Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with rootkit problem


  • This topic is locked This topic is locked
41 replies to this topic

#1 Musicjunkie27

Musicjunkie27

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 26 January 2012 - 06:33 PM

Hey all:

I created a topic in another thread, see here:

http://www.bleepingcomputer.com/forums/topic438860.html/page__gopid__2562619

In there, they had me do all sorts of scans and post logs. After the last log posting, they directed me here.....

I followed the directions, but could not 'enable' the firewall. That is part of the problem I was having to begin with....

Here is the DSS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Jason at 14:55:17 on 2012-01-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.2166 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UAService7.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=veriton_m265&r=170501104016p0365u205z48m15391
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=veriton_m265&r=170501104016p0365u205z48m15391
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=veriton_m265&r=170501104016p0365u205z48m15391
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
StartupFolder: c:\users\jason\appdata\roaming\micros~1\windows\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\users\jason\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\market~1.lnk - c:\program files\hewlett-packard\marketsplash by hp\HPLocalWebPrintAgent.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.modestogov.com/gis/home/maps/mgaxctrl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{19F6FEEC-BF91-400D-BE33-B7FEDA9D4D05} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{341C048B-7FAF-4592-BF47-6AAE4CAF0DA3} : DhcpNameServer = 206.13.30.12 206.13.29.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jason\appdata\roaming\mozilla\firefox\profiles\qcyzmb0c.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb6ab000c-cc1a-4747-a166-15f605a35df7%7D&mid=1f8ab31d8a76cb12ac91033202a954ea-d4ce2ab78ec6c6cfadfe94445b4f25411bcd97c6&ds=AVG&v=9.0.0.18.1&lang=en&pr=fr&d=2011-09-19%2011%3A41%3A35&sap=ku&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCltInst11.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jason\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\jason\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2010-1-24 79052]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-10-12 24576]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-19 909152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-10-12 167936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-13 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-20 1025352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-23 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-13 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-7 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
.
=============== Created Last 30 ================
.
2012-01-26 11:17:41 -------- d-----w- c:\users\jason\appdata\local\{930F5D9E-C8EA-4F71-B716-2341451A0E60}
2012-01-26 11:17:39 -------- d-----w- c:\users\jason\appdata\local\{83D8CD71-A97F-4CC7-952D-5C9128381C8D}
2012-01-25 17:58:10 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-25 17:58:10 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-25 17:58:10 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-25 17:58:10 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-25 17:58:10 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-25 17:58:10 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-25 17:58:10 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-25 17:58:10 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-25 17:58:10 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-25 17:58:10 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-23 18:00:09 -------- d-----w- c:\users\jason\appdata\local\{95189C40-04AA-4151-BB80-9AAD5A985262}
2012-01-23 18:00:01 -------- d-----w- c:\users\jason\appdata\local\{1C5D2FB1-EB92-4F18-8780-29B66E21546C}
2012-01-23 14:49:43 -------- d-----w- c:\users\jason\appdata\local\{D2222DA8-36B6-467E-80AB-BAFE45808531}
2012-01-23 14:49:40 -------- d-----w- c:\users\jason\appdata\local\{C1ED8A08-B155-42B9-8F96-04B044CB69B7}
2012-01-19 03:01:42 -------- d-----w- c:\users\jason\appdata\local\{0E426CD8-B645-48D0-B60A-949FEE842F18}
2012-01-19 03:01:36 -------- d-----w- c:\users\jason\appdata\local\{67BEF74F-5B56-4BE5-B543-7EBBE09810A0}
2012-01-19 02:41:11 -------- d-----w- c:\program files\ESET
2012-01-18 22:21:19 -------- d-----w- c:\users\jason\appdata\local\{D4594489-87C9-4560-829B-1CCE73FAB12B}
2012-01-18 22:21:13 -------- d-----w- c:\users\jason\appdata\local\{B9B67C16-BFC5-4EF6-9743-DC71708BAA06}
2012-01-18 21:26:05 -------- d-----w- c:\users\jason\appdata\local\{5DA9BA64-DCBE-4E67-BE05-F2F787C24245}
2012-01-18 21:25:59 -------- d-----w- c:\users\jason\appdata\local\{E538D492-90EB-44BA-9B9B-579E992E9952}
2012-01-18 18:17:10 -------- d-----w- c:\users\jason\appdata\local\{CC48F0AA-56D4-412D-889E-C980C3C40D0D}
2012-01-18 18:17:05 -------- d-----w- c:\users\jason\appdata\local\{B8F3CD39-2DFC-4AE7-B327-656F13564820}
2012-01-18 18:02:47 -------- d-----w- c:\users\jason\appdata\local\{5A782BC1-D448-4F95-8C5C-873CDC41460E}
2012-01-18 18:02:42 -------- d-----w- c:\users\jason\appdata\local\{E3CE425B-1C78-4AC2-AD70-EB1E6CC9C030}
2012-01-18 17:47:11 -------- d-----w- c:\users\jason\appdata\local\{2D72CECC-900C-444F-8234-5087D1F7E196}
2012-01-18 17:47:04 -------- d-----w- c:\users\jason\appdata\local\{8FAE16F5-ACC6-4E33-8BBF-D2390E645C37}
2012-01-18 17:15:37 -------- d-----w- c:\users\jason\appdata\local\{8D473ACF-D930-4640-A1BC-3B94F4258C4F}
2012-01-18 17:15:32 -------- d-----w- c:\users\jason\appdata\local\{189C8820-FE21-4289-8F85-3A48B2927C9B}
2012-01-18 16:59:31 -------- d-----w- c:\users\jason\appdata\local\{A122F714-FAF7-483C-8473-B06B8FC1319C}
2012-01-18 16:59:26 -------- d-----w- c:\users\jason\appdata\local\{6A20E5CE-E425-455F-BB4E-9F1C8B73202D}
2012-01-18 16:25:36 -------- d-----w- c:\users\jason\appdata\local\{E364222A-D718-4F12-AD18-52CA5B9336A8}
2012-01-18 16:25:33 -------- d-----w- c:\users\jason\appdata\local\{CF8EA54D-881E-4BF8-9EC8-EB72E5849432}
2012-01-17 15:24:30 -------- d-----w- c:\users\jason\appdata\local\{8CA7076B-DFF7-454A-92D1-3FE78C6663C2}
2012-01-17 15:24:18 -------- d-----w- c:\users\jason\appdata\local\{07F91F9D-D5ED-48DF-81FD-48A442D94168}
2012-01-16 01:58:06 -------- d-----w- c:\users\jason\appdata\local\{36BF14E5-571B-4E8A-9F76-2A1B297997DF}
2012-01-16 01:57:59 -------- d-----w- c:\users\jason\appdata\local\{24E04571-DC3C-4866-992C-B8EF8E458C7E}
2012-01-16 01:57:48 -------- d-----w- c:\users\jason\appdata\local\{9460B045-8958-4973-BDFD-A128B9471D90}
2012-01-16 01:50:45 -------- d-----w- c:\users\jason\appdata\local\{F6E51A3F-D792-433B-885D-7E9D4640A289}
2012-01-16 01:50:33 -------- d-----w- c:\users\jason\appdata\local\{43A96E87-5851-4BDB-87B5-3FEA72AFE01F}
2012-01-16 01:50:22 -------- d-----w- c:\users\jason\appdata\local\{60376CF6-B018-4AF8-BE96-914752D1082B}
2012-01-16 01:50:11 -------- d-----w- c:\users\jason\appdata\local\{335127DC-966D-40F6-9809-5B04444E42DC}
2012-01-12 17:48:22 -------- d-----w- c:\users\jason\appdata\local\{FCFA620C-D0D8-45F4-BFCD-6864534B4F23}
2012-01-12 17:48:10 -------- d-----w- c:\users\jason\appdata\local\{5FD25E55-554B-4A0F-9418-12EF6933006A}
2012-01-12 11:20:32 -------- d-----w- c:\users\jason\appdata\local\{3B813FBC-AE89-403F-8624-E813F59D5862}
2012-01-12 11:20:20 -------- d-----w- c:\users\jason\appdata\local\{8C0C338D-C46C-489D-9E18-95F57154DEC0}
2012-01-11 14:59:46 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 14:59:46 -------- d--h--w- C:\Ex.CleanI
2012-01-11 14:59:44 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 14:59:42 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 14:59:42 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-09 15:00:44 -------- d-----w- c:\users\jason\appdata\local\{FF6B4FFE-8A16-4F3A-A541-260C4FCD74B7}
2012-01-09 15:00:32 -------- d-----w- c:\users\jason\appdata\local\{EECA6024-909F-4C64-BDF6-F4D00393924B}
2012-01-08 01:33:12 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-08 01:33:12 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-08 01:33:12 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-08 01:33:11 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-03 14:26:45 -------- d-----w- c:\users\jason\appdata\local\{D29ABA8C-E0F8-4BE3-867A-45B176451767}
2012-01-03 14:26:31 -------- d-----w- c:\users\jason\appdata\local\{B0EB4E75-8053-42CF-85D9-4D130F6D4EB7}
2012-01-03 13:10:44 182672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-12-29 21:50:50 -------- d-----w- c:\users\jason\appdata\local\{9D3F40DA-BF6E-442A-A88A-0ED1D5A7551F}
2011-12-29 21:50:36 -------- d-----w- c:\users\jason\appdata\local\{F717202D-4368-473F-AD24-751E0351F185}
2011-12-29 05:50:50 -------- d-----w- c:\users\jason\appdata\local\{56A534E1-5473-445F-9563-2AAA371C82EA}
2011-12-28 17:50:47 -------- d-----w- c:\users\jason\appdata\local\{AFCB32C3-9E90-4EF5-8E94-A83A9F0C6CBE}
2011-12-28 17:16:09 -------- d-----w- c:\users\jason\appdata\local\{F5598C89-1683-4B74-B505-58DE39511A3A}
2011-12-28 17:15:53 -------- d-----w- c:\users\jason\appdata\local\{C41DA0E9-A0C5-416C-872B-EC1A5C8AE921}
2011-12-28 00:36:57 -------- d-----w- c:\users\jason\appdata\local\{DE78F706-00C0-49A0-ADF9-3B8A39C76BD5}
2011-12-28 00:33:36 -------- d-----w- c:\users\jason\appdata\local\{BC88B27B-081C-4709-8B9E-804ABE5C105C}
2011-12-28 00:33:24 -------- d-----w- c:\users\jason\appdata\local\{CF4B1909-DC7A-435C-88D0-AA76D682A47C}
2011-12-28 00:32:23 -------- d-----w- c:\users\jason\appdata\local\{F6716A2B-45AB-4700-BC2F-7B5098C3DD3B}
2011-12-28 00:32:11 -------- d-----w- c:\users\jason\appdata\local\{9CA55475-369D-4448-B17F-1C0AAD464178}
.
==================== Find3M ====================
.
2011-12-15 14:37:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:35:00 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 02:48:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 14:55:42.75 ===============

I have attached the "attach" zip file

Here is the gmer log that was named ark.txt:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-26 15:23:50
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 Hitachi_HDT721016SLA380 rev.ST1OA31B
Running: gmer.exe; Driver: C:\Users\Jason\AppData\Local\Temp\fftcqaob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9A3E5F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9A3E5FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9A3E6080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9A3E611C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C47369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C80D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82C88054 4 Bytes [3C, 5F, 3E, 9A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82C88324 8 Bytes [E4, 5F, 3E, 9A, 80, 60, 3E, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 82C88398 4 Bytes [1C, 61, 3E, 9A]
? C:\Users\Jason\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 AD742000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 AD742123 486 Bytes [D5, 73, AD, FE, 05, 34, D5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 529A AD74230A 142 Bytes [73, AD, 3B, 08, 77, 04, 3B, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 AD742399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F AD7423FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtCreateFile + 6 774755CE 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtCreateFile + B 774755D3 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtCreateKey + 6 7747560E 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtCreateKey + B 77475613 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtCreateMutant + 6 7747564E 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtCreateMutant + B 77475653 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtCreateSection + 6 774756EE 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtCreateSection + B 774756F3 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtDeleteValueKey + 6 7747584E 1 Byte [28]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtDeleteValueKey + 6 7747584E 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtDeleteValueKey + B 77475853 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtMapViewOfSection + 6 77475C2E 4 Bytes [28, 05, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtMapViewOfSection + B 77475C33 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenFile + 6 77475CDE 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenFile + B 77475CE3 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenKey + 6 77475D0E 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenKey + B 77475D13 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenKeyEx + B 77475D23 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenMutant + 6 77475D5E 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenMutant + B 77475D63 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenProcess + 6 77475D8E 1 Byte [A8]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenProcess + 6 77475D8E 4 Bytes [A8, 03, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenProcess + B 77475D93 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenProcessToken + 6 77475D9E 1 Byte [E8]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenProcessToken + B 77475DA3 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenProcessTokenEx + 6 77475DAE 4 Bytes [A8, 04, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenProcessTokenEx + B 77475DB3 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenSection + B 77475DD3 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenThread + 6 77475E0E 1 Byte [68]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenThread + 6 77475E0E 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenThread + B 77475E13 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenThreadToken + 6 77475E1E 4 Bytes [68, 04, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenThreadToken + B 77475E23 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtOpenThreadTokenEx + B 77475E33 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtQueryAttributesFile + 6 77475F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtQueryAttributesFile + B 77475F43 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtQueryFullAttributesFile + B 77475FF3 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtSetInformationFile + 6 7747663E 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtSetInformationFile + B 77476643 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtSetInformationThread + 6 7747669E 4 Bytes [28, 04, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtSetInformationThread + B 774766A3 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtUnmapViewOfSection + 6 774769BE 4 Bytes [68, 05, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ntdll.dll!NtUnmapViewOfSection + B 774769C3 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] kernel32.dll!CreateProcessW 7541204D 5 Bytes JMP 00010030
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] kernel32.dll!CreateProcessA 75412082 5 Bytes JMP 00010070
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] USER32.dll!ActivateKeyboardLayout 76A68203 5 Bytes JMP 000904F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] USER32.dll!RegisterClipboardFormatA 76A6C091 5 Bytes JMP 000902F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] USER32.dll!RegisterClipboardFormatW 76A6DF8D 5 Bytes JMP 000902B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] USER32.dll!EmptyClipboard 76A8290C 5 Bytes JMP 00090130
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] USER32.dll!SetClipboardData 76A82962 5 Bytes JMP 00090170
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] USER32.dll!GetClipboardData 76A82BA7 5 Bytes JMP 00090030
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] USER32.dll!GetClipboardFormatNameW 76A85FD2 5 Bytes JMP 00090230
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] USER32.dll!SetClipboardViewer 76A86FF6 5 Bytes JMP 000904B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] USER32.dll!GetClipboardFormatNameA 76A8700A 5 Bytes JMP 00090270
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] USER32.dll!ChangeClipboardChain 76A9147C 5 Bytes JMP 00090430
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] USER32.dll!CloseClipboard 76A9446C 5 Bytes JMP 000900B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] USER32.dll!OpenClipboard 76A9447E 5 Bytes JMP 00090070
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] USER32.dll!IsClipboardFormatAvailable 76A944FF 5 Bytes JMP 000900F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] USER32.dll!GetClipboardSequenceNumber 76A94513 5 Bytes JMP 00090330
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] USER32.dll!GetClipboardOwner 76A94525 5 Bytes JMP 00090370
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] USER32.dll!CountClipboardFormats 76A9470A 5 Bytes JMP 000901F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] USER32.dll!EnumClipboardFormats 76A947EC 5 Bytes JMP 000901B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] USER32.dll!GetOpenClipboardWindow 76A9480B 5 Bytes JMP 000903F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] USER32.dll!GetClipboardViewer 76AC4AF7 5 Bytes JMP 00090470
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] USER32.dll!GetPriorityClipboardFormat 76AC4BF9 5 Bytes JMP 000903B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!DeleteObject 75085F14 5 Bytes JMP 000A01B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!SelectObject 75086640 5 Bytes JMP 000A05B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!SetTextColor 75086906 5 Bytes JMP 000A0970
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!SetBkMode 750869B1 5 Bytes JMP 000A0830
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!DeleteDC 75086EAA 5 Bytes JMP 000A0170
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!GetDeviceCaps 75086F7F 5 Bytes JMP 000A0370
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!ExtSelectClipRgn 75087114 5 Bytes JMP 000A02F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!SelectClipRgn 75087242 5 Bytes JMP 000A0570
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!SetStretchBltMode 75087705 5 Bytes JMP 000A05F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!GetTextMetricsW 75087B8F 5 Bytes JMP 000A0D30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!IntersectClipRect 75087DFE 5 Bytes JMP 000A03B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!ExtTextOutW 75088192 5 Bytes JMP 000A08B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!SetTextAlign 7508828E 5 Bytes JMP 000A0930
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!GetClipBox 75088525 5 Bytes JMP 000A0330
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!MoveToEx 75088C21 5 Bytes JMP 000A0430
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!StretchDIBits 7508A53E 5 Bytes JMP 000A06B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!RestoreDC 7508A67B 5 Bytes JMP 000A04F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!SaveDC 7508A74B 5 Bytes JMP 000A0530
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!GetTextFaceW 7508B73A 2 Bytes JMP 000A0C70
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!GetTextFaceW + 3 7508B73D 2 Bytes [01, 8B]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!GetFontData 7508BCC4 5 Bytes JMP 000A0BB0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!SetWorldTransform 7508C90A 5 Bytes JMP 000A0630
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!CreateDCA 7508CCA9 5 Bytes JMP 000A00B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!CreateDCW 7508CF79 5 Bytes JMP 000A00F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!CreateICW 7508CFD0 5 Bytes JMP 000A0130
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!GetTextMetricsA 7508D0F2 5 Bytes JMP 000A0CF0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!Rectangle 7508F1FF 5 Bytes JMP 000A08F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!LineTo 7508F59B 5 Bytes JMP 000A03F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!SetICMMode 7508FAA4 5 Bytes JMP 000A0CB0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!ExtTextOutA 750903F9 5 Bytes JMP 000A0870
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!ExtEscape 75092949 5 Bytes JMP 000A02B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!Escape 75093939 5 Bytes JMP 000A0270
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!GetTextFaceA 75093E6A 5 Bytes JMP 000A0C30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!SetPolyFillMode 7509D851 5 Bytes JMP 000A0A70
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!SetMiterLimit 7509DA0D 5 Bytes JMP 000A0AB0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!EndPage 750A00D7 5 Bytes JMP 000A0230
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!ResetDCW 750A050D 5 Bytes JMP 000A09F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!GetGlyphOutlineW 750AC1BA 5 Bytes JMP 000A0BF0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!CreateScalableFontResourceW 750AE817 5 Bytes JMP 000A0AF0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!AddFontResourceW 750AEC13 5 Bytes JMP 000A0B30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!RemoveFontResourceW 750AF109 5 Bytes JMP 000A0B70
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!AbortDoc 750B4C63 5 Bytes JMP 000A0030
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!EndDoc 750B50AA 5 Bytes JMP 000A01F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!StartPage 750B5195 5 Bytes JMP 000A0670
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!StartDocW 750B5BB0 5 Bytes JMP 000A0730
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!BeginPath 750B635D 5 Bytes JMP 000A0770
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!SelectClipPath 750B63B4 5 Bytes JMP 000A0A30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!CloseFigure 750B640F 5 Bytes JMP 000A0070
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!EndPath 750B6466 5 Bytes JMP 000A09B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!StrokePath 750B6699 5 Bytes JMP 000A06F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!FillPath 750B6726 5 Bytes JMP 000A07B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!PolylineTo 750B6B94 5 Bytes JMP 000A04B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!PolyBezierTo 750B6C25 5 Bytes JMP 000A0470
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] GDI32.dll!PolyDraw 750B6CD7 5 Bytes JMP 000A07F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2724] ole32.dll!OleSetClipboard 75130045 5 Bytes JMP 000C0030
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4724] USER32.dll!SetWindowLongA 76A68BA3 5 Bytes JMP 5BCE3A89 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4724] USER32.dll!SetWindowLongW 76A74449 5 Bytes JMP 5BCE3A1B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4724] USER32.dll!GetWindowInfo 76A74B5E 5 Bytes JMP 5BA8C909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4724] USER32.dll!TrackPopupMenu 76A82228 5 Bytes JMP 5BA8CEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] ntdll.dll!LdrLoadDll 7749223E 5 Bytes JMP 5B90B750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB36206$\1054061501 0 bytes
File C:\Windows\$NtUninstallKB36206$\1054061501\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB36206$\1054061501\L 0 bytes
File C:\Windows\$NtUninstallKB36206$\1054061501\U 0 bytes
File C:\Windows\$NtUninstallKB36206$\2690190951 0 bytes

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by Musicjunkie27, 26 January 2012 - 06:35 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 27 January 2012 - 01:45 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Musicjunkie27

Musicjunkie27
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 27 January 2012 - 12:12 PM

Gringo:

Thanks for getting back to me so quickly. I tried to follow your directions, but I cannot get AVG to shut down. I tried to uninstall AVG since I could not get it to shut off. On the several attempts, I kept getting the following pop up....

Error Code: 0xC0070643
Error Message: General Internal Error

and the uninstall is unsuccessful.... very frustrating.... Figured I would ask you before trying anything else.

Thanks,

MJ

#4 Musicjunkie27

Musicjunkie27
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 27 January 2012 - 12:15 PM

Gringo:

Here is the actual screenshot of the AVG uninstall failure...

MJ

Attached Files



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 27 January 2012 - 02:58 PM

I would like you to run their AVG removal tool


now go ahead and run combofix even if it still complains


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Musicjunkie27

Musicjunkie27
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 28 January 2012 - 12:40 PM

Gringo:

Well, this is going to be interesting I guess......lol

I tried the link you provided for the AVG removal tool and it lead to a dead page. I googled the AVG Removal tool and was able to get it downloaded and aftera few unsuccessful attempts, I got it to take (at least I thought so). I then re-tried Combofix and got the same message. I looked in my control panel for programs and AVG was not there anymore, nor was it in the windows menu. Don't know why it still shows. Anyway, Ignored the warning and tried to let Combofix run. I get to the blue screen where it tells me that the scan normally takes 10 min, but can easily take double that for some computers. This is where it gets stuck. It will just site on that blue screen indefinitely..... I tried three separate times. Fist time I let it sit there for 1 hr, second time I let it set there for 16hrs. The third time, when I started Combofix, it told me there was a newer version of Combofix available on the server. I downloaded the newer version and tried again this morning. I got a funny message about my recycle bin (see attached) and I let it run for 2 hrs and decided to check in with you again. I apologize for the hassle.... I have attached some pics of the Combofix warnings about the AVG program and the blue screen where I get stuck repeatedly.... I sincerely want to thank you for your time on this, it is very kind of you to help out.

MJ

Attached Files



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 28 January 2012 - 01:47 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Musicjunkie27

Musicjunkie27
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 28 January 2012 - 03:42 PM

Report from TDSSkiller:

12:40:18.0499 1128 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
12:40:19.0067 1128 ============================================================
12:40:19.0067 1128 Current date / time: 2012/01/28 12:40:19.0067
12:40:19.0067 1128 SystemInfo:
12:40:19.0067 1128
12:40:19.0067 1128 OS Version: 6.1.7601 ServicePack: 1.0
12:40:19.0067 1128 Product type: Workstation
12:40:19.0067 1128 ComputerName: ACER-COMPUTER
12:40:19.0067 1128 UserName: Jason
12:40:19.0068 1128 Windows directory: C:\Windows
12:40:19.0068 1128 System windows directory: C:\Windows
12:40:19.0068 1128 Processor architecture: Intel x86
12:40:19.0068 1128 Number of processors: 2
12:40:19.0068 1128 Page size: 0x1000
12:40:19.0068 1128 Boot type: Normal boot
12:40:19.0068 1128 ============================================================
12:40:20.0075 1128 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:40:20.0098 1128 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:40:20.0152 1128 Initialize success
12:40:27.0057 1276 ============================================================
12:40:27.0057 1276 Scan started
12:40:27.0057 1276 Mode: Manual;
12:40:27.0057 1276 ============================================================
12:40:28.0166 1276 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
12:40:28.0169 1276 1394ohci - ok
12:40:28.0230 1276 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:40:28.0233 1276 ACPI - ok
12:40:28.0331 1276 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:40:28.0332 1276 AcpiPmi - ok
12:40:28.0461 1276 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:40:28.0466 1276 adp94xx - ok
12:40:28.0555 1276 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:40:28.0560 1276 adpahci - ok
12:40:28.0641 1276 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:40:28.0644 1276 adpu320 - ok
12:40:28.0733 1276 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
12:40:28.0738 1276 AFD - ok
12:40:28.0847 1276 AFS (8d0cf8a08034cd3d273c9ffc759b62a6) C:\Windows\system32\drivers\AFS.sys
12:40:28.0848 1276 AFS - ok
12:40:28.0897 1276 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
12:40:28.0898 1276 agp440 - ok
12:40:28.0979 1276 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:40:28.0980 1276 aic78xx - ok
12:40:29.0103 1276 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
12:40:29.0104 1276 aliide - ok
12:40:29.0121 1276 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
12:40:29.0123 1276 amdagp - ok
12:40:29.0150 1276 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
12:40:29.0151 1276 amdide - ok
12:40:29.0214 1276 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:40:29.0239 1276 AmdK8 - ok
12:40:29.0283 1276 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:40:29.0284 1276 AmdPPM - ok
12:40:29.0370 1276 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
12:40:29.0372 1276 amdsata - ok
12:40:29.0454 1276 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:40:29.0457 1276 amdsbs - ok
12:40:29.0547 1276 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
12:40:29.0548 1276 amdxata - ok
12:40:29.0648 1276 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
12:40:29.0649 1276 AppID - ok
12:40:29.0759 1276 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:40:29.0760 1276 arc - ok
12:40:29.0832 1276 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:40:29.0834 1276 arcsas - ok
12:40:29.0924 1276 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:40:29.0925 1276 AsyncMac - ok
12:40:30.0024 1276 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
12:40:30.0024 1276 atapi - ok
12:40:30.0104 1276 AVGIDSShim - ok
12:40:30.0187 1276 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:40:30.0193 1276 b06bdrv - ok
12:40:30.0285 1276 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:40:30.0288 1276 b57nd60x - ok
12:40:30.0369 1276 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:40:30.0370 1276 Beep - ok
12:40:30.0413 1276 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:40:30.0414 1276 blbdrive - ok
12:40:30.0523 1276 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
12:40:30.0525 1276 bowser - ok
12:40:30.0570 1276 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:40:30.0571 1276 BrFiltLo - ok
12:40:30.0637 1276 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:40:30.0638 1276 BrFiltUp - ok
12:40:30.0740 1276 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
12:40:30.0742 1276 BridgeMP - ok
12:40:30.0782 1276 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:40:30.0785 1276 Brserid - ok
12:40:30.0858 1276 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:40:30.0860 1276 BrSerWdm - ok
12:40:30.0874 1276 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:40:30.0876 1276 BrUsbMdm - ok
12:40:30.0951 1276 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:40:30.0952 1276 BrUsbSer - ok
12:40:30.0976 1276 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:40:30.0977 1276 BTHMODEM - ok
12:40:31.0091 1276 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
12:40:31.0093 1276 BVRPMPR5 - ok
12:40:31.0217 1276 catchme - ok
12:40:31.0299 1276 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:40:31.0301 1276 cdfs - ok
12:40:31.0405 1276 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
12:40:31.0407 1276 cdrom - ok
12:40:31.0455 1276 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:40:31.0456 1276 circlass - ok
12:40:31.0528 1276 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:40:31.0531 1276 CLFS - ok
12:40:31.0621 1276 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:40:31.0622 1276 CmBatt - ok
12:40:31.0670 1276 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
12:40:31.0671 1276 cmdide - ok
12:40:31.0766 1276 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
12:40:31.0771 1276 CNG - ok
12:40:31.0807 1276 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:40:31.0808 1276 Compbatt - ok
12:40:31.0904 1276 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
12:40:31.0905 1276 CompositeBus - ok
12:40:31.0939 1276 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:40:31.0940 1276 crcdisk - ok
12:40:32.0048 1276 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
12:40:32.0052 1276 CSC - ok
12:40:32.0163 1276 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
12:40:32.0164 1276 DfsC - ok
12:40:32.0368 1276 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:40:32.0382 1276 discache - ok
12:40:32.0455 1276 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:40:32.0455 1276 Disk - ok
12:40:32.0558 1276 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:40:32.0559 1276 drmkaud - ok
12:40:32.0619 1276 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
12:40:32.0628 1276 DXGKrnl - ok
12:40:32.0785 1276 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:40:32.0822 1276 ebdrv - ok
12:40:32.0938 1276 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:40:32.0943 1276 elxstor - ok
12:40:33.0050 1276 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
12:40:33.0051 1276 ErrDev - ok
12:40:33.0155 1276 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:40:33.0157 1276 exfat - ok
12:40:33.0176 1276 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:40:33.0178 1276 fastfat - ok
12:40:33.0267 1276 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:40:33.0269 1276 fdc - ok
12:40:33.0347 1276 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:40:33.0348 1276 FileInfo - ok
12:40:33.0364 1276 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:40:33.0365 1276 Filetrace - ok
12:40:33.0466 1276 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:40:33.0491 1276 flpydisk - ok
12:40:33.0573 1276 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:40:33.0575 1276 FltMgr - ok
12:40:33.0594 1276 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:40:33.0596 1276 FsDepends - ok
12:40:33.0703 1276 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
12:40:33.0704 1276 fssfltr - ok
12:40:33.0742 1276 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
12:40:33.0743 1276 Fs_Rec - ok
12:40:33.0829 1276 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
12:40:33.0832 1276 fvevol - ok
12:40:33.0874 1276 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:40:33.0875 1276 gagp30kx - ok
12:40:33.0961 1276 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:40:33.0963 1276 GEARAspiWDM - ok
12:40:34.0087 1276 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:40:34.0088 1276 hcw85cir - ok
12:40:34.0190 1276 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
12:40:34.0194 1276 HdAudAddService - ok
12:40:34.0228 1276 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
12:40:34.0230 1276 HDAudBus - ok
12:40:34.0301 1276 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:40:34.0302 1276 HidBatt - ok
12:40:34.0333 1276 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:40:34.0335 1276 HidBth - ok
12:40:34.0400 1276 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:40:34.0401 1276 HidIr - ok
12:40:34.0498 1276 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
12:40:34.0500 1276 HidUsb - ok
12:40:34.0621 1276 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
12:40:34.0622 1276 HpSAMD - ok
12:40:34.0740 1276 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
12:40:34.0746 1276 HTTP - ok
12:40:34.0787 1276 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
12:40:34.0788 1276 hwpolicy - ok
12:40:34.0893 1276 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
12:40:34.0895 1276 i8042prt - ok
12:40:34.0930 1276 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
12:40:34.0933 1276 iaStorV - ok
12:40:35.0144 1276 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:40:35.0229 1276 igfx - ok
12:40:35.0319 1276 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:40:35.0320 1276 iirsp - ok
12:40:35.0462 1276 IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\Windows\system32\drivers\RTKVHDA.sys
12:40:35.0491 1276 IntcAzAudAddService - ok
12:40:35.0581 1276 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
12:40:35.0581 1276 intelide - ok
12:40:35.0615 1276 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:40:35.0616 1276 intelppm - ok
12:40:35.0705 1276 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:40:35.0707 1276 IpFilterDriver - ok
12:40:35.0749 1276 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
12:40:35.0751 1276 IPMIDRV - ok
12:40:35.0825 1276 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:40:35.0827 1276 IPNAT - ok
12:40:35.0915 1276 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:40:35.0916 1276 IRENUM - ok
12:40:35.0961 1276 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
12:40:35.0963 1276 isapnp - ok
12:40:36.0055 1276 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
12:40:36.0058 1276 iScsiPrt - ok
12:40:36.0116 1276 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
12:40:36.0117 1276 kbdclass - ok
12:40:36.0211 1276 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
12:40:36.0212 1276 kbdhid - ok
12:40:36.0263 1276 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
12:40:36.0264 1276 KSecDD - ok
12:40:36.0321 1276 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
12:40:36.0323 1276 KSecPkg - ok
12:40:36.0422 1276 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:40:36.0424 1276 lltdio - ok
12:40:36.0514 1276 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:40:36.0516 1276 LSI_FC - ok
12:40:36.0535 1276 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:40:36.0537 1276 LSI_SAS - ok
12:40:36.0621 1276 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:40:36.0623 1276 LSI_SAS2 - ok
12:40:36.0645 1276 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:40:36.0647 1276 LSI_SCSI - ok
12:40:36.0728 1276 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:40:36.0729 1276 luafv - ok
12:40:36.0838 1276 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:40:36.0840 1276 megasas - ok
12:40:36.0924 1276 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:40:36.0928 1276 MegaSR - ok
12:40:36.0953 1276 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:40:36.0955 1276 Modem - ok
12:40:37.0035 1276 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:40:37.0035 1276 monitor - ok
12:40:37.0096 1276 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
12:40:37.0098 1276 mouclass - ok
12:40:37.0189 1276 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:40:37.0190 1276 mouhid - ok
12:40:37.0247 1276 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
12:40:37.0248 1276 mountmgr - ok
12:40:37.0322 1276 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
12:40:37.0325 1276 mpio - ok
12:40:37.0366 1276 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:40:37.0367 1276 mpsdrv - ok
12:40:37.0498 1276 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
12:40:37.0500 1276 MRxDAV - ok
12:40:37.0581 1276 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:40:37.0583 1276 mrxsmb - ok
12:40:37.0633 1276 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:40:37.0636 1276 mrxsmb10 - ok
12:40:37.0705 1276 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:40:37.0707 1276 mrxsmb20 - ok
12:40:37.0752 1276 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
12:40:37.0753 1276 msahci - ok
12:40:37.0813 1276 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
12:40:37.0815 1276 msdsm - ok
12:40:37.0888 1276 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:40:37.0888 1276 Msfs - ok
12:40:37.0925 1276 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:40:37.0925 1276 mshidkmdf - ok
12:40:38.0001 1276 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
12:40:38.0002 1276 msisadrv - ok
12:40:38.0100 1276 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:40:38.0101 1276 MSKSSRV - ok
12:40:38.0192 1276 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:40:38.0193 1276 MSPCLOCK - ok
12:40:38.0285 1276 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:40:38.0286 1276 MSPQM - ok
12:40:38.0309 1276 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:40:38.0312 1276 MsRPC - ok
12:40:38.0401 1276 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
12:40:38.0402 1276 mssmbios - ok
12:40:38.0435 1276 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:40:38.0436 1276 MSTEE - ok
12:40:38.0500 1276 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:40:38.0501 1276 MTConfig - ok
12:40:38.0527 1276 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:40:38.0528 1276 Mup - ok
12:40:38.0625 1276 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:40:38.0628 1276 NativeWifiP - ok
12:40:38.0681 1276 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
12:40:38.0688 1276 NDIS - ok
12:40:38.0774 1276 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:40:38.0775 1276 NdisCap - ok
12:40:38.0857 1276 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:40:38.0858 1276 NdisTapi - ok
12:40:38.0909 1276 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
12:40:38.0910 1276 Ndisuio - ok
12:40:39.0004 1276 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
12:40:39.0006 1276 NdisWan - ok
12:40:39.0056 1276 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
12:40:39.0057 1276 NDProxy - ok
12:40:39.0165 1276 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:40:39.0166 1276 NetBIOS - ok
12:40:39.0274 1276 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:40:39.0275 1276 nfrd960 - ok
12:40:39.0359 1276 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:40:39.0360 1276 Npfs - ok
12:40:39.0427 1276 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:40:39.0429 1276 nsiproxy - ok
12:40:39.0498 1276 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
12:40:39.0509 1276 Ntfs - ok
12:40:39.0599 1276 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:40:39.0600 1276 Null - ok
12:40:39.0693 1276 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
12:40:39.0695 1276 nvraid - ok
12:40:39.0741 1276 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
12:40:39.0743 1276 nvstor - ok
12:40:39.0828 1276 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
12:40:39.0831 1276 nv_agp - ok
12:40:39.0886 1276 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
12:40:39.0888 1276 ohci1394 - ok
12:40:40.0009 1276 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:40:40.0011 1276 Parport - ok
12:40:40.0060 1276 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
12:40:40.0061 1276 partmgr - ok
12:40:40.0133 1276 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:40:40.0134 1276 Parvdm - ok
12:40:40.0189 1276 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
12:40:40.0191 1276 pci - ok
12:40:40.0254 1276 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
12:40:40.0255 1276 pciide - ok
12:40:40.0284 1276 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:40:40.0287 1276 pcmcia - ok
12:40:40.0377 1276 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:40:40.0378 1276 pcw - ok
12:40:40.0418 1276 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:40:40.0424 1276 PEAUTH - ok
12:40:40.0568 1276 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:40:40.0570 1276 PptpMiniport - ok
12:40:40.0586 1276 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:40:40.0587 1276 Processor - ok
12:40:40.0685 1276 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:40:40.0687 1276 Psched - ok
12:40:40.0757 1276 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
12:40:40.0758 1276 PxHelp20 - ok
12:40:40.0812 1276 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:40:40.0829 1276 ql2300 - ok
12:40:40.0910 1276 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:40:40.0912 1276 ql40xx - ok
12:40:40.0938 1276 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:40:40.0940 1276 QWAVEdrv - ok
12:40:41.0015 1276 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:40:41.0017 1276 RasAcd - ok
12:40:41.0059 1276 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:40:41.0061 1276 RasAgileVpn - ok
12:40:41.0122 1276 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:40:41.0124 1276 Rasl2tp - ok
12:40:41.0210 1276 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:40:41.0212 1276 RasPppoe - ok
12:40:41.0289 1276 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:40:41.0291 1276 RasSstp - ok
12:40:41.0380 1276 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
12:40:41.0384 1276 rdbss - ok
12:40:41.0424 1276 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:40:41.0425 1276 rdpbus - ok
12:40:41.0514 1276 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:40:41.0515 1276 RDPCDD - ok
12:40:41.0565 1276 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
12:40:41.0567 1276 RDPDR - ok
12:40:41.0643 1276 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:40:41.0644 1276 RDPENCDD - ok
12:40:41.0662 1276 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:40:41.0663 1276 RDPREFMP - ok
12:40:41.0758 1276 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
12:40:41.0760 1276 RDPWD - ok
12:40:41.0828 1276 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
12:40:41.0830 1276 rdyboost - ok
12:40:41.0927 1276 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:40:41.0928 1276 rspndr - ok
12:40:42.0009 1276 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys
12:40:42.0012 1276 RTL8167 - ok
12:40:42.0064 1276 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
12:40:42.0065 1276 s3cap - ok
12:40:42.0160 1276 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
12:40:42.0162 1276 sbp2port - ok
12:40:42.0214 1276 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
12:40:42.0215 1276 scfilter - ok
12:40:42.0334 1276 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:40:42.0337 1276 secdrv - ok
12:40:42.0426 1276 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:40:42.0427 1276 Serenum - ok
12:40:42.0448 1276 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:40:42.0450 1276 Serial - ok
12:40:42.0537 1276 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:40:42.0538 1276 sermouse - ok
12:40:42.0590 1276 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
12:40:42.0591 1276 sffdisk - ok
12:40:42.0605 1276 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
12:40:42.0606 1276 sffp_mmc - ok
12:40:42.0695 1276 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
12:40:42.0696 1276 sffp_sd - ok
12:40:42.0727 1276 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:40:42.0728 1276 sfloppy - ok
12:40:42.0831 1276 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
12:40:42.0833 1276 sisagp - ok
12:40:42.0869 1276 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:40:42.0871 1276 SiSRaid2 - ok
12:40:42.0943 1276 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:40:42.0945 1276 SiSRaid4 - ok
12:40:42.0983 1276 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:40:42.0985 1276 Smb - ok
12:40:43.0064 1276 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:40:43.0065 1276 spldr - ok
12:40:43.0159 1276 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
12:40:43.0163 1276 srv - ok
12:40:43.0186 1276 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
12:40:43.0191 1276 srv2 - ok
12:40:43.0279 1276 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
12:40:43.0281 1276 srvnet - ok
12:40:43.0367 1276 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:40:43.0368 1276 stexstor - ok
12:40:43.0467 1276 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
12:40:43.0468 1276 StillCam - ok
12:40:43.0573 1276 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
12:40:43.0574 1276 storflt - ok
12:40:43.0618 1276 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
12:40:43.0619 1276 storvsc - ok
12:40:43.0695 1276 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
12:40:43.0696 1276 swenum - ok
12:40:43.0814 1276 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
12:40:43.0829 1276 Tcpip - ok
12:40:43.0947 1276 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
12:40:43.0958 1276 TCPIP6 - ok
12:40:44.0044 1276 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
12:40:44.0045 1276 tcpipreg - ok
12:40:44.0113 1276 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
12:40:44.0115 1276 TDPIPE - ok
12:40:44.0180 1276 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
12:40:44.0182 1276 TDTCP - ok
12:40:44.0236 1276 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
12:40:44.0237 1276 tdx - ok
12:40:44.0321 1276 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
12:40:44.0322 1276 TermDD - ok
12:40:44.0397 1276 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:40:44.0398 1276 tssecsrv - ok
12:40:44.0490 1276 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
12:40:44.0492 1276 TsUsbFlt - ok
12:40:44.0551 1276 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
12:40:44.0553 1276 tunnel - ok
12:40:44.0641 1276 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\Windows\system32\drivers\tvicport.sys
12:40:44.0642 1276 tvicport - ok
12:40:44.0661 1276 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:40:44.0662 1276 uagp35 - ok
12:40:44.0742 1276 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
12:40:44.0746 1276 udfs - ok
12:40:44.0812 1276 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
12:40:44.0814 1276 uliagpkx - ok
12:40:44.0907 1276 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
12:40:44.0909 1276 umbus - ok
12:40:44.0929 1276 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:40:44.0930 1276 UmPass - ok
12:40:45.0027 1276 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
12:40:45.0029 1276 USBAAPL - ok
12:40:45.0072 1276 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
12:40:45.0074 1276 usbccgp - ok
12:40:45.0170 1276 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
12:40:45.0171 1276 usbcir - ok
12:40:45.0214 1276 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
12:40:45.0215 1276 usbehci - ok
12:40:45.0315 1276 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
12:40:45.0319 1276 usbhub - ok
12:40:45.0345 1276 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
12:40:45.0347 1276 usbohci - ok
12:40:45.0435 1276 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:40:45.0436 1276 usbprint - ok
12:40:45.0519 1276 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
12:40:45.0520 1276 usbscan - ok
12:40:45.0606 1276 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:40:45.0608 1276 USBSTOR - ok
12:40:45.0645 1276 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:40:45.0646 1276 usbuhci - ok
12:40:45.0787 1276 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
12:40:45.0788 1276 vdrvroot - ok
12:40:45.0875 1276 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:40:45.0877 1276 vga - ok
12:40:45.0914 1276 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:40:45.0916 1276 VgaSave - ok
12:40:46.0003 1276 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
12:40:46.0006 1276 vhdmp - ok
12:40:46.0061 1276 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
12:40:46.0063 1276 viaagp - ok
12:40:46.0142 1276 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:40:46.0145 1276 ViaC7 - ok
12:40:46.0190 1276 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
12:40:46.0191 1276 viaide - ok
12:40:46.0283 1276 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
12:40:46.0285 1276 vmbus - ok
12:40:46.0307 1276 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
12:40:46.0308 1276 VMBusHID - ok
12:40:46.0409 1276 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
12:40:46.0410 1276 volmgr - ok
12:40:46.0441 1276 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:40:46.0445 1276 volmgrx - ok
12:40:46.0538 1276 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
12:40:46.0539 1276 volsnap - ok
12:40:46.0627 1276 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:40:46.0630 1276 vsmraid - ok
12:40:46.0650 1276 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
12:40:46.0652 1276 vwifibus - ok
12:40:46.0739 1276 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:40:46.0740 1276 WacomPen - ok
12:40:46.0842 1276 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:40:46.0844 1276 WANARP - ok
12:40:46.0850 1276 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:40:46.0851 1276 Wanarpv6 - ok
12:40:46.0949 1276 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:40:46.0950 1276 Wd - ok
12:40:46.0983 1276 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:40:46.0988 1276 Wdf01000 - ok
12:40:47.0093 1276 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:40:47.0098 1276 WfpLwf - ok
12:40:47.0115 1276 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:40:47.0116 1276 WIMMount - ok
12:40:47.0222 1276 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
12:40:47.0224 1276 WinUsb - ok
12:40:47.0273 1276 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
12:40:47.0274 1276 WmiAcpi - ok
12:40:47.0391 1276 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:40:47.0392 1276 ws2ifsl - ok
12:40:47.0492 1276 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
12:40:47.0494 1276 WSDPrintDevice - ok
12:40:47.0547 1276 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
12:40:47.0549 1276 WudfPf - ok
12:40:47.0656 1276 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:40:47.0658 1276 WUDFRd - ok
12:40:47.0757 1276 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\Windows\system32\drivers\zntport.sys
12:40:47.0758 1276 zntport - ok
12:40:47.0796 1276 MBR (0x1B8) (70e629b51c16b3c007730c6ae57144c9) \Device\Harddisk0\DR0
12:40:49.0704 1276 \Device\Harddisk0\DR0 - ok
12:40:49.0709 1276 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR1
12:40:49.0729 1276 \Device\Harddisk1\DR1 - ok
12:40:49.0747 1276 Boot (0x1200) (91ef4b95f6615fbcd96ccbbc7793c828) \Device\Harddisk0\DR0\Partition0
12:40:49.0747 1276 \Device\Harddisk0\DR0\Partition0 - ok
12:40:49.0756 1276 Boot (0x1200) (e48bbb39da80541d499db4247cdebc1d) \Device\Harddisk0\DR0\Partition1
12:40:49.0756 1276 \Device\Harddisk0\DR0\Partition1 - ok
12:40:49.0760 1276 Boot (0x1200) (039f82083113f47608e6f29d82202317) \Device\Harddisk1\DR1\Partition0
12:40:49.0761 1276 \Device\Harddisk1\DR1\Partition0 - ok
12:40:49.0762 1276 ============================================================
12:40:49.0762 1276 Scan finished
12:40:49.0762 1276 ============================================================
12:40:49.0775 3084 Detected object count: 0
12:40:49.0775 3084 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 28 January 2012 - 04:20 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Musicjunkie27

Musicjunkie27
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 28 January 2012 - 08:28 PM

aswMBR Log:

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-28 14:40:27
-----------------------------
14:40:27.591 OS Version: Windows 6.1.7601 Service Pack 1
14:40:27.591 Number of processors: 2 586 0x170A
14:40:27.592 ComputerName: ACER-COMPUTER UserName: Jason
14:40:27.992 Initialize success
14:43:27.709 AVAST engine defs: 12012801
17:23:40.885 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
17:23:40.889 Disk 0 Vendor: Hitachi_HDT721016SLA380 ST1OA31B Size: 152627MB BusType: 3
17:23:40.908 Disk 0 MBR read successfully
17:23:40.912 Disk 0 MBR scan
17:23:40.917 Disk 0 unknown MBR code
17:23:40.922 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 45331 MB offset 63
17:23:40.951 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 164 MB offset 92839635
17:23:40.968 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 107128 MB offset 93177000
17:23:40.977 Disk 0 scanning sectors +312576705
17:23:41.033 Disk 0 scanning C:\Windows\system32\drivers
17:23:46.007 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Smadow [Rtk]
17:23:50.648 Disk 0 trace - called modules:
17:23:50.672 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
17:23:51.007 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86562700]
17:23:51.015 3 CLASSPNP.SYS[839d459e] -> nt!IofCallDriver -> [0x860de918]
17:23:51.022 5 ACPI.sys[838363d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x860ff030]
17:23:51.470 AVAST engine scan C:\Windows
17:23:54.196 AVAST engine scan C:\Windows\system32
17:25:55.926 AVAST engine scan C:\Windows\system32\drivers
17:26:01.547 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Smadow [Rtk]
17:26:08.200 AVAST engine scan C:\Users\Jason
17:26:52.817 Disk 0 MBR has been saved successfully to "C:\Users\Jason\Desktop\Virus Repair Work\MBR.dat"
17:26:52.825 The log file has been saved successfully to "C:\Users\Jason\Desktop\Virus Repair Work\aswMBR2.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 28 January 2012 - 09:18 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
netbt.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Musicjunkie27

Musicjunkie27
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 28 January 2012 - 10:03 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 19:01 on 28/01/2012 by Jason
Administrator - Elevation successful

========== filefind ==========

Searching for "netbt.sys"
C:\Windows\System32\drivers\netbt.sys --a---- 187904 bytes [17:34 07/07/2011] [08:39 20/11/2010] 20B8785E96BC67118B72783DFBFBEC08
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys --a---- 187904 bytes [23:12 13/07/2009] [23:12 13/07/2009] DD52A733BF4CA5AF84562A5E2F963B91

-= EOF =-

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 29 January 2012 - 12:07 AM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

FCopy::
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys | C:\Windows\System32\drivers\netbt.sys


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Musicjunkie27

Musicjunkie27
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 29 January 2012 - 05:11 PM

Gringo:

COmbofix still gives me the warnings that I told you about for AVG (the two pics I sent previously). It still won't run. Just stays on the blue screen. I tried twice. Left it there for an hour the first time and 2 hrs the second....... The first time it gave me a message that there was a newer version on the server and asked if I wanted to update. I declined for fear it would mess with the script we put in. The second time I let it update. Both times got the same result.... The blue screen that tells me it should take about 10min, but could take at least double that..... Could it be something to do with the lingering AVG pieces??

MJ

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 29 January 2012 - 10:00 PM

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
CopyFile:
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys C:\Windows\System32\drivers\netbt.sys


  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users