TechSpot

Help with removal of XP Antispyware 2012

Resolved
By learninmypc
Jan 1, 2012
  1. A friend dropped by with their Toshiba laptop telling me it has a virus.
    I booted it up & was greeted with the XP Antispyware 2012.
    NOT knowing if they had already scanned or tried to scan with it, I google it & got these links
    http://www.bleepingcomputer.com/download/anti-virus/rkill

    http://www.bleepingcomputer.com/virus-removal/remove-xp-antispyware-2012

    NOT in chronological order (sorry) I did use the FixNCR.reg & the Rkill.com & ran my Mbam scans. UNfortunatly those scan results have been removed.
    I gave up on it till this morning (01/01/12 ) when I tried the " iExplore.exe download link. & then I ran a quick scan with Mbam again & it came up clean so I did a full scan & it too was clean. I also ran SAS full scan & it was clean as was my Eset scan.
    However, upon rebooting I still get a bubble telling me the Automatic Updates is turned off,Click balloon to fix it but I go into check it out & its turned on.
    I'm hoping I haven't messed up anything. TIA for any help.
     
  2. Broni

    Broni Malware Annihilator Posts: 48,005   +271

    You've been to this forum before and you should know what preliminary steps are required.
     
  3. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 5,457   +242

    Thank you. I'll do my best. :)
     
  4. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 5,457   +242

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.01.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Valued Customer :: TOSHIBA-USER [administrator]

    1/1/2012 5:04:31 PM
    mbam-log-2012-01-01 (17-04-31).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 324940
    Time elapsed: 1 hour(s), 21 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-01-01 18:14:08
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS541010G9AT00 rev.MBZOA56J
    Running: wvplgpny.exe; Driver: C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\pwldyfog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA883FBDA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA883FA45]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA88947A2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----
     
  5. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 5,457   +242

    When trying to run DDS by sUBs, it freezes up the laptop. I will try one more time,but I'm doubting it.
     
  6. Broni

    Broni Malware Annihilator Posts: 48,005   +271

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 5,457   +242

    This "NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it."
    Also has frozen the laptop & the mouse is frozen also.
    I'll power off & attempt the next step unless you specify otherwise. Thanks Broni.
    By The Way, I'm posting this from a different pc.
     
  8. Broni

    Broni Malware Annihilator Posts: 48,005   +271

    Please don't quote my replies because it creates unnecessary clutter.

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  9. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 5,457   +242

    20:11:01.0843 5872 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
    20:11:02.0296 5872 ============================================================
    20:11:02.0296 5872 Current date / time: 2012/01/01 20:11:02.0296
    20:11:02.0296 5872 SystemInfo:
    20:11:02.0296 5872
    20:11:02.0296 5872 OS Version: 5.1.2600 ServicePack: 3.0
    20:11:02.0296 5872 Product type: Workstation
    20:11:02.0296 5872 ComputerName: TOSHIBA-USER
    20:11:02.0296 5872 UserName: Valued Customer
    20:11:02.0296 5872 Windows directory: C:\WINDOWS
    20:11:02.0296 5872 System windows directory: C:\WINDOWS
    20:11:02.0296 5872 Processor architecture: Intel x86
    20:11:02.0296 5872 Number of processors: 1
    20:11:02.0296 5872 Page size: 0x1000
    20:11:02.0296 5872 Boot type: Normal boot
    20:11:02.0296 5872 ============================================================
    20:11:04.0421 5872 Initialize success
    20:11:19.0625 4440 ============================================================
    20:11:19.0625 4440 Scan started
    20:11:19.0625 4440 Mode: Manual;
    20:11:19.0625 4440 ============================================================
    20:11:19.0953 4440 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
    20:11:19.0953 4440 Aavmker4 - ok
    20:11:19.0968 4440 Abiosdsk - ok
    20:11:20.0000 4440 abp480n5 - ok
    20:11:20.0031 4440 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    20:11:20.0046 4440 ACPI - ok
    20:11:20.0062 4440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    20:11:20.0062 4440 ACPIEC - ok
    20:11:20.0078 4440 adpu160m - ok
    20:11:20.0140 4440 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    20:11:20.0140 4440 aec - ok
    20:11:20.0171 4440 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    20:11:20.0171 4440 AFD - ok
    20:11:20.0265 4440 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    20:11:20.0296 4440 AgereSoftModem - ok
    20:11:20.0328 4440 Aha154x - ok
    20:11:20.0343 4440 aic78u2 - ok
    20:11:20.0359 4440 aic78xx - ok
    20:11:20.0390 4440 AIRPLUS - ok
    20:11:20.0500 4440 ALCXWDM (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    20:11:20.0546 4440 ALCXWDM - ok
    20:11:20.0625 4440 AliIde - ok
    20:11:20.0640 4440 amsint - ok
    20:11:20.0671 4440 ApfiltrService (87ec3fdcaf6c5052e2e72b861dedd3d3) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    20:11:20.0671 4440 ApfiltrService - ok
    20:11:20.0703 4440 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    20:11:20.0703 4440 Arp1394 - ok
    20:11:20.0734 4440 asc - ok
    20:11:20.0750 4440 asc3350p - ok
    20:11:20.0765 4440 asc3550 - ok
    20:11:20.0796 4440 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    20:11:20.0796 4440 aswFsBlk - ok
    20:11:20.0828 4440 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
    20:11:20.0828 4440 aswMon2 - ok
    20:11:20.0843 4440 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
    20:11:20.0843 4440 aswRdr - ok
    20:11:20.0875 4440 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
    20:11:20.0890 4440 aswSnx - ok
    20:11:20.0906 4440 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
    20:11:20.0921 4440 aswSP - ok
    20:11:20.0937 4440 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
    20:11:20.0937 4440 aswTdi - ok
    20:11:20.0953 4440 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    20:11:20.0953 4440 AsyncMac - ok
    20:11:20.0984 4440 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    20:11:20.0984 4440 atapi - ok
    20:11:21.0000 4440 Atdisk - ok
    20:11:21.0031 4440 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    20:11:21.0031 4440 Atmarpc - ok
    20:11:21.0093 4440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    20:11:21.0093 4440 audstub - ok
    20:11:21.0156 4440 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
    20:11:21.0156 4440 BANTExt - ok
    20:11:21.0171 4440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    20:11:21.0171 4440 Beep - ok
    20:11:21.0234 4440 CA561 (50ded7c73e0fb40693edab8cad7c46e7) C:\WINDOWS\system32\Drivers\SPCA561.SYS
    20:11:21.0234 4440 CA561 - ok
    20:11:21.0296 4440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    20:11:21.0296 4440 cbidf2k - ok
    20:11:21.0312 4440 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    20:11:21.0312 4440 CCDECODE - ok
    20:11:21.0328 4440 cd20xrnt - ok
    20:11:21.0343 4440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    20:11:21.0359 4440 Cdaudio - ok
    20:11:21.0375 4440 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    20:11:21.0375 4440 Cdfs - ok
    20:11:21.0406 4440 Cdr4_xp (c269488c6432b58922c5a3a5fa6ee119) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
    20:11:21.0406 4440 Cdr4_xp - ok
    20:11:21.0421 4440 Cdralw2k (baced3e0135a880d5249b09000aee285) C:\WINDOWS\system32\drivers\Cdralw2k.sys
    20:11:21.0421 4440 Cdralw2k - ok
    20:11:21.0468 4440 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    20:11:21.0468 4440 Cdrom - ok
    20:11:21.0484 4440 Changer - ok
    20:11:21.0515 4440 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    20:11:21.0515 4440 CmBatt - ok
    20:11:21.0546 4440 CmdIde - ok
    20:11:21.0562 4440 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    20:11:21.0562 4440 Compbatt - ok
    20:11:21.0593 4440 Cpqarray - ok
    20:11:21.0687 4440 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
    20:11:21.0687 4440 cpudrv - ok
    20:11:21.0734 4440 dac2w2k - ok
    20:11:21.0750 4440 dac960nt - ok
    20:11:21.0796 4440 DgiVecp (a5034f77b278f07e224fe07cf98a8b76) C:\WINDOWS\system32\Drivers\DgiVecp.sys
    20:11:21.0796 4440 DgiVecp - ok
    20:11:21.0843 4440 DIGIRPS (9ae322f68cb80e6b1681b3a650e93edd) C:\WINDOWS\system32\DRIVERS\digirlpt.sys
    20:11:21.0843 4440 DIGIRPS - ok
    20:11:21.0906 4440 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    20:11:21.0906 4440 Disk - ok
    20:11:22.0000 4440 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    20:11:22.0015 4440 dmboot - ok
    20:11:22.0046 4440 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    20:11:22.0046 4440 dmio - ok
    20:11:22.0078 4440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    20:11:22.0093 4440 dmload - ok
    20:11:22.0140 4440 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    20:11:22.0140 4440 DMusic - ok
    20:11:22.0171 4440 dpti2o - ok
    20:11:22.0187 4440 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    20:11:22.0187 4440 drmkaud - ok
    20:11:22.0234 4440 drvmcdb (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys
    20:11:22.0234 4440 drvmcdb - ok
    20:11:22.0265 4440 drvnddm (2ff629c1c443e25d0149b9dfb77e43a8) C:\WINDOWS\system32\drivers\drvnddm.sys
    20:11:22.0265 4440 drvnddm - ok
    20:11:22.0359 4440 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    20:11:22.0359 4440 Fastfat - ok
    20:11:22.0390 4440 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    20:11:22.0390 4440 Fdc - ok
    20:11:22.0406 4440 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    20:11:22.0421 4440 Fips - ok
    20:11:22.0437 4440 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    20:11:22.0437 4440 Flpydisk - ok
    20:11:22.0453 4440 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    20:11:22.0453 4440 FltMgr - ok
    20:11:22.0484 4440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    20:11:22.0484 4440 Fs_Rec - ok
    20:11:22.0515 4440 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    20:11:22.0515 4440 Ftdisk - ok
    20:11:22.0578 4440 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    20:11:22.0593 4440 GEARAspiWDM - ok
    20:11:22.0625 4440 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    20:11:22.0625 4440 Gpc - ok
    20:11:22.0671 4440 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    20:11:22.0671 4440 HidUsb - ok
    20:11:22.0687 4440 hpn - ok
    20:11:22.0734 4440 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    20:11:22.0734 4440 HPZid412 - ok
    20:11:22.0765 4440 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    20:11:22.0765 4440 HPZipr12 - ok
    20:11:22.0796 4440 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    20:11:22.0796 4440 HPZius12 - ok
    20:11:22.0859 4440 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    20:11:22.0859 4440 HTTP - ok
    20:11:22.0906 4440 i2omgmt - ok
    20:11:22.0937 4440 i2omp - ok
    20:11:22.0968 4440 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    20:11:22.0968 4440 i8042prt - ok
    20:11:23.0046 4440 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    20:11:23.0062 4440 ialm - ok
    20:11:23.0140 4440 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    20:11:23.0140 4440 Imapi - ok
    20:11:23.0156 4440 ini910u - ok
    20:11:23.0187 4440 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    20:11:23.0187 4440 IntelIde - ok
    20:11:23.0203 4440 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    20:11:23.0218 4440 intelppm - ok
    20:11:23.0234 4440 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    20:11:23.0234 4440 Ip6Fw - ok
    20:11:23.0265 4440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    20:11:23.0265 4440 IpFilterDriver - ok
    20:11:23.0281 4440 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    20:11:23.0281 4440 IpInIp - ok
    20:11:23.0312 4440 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    20:11:23.0312 4440 IpNat - ok
    20:11:23.0328 4440 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    20:11:23.0343 4440 IPSec - ok
    20:11:23.0359 4440 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    20:11:23.0359 4440 IRENUM - ok
    20:11:23.0375 4440 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    20:11:23.0375 4440 isapnp - ok
    20:11:23.0421 4440 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
    20:11:23.0421 4440 Iviaspi - ok
    20:11:23.0437 4440 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    20:11:23.0437 4440 Kbdclass - ok
    20:11:23.0453 4440 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    20:11:23.0468 4440 kbdhid - ok
    20:11:23.0484 4440 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    20:11:23.0484 4440 kmixer - ok
    20:11:23.0531 4440 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    20:11:23.0531 4440 KSecDD - ok
    20:11:23.0562 4440 lbrtfdc - ok
    20:11:23.0625 4440 meiudf (63351a2b051dfc4e7bb41319c8c1ace4) C:\WINDOWS\system32\Drivers\meiudf.sys
    20:11:23.0625 4440 meiudf - ok
    20:11:23.0656 4440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    20:11:23.0656 4440 mnmdd - ok
    20:11:23.0671 4440 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    20:11:23.0687 4440 Modem - ok
    20:11:23.0718 4440 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    20:11:23.0734 4440 Mouclass - ok
    20:11:23.0781 4440 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    20:11:23.0781 4440 mouhid - ok
    20:11:23.0796 4440 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    20:11:23.0796 4440 MountMgr - ok
    20:11:23.0828 4440 mraid35x - ok
    20:11:23.0875 4440 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    20:11:23.0875 4440 MRxDAV - ok
    20:11:23.0937 4440 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    20:11:23.0953 4440 MRxSmb - ok
    20:11:23.0984 4440 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    20:11:23.0984 4440 Msfs - ok
    20:11:24.0000 4440 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    20:11:24.0000 4440 MSKSSRV - ok
    20:11:24.0015 4440 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    20:11:24.0015 4440 MSPCLOCK - ok
    20:11:24.0046 4440 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    20:11:24.0046 4440 MSPQM - ok
    20:11:24.0062 4440 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    20:11:24.0062 4440 mssmbios - ok
    20:11:24.0156 4440 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    20:11:24.0156 4440 MSTEE - ok
    20:11:24.0218 4440 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    20:11:24.0218 4440 Mup - ok
    20:11:24.0234 4440 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    20:11:24.0234 4440 NABTSFEC - ok
    20:11:24.0281 4440 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    20:11:24.0296 4440 NDIS - ok
    20:11:24.0312 4440 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    20:11:24.0312 4440 NdisIP - ok
    20:11:24.0359 4440 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    20:11:24.0359 4440 NdisTapi - ok
    20:11:24.0375 4440 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    20:11:24.0375 4440 Ndisuio - ok
    20:11:24.0390 4440 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    20:11:24.0406 4440 NdisWan - ok
    20:11:24.0421 4440 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    20:11:24.0421 4440 NDProxy - ok
    20:11:24.0453 4440 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    20:11:24.0453 4440 NetBIOS - ok
    20:11:24.0484 4440 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    20:11:24.0484 4440 NetBT - ok
    20:11:24.0531 4440 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    20:11:24.0531 4440 NIC1394 - ok
    20:11:24.0609 4440 Nokia USB Generic (5abb6b2461c4eb0afdf1bf7f03963d59) C:\WINDOWS\system32\drivers\nmwcdc.sys
    20:11:24.0625 4440 Nokia USB Generic - ok
    20:11:24.0640 4440 Nokia USB Modem (353c16d21eec1f11306270040b3713c1) C:\WINDOWS\system32\drivers\nmwcdcm.sys
    20:11:24.0640 4440 Nokia USB Modem - ok
    20:11:24.0687 4440 Nokia USB Phone Parent (f5b1200c75b160c81e7e48cc0489aa5e) C:\WINDOWS\system32\drivers\nmwcd.sys
    20:11:24.0703 4440 Nokia USB Phone Parent - ok
    20:11:24.0734 4440 Nokia USB Port (353c16d21eec1f11306270040b3713c1) C:\WINDOWS\system32\drivers\nmwcdcj.sys
    20:11:24.0734 4440 Nokia USB Port - ok
    20:11:24.0765 4440 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    20:11:24.0765 4440 Npfs - ok
    20:11:24.0859 4440 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    20:11:24.0875 4440 Ntfs - ok
    20:11:24.0953 4440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    20:11:24.0984 4440 Null - ok
    20:11:25.0046 4440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    20:11:25.0046 4440 NwlnkFlt - ok
    20:11:25.0093 4440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    20:11:25.0093 4440 NwlnkFwd - ok
    20:11:25.0140 4440 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    20:11:25.0140 4440 ohci1394 - ok
    20:11:25.0156 4440 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    20:11:25.0171 4440 Parport - ok
    20:11:25.0187 4440 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    20:11:25.0187 4440 PartMgr - ok
    20:11:25.0218 4440 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    20:11:25.0218 4440 ParVdm - ok
    20:11:25.0250 4440 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
    20:11:25.0250 4440 pavboot - ok
    20:11:25.0265 4440 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    20:11:25.0265 4440 PCI - ok
    20:11:25.0281 4440 PCIDump - ok
    20:11:25.0312 4440 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    20:11:25.0312 4440 PCIIde - ok
    20:11:25.0359 4440 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    20:11:25.0359 4440 Pcmcia - ok
    20:11:25.0375 4440 PDCOMP - ok
    20:11:25.0390 4440 PDFRAME - ok
    20:11:25.0421 4440 PDRELI - ok
    20:11:25.0437 4440 PDRFRAME - ok
    20:11:25.0453 4440 perc2 - ok
    20:11:25.0468 4440 perc2hib - ok
    20:11:25.0515 4440 Pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
    20:11:25.0531 4440 Pfc - ok
    20:11:25.0593 4440 Point32 (3b6973d60bde757c53bb76842d31318e) C:\WINDOWS\system32\DRIVERS\point32.sys
    20:11:25.0593 4440 Point32 - ok
    20:11:25.0640 4440 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    20:11:25.0656 4440 PptpMiniport - ok
    20:11:25.0687 4440 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    20:11:25.0687 4440 PSched - ok
    20:11:25.0734 4440 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
    20:11:25.0734 4440 PSI - ok
    20:11:25.0750 4440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    20:11:25.0750 4440 Ptilink - ok
    20:11:25.0781 4440 PxHelp20 (f3a3b00666a40c6914b7b2864f7dc1c0) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    20:11:25.0781 4440 PxHelp20 - ok
    20:11:25.0796 4440 ql1080 - ok
    20:11:25.0828 4440 Ql10wnt - ok
    20:11:25.0843 4440 ql12160 - ok
    20:11:25.0859 4440 ql1240 - ok
    20:11:25.0875 4440 ql1280 - ok
    20:11:25.0906 4440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    20:11:25.0906 4440 RasAcd - ok
    20:11:25.0937 4440 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    20:11:25.0937 4440 Rasl2tp - ok
    20:11:25.0953 4440 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    20:11:25.0953 4440 RasPppoe - ok
    20:11:25.0984 4440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    20:11:25.0984 4440 Raspti - ok
    20:11:26.0000 4440 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    20:11:26.0000 4440 Rdbss - ok
    20:11:26.0046 4440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    20:11:26.0046 4440 RDPCDD - ok
    20:11:26.0093 4440 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    20:11:26.0093 4440 rdpdr - ok
    20:11:26.0156 4440 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    20:11:26.0156 4440 RDPWD - ok
    20:11:26.0187 4440 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    20:11:26.0187 4440 redbook - ok
    20:11:26.0234 4440 regi (24d3b49dab660a8b8afa40240e735e24) C:\WINDOWS\system32\drivers\regi.sys
    20:11:26.0234 4440 regi - ok
    20:11:26.0312 4440 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    20:11:26.0312 4440 s24trans - ok
    20:11:26.0406 4440 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    20:11:26.0406 4440 SASDIFSV - ok
    20:11:26.0421 4440 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    20:11:26.0421 4440 SASKUTIL - ok
    20:11:26.0515 4440 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    20:11:26.0515 4440 sdbus - ok
    20:11:26.0562 4440 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    20:11:26.0562 4440 Secdrv - ok
    20:11:26.0609 4440 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    20:11:26.0609 4440 Serenum - ok
    20:11:26.0625 4440 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    20:11:26.0625 4440 Serial - ok
    20:11:26.0671 4440 SerTVOutCtlr (c996c839a3261cab5409c61e5702b620) C:\WINDOWS\system32\drivers\EPIOMngr.sys
    20:11:26.0671 4440 SerTVOutCtlr - ok
    20:11:26.0750 4440 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
    20:11:26.0750 4440 sffdisk - ok
    20:11:26.0765 4440 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
    20:11:26.0765 4440 sffp_sd - ok
    20:11:26.0781 4440 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    20:11:26.0781 4440 Sfloppy - ok
    20:11:26.0812 4440 Simbad - ok
    20:11:26.0828 4440 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    20:11:26.0828 4440 SLIP - ok
    20:11:26.0890 4440 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    20:11:26.0890 4440 SONYPVU1 - ok
    20:11:26.0906 4440 Sparrow - ok
    20:11:26.0937 4440 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    20:11:26.0937 4440 splitter - ok
    20:11:26.0968 4440 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    20:11:26.0968 4440 sr - ok
    20:11:27.0031 4440 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    20:11:27.0046 4440 Srv - ok
    20:11:27.0125 4440 SrvcEKIOMngr (3b01a9316255cdd17f9c8e79aa573406) C:\WINDOWS\system32\Drivers\EKIoMngr.sys
    20:11:27.0125 4440 SrvcEKIOMngr - ok
    20:11:27.0140 4440 SrvcSSIOMngr (79b7af340d55861df1d69e7bac975fcc) C:\WINDOWS\system32\Drivers\SSIoMngr.sys
    20:11:27.0140 4440 SrvcSSIOMngr - ok
    20:11:27.0171 4440 sscdbhk5 (1cbd1b58a32de97899f5290b05f856db) C:\WINDOWS\system32\drivers\sscdbhk5.sys
    20:11:27.0171 4440 sscdbhk5 - ok
    20:11:27.0187 4440 ssrtln (7fb07ac152d7a87e66204860002bd9a4) C:\WINDOWS\system32\drivers\ssrtln.sys
    20:11:27.0203 4440 ssrtln - ok
    20:11:27.0250 4440 StickyMesger - ok
    20:11:27.0312 4440 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    20:11:27.0312 4440 streamip - ok
    20:11:27.0328 4440 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    20:11:27.0328 4440 swenum - ok
    20:11:27.0359 4440 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    20:11:27.0359 4440 swmidi - ok
    20:11:27.0406 4440 symc810 - ok
    20:11:27.0421 4440 symc8xx - ok
    20:11:27.0437 4440 sym_hi - ok
    20:11:27.0453 4440 sym_u3 - ok
    20:11:27.0468 4440 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    20:11:27.0484 4440 sysaudio - ok
    20:11:27.0500 4440 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\system32\drivers\TBiosDrv.sys
    20:11:27.0515 4440 TBiosDrv - ok
    20:11:27.0562 4440 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    20:11:27.0578 4440 Tcpip - ok
    20:11:27.0609 4440 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    20:11:27.0609 4440 TDPIPE - ok
    20:11:27.0640 4440 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    20:11:27.0640 4440 TDTCP - ok
    20:11:27.0656 4440 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    20:11:27.0656 4440 TermDD - ok
    20:11:27.0703 4440 tfsnboio (2da3ca4022abb0802de7eeda574e78d6) C:\WINDOWS\system32\dla\tfsnboio.sys
    20:11:27.0703 4440 tfsnboio - ok
    20:11:27.0718 4440 tfsncofs (c8d6928759b77701c21dc90ad61197f2) C:\WINDOWS\system32\dla\tfsncofs.sys
    20:11:27.0718 4440 tfsncofs - ok
    20:11:27.0750 4440 tfsndrct (bacdef5510fa643683cddca418e49446) C:\WINDOWS\system32\dla\tfsndrct.sys
    20:11:27.0750 4440 tfsndrct - ok
    20:11:27.0765 4440 tfsndres (3fc9f390fac563c3d3910d540adbd408) C:\WINDOWS\system32\dla\tfsndres.sys
    20:11:27.0765 4440 tfsndres - ok
    20:11:27.0781 4440 tfsnifs (6aef3ec0b64689536891a9b96e9d7b82) C:\WINDOWS\system32\dla\tfsnifs.sys
    20:11:27.0781 4440 tfsnifs - ok
    20:11:27.0796 4440 tfsnopio (7239873a72dd456f6e74e6987cdb9687) C:\WINDOWS\system32\dla\tfsnopio.sys
    20:11:27.0812 4440 tfsnopio - ok
    20:11:27.0828 4440 tfsnpool (b78631e3593ddd76a4a8ba7cb8e32302) C:\WINDOWS\system32\dla\tfsnpool.sys
    20:11:27.0828 4440 tfsnpool - ok
    20:11:27.0859 4440 tfsnudf (9e8b4abb93e5784fc4e5d3202566cc7a) C:\WINDOWS\system32\dla\tfsnudf.sys
    20:11:27.0859 4440 tfsnudf - ok
    20:11:27.0875 4440 tfsnudfa (056fa0a11ba4cd688e1e40e48ffee921) C:\WINDOWS\system32\dla\tfsnudfa.sys
    20:11:27.0875 4440 tfsnudfa - ok
    20:11:27.0906 4440 tifm21 (2448935e1cf84b0341a24a17908c7311) C:\WINDOWS\system32\drivers\tifm21.sys
    20:11:27.0906 4440 tifm21 - ok
    20:11:27.0937 4440 TosIde - ok
    20:11:28.0000 4440 TPwSav (f26e5110cc02db2ec90ff31f33106add) C:\WINDOWS\system32\Drivers\TPwSav.sys
    20:11:28.0000 4440 TPwSav - ok
    20:11:28.0062 4440 Tvs (7bc87d123f504d161693f672cfe99ec4) C:\WINDOWS\system32\DRIVERS\Tvs.sys
    20:11:28.0078 4440 Tvs - ok
    20:11:28.0109 4440 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    20:11:28.0109 4440 Udfs - ok
    20:11:28.0140 4440 ultra - ok
    20:11:28.0203 4440 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    20:11:28.0218 4440 Update - ok
    20:11:28.0265 4440 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    20:11:28.0265 4440 USBAAPL - ok
    20:11:28.0281 4440 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    20:11:28.0296 4440 usbaudio - ok
    20:11:28.0328 4440 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    20:11:28.0328 4440 usbccgp - ok
    20:11:28.0343 4440 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    20:11:28.0343 4440 usbehci - ok
    20:11:28.0375 4440 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    20:11:28.0375 4440 usbhub - ok
    20:11:28.0421 4440 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    20:11:28.0437 4440 usbprint - ok
    20:11:28.0453 4440 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    20:11:28.0453 4440 usbscan - ok
    20:11:28.0468 4440 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    20:11:28.0468 4440 USBSTOR - ok
    20:11:28.0500 4440 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    20:11:28.0500 4440 usbuhci - ok
    20:11:28.0515 4440 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    20:11:28.0515 4440 usb_rndisx - ok
    20:11:28.0531 4440 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    20:11:28.0531 4440 VgaSave - ok
    20:11:28.0562 4440 ViaIde - ok
    20:11:28.0578 4440 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    20:11:28.0578 4440 VolSnap - ok
    20:11:28.0734 4440 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
    20:11:28.0765 4440 w29n51 - ok
    20:11:28.0859 4440 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    20:11:28.0859 4440 Wanarp - ok
    20:11:28.0875 4440 wanatw - ok
    20:11:28.0906 4440 WDICA - ok
    20:11:29.0015 4440 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    20:11:29.0015 4440 wdmaud - ok
    20:11:29.0109 4440 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    20:11:29.0109 4440 WpdUsb - ok
    20:11:29.0156 4440 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    20:11:29.0156 4440 WSTCODEC - ok
    20:11:29.0218 4440 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    20:11:29.0218 4440 WudfPf - ok
    20:11:29.0234 4440 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    20:11:29.0234 4440 WudfRd - ok
    20:11:29.0281 4440 yukonwxp (e279c4e1287751dffa0a1f3ec4097491) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
    20:11:29.0296 4440 yukonwxp - ok
    20:11:29.0343 4440 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
    20:11:29.0531 4440 \Device\Harddisk0\DR0 - ok
    20:11:29.0546 4440 Boot (0x1200) (e4090479267553fb54cf4b342dc2018b) \Device\Harddisk0\DR0\Partition0
    20:11:29.0546 4440 \Device\Harddisk0\DR0\Partition0 - ok
    20:11:29.0546 4440 ============================================================
    20:11:29.0546 4440 Scan finished
    20:11:29.0546 4440 ============================================================
    20:11:29.0562 4432 Detected object count: 0
    20:11:29.0562 4432 Actual detected object count: 0
     
  10. Broni

    Broni Malware Annihilator Posts: 48,005   +271

    Proceed with Combofix.
     
  11. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 5,457   +242

    The cursor in Combo fix is flashing but the clock has stopp. Is it still running? the clock has been stuck for 10 minutes as of this posting.:confused:
     
     
  12. Broni

    Broni Malware Annihilator Posts: 48,005   +271

    Give it up to 30 minutes.
    If still stuck, restart manually and....

     
  13. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 5,457   +242

    Try one of the following? You talking about safe mode? If so, I'll do so tomorrow. Thank you very much & Happy New Year.:)
     
  14. Broni

    Broni Malware Annihilator Posts: 48,005   +271

    Same to you :)
     
  15. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 5,457   +242

    How do I disable Avast in safe mode?
     
  16. Broni

    Broni Malware Annihilator Posts: 48,005   +271

    You don't have to. It doesn't run there.
     
  17. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 5,457   +242

    I'm unable to provide a screenshot,but I'm getting a box saying Avast has been detected & if I click ok, it'll continue at MY OWN RISK.
    I was using safe mode with networking. Was that wrong or should I use regular safe mode?
     
  18. Broni

    Broni Malware Annihilator Posts: 48,005   +271

    You don't have to worry about those warnings in safe mode or safe mode with networking.
    Run it.
     
  19. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 5,457   +242

    Ok, I will do.that
     
  20. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 5,457   +242

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 01/02/2012 at 9:37:15.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:

    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\WINDOWS\system32\wuauclt.exe


    Rkill completed on 01/02/2012 at 9:38:03.
     
  21. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 5,457   +242

    Combofix has been running for quite some time. Clock is still running. Wait longer or ??


    An update, Cursor still blinking but now the clock has been frozen for about 20 minutes.
    Am powering it off to wait further instructions from you
     
  22. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 5,457   +242

    I noticed as I was rebooting into safe mode there was an MS update to install. I haven't downloaded/installed it till you give me the word. :)
     
  23. Broni

    Broni Malware Annihilator Posts: 48,005   +271

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  24. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 5,457   +242

    I did exactly as you said but it won't paste into Note Pad
     
  25. Broni

    Broni Malware Annihilator Posts: 48,005   +271

    Explain......
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.