Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clemag.NAL + Kryptik.ABIQ & Security Shield installed


  • This topic is locked This topic is locked
2 replies to this topic

#1 BabyOh

BabyOh

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 25 February 2012 - 02:55 PM

EDIT: Having run ComboFix on your own ,I had to move your topic to Virus, Trojan, Spyware, and Malware Removal Logs


Yesterday, I was brought to a site where upon connection java loaded and I was notified that "My Security Shield" has been installed successfully. I immediately closed Firefox and disconnected from the internet. A virus scanner, a fake one named Security Shield opened. Other symptoms: Google.com redirects to "alfsearch.net".

I found the following two very suspicious files that were created at the same time. ESET failed to detect any threats:

2/24/2012 3:02:17 PM C:\Documents and Settings\Me\Local Settings\Application Data\hvylhsq.exe;C:\Documents and Settings\Me\Local Settings\Application Data\nlrddtpl.exe 2 0 0 Completed


ESET detected the following during a scan shortly after:

2/24/2012 5:02:53 PM Startup scanner file Operating memory C:\Documents and Settings\Me\Application Data\dplayx.dll a variant of Win32/Kryptik.ABIQ trojan cleaned by deleting (after the next restart) - quarantined
2/24/2012 5:02:51 PM Startup scanner file Operating memory C:\Documents and Settings\Me\Application Data\dplayx.dll probably a variant of Win32/Clemag.NAL trojan unable to clean
2/24/2012 5:02:50 PM Startup scanner file C:\Documents and Settings\Me\Application Data\dplaysvr.exe a variant of Win32/Kryptik.ABIQ trojan cleaned by deleting - quarantined
2/24/2012 4:34:53 PM Startup scanner file Operating memory C:\Documents and Settings\Me\Application Data\dplayx.dll probably a variant of Win32/Clemag.NAL trojan unable to clean
2/24/2012 3:54:17 PM Startup scanner file Operating memory C:\Documents and Settings\Me\Application Data\dplayx.dll probably a variant of Win32/Clemag.NAL trojan unable to clean



I then ran the ESET scan in safemode. Numerous files were quarantined that were infected with "Kryptik.ABIQ".

Next, I updated Malwarebytes'Anti-Maleware and ran a scan:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.25.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Me :: HOME-ILE2FLRC37 [administrator]

Protection: Enabled

2/24/2012 9:22:28 PM
mbam-log-2012-02-24 (21-22-28).txt

Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 183898
Time elapsed: 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I then ran ComboFix:

ComboFix 12-02-24.02 - Me 02/24/2012 22:00:44.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1442 [GMT -5:00]
Running from: c:\documents and settings\Me\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Me\Application Data\facemoods.com
c:\documents and settings\UpdatusUser.HOME-ILE2FLRC37\ntuser.tmp
c:\program files\UNWISE.EXE
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-25 to 2012-02-25 )))))))))))))))))))))))))))))))
.
.
2012-02-25 02:29 . 2012-02-25 02:29 -------- d-----w- c:\program files\Common Files\Java
2012-02-25 02:29 . 2012-02-25 02:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-25 01:57 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 17:56 . 2012-02-16 17:56 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2012-02-15 15:29 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 15:29 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 01:22 . 2012-02-15 01:22 -------- d-----w- c:\program files\iPod
2012-02-15 01:22 . 2012-02-15 01:22 -------- d-----w- c:\program files\iTunes
2012-02-06 03:38 . 2012-02-06 03:38 -------- d-----w- C:\temp
2012-02-06 02:51 . 2012-02-06 02:51 -------- d-----w- c:\program files\Common Files\Yahoo!
2012-02-06 02:51 . 2012-02-06 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Studio 12
2012-02-06 02:51 . 2012-02-06 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Plus
2012-02-06 02:27 . 2012-02-06 02:27 -------- d-----r- C:\Sandbox
2012-02-02 08:59 . 2002-11-05 20:16 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2012-02-02 08:59 . 2012-02-03 01:31 -------- d-----w- c:\program files\Acoustica Mixcraft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 02:29 . 2011-05-27 04:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-25 02:29 . 2011-02-02 03:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 16:53 . 2001-08-18 12:00 1859968 ------w- c:\windows\system32\win32k.sys
2011-12-27 04:08 . 2009-08-18 16:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-12-27 04:08 . 2009-08-18 16:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-17 19:46 . 2001-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2001-08-18 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2001-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-02-18 01:22 . 2011-12-20 18:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 442640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Me\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 09:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 04:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
2011-10-22 11:23 2366128 ----a-w- c:\fraps\fraps.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-12-20 22:44 136176 ----atw- c:\documents and settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hot Keyboard]
2011-08-04 21:21 1047208 ----a-w- c:\program files\Hot Keyboard Pro\HotKeyb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 22:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 19:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-10 13:28 13758464 ------w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-06-10 13:28 86016 ------w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-06-10 13:29 1657376 ------w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-10-14 23:58 20064872 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-01-13 15:41 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 15:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2011-11-28 12:36 4692296 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMP54Gv4SVC"=2 (0x2)
"TVersityMediaServer"=2 (0x2)
"NVSvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"nvUpdatusService"=2 (0x2)
"Steam Client Service"=3 (0x3)
"idsvc"=3 (0x3)
"Giraffic"=2 (0x2)
"MBAMService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Steam\\steamapps\\instinct9\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"8382:TCP"= 8382:TCP:League of Legends Launcher
"8382:UDP"= 8382:UDP:League of Legends Launcher
"8383:TCP"= 8383:TCP:League of Legends Launcher
"8383:UDP"= 8383:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6899:TCP"= 6899:TCP:League of Legends Launcher
"6899:UDP"= 6899:UDP:League of Legends Launcher
"58421:TCP"= 58421:TCP:Pando Media Booster
"58421:UDP"= 58421:UDP:Pando Media Booster
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8/4/2011 9:20 AM 118104]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [11/18/2011 4:57 PM 21992]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9/22/2011 12:03 PM 974944]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/28/2011 10:21 PM 10448]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [10/26/2011 2:24 AM 1720928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/28/2011 10:20 PM 1691480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/24/2012 8:57 PM 20464]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [12/16/2011 2:31 AM 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [12/16/2011 2:31 AM 11104]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2/1/2011 3:24 PM 14848]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [9/18/2011 10:01 PM 1511936]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/24/2012 8:57 PM 652360]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [11/15/2011 10:42 PM 2253120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ------w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1979792683-682003330-1004Core.job
- c:\documents and settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-20 22:44]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1979792683-682003330-1004UA.job
- c:\documents and settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-20 22:44]
.
2011-07-07 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2001-08-18 00:12]
.
2012-02-25 c:\windows\Tasks\User_Feed_Synchronization-{998F9893-9A88-42D4-A319-DFAB0D13CA6A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.ca/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: Assign &hot key - c:\program files\Hot Keyboard Pro\IEScript.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CFF94980-189D-42B8-967C-0F3CA935FF51}: NameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Me\Application Data\Mozilla\Firefox\Profiles\ky8zfqs0.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.ftp - 161.222.161.40
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 161.222.161.40
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 161.222.161.40
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 161.222.161.40
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 161.222.161.40
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Cm108Sound - cm108.cpl
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
MSConfigStartUp-RIMBBLaunchAgent - c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-24 22:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1220)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2012-02-24 22:05:32
ComboFix-quarantined-files.txt 2012-02-25 03:05
.
Pre-Run: 288,391,282,688 bytes free
Post-Run: 289,247,707,136 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 56215FF568CA165507CF148F39BC30C5


Then I ran tdsskiller to check for installed rootkits:

22:20:19.0234 1112 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
22:20:19.0546 1112 ============================================================
22:20:19.0546 1112 Current date / time: 2012/02/24 22:20:19.0546
22:20:19.0546 1112 SystemInfo:
22:20:19.0546 1112
22:20:19.0546 1112 OS Version: 5.1.2600 ServicePack: 3.0
22:20:19.0546 1112 Product type: Workstation
22:20:19.0546 1112 ComputerName: HOME-ILE2FLRC37
22:20:19.0546 1112 UserName: Me
22:20:19.0546 1112 Windows directory: C:\WINDOWS
22:20:19.0546 1112 System windows directory: C:\WINDOWS
22:20:19.0546 1112 Processor architecture: Intel x86
22:20:19.0546 1112 Number of processors: 2
22:20:19.0546 1112 Page size: 0x1000
22:20:19.0546 1112 Boot type: Normal boot
22:20:19.0546 1112 ============================================================
22:20:20.0984 1112 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000058
22:20:20.0984 1112 Drive \Device\Harddisk1\DR2 - Size: 0x3D800000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:20:20.0984 1112 \Device\Harddisk0\DR0:
22:20:20.0984 1112 MBR used
22:20:20.0984 1112 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384851
22:20:20.0984 1112 \Device\Harddisk1\DR2:
22:20:20.0984 1112 MBR used
22:20:20.0984 1112 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0x1EBFC0
22:20:21.0015 1112 Initialize success
22:20:21.0015 1112 ============================================================
22:20:28.0671 3480 ============================================================
22:20:28.0671 3480 Scan started
22:20:28.0671 3480 Mode: Manual;
22:20:28.0671 3480 ============================================================
22:20:28.0953 3480 Abiosdsk - ok
22:20:28.0968 3480 abp480n5 - ok
22:20:29.0000 3480 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:20:29.0000 3480 ACPI - ok
22:20:29.0031 3480 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:20:29.0031 3480 ACPIEC - ok
22:20:29.0046 3480 adpu160m - ok
22:20:29.0093 3480 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:20:29.0093 3480 aec - ok
22:20:29.0125 3480 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:20:29.0125 3480 AegisP - ok
22:20:29.0171 3480 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:20:29.0171 3480 AFD - ok
22:20:29.0171 3480 Aha154x - ok
22:20:29.0187 3480 aic78u2 - ok
22:20:29.0187 3480 aic78xx - ok
22:20:29.0187 3480 AliIde - ok
22:20:29.0250 3480 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
22:20:29.0250 3480 Ambfilt - ok
22:20:29.0265 3480 amsint - ok
22:20:29.0281 3480 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:20:29.0281 3480 Arp1394 - ok
22:20:29.0281 3480 asc - ok
22:20:29.0296 3480 asc3350p - ok
22:20:29.0296 3480 asc3550 - ok
22:20:29.0312 3480 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:20:29.0312 3480 AsyncMac - ok
22:20:29.0312 3480 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:20:29.0312 3480 atapi - ok
22:20:29.0328 3480 Atdisk - ok
22:20:29.0343 3480 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:20:29.0343 3480 Atmarpc - ok
22:20:29.0390 3480 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:20:29.0390 3480 audstub - ok
22:20:29.0390 3480 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:20:29.0390 3480 Beep - ok
22:20:29.0515 3480 catchme - ok
22:20:29.0546 3480 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:20:29.0546 3480 cbidf2k - ok
22:20:29.0562 3480 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:20:29.0562 3480 CCDECODE - ok
22:20:29.0578 3480 cd20xrnt - ok
22:20:29.0578 3480 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:20:29.0578 3480 Cdaudio - ok
22:20:29.0593 3480 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:20:29.0593 3480 Cdfs - ok
22:20:29.0609 3480 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:20:29.0609 3480 Cdrom - ok
22:20:29.0609 3480 Changer - ok
22:20:29.0625 3480 CmdIde - ok
22:20:29.0640 3480 Cpqarray - ok
22:20:29.0765 3480 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
22:20:29.0765 3480 cpuz135 - ok
22:20:29.0812 3480 dac2w2k - ok
22:20:29.0890 3480 dac960nt - ok
22:20:29.0968 3480 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:20:29.0968 3480 Disk - ok
22:20:30.0187 3480 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:20:30.0187 3480 dmboot - ok
22:20:30.0312 3480 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:20:30.0312 3480 dmio - ok
22:20:30.0406 3480 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:20:30.0406 3480 dmload - ok
22:20:30.0500 3480 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:20:30.0515 3480 DMusic - ok
22:20:30.0578 3480 dpti2o - ok
22:20:30.0687 3480 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:20:30.0687 3480 drmkaud - ok
22:20:30.0828 3480 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
22:20:30.0828 3480 eamon - ok
22:20:30.0906 3480 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
22:20:30.0906 3480 ehdrv - ok
22:20:31.0093 3480 epfw (5ba193ca0ae31209aaa39939ce6736b2) C:\WINDOWS\system32\DRIVERS\epfw.sys
22:20:31.0093 3480 epfw - ok
22:20:31.0187 3480 Epfwndis (75d3bcd3e0eded0ab0f96d9a10ff01c9) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
22:20:31.0187 3480 Epfwndis - ok
22:20:31.0281 3480 epfwtdi (dc64f26f35e32c9472bbf8acd84060d3) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
22:20:31.0281 3480 epfwtdi - ok
22:20:31.0343 3480 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:20:31.0343 3480 Fastfat - ok
22:20:31.0359 3480 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:20:31.0359 3480 Fdc - ok
22:20:31.0375 3480 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:20:31.0375 3480 Fips - ok
22:20:31.0390 3480 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:20:31.0390 3480 Flpydisk - ok
22:20:31.0406 3480 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:20:31.0406 3480 FltMgr - ok
22:20:31.0406 3480 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:20:31.0406 3480 Fs_Rec - ok
22:20:31.0421 3480 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:20:31.0421 3480 Ftdisk - ok
22:20:31.0437 3480 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:20:31.0437 3480 GEARAspiWDM - ok
22:20:31.0453 3480 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
22:20:31.0453 3480 giveio - ok
22:20:31.0484 3480 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:20:31.0484 3480 Gpc - ok
22:20:31.0515 3480 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
22:20:31.0515 3480 GTNDIS5 - ok
22:20:31.0515 3480 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:20:31.0515 3480 HDAudBus - ok
22:20:31.0546 3480 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:20:31.0546 3480 hidusb - ok
22:20:31.0562 3480 hpn - ok
22:20:31.0562 3480 hpt3xx - ok
22:20:31.0609 3480 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:20:31.0609 3480 HTTP - ok
22:20:31.0609 3480 i2omp - ok
22:20:31.0625 3480 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:20:31.0625 3480 i8042prt - ok
22:20:31.0640 3480 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:20:31.0640 3480 Imapi - ok
22:20:31.0640 3480 ini910u - ok
22:20:31.0781 3480 IntcAzAudAddService (58dabdef7a35f9e3ab1fabd2cbaf3d13) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:20:31.0812 3480 IntcAzAudAddService - ok
22:20:31.0828 3480 IntelIde - ok
22:20:31.0843 3480 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:20:31.0843 3480 intelppm - ok
22:20:31.0859 3480 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:20:31.0859 3480 ip6fw - ok
22:20:31.0890 3480 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:20:31.0890 3480 IpFilterDriver - ok
22:20:31.0890 3480 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:20:31.0890 3480 IpInIp - ok
22:20:31.0906 3480 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:20:31.0906 3480 IpNat - ok
22:20:31.0906 3480 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:20:31.0906 3480 IPSec - ok
22:20:31.0921 3480 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:20:31.0921 3480 IRENUM - ok
22:20:31.0921 3480 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:20:31.0921 3480 isapnp - ok
22:20:31.0937 3480 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:20:31.0937 3480 Kbdclass - ok
22:20:31.0953 3480 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:20:31.0953 3480 kbdhid - ok
22:20:32.0000 3480 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:20:32.0000 3480 kmixer - ok
22:20:32.0015 3480 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:20:32.0015 3480 KSecDD - ok
22:20:32.0046 3480 LBeepKE (c99ba72106a858cb8b521bb4c02c93ed) C:\WINDOWS\system32\Drivers\LBeepKE.sys
22:20:32.0046 3480 LBeepKE - ok
22:20:32.0046 3480 lbrtfdc - ok
22:20:32.0093 3480 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
22:20:32.0093 3480 LHidFilt - ok
22:20:32.0109 3480 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
22:20:32.0109 3480 LMouFilt - ok
22:20:32.0109 3480 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
22:20:32.0109 3480 MarvinBus - ok
22:20:32.0140 3480 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
22:20:32.0140 3480 MBAMProtector - ok
22:20:32.0171 3480 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:20:32.0171 3480 mnmdd - ok
22:20:32.0218 3480 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:20:32.0218 3480 Modem - ok
22:20:32.0281 3480 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
22:20:32.0281 3480 Monfilt - ok
22:20:32.0296 3480 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:20:32.0296 3480 Mouclass - ok
22:20:32.0328 3480 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:20:32.0328 3480 mouhid - ok
22:20:32.0359 3480 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:20:32.0359 3480 MountMgr - ok
22:20:32.0359 3480 mraid35x - ok
22:20:32.0375 3480 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:20:32.0375 3480 MRxDAV - ok
22:20:32.0390 3480 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:20:32.0406 3480 MRxSmb - ok
22:20:32.0406 3480 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:20:32.0406 3480 Msfs - ok
22:20:32.0437 3480 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:20:32.0437 3480 MSKSSRV - ok
22:20:32.0484 3480 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:20:32.0484 3480 MSPCLOCK - ok
22:20:32.0500 3480 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:20:32.0500 3480 MSPQM - ok
22:20:32.0515 3480 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:20:32.0515 3480 mssmbios - ok
22:20:32.0531 3480 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:20:32.0531 3480 MSTEE - ok
22:20:32.0546 3480 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:20:32.0546 3480 Mup - ok
22:20:32.0578 3480 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:20:32.0578 3480 NABTSFEC - ok
22:20:32.0593 3480 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:20:32.0593 3480 NDIS - ok
22:20:32.0625 3480 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:20:32.0625 3480 NdisIP - ok
22:20:32.0640 3480 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:20:32.0640 3480 NdisTapi - ok
22:20:32.0687 3480 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:20:32.0687 3480 Ndisuio - ok
22:20:32.0687 3480 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:20:32.0687 3480 NdisWan - ok
22:20:32.0734 3480 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:20:32.0734 3480 NDProxy - ok
22:20:32.0750 3480 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:20:32.0750 3480 NetBIOS - ok
22:20:32.0781 3480 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:20:32.0781 3480 NetBT - ok
22:20:32.0796 3480 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:20:32.0796 3480 NIC1394 - ok
22:20:32.0828 3480 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:20:32.0828 3480 Npfs - ok
22:20:32.0859 3480 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:20:32.0859 3480 Ntfs - ok
22:20:32.0906 3480 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
22:20:32.0906 3480 NuidFltr - ok
22:20:32.0921 3480 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:20:32.0921 3480 Null - ok
22:20:33.0078 3480 nv (bf506d232c5e6f2dae80f5c11b45c60e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:20:33.0109 3480 nv - ok
22:20:33.0140 3480 NVENETFD (85f2ffe9aa05487c7e48503b0c336d70) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
22:20:33.0140 3480 NVENETFD - ok
22:20:33.0156 3480 nvgts (619d8943725402d1179941fd58574cc8) C:\WINDOWS\system32\DRIVERS\nvgts.sys
22:20:33.0156 3480 nvgts - ok
22:20:33.0156 3480 nvnetbus (683ed64f70cb63c8ea84657e45a66974) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
22:20:33.0156 3480 nvnetbus - ok
22:20:33.0171 3480 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:20:33.0171 3480 NwlnkFlt - ok
22:20:33.0187 3480 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:20:33.0187 3480 NwlnkFwd - ok
22:20:33.0187 3480 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:20:33.0187 3480 ohci1394 - ok
22:20:33.0218 3480 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:20:33.0218 3480 Parport - ok
22:20:33.0218 3480 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:20:33.0218 3480 PartMgr - ok
22:20:33.0250 3480 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:20:33.0250 3480 ParVdm - ok
22:20:33.0265 3480 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:20:33.0265 3480 PCI - ok
22:20:33.0265 3480 PCIDump - ok
22:20:33.0281 3480 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:20:33.0281 3480 PCIIde - ok
22:20:33.0281 3480 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:20:33.0281 3480 Pcmcia - ok
22:20:33.0296 3480 PDCOMP - ok
22:20:33.0296 3480 PDFRAME - ok
22:20:33.0296 3480 PDRELI - ok
22:20:33.0312 3480 PDRFRAME - ok
22:20:33.0312 3480 perc2 - ok
22:20:33.0328 3480 perc2hib - ok
22:20:33.0343 3480 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:20:33.0343 3480 PptpMiniport - ok
22:20:33.0359 3480 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:20:33.0359 3480 Processor - ok
22:20:33.0375 3480 PROCEXP151 - ok
22:20:33.0375 3480 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:20:33.0375 3480 PSched - ok
22:20:33.0390 3480 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:20:33.0390 3480 Ptilink - ok
22:20:33.0421 3480 pwdrvio (81ac2b3fa0e3b4d7fa03d7463abe2094) C:\WINDOWS\system32\pwdrvio.sys
22:20:33.0421 3480 pwdrvio - ok
22:20:33.0437 3480 pwdspio (2d88214f6b54567eab0a6c42915aa600) C:\WINDOWS\system32\pwdspio.sys
22:20:33.0437 3480 pwdspio - ok
22:20:33.0437 3480 ql1080 - ok
22:20:33.0453 3480 Ql10wnt - ok
22:20:33.0453 3480 ql12160 - ok
22:20:33.0453 3480 ql1240 - ok
22:20:33.0468 3480 ql1280 - ok
22:20:33.0500 3480 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:20:33.0500 3480 RasAcd - ok
22:20:33.0500 3480 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:20:33.0500 3480 Rasl2tp - ok
22:20:33.0515 3480 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:20:33.0515 3480 RasPppoe - ok
22:20:33.0515 3480 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:20:33.0515 3480 Raspti - ok
22:20:33.0531 3480 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:20:33.0531 3480 Rdbss - ok
22:20:33.0546 3480 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:20:33.0546 3480 RDPCDD - ok
22:20:33.0593 3480 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:20:33.0593 3480 RDPWD - ok
22:20:33.0609 3480 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:20:33.0609 3480 redbook - ok
22:20:33.0640 3480 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
22:20:33.0640 3480 ROOTMODEM - ok
22:20:33.0703 3480 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
22:20:33.0703 3480 RT61 - ok
22:20:33.0765 3480 RT80x86 (4c1ab5be2a66f17ee939f8a02718d6d7) C:\WINDOWS\system32\DRIVERS\RT2860.sys
22:20:33.0781 3480 RT80x86 - ok
22:20:33.0890 3480 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:20:33.0890 3480 SASDIFSV - ok
22:20:33.0890 3480 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:20:33.0890 3480 SASKUTIL - ok
22:20:33.0937 3480 SbieDrv (3ab6cad1ddfa84cd7bc3d1a759b1e81e) C:\Program Files\Sandboxie\SbieDrv.sys
22:20:33.0937 3480 SbieDrv - ok
22:20:33.0953 3480 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:20:33.0953 3480 Secdrv - ok
22:20:33.0968 3480 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:20:33.0968 3480 serenum - ok
22:20:33.0968 3480 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:20:33.0968 3480 Serial - ok
22:20:34.0015 3480 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:20:34.0015 3480 Sfloppy - ok
22:20:34.0031 3480 Simbad - ok
22:20:34.0078 3480 SIUSBXP (bc9c2ef22ee0320c079e3ff9b4d29951) C:\WINDOWS\system32\drivers\SiUSBXp.sys
22:20:34.0078 3480 SIUSBXP - ok
22:20:34.0093 3480 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:20:34.0093 3480 SLIP - ok
22:20:34.0125 3480 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINDOWS\system32\DRIVERS\SMBios.sys
22:20:34.0125 3480 SMBios - ok
22:20:34.0125 3480 Sparrow - ok
22:20:34.0171 3480 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys
22:20:34.0171 3480 speedfan - ok
22:20:34.0218 3480 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:20:34.0218 3480 splitter - ok
22:20:34.0265 3480 sptd (f42efefb765235f24b24e1d2b6f99f46) C:\WINDOWS\System32\Drivers\sptd.sys
22:20:34.0265 3480 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: f42efefb765235f24b24e1d2b6f99f46
22:20:34.0265 3480 sptd ( LockedFile.Multi.Generic ) - warning
22:20:34.0265 3480 sptd - detected LockedFile.Multi.Generic (1)
22:20:34.0281 3480 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:20:34.0281 3480 sr - ok
22:20:34.0328 3480 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:20:34.0343 3480 Srv - ok
22:20:34.0343 3480 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:20:34.0343 3480 streamip - ok
22:20:34.0359 3480 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:20:34.0359 3480 swenum - ok
22:20:34.0390 3480 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:20:34.0390 3480 swmidi - ok
22:20:34.0390 3480 symc810 - ok
22:20:34.0390 3480 symc8xx - ok
22:20:34.0406 3480 sym_hi - ok
22:20:34.0406 3480 sym_u3 - ok
22:20:34.0453 3480 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:20:34.0453 3480 sysaudio - ok
22:20:34.0500 3480 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:20:34.0500 3480 Tcpip - ok
22:20:34.0531 3480 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:20:34.0531 3480 TDPIPE - ok
22:20:34.0531 3480 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:20:34.0531 3480 TDTCP - ok
22:20:34.0546 3480 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:20:34.0546 3480 TermDD - ok
22:20:34.0546 3480 TosIde - ok
22:20:34.0562 3480 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:20:34.0562 3480 Udfs - ok
22:20:34.0562 3480 ultra - ok
22:20:34.0578 3480 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:20:34.0578 3480 Update - ok
22:20:34.0625 3480 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:20:34.0625 3480 USBAAPL - ok
22:20:34.0656 3480 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:20:34.0656 3480 usbaudio - ok
22:20:34.0671 3480 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:20:34.0671 3480 usbccgp - ok
22:20:34.0687 3480 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:20:34.0687 3480 usbhub - ok
22:20:34.0687 3480 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:20:34.0687 3480 usbohci - ok
22:20:34.0750 3480 USBPNPA (284735a34fa673820a9ab6165d06104d) C:\WINDOWS\system32\drivers\CM108.sys
22:20:34.0765 3480 USBPNPA - ok
22:20:34.0781 3480 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:20:34.0781 3480 usbprint - ok
22:20:34.0796 3480 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:20:34.0796 3480 usbscan - ok
22:20:34.0828 3480 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:20:34.0828 3480 USBSTOR - ok
22:20:34.0843 3480 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:20:34.0843 3480 VgaSave - ok
22:20:34.0843 3480 ViaIde - ok
22:20:34.0859 3480 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:20:34.0859 3480 VolSnap - ok
22:20:34.0875 3480 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:20:34.0875 3480 Wanarp - ok
22:20:34.0921 3480 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:20:34.0921 3480 Wdf01000 - ok
22:20:34.0937 3480 WDICA - ok
22:20:34.0984 3480 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:20:34.0984 3480 wdmaud - ok
22:20:35.0031 3480 WISTechVIDCAP (e14fdc8f4fabbd55cac6f35192232371) C:\WINDOWS\system32\drivers\wisgostrm.sys
22:20:35.0031 3480 WISTechVIDCAP - ok
22:20:35.0078 3480 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:20:35.0078 3480 WS2IFSL - ok
22:20:35.0109 3480 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:20:35.0109 3480 WSTCODEC - ok
22:20:35.0125 3480 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:20:35.0125 3480 WudfPf - ok
22:20:35.0140 3480 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:20:35.0140 3480 WudfRd - ok
22:20:35.0171 3480 xusb21 (a640c90b007762939507c28a021be3b3) C:\WINDOWS\system32\DRIVERS\xusb21.sys
22:20:35.0171 3480 xusb21 - ok
22:20:35.0187 3480 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:20:35.0375 3480 \Device\Harddisk0\DR0 - ok
22:20:35.0406 3480 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR2
22:21:04.0765 3480 \Device\Harddisk1\DR2 - ok
22:21:04.0781 3480 Boot (0x1200) (897cb1b132eb258cc113a11e63628b06) \Device\Harddisk0\DR0\Partition0
22:21:04.0781 3480 \Device\Harddisk0\DR0\Partition0 - ok
22:21:04.0781 3480 Boot (0x1200) (f49e12eb09d31a5206eb37cd2b595739) \Device\Harddisk1\DR2\Partition0
22:21:04.0781 3480 \Device\Harddisk1\DR2\Partition0 - ok
22:21:04.0781 3480 ============================================================
22:21:04.0781 3480 Scan finished
22:21:04.0781 3480 ============================================================
22:21:04.0796 3416 Detected object count: 1
22:21:04.0796 3416 Actual detected object count: 1
22:27:03.0000 3416 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:27:03.0000 3416 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:27:28.0109 2944 ============================================================
22:27:28.0109 2944 Scan started
22:27:28.0109 2944 Mode: Manual; SigCheck; TDLFS;
22:27:28.0109 2944 ============================================================
22:27:28.0390 2944 Abiosdsk - ok
22:27:28.0390 2944 abp480n5 - ok
22:27:28.0437 2944 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:27:28.0656 2944 ACPI - ok
22:27:28.0687 2944 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:27:28.0750 2944 ACPIEC - ok
22:27:28.0765 2944 adpu160m - ok
22:27:28.0796 2944 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:27:28.0875 2944 aec - ok
22:27:28.0906 2944 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:27:28.0921 2944 AegisP ( UnsignedFile.Multi.Generic ) - warning
22:27:28.0921 2944 AegisP - detected UnsignedFile.Multi.Generic (1)
22:27:28.0953 2944 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:27:28.0968 2944 AFD - ok
22:27:28.0968 2944 Aha154x - ok
22:27:28.0968 2944 aic78u2 - ok
22:27:28.0984 2944 aic78xx - ok
22:27:28.0984 2944 AliIde - ok
22:27:29.0046 2944 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
22:27:29.0109 2944 Ambfilt - ok
22:27:29.0109 2944 amsint - ok
22:27:29.0156 2944 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:27:29.0218 2944 Arp1394 - ok
22:27:29.0234 2944 asc - ok
22:27:29.0234 2944 asc3350p - ok
22:27:29.0234 2944 asc3550 - ok
22:27:29.0250 2944 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:27:29.0312 2944 AsyncMac - ok
22:27:29.0328 2944 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:27:29.0390 2944 atapi - ok
22:27:29.0390 2944 Atdisk - ok
22:27:29.0437 2944 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:27:29.0500 2944 Atmarpc - ok
22:27:29.0531 2944 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:27:29.0593 2944 audstub - ok
22:27:29.0640 2944 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:27:29.0703 2944 Beep - ok
22:27:29.0828 2944 catchme - ok
22:27:29.0843 2944 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:27:29.0906 2944 cbidf2k - ok
22:27:29.0921 2944 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:27:30.0000 2944 CCDECODE - ok
22:27:30.0015 2944 cd20xrnt - ok
22:27:30.0031 2944 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:27:30.0093 2944 Cdaudio - ok
22:27:30.0125 2944 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:27:30.0203 2944 Cdfs - ok
22:27:30.0218 2944 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:27:30.0281 2944 Cdrom - ok
22:27:30.0296 2944 Changer - ok
22:27:30.0296 2944 CmdIde - ok
22:27:30.0312 2944 Cpqarray - ok
22:27:30.0343 2944 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
22:27:30.0359 2944 cpuz135 - ok
22:27:30.0359 2944 dac2w2k - ok
22:27:30.0359 2944 dac960nt - ok
22:27:30.0375 2944 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:27:30.0437 2944 Disk - ok
22:27:30.0468 2944 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:27:30.0531 2944 dmboot - ok
22:27:30.0546 2944 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:27:30.0609 2944 dmio - ok
22:27:30.0625 2944 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:27:30.0687 2944 dmload - ok
22:27:30.0718 2944 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:27:30.0796 2944 DMusic - ok
22:27:30.0796 2944 dpti2o - ok
22:27:30.0812 2944 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:27:30.0859 2944 drmkaud - ok
22:27:30.0890 2944 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
22:27:30.0906 2944 eamon - ok
22:27:30.0921 2944 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
22:27:30.0937 2944 ehdrv - ok
22:27:30.0953 2944 epfw (5ba193ca0ae31209aaa39939ce6736b2) C:\WINDOWS\system32\DRIVERS\epfw.sys
22:27:30.0953 2944 epfw - ok
22:27:30.0968 2944 Epfwndis (75d3bcd3e0eded0ab0f96d9a10ff01c9) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
22:27:30.0968 2944 Epfwndis - ok
22:27:30.0984 2944 epfwtdi (dc64f26f35e32c9472bbf8acd84060d3) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
22:27:30.0984 2944 epfwtdi - ok
22:27:31.0015 2944 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:27:31.0093 2944 Fastfat - ok
22:27:31.0109 2944 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:27:31.0187 2944 Fdc - ok
22:27:31.0187 2944 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:27:31.0265 2944 Fips - ok
22:27:31.0281 2944 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:27:31.0343 2944 Flpydisk - ok
22:27:31.0359 2944 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:27:31.0421 2944 FltMgr - ok
22:27:31.0437 2944 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:27:31.0500 2944 Fs_Rec - ok
22:27:31.0546 2944 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:27:31.0609 2944 Ftdisk - ok
22:27:31.0640 2944 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:27:31.0640 2944 GEARAspiWDM - ok
22:27:31.0671 2944 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
22:27:31.0671 2944 giveio ( UnsignedFile.Multi.Generic ) - warning
22:27:31.0671 2944 giveio - detected UnsignedFile.Multi.Generic (1)
22:27:31.0703 2944 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:27:31.0765 2944 Gpc - ok
22:27:31.0796 2944 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
22:27:31.0812 2944 GTNDIS5 ( UnsignedFile.Multi.Generic ) - warning
22:27:31.0812 2944 GTNDIS5 - detected UnsignedFile.Multi.Generic (1)
22:27:31.0812 2944 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:27:31.0890 2944 HDAudBus - ok
22:27:31.0906 2944 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:27:31.0984 2944 hidusb - ok
22:27:31.0984 2944 hpn - ok
22:27:32.0000 2944 hpt3xx - ok
22:27:32.0046 2944 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:27:32.0078 2944 HTTP - ok
22:27:32.0093 2944 i2omp - ok
22:27:32.0109 2944 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:27:32.0187 2944 i8042prt - ok
22:27:32.0203 2944 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:27:32.0265 2944 Imapi - ok
22:27:32.0265 2944 ini910u - ok
22:27:32.0406 2944 IntcAzAudAddService (58dabdef7a35f9e3ab1fabd2cbaf3d13) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:27:32.0546 2944 IntcAzAudAddService - ok
22:27:32.0562 2944 IntelIde - ok
22:27:32.0593 2944 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:27:32.0656 2944 intelppm - ok
22:27:32.0671 2944 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:27:32.0750 2944 ip6fw - ok
22:27:32.0781 2944 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:27:32.0859 2944 IpFilterDriver - ok
22:27:32.0859 2944 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:27:32.0937 2944 IpInIp - ok
22:27:32.0953 2944 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:27:33.0015 2944 IpNat - ok
22:27:33.0031 2944 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:27:33.0093 2944 IPSec - ok
22:27:33.0093 2944 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:27:33.0140 2944 IRENUM - ok
22:27:33.0156 2944 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:27:33.0218 2944 isapnp - ok
22:27:33.0234 2944 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:27:33.0296 2944 Kbdclass - ok
22:27:33.0312 2944 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:27:33.0375 2944 kbdhid - ok
22:27:33.0421 2944 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:27:33.0484 2944 kmixer - ok
22:27:33.0500 2944 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:27:33.0531 2944 KSecDD - ok
22:27:33.0562 2944 LBeepKE (c99ba72106a858cb8b521bb4c02c93ed) C:\WINDOWS\system32\Drivers\LBeepKE.sys
22:27:33.0578 2944 LBeepKE - ok
22:27:33.0578 2944 lbrtfdc - ok
22:27:33.0625 2944 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
22:27:33.0625 2944 LHidFilt - ok
22:27:33.0640 2944 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
22:27:33.0640 2944 LMouFilt - ok
22:27:33.0656 2944 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
22:27:33.0671 2944 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
22:27:33.0671 2944 MarvinBus - detected UnsignedFile.Multi.Generic (1)
22:27:33.0703 2944 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
22:27:33.0718 2944 MBAMProtector - ok
22:27:33.0750 2944 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:27:33.0812 2944 mnmdd - ok
22:27:33.0859 2944 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:27:33.0921 2944 Modem - ok
22:27:33.0984 2944 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
22:27:34.0015 2944 Monfilt - ok
22:27:34.0046 2944 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:27:34.0109 2944 Mouclass - ok
22:27:34.0140 2944 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:27:34.0203 2944 mouhid - ok
22:27:34.0250 2944 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:27:34.0328 2944 MountMgr - ok
22:27:34.0328 2944 mraid35x - ok
22:27:34.0343 2944 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:27:34.0406 2944 MRxDAV - ok
22:27:34.0437 2944 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:27:34.0468 2944 MRxSmb - ok
22:27:34.0484 2944 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:27:34.0546 2944 Msfs - ok
22:27:34.0593 2944 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:27:34.0656 2944 MSKSSRV - ok
22:27:34.0703 2944 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:27:34.0765 2944 MSPCLOCK - ok
22:27:34.0781 2944 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:27:34.0859 2944 MSPQM - ok
22:27:34.0890 2944 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:27:34.0968 2944 mssmbios - ok
22:27:34.0984 2944 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:27:35.0062 2944 MSTEE - ok
22:27:35.0078 2944 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:27:35.0109 2944 Mup - ok
22:27:35.0140 2944 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:27:35.0203 2944 NABTSFEC - ok
22:27:35.0250 2944 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:27:35.0328 2944 NDIS - ok
22:27:35.0343 2944 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:27:35.0421 2944 NdisIP - ok
22:27:35.0453 2944 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:27:35.0468 2944 NdisTapi - ok
22:27:35.0515 2944 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:27:35.0578 2944 Ndisuio - ok
22:27:35.0578 2944 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:27:35.0640 2944 NdisWan - ok
22:27:35.0671 2944 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:27:35.0703 2944 NDProxy - ok
22:27:35.0750 2944 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:27:35.0812 2944 NetBIOS - ok
22:27:35.0828 2944 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:27:35.0890 2944 NetBT - ok
22:27:35.0906 2944 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:27:35.0968 2944 NIC1394 - ok
22:27:35.0984 2944 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:27:36.0062 2944 Npfs - ok
22:27:36.0078 2944 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:27:36.0140 2944 Ntfs - ok
22:27:36.0187 2944 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
22:27:36.0187 2944 NuidFltr - ok
22:27:36.0234 2944 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:27:36.0296 2944 Null - ok
22:27:36.0453 2944 nv (bf506d232c5e6f2dae80f5c11b45c60e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:27:36.0640 2944 nv - ok
22:27:36.0687 2944 NVENETFD (85f2ffe9aa05487c7e48503b0c336d70) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
22:27:36.0718 2944 NVENETFD - ok
22:27:36.0734 2944 nvgts (619d8943725402d1179941fd58574cc8) C:\WINDOWS\system32\DRIVERS\nvgts.sys
22:27:36.0750 2944 nvgts - ok
22:27:36.0781 2944 nvnetbus (683ed64f70cb63c8ea84657e45a66974) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
22:27:36.0812 2944 nvnetbus - ok
22:27:36.0843 2944 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:27:36.0921 2944 NwlnkFlt - ok
22:27:36.0921 2944 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:27:37.0000 2944 NwlnkFwd - ok
22:27:37.0031 2944 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:27:37.0093 2944 ohci1394 - ok
22:27:37.0109 2944 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:27:37.0187 2944 Parport - ok
22:27:37.0187 2944 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:27:37.0250 2944 PartMgr - ok
22:27:37.0296 2944 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:27:37.0343 2944 ParVdm - ok
22:27:37.0359 2944 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:27:37.0421 2944 PCI - ok
22:27:37.0437 2944 PCIDump - ok
22:27:37.0468 2944 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:27:37.0531 2944 PCIIde - ok
22:27:37.0531 2944 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:27:37.0593 2944 Pcmcia - ok
22:27:37.0593 2944 PDCOMP - ok
22:27:37.0609 2944 PDFRAME - ok
22:27:37.0609 2944 PDRELI - ok
22:27:37.0609 2944 PDRFRAME - ok
22:27:37.0625 2944 perc2 - ok
22:27:37.0625 2944 perc2hib - ok
22:27:37.0656 2944 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:27:37.0718 2944 PptpMiniport - ok
22:27:37.0718 2944 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:27:37.0796 2944 Processor - ok
22:27:37.0796 2944 PROCEXP151 - ok
22:27:37.0812 2944 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:27:37.0875 2944 PSched - ok
22:27:37.0906 2944 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:27:37.0984 2944 Ptilink - ok
22:27:38.0015 2944 pwdrvio (81ac2b3fa0e3b4d7fa03d7463abe2094) C:\WINDOWS\system32\pwdrvio.sys
22:27:38.0031 2944 pwdrvio - ok
22:27:38.0031 2944 pwdspio (2d88214f6b54567eab0a6c42915aa600) C:\WINDOWS\system32\pwdspio.sys
22:27:38.0046 2944 pwdspio - ok
22:27:38.0046 2944 ql1080 - ok
22:27:38.0062 2944 Ql10wnt - ok
22:27:38.0062 2944 ql12160 - ok
22:27:38.0062 2944 ql1240 - ok
22:27:38.0078 2944 ql1280 - ok
22:27:38.0093 2944 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:27:38.0156 2944 RasAcd - ok
22:27:38.0171 2944 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:27:38.0250 2944 Rasl2tp - ok
22:27:38.0265 2944 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:27:38.0312 2944 RasPppoe - ok
22:27:38.0328 2944 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:27:38.0390 2944 Raspti - ok
22:27:38.0406 2944 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:27:38.0484 2944 Rdbss - ok
22:27:38.0500 2944 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:27:38.0562 2944 RDPCDD - ok
22:27:38.0609 2944 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:27:38.0625 2944 RDPWD - ok
22:27:38.0640 2944 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:27:38.0718 2944 redbook - ok
22:27:38.0765 2944 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
22:27:38.0828 2944 ROOTMODEM - ok
22:27:38.0875 2944 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
22:27:38.0921 2944 RT61 - ok
22:27:38.0968 2944 RT80x86 (4c1ab5be2a66f17ee939f8a02718d6d7) C:\WINDOWS\system32\DRIVERS\RT2860.sys
22:27:39.0015 2944 RT80x86 - ok
22:27:39.0140 2944 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:27:39.0140 2944 SASDIFSV - ok
22:27:39.0156 2944 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:27:39.0171 2944 SASKUTIL - ok
22:27:39.0218 2944 SbieDrv (3ab6cad1ddfa84cd7bc3d1a759b1e81e) C:\Program Files\Sandboxie\SbieDrv.sys
22:27:39.0218 2944 SbieDrv - ok
22:27:39.0250 2944 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:27:39.0296 2944 Secdrv - ok
22:27:39.0296 2944 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:27:39.0375 2944 serenum - ok
22:27:39.0390 2944 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:27:39.0468 2944 Serial - ok
22:27:39.0500 2944 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:27:39.0562 2944 Sfloppy - ok
22:27:39.0578 2944 Simbad - ok
22:27:39.0625 2944 SIUSBXP (bc9c2ef22ee0320c079e3ff9b4d29951) C:\WINDOWS\system32\drivers\SiUSBXp.sys
22:27:39.0640 2944 SIUSBXP ( UnsignedFile.Multi.Generic ) - warning
22:27:39.0640 2944 SIUSBXP - detected UnsignedFile.Multi.Generic (1)
22:27:39.0656 2944 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:27:39.0718 2944 SLIP - ok
22:27:39.0750 2944 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINDOWS\system32\DRIVERS\SMBios.sys
22:27:39.0750 2944 SMBios ( UnsignedFile.Multi.Generic ) - warning
22:27:39.0750 2944 SMBios - detected UnsignedFile.Multi.Generic (1)
22:27:39.0765 2944 Sparrow - ok
22:27:39.0812 2944 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys
22:27:39.0812 2944 speedfan - ok
22:27:39.0859 2944 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:27:39.0921 2944 splitter - ok
22:27:39.0953 2944 sptd (f42efefb765235f24b24e1d2b6f99f46) C:\WINDOWS\System32\Drivers\sptd.sys
22:27:39.0953 2944 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: f42efefb765235f24b24e1d2b6f99f46
22:27:39.0953 2944 sptd ( LockedFile.Multi.Generic ) - warning
22:27:39.0953 2944 sptd - detected LockedFile.Multi.Generic (1)
22:27:39.0984 2944 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:27:40.0015 2944 sr - ok
22:27:40.0031 2944 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:27:40.0078 2944 Srv - ok
22:27:40.0093 2944 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:27:40.0171 2944 streamip - ok
22:27:40.0203 2944 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:27:40.0281 2944 swenum - ok
22:27:40.0312 2944 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:27:40.0390 2944 swmidi - ok
22:27:40.0390 2944 symc810 - ok
22:27:40.0406 2944 symc8xx - ok
22:27:40.0406 2944 sym_hi - ok
22:27:40.0406 2944 sym_u3 - ok
22:27:40.0453 2944 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:27:40.0531 2944 sysaudio - ok
22:27:40.0562 2944 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:27:40.0578 2944 Tcpip - ok
22:27:40.0593 2944 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:27:40.0656 2944 TDPIPE - ok
22:27:40.0687 2944 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:27:40.0765 2944 TDTCP - ok
22:27:40.0781 2944 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:27:40.0843 2944 TermDD - ok
22:27:40.0859 2944 TosIde - ok
22:27:40.0875 2944 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:27:40.0937 2944 Udfs - ok
22:27:40.0953 2944 ultra - ok
22:27:41.0000 2944 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:27:41.0078 2944 Update - ok
22:27:41.0109 2944 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:27:41.0156 2944 USBAAPL - ok
22:27:41.0187 2944 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:27:41.0250 2944 usbaudio - ok
22:27:41.0281 2944 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:27:41.0359 2944 usbccgp - ok
22:27:41.0359 2944 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:27:41.0437 2944 usbhub - ok
22:27:41.0468 2944 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:27:41.0531 2944 usbohci - ok
22:27:41.0593 2944 USBPNPA (284735a34fa673820a9ab6165d06104d) C:\WINDOWS\system32\drivers\CM108.sys
22:27:41.0625 2944 USBPNPA ( UnsignedFile.Multi.Generic ) - warning
22:27:41.0625 2944 USBPNPA - detected UnsignedFile.Multi.Generic (1)
22:27:41.0671 2944 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:27:41.0750 2944 usbprint - ok
22:27:41.0765 2944 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:27:41.0828 2944 usbscan - ok
22:27:41.0859 2944 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:27:41.0921 2944 USBSTOR - ok
22:27:41.0937 2944 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:27:42.0000 2944 VgaSave - ok
22:27:42.0000 2944 ViaIde - ok
22:27:42.0015 2944 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:27:42.0078 2944 VolSnap - ok
22:27:42.0093 2944 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:27:42.0156 2944 Wanarp - ok
22:27:42.0203 2944 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:27:42.0218 2944 Wdf01000 - ok
22:27:42.0218 2944 WDICA - ok
22:27:42.0281 2944 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:27:42.0343 2944 wdmaud - ok
22:27:42.0437 2944 WISTechVIDCAP (e14fdc8f4fabbd55cac6f35192232371) C:\WINDOWS\system32\drivers\wisgostrm.sys
22:27:42.0453 2944 WISTechVIDCAP - ok
22:27:42.0515 2944 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:27:42.0578 2944 WS2IFSL - ok
22:27:42.0609 2944 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:27:42.0671 2944 WSTCODEC - ok
22:27:42.0703 2944 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:27:42.0734 2944 WudfPf - ok
22:27:42.0750 2944 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:27:42.0750 2944 WudfRd - ok
22:27:42.0765 2944 xusb21 (a640c90b007762939507c28a021be3b3) C:\WINDOWS\system32\DRIVERS\xusb21.sys
22:27:42.0812 2944 xusb21 - ok
22:27:42.0828 2944 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:27:43.0062 2944 \Device\Harddisk0\DR0 - ok
22:27:43.0093 2944 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR2
22:28:12.0984 2944 \Device\Harddisk1\DR2 - ok
22:28:12.0984 2944 Boot (0x1200) (897cb1b132eb258cc113a11e63628b06) \Device\Harddisk0\DR0\Partition0
22:28:13.0000 2944 \Device\Harddisk0\DR0\Partition0 - ok
22:28:13.0000 2944 Boot (0x1200) (f49e12eb09d31a5206eb37cd2b595739) \Device\Harddisk1\DR2\Partition0
22:28:13.0000 2944 \Device\Harddisk1\DR2\Partition0 - ok
22:28:13.0000 2944 ============================================================
22:28:13.0000 2944 Scan finished
22:28:13.0000 2944 ============================================================
22:28:13.0109 2700 Detected object count: 8
22:28:13.0109 2700 Actual detected object count: 8
22:35:23.0796 2700 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:23.0796 2700 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:23.0796 2700 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:23.0796 2700 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:23.0796 2700 GTNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:23.0796 2700 GTNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:23.0796 2700 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:23.0796 2700 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:23.0796 2700 SIUSBXP ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:23.0796 2700 SIUSBXP ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:23.0796 2700 SMBios ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:23.0796 2700 SMBios ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:23.0796 2700 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:35:23.0796 2700 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:35:23.0796 2700 USBPNPA ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:23.0796 2700 USBPNPA ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:26.0531 3336 Deinitialize success


This followed by a SuperAntiSpyware Scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/25/2012 at 00:33 AM

Application Version : 4.48.1000

Core Rules Database Version : 8206
Trace Rules Database Version: 6018

Scan type : Complete Scan
Total Scan Time : 00:24:51

Memory items scanned : 449
Memory threats detected : 0
Registry items scanned : 7669
Registry threats detected : 0
File items scanned : 38743
File threats detected : 4

Adware.Tracking Cookie
.bizzclick.com [ C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]


It appears that everything has been quarantined but I would like confirmation. Thanks for the help.

Edited by boopme, 26 February 2012 - 06:38 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:10 PM

Posted 29 February 2012 - 03:56 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:10 PM

Posted 04 March 2012 - 03:27 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users