Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how to remove trojan horse crypt.aqlw


  • This topic is locked This topic is locked
20 replies to this topic

#1 member27

member27

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 04 March 2012 - 11:29 PM

I have been receiving AVG warnings about the "trojan horse crypt.aqlw" infection and its accompanying "sirefef". Is combo fix the only way to remove this? If so I need help. Thanks.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 05 March 2012 - 02:49 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 member27

member27
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 06 March 2012 - 12:47 PM

Thank you for your help!! Here is the log from DDS:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/24/2005 7:52:42 PM
System Uptime: 3/6/2012 12:18:33 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0K5547
Processor: Intel® Pentium® M processor 1.60GHz | Microprocessor | 798/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 52 GiB total, 5.708 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_PRAGMAPSETRDNYYM_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_PRAGMAPSETRDNYYM_XX
Service: PRAGMApsetrdnyym
.
==== System Restore Points ===================
.
RP424: 6/26/2011 7:24:27 PM - System Checkpoint
RP425: 6/26/2011 10:26:24 PM - Configured QuickSet
RP426: 7/3/2011 12:34:36 PM - Configured QuickSet
RP427: 7/3/2011 4:46:45 PM - Software Distribution Service 3.0
RP428: 7/3/2011 5:12:47 PM - Removed QuickSet
RP429: 7/5/2011 1:24:45 PM - System Checkpoint
RP430: 7/5/2011 6:41:03 PM - Installed QuickSet
RP431: 7/5/2011 6:53:04 PM - Restore Operation
RP432: 7/5/2011 7:09:14 PM - Restore Operation
RP433: 7/5/2011 7:22:26 PM - Restore Operation
RP434: 7/5/2011 7:44:39 PM - Software Distribution Service 3.0
RP435: 7/5/2011 9:59:50 PM - AfterWirelessFix&RestoreTo6-16-11
RP436: 7/5/2011 10:01:04 PM - Software Distribution Service 3.0
RP437: 7/6/2011 2:02:43 PM - Installed One-Click Export
RP438: 7/6/2011 2:07:01 PM - Removed One-Click Export
RP439: 7/6/2011 2:07:55 PM - Installed One-Click Export
RP440: 7/6/2011 2:10:28 PM - Removed One-Click Export
RP441: 7/6/2011 2:10:55 PM - Installed One-Click Export
RP442: 7/7/2011 2:13:06 PM - System Checkpoint
RP443: 7/11/2011 1:16:16 PM - System Checkpoint
RP444: 7/20/2011 3:57:10 PM - Software Distribution Service 3.0
RP445: 8/21/2011 11:29:30 PM - Software Distribution Service 3.0
RP446: 8/24/2011 11:39:12 AM - Software Distribution Service 3.0
RP447: 9/13/2011 7:26:55 AM - Software Distribution Service 3.0
RP448: 9/21/2011 10:24:30 AM - Software Distribution Service 3.0
RP449: 10/3/2011 11:46:11 PM - Installed AVG 2012
RP450: 10/3/2011 11:46:32 PM - Removed AVG 2011
RP451: 10/3/2011 11:47:10 PM - Installed AVG 2012
RP452: 10/3/2011 11:53:17 PM - Removed AVG 2011
RP453: 10/12/2011 11:31:06 AM - Software Distribution Service 3.0
RP454: 10/18/2011 11:59:00 PM - Software Distribution Service 3.0
RP455: 10/23/2011 11:38:23 AM - Software Distribution Service 3.0
RP456: 11/16/2011 9:00:34 AM - Software Distribution Service 3.0
RP457: 11/25/2011 9:26:45 PM - System Checkpoint
RP458: 12/26/2011 4:21:15 PM - Software Distribution Service 3.0
RP459: 12/26/2011 4:36:45 PM - Software Distribution Service 3.0
RP460: 1/11/2012 4:25:32 PM - System Checkpoint
RP461: 1/18/2012 10:27:45 AM - Software Distribution Service 3.0
RP462: 1/18/2012 11:15:37 AM - Software Distribution Service 3.0
RP463: 2/2/2012 7:46:01 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Active Disk
Ad-Aware SE Personal
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Advanced SystemCare 3
ALPS Touch Pad Driver
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
Apple Mobile Device Support
Apple Software Update
ArcSoft Camera Suite
Ashampoo Burning Studio 6 FREE
ATI Control Panel
ATI Display Driver
AVG 2012
Bonjour
Broadcom Management Programs 2
Canon iP4500 series
Canon iP4500 series User Registration
Canon My Printer
Canon PhotoRecord
Canon PowerShot A40 WIA Driver
Canon Utilities Easy-PhotoPrint EX
Canon Utilities PhotoStitch 3.1
Canon Utilities RAW Image Converter
Canon Utilities RemoteCapture 2.2
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
CDDRV_Installer
CEREC
CEREC 3D Help System
Conexant D110 MDC V.9x Modem
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
Dell System Restore
Digital Line Detect
Documents To Go
Easy Dental 2005
Easy Dental Patient Education
erLT
ESET Online Scanner v3
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Memories Disc
hp officejet 6100 series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp officejet 6100 series
Intel® PROSet/Wireless Software
Internet Explorer Default Page
IObit Malware Fighter
Iomega Automatic Backup
IomegaWare 4.0.3
iPod Updater 2004-11-15
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
KhalInstallWrapper
Learn2 Player (Uninstall Only)
ListPro
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
Logitech Registration
Logitech SetPoint
Macromedia Flash Player
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mIWA
mLogView
mMHouse
Modem Helper
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6.27)
mPfMgr
mPfWiz
mProSafe
mSCfg
MSN
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
mToolkit
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mWMI
mZConfig
NetWaiting
OfotoNow
OGA Notifier 2.0.0048.0
One-Click Export
Palm
Phanfare
Phanfare 2.0
PowerDVD 5.3
QuickBooks Pro 2005
QuickBooks Pro 2008
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
RealPlayer
Scholastic's I SPY Spooky Mansion Deluxe
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sentinel System Driver
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SplashID
Spybot - Search & Destroy 1.4
Spyware Doctor 6.0
SUPERAntiSpyware Free Edition
SupportSoft Assisted Service
Symantec pcAnywhere
The Ultimate Troubleshooter
U3Launcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VersaCheck 2004 Gold
Viewpoint Media Player
WebFldrs XP
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows XP Service Pack 3
WordPerfect Office 12
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
3/6/2012 12:29:02 PM, error: Service Control Manager [7023] - The Usbio service terminated with the following error: Access is denied.
3/6/2012 12:21:59 PM, error: Service Control Manager [7023] - The Cics.region2 service terminated with the following error: Access is denied.
3/6/2012 12:20:51 PM, error: Service Control Manager [7023] - The Wceusbsh service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:51 PM, error: Service Control Manager [7023] - The TPECioCtl service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:51 PM, error: Service Control Manager [7023] - The SE27obex service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:51 PM, error: Service Control Manager [7023] - The MxlW2k service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:51 PM, error: Service Control Manager [7023] - The Maplom service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:51 PM, error: Service Control Manager [7023] - The Aslm75 service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The W800bus service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The UPATC service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The Stylexpservice service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The Sprtsvc_dellsupportcenter service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The Si3132 service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The Oracleorahomepagingserver service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The OEM02Dev service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The NWUSBPort service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The Nvport service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The NtMtlFax service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The Mr7910 service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The Mindretrieve service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The GetPlusHelper service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The FINEPIX_PCC service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The Es1371 service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The Epsonbidirectionalservice service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The EPOWER service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The DKbFltr service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The Cam5603D service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The AVWLP_USB service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The Ashampoodefragservice service terminated with the following error: The specified module could not be found.
3/6/2012 12:20:50 PM, error: Service Control Manager [7023] - The Aniwzcsdservice service terminated with the following error: The specified module could not be found.
3/4/2012 9:48:33 PM, error: Service Control Manager [7023] - The NtMtlFax service terminated with the following error: Access is denied.
3/4/2012 9:33:33 PM, error: Service Control Manager [7023] - The UPATC service terminated with the following error: Access is denied.
3/4/2012 9:18:30 PM, error: Service Control Manager [7023] - The Stylexpservice service terminated with the following error: Access is denied.
3/4/2012 9:03:29 PM, error: Service Control Manager [7023] - The MxlW2k service terminated with the following error: Access is denied.
3/4/2012 9:01:01 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
3/4/2012 9:01:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
3/4/2012 8:48:26 PM, error: Service Control Manager [7023] - The Aslm75 service terminated with the following error: Access is denied.
3/4/2012 8:33:25 PM, error: Service Control Manager [7023] - The GetPlusHelper service terminated with the following error: Access is denied.
3/4/2012 8:18:23 PM, error: Service Control Manager [7023] - The DKbFltr service terminated with the following error: Access is denied.
3/4/2012 8:13:34 PM, error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).
3/4/2012 8:05:19 PM, error: Service Control Manager [7023] - The Mindretrieve service terminated with the following error: Access is denied.
3/4/2012 8:03:21 PM, error: Service Control Manager [7023] - The NWUSBPort service terminated with the following error: Access is denied.
3/4/2012 7:48:19 PM, error: Service Control Manager [7023] - The AVWLP_USB service terminated with the following error: Access is denied.
3/4/2012 7:33:19 PM, error: Service Control Manager [7023] - The Es1371 service terminated with the following error: Access is denied.
3/4/2012 7:18:24 PM, error: Service Control Manager [7023] - The Si3132 service terminated with the following error: Access is denied.
3/4/2012 7:03:06 PM, error: Service Control Manager [7023] - The Mr7910 service terminated with the following error: Access is denied.
3/4/2012 6:48:07 PM, error: Service Control Manager [7023] - The Maplom service terminated with the following error: Access is denied.
3/4/2012 6:33:02 PM, error: Service Control Manager [7023] - The EPOWER service terminated with the following error: Access is denied.
3/4/2012 6:18:05 PM, error: Service Control Manager [7023] - The Cam5603D service terminated with the following error: Access is denied.
3/4/2012 6:02:56 PM, error: Service Control Manager [7023] - The TPECioCtl service terminated with the following error: Access is denied.
3/4/2012 5:48:03 PM, error: Service Control Manager [7023] - The Epsonbidirectionalservice service terminated with the following error: Access is denied.
3/4/2012 5:32:36 PM, error: Service Control Manager [7023] - The Ashampoodefragservice service terminated with the following error: Access is denied.
3/4/2012 5:17:28 PM, error: Service Control Manager [7023] - The Sprtsvc_dellsupportcenter service terminated with the following error: Access is denied.
3/4/2012 5:16:28 PM, error: Service Control Manager [7023] - The Wceusbsh service terminated with the following error: Access is denied.
3/4/2012 5:08:33 PM, error: Service Control Manager [7023] - The Z800mdm service terminated with the following error: The specified module could not be found.
3/4/2012 5:08:33 PM, error: Service Control Manager [7023] - The Snareiis service terminated with the following error: The specified module could not be found.
3/4/2012 5:08:33 PM, error: Service Control Manager [7023] - The SaiClass service terminated with the following error: The specified module could not be found.
3/4/2012 5:08:33 PM, error: Service Control Manager [7023] - The Meiudf service terminated with the following error: The specified module could not be found.
3/4/2012 5:08:33 PM, error: Service Control Manager [7023] - The DivisCTP service terminated with the following error: The specified module could not be found.
3/4/2012 5:08:33 PM, error: Service Control Manager [7023] - The Bcm43xx service terminated with the following error: The specified module could not be found.
3/4/2012 5:02:56 PM, error: Service Control Manager [7023] - The SaiClass service terminated with the following error: Access is denied.
3/4/2012 4:47:56 PM, error: Service Control Manager [7023] - The Z800mdm service terminated with the following error: Access is denied.
3/4/2012 4:32:56 PM, error: Service Control Manager [7023] - The Bcm43xx service terminated with the following error: Access is denied.
3/4/2012 4:17:52 PM, error: Service Control Manager [7023] - The DivisCTP service terminated with the following error: Access is denied.
3/4/2012 4:02:51 PM, error: Service Control Manager [7023] - The Meiudf service terminated with the following error: Access is denied.
3/4/2012 4:01:52 PM, error: Service Control Manager [7023] - The Snareiis service terminated with the following error: Access is denied.
3/4/2012 4:01:12 PM, error: Service Control Manager [7023] - The XTrapD12 service terminated with the following error: The specified module could not be found.
3/4/2012 4:01:12 PM, error: Service Control Manager [7023] - The Wscsvc service terminated with the following error: The specified module could not be found.
3/4/2012 4:01:12 PM, error: Service Control Manager [7023] - The Swwd service terminated with the following error: The specified module could not be found.
3/4/2012 4:01:12 PM, error: Service Control Manager [7023] - The Ssfs0509 service terminated with the following error: The specified module could not be found.
3/4/2012 4:01:12 PM, error: Service Control Manager [7023] - The NWSIPX32 service terminated with the following error: The specified module could not be found.
3/4/2012 4:01:12 PM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
3/4/2012 4:01:12 PM, error: Service Control Manager [7023] - The Avcgbdr service terminated with the following error: The specified module could not be found.
3/4/2012 11:18:54 PM, error: Service Control Manager [7023] - The SE27obex service terminated with the following error: Access is denied.
3/4/2012 11:03:53 PM, error: Service Control Manager [7023] - The W800bus service terminated with the following error: Access is denied.
3/4/2012 11:01:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
3/4/2012 11:01:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
3/4/2012 10:48:51 PM, error: Service Control Manager [7023] - The OEM02Dev service terminated with the following error: Access is denied.
3/4/2012 10:33:55 PM, error: Service Control Manager [7023] - The Oracleorahomepagingserver service terminated with the following error: Access is denied.
3/4/2012 10:18:43 PM, error: Service Control Manager [7023] - The FINEPIX_PCC service terminated with the following error: Access is denied.
3/4/2012 10:03:32 PM, error: Service Control Manager [7023] - The Nvport service terminated with the following error: Access is denied.
3/4/2012 10:01:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
3/4/2012 10:01:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
3/2/2012 9:55:08 PM, error: Service Control Manager [7023] - The S116obex service terminated with the following error: Access is denied.
3/2/2012 11:10:47 PM, error: Service Control Manager [7023] - The Ssfs0509 service terminated with the following error: Access is denied.
3/2/2012 11:10:03 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
3/2/2012 10:55:45 PM, error: Service Control Manager [7023] - The NWSIPX32 service terminated with the following error: Access is denied.
3/2/2012 10:40:45 PM, error: Service Control Manager [7023] - The XTrapD12 service terminated with the following error: Access is denied.
3/2/2012 10:25:43 PM, error: Service Control Manager [7023] - The Wscsvc service terminated with the following error: Access is denied.
3/2/2012 10:10:39 PM, error: Service Control Manager [7023] - The Swwd service terminated with the following error: Access is denied.
3/2/2012 10:09:40 PM, error: Service Control Manager [7023] - The Avcgbdr service terminated with the following error: Access is denied.
3/2/2012 10:02:52 PM, error: Service Control Manager [7023] - The Aniwzcsdservice service terminated with the following error: Access is denied.
.
==== End Of File ===========================

Edited by member27, 06 March 2012 - 12:47 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 06 March 2012 - 01:20 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 member27

member27
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 06 March 2012 - 03:46 PM

I am running Combofix but it now seems stalled on Stage 32. The last completed stage is Stage 31. The Hard Drive light flashes very briefly every 4 seconds. Not sure what to do, or if the program is still doing anything. The computer was rebooted as per program instructions and proceeded to this point, but there is nothing on the screen other than the combofix window. It has been at least 10 minutes like this.

#6 member27

member27
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 06 March 2012 - 04:30 PM

Ended up restarting computer. Not sure if perhaps AVG 2012 (which was disabled) started back up again even though the computer was not fully booted up.
Finally finished at stage 50 after 2nd time around. LOG IS BELOW:
Is this thing finished/fixed? Also what does this Trojan Horse do while it is residing on the computer. What is or could be compromised? Thank you.


ComboFix 12-03-06.01 - Robert 03/06/2012 16:00:33.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1499 [GMT -5:00]
Running from: c:\documents and settings\Robert\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
c:\documents and settings\Robert\Application Data\OpenCloud Security
c:\documents and settings\Robert\Application Data\OpenCloud Security\ldr.ini
c:\documents and settings\Robert\Application Data\OpenCloud Security\OpenCloud Security.ico
c:\documents and settings\Robert\Local Settings\Temporary Internet Files\viewChanges.html
c:\documents and settings\Robert\My Documents\DPE.DUS
c:\documents and settings\Robert\My Documents\pub7E.tmp
c:\documents and settings\Robert\WINDOWS
c:\windows\system32\SET25D.tmp
c:\windows\system32\SET577.tmp
c:\windows\system32\setb5.tmp
c:\windows\system32\windrv.sys
c:\windows\Temp\_ex-68.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-05 02:01 . 2012-03-05 02:01 -------- d-----w- c:\documents and settings\Robert\Application Data\DriverCure
2012-03-05 02:01 . 2012-03-05 02:01 -------- d-----w- c:\documents and settings\Robert\Application Data\SpeedyPC Software
2012-03-05 02:00 . 2012-03-05 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-03-05 01:25 . 2012-03-05 01:25 1324 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2012-03-05 00:22 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-03-05 00:22 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\dllcache\redbook.sys
2012-02-06 04:23 . 2012-03-06 17:19 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-05-20 02:49 . 2004-09-13 21:33 155648 c:\program files\Apoint\bak\Apoint.exe
2007-10-21 22:05 . 2005-10-07 18:13 176128 c:\program files\Apoint\Apoint.exe
.
2004-01-07 06:01 . 2004-01-07 06:01 110592 c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe
.
2005-05-20 03:18 . 2005-02-07 13:43 606208 c:\program files\Dell\QuickSet\bak\quickset.exe
2007-10-21 22:30 . 2006-06-29 16:13 1032192 c:\program files\Dell\QuickSet\quickset.exe
.
2006-01-23 01:17 . 2005-03-11 18:04 126976 c:\program files\Ezdental\bak\SystemTray.exe
.
2004-10-30 19:59 . 2004-10-30 19:59 385024 c:\program files\Intel\Wireless\Bin\bak\ifrmewrk.exe
2007-02-21 15:17 . 2007-02-21 15:17 970752 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
2002-07-16 16:56 . 2002-07-16 14:55 32768 c:\program files\Iomega\DriveIcons\bak\deskup.exe
.
2002-07-16 16:56 . 2002-08-13 18:30 86016 c:\program files\Iomega\DriveIcons\bak\ImgIcon.exe
.
2002-10-15 14:32 . 2002-10-15 14:32 3014656 c:\program files\Iomega\Iomega Automatic Backup\bak\ibackup.exe
.
2007-07-31 22:44 . 2007-07-31 22:44 271672 c:\program files\iTunes\bak\iTunesHelper.exe
2008-11-20 18:20 . 2008-11-20 18:20 290088 c:\program files\iTunes\iTunesHelper.exe
.
2003-11-19 22:48 . 2003-11-19 22:48 32881 c:\program files\Java\j2re1.4.2_03\bin\bak\jusched.exe
.
2004-08-11 22:11 . 2004-10-13 16:24 1694208 c:\program files\Messenger\bak\msmsgs.exe
2008-09-07 22:46 . 2008-04-14 00:12 1695232 c:\program files\Messenger\msmsgs.exe
.
2005-10-21 02:18 . 2005-03-12 11:25 11776 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe
.
2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\qttask.exe
2008-11-04 15:30 . 2008-11-04 15:30 413696 c:\program files\QuickTime\QTTask.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-11 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"SiteAdvisor"="c:\program files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 36640]
"ATIPTA"="c:\program files\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2004-12-04 344064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2012-01-12 4453208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-5 813584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-27 01:56 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\winaw32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2005\\QBW32.EXE"=
"c:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBUpdate\\qbupdate.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Phanfare 2.0\\Phanfare.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 3:32 AM 32592]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/3/2009 1:10 PM 130936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 6:54 AM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 9:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 9:05 AM 74480]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [3/4/2012 8:13 PM 821592]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3/30/2011 4:17 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53 AM 16720]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 11:55 AM 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [6/17/2009 11:55 AM 10384]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [3/4/2012 8:14 PM 30368]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [3/4/2012 8:14 PM 16208]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/27/2009 12:51 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/27/2009 12:51 PM 135664]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 9:05 AM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/3/2009 1:10 PM 348752]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [3/4/2012 8:14 PM 246816]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
soma
APLMp50
usprserv
tifm21
lxcccustomerconnect
ooclevercacheagent
spupdsvc
sandradatasrv
ATIBTXBAR
mfcom
vetefile
MS1000
lxcf_device
buslogic
LKbdFlt2
UpdateCenterService
avpnnic
MailService
pfmodnt
tabletservice
imonitor
tgsrvc_smartagent
TPPWRIF
npkcrypt
schscnt
dnsexit
remotelyanywhere
tapeware
mpfp
F700isw
https-admserv61
Cardex
EL2000
vmodem
LMIRfsDriver
UVCFTR
hcwPP2
ssisvr32
AsDsm
knobserv
nvnforce
SE26mgmt
.
Contents of the 'Scheduled Tasks' folder
.
2009-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
2007-05-18 c:\windows\Tasks\FRU Task 2002-12-04 03:40ewlett-Packard2002-12-04 03:40p officejet 6100 series324C9EBEBB389A3CB37E16C7992E8342068F8B15159113053.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 23:40]
.
2011-12-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 17:02]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 17:50]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 17:50]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 10.0.0.5
FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\apn3qsri.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4db24153&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Answers: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51} - %profile%\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: McAfee SiteAdvisor: {1650a312-02bc-40ee-977e-83f158701739} - c:\program files\SiteAdvisor\6261\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-WinDefend
AddRemove-Ad-Aware SE Personal - c:\progra~1\Lavasoft\AD-AWA~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-06 16:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,e0,e7,93,e8,8e,44,43,bc,ca,db,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,e0,e7,93,e8,8e,44,43,bc,ca,db,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1140)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2012-03-06 16:22:31
ComboFix-quarantined-files.txt 2012-03-06 21:22
.
Pre-Run: 5,871,300,608 bytes free
Post-Run: 6,895,300,608 bytes free
.
- - End Of File - - 6B29A5B4ACF196547B1A4426ACD4BA52

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 06 March 2012 - 05:37 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
c:\program files\Apoint\bak
c:\program files\Common Files\Sonic\Update Manager\bak
c:\program files\Dell\QuickSet\bak
c:\program files\Ezdental\bak
c:\program files\Intel\Wireless\Bin\bak
c:\program files\Iomega\DriveIcons\bak
c:\program files\Iomega\Iomega Automatic Backup\bak
c:\program files\iTunes\bak
c:\program files\Java\j2re1.4.2_03\bin\bak
c:\program files\Messenger\bak
c:\program files\MUSICMATCH\Musicmatch Jukebox\bak
c:\program files\QuickTime\bak

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 member27

member27
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 06 March 2012 - 08:32 PM

I have had the following threat warning from AVG pop up when checking the forum:
FILE NAME:\32788R22FWJFW\Handle.3XE
THREAT NAME: TR/crypt.XPACKGen

I also had IOBit Malware Fighter put up a warning:
RISK REGISTRY MODIFY
Threat: Auto Run
KEY:C:\WINDOWS\system32\ctfmon.exe

I am not sure if things are back to normal yet.
Thank you

-------------------------
THIS IS THE COMBOFIX LOG:

ComboFix 12-03-06.01 - Robert 03/06/2012 19:43:36.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1417 [GMT -5:00]
Running from: c:\documents and settings\Robert\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Robert\Desktop\CFscript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Apoint\bak
c:\program files\Apoint\bak\Apoint.exe
c:\program files\Common Files\Sonic\Update Manager\bak
c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe
c:\program files\Dell\QuickSet\bak
c:\program files\Dell\QuickSet\bak\quickset.exe
c:\program files\Ezdental\bak
c:\program files\Ezdental\bak\SystemTray.exe
c:\program files\Intel\Wireless\Bin\bak
c:\program files\Intel\Wireless\Bin\bak\ifrmewrk.exe
c:\program files\Iomega\DriveIcons\bak
c:\program files\Iomega\DriveIcons\bak\deskup.exe
c:\program files\Iomega\DriveIcons\bak\ImgIcon.exe
c:\program files\Iomega\Iomega Automatic Backup\bak
c:\program files\Iomega\Iomega Automatic Backup\bak\ibackup.exe
c:\program files\iTunes\bak
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\Java\j2re1.4.2_03\bin\bak
c:\program files\Java\j2re1.4.2_03\bin\bak\jusched.exe
c:\program files\Messenger\bak
c:\program files\Messenger\bak\msmsgs.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\bak
c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe
c:\program files\QuickTime\bak
c:\program files\QuickTime\bak\qttask.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))
.
.
2012-03-05 02:01 . 2012-03-05 02:01 -------- d-----w- c:\documents and settings\Robert\Application Data\DriverCure
2012-03-05 02:01 . 2012-03-05 02:01 -------- d-----w- c:\documents and settings\Robert\Application Data\SpeedyPC Software
2012-03-05 02:00 . 2012-03-05 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-03-05 01:25 . 2012-03-05 01:25 1324 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2012-03-05 00:22 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-03-05 00:22 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\dllcache\redbook.sys
2012-02-06 04:23 . 2012-03-06 17:19 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-11 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"SiteAdvisor"="c:\program files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 36640]
"ATIPTA"="c:\program files\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2004-12-04 344064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2012-01-12 4453208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-5 813584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-27 01:56 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\winaw32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2005\\QBW32.EXE"=
"c:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBUpdate\\qbupdate.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Phanfare 2.0\\Phanfare.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 3:32 AM 32592]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/3/2009 1:10 PM 130936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 6:54 AM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 9:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 9:05 AM 74480]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [3/4/2012 8:13 PM 821592]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3/30/2011 4:17 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53 AM 16720]
R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [3/4/2012 8:14 PM 246816]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 11:55 AM 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [6/17/2009 11:55 AM 10384]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [3/4/2012 8:14 PM 30368]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [3/4/2012 8:14 PM 16208]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/27/2009 12:51 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/27/2009 12:51 PM 135664]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 9:05 AM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/3/2009 1:10 PM 348752]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
soma
APLMp50
usprserv
tifm21
lxcccustomerconnect
ooclevercacheagent
spupdsvc
sandradatasrv
ATIBTXBAR
mfcom
vetefile
MS1000
lxcf_device
buslogic
LKbdFlt2
UpdateCenterService
avpnnic
MailService
pfmodnt
tabletservice
imonitor
tgsrvc_smartagent
TPPWRIF
npkcrypt
schscnt
dnsexit
remotelyanywhere
tapeware
mpfp
F700isw
https-admserv61
Cardex
EL2000
vmodem
LMIRfsDriver
UVCFTR
hcwPP2
ssisvr32
AsDsm
knobserv
nvnforce
SE26mgmt
.
Contents of the 'Scheduled Tasks' folder
.
2009-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
2007-05-18 c:\windows\Tasks\FRU Task 2002-12-04 03:40ewlett-Packard2002-12-04 03:40p officejet 6100 series324C9EBEBB389A3CB37E16C7992E8342068F8B15159113053.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 23:40]
.
2011-12-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 17:02]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 17:50]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 17:50]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\apn3qsri.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4db24153&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Answers: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51} - %profile%\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: McAfee SiteAdvisor: {1650a312-02bc-40ee-977e-83f158701739} - c:\program files\SiteAdvisor\6261\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-06 20:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,e0,e7,93,e8,8e,44,43,bc,ca,db,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,e0,e7,93,e8,8e,44,43,bc,ca,db,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1148)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(2908)
c:\windows\system32\WININET.dll
c:\program files\SiteAdvisor\6253\saHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\AVG\AVG2012\avgui.exe
.
**************************************************************************
.
Completion time: 2012-03-06 20:13:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-07 01:12
ComboFix2.txt 2012-03-06 21:22
.
Pre-Run: 6,918,795,264 bytes free
Post-Run: 6,896,717,824 bytes free
.
- - End Of File - - 659F8D06C63589260927EB121631B66B

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 06 March 2012 - 09:11 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 7.1.0
Internet Explorer Default Page
Java 2 Runtime Environment, SE v1.4.2_03
Viewpoint Media Player
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 member27

member27
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 07 March 2012 - 09:14 PM

As I am typing this AVG is in the process of removing a Trojan Horse
File Name: c:\WINDOWS\system32\drivers\redbook.sys
Threat Name: Trojan horse BackDoor.Generic14.CEXN
Detected on Open

Is this related to the orginal infection? I am pretty sure that this was listed in the virus search before I ran combofix.
Are the IObit Malware warnings legit programs opening or not. I frankly do not know whether to allow or block these items and it happens each time the computer is turned on.
I am currently running Malwarebytes Anti-Malware Scan, It would not update, as I received an Error message each time I tried to update it (Error 732 (0,0). I will post the results of all this when it is complete but I need to know what is going on with these other Threat warnings from AVG. By the way, The Trojan horse Crypt.aqlw seems to have stopped but I am still receiving these other periodic threats.

Edited by member27, 07 March 2012 - 09:28 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 07 March 2012 - 09:42 PM

Greetings

don't let it remove it!!

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 member27

member27
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 07 March 2012 - 09:59 PM

AVG already removed the Trojan Horse (sorry). I downloaded a new up-to-date Malwarebytes and am re-running the scan (The first one came back clean). I still have Hijack This to run plus the ones from your last post. I will post the logs as soon as they are all completed. That will probably be tomorrow as the process is slow. Thank you.

#13 member27

member27
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 07 March 2012 - 10:12 PM

MBAM LOG:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.13.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Robert :: D8Z4KK71LAPTOP [administrator]

3/7/2012 9:50:15 PM
mbam-log-2012-03-07 (21-50-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195068
Time elapsed: 18 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE|7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I will post the remaining logs (HiJack This, TDSSkiller, and aswMBR ) as soon as they are ready.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 07 March 2012 - 10:28 PM

just post me the tdsskiller and aswmbr for now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 member27

member27
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 08 March 2012 - 08:19 AM

IMPORTANT. I HAVE 3 UNHEALED INFECTIONS AS PER AVG:
FILE: c:\System Volume Information\_restore{
46DE8921-1D39-44D2-A9E9-64119261F211}\RP458\A0123667.sys
INFECTION: Trojan horse BackDoor.Generic14.CEXN

PROCESS: c:\Windows\system32\svchost.exe

__________________________
BEFORE ANYTHING ELSE, PLEASE TELL ME WHAT IS GOING ON WITH THIS INFECTION. THIS WAS THE ONE THAT SUPPOSEDLY REMOVED SEVERAL HOURS AGO. IS THIS RELATED TO THE ORIGINAL PROBLEM? I ALSO NEED TO TELL THE AVG PROGRAM WHAT TO DO WITH THIS. IF AVG IS NOT REMOVING IT, OR IF IT KEEPS RETURNING, WHAT WILL REMOVE IT? THANKS.
___________________________________





MALWAREBYTES LOG (repeat posting of this):
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.13.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Robert :: D8Z4KK71LAPTOP [administrator]

3/7/2012 9:50:15 PM
mbam-log-2012-03-07 (21-50-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195068
Time elapsed: 18 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE|7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




HIJACK THIS LOG:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:14:55 PM, on 3/7/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240183392343
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: S116obex (MREMP50) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12093 bytes


------------------------------------
TDSSKILLER LOG:
22:16:36.0953 1164 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
22:16:37.0250 1164 ============================================================
22:16:37.0250 1164 Current date / time: 2012/03/07 22:16:37.0250
22:16:37.0250 1164 SystemInfo:
22:16:37.0250 1164
22:16:37.0250 1164 OS Version: 5.1.2600 ServicePack: 3.0
22:16:37.0250 1164 Product type: Workstation
22:16:37.0250 1164 ComputerName: D8Z4KK71LAPTOP
22:16:37.0250 1164 UserName: Robert
22:16:37.0250 1164 Windows directory: C:\WINDOWS
22:16:37.0250 1164 System windows directory: C:\WINDOWS
22:16:37.0250 1164 Processor architecture: Intel x86
22:16:37.0250 1164 Number of processors: 1
22:16:37.0250 1164 Page size: 0x1000
22:16:37.0250 1164 Boot type: Normal boot
22:16:37.0250 1164 ============================================================
22:16:44.0906 1164 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:16:44.0968 1164 \Device\Harddisk0\DR0:
22:16:44.0968 1164 MBR used
22:16:44.0968 1164 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x67FF584
22:16:45.0109 1164 Initialize success
22:16:45.0109 1164 ============================================================
22:16:47.0906 3984 ============================================================
22:16:47.0906 3984 Scan started
22:16:47.0906 3984 Mode: Manual;
22:16:47.0906 3984 ============================================================
22:16:49.0984 3984 Abiosdsk - ok
22:16:50.0125 3984 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:16:50.0125 3984 abp480n5 - ok
22:16:50.0312 3984 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:16:50.0312 3984 ACPI - ok
22:16:50.0468 3984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:16:50.0468 3984 ACPIEC - ok
22:16:50.0562 3984 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:16:50.0562 3984 adpu160m - ok
22:16:50.0703 3984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:16:50.0703 3984 aec - ok
22:16:50.0812 3984 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:16:50.0828 3984 AegisP - ok
22:16:53.0578 3984 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:16:53.0593 3984 AFD - ok
22:16:53.0890 3984 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
22:16:53.0890 3984 AFS2K - ok
22:16:54.0062 3984 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:16:54.0062 3984 agp440 - ok
22:16:54.0093 3984 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:16:54.0093 3984 agpCPQ - ok
22:16:54.0109 3984 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:16:54.0125 3984 Aha154x - ok
22:16:54.0140 3984 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:16:54.0140 3984 aic78u2 - ok
22:16:54.0156 3984 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:16:54.0171 3984 aic78xx - ok
22:16:54.0234 3984 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:16:54.0234 3984 AliIde - ok
22:16:54.0281 3984 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:16:54.0281 3984 alim1541 - ok
22:16:54.0312 3984 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:16:54.0312 3984 amdagp - ok
22:16:54.0406 3984 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:16:54.0421 3984 amsint - ok
22:16:54.0500 3984 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
22:16:54.0500 3984 ApfiltrService - ok
22:16:54.0609 3984 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
22:16:54.0609 3984 APPDRV - ok
22:16:54.0703 3984 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:16:54.0703 3984 Arp1394 - ok
22:16:54.0734 3984 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:16:54.0750 3984 asc - ok
22:16:54.0796 3984 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:16:54.0796 3984 asc3350p - ok
22:16:54.0859 3984 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:16:54.0859 3984 asc3550 - ok
22:16:54.0937 3984 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:16:54.0937 3984 AsyncMac - ok
22:16:55.0234 3984 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:16:55.0234 3984 atapi - ok
22:16:55.0375 3984 Atdisk - ok
22:16:55.0500 3984 ati2mtag (5b75176663f88e90f14a87e57b8562a4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:16:55.0531 3984 ati2mtag - ok
22:16:55.0671 3984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:16:55.0671 3984 Atmarpc - ok
22:16:55.0750 3984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:16:55.0765 3984 audstub - ok
22:16:56.0046 3984 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
22:16:56.0046 3984 AVGIDSDriver - ok
22:16:56.0140 3984 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
22:16:56.0140 3984 AVGIDSEH - ok
22:16:56.0281 3984 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
22:16:56.0296 3984 AVGIDSFilter - ok
22:16:56.0578 3984 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
22:16:56.0578 3984 AVGIDSShim - ok
22:16:56.0718 3984 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:16:56.0718 3984 Avgldx86 - ok
22:16:56.0812 3984 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:16:56.0828 3984 Avgmfx86 - ok
22:16:56.0968 3984 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:16:56.0968 3984 Avgrkx86 - ok
22:16:57.0046 3984 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:16:57.0046 3984 Avgtdix - ok
22:16:57.0187 3984 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
22:16:57.0203 3984 bcm4sbxp - ok
22:16:57.0250 3984 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:16:57.0250 3984 Beep - ok
22:16:57.0281 3984 bvrp_pci - ok
22:16:57.0296 3984 catchme - ok
22:16:57.0765 3984 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:16:57.0765 3984 cbidf - ok
22:16:57.0843 3984 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:16:57.0843 3984 cbidf2k - ok
22:16:57.0953 3984 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:16:57.0953 3984 cd20xrnt - ok
22:16:58.0125 3984 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:16:58.0140 3984 Cdaudio - ok
22:16:58.0234 3984 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:16:58.0234 3984 Cdfs - ok
22:16:58.0375 3984 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:16:58.0375 3984 Cdrom - ok
22:16:58.0515 3984 Changer - ok
22:16:58.0593 3984 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:16:58.0593 3984 CmBatt - ok
22:16:58.0718 3984 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:16:58.0718 3984 CmdIde - ok
22:16:58.0875 3984 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:16:58.0875 3984 Compbatt - ok
22:16:59.0078 3984 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:16:59.0078 3984 Cpqarray - ok
22:16:59.0406 3984 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:16:59.0406 3984 dac2w2k - ok
22:16:59.0609 3984 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:16:59.0609 3984 dac960nt - ok
22:16:59.0703 3984 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:16:59.0703 3984 Disk - ok
22:16:59.0906 3984 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:16:59.0921 3984 dmboot - ok
22:17:00.0031 3984 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:17:00.0031 3984 dmio - ok
22:17:00.0171 3984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:17:00.0171 3984 dmload - ok
22:17:00.0343 3984 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:17:00.0343 3984 DMusic - ok
22:17:00.0687 3984 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:17:00.0703 3984 dpti2o - ok
22:17:00.0765 3984 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:17:00.0765 3984 drmkaud - ok
22:17:00.0937 3984 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
22:17:00.0937 3984 drvmcdb - ok
22:17:01.0031 3984 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
22:17:01.0031 3984 drvnddm - ok
22:17:01.0078 3984 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:17:01.0078 3984 E100B - ok
22:17:01.0125 3984 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:17:01.0125 3984 Fastfat - ok
22:17:01.0171 3984 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:17:01.0171 3984 Fdc - ok
22:17:01.0609 3984 FileMonitor (9200a69413d69ab86add9bc81960be7b) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
22:17:01.0625 3984 FileMonitor - ok
22:17:01.0750 3984 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:17:01.0750 3984 Fips - ok
22:17:02.0156 3984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:17:02.0156 3984 Flpydisk - ok
22:17:02.0250 3984 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:17:02.0265 3984 FltMgr - ok
22:17:02.0328 3984 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:17:02.0328 3984 Fs_Rec - ok
22:17:02.0515 3984 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:17:02.0515 3984 Ftdisk - ok
22:17:02.0984 3984 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:17:03.0000 3984 GEARAspiWDM - ok
22:17:03.0093 3984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:17:03.0093 3984 Gpc - ok
22:17:03.0250 3984 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:17:03.0250 3984 HidUsb - ok
22:17:03.0500 3984 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:17:03.0515 3984 hpn - ok
22:17:03.0640 3984 HPZid412 (2a8a2aa68185b47632188f1a8be44170) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:17:03.0656 3984 HPZid412 - ok
22:17:03.0687 3984 HPZipr12 (0a520679b0ad3f438e88b746d0c5ba6c) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:17:03.0687 3984 HPZipr12 - ok
22:17:03.0796 3984 HPZius12 (1d53f2b2051a3fce2c8ef0e01b042e25) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:17:03.0796 3984 HPZius12 - ok
22:17:03.0953 3984 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
22:17:03.0953 3984 HSFHWICH - ok
22:17:04.0218 3984 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:17:04.0250 3984 HSF_DP - ok
22:17:04.0421 3984 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:17:04.0421 3984 HTTP - ok
22:17:04.0562 3984 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:17:04.0562 3984 i2omgmt - ok
22:17:04.0671 3984 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:17:04.0671 3984 i2omp - ok
22:17:04.0718 3984 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:17:04.0718 3984 i8042prt - ok
22:17:04.0781 3984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:17:04.0781 3984 Imapi - ok
22:17:04.0890 3984 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:17:04.0906 3984 ini910u - ok
22:17:05.0046 3984 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:17:05.0062 3984 IntelIde - ok
22:17:05.0140 3984 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:17:05.0140 3984 intelppm - ok
22:17:05.0375 3984 iomdisk (9d7069d72c0c72952f05e1688a5ae89d) C:\WINDOWS\system32\DRIVERS\iomdisk.sys
22:17:05.0390 3984 iomdisk - ok
22:17:05.0578 3984 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:17:05.0578 3984 Ip6Fw - ok
22:17:05.0765 3984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:17:05.0765 3984 IpFilterDriver - ok
22:17:07.0500 3984 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:17:07.0500 3984 IpInIp - ok
22:17:07.0671 3984 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:17:07.0671 3984 IpNat - ok
22:17:07.0765 3984 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:17:07.0765 3984 IPSec - ok
22:17:08.0015 3984 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:17:08.0015 3984 IRENUM - ok
22:17:08.0218 3984 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:17:08.0218 3984 isapnp - ok
22:17:08.0296 3984 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:17:08.0312 3984 Kbdclass - ok
22:17:08.0562 3984 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:17:08.0562 3984 kbdhid - ok
22:17:08.0609 3984 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:17:08.0609 3984 kmixer - ok
22:17:08.0875 3984 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:17:08.0890 3984 KSecDD - ok
22:17:08.0968 3984 lbrtfdc - ok
22:17:09.0062 3984 LEqdUsb (70035567754bed4e6ad353ca3f175127) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
22:17:09.0062 3984 LEqdUsb - ok
22:17:09.0156 3984 LHidEqd (32491b6bae0afad1d7a62c0ef0af4321) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
22:17:09.0171 3984 LHidEqd - ok
22:17:09.0296 3984 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
22:17:09.0312 3984 LHidFilt - ok
22:17:09.0484 3984 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
22:17:09.0484 3984 LMouFilt - ok
22:17:09.0609 3984 LUsbFilt (ca26e46ec8891058c9e10363df4e4650) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
22:17:09.0625 3984 LUsbFilt - ok
22:17:09.0953 3984 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:17:09.0953 3984 mdmxsdk - ok
22:17:10.0156 3984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:17:10.0156 3984 mnmdd - ok
22:17:10.0406 3984 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:17:10.0406 3984 Modem - ok
22:17:10.0593 3984 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:17:10.0593 3984 Mouclass - ok
22:17:10.0703 3984 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:17:10.0703 3984 mouhid - ok
22:17:11.0140 3984 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:17:11.0140 3984 MountMgr - ok
22:17:11.0328 3984 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:17:11.0328 3984 mraid35x - ok
22:17:11.0515 3984 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:17:11.0515 3984 MRxDAV - ok
22:17:11.0750 3984 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:17:11.0765 3984 MRxSmb - ok
22:17:11.0921 3984 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:17:11.0921 3984 Msfs - ok
22:17:12.0218 3984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:17:12.0218 3984 MSKSSRV - ok
22:17:12.0328 3984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:17:12.0343 3984 MSPCLOCK - ok
22:17:12.0453 3984 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:17:12.0453 3984 MSPQM - ok
22:17:12.0640 3984 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:17:12.0656 3984 mssmbios - ok
22:17:12.0921 3984 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:17:12.0921 3984 Mup - ok
22:17:13.0109 3984 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:17:13.0125 3984 NDIS - ok
22:17:13.0296 3984 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:17:13.0312 3984 NdisTapi - ok
22:17:13.0546 3984 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:17:13.0546 3984 Ndisuio - ok
22:17:14.0062 3984 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:17:14.0062 3984 NdisWan - ok
22:17:14.0187 3984 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:17:14.0203 3984 NDProxy - ok
22:17:14.0359 3984 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:17:14.0359 3984 NetBIOS - ok
22:17:14.0484 3984 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:17:14.0500 3984 NetBT - ok
22:17:14.0750 3984 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:17:14.0750 3984 NIC1394 - ok
22:17:15.0000 3984 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:17:15.0000 3984 Npfs - ok
22:17:15.0406 3984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:17:15.0406 3984 Ntfs - ok
22:17:15.0515 3984 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:17:15.0515 3984 Null - ok
22:17:15.0765 3984 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:17:15.0796 3984 nv - ok
22:17:16.0062 3984 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:17:16.0062 3984 NwlnkFlt - ok
22:17:16.0203 3984 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:17:16.0203 3984 NwlnkFwd - ok
22:17:16.0296 3984 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:17:16.0296 3984 ohci1394 - ok
22:17:16.0546 3984 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
22:17:16.0546 3984 omci - ok
22:17:16.0734 3984 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
22:17:16.0734 3984 PalmUSBD - ok
22:17:16.0875 3984 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:17:16.0875 3984 Parport - ok
22:17:17.0078 3984 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:17:17.0093 3984 PartMgr - ok
22:17:17.0265 3984 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:17:17.0265 3984 ParVdm - ok
22:17:17.0609 3984 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:17:17.0609 3984 PCI - ok
22:17:17.0640 3984 PCIDump - ok
22:17:17.0687 3984 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:17:17.0687 3984 PCIIde - ok
22:17:17.0718 3984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:17:17.0718 3984 Pcmcia - ok
22:17:17.0781 3984 PCTCore (aa9cfa67850893fbb168b9c4e4c86952) C:\WINDOWS\system32\drivers\PCTCore.sys
22:17:17.0781 3984 PCTCore - ok
22:17:17.0796 3984 PDCOMP - ok
22:17:17.0828 3984 PDFRAME - ok
22:17:17.0875 3984 PDRELI - ok
22:17:17.0890 3984 PDRFRAME - ok
22:17:17.0968 3984 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:17:17.0968 3984 perc2 - ok
22:17:18.0031 3984 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:17:18.0046 3984 perc2hib - ok
22:17:18.0218 3984 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:17:18.0218 3984 PptpMiniport - ok
22:17:18.0328 3984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:17:18.0328 3984 PSched - ok
22:17:18.0562 3984 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:17:18.0562 3984 Ptilink - ok
22:17:18.0656 3984 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:17:18.0656 3984 PxHelp20 - ok
22:17:18.0812 3984 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:17:18.0812 3984 ql1080 - ok
22:17:18.0906 3984 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:17:18.0906 3984 Ql10wnt - ok
22:17:19.0031 3984 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:17:19.0046 3984 ql12160 - ok
22:17:19.0140 3984 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:17:19.0140 3984 ql1240 - ok
22:17:19.0390 3984 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:17:19.0390 3984 ql1280 - ok
22:17:19.0562 3984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:17:19.0562 3984 RasAcd - ok
22:17:19.0703 3984 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:17:19.0718 3984 Rasl2tp - ok
22:17:19.0812 3984 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:17:19.0812 3984 RasPppoe - ok
22:17:19.0890 3984 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:17:19.0890 3984 Raspti - ok
22:17:20.0062 3984 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:17:20.0062 3984 Rdbss - ok
22:17:20.0093 3984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:17:20.0109 3984 RDPCDD - ok
22:17:20.0265 3984 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:17:20.0265 3984 rdpdr - ok
22:17:20.0500 3984 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:17:20.0500 3984 RDPWD - ok
22:17:21.0796 3984 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:17:21.0796 3984 redbook - ok
22:17:22.0140 3984 RegFilter (2ca761ce3abb7bbbb9c5519b2fb54f5e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
22:17:22.0140 3984 RegFilter - ok
22:17:22.0343 3984 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
22:17:22.0343 3984 s24trans - ok
22:17:22.0437 3984 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:17:22.0468 3984 SASDIFSV - ok
22:17:22.0531 3984 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
22:17:22.0531 3984 SASENUM - ok
22:17:22.0578 3984 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
22:17:22.0593 3984 SASKUTIL - ok
22:17:22.0781 3984 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
22:17:22.0796 3984 sdbus - ok
22:17:22.0890 3984 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:17:22.0890 3984 Secdrv - ok
22:17:23.0015 3984 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
22:17:23.0031 3984 Sentinel - ok
22:17:23.0187 3984 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:17:23.0187 3984 serenum - ok
22:17:23.0296 3984 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:17:23.0296 3984 Serial - ok
22:17:23.0406 3984 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:17:23.0406 3984 Sfloppy - ok
22:17:23.0578 3984 Simbad - ok
22:17:23.0765 3984 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:17:23.0765 3984 sisagp - ok
22:17:23.0984 3984 Sntnlusb (87f799c486302aceff098e067d481d9c) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
22:17:24.0000 3984 Sntnlusb - ok
22:17:24.0062 3984 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:17:24.0078 3984 Sparrow - ok
22:17:24.0234 3984 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:17:24.0234 3984 splitter - ok
22:17:24.0281 3984 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:17:24.0296 3984 sr - ok
22:17:24.0375 3984 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:17:24.0375 3984 Srv - ok
22:17:24.0484 3984 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
22:17:24.0484 3984 sscdbhk5 - ok
22:17:24.0562 3984 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
22:17:24.0562 3984 ssrtln - ok
22:17:24.0750 3984 STAC97 (25068674e358fd74bfa612f175c6721b) C:\WINDOWS\system32\drivers\STAC97.sys
22:17:24.0750 3984 STAC97 - ok
22:17:24.0875 3984 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
22:17:24.0890 3984 StillCam - ok
22:17:25.0031 3984 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:17:25.0046 3984 swenum - ok
22:17:25.0109 3984 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:17:25.0281 3984 swmidi - ok
22:17:25.0390 3984 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:17:25.0390 3984 symc810 - ok
22:17:25.0515 3984 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:17:25.0515 3984 symc8xx - ok
22:17:25.0750 3984 SymEvent (afdcf8008d0ffe23f42071c1540f35e7) C:\Program Files\Symantec\SYMEVENT.SYS
22:17:25.0750 3984 SymEvent - ok
22:17:25.0984 3984 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:17:26.0000 3984 sym_hi - ok
22:17:26.0093 3984 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:17:26.0109 3984 sym_u3 - ok
22:17:26.0234 3984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:17:26.0234 3984 sysaudio - ok
22:17:26.0343 3984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:17:26.0359 3984 Tcpip - ok
22:17:26.0515 3984 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:17:26.0515 3984 TDPIPE - ok
22:17:26.0625 3984 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:17:26.0640 3984 TDTCP - ok
22:17:26.0812 3984 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:17:26.0812 3984 TermDD - ok
22:17:26.0906 3984 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
22:17:26.0906 3984 tfsnboio - ok
22:17:27.0015 3984 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
22:17:27.0015 3984 tfsncofs - ok
22:17:27.0046 3984 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
22:17:27.0046 3984 tfsndrct - ok
22:17:27.0140 3984 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
22:17:27.0140 3984 tfsndres - ok
22:17:27.0265 3984 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
22:17:27.0265 3984 tfsnifs - ok
22:17:27.0312 3984 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
22:17:27.0312 3984 tfsnopio - ok
22:17:27.0375 3984 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
22:17:27.0375 3984 tfsnpool - ok
22:17:27.0515 3984 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
22:17:27.0531 3984 tfsnudf - ok
22:17:27.0562 3984 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
22:17:27.0562 3984 tfsnudfa - ok
22:17:27.0703 3984 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:17:27.0703 3984 TosIde - ok
22:17:27.0843 3984 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:17:27.0859 3984 Udfs - ok
22:17:28.0093 3984 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:17:28.0093 3984 ultra - ok
22:17:28.0171 3984 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:17:28.0171 3984 Update - ok
22:17:28.0562 3984 UrlFilter (62551ba687f1d0f582810cfa37384bb0) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
22:17:28.0562 3984 UrlFilter - ok
22:17:28.0875 3984 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:17:28.0875 3984 usbccgp - ok
22:17:28.0968 3984 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:17:28.0968 3984 usbehci - ok
22:17:29.0078 3984 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:17:29.0078 3984 usbhub - ok
22:17:29.0515 3984 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:17:29.0515 3984 usbprint - ok
22:17:29.0656 3984 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:17:29.0671 3984 usbscan - ok
22:17:29.0734 3984 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:17:29.0734 3984 USBSTOR - ok
22:17:29.0859 3984 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:17:29.0859 3984 usbuhci - ok
22:17:29.0937 3984 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:17:29.0937 3984 VgaSave - ok
22:17:29.0984 3984 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:17:29.0984 3984 viaagp - ok
22:17:30.0093 3984 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:17:30.0093 3984 ViaIde - ok
22:17:30.0187 3984 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:17:30.0203 3984 VolSnap - ok
22:17:30.0828 3984 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
22:17:30.0859 3984 w29n51 - ok
22:17:31.0046 3984 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:17:31.0046 3984 Wanarp - ok
22:17:31.0171 3984 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
22:17:31.0171 3984 wanatw - ok
22:17:31.0375 3984 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:17:31.0375 3984 Wdf01000 - ok
22:17:31.0437 3984 WDICA - ok
22:17:31.0546 3984 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:17:31.0546 3984 wdmaud - ok
22:17:32.0140 3984 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:17:32.0156 3984 winachsf - ok
22:17:32.0453 3984 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:17:32.0453 3984 WS2IFSL - ok
22:17:32.0515 3984 MBR (0x1B8) (ea478e71e39ae36bcf8908f8ee718fd3) \Device\Harddisk0\DR0
22:17:32.0593 3984 \Device\Harddisk0\DR0 - ok
22:17:32.0640 3984 Boot (0x1200) (62677808f1821ef608851f2af5bea15c) \Device\Harddisk0\DR0\Partition0
22:17:32.0640 3984 \Device\Harddisk0\DR0\Partition0 - ok
22:17:32.0640 3984 ============================================================
22:17:32.0640 3984 Scan finished
22:17:32.0640 3984 ============================================================
22:17:32.0656 1976 Detected object count: 0
22:17:32.0656 1976 Actual detected object count: 0
22:19:37.0156 1632 ============================================================
22:19:37.0156 1632 Scan started
22:19:37.0156 1632 Mode: Manual;
22:19:37.0156 1632 ============================================================
22:19:38.0609 1632 Abiosdsk - ok
22:19:38.0703 1632 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:19:38.0703 1632 abp480n5 - ok
22:19:38.0859 1632 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:19:38.0859 1632 ACPI - ok
22:19:38.0953 1632 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:19:38.0953 1632 ACPIEC - ok
22:19:39.0046 1632 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:19:39.0046 1632 adpu160m - ok
22:19:39.0125 1632 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:19:39.0125 1632 aec - ok
22:19:39.0203 1632 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:19:39.0218 1632 AegisP - ok
22:19:39.0328 1632 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:19:39.0328 1632 AFD - ok
22:19:39.0656 1632 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
22:19:39.0656 1632 AFS2K - ok
22:19:39.0718 1632 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:19:39.0718 1632 agp440 - ok
22:19:39.0812 1632 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:19:39.0812 1632 agpCPQ - ok
22:19:39.0843 1632 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:19:39.0843 1632 Aha154x - ok
22:19:39.0859 1632 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:19:39.0875 1632 aic78u2 - ok
22:19:39.0890 1632 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:19:39.0906 1632 aic78xx - ok
22:19:39.0984 1632 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:19:39.0984 1632 AliIde - ok
22:19:40.0031 1632 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:19:40.0031 1632 alim1541 - ok
22:19:40.0046 1632 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:19:40.0062 1632 amdagp - ok
22:19:40.0140 1632 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:19:40.0140 1632 amsint - ok
22:19:40.0203 1632 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
22:19:40.0218 1632 ApfiltrService - ok
22:19:40.0296 1632 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
22:19:40.0312 1632 APPDRV - ok
22:19:40.0375 1632 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:19:40.0390 1632 Arp1394 - ok
22:19:40.0421 1632 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:19:40.0421 1632 asc - ok
22:19:40.0484 1632 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:19:40.0484 1632 asc3350p - ok
22:19:40.0546 1632 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:19:40.0562 1632 asc3550 - ok
22:19:40.0671 1632 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:19:40.0671 1632 AsyncMac - ok
22:19:40.0859 1632 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:19:41.0000 1632 atapi - ok
22:19:41.0156 1632 Atdisk - ok
22:19:41.0484 1632 ati2mtag (5b75176663f88e90f14a87e57b8562a4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:19:41.0500 1632 ati2mtag - ok
22:19:41.0578 1632 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:19:41.0578 1632 Atmarpc - ok
22:19:41.0718 1632 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:19:41.0734 1632 audstub - ok
22:19:41.0812 1632 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
22:19:41.0812 1632 AVGIDSDriver - ok
22:19:41.0875 1632 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
22:19:41.0875 1632 AVGIDSEH - ok
22:19:42.0046 1632 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
22:19:42.0046 1632 AVGIDSFilter - ok
22:19:42.0125 1632 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
22:19:42.0125 1632 AVGIDSShim - ok
22:19:42.0281 1632 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:19:42.0296 1632 Avgldx86 - ok
22:19:42.0328 1632 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:19:42.0328 1632 Avgmfx86 - ok
22:19:42.0390 1632 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:19:42.0390 1632 Avgrkx86 - ok
22:19:42.0531 1632 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:19:42.0546 1632 Avgtdix - ok
22:19:42.0718 1632 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
22:19:42.0718 1632 bcm4sbxp - ok
22:19:42.0937 1632 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:19:42.0953 1632 Beep - ok
22:19:43.0062 1632 bvrp_pci - ok
22:19:43.0078 1632 catchme - ok
22:19:43.0218 1632 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:19:43.0218 1632 cbidf - ok
22:19:43.0296 1632 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:19:43.0296 1632 cbidf2k - ok
22:19:43.0406 1632 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:19:43.0406 1632 cd20xrnt - ok
22:19:43.0515 1632 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:19:43.0515 1632 Cdaudio - ok
22:19:43.0671 1632 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:19:43.0687 1632 Cdfs - ok
22:19:43.0765 1632 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:19:43.0765 1632 Cdrom - ok
22:19:44.0000 1632 Changer - ok
22:19:44.0078 1632 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:19:44.0078 1632 CmBatt - ok
22:19:44.0234 1632 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:19:44.0234 1632 CmdIde - ok
22:19:44.0343 1632 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:19:44.0359 1632 Compbatt - ok
22:19:44.0453 1632 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:19:44.0453 1632 Cpqarray - ok
22:19:44.0593 1632 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:19:44.0593 1632 dac2w2k - ok
22:19:44.0640 1632 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:19:44.0640 1632 dac960nt - ok
22:19:44.0718 1632 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:19:44.0718 1632 Disk - ok
22:19:44.0906 1632 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:19:44.0921 1632 dmboot - ok
22:19:45.0140 1632 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:19:45.0140 1632 dmio - ok
22:19:45.0203 1632 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:19:45.0218 1632 dmload - ok
22:19:45.0312 1632 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:19:45.0312 1632 DMusic - ok
22:19:45.0531 1632 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:19:45.0531 1632 dpti2o - ok
22:19:45.0578 1632 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:19:45.0578 1632 drmkaud - ok
22:19:45.0640 1632 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
22:19:45.0640 1632 drvmcdb - ok
22:19:45.0734 1632 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
22:19:45.0734 1632 drvnddm - ok
22:19:45.0828 1632 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:19:45.0828 1632 E100B - ok
22:19:46.0015 1632 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:19:46.0031 1632 Fastfat - ok
22:19:47.0546 1632 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:19:47.0546 1632 Fdc - ok
22:19:47.0984 1632 FileMonitor (9200a69413d69ab86add9bc81960be7b) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
22:19:47.0984 1632 FileMonitor - ok
22:19:48.0109 1632 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:19:48.0109 1632 Fips - ok
22:19:48.0171 1632 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:19:48.0187 1632 Flpydisk - ok
22:19:48.0343 1632 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:19:48.0343 1632 FltMgr - ok
22:19:48.0500 1632 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:19:48.0500 1632 Fs_Rec - ok
22:19:48.0796 1632 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:19:48.0812 1632 Ftdisk - ok
22:19:48.0937 1632 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:19:48.0937 1632 GEARAspiWDM - ok
22:19:49.0000 1632 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:19:49.0000 1632 Gpc - ok
22:19:49.0078 1632 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:19:49.0078 1632 HidUsb - ok
22:19:49.0171 1632 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:19:49.0171 1632 hpn - ok
22:19:49.0281 1632 HPZid412 (2a8a2aa68185b47632188f1a8be44170) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:19:49.0281 1632 HPZid412 - ok
22:19:49.0406 1632 HPZipr12 (0a520679b0ad3f438e88b746d0c5ba6c) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:19:49.0406 1632 HPZipr12 - ok
22:19:49.0546 1632 HPZius12 (1d53f2b2051a3fce2c8ef0e01b042e25) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:19:49.0546 1632 HPZius12 - ok
22:19:49.0765 1632 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
22:19:49.0765 1632 HSFHWICH - ok
22:19:50.0000 1632 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:19:50.0015 1632 HSF_DP - ok
22:19:50.0187 1632 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:19:50.0187 1632 HTTP - ok
22:19:50.0296 1632 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:19:50.0296 1632 i2omgmt - ok
22:19:50.0421 1632 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:19:50.0421 1632 i2omp - ok
22:19:50.0468 1632 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:19:50.0468 1632 i8042prt - ok
22:19:50.0546 1632 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:19:50.0546 1632 Imapi - ok
22:19:50.0687 1632 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:19:50.0687 1632 ini910u - ok
22:19:51.0015 1632 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:19:51.0031 1632 IntelIde - ok
22:19:51.0234 1632 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:19:51.0250 1632 intelppm - ok
22:19:51.0406 1632 iomdisk (9d7069d72c0c72952f05e1688a5ae89d) C:\WINDOWS\system32\DRIVERS\iomdisk.sys
22:19:51.0406 1632 iomdisk - ok
22:19:51.0578 1632 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:19:51.0578 1632 Ip6Fw - ok
22:19:51.0734 1632 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:19:51.0734 1632 IpFilterDriver - ok
22:19:51.0890 1632 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:19:51.0906 1632 IpInIp - ok
22:19:52.0125 1632 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:19:52.0140 1632 IpNat - ok
22:19:52.0296 1632 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:19:52.0312 1632 IPSec - ok
22:19:52.0500 1632 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:19:52.0500 1632 IRENUM - ok
22:19:52.0703 1632 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:19:52.0703 1632 isapnp - ok
22:19:52.0843 1632 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:19:52.0843 1632 Kbdclass - ok
22:19:53.0062 1632 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:19:53.0062 1632 kbdhid - ok
22:19:53.0218 1632 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:19:53.0218 1632 kmixer - ok
22:19:53.0375 1632 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:19:53.0375 1632 KSecDD - ok
22:19:53.0546 1632 lbrtfdc - ok
22:19:53.0718 1632 LEqdUsb (70035567754bed4e6ad353ca3f175127) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
22:19:53.0718 1632 LEqdUsb - ok
22:19:53.0906 1632 LHidEqd (32491b6bae0afad1d7a62c0ef0af4321) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
22:19:53.0906 1632 LHidEqd - ok
22:19:54.0093 1632 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
22:19:54.0093 1632 LHidFilt - ok
22:19:54.0265 1632 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
22:19:54.0281 1632 LMouFilt - ok
22:19:54.0437 1632 LUsbFilt (ca26e46ec8891058c9e10363df4e4650) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
22:19:54.0437 1632 LUsbFilt - ok
22:19:54.0609 1632 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:19:54.0609 1632 mdmxsdk - ok
22:19:54.0765 1632 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:19:54.0765 1632 mnmdd - ok
22:19:55.0109 1632 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:19:55.0109 1632 Modem - ok
22:19:55.0281 1632 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:19:55.0281 1632 Mouclass - ok
22:19:55.0484 1632 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:19:55.0484 1632 mouhid - ok
22:19:55.0718 1632 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:19:55.0718 1632 MountMgr - ok
22:19:56.0031 1632 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:19:56.0031 1632 mraid35x - ok
22:19:57.0234 1632 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:19:57.0234 1632 MRxDAV - ok
22:19:57.0453 1632 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:19:57.0453 1632 MRxSmb - ok
22:19:57.0593 1632 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:19:57.0593 1632 Msfs - ok
22:19:57.0687 1632 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:19:57.0687 1632 MSKSSRV - ok
22:19:57.0718 1632 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:19:57.0718 1632 MSPCLOCK - ok
22:19:57.0812 1632 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:19:57.0812 1632 MSPQM - ok
22:19:57.0890 1632 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:19:57.0906 1632 mssmbios - ok
22:19:57.0937 1632 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:19:57.0953 1632 Mup - ok
22:19:58.0062 1632 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:19:58.0062 1632 NDIS - ok
22:19:58.0234 1632 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:19:58.0234 1632 NdisTapi - ok
22:19:58.0328 1632 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:19:58.0328 1632 Ndisuio - ok
22:19:58.0421 1632 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:19:58.0421 1632 NdisWan - ok
22:19:58.0593 1632 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:19:58.0625 1632 NDProxy - ok
22:19:58.0765 1632 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:19:58.0781 1632 NetBIOS - ok
22:19:58.0828 1632 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:19:58.0828 1632 NetBT - ok
22:19:58.0968 1632 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:19:58.0968 1632 NIC1394 - ok
22:19:59.0015 1632 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:19:59.0015 1632 Npfs - ok
22:19:59.0187 1632 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:19:59.0203 1632 Ntfs - ok
22:19:59.0265 1632 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:19:59.0265 1632 Null - ok
22:19:59.0625 1632 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:19:59.0656 1632 nv - ok
22:19:59.0734 1632 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:19:59.0734 1632 NwlnkFlt - ok
22:19:59.0843 1632 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:19:59.0843 1632 NwlnkFwd - ok
22:19:59.0921 1632 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:19:59.0937 1632 ohci1394 - ok
22:20:00.0062 1632 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
22:20:00.0078 1632 omci - ok
22:20:00.0203 1632 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
22:20:00.0203 1632 PalmUSBD - ok
22:20:00.0296 1632 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:20:00.0296 1632 Parport - ok
22:20:00.0468 1632 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:20:00.0484 1632 PartMgr - ok
22:20:00.0640 1632 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:20:00.0640 1632 ParVdm - ok
22:20:00.0750 1632 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:20:00.0765 1632 PCI - ok
22:20:00.0812 1632 PCIDump - ok
22:20:00.0875 1632 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:20:00.0875 1632 PCIIde - ok
22:20:01.0015 1632 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:20:01.0015 1632 Pcmcia - ok
22:20:01.0093 1632 PCTCore (aa9cfa67850893fbb168b9c4e4c86952) C:\WINDOWS\system32\drivers\PCTCore.sys
22:20:01.0109 1632 PCTCore - ok
22:20:01.0171 1632 PDCOMP - ok
22:20:01.0265 1632 PDFRAME - ok
22:20:01.0390 1632 PDRELI - ok
22:20:01.0531 1632 PDRFRAME - ok
22:20:01.0562 1632 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:20:01.0562 1632 perc2 - ok
22:20:01.0625 1632 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:20:01.0625 1632 perc2hib - ok
22:20:01.0765 1632 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:20:01.0765 1632 PptpMiniport - ok
22:20:01.0875 1632 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:20:01.0875 1632 PSched - ok
22:20:01.0937 1632 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:20:01.0937 1632 Ptilink - ok
22:20:02.0062 1632 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:20:02.0062 1632 PxHelp20 - ok
22:20:02.0125 1632 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:20:02.0125 1632 ql1080 - ok
22:20:02.0218 1632 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:20:02.0218 1632 Ql10wnt - ok
22:20:02.0343 1632 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:20:02.0343 1632 ql12160 - ok
22:20:02.0593 1632 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:20:02.0609 1632 ql1240 - ok
22:20:02.0750 1632 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:20:02.0750 1632 ql1280 - ok
22:20:02.0843 1632 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:20:02.0843 1632 RasAcd - ok
22:20:02.0937 1632 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:20:02.0937 1632 Rasl2tp - ok
22:20:03.0015 1632 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:20:03.0015 1632 RasPppoe - ok
22:20:03.0156 1632 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:20:03.0156 1632 Raspti - ok
22:20:03.0343 1632 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:20:03.0359 1632 Rdbss - ok
22:20:03.0593 1632 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:20:03.0593 1632 RDPCDD - ok
22:20:03.0734 1632 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:20:03.0734 1632 rdpdr - ok
22:20:03.0875 1632 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:20:03.0875 1632 RDPWD - ok
22:20:03.0984 1632 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:20:04.0000 1632 redbook - ok
22:20:04.0359 1632 RegFilter (2ca761ce3abb7bbbb9c5519b2fb54f5e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
22:20:04.0359 1632 RegFilter - ok
22:20:04.0718 1632 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
22:20:04.0718 1632 s24trans - ok
22:20:04.0890 1632 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:20:04.0890 1632 SASDIFSV - ok
22:20:04.0937 1632 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
22:20:04.0937 1632 SASENUM - ok
22:20:04.0984 1632 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
22:20:04.0984 1632 SASKUTIL - ok
22:20:05.0265 1632 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
22:20:05.0265 1632 sdbus - ok
22:20:05.0359 1632 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:20:05.0359 1632 Secdrv - ok
22:20:05.0437 1632 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
22:20:05.0437 1632 Sentinel - ok
22:20:05.0578 1632 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:20:05.0578 1632 serenum - ok
22:20:05.0734 1632 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:20:05.0734 1632 Serial - ok
22:20:05.0859 1632 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:20:06.0000 1632 Sfloppy - ok
22:20:06.0078 1632 Simbad - ok
22:20:06.0296 1632 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:20:06.0296 1632 sisagp - ok
22:20:06.0468 1632 Sntnlusb (87f799c486302aceff098e067d481d9c) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
22:20:06.0468 1632 Sntnlusb - ok
22:20:06.0593 1632 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:20:06.0593 1632 Sparrow - ok
22:20:06.0734 1632 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:20:06.0734 1632 splitter - ok
22:20:06.0812 1632 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:20:06.0828 1632 sr - ok
22:20:06.0906 1632 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:20:06.0906 1632 Srv - ok
22:20:07.0031 1632 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
22:20:07.0031 1632 sscdbhk5 - ok
22:20:07.0062 1632 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
22:20:07.0078 1632 ssrtln - ok
22:20:07.0187 1632 STAC97 (25068674e358fd74bfa612f175c6721b) C:\WINDOWS\system32\drivers\STAC97.sys
22:20:07.0203 1632 STAC97 - ok
22:20:07.0390 1632 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
22:20:07.0390 1632 StillCam - ok
22:20:07.0593 1632 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:20:07.0593 1632 swenum - ok
22:20:07.0703 1632 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:20:07.0703 1632 swmidi - ok
22:20:07.0859 1632 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:20:07.0859 1632 symc810 - ok
22:20:07.0968 1632 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:20:07.0968 1632 symc8xx - ok
22:20:08.0203 1632 SymEvent (afdcf8008d0ffe23f42071c1540f35e7) C:\Program Files\Symantec\SYMEVENT.SYS
22:20:08.0218 1632 SymEvent - ok
22:20:08.0281 1632 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:20:08.0281 1632 sym_hi - ok
22:20:08.0421 1632 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:20:08.0437 1632 sym_u3 - ok
22:20:08.0625 1632 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:20:08.0625 1632 sysaudio - ok
22:20:08.0796 1632 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:20:08.0796 1632 Tcpip - ok
22:20:08.0984 1632 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:20:08.0984 1632 TDPIPE - ok
22:20:09.0109 1632 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:20:09.0125 1632 TDTCP - ok
22:20:09.0281 1632 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:20:09.0281 1632 TermDD - ok
22:20:09.0531 1632 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
22:20:09.0531 1632 tfsnboio - ok
22:20:09.0625 1632 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
22:20:09.0640 1632 tfsncofs - ok
22:20:09.0796 1632 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
22:20:09.0796 1632 tfsndrct - ok
22:20:09.0984 1632 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
22:20:09.0984 1632 tfsndres - ok
22:20:10.0031 1632 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
22:20:10.0046 1632 tfsnifs - ok
22:20:10.0078 1632 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
22:20:10.0078 1632 tfsnopio - ok
22:20:10.0125 1632 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
22:20:10.0140 1632 tfsnpool - ok
22:20:10.0203 1632 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
22:20:10.0218 1632 tfsnudf - ok
22:20:10.0250 1632 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
22:20:10.0250 1632 tfsnudfa - ok
22:20:10.0453 1632 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:20:10.0453 1632 TosIde - ok
22:20:10.0578 1632 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:20:10.0593 1632 Udfs - ok
22:20:10.0656 1632 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:20:10.0671 1632 ultra - ok
22:20:10.0859 1632 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:20:11.0000 1632 Update - ok
22:20:12.0328 1632 UrlFilter (62551ba687f1d0f582810cfa37384bb0) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
22:20:12.0328 1632 UrlFilter - ok
22:20:12.0484 1632 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:20:12.0484 1632 usbccgp - ok
22:20:12.0656 1632 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:20:12.0656 1632 usbehci - ok
22:20:12.0828 1632 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:20:12.0828 1632 usbhub - ok
22:20:13.0093 1632 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:20:13.0093 1632 usbprint - ok
22:20:13.0218 1632 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:20:13.0234 1632 usbscan - ok
22:20:13.0453 1632 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:20:13.0453 1632 USBSTOR - ok
22:20:13.0609 1632 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:20:13.0609 1632 usbuhci - ok
22:20:13.0859 1632 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:20:13.0875 1632 VgaSave - ok
22:20:14.0046 1632 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:20:14.0046 1632 viaagp - ok
22:20:14.0281 1632 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:20:14.0281 1632 ViaIde - ok
22:20:14.0390 1632 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:20:14.0406 1632 VolSnap - ok
22:20:14.0906 1632 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
22:20:14.0953 1632 w29n51 - ok
22:20:15.0203 1632 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:20:15.0203 1632 Wanarp - ok
22:20:15.0359 1632 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
22:20:15.0375 1632 wanatw - ok
22:20:15.0500 1632 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:20:15.0515 1632 Wdf01000 - ok
22:20:15.0671 1632 WDICA - ok
22:20:15.0781 1632 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:20:15.0781 1632 wdmaud - ok
22:20:16.0015 1632 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:20:16.0031 1632 winachsf - ok
22:20:16.0203 1632 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:20:16.0203 1632 WS2IFSL - ok
22:20:16.0265 1632 MBR (0x1B8) (ea478e71e39ae36bcf8908f8ee718fd3) \Device\Harddisk0\DR0
22:20:16.0328 1632 \Device\Harddisk0\DR0 - ok
22:20:16.0375 1632 Boot (0x1200) (62677808f1821ef608851f2af5bea15c) \Device\Harddisk0\DR0\Partition0
22:20:16.0406 1632 \Device\Harddisk0\DR0\Partition0 - ok
22:20:16.0406 1632 ============================================================
22:20:16.0406 1632 Scan finished
22:20:16.0406 1632 ============================================================
22:20:16.0421 3584 Detected object count: 0
22:20:16.0421 3584 Actual detected object count: 0


-----------------------------
ASW LOG:
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-07 22:22:11
-----------------------------
22:22:11.625 OS Version: Windows 5.1.2600 Service Pack 3
22:22:11.625 Number of processors: 1 586 0xD08
22:22:11.625 ComputerName: D8Z4KK71LAPTOP UserName: Robert
22:22:13.796 Initialize success
22:27:24.125 AVAST engine defs: 12030701
22:27:41.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:27:41.437 Disk 0 Vendor: FUJITSU_MHT2060AT_PL 0022 Size: 57231MB BusType: 3
22:27:41.484 Disk 0 MBR read successfully
22:27:41.484 Disk 0 MBR scan
22:27:41.578 Disk 0 unknown MBR code
22:27:41.687 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 54 MB offset 63
22:27:41.734 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 53246 MB offset 112455
22:27:41.781 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3922 MB offset 109161675
22:27:41.843 Disk 0 scanning sectors +117194175
22:27:42.156 Disk 0 scanning C:\WINDOWS\system32\drivers
22:28:18.671 Service scanning
22:29:16.687 Modules scanning
22:29:31.875 Disk 0 trace - called modules:
22:29:31.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys iomdisk.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:29:31.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8c8ab8]
22:29:31.953 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a853d78]
22:29:31.953 5 iomdisk.sys[ba338bc3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a87dd98]
22:29:32.953 AVAST engine scan C:\WINDOWS
22:30:01.968 AVAST engine scan C:\WINDOWS\system32
22:39:35.375 AVAST engine scan C:\WINDOWS\system32\drivers
22:40:13.687 AVAST engine scan C:\Documents and Settings\Robert
23:26:39.265 AVAST engine scan C:\Documents and Settings\All Users
23:45:05.968 Scan finished successfully
07:59:24.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Robert\Desktop\MBR.dat"
07:59:24.640 The log file has been saved successfully to "C:\Documents and Settings\Robert\Desktop\aswMBR.txt"

Edited by member27, 08 March 2012 - 08:23 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users