TechSpot

Google won't open correct links

By sspsyc
Dec 23, 2011
  1. When trying to open a link from google, it sends me to a totally different web page. I think it may be extending to Wikipedia as well. It is happening in Safari, Firefox, IE, and Google Chrome.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. sspsyc

    sspsyc TS Rookie Topic Starter Posts: 29

    log from MBAM

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 911122205

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    23/12/2011 10:13:56 AM
    mbam-log-2011-12-23 (10-13-56).txt

    Scan type: Quick scan
    Objects scanned: 206996
    Time elapsed: 13 minute(s), 35 second(s)

    Memory Processes Infected: 2
    Memory Modules Infected: 1
    Registry Keys Infected: 2
    Registry Values Infected: 6
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 10

    Memory Processes Infected:
    c:\program files\common files\ArcSoft\connection service\Bin\acservice.exe (Trojan.PatchLoad) -> 2024 -> Unloaded process successfully.
    c:\Users\Leah\AppData\Roaming\dpapgraf.exe (Trojan.Agent.MVO) -> 3648 -> Unloaded process successfully.

    Memory Modules Infected:
    c:\programdata\Windows\msdr.dll (Trojan.Downloader.bh) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACDaemon (Trojan.PatchLoad) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887} (Trojan.Downloader.bh) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jusched (Trojan.Agent.MVO) -> Value: jusched -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dpapgraf.exe (Trojan.Agent.MVO) -> Value: dpapgraf.exe -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{E6595601-73B9-D849-0FDC-EEF58AB1291A} (Trojan.ZbotR.Gen) -> Value: {E6595601-73B9-D849-0FDC-EEF58AB1291A} -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{496ED063-7D84-AD7E-3F13-AB11014A880C} (Trojan.ZbotR.Gen) -> Value: {496ED063-7D84-AD7E-3F13-AB11014A880C} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\helpctrl.exe (Trojan.Agent.MVO) -> Value: helpctrl.exe -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\program files\common files\ArcSoft\connection service\Bin\acservice.exe (Trojan.PatchLoad) -> Quarantined and deleted successfully.
    c:\programdata\Windows\msdr.dll (Trojan.Downloader.bh) -> Quarantined and deleted successfully.
    c:\$RECYCLE.BIN\s-1-5-21-2194405111-3823188689-1545664750-1003\$RP4J4M3.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Leah\AppData\Local\Temp\0.24371585273919405.exe (Trojan.FakeCC) -> Quarantined and deleted successfully.
    c:\Users\Leah\AppData\Local\Temp\80dq587l.tmp\setup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Leah\AppData\Local\Temp\kn891d4p.tmp\downloadsetup (11).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Leah\local settings\application data\rkr.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
    c:\Users\Leah\AppData\Roaming\dpapgraf.exe (Trojan.Agent.MVO) -> Quarantined and deleted successfully.
    c:\Users\Leah\AppData\Roaming\Uckul\ydynno.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
    c:\programdata\helpctrl.exe (Trojan.Agent.MVO) -> Quarantined and deleted successfully.
     
  4. sspsyc

    sspsyc TS Rookie Topic Starter Posts: 29

    DDS.txt

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Leah at 10:49:36 on 2011-12-23
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.2044.988 [GMT 10:00]
    .
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Norton Utilities 14\RMTray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\Leah\AppData\Local\Akamai\netsession_win.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Leah\AppData\Local\Akamai\netsession_win.exe
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Safari\Safari.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\program files\avira\antivir desktop\avcenter.exe
    C:\Windows\system32\WerCon.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.au/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=91&bd=Presario&pf=cnnb
    mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    mDefault_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    mSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    uInternet Settings,ProxyOverride = *.local
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.3.6\IPSBHO.DLL
    BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [NortonUtilities] c:\program files\norton utilities 14\RMTray.exe /H
    uRun: [AdobeBridge]
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Akamai NetSession Interface] "c:\users\leah\appdata\local\akamai\netsession_win.exe"
    uRun: [\helpctrl.exe] c:\programdata\helpctrl.exe
    uRun: [\dpapgraf.exe] c:\users\leah\appdata\roaming\dpapgraf.exe
    uRun: [{E6595601-73B9-D849-0FDC-EEF58AB1291A}] c:\users\leah\appdata\roaming\uckul\ydynno.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
    mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
    mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [Yahoo Messenger]
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
    StartupFolder: c:\users\leah\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-au\local\search.html
    IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
    LSP: mswsock.dll
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-au.cab
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.warwick.ac.uk/newwebcam/AxisCamControl.ocx
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-au.cab
    TCP: DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{07866014-B361-449E-B9D3-18691E21F589} : DhcpNameServer = 123.200.191.17 123.200.191.18
    TCP: Interfaces\{7500193E-71FE-4BF8-B24A-C02C79F7EF0B} : DhcpNameServer = 123.200.191.17 123.200.191.18
    TCP: Interfaces\{8C7E7665-25E1-45F8-827D-BD2B4630227D} : DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{F6AA36DF-35CE-4EA1-AA2F-56D979241D5D} : DhcpNameServer = 10.0.0.1
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.3.6\CoIEPlg.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\leah\appdata\roaming\mozilla\firefox\profiles\us8cy4us.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
    FF - prefs.js: network.proxy.http - 206.210.225.240
    FF - prefs.js: network.proxy.http_port - 80
    FF - prefs.js: network.proxy.type - 1
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008030.006\SymEFA.sys [2011-10-11 310320]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-23 36000]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008030.006\BHDrvx86.sys [2011-10-11 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys [2011-10-11 467592]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110801.030\IDSvix86.sys [2011-8-2 367736]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-23 74640]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-12-21 793048]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-27 365952]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-27 193840]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-6-10 43040]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-23 86224]
    S2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-23 110032]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
    S2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.3.6\ccSvcHst.exe [2011-10-11 117648]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-3-15 112640]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-9 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2011-12-23 00:27:16 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-12-22 23:58:45 -------- d-----w- c:\users\leah\appdata\roaming\Avira
    2011-12-22 23:21:44 -------- d-----w- c:\users\leah\appdata\roaming\Malwarebytes
    2011-12-22 23:21:27 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-22 23:21:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-22 23:21:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-22 23:15:24 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-12-22 23:15:24 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2011-12-22 23:15:18 -------- d-----w- c:\programdata\Avira
    2011-12-22 23:15:18 -------- d-----w- c:\program files\Avira
    2011-12-21 02:39:34 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
    2011-12-21 02:39:33 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
    2011-12-21 02:39:29 -------- d-----w- c:\program files\common files\PC Tools
    2011-12-21 02:39:27 -------- d-----w- c:\program files\PC Tools Registry Mechanic
    2011-12-20 23:26:50 -------- d-----w- c:\programdata\DivX
    2011-12-18 07:50:05 -------- d--h--w- c:\programdata\Common Files
    2011-12-18 07:49:44 -------- d-----w- c:\programdata\MFAData
    2011-12-18 02:52:13 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2011-12-18 02:46:21 -------- d-sh--w- c:\users\leah\appdata\local\1cf6efbe
    2011-12-17 20:58:24 -------- d-----w- c:\users\leah\appdata\roaming\MediaWmplay
    2011-12-16 22:30:40 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{967eab1c-b051-433f-9fea-fd7e68ea8699}\mpengine.dll
    2011-12-15 23:45:06 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-15 23:45:06 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-12-15 23:45:04 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-15 23:45:02 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 23:45:01 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-12-15 23:44:53 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-15 23:42:53 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-10 23:27:22 -------- d-----w- c:\users\leah\appdata\roaming\Uckul
    2011-12-10 23:27:22 -------- d-----w- c:\users\leah\appdata\roaming\Doizwaq
    2011-12-04 07:38:21 -------- d-----w- c:\programdata\Windows
    2011-11-24 09:43:52 -------- d-----w- c:\users\leah\appdata\roaming\Ikbiby
    2011-11-24 09:43:52 -------- d-----w- c:\users\leah\appdata\roaming\Evfyw
    .
    ==================== Find3M ====================
    .
    2011-11-19 11:02:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-24 04:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 04:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-11 07:24:05 467592 ----a-w- c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys
    .
    ============= FINISH: 10:50:35.37 ===============
     
  5. sspsyc

    sspsyc TS Rookie Topic Starter Posts: 29

    Attach. txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/02/2009 8:25:11 PM
    System Uptime: 23/12/2011 10:33:22 AM (0 hours ago)
    .
    Motherboard: Wistron | | 3617
    Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 1200/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 287 GiB total, 158.253 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.847 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Photosmart C4500 series
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Photosmart C4500 series
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart C4500 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C4500 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Nokia 6500s-1
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia 6500s-1
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office system
    32 Bit HP CIO Components Installer
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Community Help
    Adobe Download Assistant
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader X (10.1.1)
    Adobe Shockwave Player
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    AOL Toolbar 5.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    Atheros Driver Installation Program
    Audacity 1.3.13 (Unicode)
    AutoUpdate
    Avira Free Antivirus
    Bing Bar
    BitComet 1.12
    Bonjour
    BufferChm
    Business Contact Manager for Outlook 2007 SP2
    C4580
    C4580_Help
    Cards_Calendar_OrderGift_DoMorePlugout
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Conexant HD Audio
    Copy
    CyberLink DVD Suite
    CyberLink YouCam
    D3DX10
    Destinations
    DeviceDiscovery
    DeviceManagementQFolder
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Setup
    DivX Version Checker
    DivX Web Player
    DJ_AIO_06_F2400_SW_Min
    DocProc
    DocProcQFolder
    doPDF 7.2 printer
    EPSON Printer Software
    ESU for Microsoft Vista
    F2400
    Feedback Tool
    Google Chrome
    Google Earth
    Google Quick Search Box
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService2
    Graboid Video 2.3
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Customer Participation Program 13.0
    HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
    HP Doc Viewer
    HP DVD Play 3.7
    HP Help and Support
    HP Imaging Device Functions 13.0
    HP Photosmart C4500 All-In-One Driver Software 11.0 Rel .4
    HP Photosmart Essential 2.5
    HP Photosmart Essential 3.0
    HP Print Projects 1.0
    HP Quick Launch Buttons 6.40 H2
    HP Smart Web Printing 4.60
    HP Solution Center 13.0
    HP Total Care Advisor
    HP Update
    HP User Guides 0118
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPNetworkAssistant
    HPPhotoGadget
    HPPhotoSmartPhotobookWebPack1
    hpPrintProjects
    HPProductAssistant
    HPSSupply
    HPTCSSetup
    hpWLPGInstaller
    iCloud
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) 6 Update 7
    Junk Mail filter update
    LabelPrint
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MarketResearch
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MobileMe Control Panel
    Mozilla Firefox 8.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Reveal
    My HP Games
    NetWaiting
    Network
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Norton Internet Security
    Norton Utilities
    NVIDIA Drivers
    OCR Software by I.R.I.S. 11.0
    OGA Notifier 2.0.0048.0
    PanoStandAlone
    PC Connectivity Solution
    PC Tools Registry Mechanic 11.0
    PDF Settings CS5
    Power2Go
    PowerDirector
    PS_AIO_04_C4580_ProductContext
    PS_AIO_04_C4580_Software
    PS_AIO_04_C4580_Software_Min
    PSSWCORE
    QuickTime
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Realtek USB 2.0 Card Reader
    Safari
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    Shop for HP Supplies
    Skype™ 5.3
    SmartWebPrinting
    SoftStylus
    SolutionCenter
    SPORE Creature Creator Trial Edition
    Status
    Synaptics Pointing Device Driver
    Toolbox
    TrayApp
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    VC80CRTRedist - 8.0.50727.6195
    VideoToolkit01
    Virgin Mobile
    VLC media player 1.0.1
    WebReg
    Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
    Windows Driver Package - Nokia Modem (02/15/2007 3.1)
    Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    23/12/2011 9:49:25 AM, Error: EventLog [6008] - The previous system shutdown at 9:46:32 AM on 23/12/2011 was unexpected.
    23/12/2011 9:17:18 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: Access is denied.
    23/12/2011 9:17:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    23/12/2011 7:29:14 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.0.0.2 for the Network Card with network address 00242B2B114C has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
    23/12/2011 7:27:36 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.0.0.2 with the system having network hardware address 00-1F-3A-53-18-32. Network operations on this system may be disrupted as a result.
    23/12/2011 10:37:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
    23/12/2011 10:37:00 AM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    23/12/2011 10:35:11 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
    23/12/2011 10:35:11 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    23/12/2011 10:35:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    23/12/2011 10:35:02 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    23/12/2011 10:35:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.
    23/12/2011 10:35:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Avira Scheduler service to connect.
    23/12/2011 10:35:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Avira Realtime Protection service to connect.
    23/12/2011 10:35:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
    23/12/2011 10:35:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
    23/12/2011 10:35:02 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    23/12/2011 10:35:02 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    23/12/2011 10:35:02 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    23/12/2011 10:35:02 AM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: Norton Internet Security is not a valid Win32 application.
    23/12/2011 10:35:02 AM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    23/12/2011 10:35:02 AM, Error: Service Control Manager [7000] - The Avira Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    23/12/2011 10:35:02 AM, Error: Service Control Manager [7000] - The Avira Realtime Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    23/12/2011 10:35:02 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    23/12/2011 10:35:01 AM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
    23/12/2011 10:33:51 AM, Error: EventLog [6008] - The previous system shutdown at 10:31:09 AM on 23/12/2011 was unexpected.
    23/12/2011 10:13:56 AM, Error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s).
    21/12/2011 8:35:02 AM, Error: EventLog [6008] - The previous system shutdown at 1:01:16 PM on 20/12/2011 was unexpected.
    21/12/2011 4:56:52 PM, Error: EventLog [6008] - The previous system shutdown at 4:54:01 PM on 21/12/2011 was unexpected.
    21/12/2011 3:03:40 PM, Error: EventLog [6008] - The previous system shutdown at 3:00:45 PM on 21/12/2011 was unexpected.
    21/12/2011 12:33:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Office Source Engine service to connect.
    21/12/2011 12:33:50 PM, Error: Service Control Manager [7000] - The Office Source Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    21/12/2011 12:20:05 PM, Error: EventLog [6008] - The previous system shutdown at 10:15:40 AM on 21/12/2011 was unexpected.
    21/12/2011 10:09:04 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Ken-the-Koala\Leah SID (S-1-5-21-2194405111-3823188689-1545664750-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    20/12/2011 6:39:56 AM, Error: EventLog [6008] - The previous system shutdown at 6:38:26 AM on 20/12/2011 was unexpected.
    20/12/2011 6:13:59 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.0.0.3 for the Network Card with network address 00242B2B114C has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
    19/12/2011 8:10:58 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.0.0.4 for the Network Card with network address 00242B2B114C has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
    18/12/2011 7:02:49 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    18/12/2011 3:33:29 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {4991D34B-80A1-4291-83B6-3328366B9097} to the user Ken-the-Koala\Leah SID (S-1-5-21-2194405111-3823188689-1545664750-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    17/12/2011 8:12:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    17/12/2011 8:12:29 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    17/12/2011 8:05:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    I still need GMER log.
     
  7. sspsyc

    sspsyc TS Rookie Topic Starter Posts: 29

    oops sorry - Gmer

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-12-23 10:45:57
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT1 rev.13.01A13
    Running: xhsw3bg0.exe; Driver: C:\Users\Leah\AppData\Local\Temp\pwdirpod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:348] 8E3EEE40
    Thread System [4:352] 8E3EEE40
    Thread System [4:356] 872CD520
    Thread System [4:360] 872CD520

    ---- EOF - GMER 1.0.15 ----
     
  8. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  9. sspsyc

    sspsyc TS Rookie Topic Starter Posts: 29

    I have 2 logs, here is the first

    15:47:03.0012 5904 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
    15:47:04.0001 5904 ============================================================
    15:47:04.0001 5904 Current date / time: 2011/12/24 15:47:04.0001
    15:47:04.0001 5904 SystemInfo:
    15:47:04.0001 5904
    15:47:04.0001 5904 OS Version: 6.0.6002 ServicePack: 2.0
    15:47:04.0001 5904 Product type: Workstation
    15:47:04.0001 5904 ComputerName: KEN-THE-KOALA
    15:47:04.0001 5904 UserName: Leah
    15:47:04.0001 5904 Windows directory: C:\Windows
    15:47:04.0002 5904 System windows directory: C:\Windows
    15:47:04.0002 5904 Processor architecture: Intel x86
    15:47:04.0002 5904 Number of processors: 2
    15:47:04.0002 5904 Page size: 0x1000
    15:47:04.0002 5904 Boot type: Normal boot
    15:47:04.0002 5904 ============================================================
    15:47:07.0899 5904 Initialize success
    15:47:21.0874 5232 ============================================================
    15:47:21.0874 5232 Scan started
    15:47:21.0874 5232 Mode: Manual;
    15:47:21.0874 5232 ============================================================
    15:47:25.0845 5232 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    15:47:25.0851 5232 ACPI - ok
    15:47:25.0955 5232 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    15:47:25.0965 5232 adp94xx - ok
    15:47:25.0984 5232 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    15:47:25.0991 5232 adpahci - ok
    15:47:26.0028 5232 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    15:47:26.0031 5232 adpu160m - ok
    15:47:26.0047 5232 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    15:47:26.0051 5232 adpu320 - ok
    15:47:26.0121 5232 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    15:47:26.0129 5232 AFD - ok
    15:47:26.0178 5232 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    15:47:26.0183 5232 agp440 - ok
    15:47:26.0225 5232 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    15:47:26.0227 5232 aic78xx - ok
    15:47:26.0378 5232 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
    15:47:26.0378 5232 aliide - ok
    15:47:26.0418 5232 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    15:47:26.0422 5232 amdagp - ok
    15:47:26.0436 5232 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
    15:47:26.0436 5232 amdide - ok
    15:47:26.0480 5232 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    15:47:26.0483 5232 AmdK7 - ok
    15:47:26.0513 5232 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    15:47:26.0517 5232 AmdK8 - ok
    15:47:26.0694 5232 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    15:47:26.0696 5232 arc - ok
    15:47:26.0771 5232 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    15:47:26.0773 5232 arcsas - ok
    15:47:26.0813 5232 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    15:47:26.0816 5232 AsyncMac - ok
    15:47:26.0857 5232 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    15:47:26.0857 5232 atapi - ok
    15:47:26.0972 5232 athr (c8bb2e935a5d195692140e795ea9ac14) C:\Windows\system32\DRIVERS\athr.sys
    15:47:27.0094 5232 athr - ok
    15:47:27.0211 5232 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
    15:47:27.0212 5232 avgntflt - ok
    15:47:27.0586 5232 avipbb (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
    15:47:27.0588 5232 avipbb - ok
    15:47:27.0667 5232 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
    15:47:27.0668 5232 avkmgr - ok
    15:47:27.0913 5232 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    15:47:27.0914 5232 Beep - ok
    15:47:28.0724 5232 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\Windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys
    15:47:28.0727 5232 BHDrvx86 - ok
    15:47:28.0817 5232 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    15:47:28.0820 5232 blbdrive - ok
    15:47:28.0955 5232 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    15:47:28.0958 5232 bowser - ok
    15:47:29.0550 5232 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    15:47:29.0723 5232 BrFiltLo - ok
    15:47:29.0805 5232 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    15:47:29.0808 5232 BrFiltUp - ok
    15:47:31.0505 5232 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    15:47:31.0666 5232 Brserid - ok
    15:47:32.0094 5232 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    15:47:32.0097 5232 BrSerWdm - ok
    15:47:32.0360 5232 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    15:47:32.0362 5232 BrUsbMdm - ok
    15:47:32.0388 5232 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    15:47:32.0391 5232 BrUsbSer - ok
    15:47:32.0637 5232 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    15:47:32.0639 5232 BTHMODEM - ok
    15:47:32.0787 5232 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
    15:47:32.0789 5232 BVRPMPR5 - ok
    15:47:33.0667 5232 ccHP (3182b846490dc4d71fabd4a8cb6b73ea) C:\Windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys
    15:47:33.0672 5232 ccHP - ok
    15:47:34.0819 5232 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    15:47:34.0821 5232 cdfs - ok
    15:47:35.0687 5232 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    15:47:36.0582 5232 cdrom - ok
    15:47:38.0373 5232 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    15:47:38.0377 5232 circlass - ok
    15:47:38.0541 5232 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    15:47:38.0546 5232 CLFS - ok
    15:47:39.0197 5232 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    15:47:39.0198 5232 CmBatt - ok
    15:47:39.0320 5232 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
    15:47:39.0321 5232 cmdide - ok
    15:47:40.0964 5232 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\Windows\system32\drivers\CHDRT32.sys
    15:47:40.0969 5232 CnxtHdAudService - ok
    15:47:41.0105 5232 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    15:47:41.0105 5232 Compbatt - ok
    15:47:41.0463 5232 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    15:47:41.0464 5232 crcdisk - ok
    15:47:41.0540 5232 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    15:47:41.0543 5232 Crusoe - ok
    15:47:41.0667 5232 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    15:47:41.0670 5232 DfsC - ok
    15:47:41.0859 5232 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    15:47:41.0861 5232 disk - ok
    15:47:41.0986 5232 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    15:47:41.0991 5232 Dot4 - ok
    15:47:42.0054 5232 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    15:47:42.0057 5232 Dot4Print - ok
    15:47:42.0142 5232 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    15:47:42.0144 5232 dot4usb - ok
    15:47:42.0202 5232 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    15:47:42.0204 5232 drmkaud - ok
    15:47:42.0345 5232 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    15:47:42.0351 5232 DXGKrnl - ok
    15:47:42.0506 5232 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    15:47:42.0512 5232 E1G60 - ok
    15:47:42.0600 5232 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    15:47:42.0603 5232 Ecache - ok
    15:47:42.0709 5232 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    15:47:42.0713 5232 eeCtrl - ok
    15:47:42.0856 5232 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    15:47:42.0864 5232 elxstor - ok
    15:47:43.0580 5232 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    15:47:43.0583 5232 ErrDev - ok
    15:47:43.0703 5232 ewusbnet (1fc8c55255d197aa3a423624786d090c) C:\Windows\system32\DRIVERS\ewusbnet.sys
    15:47:43.0708 5232 ewusbnet - ok
    15:47:43.0831 5232 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    15:47:43.0837 5232 exfat - ok
    15:47:43.0897 5232 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    15:47:43.0902 5232 fastfat - ok
    15:47:43.0971 5232 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    15:47:43.0974 5232 fdc - ok
    15:47:44.0015 5232 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    15:47:44.0017 5232 FileInfo - ok
    15:47:44.0042 5232 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    15:47:44.0045 5232 Filetrace - ok
    15:47:44.0059 5232 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    15:47:44.0062 5232 flpydisk - ok
    15:47:44.0114 5232 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    15:47:44.0119 5232 FltMgr - ok
    15:47:44.0244 5232 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
    15:47:44.0247 5232 fssfltr - ok
    15:47:44.0322 5232 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    15:47:44.0323 5232 Fs_Rec - ok
    15:47:44.0345 5232 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    15:47:44.0349 5232 gagp30kx - ok
    15:47:44.0446 5232 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    15:47:44.0447 5232 GEARAspiWDM - ok
    15:47:44.0668 5232 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    15:47:44.0676 5232 HdAudAddService - ok
    15:47:44.0831 5232 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    15:47:44.0854 5232 HDAudBus - ok
    15:47:44.0967 5232 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    15:47:44.0970 5232 HidBth - ok
    15:47:45.0019 5232 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    15:47:45.0022 5232 HidIr - ok
    15:47:45.0350 5232 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
    15:47:45.0353 5232 HidUsb - ok
    15:47:45.0438 5232 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    15:47:45.0440 5232 HpCISSs - ok
    15:47:45.0604 5232 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    15:47:45.0605 5232 HpqKbFiltr - ok
    15:47:45.0831 5232 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    15:47:45.0877 5232 HSF_DPV - ok
    15:47:45.0972 5232 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    15:47:45.0978 5232 HSXHWAZL - ok
    15:47:46.0115 5232 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    15:47:46.0125 5232 HTTP - ok
    15:47:46.0304 5232 hwdatacard (0515065a3c7e8869dd01253e987c5bd1) C:\Windows\system32\DRIVERS\ewusbmdm.sys
    15:47:46.0308 5232 hwdatacard - ok
    15:47:46.0434 5232 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    15:47:46.0435 5232 i2omp - ok
    15:47:46.0587 5232 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    15:47:46.0589 5232 i8042prt - ok
    15:47:46.0733 5232 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    15:47:46.0739 5232 iaStorV - ok
    15:47:46.0893 5232 IDSVix86 (c15fcea5c150314489698b2571a5190d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110801.030\IDSvix86.sys
    15:47:46.0897 5232 IDSVix86 - ok
    15:47:46.0963 5232 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    15:47:46.0964 5232 iirsp - ok
    15:47:47.0161 5232 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
    15:47:47.0162 5232 intelide - ok
    15:47:47.0268 5232 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    15:47:47.0269 5232 intelppm - ok
    15:47:47.0530 5232 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:47:47.0576 5232 IpFilterDriver - ok
    15:47:48.0060 5232 IpInIp - ok
    15:47:48.0640 5232 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    15:47:48.0708 5232 IPMIDRV - ok
    15:47:49.0506 5232 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    15:47:49.0511 5232 IPNAT - ok
    15:47:50.0439 5232 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    15:47:50.0503 5232 IRENUM - ok
    15:47:50.0782 5232 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    15:47:50.0784 5232 isapnp - ok
    15:47:50.0897 5232 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    15:47:50.0899 5232 iScsiPrt - ok
    15:47:50.0955 5232 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    15:47:50.0957 5232 iteatapi - ok
    15:47:51.0081 5232 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    15:47:51.0083 5232 iteraid - ok
    15:47:51.0199 5232 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    15:47:51.0200 5232 kbdclass - ok
    15:47:51.0648 5232 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
    15:47:51.0671 5232 kbdhid - ok
    15:47:52.0285 5232 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    15:47:52.0296 5232 KSecDD - ok
    15:47:52.0379 5232 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    15:47:52.0381 5232 lltdio - ok
    15:47:52.0440 5232 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    15:47:52.0442 5232 LSI_FC - ok
    15:47:52.0457 5232 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    15:47:52.0460 5232 LSI_SAS - ok
    15:47:52.0493 5232 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    15:47:52.0496 5232 LSI_SCSI - ok
    15:47:52.0514 5232 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    15:47:52.0518 5232 luafv - ok
    15:47:52.0553 5232 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    15:47:52.0555 5232 mdmxsdk - ok
    15:47:52.0583 5232 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    15:47:52.0584 5232 megasas - ok
    15:47:52.0632 5232 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    15:47:52.0642 5232 MegaSR - ok
    15:47:52.0687 5232 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    15:47:52.0689 5232 Modem - ok
    15:47:52.0842 5232 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    15:47:52.0844 5232 monitor - ok
    15:47:52.0882 5232 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    15:47:52.0883 5232 mouclass - ok
    15:47:52.0910 5232 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
    15:47:52.0913 5232 mouhid - ok
    15:47:52.0942 5232 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    15:47:52.0944 5232 MountMgr - ok
    15:47:52.0972 5232 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    15:47:52.0975 5232 mpio - ok
    15:47:53.0001 5232 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    15:47:53.0004 5232 mpsdrv - ok
    15:47:53.0052 5232 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    15:47:53.0053 5232 Mraid35x - ok
    15:47:53.0110 5232 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    15:47:53.0114 5232 MRxDAV - ok
    15:47:53.0174 5232 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    15:47:53.0178 5232 mrxsmb - ok
    15:47:53.0237 5232 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    15:47:53.0243 5232 mrxsmb10 - ok
    15:47:53.0377 5232 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    15:47:53.0380 5232 mrxsmb20 - ok
    15:47:53.0444 5232 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
    15:47:53.0445 5232 msahci - ok
    15:47:53.0500 5232 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    15:47:53.0503 5232 msdsm - ok
    15:47:53.0552 5232 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    15:47:53.0554 5232 Msfs - ok
    15:47:53.0600 5232 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    15:47:53.0601 5232 msisadrv - ok
    15:47:53.0656 5232 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    15:47:53.0658 5232 MSKSSRV - ok
    15:47:53.0688 5232 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    15:47:53.0690 5232 MSPCLOCK - ok
    15:47:53.0705 5232 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    15:47:53.0707 5232 MSPQM - ok
    15:47:53.0764 5232 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    15:47:53.0768 5232 MsRPC - ok
    15:47:53.0828 5232 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    15:47:53.0829 5232 mssmbios - ok
    15:47:53.0852 5232 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    15:47:53.0854 5232 MSTEE - ok
    15:47:53.0890 5232 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    15:47:53.0892 5232 Mup - ok
    15:47:53.0985 5232 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    15:47:53.0990 5232 NativeWifiP - ok
    15:47:54.0101 5232 NAVENG - ok
    15:47:54.0120 5232 NAVEX15 - ok
    15:47:54.0322 5232 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    15:47:54.0334 5232 NDIS - ok
    15:47:54.0390 5232 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    15:47:54.0391 5232 NdisTapi - ok
    15:47:54.0439 5232 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    15:47:54.0441 5232 Ndisuio - ok
    15:47:54.0534 5232 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    15:47:54.0538 5232 NdisWan - ok
    15:47:54.0568 5232 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    15:47:54.0570 5232 NDProxy - ok
    15:47:54.0608 5232 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    15:47:54.0611 5232 NetBIOS - ok
    15:47:54.0673 5232 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    15:47:54.0678 5232 netbt - ok
    15:47:54.0826 5232 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
    15:47:54.0905 5232 NETw3v32 - ok
    15:47:54.0977 5232 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    15:47:54.0979 5232 nfrd960 - ok
    15:47:55.0034 5232 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\Windows\system32\drivers\nmwcd.sys
    15:47:55.0040 5232 nmwcd - ok
    15:47:55.0083 5232 nmwcdc (bbb6010fc01d9239d88fcdf133e03ff0) C:\Windows\system32\drivers\nmwcdc.sys
    15:47:55.0086 5232 nmwcdc - ok
    15:47:55.0139 5232 nmwcdcj (4c3726467d67483f054c88f058e9c153) C:\Windows\system32\drivers\nmwcdcj.sys
    15:47:55.0141 5232 nmwcdcj - ok
    15:47:55.0207 5232 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\Windows\system32\drivers\nmwcdcm.sys
    15:47:55.0210 5232 nmwcdcm - ok
    15:47:55.0260 5232 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    15:47:55.0282 5232 Npfs - ok
    15:47:55.0322 5232 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    15:47:55.0324 5232 nsiproxy - ok
    15:47:55.0392 5232 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    15:47:55.0426 5232 Ntfs - ok
    15:47:55.0462 5232 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    15:47:55.0464 5232 ntrigdigi - ok
    15:47:55.0496 5232 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    15:47:55.0498 5232 Null - ok
    15:47:55.0557 5232 NVHDA (11be4b269549173cff542591e4be2c08) C:\Windows\system32\drivers\nvhda32v.sys
    15:47:55.0558 5232 NVHDA - ok
    15:47:56.0409 5232 nvlddmkm (440690da4358d9682dbcc56da7d419ab) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    15:47:57.0175 5232 nvlddmkm - ok
    15:47:57.0331 5232 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    15:47:57.0334 5232 nvraid - ok
    15:47:57.0370 5232 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    15:47:57.0372 5232 nvstor - ok
    15:47:57.0413 5232 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    15:47:57.0418 5232 nv_agp - ok
    15:47:57.0434 5232 NwlnkFlt - ok
    15:47:57.0449 5232 NwlnkFwd - ok
    15:47:57.0499 5232 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
    15:47:57.0503 5232 ohci1394 - ok
    15:47:57.0569 5232 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    15:47:57.0572 5232 Parport - ok
    15:47:57.0627 5232 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    15:47:57.0630 5232 partmgr - ok
    15:47:57.0654 5232 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    15:47:57.0656 5232 Parvdm - ok
    15:47:57.0718 5232 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    15:47:57.0722 5232 pci - ok
    15:47:57.0759 5232 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
    15:47:57.0760 5232 pciide - ok
    15:47:57.0797 5232 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    15:47:57.0804 5232 pcmcia - ok
    15:47:57.0926 5232 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    15:47:57.0961 5232 PEAUTH - ok
    15:47:58.0264 5232 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    15:47:58.0291 5232 PptpMiniport - ok
    15:47:58.0347 5232 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    15:47:58.0350 5232 Processor - ok
    15:47:58.0439 5232 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    15:47:58.0442 5232 PSched - ok
    15:47:58.0535 5232 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    15:47:58.0602 5232 ql2300 - ok
    15:47:58.0706 5232 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    15:47:58.0709 5232 ql40xx - ok
    15:47:58.0786 5232 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    15:47:58.0795 5232 QWAVEdrv - ok
    15:47:58.0820 5232 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    15:47:58.0821 5232 RasAcd - ok
    15:47:58.0901 5232 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    15:47:58.0904 5232 Rasl2tp - ok
    15:47:58.0991 5232 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    15:47:58.0993 5232 RasPppoe - ok
    15:47:59.0071 5232 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    15:47:59.0074 5232 RasSstp - ok
    15:47:59.0121 5232 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    15:47:59.0129 5232 rdbss - ok
    15:47:59.0156 5232 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    15:47:59.0157 5232 RDPCDD - ok
    15:47:59.0204 5232 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    15:47:59.0212 5232 rdpdr - ok
    15:47:59.0226 5232 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    15:47:59.0228 5232 RDPENCDD - ok
    15:47:59.0319 5232 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    15:47:59.0326 5232 RDPWD - ok
    15:47:59.0551 5232 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    15:47:59.0553 5232 rspndr - ok
    15:47:59.0670 5232 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
    15:47:59.0674 5232 RTL8169 - ok
    15:47:59.0791 5232 RTSTOR (08c3394391ab0aff65d75ae65d4207e1) C:\Windows\system32\drivers\RTSTOR.SYS
    15:47:59.0794 5232 RTSTOR - ok
    15:47:59.0941 5232 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    15:47:59.0944 5232 sbp2port - ok
    15:48:00.0026 5232 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    15:48:00.0030 5232 sdbus - ok
    15:48:00.0183 5232 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    15:48:00.0184 5232 secdrv - ok
    15:48:00.0499 5232 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    15:48:00.0502 5232 Serenum - ok
    15:48:00.0679 5232 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    15:48:00.0683 5232 Serial - ok
    15:48:00.0789 5232 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    15:48:00.0792 5232 sermouse - ok
    15:48:00.0901 5232 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    15:48:00.0904 5232 sffdisk - ok
    15:48:00.0984 5232 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    15:48:00.0987 5232 sffp_mmc - ok
    15:48:01.0421 5232 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    15:48:01.0424 5232 sffp_sd - ok
    15:48:01.0564 5232 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    15:48:01.0567 5232 sfloppy - ok
    15:48:02.0830 5232 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    15:48:02.0835 5232 sisagp - ok
    15:48:03.0509 5232 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    15:48:03.0511 5232 SiSRaid2 - ok
    15:48:03.0565 5232 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    15:48:03.0568 5232 SiSRaid4 - ok
    15:48:03.0625 5232 Smb (25eedefbd56fbd1c0d87690002ff6332) C:\Windows\system32\DRIVERS\smb.sys
    15:48:03.0626 5232 Suspicious file (Forged): C:\Windows\system32\DRIVERS\smb.sys. Real md5: 25eedefbd56fbd1c0d87690002ff6332, Fake md5: 7b75299a4d201d6a6533603d6914ab04
    15:48:03.0627 5232 Smb ( Rootkit.Win32.ZAccess.aml ) - infected
    15:48:03.0627 5232 Smb - detected Rootkit.Win32.ZAccess.aml (0)
    15:48:03.0664 5232 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    15:48:03.0665 5232 spldr - ok
    15:48:03.0842 5232 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\Windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS
    15:48:03.0850 5232 SRTSP - ok
    15:48:03.0979 5232 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\Windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS
    15:48:03.0980 5232 SRTSPX - ok
    15:48:04.0104 5232 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    15:48:04.0113 5232 srv - ok
    15:48:04.0169 5232 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    15:48:04.0173 5232 srv2 - ok
    15:48:04.0232 5232 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    15:48:04.0235 5232 srvnet - ok
    15:48:04.0324 5232 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
    15:48:04.0325 5232 ssmdrv - ok
    15:48:04.0419 5232 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
    15:48:04.0422 5232 StillCam - ok
    15:48:04.0490 5232 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    15:48:04.0491 5232 swenum - ok
    15:48:04.0538 5232 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    15:48:04.0540 5232 Symc8xx - ok
    15:48:04.0577 5232 SYMDNS - ok
    15:48:05.0123 5232 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\Windows\system32\drivers\NIS\1008030.006\SYMEFA.SYS
    15:48:05.0131 5232 SymEFA - ok
    15:48:05.0335 5232 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
    15:48:05.0337 5232 SymEvent - ok
    15:48:05.0356 5232 SYMFW - ok
    15:48:05.0395 5232 SymIM (34f1c9d5dcc19df1e824d6b73767b8af) C:\Windows\system32\DRIVERS\SymIMv.sys
    15:48:05.0396 5232 SymIM - ok
    15:48:05.0410 5232 SYMNDISV - ok
    15:48:05.0428 5232 SYMREDRV - ok
    15:48:05.0545 5232 SYMTDI (26bc80ec79d7ba478249c266cbdf17b4) C:\Windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS
    15:48:05.0547 5232 SYMTDI - ok
    15:48:05.0623 5232 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    15:48:05.0625 5232 Sym_hi - ok
    15:48:05.0851 5232 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    15:48:05.0853 5232 Sym_u3 - ok
    15:48:06.0211 5232 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
    15:48:06.0214 5232 SynTP - ok
    15:48:06.0424 5232 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
    15:48:06.0459 5232 Tcpip - ok
    15:48:06.0591 5232 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
    15:48:06.0600 5232 Tcpip6 - ok
    15:48:07.0082 5232 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    15:48:07.0084 5232 tcpipreg - ok
    15:48:07.0160 5232 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    15:48:07.0163 5232 TDPIPE - ok
    15:48:07.0236 5232 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    15:48:07.0239 5232 TDTCP - ok
    15:48:07.0801 5232 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    15:48:07.0862 5232 tdx - ok
    15:48:08.0144 5232 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    15:48:08.0146 5232 TermDD - ok
    15:48:08.0326 5232 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    15:48:08.0329 5232 tssecsrv - ok
    15:48:08.0372 5232 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    15:48:08.0374 5232 tunmp - ok
    15:48:08.0424 5232 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    15:48:08.0426 5232 tunnel - ok
    15:48:08.0454 5232 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    15:48:08.0457 5232 uagp35 - ok
    15:48:08.0501 5232 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    15:48:08.0508 5232 udfs - ok
    15:48:08.0565 5232 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    15:48:08.0569 5232 uliagpkx - ok
    15:48:08.0607 5232 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    15:48:08.0613 5232 uliahci - ok
    15:48:08.0644 5232 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    15:48:08.0647 5232 UlSata - ok
    15:48:08.0663 5232 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    15:48:08.0668 5232 ulsata2 - ok
    15:48:08.0716 5232 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    15:48:08.0718 5232 umbus - ok
    15:48:08.0773 5232 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    15:48:08.0776 5232 USBAAPL - ok
    15:48:08.0828 5232 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    15:48:08.0831 5232 usbccgp - ok
    15:48:08.0862 5232 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    15:48:08.0866 5232 usbcir - ok
    15:48:08.0932 5232 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    15:48:08.0934 5232 usbehci - ok
    15:48:08.0979 5232 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    15:48:08.0984 5232 usbhub - ok
    15:48:09.0029 5232 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    15:48:09.0033 5232 usbohci - ok
    15:48:09.0081 5232 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    15:48:09.0084 5232 usbprint - ok
    15:48:09.0119 5232 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    15:48:09.0122 5232 usbscan - ok
    15:48:09.0155 5232 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    15:48:09.0161 5232 USBSTOR - ok
    15:48:09.0187 5232 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    15:48:09.0189 5232 usbuhci - ok
    15:48:09.0245 5232 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    15:48:09.0249 5232 usbvideo - ok
    15:48:09.0329 5232 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    15:48:09.0332 5232 vga - ok
    15:48:09.0366 5232 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    15:48:09.0368 5232 VgaSave - ok
    15:48:09.0422 5232 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    15:48:09.0426 5232 viaagp - ok
    15:48:09.0455 5232 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    15:48:09.0458 5232 ViaC7 - ok
    15:48:09.0488 5232 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
    15:48:09.0490 5232 viaide - ok
    15:48:09.0518 5232 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    15:48:09.0527 5232 volmgr - ok
    15:48:09.0584 5232 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    15:48:09.0590 5232 volmgrx - ok
    15:48:09.0671 5232 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    15:48:09.0675 5232 volsnap - ok
    15:48:09.0713 5232 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    15:48:09.0716 5232 vsmraid - ok
    15:48:09.0781 5232 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    15:48:09.0784 5232 WacomPen - ok
    15:48:09.0825 5232 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    15:48:09.0828 5232 Wanarp - ok
    15:48:09.0854 5232 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    15:48:09.0856 5232 Wanarpv6 - ok
    15:48:09.0917 5232 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    15:48:09.0918 5232 Wd - ok
    15:48:10.0102 5232 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    15:48:10.0123 5232 Wdf01000 - ok
    15:48:10.0200 5232 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    15:48:10.0257 5232 winachsf - ok
    15:48:10.0394 5232 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    15:48:10.0395 5232 WmiAcpi - ok
    15:48:10.0476 5232 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    15:48:10.0479 5232 WpdUsb - ok
    15:48:10.0511 5232 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    15:48:10.0515 5232 ws2ifsl - ok
    15:48:10.0583 5232 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    15:48:10.0587 5232 WUDFRd - ok
    15:48:10.0652 5232 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
    15:48:10.0654 5232 XAudio - ok
    15:48:10.0721 5232 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
    15:48:10.0727 5232 yukonwlh - ok
    15:48:10.0782 5232 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
    15:48:10.0819 5232 \Device\Harddisk0\DR0 - ok
    15:48:10.0825 5232 Boot (0x1200) (afe3cbcc2b846b674b6bda15ef5da283) \Device\Harddisk0\DR0\Partition0
    15:48:10.0827 5232 \Device\Harddisk0\DR0\Partition0 - ok
    15:48:11.0286 5232 Boot (0x1200) (5c9d4f1a668ee9b50a50ce0e5522073b) \Device\Harddisk0\DR0\Partition1
    15:48:11.0321 5232 \Device\Harddisk0\DR0\Partition1 - ok
    15:48:11.0321 5232 ============================================================
    15:48:11.0321 5232 Scan finished
    15:48:11.0321 5232 ============================================================
    15:48:11.0337 5216 Detected object count: 1
    15:48:11.0338 5216 Actual detected object count: 1
    15:48:22.0814 5216 Backup copy found, using it..
    15:48:22.0828 5216 C:\Windows\system32\DRIVERS\smb.sys - will be cured on reboot
    15:48:34.0881 5216 C:\Windows\System32\c_47915.nls - will be deleted on reboot
    15:48:36.0790 5216 Smb ( Rootkit.Win32.ZAccess.aml ) - User select action: Cure
    15:50:55.0884 4908 Deinitialize success
     
  10. sspsyc

    sspsyc TS Rookie Topic Starter Posts: 29

    2nd log

    15:58:23.0841 2452 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
    15:58:24.0593 2452 ============================================================
    15:58:24.0593 2452 Current date / time: 2011/12/24 15:58:24.0593
    15:58:24.0593 2452 SystemInfo:
    15:58:24.0593 2452
    15:58:24.0594 2452 OS Version: 6.0.6002 ServicePack: 2.0
    15:58:24.0594 2452 Product type: Workstation
    15:58:24.0594 2452 ComputerName: KEN-THE-KOALA
    15:58:24.0594 2452 UserName: Leah
    15:58:24.0594 2452 Windows directory: C:\Windows
    15:58:24.0594 2452 System windows directory: C:\Windows
    15:58:24.0594 2452 Processor architecture: Intel x86
    15:58:24.0595 2452 Number of processors: 2
    15:58:24.0595 2452 Page size: 0x1000
    15:58:24.0595 2452 Boot type: Normal boot
    15:58:24.0595 2452 ============================================================
    15:58:26.0041 2452 Initialize success
    15:58:43.0490 2608 Deinitialize success
     
  11. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Good :)

    Post new GMER log.

    Then...

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  12. sspsyc

    sspsyc TS Rookie Topic Starter Posts: 29

    2nd GMER log - sorry for lateness, it was Christmas :)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-12-27 14:36:27
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT1 rev.13.01A13
    Running: n610p41m.exe; Driver: C:\Users\Leah\AppData\Local\Temp\pwdirpod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  13. sspsyc

    sspsyc TS Rookie Topic Starter Posts: 29

    anwMBR log

    aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-27 14:41:05
    -----------------------------
    14:41:05.472 OS Version: Windows 6.0.6002 Service Pack 2
    14:41:05.472 Number of processors: 2 586 0x170A
    14:41:05.474 ComputerName: KEN-THE-KOALA UserName: Leah
    14:41:07.711 Initialize success
    14:41:41.642 The log file has been saved successfully to "C:\Users\Leah\Desktop\aswMBR.txt"
     
  14. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    Then proceed with Combofix.
     
  15. sspsyc

    sspsyc TS Rookie Topic Starter Posts: 29

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: b23e5cbb74b4fcefd775b490fc8131e6

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
     
  16. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Go ahead with Combofix.
     
  17. sspsyc

    sspsyc TS Rookie Topic Starter Posts: 29

    combofix won't finish. It will just continue on the same page for hours.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Did you?
     
  19. sspsyc

    sspsyc TS Rookie Topic Starter Posts: 29

    not working

    yes, neither worked.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run aswMBR again and post its log.
     
  21. sspsyc

    sspsyc TS Rookie Topic Starter Posts: 29

    aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-28 18:00:02
    -----------------------------
    18:00:02.197 OS Version: Windows 6.0.6002 Service Pack 2
    18:00:02.197 Number of processors: 2 586 0x170A
    18:00:02.199 ComputerName: KEN-THE-KOALA UserName: Leah
    18:00:27.657 Initialize success
    18:00:45.652 The log file has been saved successfully to "C:\Users\Leah\Desktop\aswMBR.txt"
     
  22. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

    • Double click on downloaded file to run it.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log (FRST.txt) on your desktop.
    • Please copy and paste it to your reply.
     
  23. sspsyc

    sspsyc TS Rookie Topic Starter Posts: 29

    it says subscript used with non-array available and won't finish the scan
     
  24. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Re-run TDSSKiller one more time.
     
  25. sspsyc

    sspsyc TS Rookie Topic Starter Posts: 29

    09:03:09.0241 5380 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
    09:03:09.0967 5380 ============================================================
    09:03:09.0967 5380 Current date / time: 2011/12/29 09:03:09.0967
    09:03:09.0967 5380 SystemInfo:
    09:03:09.0967 5380
    09:03:09.0967 5380 OS Version: 6.0.6002 ServicePack: 2.0
    09:03:09.0967 5380 Product type: Workstation
    09:03:09.0967 5380 ComputerName: KEN-THE-KOALA
    09:03:09.0968 5380 UserName: Leah
    09:03:09.0968 5380 Windows directory: C:\Windows
    09:03:09.0968 5380 System windows directory: C:\Windows
    09:03:09.0968 5380 Processor architecture: Intel x86
    09:03:09.0968 5380 Number of processors: 2
    09:03:09.0968 5380 Page size: 0x1000
    09:03:09.0968 5380 Boot type: Normal boot
    09:03:09.0968 5380 ============================================================
    09:03:11.0817 5380 Initialize success
    09:03:13.0656 4936 ============================================================
    09:03:13.0656 4936 Scan started
    09:03:13.0656 4936 Mode: Manual;
    09:03:13.0656 4936 ============================================================
    09:03:16.0020 4936 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    09:03:16.0027 4936 ACPI - ok
    09:03:16.0086 4936 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    09:03:16.0097 4936 adp94xx - ok
    09:03:16.0115 4936 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    09:03:16.0123 4936 adpahci - ok
    09:03:16.0148 4936 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    09:03:16.0152 4936 adpu160m - ok
    09:03:16.0178 4936 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    09:03:16.0183 4936 adpu320 - ok
    09:03:16.0264 4936 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    09:03:16.0271 4936 AFD - ok
    09:03:16.0309 4936 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    09:03:16.0313 4936 agp440 - ok
    09:03:16.0334 4936 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    09:03:16.0338 4936 aic78xx - ok
    09:03:16.0376 4936 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
    09:03:16.0378 4936 aliide - ok
    09:03:16.0405 4936 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    09:03:16.0408 4936 amdagp - ok
    09:03:16.0421 4936 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
    09:03:16.0423 4936 amdide - ok
    09:03:16.0445 4936 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    09:03:16.0448 4936 AmdK7 - ok
    09:03:16.0467 4936 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    09:03:16.0470 4936 AmdK8 - ok
    09:03:16.0559 4936 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    09:03:16.0563 4936 arc - ok
    09:03:16.0602 4936 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    09:03:16.0606 4936 arcsas - ok
    09:03:16.0644 4936 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    09:03:16.0646 4936 AsyncMac - ok
    09:03:16.0688 4936 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    09:03:16.0689 4936 atapi - ok
    09:03:16.0781 4936 athr (c8bb2e935a5d195692140e795ea9ac14) C:\Windows\system32\DRIVERS\athr.sys
    09:03:16.0847 4936 athr - ok
    09:03:16.0908 4936 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
    09:03:16.0912 4936 avgntflt - ok
    09:03:16.0939 4936 avipbb (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
    09:03:16.0943 4936 avipbb - ok
    09:03:16.0965 4936 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
    09:03:16.0967 4936 avkmgr - ok
    09:03:17.0022 4936 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    09:03:17.0024 4936 Beep - ok
    09:03:17.0132 4936 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\Windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys
    09:03:17.0138 4936 BHDrvx86 - ok
    09:03:17.0203 4936 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    09:03:17.0205 4936 blbdrive - ok
    09:03:17.0264 4936 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    09:03:17.0267 4936 bowser - ok
    09:03:17.0302 4936 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    09:03:17.0304 4936 BrFiltLo - ok
    09:03:17.0323 4936 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    09:03:17.0326 4936 BrFiltUp - ok
    09:03:17.0356 4936 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    09:03:17.0359 4936 Brserid - ok
    09:03:17.0378 4936 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    09:03:17.0381 4936 BrSerWdm - ok
    09:03:17.0399 4936 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    09:03:17.0401 4936 BrUsbMdm - ok
    09:03:17.0416 4936 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    09:03:17.0420 4936 BrUsbSer - ok
    09:03:17.0442 4936 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    09:03:17.0445 4936 BTHMODEM - ok
    09:03:17.0504 4936 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
    09:03:17.0507 4936 BVRPMPR5 - ok
    09:03:17.0588 4936 catchme - ok
    09:03:17.0705 4936 ccHP (3182b846490dc4d71fabd4a8cb6b73ea) C:\Windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys
    09:03:17.0727 4936 ccHP - ok
    09:03:17.0779 4936 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    09:03:17.0783 4936 cdfs - ok
    09:03:17.0847 4936 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    09:03:17.0850 4936 cdrom - ok
    09:03:17.0876 4936 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    09:03:17.0879 4936 circlass - ok
    09:03:17.0921 4936 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    09:03:17.0928 4936 CLFS - ok
    09:03:17.0976 4936 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    09:03:17.0979 4936 CmBatt - ok
    09:03:18.0000 4936 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
    09:03:18.0003 4936 cmdide - ok
    09:03:18.0054 4936 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\Windows\system32\drivers\CHDRT32.sys
    09:03:18.0061 4936 CnxtHdAudService - ok
    09:03:18.0097 4936 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    09:03:18.0100 4936 Compbatt - ok
    09:03:18.0119 4936 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    09:03:18.0122 4936 crcdisk - ok
    09:03:18.0141 4936 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    09:03:18.0144 4936 Crusoe - ok
    09:03:18.0213 4936 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    09:03:18.0216 4936 DfsC - ok
    09:03:18.0294 4936 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    09:03:18.0297 4936 disk - ok
    09:03:18.0354 4936 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    09:03:18.0359 4936 Dot4 - ok
    09:03:18.0378 4936 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    09:03:18.0380 4936 Dot4Print - ok
    09:03:18.0431 4936 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    09:03:18.0434 4936 dot4usb - ok
    09:03:18.0491 4936 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    09:03:18.0494 4936 drmkaud - ok
    09:03:18.0557 4936 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    09:03:18.0580 4936 DXGKrnl - ok
    09:03:18.0618 4936 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    09:03:18.0622 4936 E1G60 - ok
    09:03:18.0690 4936 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    09:03:18.0695 4936 Ecache - ok
    09:03:18.0776 4936 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    09:03:18.0787 4936 eeCtrl - ok
    09:03:18.0901 4936 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    09:03:18.0910 4936 elxstor - ok
    09:03:18.0947 4936 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    09:03:18.0949 4936 ErrDev - ok
    09:03:19.0003 4936 ewusbnet (1fc8c55255d197aa3a423624786d090c) C:\Windows\system32\DRIVERS\ewusbnet.sys
    09:03:19.0007 4936 ewusbnet - ok
    09:03:19.0065 4936 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    09:03:19.0070 4936 exfat - ok
    09:03:19.0120 4936 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    09:03:19.0124 4936 fastfat - ok
    09:03:19.0171 4936 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    09:03:19.0173 4936 fdc - ok
    09:03:19.0215 4936 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    09:03:19.0219 4936 FileInfo - ok
    09:03:19.0242 4936 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    09:03:19.0245 4936 Filetrace - ok
    09:03:19.0262 4936 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    09:03:19.0266 4936 flpydisk - ok
    09:03:19.0326 4936 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    09:03:19.0331 4936 FltMgr - ok
    09:03:19.0411 4936 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
    09:03:19.0414 4936 fssfltr - ok
    09:03:19.0473 4936 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
    09:03:19.0476 4936 FsUsbExDisk - ok
    09:03:19.0500 4936 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    09:03:19.0503 4936 Fs_Rec - ok
    09:03:19.0523 4936 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    09:03:19.0526 4936 gagp30kx - ok
    09:03:19.0568 4936 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    09:03:19.0570 4936 GEARAspiWDM - ok
    09:03:19.0635 4936 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    09:03:19.0641 4936 HdAudAddService - ok
    09:03:19.0698 4936 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    09:03:19.0720 4936 HDAudBus - ok
    09:03:19.0745 4936 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    09:03:19.0747 4936 HidBth - ok
    09:03:19.0775 4936 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    09:03:19.0777 4936 HidIr - ok
    09:03:19.0818 4936 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
    09:03:19.0820 4936 HidUsb - ok
    09:03:19.0855 4936 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    09:03:19.0858 4936 HpCISSs - ok
    09:03:19.0925 4936 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    09:03:19.0927 4936 HpqKbFiltr - ok
    09:03:20.0019 4936 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    09:03:20.0053 4936 HSF_DPV - ok
    09:03:20.0082 4936 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    09:03:20.0089 4936 HSXHWAZL - ok
    09:03:20.0136 4936 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    09:03:20.0148 4936 HTTP - ok
    09:03:20.0225 4936 hwdatacard (0515065a3c7e8869dd01253e987c5bd1) C:\Windows\system32\DRIVERS\ewusbmdm.sys
    09:03:20.0229 4936 hwdatacard - ok
    09:03:20.0300 4936 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    09:03:20.0302 4936 i2omp - ok
    09:03:20.0353 4936 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    09:03:20.0356 4936 i8042prt - ok
    09:03:20.0388 4936 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    09:03:20.0395 4936 iaStorV - ok
    09:03:20.0537 4936 IDSVix86 (c15fcea5c150314489698b2571a5190d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110801.030\IDSvix86.sys
    09:03:20.0547 4936 IDSVix86 - ok
    09:03:20.0604 4936 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    09:03:20.0608 4936 iirsp - ok
    09:03:20.0693 4936 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
    09:03:20.0734 4936 intelide - ok
    09:03:20.0856 4936 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    09:03:20.0857 4936 intelppm - ok
    09:03:20.0907 4936 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    09:03:20.0910 4936 IpFilterDriver - ok
    09:03:20.0922 4936 IpInIp - ok
    09:03:20.0950 4936 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    09:03:20.0953 4936 IPMIDRV - ok
    09:03:20.0993 4936 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    09:03:21.0072 4936 IPNAT - ok
    09:03:21.0114 4936 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    09:03:21.0152 4936 IRENUM - ok
    09:03:21.0190 4936 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    09:03:21.0193 4936 isapnp - ok
    09:03:21.0238 4936 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    09:03:21.0242 4936 iScsiPrt - ok
    09:03:21.0264 4936 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    09:03:21.0267 4936 iteatapi - ok
    09:03:21.0290 4936 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    09:03:21.0292 4936 iteraid - ok
    09:03:21.0318 4936 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    09:03:21.0321 4936 kbdclass - ok
    09:03:21.0345 4936 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
    09:03:21.0348 4936 kbdhid - ok
    09:03:21.0412 4936 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    09:03:21.0424 4936 KSecDD - ok
    09:03:21.0464 4936 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    09:03:21.0467 4936 lltdio - ok
    09:03:21.0493 4936 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    09:03:21.0498 4936 LSI_FC - ok
    09:03:21.0514 4936 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    09:03:21.0518 4936 LSI_SAS - ok
    09:03:21.0542 4936 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    09:03:21.0546 4936 LSI_SCSI - ok
    09:03:21.0567 4936 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    09:03:21.0571 4936 luafv - ok
    09:03:21.0605 4936 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    09:03:21.0607 4936 mdmxsdk - ok
    09:03:21.0647 4936 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    09:03:21.0649 4936 megasas - ok
    09:03:21.0695 4936 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    09:03:21.0705 4936 MegaSR - ok
    09:03:21.0772 4936 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    09:03:21.0802 4936 Modem - ok
    09:03:21.0850 4936 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    09:03:21.0851 4936 monitor - ok
    09:03:21.0878 4936 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    09:03:21.0881 4936 mouclass - ok
    09:03:21.0906 4936 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
    09:03:21.0909 4936 mouhid - ok
    09:03:21.0924 4936 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    09:03:21.0927 4936 MountMgr - ok
    09:03:21.0957 4936 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    09:03:21.0962 4936 mpio - ok
    09:03:21.0985 4936 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    09:03:21.0988 4936 mpsdrv - ok
    09:03:22.0015 4936 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    09:03:22.0018 4936 Mraid35x - ok
    09:03:22.0062 4936 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    09:03:22.0068 4936 MRxDAV - ok
    09:03:22.0116 4936 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    09:03:22.0121 4936 mrxsmb - ok
    09:03:22.0172 4936 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    09:03:22.0191 4936 mrxsmb10 - ok
    09:03:22.0219 4936 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    09:03:22.0224 4936 mrxsmb20 - ok
    09:03:22.0285 4936 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
    09:03:22.0286 4936 msahci - ok
    09:03:22.0319 4936 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    09:03:22.0323 4936 msdsm - ok
    09:03:22.0370 4936 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    09:03:22.0373 4936 Msfs - ok
    09:03:22.0418 4936 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    09:03:22.0421 4936 msisadrv - ok
    09:03:22.0463 4936 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    09:03:22.0465 4936 MSKSSRV - ok
    09:03:22.0485 4936 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    09:03:22.0487 4936 MSPCLOCK - ok
    09:03:22.0502 4936 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    09:03:22.0505 4936 MSPQM - ok
    09:03:22.0560 4936 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    09:03:22.0565 4936 MsRPC - ok
    09:03:22.0591 4936 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    09:03:22.0592 4936 mssmbios - ok
    09:03:22.0613 4936 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    09:03:22.0615 4936 MSTEE - ok
    09:03:22.0642 4936 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    09:03:22.0645 4936 Mup - ok
    09:03:22.0703 4936 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    09:03:22.0709 4936 NativeWifiP - ok
    09:03:22.0778 4936 NAVENG - ok
    09:03:22.0789 4936 NAVEX15 - ok
    09:03:22.0841 4936 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    09:03:22.0862 4936 NDIS - ok
    09:03:22.0886 4936 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    09:03:22.0888 4936 NdisTapi - ok
    09:03:22.0913 4936 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    09:03:22.0916 4936 Ndisuio - ok
    09:03:22.0963 4936 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    09:03:22.0968 4936 NdisWan - ok
    09:03:22.0986 4936 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    09:03:22.0989 4936 NDProxy - ok
    09:03:23.0018 4936 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    09:03:23.0023 4936 NetBIOS - ok
    09:03:23.0069 4936 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    09:03:23.0074 4936 netbt - ok
    09:03:23.0190 4936 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
    09:03:23.0256 4936 NETw3v32 - ok
    09:03:23.0284 4936 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    09:03:23.0286 4936 nfrd960 - ok
    09:03:23.0341 4936 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\Windows\system32\drivers\nmwcd.sys
    09:03:23.0346 4936 nmwcd - ok
    09:03:23.0368 4936 nmwcdc (bbb6010fc01d9239d88fcdf133e03ff0) C:\Windows\system32\drivers\nmwcdc.sys
    09:03:23.0371 4936 nmwcdc - ok
    09:03:23.0404 4936 nmwcdcj (4c3726467d67483f054c88f058e9c153) C:\Windows\system32\drivers\nmwcdcj.sys
    09:03:23.0407 4936 nmwcdcj - ok
    09:03:23.0458 4936 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\Windows\system32\drivers\nmwcdcm.sys
    09:03:23.0461 4936 nmwcdcm - ok
    09:03:23.0512 4936 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    09:03:23.0514 4936 Npfs - ok
    09:03:23.0551 4936 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    09:03:23.0553 4936 nsiproxy - ok
    09:03:23.0620 4936 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    09:03:23.0654 4936 Ntfs - ok
    09:03:23.0680 4936 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    09:03:23.0682 4936 ntrigdigi - ok
    09:03:23.0703 4936 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    09:03:23.0706 4936 Null - ok
    09:03:23.0742 4936 NVHDA (11be4b269549173cff542591e4be2c08) C:\Windows\system32\drivers\nvhda32v.sys
    09:03:23.0745 4936 NVHDA - ok
    09:03:23.0974 4936 nvlddmkm (440690da4358d9682dbcc56da7d419ab) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    09:03:24.0164 4936 nvlddmkm - ok
    09:03:24.0193 4936 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    09:03:24.0197 4936 nvraid - ok
    09:03:24.0221 4936 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    09:03:24.0223 4936 nvstor - ok
    09:03:24.0253 4936 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    09:03:24.0257 4936 nv_agp - ok
    09:03:24.0269 4936 NwlnkFlt - ok
    09:03:24.0285 4936 NwlnkFwd - ok
    09:03:24.0327 4936 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
    09:03:24.0331 4936 ohci1394 - ok
    09:03:24.0375 4936 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    09:03:24.0379 4936 Parport - ok
    09:03:24.0411 4936 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    09:03:24.0414 4936 partmgr - ok
    09:03:24.0438 4936 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    09:03:24.0440 4936 Parvdm - ok
    09:03:24.0491 4936 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
    09:03:24.0494 4936 pccsmcfd - ok
    09:03:24.0546 4936 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    09:03:24.0552 4936 pci - ok
    09:03:24.0576 4936 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
    09:03:24.0578 4936 pciide - ok
    09:03:24.0602 4936 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    09:03:24.0607 4936 pcmcia - ok
    09:03:24.0665 4936 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    09:03:24.0700 4936 PEAUTH - ok
    09:03:24.0770 4936 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    09:03:24.0773 4936 PptpMiniport - ok
    09:03:24.0808 4936 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    09:03:24.0811 4936 Processor - ok
    09:03:24.0878 4936 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    09:03:24.0882 4936 PSched - ok
    09:03:24.0941 4936 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    09:03:24.0974 4936 ql2300 - ok
    09:03:25.0001 4936 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    09:03:25.0005 4936 ql40xx - ok
    09:03:25.0025 4936 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    09:03:25.0028 4936 QWAVEdrv - ok
    09:03:25.0048 4936 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    09:03:25.0050 4936 RasAcd - ok
    09:03:25.0074 4936 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    09:03:25.0077 4936 Rasl2tp - ok
    09:03:25.0130 4936 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    09:03:25.0132 4936 RasPppoe - ok
    09:03:25.0177 4936 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    09:03:25.0180 4936 RasSstp - ok
    09:03:25.0227 4936 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    09:03:25.0233 4936 rdbss - ok
    09:03:25.0250 4936 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    09:03:25.0253 4936 RDPCDD - ok
    09:03:25.0287 4936 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    09:03:25.0295 4936 rdpdr - ok
    09:03:25.0314 4936 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    09:03:25.0316 4936 RDPENCDD - ok
    09:03:25.0347 4936 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    09:03:25.0352 4936 RDPWD - ok
    09:03:25.0412 4936 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    09:03:25.0415 4936 rspndr - ok
    09:03:25.0465 4936 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
    09:03:25.0471 4936 RTL8169 - ok
    09:03:25.0519 4936 RTSTOR (08c3394391ab0aff65d75ae65d4207e1) C:\Windows\system32\drivers\RTSTOR.SYS
    09:03:25.0523 4936 RTSTOR - ok
    09:03:25.0558 4936 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    09:03:25.0561 4936 sbp2port - ok
    09:03:25.0598 4936 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    09:03:25.0602 4936 sdbus - ok
    09:03:25.0632 4936 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    09:03:25.0635 4936 secdrv - ok
    09:03:25.0671 4936 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    09:03:25.0674 4936 Serenum - ok
    09:03:25.0703 4936 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    09:03:25.0709 4936 Serial - ok
    09:03:25.0730 4936 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    09:03:25.0735 4936 sermouse - ok
    09:03:25.0773 4936 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    09:03:25.0775 4936 sffdisk - ok
    09:03:25.0800 4936 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    09:03:25.0802 4936 sffp_mmc - ok
    09:03:25.0823 4936 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    09:03:25.0825 4936 sffp_sd - ok
    09:03:25.0973 4936 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    09:03:25.0975 4936 sfloppy - ok
    09:03:26.0012 4936 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    09:03:26.0015 4936 sisagp - ok
    09:03:26.0090 4936 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    09:03:26.0093 4936 SiSRaid2 - ok
    09:03:26.0113 4936 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    09:03:26.0117 4936 SiSRaid4 - ok
    09:03:26.0162 4936 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    09:03:26.0166 4936 Smb - ok
    09:03:26.0223 4936 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    09:03:26.0226 4936 spldr - ok
    09:03:26.0334 4936 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\Windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS
    09:03:26.0343 4936 SRTSP - ok
    09:03:26.0371 4936 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\Windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS
    09:03:26.0374 4936 SRTSPX - ok
    09:03:26.0419 4936 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    09:03:26.0427 4936 srv - ok
    09:03:26.0472 4936 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    09:03:26.0477 4936 srv2 - ok
    09:03:26.0524 4936 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    09:03:26.0529 4936 srvnet - ok
    09:03:26.0583 4936 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
    09:03:26.0586 4936 ssmdrv - ok
    09:03:26.0645 4936 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
    09:03:26.0647 4936 StillCam - ok
    09:03:26.0704 4936 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    09:03:26.0706 4936 swenum - ok
    09:03:26.0841 4936 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    09:03:26.0844 4936 Symc8xx - ok
    09:03:26.0881 4936 SYMDNS - ok
    09:03:26.0970 4936 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\Windows\system32\drivers\NIS\1008030.006\SYMEFA.SYS
    09:03:26.0979 4936 SymEFA - ok
    09:03:27.0016 4936 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
    09:03:27.0019 4936 SymEvent - ok
    09:03:27.0033 4936 SYMFW - ok
    09:03:27.0075 4936 SymIM (34f1c9d5dcc19df1e824d6b73767b8af) C:\Windows\system32\DRIVERS\SymIMv.sys
    09:03:27.0078 4936 SymIM - ok
    09:03:27.0092 4936 SYMNDISV - ok
    09:03:27.0109 4936 SYMREDRV - ok
    09:03:27.0137 4936 SYMTDI (26bc80ec79d7ba478249c266cbdf17b4) C:\Windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS
    09:03:27.0142 4936 SYMTDI - ok
    09:03:27.0171 4936 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    09:03:27.0174 4936 Sym_hi - ok
    09:03:27.0198 4936 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    09:03:27.0202 4936 Sym_u3 - ok
    09:03:27.0236 4936 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
    09:03:27.0242 4936 SynTP - ok
    09:03:27.0338 4936 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
    09:03:27.0372 4936 Tcpip - ok
    09:03:27.0412 4936 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
    09:03:27.0421 4936 Tcpip6 - ok
    09:03:27.0473 4936 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    09:03:27.0476 4936 tcpipreg - ok
    09:03:27.0507 4936 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    09:03:27.0509 4936 TDPIPE - ok
    09:03:27.0538 4936 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    09:03:27.0541 4936 TDTCP - ok
    09:03:27.0564 4936 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    09:03:27.0569 4936 tdx - ok
    09:03:27.0601 4936 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    09:03:27.0604 4936 TermDD - ok
    09:03:27.0683 4936 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    09:03:27.0686 4936 tssecsrv - ok
    09:03:27.0718 4936 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    09:03:27.0721 4936 tunmp - ok
    09:03:27.0759 4936 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    09:03:27.0762 4936 tunnel - ok
    09:03:27.0788 4936 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    09:03:27.0792 4936 uagp35 - ok
    09:03:27.0847 4936 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    09:03:27.0854 4936 udfs - ok
    09:03:27.0889 4936 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    09:03:27.0892 4936 uliagpkx - ok
    09:03:27.0920 4936 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    09:03:27.0927 4936 uliahci - ok
    09:03:27.0945 4936 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    09:03:27.0950 4936 UlSata - ok
    09:03:27.0967 4936 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    09:03:27.0971 4936 ulsata2 - ok
    09:03:28.0017 4936 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    09:03:28.0020 4936 umbus - ok
    09:03:28.0086 4936 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    09:03:28.0089 4936 USBAAPL - ok
    09:03:28.0129 4936 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    09:03:28.0133 4936 usbccgp - ok
    09:03:28.0164 4936 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    09:03:28.0167 4936 usbcir - ok
    09:03:28.0222 4936 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    09:03:28.0225 4936 usbehci - ok
    09:03:28.0270 4936 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    09:03:28.0276 4936 usbhub - ok
    09:03:28.0297 4936 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    09:03:28.0300 4936 usbohci - ok
    09:03:28.0349 4936 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    09:03:28.0351 4936 usbprint - ok
    09:03:28.0398 4936 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    09:03:28.0401 4936 usbscan - ok
    09:03:28.0434 4936 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    09:03:28.0437 4936 USBSTOR - ok
    09:03:28.0466 4936 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    09:03:28.0469 4936 usbuhci - ok
    09:03:28.0525 4936 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    09:03:28.0530 4936 usbvideo - ok
    09:03:28.0564 4936 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    09:03:28.0566 4936 vga - ok
    09:03:28.0590 4936 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    09:03:28.0592 4936 VgaSave - ok
    09:03:28.0624 4936 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    09:03:28.0627 4936 viaagp - ok
    09:03:28.0657 4936 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    09:03:28.0659 4936 ViaC7 - ok
    09:03:28.0690 4936 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
    09:03:28.0692 4936 viaide - ok
    09:03:28.0719 4936 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    09:03:28.0723 4936 volmgr - ok
    09:03:28.0776 4936 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    09:03:28.0784 4936 volmgrx - ok
    09:03:28.0838 4936 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    09:03:28.0846 4936 volsnap - ok
    09:03:28.0870 4936 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    09:03:28.0874 4936 vsmraid - ok
    09:03:28.0916 4936 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    09:03:28.0918 4936 WacomPen - ok
    09:03:28.0949 4936 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    09:03:28.0952 4936 Wanarp - ok
    09:03:28.0978 4936 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    09:03:28.0979 4936 Wanarpv6 - ok
    09:03:29.0029 4936 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    09:03:29.0034 4936 Wd - ok
    09:03:29.0081 4936 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    09:03:29.0104 4936 Wdf01000 - ok
    09:03:29.0190 4936 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    09:03:29.0213 4936 winachsf - ok
    09:03:29.0284 4936 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    09:03:29.0285 4936 WmiAcpi - ok
    09:03:29.0344 4936 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    09:03:29.0347 4936 WpdUsb - ok
    09:03:29.0379 4936 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    09:03:29.0381 4936 ws2ifsl - ok
    09:03:29.0451 4936 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    09:03:29.0455 4936 WUDFRd - ok
    09:03:29.0488 4936 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
    09:03:29.0491 4936 XAudio - ok
    09:03:29.0545 4936 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
    09:03:29.0551 4936 yukonwlh - ok
    09:03:29.0605 4936 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    09:03:29.0972 4936 \Device\Harddisk0\DR0 - ok
    09:03:29.0977 4936 Boot (0x1200) (afe3cbcc2b846b674b6bda15ef5da283) \Device\Harddisk0\DR0\Partition0
    09:03:29.0979 4936 \Device\Harddisk0\DR0\Partition0 - ok
    09:03:30.0009 4936 Boot (0x1200) (5c9d4f1a668ee9b50a50ce0e5522073b) \Device\Harddisk0\DR0\Partition1
    09:03:30.0011 4936 \Device\Harddisk0\DR0\Partition1 - ok
    09:03:30.0012 4936 ============================================================
    09:03:30.0012 4936 Scan finished
    09:03:30.0012 4936 ============================================================
    09:03:30.0027 4612 Detected object count: 0
    09:03:30.0027 4612 Actual detected object count: 0
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...