 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
22:36:41.0842 3196 Tcpip6 - ok
22:36:41.0929 3196 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
22:36:41.0929 3196 tcpipreg - ok
22:36:41.0950 3196 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:36:41.0951 3196 TDPIPE - ok
22:36:41.0969 3196 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:36:41.0970 3196 TDTCP - ok
22:36:41.0987 3196 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
22:36:41.0988 3196 tdx - ok
22:36:42.0080 3196 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
22:36:42.0081 3196 TermDD - ok
22:36:42.0119 3196 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:36:42.0120 3196 tssecsrv - ok
22:36:42.0148 3196 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:36:42.0149 3196 tunmp - ok
22:36:42.0268 3196 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
22:36:42.0269 3196 tunnel - ok
22:36:42.0297 3196 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:36:42.0298 3196 uagp35 - ok
22:36:42.0383 3196 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
22:36:42.0384 3196 udfs - ok
22:36:42.0419 3196 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:36:42.0420 3196 uliagpkx - ok
22:36:42.0458 3196 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:36:42.0460 3196 uliahci - ok
22:36:42.0519 3196 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:36:42.0520 3196 UlSata - ok
22:36:42.0561 3196 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:36:42.0562 3196 ulsata2 - ok
22:36:42.0604 3196 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:36:42.0604 3196 umbus - ok
22:36:42.0664 3196 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:36:42.0665 3196 usbccgp - ok
22:36:42.0751 3196 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:36:42.0752 3196 usbcir - ok
22:36:42.0812 3196 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
22:36:42.0813 3196 usbehci - ok
22:36:42.0842 3196 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
22:36:42.0843 3196 usbhub - ok
22:36:42.0926 3196 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
22:36:42.0927 3196 usbohci - ok
22:36:42.0966 3196 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:36:42.0967 3196 usbprint - ok
22:36:43.0074 3196 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:36:43.0075 3196 usbscan - ok
22:36:43.0115 3196 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:36:43.0116 3196 USBSTOR - ok
22:36:43.0198 3196 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:36:43.0198 3196 usbuhci - ok
22:36:43.0238 3196 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:36:43.0240 3196 usbvideo - ok
22:36:43.0276 3196 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:36:43.0277 3196 vga - ok
22:36:43.0356 3196 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:36:43.0357 3196 VgaSave - ok
22:36:43.0387 3196 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:36:43.0388 3196 viaagp - ok
22:36:43.0410 3196 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:36:43.0411 3196 ViaC7 - ok
22:36:43.0445 3196 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:36:43.0445 3196 viaide - ok
22:36:43.0536 3196 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:36:43.0537 3196 volmgr - ok
22:36:43.0613 3196 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
22:36:43.0615 3196 volmgrx - ok
22:36:43.0631 3196 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
22:36:43.0633 3196 volsnap - ok
22:36:43.0673 3196 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:36:43.0674 3196 vsmraid - ok
22:36:43.0774 3196 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:36:43.0775 3196 WacomPen - ok
22:36:43.0816 3196 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:36:43.0817 3196 Wanarp - ok
22:36:43.0820 3196 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:36:43.0821 3196 Wanarpv6 - ok
22:36:43.0859 3196 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:36:43.0860 3196 Wd - ok
22:36:43.0897 3196 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:36:43.0902 3196 Wdf01000 - ok
22:36:44.0010 3196 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:36:44.0016 3196 winachsf - ok
22:36:44.0059 3196 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:36:44.0059 3196 WmiAcpi - ok
22:36:44.0168 3196 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
22:36:44.0168 3196 WpdUsb - ok
22:36:44.0196 3196 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:36:44.0197 3196 ws2ifsl - ok
22:36:44.0232 3196 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:36:44.0233 3196 WUDFRd - ok
22:36:44.0258 3196 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:36:44.0294 3196 \Device\Harddisk0\DR0 - ok
22:36:44.0298 3196 Boot (0x1200) (4f644de25674639a1dffae0194e26369) \Device\Harddisk0\DR0\Partition0
22:36:44.0299 3196 \Device\Harddisk0\DR0\Partition0 - ok
22:36:44.0317 3196 Boot (0x1200) (85e01a988aca93dfe866a11bbac6fe0b) \Device\Harddisk0\DR0\Partition1
22:36:44.0318 3196 \Device\Harddisk0\DR0\Partition1 - ok
22:36:44.0319 3196 ============================================================
22:36:44.0319 3196 Scan finished
22:36:44.0319 3196 ============================================================
22:36:44.0329 3692 Detected object count: 0
22:36:44.0329 3692 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:04 AM

Posted 19 January 2012 - 12:38 AM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jimnlisastein

jimnlisastein
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 19 January 2012 - 07:31 PM

Another blue screen event. Two possibly useful bits of info:

catchme.sys

PAGE_FAULT_IN_NONPAGED_AREA

Here's the Windows info that showed up on startup:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 50
BCP1: 9C77701C
BCP2: 00000000
BCP3: B1B05ABB
BCP4: 00000000
OS Version: 6_0_6001
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini011912-02.dmp
C:\Users\Lisa\AppData\Local\temp\WER-151554-0.sysdata.xml
C:\Users\Lisa\AppData\Local\temp\WER26B2.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:04 AM

Posted 19 January 2012 - 08:13 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jimnlisastein

jimnlisastein
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 19 January 2012 - 08:53 PM

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-19 19:46:42
-----------------------------
19:46:42.043 OS Version: Windows 6.0.6001 Service Pack 1
19:46:42.044 Number of processors: 2 586 0x1706
19:46:42.044 ComputerName: LISA-PC UserName: Lisa
19:46:44.254 Initialize success
19:47:49.904 AVAST engine defs: 12011902
19:48:34.981 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:48:34.984 Disk 0 Vendor: TOSHIBA_MK3252GSX LV011C Size: 305245MB BusType: 3
19:48:35.023 Disk 0 MBR read successfully
19:48:35.025 Disk 0 MBR scan
19:48:35.030 Disk 0 Windows VISTA default MBR code
19:48:35.033 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294760 MB offset 63
19:48:35.060 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10481 MB offset 603670528
19:48:35.084 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 3 MB offset 625135616
19:48:35.089 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]
19:48:35.094 Disk 0 scanning sectors +625142432
19:48:35.458 Disk 0 scanning C:\Windows\system32\drivers
19:48:44.019 Service scanning
19:48:45.386 Modules scanning
19:48:55.189 Disk 0 trace - called modules:
19:48:55.199
19:48:57.093 AVAST engine scan C:\Windows
19:49:01.371 AVAST engine scan C:\Windows\system32
19:50:42.973 AVAST engine scan C:\Windows\system32\drivers
19:50:56.097 AVAST engine scan C:\Users\Lisa
19:51:54.894 Disk 0 MBR has been saved successfully to "C:\Users\Lisa\Desktop\MBR.dat"
19:51:54.899 The log file has been saved successfully to "C:\Users\Lisa\Desktop\aswMBR.txt"

#14 jimnlisastein

jimnlisastein
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 19 January 2012 - 08:55 PM

I left the tool open, in case you want me to fix the Master Boot Record with the tool...let me know if you want me to click on FixMBR

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:04 AM

Posted 19 January 2012 - 09:01 PM

Hello


go ahead and close it I want you to run this - I see something in the report I want to double check

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users