Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus that disables Vista Security Center


  • This topic is locked This topic is locked
14 replies to this topic

#1 abovel

abovel

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 19 January 2012 - 04:29 PM

Hello,

I have been having an issue with my laptop for the past 2 months or so and would appreciate advice on how to get things back in order. The problems began when I could not connect to wireless internet and the Network and sharing Center displayed the message: "The dependency service or group failed to start". Soon after I realized that the windows firewall installed on my computer had been disabled (on its own) and file sharing had been turned on. I was not allowed to turn off the file sharing or enable the firewall. Finally the Automatic Updating feature had shut itself down also refusing to be turned on.

At this point I could not decide what to do so I entrusted the situation to the father of a friend of mine. He was able to restore function to all of the inflicted items. He told me a virus was the cause of the problem but could tell me the name as he worked on it a few weeks earlier and had done work on many other computers as well, forgetting which virus infected my computer.

I am writing in this blog because the computer still behaves oddly and I would like to see if he had fully removed the problem. Continuing problems include: freezing and random shut-offs (happened once).

I personally ran several Malwarebytes scans which returned no problems. In following the preparation guide, I have run defogger and subsequently ran a dds scan and a gmer scan. The results of the dds are displayed below. However, whenever I attempt the gmer scan my computer almost immediately returns a blue screen and automatically restarts.

Any input that can help me resolve this problem will be greatly appreciated!

Thank you


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_30
Run by Lloyd at 14:51:12 on 2012-01-19
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.270 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Vongo\VongoService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Vongo\Tray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Users\Lloyd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lloyd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Lloyd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lloyd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lloyd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lloyd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lloyd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lloyd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Lloyd\Desktop\Defogger.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hewlett-packard\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [Google Update] "c:\users\lloyd\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vongot~1.lnk - c:\windows\installer\{8c3ae2d1-854d-4650-a73d-c7cc7ee36b80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_30.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
TCP: Interfaces\{403B01B5-903E-4F1E-BE95-4388634E7BFC} : DhcpNameServer = 167.206.254.1 167.206.254.2
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lloyd\appdata\roaming\mozilla\firefox\profiles\g2dr7mqu.default\
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\lloyd\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-2 343664]
R2 DriverX;DriverX;c:\windows\system32\drivers\DRIVERX.SYS [2011-2-27 234140]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-12 20464]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-2 91672]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-2 43288]
S3 MCHPUSB;MCHPUSB;c:\windows\system32\drivers\mchpusb.sys [2008-2-2 53760]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-2 65448]
S3 XDS560;Texas Instruments XDS560 Device Driver;c:\windows\system32\drivers\xds560.sys [2011-2-21 31472]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
.
=============== Created Last 30 ================
.
2012-01-18 01:42:13 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9e4ab15a-a07b-498f-a147-7e9d2e1415bd}\offreg.dll
2012-01-18 01:42:10 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9e4ab15a-a07b-498f-a147-7e9d2e1415bd}\mpengine.dll
2012-01-17 21:16:40 98816 ----a-w- c:\windows\sed.exe
2012-01-17 21:16:40 518144 ----a-w- c:\windows\SWREG.exe
2012-01-17 21:16:40 256000 ----a-w- c:\windows\PEV.exe
2012-01-17 21:16:40 208896 ----a-w- c:\windows\MBR.exe
2012-01-17 21:16:29 -------- d-s---w- C:\ComboFix
2012-01-16 03:03:12 -------- d-----w- c:\users\lloyd\appdata\local\Google
.
==================== Find3M ====================
.
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 16:40:04 22 --sha-w- c:\users\lloyd\appdata\roaming\Sys2662.Config.Repository.bin
2011-11-15 19:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-10 10:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 14:56:39.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 AM

Posted 25 January 2012 - 11:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 abovel

abovel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 26 January 2012 - 02:20 PM

Hello again, Thanks for the reply!

In the time between my post and your response, I ran a scan using Ad-Aware. The scan came up with some malicious objects but I am pretty sure it did not solve any problems. I will post the log to that scan at the bottom of this post along with the others.

I ran the TDSSkiller and it returned no found items. The log is posted below.

I downloaded the aswMBR.exe and updated it to obtain the avast virus definitions. However, every time I run the scan (Quick scan) I eventually get a blue screen again and the computer has to restart. The error message I get is given here:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: d1
BCP1: 00000004
BCP2: 00000002
BCP3: 00000001
BCP4: 82F52D21
OS Version: 6_0_6001
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini012512-01.dmp
C:\Users\Lloyd\AppData\Local\Temp\WER-1640069-0.sysdata.xml
C:\Users\Lloyd\AppData\Local\Temp\WER4F29.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409
___________________________________________________________________________________________


I ran the scan Three times and this was returned each time after auto-restart. The third time I was able to see that the error occurred when the following folder was being scanned:

C:\Users\Lloyd\appdata\Local\Google

I do not know if this is where it occurred the other times though. As a side note, Do I have to run defogger every time is start my computer or does its effects last until I tell it otherwise? I have not been running it upon each restart, only the initial time.


Here are the scan reports requested that I could obtain with the ad aware displayed first:

Logfile created: 1/21/2012 20:58:07
Ad-Aware version: 9.6.0
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Lloyd

*********************** Definitions database information ***********************
Lavasoft definition file: 150.691
Genotype definition file version: 2011/09/21 13:56:01
Extended engine definition file: 11433.0

******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 906869
Objects detected: 5


Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 3
Folders.........: 0
LSPs............: 0
Cookies.........: 2
Browser hijacks.: 0
MRU objects.....: 0



Removed items:
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0

Quarantined items:
Description: c:\users\lloyd\downloads\combofix (1).exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: f1b0f87ad617b9870deec98c545c382e
Description: c:\users\lloyd\downloads\combofix.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: f1b0f87ad617b9870deec98c545c382e
Description: c:\users\lloyd\appdata\roaming\6335.158 Family Name: Backdoor.Win32.Cycbot.cfg (v) Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: 8681974951a746ed2fe084155de76aa6

Scan and cleaning complete: Finished correctly after 57667 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
ID: folderstoscan, enabled:1, value: C:\,D:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Sat Jan 21 20:12:00 2012
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Sat Jan 21 02:12:00 2012
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Sat Jan 21 08:12:00 2012
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Sat Jan 21 14:12:00 2012
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Sat Jan 21 20:12:00 2012
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: true
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true


****************************** System information ******************************
Computer name: AWSOME
Processor name: AMD Turion™ 64 X2 Mobile Technology TL-64
Processor identifier: x86 Family 15 Model 104 Stepping 1
Processor speed: ~2210MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 26625, number of processors 2, processor features: [MMX,SSE,SSE2,SSE3,3DNow]
Physical memory available: 552456192 bytes
Physical memory total: 2145251328 bytes
Virtual memory available: 1864892416 bytes
Virtual memory total: 2147352576 bytes
Memory load: 74%
Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Windows startup mode:

Running processes:
PID: 464 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 584 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 636 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY
PID: 648 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 680 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 692 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 700 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY
PID: 796 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 896 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 956 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1016 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1088 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1160 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1176 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1292 name: C:\Windows\System32\SLsvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1336 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1508 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1632 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1768 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1804 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2032 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 204 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 284 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 328 name: C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 480 name: C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe owner: SYSTEM domain: NT AUTHORITY
PID: 592 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 456 name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1284 name: C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1428 name: C:\Program Files\McAfee\Common Framework\FrameworkService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 748 name: C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1220 name: C:\Windows\System32\mfevtps.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1780 name: C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2008 name: C:\Program Files\McAfee\Common Framework\naPrdMgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 472 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2068 name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2144 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2208 name: C:\Program Files\Vongo\VongoService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2344 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2364 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2404 name: C:\Windows\System32\drivers\XAudio.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2452 name: C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2516 name: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2764 name: C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2956 name: C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSched.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3284 name: C:\Windows\System32\taskeng.exe owner: Lloyd domain: Awsome
PID: 3508 name: C:\Windows\System32\dwm.exe owner: Lloyd domain: Awsome
PID: 3516 name: C:\Windows\explorer.exe owner: Lloyd domain: Awsome
PID: 3992 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4036 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2360 name: C:\Windows\System32\taskeng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3412 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Lloyd domain: Awsome
PID: 2928 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: Lloyd domain: Awsome
PID: 3640 name: C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe owner: Lloyd domain: Awsome
PID: 1708 name: C:\Program Files\Hp\QuickPlay\QPService.exe owner: Lloyd domain: Awsome
PID: 1144 name: C:\Windows\vsnp2uvc.exe owner: Lloyd domain: Awsome
PID: 1108 name: C:\Windows\System32\rundll32.exe owner: Lloyd domain: Awsome
PID: 156 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Lloyd domain: Awsome
PID: 3564 name: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe owner: Lloyd domain: Awsome
PID: 2108 name: C:\Program Files\McAfee\Common Framework\UdaterUI.exe owner: Lloyd domain: Awsome
PID: 992 name: C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe owner: Lloyd domain: Awsome
PID: 3316 name: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe owner: Lloyd domain: Awsome
PID: 2648 name: C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe owner: Lloyd domain: Awsome
PID: 3588 name: C:\Program Files\Windows Sidebar\sidebar.exe owner: Lloyd domain: Awsome
PID: 1832 name: C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe owner: Lloyd domain: Awsome
PID: 2620 name: C:\Windows\ehome\ehtray.exe owner: Lloyd domain: Awsome
PID: 3332 name: C:\Program Files\AIM\aim.exe owner: Lloyd domain: Awsome
PID: 1792 name: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe owner: Lloyd domain: Awsome
PID: 2992 name: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe owner: Lloyd domain: Awsome
PID: 2848 name: C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe owner: Lloyd domain: Awsome
PID: 3464 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 3236 name: C:\Windows\ehome\ehmsas.exe owner: Lloyd domain: Awsome
PID: 4256 name: C:\Program Files\McAfee\Common Framework\McTray.exe owner: Lloyd domain: Awsome
PID: 4408 name: C:\Program Files\Vongo\Tray.exe owner: Lloyd domain: Awsome
PID: 4856 name: C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4900 name: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe owner: Lloyd domain: Awsome
PID: 4948 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5848 name: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 4632 name: C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe owner: Lloyd domain: Awsome
PID: 5632 name: C:\Windows\servicing\TrustedInstaller.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5344 name: C:\Windows\System32\taskeng.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3036 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Lloyd domain: Awsome

Startup items:
Name: adaware
imagepath: reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
Name: adaware_XP
imagepath: reg.exe delete "HKCU\Software\adaware" /f
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: SynTPEnh
imagepath: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Name: HP Software Update
imagepath: C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
Name: QPService
imagepath: "C:\Program Files\HP\QuickPlay\QPService.exe"
Name: NvSvc
imagepath: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Name: snp2uvc
imagepath: C:\Windows\vsnp2uvc.exe
Name: HP Health Check Scheduler
imagepath: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Name: iTunesHelper
imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"
Name: hpWirelessAssistant
imagepath: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
Name: McAfeeUpdaterUI
imagepath: "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
Name: ShStatEXE
imagepath: "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
Name: Malwarebytes' Anti-Malware (reboot)
imagepath: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
Name: Malwarebytes' Anti-Malware
imagepath: "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Name: Adobe Reader Speed Launcher
imagepath: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Name: Adobe ARM
imagepath: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"
Name: Ad-Aware Browsing Protection
imagepath: "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
Name: Launcher
imagepath: %WINDIR%\SMINST\launcher.exe
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
imagepath: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk
imagepath: C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
imagepath: C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico

Bootexecute items:
Name:
imagepath: autocheck autochk *

Running services:
Name: AeLookupSvc
displayname: Application Experience
Name: Akamai
displayname: Akamai NetSession Interface
Name: Appinfo
displayname: Application Information
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioEndpointBuilder
displayname: Windows Audio Endpoint Builder
Name: Audiosrv
displayname: Windows Audio
Name: BFE
displayname: Base Filtering Engine
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Bonjour Service
displayname: Bonjour Service
Name: CLCapSvc
displayname: CyberLink Background Capture Service (CBCS)
Name: CLSched
displayname: CyberLink Task Scheduler (CTS)
Name: CryptSvc
displayname: Cryptographic Services
Name: CVPND
displayname: Cisco Systems, Inc. VPN Service
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: DPS
displayname: Diagnostic Policy Service
Name: EapHost
displayname: Extensible Authentication Protocol
Name: EMDMgmt
displayname: ReadyBoost
Name: Eventlog
displayname: Windows Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FDResPub
displayname: Function Discovery Resource Publication
Name: FontCache3.0.0.0
displayname: Windows Presentation Foundation Font Cache 3.0.0.0
Name: gpsvc
displayname: Group Policy Client
Name: hpqcxs08
displayname: hpqcxs08
Name: hpqddsvc
displayname: HP CUE DeviceDiscovery Service
Name: hpqwmiex
displayname: hpqwmiex
Name: IKEEXT
displayname: IKE and AuthIP IPsec Keying Modules
Name: iphlpsvc
displayname: IP Helper
Name: iPod Service
displayname: iPod Service
Name: KeyIso
displayname: CNG Key Isolation
Name: KtmRm
displayname: KtmRm for Distributed Transaction Coordinator
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LightScribeService
displayname: LightScribeService Direct Disc Labeling Service
Name: lmhosts
displayname: TCP/IP NetBIOS Helper
Name: MBAMService
displayname: MBAMService
Name: McAfeeEngineService
displayname: McAfee Engine Service
Name: McAfeeFramework
displayname: McAfee Framework Service
Name: McShield
displayname: McAfee McShield
Name: McTaskManager
displayname: McAfee Task Manager
Name: mfevtp
displayname: McAfee Validation Trust Protection Service
Name: MMCSS
displayname: Multimedia Class Scheduler
Name: MpsSvc
displayname: Windows Firewall
Name: MSSQL$SQLEXPRESS
displayname: SQL Server (SQLEXPRESS)
Name: Netman
displayname: Network Connections
Name: netprofm
displayname: Network List Service
Name: NlaSvc
displayname: Network Location Awareness
Name: nsi
displayname: Network Store Interface Service
Name: PcaSvc
displayname: Program Compatibility Assistant Service
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPsec Policy Agent
Name: ProfSvc
displayname: User Profile Service
Name: RasMan
displayname: Remote Access Connection Manager
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification Service
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: slsvc
displayname: Software Licensing
Name: Spooler
displayname: Print Spooler
Name: SQLWriter
displayname: SQL Server VSS Writer
Name: SSDPSRV
displayname: SSDP Discovery
Name: SstpSvc
displayname: Secure Socket Tunneling Protocol Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: SysMain
displayname: Superfetch
Name: TabletInputService
displayname: Tablet PC Input Service
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: TrustedInstaller
displayname: Windows Modules Installer
Name: upnphost
displayname: UPnP Device Host
Name: UxSms
displayname: Desktop Window Manager Session Manager
Name: Vongo Service
displayname: Vongo Service
Name: W32Time
displayname: Windows Time
Name: WdiSystemHost
displayname: Diagnostic System Host
Name: WebClient
displayname: WebClient
Name: WerSvc
displayname: Windows Error Reporting Service
Name: WinDefend
displayname: Windows Defender
Name: WinHttpAutoProxySvc
displayname: WinHTTP Web Proxy Auto-Discovery Service
Name: Winmgmt
displayname: Windows Management Instrumentation
Name: Wlansvc
displayname: WLAN AutoConfig
Name: WPDBusEnum
displayname: Portable Device Enumerator Service
Name: wscsvc
displayname: Security Center
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - User-mode Driver Framework
Name: XAudioService
displayname: XAudioService

_________________________________________________________________________________________

16:22:16.0057 4596 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
16:22:16.0412 4596 ============================================================
16:22:16.0412 4596 Current date / time: 2012/01/25 16:22:16.0412
16:22:16.0412 4596 SystemInfo:
16:22:16.0412 4596
16:22:16.0413 4596 OS Version: 6.0.6001 ServicePack: 1.0
16:22:16.0413 4596 Product type: Workstation
16:22:16.0413 4596 ComputerName: AWSOME
16:22:16.0413 4596 UserName: Lloyd
16:22:16.0413 4596 Windows directory: C:\Windows
16:22:16.0413 4596 System windows directory: C:\Windows
16:22:16.0413 4596 Processor architecture: Intel x86
16:22:16.0413 4596 Number of processors: 2
16:22:16.0413 4596 Page size: 0x1000
16:22:16.0413 4596 Boot type: Normal boot
16:22:16.0413 4596 ============================================================
16:22:18.0002 4596 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:22:18.0193 4596 Initialize success
16:22:50.0026 3344 ============================================================
16:22:50.0026 3344 Scan started
16:22:50.0026 3344 Mode: Manual;
16:22:50.0026 3344 ============================================================
16:22:54.0783 3344 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
16:22:54.0795 3344 ACPI - ok
16:22:54.0878 3344 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
16:22:54.0894 3344 adp94xx - ok
16:22:54.0936 3344 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
16:22:54.0947 3344 adpahci - ok
16:22:55.0084 3344 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
16:22:55.0094 3344 adpu160m - ok
16:22:55.0128 3344 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
16:22:55.0138 3344 adpu320 - ok
16:22:55.0210 3344 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
16:22:55.0318 3344 Afc - ok
16:22:55.0472 3344 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
16:22:55.0665 3344 AFD - ok
16:22:55.0783 3344 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
16:22:55.0793 3344 agp440 - ok
16:22:55.0884 3344 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:22:55.0894 3344 aic78xx - ok
16:22:55.0962 3344 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
16:22:55.0971 3344 aliide - ok
16:22:56.0009 3344 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
16:22:56.0016 3344 amdagp - ok
16:22:56.0118 3344 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
16:22:56.0126 3344 amdide - ok
16:22:56.0201 3344 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
16:22:56.0211 3344 AmdK7 - ok
16:22:56.0268 3344 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
16:22:56.0275 3344 AmdK8 - ok
16:22:56.0352 3344 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
16:22:56.0361 3344 arc - ok
16:22:56.0480 3344 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
16:22:56.0487 3344 arcsas - ok
16:22:56.0597 3344 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:22:56.0601 3344 AsyncMac - ok
16:22:56.0659 3344 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:22:56.0669 3344 atapi - ok
16:22:56.0823 3344 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
16:22:57.0043 3344 BCM43XV - ok
16:22:57.0059 3344 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
16:22:57.0064 3344 BCM43XX - ok
16:22:57.0184 3344 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:22:57.0188 3344 Beep - ok
16:22:57.0308 3344 blbdrive - ok
16:22:57.0434 3344 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
16:22:57.0512 3344 bowser - ok
16:22:57.0606 3344 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:22:57.0606 3344 BrFiltLo - ok
16:22:57.0731 3344 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:22:57.0731 3344 BrFiltUp - ok
16:22:57.0777 3344 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:22:57.0793 3344 Brserid - ok
16:22:57.0810 3344 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:22:57.0814 3344 BrSerWdm - ok
16:22:57.0885 3344 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:22:57.0889 3344 BrUsbMdm - ok
16:22:57.0972 3344 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:22:57.0981 3344 BrUsbSer - ok
16:22:58.0017 3344 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:22:58.0024 3344 BTHMODEM - ok
16:22:58.0241 3344 catchme - ok
16:22:58.0398 3344 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:22:58.0406 3344 cdfs - ok
16:22:58.0496 3344 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
16:22:58.0503 3344 cdrom - ok
16:22:58.0588 3344 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
16:22:58.0596 3344 circlass - ok
16:22:58.0714 3344 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
16:22:58.0727 3344 CLFS - ok
16:22:58.0878 3344 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:22:58.0883 3344 CmBatt - ok
16:22:58.0940 3344 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
16:22:58.0946 3344 cmdide - ok
16:22:59.0080 3344 CnxtHdAudService (a4d44ab8423791db757b38150ec599a4) C:\Windows\system32\drivers\CHDRT32.sys
16:22:59.0307 3344 CnxtHdAudService - ok
16:22:59.0403 3344 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:22:59.0408 3344 Compbatt - ok
16:22:59.0511 3344 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
16:22:59.0517 3344 crcdisk - ok
16:22:59.0556 3344 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
16:22:59.0561 3344 Crusoe - ok
16:22:59.0624 3344 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
16:22:59.0724 3344 CVirtA - ok
16:22:59.0794 3344 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\Windows\system32\Drivers\CVPNDRVA.sys
16:22:59.0884 3344 CVPNDRVA - ok
16:23:00.0032 3344 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
16:23:00.0131 3344 DfsC - ok
16:23:00.0246 3344 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
16:23:00.0247 3344 disk - ok
16:23:00.0298 3344 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\Windows\system32\DRIVERS\dne2000.sys
16:23:00.0300 3344 DNE - ok
16:23:00.0499 3344 DriverX (d27a3a309da2f9122b64b556a9a2cc71) C:\Windows\System32\Drivers\driverx.sys
16:23:00.0613 3344 DriverX - ok
16:23:00.0662 3344 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:23:00.0675 3344 drmkaud - ok
16:23:00.0747 3344 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
16:23:00.0775 3344 DXGKrnl - ok
16:23:00.0941 3344 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
16:23:00.0953 3344 E100B - ok
16:23:01.0011 3344 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:23:01.0021 3344 E1G60 - ok
16:23:01.0072 3344 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
16:23:01.0256 3344 eabfiltr - ok
16:23:01.0401 3344 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
16:23:01.0412 3344 Ecache - ok
16:23:01.0513 3344 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
16:23:01.0526 3344 elxstor - ok
16:23:01.0624 3344 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
16:23:01.0636 3344 exfat - ok
16:23:01.0757 3344 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
16:23:01.0771 3344 fastfat - ok
16:23:01.0866 3344 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
16:23:01.0873 3344 fdc - ok
16:23:01.0928 3344 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:23:01.0960 3344 FileInfo - ok
16:23:02.0000 3344 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:23:02.0005 3344 Filetrace - ok
16:23:02.0239 3344 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
16:23:02.0249 3344 flpydisk - ok
16:23:02.0336 3344 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
16:23:02.0350 3344 FltMgr - ok
16:23:02.0421 3344 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:23:02.0430 3344 Fs_Rec - ok
16:23:02.0590 3344 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\Windows\system32\drivers\ftdibus.sys
16:23:02.0782 3344 FTDIBUS - ok
16:23:02.0939 3344 FTSER2K (596d31583ce332b5514520d74837f434) C:\Windows\system32\drivers\ftser2k.sys
16:23:03.0039 3344 FTSER2K - ok
16:23:03.0187 3344 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
16:23:03.0187 3344 gagp30kx - ok
16:23:03.0250 3344 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
16:23:03.0337 3344 GEARAspiWDM - ok
16:23:03.0453 3344 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
16:23:03.0550 3344 HBtnKey - ok
16:23:03.0682 3344 HdAudAddService (07eee11d6e2b78122e17db3878b4c687) C:\Windows\system32\drivers\CHDART.sys
16:23:03.0881 3344 HdAudAddService - ok
16:23:03.0974 3344 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:23:03.0975 3344 HDAudBus - ok
16:23:04.0107 3344 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:23:04.0115 3344 HidBth - ok
16:23:04.0166 3344 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:23:04.0174 3344 HidIr - ok
16:23:04.0228 3344 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
16:23:04.0235 3344 HidUsb - ok
16:23:04.0342 3344 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
16:23:04.0350 3344 HpCISSs - ok
16:23:04.0539 3344 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:23:04.0550 3344 HSFHWAZL - ok
16:23:04.0643 3344 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:23:04.0766 3344 HSF_DPV - ok
16:23:04.0910 3344 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:23:05.0122 3344 HSXHWAZL - ok
16:23:05.0207 3344 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
16:23:05.0226 3344 HTTP - ok
16:23:05.0377 3344 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
16:23:05.0383 3344 i2omp - ok
16:23:05.0437 3344 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:23:05.0446 3344 i8042prt - ok
16:23:05.0559 3344 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:23:05.0597 3344 ialm - ok
16:23:05.0743 3344 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
16:23:05.0754 3344 iaStorV - ok
16:23:05.0842 3344 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:23:05.0852 3344 iirsp - ok
16:23:05.0902 3344 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
16:23:05.0908 3344 intelide - ok
16:23:06.0031 3344 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
16:23:06.0038 3344 intelppm - ok
16:23:06.0098 3344 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:23:06.0106 3344 IpFilterDriver - ok
16:23:06.0149 3344 IpInIp - ok
16:23:06.0187 3344 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
16:23:06.0196 3344 IPMIDRV - ok
16:23:06.0270 3344 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:23:06.0278 3344 IPNAT - ok
16:23:06.0396 3344 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:23:06.0406 3344 IRENUM - ok
16:23:06.0450 3344 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
16:23:06.0459 3344 isapnp - ok
16:23:06.0514 3344 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
16:23:06.0525 3344 iScsiPrt - ok
16:23:06.0569 3344 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:23:06.0578 3344 iteatapi - ok
16:23:06.0674 3344 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:23:06.0682 3344 iteraid - ok
16:23:06.0728 3344 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:23:06.0729 3344 kbdclass - ok
16:23:06.0759 3344 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
16:23:06.0766 3344 kbdhid - ok
16:23:06.0828 3344 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
16:23:06.0849 3344 KSecDD - ok
16:23:07.0120 3344 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
16:23:07.0191 3344 Lavasoft Kernexplorer - ok
16:23:07.0406 3344 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
16:23:07.0576 3344 Lbd - ok
16:23:07.0641 3344 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:23:07.0650 3344 lltdio - ok
16:23:07.0722 3344 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
16:23:07.0730 3344 LSI_FC - ok
16:23:07.0887 3344 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
16:23:07.0899 3344 LSI_SAS - ok
16:23:07.0946 3344 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
16:23:07.0954 3344 LSI_SCSI - ok
16:23:08.0012 3344 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:23:08.0019 3344 luafv - ok
16:23:08.0121 3344 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
16:23:08.0295 3344 MBAMProtector - ok
16:23:08.0511 3344 MCHPUSB (5a4268fa5157c7c9352bf3d2625a3b32) C:\Windows\system32\DRIVERS\mchpusb.sys
16:23:08.0597 3344 MCHPUSB - ok
16:23:08.0658 3344 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:23:08.0671 3344 mdmxsdk - ok
16:23:08.0713 3344 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
16:23:08.0721 3344 megasas - ok
16:23:08.0943 3344 mfeapfk (4d81c0e4ed846e9a70b881891a5598ab) C:\Windows\system32\drivers\mfeapfk.sys
16:23:09.0064 3344 mfeapfk - ok
16:23:09.0096 3344 mfeavfk (ff75f47ec2a9ea3e780a9d08daba1276) C:\Windows\system32\drivers\mfeavfk.sys
16:23:09.0178 3344 mfeavfk - ok
16:23:09.0207 3344 mfebopk (5a3b000fdccf826ffb74e76b0474c856) C:\Windows\system32\drivers\mfebopk.sys
16:23:09.0318 3344 mfebopk - ok
16:23:09.0496 3344 mfehidk (8e6b4e55d3a33b92693f7081ec018c39) C:\Windows\system32\drivers\mfehidk.sys
16:23:09.0623 3344 mfehidk - ok
16:23:09.0694 3344 mferkdet (fa097d72a439c3a387fe38a654df44c5) C:\Windows\system32\drivers\mferkdet.sys
16:23:09.0796 3344 mferkdet - ok
16:23:09.0993 3344 mfetdik (a45d0c099a478de5cbd0d6e8466becd5) C:\Windows\system32\drivers\mfetdik.sys
16:23:10.0099 3344 mfetdik - ok
16:23:10.0202 3344 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:23:10.0212 3344 Modem - ok
16:23:10.0278 3344 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:23:10.0280 3344 monitor - ok
16:23:10.0436 3344 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:23:10.0437 3344 mouclass - ok
16:23:10.0486 3344 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:23:10.0495 3344 mouhid - ok
16:23:10.0575 3344 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:23:10.0580 3344 MountMgr - ok
16:23:10.0633 3344 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
16:23:10.0639 3344 mpio - ok
16:23:10.0796 3344 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:23:10.0806 3344 mpsdrv - ok
16:23:10.0850 3344 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:23:10.0860 3344 Mraid35x - ok
16:23:10.0917 3344 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
16:23:10.0925 3344 MRxDAV - ok
16:23:10.0995 3344 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:23:11.0217 3344 mrxsmb - ok
16:23:11.0396 3344 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:23:11.0639 3344 mrxsmb10 - ok
16:23:11.0806 3344 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:23:12.0023 3344 mrxsmb20 - ok
16:23:12.0080 3344 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
16:23:12.0088 3344 msahci - ok
16:23:12.0237 3344 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
16:23:12.0249 3344 msdsm - ok
16:23:12.0386 3344 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:23:12.0401 3344 Msfs - ok
16:23:12.0432 3344 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:23:12.0437 3344 msisadrv - ok
16:23:12.0648 3344 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:23:12.0657 3344 MSKSSRV - ok
16:23:12.0675 3344 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:23:12.0679 3344 MSPCLOCK - ok
16:23:12.0715 3344 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:23:12.0722 3344 MSPQM - ok
16:23:12.0794 3344 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
16:23:12.0805 3344 MsRPC - ok
16:23:12.0871 3344 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:23:12.0878 3344 mssmbios - ok
16:23:12.0974 3344 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:23:12.0982 3344 MSTEE - ok
16:23:13.0088 3344 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
16:23:13.0123 3344 Mup - ok
16:23:13.0232 3344 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
16:23:13.0382 3344 NativeWifiP - ok
16:23:13.0502 3344 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
16:23:13.0526 3344 NDIS - ok
16:23:13.0617 3344 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:23:13.0622 3344 NdisTapi - ok
16:23:13.0651 3344 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:23:13.0662 3344 Ndisuio - ok
16:23:13.0753 3344 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
16:23:13.0763 3344 NdisWan - ok
16:23:13.0792 3344 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:23:13.0799 3344 NDProxy - ok
16:23:13.0898 3344 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:23:13.0907 3344 NetBIOS - ok
16:23:13.0943 3344 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
16:23:13.0958 3344 netbt - ok
16:23:14.0089 3344 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:23:14.0101 3344 nfrd960 - ok
16:23:14.0170 3344 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
16:23:14.0177 3344 Npfs - ok
16:23:14.0315 3344 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:23:14.0319 3344 nsiproxy - ok
16:23:14.0388 3344 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
16:23:14.0420 3344 Ntfs - ok
16:23:14.0560 3344 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:23:14.0569 3344 ntrigdigi - ok
16:23:14.0639 3344 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:23:14.0648 3344 Null - ok
16:23:14.0695 3344 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
16:23:14.0699 3344 NVENETFD - ok
16:23:14.0982 3344 nvlddmkm (446864078dbe3059587954cb2d858a9b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:23:15.0119 3344 nvlddmkm - ok
16:23:15.0283 3344 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
16:23:15.0291 3344 nvraid - ok
16:23:15.0353 3344 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
16:23:15.0444 3344 nvsmu - ok
16:23:15.0501 3344 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
16:23:15.0502 3344 nvstor - ok
16:23:15.0579 3344 nvstor32 (4c93d50bca15b3bfcab07306b258b248) C:\Windows\system32\DRIVERS\nvstor32.sys
16:23:15.0581 3344 nvstor32 - ok
16:23:15.0689 3344 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
16:23:15.0701 3344 nv_agp - ok
16:23:15.0732 3344 NwlnkFlt - ok
16:23:15.0753 3344 NwlnkFwd - ok
16:23:15.0820 3344 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
16:23:15.0826 3344 ohci1394 - ok
16:23:15.0890 3344 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:23:15.0898 3344 Parport - ok
16:23:15.0988 3344 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
16:23:15.0995 3344 partmgr - ok
16:23:16.0096 3344 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:23:16.0104 3344 Parvdm - ok
16:23:16.0200 3344 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
16:23:16.0211 3344 pci - ok
16:23:16.0304 3344 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:23:16.0309 3344 pciide - ok
16:23:16.0411 3344 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:23:16.0421 3344 pcmcia - ok
16:23:16.0519 3344 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:23:16.0535 3344 PEAUTH - ok
16:23:16.0746 3344 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:23:16.0757 3344 PptpMiniport - ok
16:23:16.0807 3344 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
16:23:16.0816 3344 Processor - ok
16:23:16.0865 3344 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
16:23:16.0961 3344 PSched - ok
16:23:17.0111 3344 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
16:23:17.0125 3344 PxHelp20 - ok
16:23:17.0241 3344 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
16:23:17.0268 3344 ql2300 - ok
16:23:17.0406 3344 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:23:17.0412 3344 ql40xx - ok
16:23:17.0518 3344 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:23:17.0539 3344 QWAVEdrv - ok
16:23:17.0570 3344 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:23:17.0571 3344 RasAcd - ok
16:23:17.0643 3344 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:23:17.0653 3344 Rasl2tp - ok
16:23:17.0772 3344 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
16:23:17.0777 3344 RasPppoe - ok
16:23:17.0808 3344 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
16:23:17.0816 3344 RasSstp - ok
16:23:17.0854 3344 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
16:23:17.0865 3344 rdbss - ok
16:23:17.0931 3344 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:23:17.0935 3344 RDPCDD - ok
16:23:18.0131 3344 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
16:23:18.0143 3344 rdpdr - ok
16:23:18.0209 3344 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:23:18.0219 3344 RDPENCDD - ok
16:23:18.0285 3344 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
16:23:18.0294 3344 RDPWD - ok
16:23:18.0469 3344 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:23:18.0482 3344 rimmptsk - ok
16:23:18.0530 3344 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:23:18.0696 3344 rimsptsk - ok
16:23:18.0771 3344 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:23:18.0925 3344 rismxdp - ok
16:23:19.0101 3344 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys
16:23:19.0283 3344 RsFx0102 - ok
16:23:19.0397 3344 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:23:19.0405 3344 rspndr - ok
16:23:19.0579 3344 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:23:19.0591 3344 sbp2port - ok
16:23:19.0674 3344 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
16:23:19.0684 3344 sdbus - ok
16:23:19.0733 3344 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:23:19.0738 3344 secdrv - ok
16:23:19.0775 3344 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
16:23:19.0783 3344 Serenum - ok
16:23:19.0923 3344 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:23:19.0935 3344 Serial - ok
16:23:19.0989 3344 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:23:19.0995 3344 sermouse - ok
16:23:20.0086 3344 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
16:23:20.0091 3344 sffdisk - ok
16:23:20.0257 3344 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
16:23:20.0264 3344 sffp_mmc - ok
16:23:20.0312 3344 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:23:20.0319 3344 sffp_sd - ok
16:23:20.0353 3344 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:23:20.0361 3344 sfloppy - ok
16:23:20.0466 3344 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
16:23:20.0475 3344 sisagp - ok
16:23:20.0624 3344 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
16:23:20.0635 3344 SiSRaid2 - ok
16:23:20.0670 3344 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
16:23:20.0680 3344 SiSRaid4 - ok
16:23:20.0742 3344 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
16:23:20.0749 3344 Smb - ok
16:23:21.0111 3344 SNP2UVC (5140166bbcafe1393d4669353a1f8c0a) C:\Windows\system32\DRIVERS\snp2uvc.sys
16:23:21.0246 3344 SNP2UVC - ok
16:23:21.0491 3344 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:23:21.0498 3344 spldr - ok
16:23:21.0610 3344 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
16:23:21.0790 3344 srv - ok
16:23:21.0984 3344 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
16:23:22.0165 3344 srv2 - ok
16:23:22.0213 3344 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
16:23:22.0290 3344 srvnet - ok
16:23:22.0503 3344 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:23:22.0510 3344 swenum - ok
16:23:22.0588 3344 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:23:22.0597 3344 Symc8xx - ok
16:23:22.0649 3344 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:23:22.0656 3344 Sym_hi - ok
16:23:22.0691 3344 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:23:22.0699 3344 Sym_u3 - ok
16:23:22.0899 3344 SynTP (8327106d1c93e9a7b98e63b9fcc24bb7) C:\Windows\system32\DRIVERS\SynTP.sys
16:23:22.0983 3344 SynTP - ok
16:23:23.0089 3344 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
16:23:23.0219 3344 Tcpip - ok
16:23:23.0446 3344 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
16:23:23.0453 3344 Tcpip6 - ok
16:23:23.0507 3344 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
16:23:23.0518 3344 tcpipreg - ok
16:23:23.0576 3344 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:23:23.0583 3344 TDPIPE - ok
16:23:23.0726 3344 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:23:23.0736 3344 TDTCP - ok
16:23:23.0776 3344 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
16:23:23.0788 3344 tdx - ok
16:23:23.0856 3344 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
16:23:23.0866 3344 TermDD - ok
16:23:23.0949 3344 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:23:23.0959 3344 tssecsrv - ok
16:23:24.0128 3344 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:23:24.0135 3344 tunmp - ok
16:23:24.0194 3344 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
16:23:24.0195 3344 tunnel - ok
16:23:24.0245 3344 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
16:23:24.0254 3344 uagp35 - ok
16:23:24.0294 3344 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
16:23:24.0308 3344 udfs - ok
16:23:24.0358 3344 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
16:23:24.0365 3344 uliagpkx - ok
16:23:24.0533 3344 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
16:23:24.0547 3344 uliahci - ok
16:23:24.0636 3344 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:23:24.0636 3344 UlSata - ok
16:23:24.0667 3344 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:23:24.0682 3344 ulsata2 - ok
16:23:24.0729 3344 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:23:24.0739 3344 umbus - ok
16:23:24.0908 3344 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:23:24.0918 3344 usbccgp - ok
16:23:24.0977 3344 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:23:24.0987 3344 usbcir - ok
16:23:25.0041 3344 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
16:23:25.0042 3344 usbehci - ok
16:23:25.0110 3344 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
16:23:25.0122 3344 usbhub - ok
16:23:25.0263 3344 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
16:23:25.0264 3344 usbohci - ok
16:23:25.0321 3344 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:23:25.0331 3344 usbprint - ok
16:23:25.0384 3344 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:23:25.0392 3344 usbscan - ok
16:23:25.0457 3344 usbser (a96191470581a7091420d25ecd444502) C:\Windows\system32\DRIVERS\usbser.sys
16:23:25.0462 3344 usbser - ok
16:23:25.0529 3344 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:23:25.0539 3344 USBSTOR - ok
16:23:25.0692 3344 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
16:23:25.0703 3344 usbuhci - ok
16:23:25.0769 3344 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:23:25.0804 3344 usbvideo - ok
16:23:25.0858 3344 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
16:23:25.0867 3344 vga - ok
16:23:26.0039 3344 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:23:26.0050 3344 VgaSave - ok
16:23:26.0094 3344 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
16:23:26.0103 3344 viaagp - ok
16:23:26.0144 3344 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
16:23:26.0153 3344 ViaC7 - ok
16:23:26.0192 3344 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
16:23:26.0200 3344 viaide - ok
16:23:26.0420 3344 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:23:26.0429 3344 volmgr - ok
16:23:26.0508 3344 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
16:23:26.0521 3344 volmgrx - ok
16:23:26.0661 3344 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
16:23:26.0673 3344 volsnap - ok
16:23:26.0800 3344 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
16:23:26.0831 3344 vsmraid - ok
16:23:26.0916 3344 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:23:26.0920 3344 WacomPen - ok
16:23:26.0985 3344 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:23:26.0996 3344 Wanarp - ok
16:23:27.0002 3344 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:23:27.0003 3344 Wanarpv6 - ok
16:23:27.0153 3344 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
16:23:27.0162 3344 Wd - ok
16:23:27.0239 3344 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:23:27.0262 3344 Wdf01000 - ok
16:23:27.0429 3344 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:23:27.0636 3344 winachsf - ok
16:23:27.0848 3344 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:23:27.0849 3344 WmiAcpi - ok
16:23:27.0971 3344 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
16:23:27.0982 3344 WpdUsb - ok
16:23:28.0033 3344 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:23:28.0038 3344 ws2ifsl - ok
16:23:28.0224 3344 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:23:28.0235 3344 WUDFRd - ok
16:23:28.0282 3344 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
16:23:28.0355 3344 XAudio - ok
16:23:28.0495 3344 XDS560 (c8a4224c4002b34ccf4eef0ffe680efa) C:\Windows\system32\DRIVERS\xds560.sys
16:23:28.0574 3344 XDS560 - ok
16:23:28.0649 3344 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
16:23:28.0692 3344 \Device\Harddisk0\DR0 - ok
16:23:28.0697 3344 Boot (0x1200) (8b01e4eab3d91539e8f1398fcb5ec9af) \Device\Harddisk0\DR0\Partition0
16:23:28.0698 3344 \Device\Harddisk0\DR0\Partition0 - ok
16:23:28.0704 3344 Boot (0x1200) (66fa64d98a9639f1d7f35ce3abea2f93) \Device\Harddisk0\DR0\Partition1
16:23:28.0705 3344 \Device\Harddisk0\DR0\Partition1 - ok
16:23:28.0709 3344 ============================================================
16:23:28.0709 3344 Scan finished
16:23:28.0709 3344 ============================================================
16:23:28.0723 4800 Detected object count: 0
16:23:28.0723 4800 Actual detected object count: 0
16:23:59.0663 4724 ============================================================
16:23:59.0664 4724 Scan started
16:23:59.0664 4724 Mode: Manual;
16:23:59.0664 4724 ============================================================
16:23:59.0988 4724 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
16:23:59.0991 4724 ACPI - ok
16:24:00.0068 4724 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
16:24:00.0072 4724 adp94xx - ok
16:24:00.0126 4724 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
16:24:00.0129 4724 adpahci - ok
16:24:00.0217 4724 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
16:24:00.0218 4724 adpu160m - ok
16:24:00.0333 4724 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
16:24:00.0335 4724 adpu320 - ok
16:24:00.0414 4724 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
16:24:00.0415 4724 Afc - ok
16:24:00.0491 4724 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
16:24:00.0494 4724 AFD - ok
16:24:00.0572 4724 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
16:24:00.0573 4724 agp440 - ok
16:24:00.0674 4724 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:24:00.0675 4724 aic78xx - ok
16:24:00.0723 4724 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
16:24:00.0724 4724 aliide - ok
16:24:00.0756 4724 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
16:24:00.0757 4724 amdagp - ok
16:24:00.0807 4724 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
16:24:00.0808 4724 amdide - ok
16:24:00.0869 4724 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
16:24:00.0869 4724 AmdK7 - ok
16:24:01.0001 4724 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
16:24:01.0002 4724 AmdK8 - ok
16:24:01.0056 4724 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
16:24:01.0057 4724 arc - ok
16:24:01.0098 4724 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
16:24:01.0099 4724 arcsas - ok
16:24:01.0187 4724 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:24:01.0188 4724 AsyncMac - ok
16:24:01.0263 4724 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:24:01.0264 4724 atapi - ok
16:24:01.0398 4724 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
16:24:01.0402 4724 BCM43XV - ok
16:24:01.0418 4724 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
16:24:01.0423 4724 BCM43XX - ok
16:24:01.0502 4724 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:24:01.0503 4724 Beep - ok
16:24:01.0542 4724 blbdrive - ok
16:24:01.0680 4724 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
16:24:01.0681 4724 bowser - ok
16:24:01.0740 4724 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:24:01.0741 4724 BrFiltLo - ok
16:24:01.0795 4724 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:24:01.0796 4724 BrFiltUp - ok
16:24:01.0837 4724 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:24:01.0839 4724 Brserid - ok
16:24:01.0907 4724 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:24:01.0909 4724 BrSerWdm - ok
16:24:02.0016 4724 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:24:02.0017 4724 BrUsbMdm - ok
16:24:02.0046 4724 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:24:02.0047 4724 BrUsbSer - ok
16:24:02.0091 4724 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:24:02.0092 4724 BTHMODEM - ok
16:24:02.0243 4724 catchme - ok
16:24:02.0429 4724 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:24:02.0430 4724 cdfs - ok
16:24:02.0499 4724 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
16:24:02.0500 4724 cdrom - ok
16:24:02.0548 4724 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
16:24:02.0549 4724 circlass - ok
16:24:02.0617 4724 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
16:24:02.0620 4724 CLFS - ok
16:24:02.0809 4724 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:24:02.0810 4724 CmBatt - ok
16:24:02.0855 4724 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
16:24:02.0856 4724 cmdide - ok
16:24:02.0935 4724 CnxtHdAudService (a4d44ab8423791db757b38150ec599a4) C:\Windows\system32\drivers\CHDRT32.sys
16:24:02.0935 4724 CnxtHdAudService - ok
16:24:02.0991 4724 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:24:02.0993 4724 Compbatt - ok
16:24:03.0028 4724 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
16:24:03.0029 4724 crcdisk - ok
16:24:03.0173 4724 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
16:24:03.0174 4724 Crusoe - ok
16:24:03.0241 4724 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
16:24:03.0242 4724 CVirtA - ok
16:24:03.0311 4724 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\Windows\system32\Drivers\CVPNDRVA.sys
16:24:03.0314 4724 CVPNDRVA - ok
16:24:03.0378 4724 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
16:24:03.0379 4724 DfsC - ok
16:24:03.0563 4724 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
16:24:03.0564 4724 disk - ok
16:24:03.0601 4724 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\Windows\system32\DRIVERS\dne2000.sys
16:24:03.0603 4724 DNE - ok
16:24:03.0688 4724 DriverX (d27a3a309da2f9122b64b556a9a2cc71) C:\Windows\System32\Drivers\driverx.sys
16:24:03.0690 4724 DriverX - ok
16:24:03.0736 4724 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:24:03.0737 4724 drmkaud - ok
16:24:03.0921 4724 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
16:24:03.0941 4724 DXGKrnl - ok
16:24:03.0973 4724 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
16:24:03.0975 4724 E100B - ok
16:24:04.0014 4724 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:24:04.0016 4724 E1G60 - ok
16:24:04.0176 4724 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
16:24:04.0177 4724 eabfiltr - ok
16:24:04.0262 4724 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
16:24:04.0264 4724 Ecache - ok
16:24:04.0345 4724 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
16:24:04.0348 4724 elxstor - ok
16:24:04.0557 4724 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
16:24:04.0558 4724 exfat - ok
16:24:04.0604 4724 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
16:24:04.0606 4724 fastfat - ok
16:24:04.0670 4724 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
16:24:04.0671 4724 fdc - ok
16:24:04.0717 4724 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:24:04.0719 4724 FileInfo - ok
16:24:04.0860 4724 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:24:04.0862 4724 Filetrace - ok
16:24:04.0899 4724 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
16:24:04.0900 4724 flpydisk - ok
16:24:04.0968 4724 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
16:24:04.0970 4724 FltMgr - ok
16:24:05.0038 4724 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:24:05.0039 4724 Fs_Rec - ok
16:24:05.0094 4724 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\Windows\system32\drivers\ftdibus.sys
16:24:05.0095 4724 FTDIBUS - ok
16:24:05.0243 4724 FTSER2K (596d31583ce332b5514520d74837f434) C:\Windows\system32\drivers\ftser2k.sys
16:24:05.0244 4724 FTSER2K - ok
16:24:05.0297 4724 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
16:24:05.0298 4724 gagp30kx - ok
16:24:05.0359 4724 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
16:24:05.0360 4724 GEARAspiWDM - ok
16:24:05.0413 4724 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
16:24:05.0414 4724 HBtnKey - ok
16:24:05.0556 4724 HdAudAddService (07eee11d6e2b78122e17db3878b4c687) C:\Windows\system32\drivers\CHDART.sys
16:24:05.0558 4724 HdAudAddService - ok
16:24:05.0605 4724 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:24:05.0606 4724 HDAudBus - ok
16:24:05.0653 4724 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:24:05.0654 4724 HidBth - ok
16:24:05.0711 4724 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:24:05.0712 4724 HidIr - ok
16:24:05.0860 4724 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
16:24:05.0861 4724 HidUsb - ok
16:24:05.0902 4724 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
16:24:05.0904 4724 HpCISSs - ok
16:24:05.0971 4724 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:24:05.0973 4724 HSFHWAZL - ok
16:24:06.0059 4724 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:24:06.0066 4724 HSF_DPV - ok
16:24:06.0185 4724 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:24:06.0187 4724 HSXHWAZL - ok
16:24:06.0281 4724 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
16:24:06.0285 4724 HTTP - ok
16:24:06.0337 4724 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
16:24:06.0338 4724 i2omp - ok
16:24:06.0396 4724 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:24:06.0398 4724 i8042prt - ok
16:24:06.0619 4724 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:24:06.0630 4724 ialm - ok
16:24:06.0789 4724 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
16:24:06.0791 4724 iaStorV - ok
16:24:06.0874 4724 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:24:06.0875 4724 iirsp - ok
16:24:06.0919 4724 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
16:24:06.0920 4724 intelide - ok
16:24:06.0963 4724 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
16:24:06.0964 4724 intelppm - ok
16:24:07.0072 4724 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:24:07.0073 4724 IpFilterDriver - ok
16:24:07.0097 4724 IpInIp - ok
16:24:07.0161 4724 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
16:24:07.0163 4724 IPMIDRV - ok
16:24:07.0259 4724 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:24:07.0261 4724 IPNAT - ok
16:24:07.0299 4724 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:24:07.0300 4724 IRENUM - ok
16:24:07.0320 4724 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
16:24:07.0322 4724 isapnp - ok
16:24:07.0388 4724 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
16:24:07.0390 4724 iScsiPrt - ok
16:24:07.0486 4724 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:24:07.0487 4724 iteatapi - ok
16:24:07.0524 4724 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:24:07.0525 4724 iteraid - ok
16:24:07.0616 4724 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:24:07.0617 4724 kbdclass - ok
16:24:07.0647 4724 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
16:24:07.0648 4724 kbdhid - ok
16:24:07.0730 4724 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
16:24:07.0735 4724 KSecDD - ok
16:24:07.0937 4724 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
16:24:07.0938 4724 Lavasoft Kernexplorer - ok
16:24:08.0123 4724 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
16:24:08.0138 4724 Lbd - ok
16:24:08.0201 4724 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:24:08.0201 4724 lltdio - ok
16:24:08.0263 4724 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
16:24:08.0263 4724 LSI_FC - ok
16:24:08.0293 4724 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
16:24:08.0293 4724 LSI_SAS - ok
16:24:08.0343 4724 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
16:24:08.0353 4724 LSI_SCSI - ok
16:24:08.0513 4724 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:24:08.0513 4724 luafv - ok
16:24:08.0593 4724 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
16:24:08.0593 4724 MBAMProtector - ok
16:24:08.0673 4724 MCHPUSB (5a4268fa5157c7c9352bf3d2625a3b32) C:\Windows\system32\DRIVERS\mchpusb.sys
16:24:08.0673 4724 MCHPUSB - ok
16:24:08.0743 4724 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:24:08.0743 4724 mdmxsdk - ok
16:24:08.0903 4724 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
16:24:08.0903 4724 megasas - ok
16:24:08.0963 4724 mfeapfk (4d81c0e4ed846e9a70b881891a5598ab) C:\Windows\system32\drivers\mfeapfk.sys
16:24:08.0963 4724 mfeapfk - ok
16:24:09.0013 4724 mfeavfk (ff75f47ec2a9ea3e780a9d08daba1276) C:\Windows\system32\drivers\mfeavfk.sys
16:24:09.0013 4724 mfeavfk - ok
16:24:09.0053 4724 mfebopk (5a3b000fdccf826ffb74e76b0474c856) C:\Windows\system32\drivers\mfebopk.sys
16:24:09.0053 4724 mfebopk - ok
16:24:09.0113 4724 mfehidk (8e6b4e55d3a33b92693f7081ec018c39) C:\Windows\system32\drivers\mfehidk.sys
16:24:09.0113 4724 mfehidk - ok
16:24:09.0240 4724 mferkdet (fa097d72a439c3a387fe38a654df44c5) C:\Windows\system32\drivers\mferkdet.sys
16:24:09.0242 4724 mferkdet - ok
16:24:09.0297 4724 mfetdik (a45d0c099a478de5cbd0d6e8466becd5) C:\Windows\system32\drivers\mfetdik.sys
16:24:09.0298 4724 mfetdik - ok
16:24:09.0363 4724 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:24:09.0365 4724 Modem - ok
16:24:09.0439 4724 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:24:09.0441 4724 monitor - ok
16:24:09.0568 4724 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:24:09.0570 4724 mouclass - ok
16:24:09.0618 4724 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:24:09.0620 4724 mouhid - ok
16:24:09.0678 4724 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:24:09.0681 4724 MountMgr - ok
16:24:09.0750 4724 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
16:24:09.0753 4724 mpio - ok
16:24:09.0870 4724 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:24:09.0873 4724 mpsdrv - ok
16:24:09.0939 4724 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:24:09.0941 4724 Mraid35x - ok
16:24:10.0035 4724 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
16:24:10.0039 4724 MRxDAV - ok
16:24:10.0098 4724 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:24:10.0100 4724 mrxsmb - ok
16:24:10.0227 4724 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:24:10.0230 4724 mrxsmb10 - ok
16:24:10.0294 4724 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:24:10.0296 4724 mrxsmb20 - ok
16:24:10.0369 4724 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
16:24:10.0371 4724 msahci - ok
16:24:10.0411 4724 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
16:24:10.0415 4724 msdsm - ok
16:24:10.0574 4724 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:24:10.0576 4724 Msfs - ok
16:24:10.0649 4724 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:24:10.0651 4724 msisadrv - ok
16:24:10.0739 4724 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:24:10.0742 4724 MSKSSRV - ok
16:24:10.0762 4724 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:24:10.0764 4724 MSPCLOCK - ok
16:24:10.0803 4724 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:24:10.0805 4724 MSPQM - ok
16:24:10.0940 4724 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
16:24:10.0942 4724 MsRPC - ok
16:24:11.0017 4724 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:24:11.0019 4724 mssmbios - ok
16:24:11.0091 4724 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:24:11.0093 4724 MSTEE - ok
16:24:11.0176 4724 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
16:24:11.0179 4724 Mup - ok
16:24:11.0250 4724 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
16:24:11.0252 4724 NativeWifiP - ok
16:24:11.0348 4724 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
16:24:11.0352 4724 NDIS - ok
16:24:11.0463 4724 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:24:11.0465 4724 NdisTapi - ok
16:24:11.0511 4724 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:24:11.0513 4724 Ndisuio - ok
16:24:11.0598 4724 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
16:24:11.0600 4724 NdisWan - ok
16:24:11.0624 4724 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:24:11.0626 4724 NDProxy - ok
16:24:11.0672 4724 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:24:11.0674 4724 NetBIOS - ok
16:24:11.0775 4724 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
16:24:11.0777 4724 netbt - ok
16:24:11.0835 4724 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:24:11.0838 4724 nfrd960 - ok
16:24:11.0902 4724 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
16:24:11.0904 4724 Npfs - ok
16:24:11.0989 4724 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:24:11.0991 4724 nsiproxy - ok
16:24:12.0133 4724 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
16:24:12.0141 4724 Ntfs - ok
16:24:12.0234 4724 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:24:12.0236 4724 ntrigdigi - ok
16:24:12.0385 4724 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:24:12.0386 4724 Null - ok
16:24:12.0440 4724 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
16:24:12.0451 4724 NVENETFD - ok
16:24:12.0670 4724 nvlddmkm (446864078dbe3059587954cb2d858a9b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:24:12.0827 4724 nvlddmkm - ok
16:24:13.0000 4724 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
16:24:13.0001 4724 nvraid - ok
16:24:13.0056 4724 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
16:24:13.0057 4724 nvsmu - ok
16:24:13.0099 4724 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
16:24:13.0102 4724 nvstor - ok
16:24:13.0139 4724 nvstor32 (4c93d50bca15b3bfcab07306b258b248) C:\Windows\system32\DRIVERS\nvstor32.sys
16:24:13.0143 4724 nvstor32 - ok
16:24:13.0252 4724 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
16:24:13.0253 4724 nv_agp - ok
16:24:13.0271 4724 NwlnkFlt - ok
16:24:13.0293 4724 NwlnkFwd - ok
16:24:13.0351 4724 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
16:24:13.0354 4724 ohci1394 - ok
16:24:13.0421 4724 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:24:13.0425 4724 Parport - ok
16:24:13.0505 4724 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
16:24:13.0508 4724 partmgr - ok
16:24:13.0556 4724 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:24:13.0557 4724 Parvdm - ok
16:24:13.0688 4724 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
16:24:13.0690 4724 pci - ok
16:24:13.0749 4724 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:24:13.0751 4724 pciide - ok
16:24:13.0799 4724 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:24:13.0801 4724 pcmcia - ok
16:24:13.0884 4724 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:24:13.0890 4724 PEAUTH - ok
16:24:14.0064 4724 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:24:14.0067 4724 PptpMiniport - ok
16:24:14.0111 4724 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
16:24:14.0113 4724 Processor - ok
16:24:14.0183 4724 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
16:24:14.0184 4724 PSched - ok
16:24:14.0268 4724 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
16:24:14.0268 4724 PxHelp20 - ok
16:24:14.0373 4724 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
16:24:14.0380 4724 ql2300 - ok
16:24:14.0452 4724 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:24:14.0456 4724 ql40xx - ok
16:24:14.0536 4724 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:24:14.0538 4724 QWAVEdrv - ok
16:24:14.0644 4724 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:24:14.0646 4724 RasAcd - ok
16:24:14.0718 4724 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:24:14.0722 4724 Rasl2tp - ok
16:24:14.0762 4724 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
16:24:14.0764 4724 RasPppoe - ok
16:24:14.0798 4724 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
16:24:14.0801 4724 RasSstp - ok
16:24:14.0843 4724 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
16:24:14.0846 4724 rdbss - ok
16:24:14.0949 4724 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:24:14.0950 4724 RDPCDD - ok
16:24:15.0021 4724 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
16:24:15.0023 4724 rdpdr - ok
16:24:15.0063 4724 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:24:15.0065 4724 RDPENCDD - ok
16:24:15.0117 4724 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
16:24:15.0119 4724 RDPWD - ok
16:24:15.0258 4724 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:24:15.0259 4724 rimmptsk - ok
16:24:15.0333 4724 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:24:15.0334 4724 rimsptsk - ok
16:24:15.0374 4724 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:24:15.0375 4724 rismxdp - ok
16:24:15.0475 4724 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys
16:24:15.0478 4724 RsFx0102 - ok
16:24:15.0614 4724 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:24:15.0617 4724 rspndr - ok
16:24:15.0682 4724 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:24:15.0686 4724 sbp2port - ok
16:24:15.0762 4724 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
16:24:15.0764 4724 sdbus - ok
16:24:15.0864 4724 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:24:15.0866 4724 secdrv - ok
16:24:15.0907 4724 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
16:24:15.0909 4724 Serenum - ok
16:24:15.0997 4724 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:24:16.0000 4724 Serial - ok
16:24:16.0063 4724 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:24:16.0065 4724 sermouse - ok
16:24:16.0203 4724 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
16:24:16.0205 4724 sffdisk - ok
16:24:16.0245 4724 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
16:24:16.0247 4724 sffp_mmc - ok
16:24:16.0344 4724 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:24:16.0344 4724 sffp_sd - ok
16:24:16.0370 4724 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:24:16.0372 4724 sfloppy - ok
16:24:16.0412 4724 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
16:24:16.0414 4724 sisagp - ok
16:24:16.0512 4724 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
16:24:16.0515 4724 SiSRaid2 - ok
16:24:16.0572 4724 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
16:24:16.0575 4724 SiSRaid4 - ok
16:24:16.0644 4724 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
16:24:16.0647 4724 Smb - ok
16:24:16.0845 4724 SNP2UVC (5140166bbcafe1393d4669353a1f8c0a) C:\Windows\system32\DRIVERS\snp2uvc.sys
16:24:16.0869 4724 SNP2UVC - ok
16:24:17.0050 4724 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:24:17.0052 4724 spldr - ok
16:24:17.0142 4724 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
16:24:17.0145 4724 srv - ok
16:24:17.0215 4724 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
16:24:17.0217 4724 srv2 - ok
16:24:17.0357 4724 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
16:24:17.0357 4724 srvnet - ok
16:24:17.0479 4724 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:24:17.0482 4724 swenum - ok
16:24:17.0562 4724 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:24:17.0564 4724 Symc8xx - ok
16:24:17.0609 4724 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:24:17.0611 4724 Sym_hi - ok
16:24:17.0694 4724 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:24:17.0696 4724 Sym_u3 - ok
16:24:17.0816 4724 SynTP (8327106d1c93e9a7b98e63b9fcc24bb7) C:\Windows\system32\DRIVERS\SynTP.sys
16:24:17.0819 4724 SynTP - ok
16:24:17.0948 4724 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
16:24:17.0955 4724 Tcpip - ok
16:24:18.0080 4724 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
16:24:18.0088 4724 Tcpip6 - ok
16:24:18.0138 4724 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
16:24:18.0140 4724 tcpipreg - ok
16:24:18.0207 4724 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:24:18.0209 4724 TDPIPE - ok
16:24:18.0243 4724 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:24:18.0246 4724 TDTCP - ok
16:24:18.0279 4724 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
16:24:18.0282 4724 tdx - ok
16:24:18.0444 4724 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
16:24:18.0447 4724 TermDD - ok
16:24:18.0538 4724 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:24:18.0540 4724 tssecsrv - ok
16:24:18.0617 4724 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:24:18.0619 4724 tunmp - ok
16:24:18.0697 4724 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
16:24:18.0699 4724 tunnel - ok
16:24:18.0848 4724 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
16:24:18.0854 4724 uagp35 - ok
16:24:18.0896 4724 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
16:24:18.0899 4724 udfs - ok
16:24:18.0961 4724 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
16:24:18.0963 4724 uliagpkx - ok
16:24:19.0008 4724 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
16:24:19.0011 4724 uliahci - ok
16:24:19.0152 4724 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:24:19.0156 4724 UlSata - ok
16:24:19.0221 4724 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:24:19.0226 4724 ulsata2 - ok
16:24:19.0300 4724 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:24:19.0302 4724 umbus - ok
16:24:19.0382 4724 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:24:19.0386 4724 usbccgp - ok
16:24:19.0537 4724 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:24:19.0540 4724 usbcir - ok
16:24:19.0587 4724 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
16:24:19.0589 4724 usbehci - ok
16:24:19.0653 4724 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
16:24:19.0656 4724 usbhub - ok
16:24:19.0723 4724 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
16:24:19.0725 4724 usbohci - ok
16:24:19.0823 4724 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:24:19.0825 4724 usbprint - ok
16:24:19.0887 4724 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:24:19.0889 4724 usbscan - ok
16:24:19.0974 4724 usbser (a96191470581a7091420d25ecd444502) C:\Windows\system32\DRIVERS\usbser.sys
16:24:19.0977 4724 usbser - ok
16:24:20.0075 4724 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:24:20.0077 4724 USBSTOR - ok
16:24:20.0167 4724 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
16:24:20.0169 4724 usbuhci - ok
16:24:20.0243 4724 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:24:20.0245 4724 usbvideo - ok
16:24:20.0304 4724 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
16:24:20.0306 4724 vga - ok
16:24:20.0399 4724 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:24:20.0401 4724 VgaSave - ok
16:24:20.0496 4724 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
16:24:20.0497 4724 viaagp - ok
16:24:20.0532 4724 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
16:24:20.0533 4724 ViaC7 - ok
16:24:20.0580 4724 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
16:24:20.0582 4724 viaide - ok
16:24:20.0679 4724 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:24:20.0681 4724 volmgr - ok
16:24:20.0781 4724 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
16:24:20.0784 4724 volmgrx - ok
16:24:20.0864 4724 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
16:24:20.0866 4724 volsnap - ok
16:24:20.0960 4724 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
16:24:20.0962 4724 vsmraid - ok
16:24:21.0047 4724 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:24:21.0048 4724 WacomPen - ok
16:24:21.0116 4724 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:24:21.0117 4724 Wanarp - ok
16:24:21.0125 4724 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:24:21.0127 4724 Wanarpv6 - ok
16:24:21.0170 4724 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
16:24:21.0171 4724 Wd - ok
16:24:21.0298 4724 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:24:21.0303 4724 Wdf01000 - ok
16:24:21.0468 4724 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:24:21.0468 4724 winachsf - ok
16:24:21.0583 4724 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:24:21.0585 4724 WmiAcpi - ok
16:24:21.0688 4724 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
16:24:21.0689 4724 WpdUsb - ok
16:24:21.0750 4724 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:24:21.0751 4724 ws2ifsl - ok
16:24:21.0884 4724 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:24:21.0886 4724 WUDFRd - ok
16:24:21.0956 4724 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
16:24:21.0957 4724 XAudio - ok
16:24:22.0097 4724 XDS560 (c8a4224c4002b34ccf4eef0ffe680efa) C:\Windows\system32\DRIVERS\xds560.sys
16:24:22.0099 4724 XDS560 - ok
16:24:22.0138 4724 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
16:24:22.0180 4724 \Device\Harddisk0\DR0 - ok
16:24:22.0185 4724 Boot (0x1200) (8b01e4eab3d91539e8f1398fcb5ec9af) \Device\Harddisk0\DR0\Partition0
16:24:22.0186 4724 \Device\Harddisk0\DR0\Partition0 - ok
16:24:22.0192 4724 Boot (0x1200) (66fa64d98a9639f1d7f35ce3abea2f93) \Device\Harddisk0\DR0\Partition1
16:24:22.0193 4724 \Device\Harddisk0\DR0\Partition1 - ok
16:24:22.0195 4724 ============================================================
16:24:22.0195 4724 Scan finished
16:24:22.0195 4724 ============================================================
16:24:22.0208 5788 Detected object count: 0
16:24:22.0209 5788 Actual detected object count: 0
16:24:27.0609 1484 Deinitialize success


___________________________________________________________________________________________

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 AM

Posted 27 January 2012 - 09:19 AM

I do not know if this is where it occurred the other times though. As a side note, Do I have to run defogger every time is start my computer or does its effects last until I tell it otherwise? I have not been running it upon each restart, only the initial time.


This tool is to be run to disable the CD emulation program.
When all is well you should enable it this way:

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

You should run it again and just make sure that it's disable until we have cleaned this computer.
===

Run this tool.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#5 abovel

abovel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 29 January 2012 - 03:50 PM

Ran defogger again, followed by combofix. Log is posted below:

ComboFix 12-01-29.02 - Lloyd 01/29/2012 15:18:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.926 [GMT -5:00]
Running from: c:\users\Lloyd\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lloyd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Windows12111_ConfigRepository.bin
c:\users\Lloyd\AppData\Roaming\Adobe\plugs
c:\users\Lloyd\AppData\Roaming\Adobe\shed
c:\users\Lloyd\Documents\~WRL0021.tmp
c:\users\Lloyd\Documents\~WRL0084.tmp
c:\users\Lloyd\Documents\~WRL0147.tmp
c:\users\Lloyd\Documents\~WRL0296.tmp
c:\users\Lloyd\Documents\~WRL0333.tmp
c:\users\Lloyd\Documents\~WRL0354.tmp
c:\users\Lloyd\Documents\~WRL0592.tmp
c:\users\Lloyd\Documents\~WRL0681.tmp
c:\users\Lloyd\Documents\~WRL0787.tmp
c:\users\Lloyd\Documents\~WRL0865.tmp
c:\users\Lloyd\Documents\~WRL0956.tmp
c:\users\Lloyd\Documents\~WRL0971.tmp
c:\users\Lloyd\Documents\~WRL1192.tmp
c:\users\Lloyd\Documents\~WRL1429.tmp
c:\users\Lloyd\Documents\~WRL1459.tmp
c:\users\Lloyd\Documents\~WRL1468.tmp
c:\users\Lloyd\Documents\~WRL1619.tmp
c:\users\Lloyd\Documents\~WRL1637.tmp
c:\users\Lloyd\Documents\~WRL1691.tmp
c:\users\Lloyd\Documents\~WRL1733.tmp
c:\users\Lloyd\Documents\~WRL1857.tmp
c:\users\Lloyd\Documents\~WRL1893.tmp
c:\users\Lloyd\Documents\~WRL2011.tmp
c:\users\Lloyd\Documents\~WRL2057.tmp
c:\users\Lloyd\Documents\~WRL2254.tmp
c:\users\Lloyd\Documents\~WRL2358.tmp
c:\users\Lloyd\Documents\~WRL2494.tmp
c:\users\Lloyd\Documents\~WRL2503.tmp
c:\users\Lloyd\Documents\~WRL2624.tmp
c:\users\Lloyd\Documents\~WRL2758.tmp
c:\users\Lloyd\Documents\~WRL2949.tmp
c:\users\Lloyd\Documents\~WRL2954.tmp
c:\users\Lloyd\Documents\~WRL3270.tmp
c:\users\Lloyd\Documents\~WRL3334.tmp
c:\users\Lloyd\Documents\~WRL3470.tmp
c:\users\Lloyd\Documents\~WRL3511.tmp
c:\users\Lloyd\Documents\~WRL3596.tmp
c:\users\Lloyd\Documents\~WRL3727.tmp
c:\users\Lloyd\Documents\~WRL4059.tmp
c:\windows\system32\AutoRun.inf
c:\windows\system32\zlibwapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 )))))))))))))))))))))))))))))))
.
.
2012-01-29 20:34 . 2012-01-29 20:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-29 20:34 . 2012-01-29 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-27 02:25 . 2012-01-27 02:26 -------- d-----w- c:\users\Lloyd\AppData\Roaming\.minecraft
2012-01-25 22:08 . 2012-01-29 20:26 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68800C67-44A5-4113-BFBC-F2F24D18CE9A}\offreg.dll
2012-01-24 20:35 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68800C67-44A5-4113-BFBC-F2F24D18CE9A}\mpengine.dll
2012-01-22 17:59 . 2012-01-22 01:17 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-01-22 01:17 . 2012-01-22 01:17 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-22 01:11 . 2012-01-22 01:12 -------- d-----w- c:\users\Lloyd\AppData\Local\adaware
2012-01-22 01:11 . 2012-01-29 19:53 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-01-22 01:11 . 2012-01-22 01:11 -------- d-----w- c:\program files\Toolbar Cleaner
2012-01-22 01:10 . 2012-01-22 01:11 -------- d-----w- c:\program files\adawaretb
2012-01-22 01:10 . 2011-12-23 12:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-22 01:09 . 2012-01-22 01:09 -------- d-----w- c:\program files\Lavasoft
2012-01-22 01:09 . 2012-01-22 01:10 -------- d-----w- c:\programdata\Lavasoft
2012-01-16 03:03 . 2012-01-16 03:04 -------- d-----w- c:\users\Lloyd\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-10-13 01:19 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 16:40 . 2011-11-25 16:40 22 --sha-w- c:\users\Lloyd\AppData\Roaming\Sys2662.Config.Repository.bin
2011-11-15 19:29 . 2009-10-03 05:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-10 10:54 . 2011-05-05 03:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-21 04:04 . 2011-12-16 21:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-10-23 00:07 . 2010-10-02 16:38 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-12-21 15:44 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-12-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-28 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-28 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-28 81920]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-02 675840]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-23 124240]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-5-11 53248]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-4-30 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-669724813-937876207-329567825-1000Core.job
- c:\users\Lloyd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16 03:03]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-669724813-937876207-329567825-1000UA.job
- c:\users\Lloyd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16 03:03]
.
2009-08-31 c:\windows\Tasks\HPCeeScheduleForLloyd.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-05-11 21:23]
.
2010-03-03 c:\windows\Tasks\User_Feed_Synchronization-{3B9296E8-CCAB-4A9A-B91C-49819F4CB41E}.job
- c:\windows\system32\msfeedssync.exe [2008-09-20 03:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
FF - ProfilePath - c:\users\Lloyd\AppData\Roaming\Mozilla\Firefox\Profiles\g2dr7mqu.default\
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-29 15:34
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-29 15:40:33
ComboFix-quarantined-files.txt 2012-01-29 20:40
ComboFix2.txt 2011-04-17 23:04
.
Pre-Run: 73,623,375,872 bytes free
Post-Run: 74,137,239,552 bytes free
.
- - End Of File - - 65E0B35496123821D5CA588E323724AF

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 AM

Posted 30 January 2012 - 09:17 AM

Looking better.

Open notepad and copy/paste the text in the quote box below into it:

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"=-
"adaware_XP"=-

ClearJavaCache::


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Let me know what problem persists.

#7 abovel

abovel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 30 January 2012 - 02:46 PM

So I ran the modified Combofix scan. The first time I ran it my computer froze so I restarted it. The second time worked but now any time I try to open anything the warning comes up:

"Illegal operation attempted on a registry key that has been marked for deletion"

I cant access the log or the internet to post anything directly here. I am on a different computer posting.

What happened?what can I do to fix it?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 AM

Posted 31 January 2012 - 08:48 AM

Restart the computer that error will stop.

#9 abovel

abovel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 31 January 2012 - 07:13 PM

Ok, ran the combo fix and security check scans. Logs are posted below:


ComboFix 12-01-29.02 - Lloyd 01/30/2012 14:20:44.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1045 [GMT -5:00]
Running from: c:\users\Lloyd\Desktop\ComboFix.exe
Command switches used :: c:\users\Lloyd\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-01-30 19:36 . 2012-01-30 19:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-30 19:36 . 2012-01-30 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-30 18:03 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A42A070-FA64-477F-A963-9627880E7D6B}\mpengine.dll
2012-01-27 02:25 . 2012-01-27 02:26 -------- d-----w- c:\users\Lloyd\AppData\Roaming\.minecraft
2012-01-22 17:59 . 2012-01-22 01:17 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-01-22 01:17 . 2012-01-22 01:17 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-22 01:11 . 2012-01-22 01:12 -------- d-----w- c:\users\Lloyd\AppData\Local\adaware
2012-01-22 01:11 . 2012-01-29 19:53 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-01-22 01:11 . 2012-01-22 01:11 -------- d-----w- c:\program files\Toolbar Cleaner
2012-01-22 01:10 . 2012-01-22 01:11 -------- d-----w- c:\program files\adawaretb
2012-01-22 01:10 . 2011-12-23 12:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-22 01:09 . 2012-01-22 01:09 -------- d-----w- c:\program files\Lavasoft
2012-01-22 01:09 . 2012-01-22 01:10 -------- d-----w- c:\programdata\Lavasoft
2012-01-16 03:03 . 2012-01-16 03:04 -------- d-----w- c:\users\Lloyd\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-10-13 01:19 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 15:08 . 2009-10-03 05:16 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-25 16:40 . 2011-11-25 16:40 22 --sha-w- c:\users\Lloyd\AppData\Roaming\Sys2662.Config.Repository.bin
2011-11-10 10:54 . 2011-05-05 03:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-21 04:04 . 2011-12-16 21:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-10-23 00:07 . 2010-10-02 16:38 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-12-21 15:44 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-12-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-28 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-28 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-28 81920]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-02 675840]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-23 124240]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-5-11 53248]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-4-30 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-669724813-937876207-329567825-1000Core.job
- c:\users\Lloyd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16 03:03]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-669724813-937876207-329567825-1000UA.job
- c:\users\Lloyd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16 03:03]
.
2009-08-31 c:\windows\Tasks\HPCeeScheduleForLloyd.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-05-11 21:23]
.
2010-03-03 c:\windows\Tasks\User_Feed_Synchronization-{3B9296E8-CCAB-4A9A-B91C-49819F4CB41E}.job
- c:\windows\system32\msfeedssync.exe [2008-09-20 03:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
FF - ProfilePath - c:\users\Lloyd\AppData\Roaming\Mozilla\Firefox\Profiles\g2dr7mqu.default\
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-30 14:36
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-30 14:40:50
ComboFix-quarantined-files.txt 2012-01-30 19:40
ComboFix2.txt 2012-01-29 20:40
ComboFix3.txt 2011-04-17 23:04
.
Pre-Run: 71,641,759,744 bytes free
Post-Run: 71,599,906,816 bytes free
.
- - End Of File - - 5E3E11C3C910618A6C9C9CE29554F29C



_______________________________________________________________________


Results of screen317's Security Check version 0.99.30
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee VirusScan Enterprise
McAfee Agent
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Java™ 6 Update 30
Adobe Flash Player 9 Flash Player out of date!
Adobe Flash Player 10.1.102.64 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox 8.0.1 Firefox out of Date!
Mozilla Thunderbird 3.0.3 Thunderbird out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
McAfee VirusScan Enterprise EngineServer.exe
McAfee VirusScan Enterprise VsTskMgr.exe
McAfee VirusScan Enterprise Mcshield.exe
McAfee VirusScan Enterprise mfeann.exe
McAfee VirusScan Enterprise ShStat.exe
``````````End of Log````````````

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 AM

Posted 01 February 2012 - 11:16 AM

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Adobe Flash Player 11.0.1.152

Flash Player 11.0.1.152

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove these old versions using the Add/Remove Programs applet if present.
Adobe Flash Player 9 Flash Player out of date!
Adobe Flash Player 10.1.102.64 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of date!


===

If all is well the:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#11 abovel

abovel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 02 February 2012 - 05:30 PM

I have done everything that you have listed above. I have a few questions however just out of curiosity. Did we discover the reasons that some of the scans were resulting in a blue screen/was it because of a virus? did we find any infections on the computer, if so which one(s)? And finally can I rest safe that my computer is now clean?

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 AM

Posted 03 February 2012 - 08:40 AM

It's not possible for me to know what ever caused your problems.
None of the files removed by ComboFix look to be some malware.

As for a clean computer no one is able to be sure at 100 %. We can only remove what we find to be bad.
If your computer is running fine that is good.

You can always run this tool to make sure that nothing bad is lurking around.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

===

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#13 abovel

abovel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 04 February 2012 - 01:14 PM

okay, I was just curious for the safety of credit card numbers and similar information.

I really appreciate you help, Thank you very much!

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 AM

Posted 04 February 2012 - 01:28 PM

If you have any concerned then change all you Passwords.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 AM

Posted 11 February 2012 - 09:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users