Resolved Help with removal of XP Antispyware 2012

learninmypc

Posts: 9,659   +724
A friend dropped by with their Toshiba laptop telling me it has a virus.
I booted it up & was greeted with the XP Antispyware 2012.
NOT knowing if they had already scanned or tried to scan with it, I google it & got these links
http://www.bleepingcomputer.com/download/anti-virus/rkill

http://www.bleepingcomputer.com/virus-removal/remove-xp-antispyware-2012

NOT in chronological order (sorry) I did use the FixNCR.reg & the Rkill.com & ran my Mbam scans. UNfortunatly those scan results have been removed.
I gave up on it till this morning (01/01/12 ) when I tried the " iExplore.exe download link. & then I ran a quick scan with Mbam again & it came up clean so I did a full scan & it too was clean. I also ran SAS full scan & it was clean as was my Eset scan.
However, upon rebooting I still get a bubble telling me the Automatic Updates is turned off,Click balloon to fix it but I go into check it out & its turned on.
I'm hoping I haven't messed up anything. TIA for any help.
 
You've been to this forum before and you should know what preliminary steps are required.
 
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.01.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Valued Customer :: TOSHIBA-USER [administrator]

1/1/2012 5:04:31 PM
mbam-log-2012-01-01 (17-04-31).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 324940
Time elapsed: 1 hour(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-01 18:14:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS541010G9AT00 rev.MBZOA56J
Running: wvplgpny.exe; Driver: C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\pwldyfog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA883FBDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA883FA45]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA88947A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
 
When trying to run DDS by sUBs, it freezes up the laptop. I will try one more time,but I'm doubting it.
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

This "NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it."
Also has frozen the laptop & the mouse is frozen also.
I'll power off & attempt the next step unless you specify otherwise. Thanks Broni.
By The Way, I'm posting this from a different pc.
 
Please don't quote my replies because it creates unnecessary clutter.

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
20:11:01.0843 5872 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
20:11:02.0296 5872 ============================================================
20:11:02.0296 5872 Current date / time: 2012/01/01 20:11:02.0296
20:11:02.0296 5872 SystemInfo:
20:11:02.0296 5872
20:11:02.0296 5872 OS Version: 5.1.2600 ServicePack: 3.0
20:11:02.0296 5872 Product type: Workstation
20:11:02.0296 5872 ComputerName: TOSHIBA-USER
20:11:02.0296 5872 UserName: Valued Customer
20:11:02.0296 5872 Windows directory: C:\WINDOWS
20:11:02.0296 5872 System windows directory: C:\WINDOWS
20:11:02.0296 5872 Processor architecture: Intel x86
20:11:02.0296 5872 Number of processors: 1
20:11:02.0296 5872 Page size: 0x1000
20:11:02.0296 5872 Boot type: Normal boot
20:11:02.0296 5872 ============================================================
20:11:04.0421 5872 Initialize success
20:11:19.0625 4440 ============================================================
20:11:19.0625 4440 Scan started
20:11:19.0625 4440 Mode: Manual;
20:11:19.0625 4440 ============================================================
20:11:19.0953 4440 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
20:11:19.0953 4440 Aavmker4 - ok
20:11:19.0968 4440 Abiosdsk - ok
20:11:20.0000 4440 abp480n5 - ok
20:11:20.0031 4440 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:11:20.0046 4440 ACPI - ok
20:11:20.0062 4440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:11:20.0062 4440 ACPIEC - ok
20:11:20.0078 4440 adpu160m - ok
20:11:20.0140 4440 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:11:20.0140 4440 aec - ok
20:11:20.0171 4440 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:11:20.0171 4440 AFD - ok
20:11:20.0265 4440 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:11:20.0296 4440 AgereSoftModem - ok
20:11:20.0328 4440 Aha154x - ok
20:11:20.0343 4440 aic78u2 - ok
20:11:20.0359 4440 aic78xx - ok
20:11:20.0390 4440 AIRPLUS - ok
20:11:20.0500 4440 ALCXWDM (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
20:11:20.0546 4440 ALCXWDM - ok
20:11:20.0625 4440 AliIde - ok
20:11:20.0640 4440 amsint - ok
20:11:20.0671 4440 ApfiltrService (87ec3fdcaf6c5052e2e72b861dedd3d3) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:11:20.0671 4440 ApfiltrService - ok
20:11:20.0703 4440 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:11:20.0703 4440 Arp1394 - ok
20:11:20.0734 4440 asc - ok
20:11:20.0750 4440 asc3350p - ok
20:11:20.0765 4440 asc3550 - ok
20:11:20.0796 4440 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:11:20.0796 4440 aswFsBlk - ok
20:11:20.0828 4440 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
20:11:20.0828 4440 aswMon2 - ok
20:11:20.0843 4440 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
20:11:20.0843 4440 aswRdr - ok
20:11:20.0875 4440 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
20:11:20.0890 4440 aswSnx - ok
20:11:20.0906 4440 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
20:11:20.0921 4440 aswSP - ok
20:11:20.0937 4440 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
20:11:20.0937 4440 aswTdi - ok
20:11:20.0953 4440 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:11:20.0953 4440 AsyncMac - ok
20:11:20.0984 4440 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:11:20.0984 4440 atapi - ok
20:11:21.0000 4440 Atdisk - ok
20:11:21.0031 4440 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:11:21.0031 4440 Atmarpc - ok
20:11:21.0093 4440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:11:21.0093 4440 audstub - ok
20:11:21.0156 4440 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
20:11:21.0156 4440 BANTExt - ok
20:11:21.0171 4440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:11:21.0171 4440 Beep - ok
20:11:21.0234 4440 CA561 (50ded7c73e0fb40693edab8cad7c46e7) C:\WINDOWS\system32\Drivers\SPCA561.SYS
20:11:21.0234 4440 CA561 - ok
20:11:21.0296 4440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:11:21.0296 4440 cbidf2k - ok
20:11:21.0312 4440 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:11:21.0312 4440 CCDECODE - ok
20:11:21.0328 4440 cd20xrnt - ok
20:11:21.0343 4440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:11:21.0359 4440 Cdaudio - ok
20:11:21.0375 4440 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:11:21.0375 4440 Cdfs - ok
20:11:21.0406 4440 Cdr4_xp (c269488c6432b58922c5a3a5fa6ee119) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
20:11:21.0406 4440 Cdr4_xp - ok
20:11:21.0421 4440 Cdralw2k (baced3e0135a880d5249b09000aee285) C:\WINDOWS\system32\drivers\Cdralw2k.sys
20:11:21.0421 4440 Cdralw2k - ok
20:11:21.0468 4440 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:11:21.0468 4440 Cdrom - ok
20:11:21.0484 4440 Changer - ok
20:11:21.0515 4440 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:11:21.0515 4440 CmBatt - ok
20:11:21.0546 4440 CmdIde - ok
20:11:21.0562 4440 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:11:21.0562 4440 Compbatt - ok
20:11:21.0593 4440 Cpqarray - ok
20:11:21.0687 4440 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
20:11:21.0687 4440 cpudrv - ok
20:11:21.0734 4440 dac2w2k - ok
20:11:21.0750 4440 dac960nt - ok
20:11:21.0796 4440 DgiVecp (a5034f77b278f07e224fe07cf98a8b76) C:\WINDOWS\system32\Drivers\DgiVecp.sys
20:11:21.0796 4440 DgiVecp - ok
20:11:21.0843 4440 DIGIRPS (9ae322f68cb80e6b1681b3a650e93edd) C:\WINDOWS\system32\DRIVERS\digirlpt.sys
20:11:21.0843 4440 DIGIRPS - ok
20:11:21.0906 4440 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:11:21.0906 4440 Disk - ok
20:11:22.0000 4440 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:11:22.0015 4440 dmboot - ok
20:11:22.0046 4440 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:11:22.0046 4440 dmio - ok
20:11:22.0078 4440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:11:22.0093 4440 dmload - ok
20:11:22.0140 4440 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:11:22.0140 4440 DMusic - ok
20:11:22.0171 4440 dpti2o - ok
20:11:22.0187 4440 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:11:22.0187 4440 drmkaud - ok
20:11:22.0234 4440 drvmcdb (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys
20:11:22.0234 4440 drvmcdb - ok
20:11:22.0265 4440 drvnddm (2ff629c1c443e25d0149b9dfb77e43a8) C:\WINDOWS\system32\drivers\drvnddm.sys
20:11:22.0265 4440 drvnddm - ok
20:11:22.0359 4440 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:11:22.0359 4440 Fastfat - ok
20:11:22.0390 4440 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:11:22.0390 4440 Fdc - ok
20:11:22.0406 4440 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:11:22.0421 4440 Fips - ok
20:11:22.0437 4440 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:11:22.0437 4440 Flpydisk - ok
20:11:22.0453 4440 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:11:22.0453 4440 FltMgr - ok
20:11:22.0484 4440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:11:22.0484 4440 Fs_Rec - ok
20:11:22.0515 4440 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:11:22.0515 4440 Ftdisk - ok
20:11:22.0578 4440 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:11:22.0593 4440 GEARAspiWDM - ok
20:11:22.0625 4440 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:11:22.0625 4440 Gpc - ok
20:11:22.0671 4440 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:11:22.0671 4440 HidUsb - ok
20:11:22.0687 4440 hpn - ok
20:11:22.0734 4440 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:11:22.0734 4440 HPZid412 - ok
20:11:22.0765 4440 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:11:22.0765 4440 HPZipr12 - ok
20:11:22.0796 4440 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:11:22.0796 4440 HPZius12 - ok
20:11:22.0859 4440 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:11:22.0859 4440 HTTP - ok
20:11:22.0906 4440 i2omgmt - ok
20:11:22.0937 4440 i2omp - ok
20:11:22.0968 4440 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:11:22.0968 4440 i8042prt - ok
20:11:23.0046 4440 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:11:23.0062 4440 ialm - ok
20:11:23.0140 4440 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:11:23.0140 4440 Imapi - ok
20:11:23.0156 4440 ini910u - ok
20:11:23.0187 4440 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:11:23.0187 4440 IntelIde - ok
20:11:23.0203 4440 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:11:23.0218 4440 intelppm - ok
20:11:23.0234 4440 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:11:23.0234 4440 Ip6Fw - ok
20:11:23.0265 4440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:11:23.0265 4440 IpFilterDriver - ok
20:11:23.0281 4440 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:11:23.0281 4440 IpInIp - ok
20:11:23.0312 4440 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:11:23.0312 4440 IpNat - ok
20:11:23.0328 4440 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:11:23.0343 4440 IPSec - ok
20:11:23.0359 4440 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:11:23.0359 4440 IRENUM - ok
20:11:23.0375 4440 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:11:23.0375 4440 isapnp - ok
20:11:23.0421 4440 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
20:11:23.0421 4440 Iviaspi - ok
20:11:23.0437 4440 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:11:23.0437 4440 Kbdclass - ok
20:11:23.0453 4440 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:11:23.0468 4440 kbdhid - ok
20:11:23.0484 4440 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:11:23.0484 4440 kmixer - ok
20:11:23.0531 4440 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:11:23.0531 4440 KSecDD - ok
20:11:23.0562 4440 lbrtfdc - ok
20:11:23.0625 4440 meiudf (63351a2b051dfc4e7bb41319c8c1ace4) C:\WINDOWS\system32\Drivers\meiudf.sys
20:11:23.0625 4440 meiudf - ok
20:11:23.0656 4440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:11:23.0656 4440 mnmdd - ok
20:11:23.0671 4440 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:11:23.0687 4440 Modem - ok
20:11:23.0718 4440 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:11:23.0734 4440 Mouclass - ok
20:11:23.0781 4440 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:11:23.0781 4440 mouhid - ok
20:11:23.0796 4440 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:11:23.0796 4440 MountMgr - ok
20:11:23.0828 4440 mraid35x - ok
20:11:23.0875 4440 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:11:23.0875 4440 MRxDAV - ok
20:11:23.0937 4440 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:11:23.0953 4440 MRxSmb - ok
20:11:23.0984 4440 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:11:23.0984 4440 Msfs - ok
20:11:24.0000 4440 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:11:24.0000 4440 MSKSSRV - ok
20:11:24.0015 4440 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:11:24.0015 4440 MSPCLOCK - ok
20:11:24.0046 4440 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:11:24.0046 4440 MSPQM - ok
20:11:24.0062 4440 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:11:24.0062 4440 mssmbios - ok
20:11:24.0156 4440 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:11:24.0156 4440 MSTEE - ok
20:11:24.0218 4440 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:11:24.0218 4440 Mup - ok
20:11:24.0234 4440 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:11:24.0234 4440 NABTSFEC - ok
20:11:24.0281 4440 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:11:24.0296 4440 NDIS - ok
20:11:24.0312 4440 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:11:24.0312 4440 NdisIP - ok
20:11:24.0359 4440 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:11:24.0359 4440 NdisTapi - ok
20:11:24.0375 4440 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:11:24.0375 4440 Ndisuio - ok
20:11:24.0390 4440 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:11:24.0406 4440 NdisWan - ok
20:11:24.0421 4440 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:11:24.0421 4440 NDProxy - ok
20:11:24.0453 4440 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:11:24.0453 4440 NetBIOS - ok
20:11:24.0484 4440 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:11:24.0484 4440 NetBT - ok
20:11:24.0531 4440 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:11:24.0531 4440 NIC1394 - ok
20:11:24.0609 4440 Nokia USB Generic (5abb6b2461c4eb0afdf1bf7f03963d59) C:\WINDOWS\system32\drivers\nmwcdc.sys
20:11:24.0625 4440 Nokia USB Generic - ok
20:11:24.0640 4440 Nokia USB Modem (353c16d21eec1f11306270040b3713c1) C:\WINDOWS\system32\drivers\nmwcdcm.sys
20:11:24.0640 4440 Nokia USB Modem - ok
20:11:24.0687 4440 Nokia USB Phone Parent (f5b1200c75b160c81e7e48cc0489aa5e) C:\WINDOWS\system32\drivers\nmwcd.sys
20:11:24.0703 4440 Nokia USB Phone Parent - ok
20:11:24.0734 4440 Nokia USB Port (353c16d21eec1f11306270040b3713c1) C:\WINDOWS\system32\drivers\nmwcdcj.sys
20:11:24.0734 4440 Nokia USB Port - ok
20:11:24.0765 4440 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:11:24.0765 4440 Npfs - ok
20:11:24.0859 4440 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:11:24.0875 4440 Ntfs - ok
20:11:24.0953 4440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:11:24.0984 4440 Null - ok
20:11:25.0046 4440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:11:25.0046 4440 NwlnkFlt - ok
20:11:25.0093 4440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:11:25.0093 4440 NwlnkFwd - ok
20:11:25.0140 4440 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:11:25.0140 4440 ohci1394 - ok
20:11:25.0156 4440 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:11:25.0171 4440 Parport - ok
20:11:25.0187 4440 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:11:25.0187 4440 PartMgr - ok
20:11:25.0218 4440 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:11:25.0218 4440 ParVdm - ok
20:11:25.0250 4440 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
20:11:25.0250 4440 pavboot - ok
20:11:25.0265 4440 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:11:25.0265 4440 PCI - ok
20:11:25.0281 4440 PCIDump - ok
20:11:25.0312 4440 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:11:25.0312 4440 PCIIde - ok
20:11:25.0359 4440 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:11:25.0359 4440 Pcmcia - ok
20:11:25.0375 4440 PDCOMP - ok
20:11:25.0390 4440 PDFRAME - ok
20:11:25.0421 4440 PDRELI - ok
20:11:25.0437 4440 PDRFRAME - ok
20:11:25.0453 4440 perc2 - ok
20:11:25.0468 4440 perc2hib - ok
20:11:25.0515 4440 Pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
20:11:25.0531 4440 Pfc - ok
20:11:25.0593 4440 Point32 (3b6973d60bde757c53bb76842d31318e) C:\WINDOWS\system32\DRIVERS\point32.sys
20:11:25.0593 4440 Point32 - ok
20:11:25.0640 4440 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:11:25.0656 4440 PptpMiniport - ok
20:11:25.0687 4440 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:11:25.0687 4440 PSched - ok
20:11:25.0734 4440 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
20:11:25.0734 4440 PSI - ok
20:11:25.0750 4440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:11:25.0750 4440 Ptilink - ok
20:11:25.0781 4440 PxHelp20 (f3a3b00666a40c6914b7b2864f7dc1c0) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:11:25.0781 4440 PxHelp20 - ok
20:11:25.0796 4440 ql1080 - ok
20:11:25.0828 4440 Ql10wnt - ok
20:11:25.0843 4440 ql12160 - ok
20:11:25.0859 4440 ql1240 - ok
20:11:25.0875 4440 ql1280 - ok
20:11:25.0906 4440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:11:25.0906 4440 RasAcd - ok
20:11:25.0937 4440 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:11:25.0937 4440 Rasl2tp - ok
20:11:25.0953 4440 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:11:25.0953 4440 RasPppoe - ok
20:11:25.0984 4440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:11:25.0984 4440 Raspti - ok
20:11:26.0000 4440 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:11:26.0000 4440 Rdbss - ok
20:11:26.0046 4440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:11:26.0046 4440 RDPCDD - ok
20:11:26.0093 4440 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:11:26.0093 4440 rdpdr - ok
20:11:26.0156 4440 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:11:26.0156 4440 RDPWD - ok
20:11:26.0187 4440 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:11:26.0187 4440 redbook - ok
20:11:26.0234 4440 regi (24d3b49dab660a8b8afa40240e735e24) C:\WINDOWS\system32\drivers\regi.sys
20:11:26.0234 4440 regi - ok
20:11:26.0312 4440 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:11:26.0312 4440 s24trans - ok
20:11:26.0406 4440 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:11:26.0406 4440 SASDIFSV - ok
20:11:26.0421 4440 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:11:26.0421 4440 SASKUTIL - ok
20:11:26.0515 4440 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:11:26.0515 4440 sdbus - ok
20:11:26.0562 4440 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:11:26.0562 4440 Secdrv - ok
20:11:26.0609 4440 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:11:26.0609 4440 Serenum - ok
20:11:26.0625 4440 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:11:26.0625 4440 Serial - ok
20:11:26.0671 4440 SerTVOutCtlr (c996c839a3261cab5409c61e5702b620) C:\WINDOWS\system32\drivers\EPIOMngr.sys
20:11:26.0671 4440 SerTVOutCtlr - ok
20:11:26.0750 4440 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
20:11:26.0750 4440 sffdisk - ok
20:11:26.0765 4440 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
20:11:26.0765 4440 sffp_sd - ok
20:11:26.0781 4440 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:11:26.0781 4440 Sfloppy - ok
20:11:26.0812 4440 Simbad - ok
20:11:26.0828 4440 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:11:26.0828 4440 SLIP - ok
20:11:26.0890 4440 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:11:26.0890 4440 SONYPVU1 - ok
20:11:26.0906 4440 Sparrow - ok
20:11:26.0937 4440 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:11:26.0937 4440 splitter - ok
20:11:26.0968 4440 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:11:26.0968 4440 sr - ok
20:11:27.0031 4440 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:11:27.0046 4440 Srv - ok
20:11:27.0125 4440 SrvcEKIOMngr (3b01a9316255cdd17f9c8e79aa573406) C:\WINDOWS\system32\Drivers\EKIoMngr.sys
20:11:27.0125 4440 SrvcEKIOMngr - ok
20:11:27.0140 4440 SrvcSSIOMngr (79b7af340d55861df1d69e7bac975fcc) C:\WINDOWS\system32\Drivers\SSIoMngr.sys
20:11:27.0140 4440 SrvcSSIOMngr - ok
20:11:27.0171 4440 sscdbhk5 (1cbd1b58a32de97899f5290b05f856db) C:\WINDOWS\system32\drivers\sscdbhk5.sys
20:11:27.0171 4440 sscdbhk5 - ok
20:11:27.0187 4440 ssrtln (7fb07ac152d7a87e66204860002bd9a4) C:\WINDOWS\system32\drivers\ssrtln.sys
20:11:27.0203 4440 ssrtln - ok
20:11:27.0250 4440 StickyMesger - ok
20:11:27.0312 4440 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:11:27.0312 4440 streamip - ok
20:11:27.0328 4440 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:11:27.0328 4440 swenum - ok
20:11:27.0359 4440 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:11:27.0359 4440 swmidi - ok
20:11:27.0406 4440 symc810 - ok
20:11:27.0421 4440 symc8xx - ok
20:11:27.0437 4440 sym_hi - ok
20:11:27.0453 4440 sym_u3 - ok
20:11:27.0468 4440 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:11:27.0484 4440 sysaudio - ok
20:11:27.0500 4440 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\system32\drivers\TBiosDrv.sys
20:11:27.0515 4440 TBiosDrv - ok
20:11:27.0562 4440 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:11:27.0578 4440 Tcpip - ok
20:11:27.0609 4440 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:11:27.0609 4440 TDPIPE - ok
20:11:27.0640 4440 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:11:27.0640 4440 TDTCP - ok
20:11:27.0656 4440 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:11:27.0656 4440 TermDD - ok
20:11:27.0703 4440 tfsnboio (2da3ca4022abb0802de7eeda574e78d6) C:\WINDOWS\system32\dla\tfsnboio.sys
20:11:27.0703 4440 tfsnboio - ok
20:11:27.0718 4440 tfsncofs (c8d6928759b77701c21dc90ad61197f2) C:\WINDOWS\system32\dla\tfsncofs.sys
20:11:27.0718 4440 tfsncofs - ok
20:11:27.0750 4440 tfsndrct (bacdef5510fa643683cddca418e49446) C:\WINDOWS\system32\dla\tfsndrct.sys
20:11:27.0750 4440 tfsndrct - ok
20:11:27.0765 4440 tfsndres (3fc9f390fac563c3d3910d540adbd408) C:\WINDOWS\system32\dla\tfsndres.sys
20:11:27.0765 4440 tfsndres - ok
20:11:27.0781 4440 tfsnifs (6aef3ec0b64689536891a9b96e9d7b82) C:\WINDOWS\system32\dla\tfsnifs.sys
20:11:27.0781 4440 tfsnifs - ok
20:11:27.0796 4440 tfsnopio (7239873a72dd456f6e74e6987cdb9687) C:\WINDOWS\system32\dla\tfsnopio.sys
20:11:27.0812 4440 tfsnopio - ok
20:11:27.0828 4440 tfsnpool (b78631e3593ddd76a4a8ba7cb8e32302) C:\WINDOWS\system32\dla\tfsnpool.sys
20:11:27.0828 4440 tfsnpool - ok
20:11:27.0859 4440 tfsnudf (9e8b4abb93e5784fc4e5d3202566cc7a) C:\WINDOWS\system32\dla\tfsnudf.sys
20:11:27.0859 4440 tfsnudf - ok
20:11:27.0875 4440 tfsnudfa (056fa0a11ba4cd688e1e40e48ffee921) C:\WINDOWS\system32\dla\tfsnudfa.sys
20:11:27.0875 4440 tfsnudfa - ok
20:11:27.0906 4440 tifm21 (2448935e1cf84b0341a24a17908c7311) C:\WINDOWS\system32\drivers\tifm21.sys
20:11:27.0906 4440 tifm21 - ok
20:11:27.0937 4440 TosIde - ok
20:11:28.0000 4440 TPwSav (f26e5110cc02db2ec90ff31f33106add) C:\WINDOWS\system32\Drivers\TPwSav.sys
20:11:28.0000 4440 TPwSav - ok
20:11:28.0062 4440 Tvs (7bc87d123f504d161693f672cfe99ec4) C:\WINDOWS\system32\DRIVERS\Tvs.sys
20:11:28.0078 4440 Tvs - ok
20:11:28.0109 4440 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:11:28.0109 4440 Udfs - ok
20:11:28.0140 4440 ultra - ok
20:11:28.0203 4440 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:11:28.0218 4440 Update - ok
20:11:28.0265 4440 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:11:28.0265 4440 USBAAPL - ok
20:11:28.0281 4440 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:11:28.0296 4440 usbaudio - ok
20:11:28.0328 4440 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:11:28.0328 4440 usbccgp - ok
20:11:28.0343 4440 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:11:28.0343 4440 usbehci - ok
20:11:28.0375 4440 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:11:28.0375 4440 usbhub - ok
20:11:28.0421 4440 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:11:28.0437 4440 usbprint - ok
20:11:28.0453 4440 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:11:28.0453 4440 usbscan - ok
20:11:28.0468 4440 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:11:28.0468 4440 USBSTOR - ok
20:11:28.0500 4440 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:11:28.0500 4440 usbuhci - ok
20:11:28.0515 4440 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
20:11:28.0515 4440 usb_rndisx - ok
20:11:28.0531 4440 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:11:28.0531 4440 VgaSave - ok
20:11:28.0562 4440 ViaIde - ok
20:11:28.0578 4440 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:11:28.0578 4440 VolSnap - ok
20:11:28.0734 4440 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
20:11:28.0765 4440 w29n51 - ok
20:11:28.0859 4440 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:11:28.0859 4440 Wanarp - ok
20:11:28.0875 4440 wanatw - ok
20:11:28.0906 4440 WDICA - ok
20:11:29.0015 4440 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:11:29.0015 4440 wdmaud - ok
20:11:29.0109 4440 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:11:29.0109 4440 WpdUsb - ok
20:11:29.0156 4440 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:11:29.0156 4440 WSTCODEC - ok
20:11:29.0218 4440 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:11:29.0218 4440 WudfPf - ok
20:11:29.0234 4440 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:11:29.0234 4440 WudfRd - ok
20:11:29.0281 4440 yukonwxp (e279c4e1287751dffa0a1f3ec4097491) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
20:11:29.0296 4440 yukonwxp - ok
20:11:29.0343 4440 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
20:11:29.0531 4440 \Device\Harddisk0\DR0 - ok
20:11:29.0546 4440 Boot (0x1200) (e4090479267553fb54cf4b342dc2018b) \Device\Harddisk0\DR0\Partition0
20:11:29.0546 4440 \Device\Harddisk0\DR0\Partition0 - ok
20:11:29.0546 4440 ============================================================
20:11:29.0546 4440 Scan finished
20:11:29.0546 4440 ============================================================
20:11:29.0562 4432 Detected object count: 0
20:11:29.0562 4432 Actual detected object count: 0
 
The cursor in Combo fix is flashing but the clock has stopp. Is it still running? the clock has been stuck for 10 minutes as of this posting.:confused:
 
Try one of the following? You talking about safe mode? If so, I'll do so tomorrow. Thank you very much & Happy New Year.:)
 
I'm unable to provide a screenshot,but I'm getting a box saying Avast has been detected & if I click ok, it'll continue at MY OWN RISK.
I was using safe mode with networking. Was that wrong or should I use regular safe mode?
 
You don't have to worry about those warnings in safe mode or safe mode with networking.
Run it.
 
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/02/2012 at 9:37:15.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe


Rkill completed on 01/02/2012 at 9:38:03.
 
Combofix has been running for quite some time. Clock is still running. Wait longer or ??


An update, Cursor still blinking but now the clock has been frozen for about 20 minutes.
Am powering it off to wait further instructions from you
 
I noticed as I was rebooting into safe mode there was an MS update to install. I haven't downloaded/installed it till you give me the word. :)
 
Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Back