Trojan horse Crypt.AQLW, Internet pops up, computer crashing

Solved
By Pr011
Feb 24, 2012
  1. Hello Chaps. Hope you can help with a malware infection.

    My AVG is constantly coming up with Trojan Horse Crypt.AQLW, and firefox is now generating pop ups. The computer also seems unstable and I have had two BSOD today.

    Many thanks for your help and consideration.

    My GMER/DDS logs will follow this post:

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.24.04

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19190
    Mark :: MARK-PC [administrator]

    Protection: Enabled

    24/02/2012 23:14:07
    mbam-log-2012-02-24 (23-14-07).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 198016
    Time elapsed: 6 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  2. Pr011

    Pr011 Newcomer, in training Topic Starter Posts: 66

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-24 23:26:34
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 WDC_WD1600AAJB-00PVA0 rev.00.07H00
    Running: jywt1xli.exe; Driver: C:\Users\Mark\AppData\Local\Temp\kxldypoc.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85BCD1F8
    Device \Driver\atapi \Device\Ide\IdePort0 85BCD1F8
    Device \Driver\atapi \Device\Ide\IdePort1 85BCD1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 85BCD1F8
    Device \Driver\amos54w1 \Device\Scsi\amos54w11Port6Path0Target0Lun0 87B3F488
    Device \Driver\amos54w1 \Device\Scsi\amos54w11 87B3F488
    Device \FileSystem\Ntfs \Ntfs 85BD01F8
    Device \FileSystem\fastfat \Fat 8A6D31F8

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- Processes - GMER 1.0.15 ----

    Process PING.EXE (*** hidden *** ) 3176

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_31
    Run by Mark at 23:37:39 on 2012-02-24
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2196 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Windows\system32\dlbtcoms.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    F:\Program Files\Steam\Steam.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\system32\msiexec.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://news.bbc.co.uk/
    BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
    uRun: [Steam] "f:\program files\steam\steam.exe" -silent
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\impuls~1.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\WG311v3.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    LSP: mswsock.dll
    Trusted Zone: mod.uk\www.westminster
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{3E5E81D0-275A-46BF-84A0-ECC564B15F1F} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{AB12445B-E6D0-47E8-832C-8FAC67E87EAF} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{CA0E5921-34A6-45FB-A06D-F64850E85263} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{D3D88CD5-9C0B-4699-9FC5-727F8FD0DD72} : DhcpNameServer = 192.168.2.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\yqgk2812.default\
    FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/|http://www.hotmail.com/|http://www.facebook.com/
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-10 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-24 652360]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-9 382272]
    R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-11-4 14336]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-24 20464]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-22 2348352]
    S2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\linksys wireless-g usb wireless network monitor\WLService.exe [2008-6-26 53307]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;f:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-3-12 25832]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
    S3 jbridgep;jbridgep;c:\users\mark\appdata\local\temp\jbridgep.sys [2011-6-16 29696]
    S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-8-22 7168]
    .
    =============== Created Last 30 ================
    .
    2012-02-24 22:59:08 -------- d-----w- c:\users\mark\appdata\roaming\Malwarebytes
    2012-02-24 22:59:02 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-24 22:59:01 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-24 22:59:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-22 00:15:02 61248 ----a-w- c:\windows\system32\OpenCL.dll
    2012-02-22 00:15:02 5892928 ----a-w- c:\windows\system32\nvcuda.dll
    2012-02-22 00:15:02 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-02-22 00:15:02 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-02-22 00:15:02 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
    2012-02-22 00:15:02 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-02-22 00:15:02 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-02-17 22:47:00 -------- d-----w- c:\users\mark\appdata\roaming\AVG2012
    2012-02-17 22:44:41 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-02-17 22:44:41 -------- d-----w- c:\programdata\AVG2012
    2012-02-17 20:58:41 -------- d-----w- c:\programdata\MFAData
    2012-02-14 20:06:03 -------- d-----w- c:\users\mark\appdata\roaming\Usukmo
    2012-02-14 20:06:03 -------- d-----w- c:\users\mark\appdata\roaming\Mywara
    2012-02-12 11:17:03 -------- d-----w- c:\users\mark\appdata\roaming\Xete
    2012-02-12 11:17:03 -------- d-----w- c:\users\mark\appdata\roaming\Aktuot
    2012-02-11 23:20:56 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-09 20:05:44 416064 ----a-w- c:\windows\system32\nvStreaming.exe
    .
    ==================== Find3M ====================
    .
    2012-02-24 22:55:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-10 04:13:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
    2012-02-10 04:13:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
    2012-02-10 04:13:00 2301248 ----a-w- c:\windows\system32\nvapi.dll
    2012-02-10 04:13:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
    2012-02-10 04:13:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
    2012-02-10 03:02:06 3881792 ----a-w- c:\windows\system32\nvcpl.dll
    2012-02-10 03:00:44 2719040 ----a-w- c:\windows\system32\nvsvc.dll
    2012-02-10 03:00:26 645440 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-02-10 03:00:26 62272 ----a-w- c:\windows\system32\nvshext.dll
    2012-02-10 03:00:26 108352 ----a-w- c:\windows\system32\nvmctray.dll
    2012-01-12 19:52:56 2044416 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 06:22:01 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-15 06:18:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-12-15 06:17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-12-15 06:17:35 71680 ----a-w- c:\windows\system32\iesetup.dll
    2011-12-15 06:17:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2011-12-15 05:21:27 385024 ----a-w- c:\windows\system32\html.iec
    2011-12-15 04:45:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-12-15 04:43:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-12-14 16:17:47 680448 ----a-w- c:\windows\system32\msvcrt.dll
    .
    ============= FINISH: 23:39:28.13 ===============
  3. Pr011

    Pr011 Newcomer, in training Topic Starter Posts: 66

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 19/01/2008 05:59:09
    System Uptime: 24/02/2012 23:34:36 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5N32-E SLI PLUS
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 149 GiB total, 34.749 GiB free.
    D: is CDROM (UDF)
    E: is CDROM ()
    F: is FIXED (NTFS) - 596 GiB total, 318.689 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: NETGEAR WG311v3 54Mbps Wireless PCI Adapter
    Device ID: PCI\VEN_11AB&DEV_1FAA&SUBSYS_6B001385&REV_03\4&276FBEC1&0&3078
    Manufacturer: Marvell
    Name: NETGEAR WG311v3 54Mbps Wireless PCI Adapter
    PNP Device ID: PCI\VEN_11AB&DEV_1FAA&SUBSYS_6B001385&REV_03\4&276FBEC1&0&3078
    Service: MRV6X32P
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart 3300 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart 3300 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: HP Color LaserJet CP2025dn
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: Hewlett-Packard
    Name: HP Color LaserJet CP2025dn
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    3Connect
    8600_Help
    8600_Readme
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.3.1
    Amazon MP3 Downloader 1.0.9
    Apple Software Update
    Audacity 1.2.6
    AVG 2012
    Batman: Arkham Asylum
    BioShock
    BioShock 2
    Borderlands
    BPD_HPSU
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    CCleaner (remove only)
    Command & Conquer Windows 95
    Compatibility Pack for the 2007 Office system
    Creative Jukebox Driver
    Dead Island
    Deus Ex: Human Revolution
    DeviceDiscovery
    DeviceManagementQFolder
    doPDF 7.2 printer
    Dragon Age: Origins
    Dragon Age: Origins - Awakening
    EA Download Manager
    Earth 2150
    eMule
    eSupportQFolder
    Fallout Mod Manager 0.9.15
    Fallout: New Vegas
    FreeSpace 2
    Galactic Civilizations
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Gratuitous Space Battles
    Homeworld2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Imaging Device Functions 9.0
    HP Officejet Pro K8600 Series
    HP Smart Web Printing
    HP Solution Center 9.0
    HP Update
    HPProductAssistant
    HPSSupply
    Impulse
    IvanView
    Java Auto Updater
    Java(TM) 6 Update 31
    Java(TM) 6 Update 7
    K8600
    Knights and Merchants - The Peasants Rebellion
    LAME v3.98.2 for Audacity
    Linksys Wireless-G USB Network Adapter
    Malwarebytes Anti-Malware version 1.60.1.1000
    Mass Effect
    Mass Effect 2
    Master of Orion II
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft IntelliPoint 6.3
    Microsoft IntelliType Pro 6.3
    Microsoft Office Small Business Edition 2003
    Microsoft Silverlight
    Microsoft StarLancer
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mirror's Edge™
    Motherboard Monitor 5
    Mozilla Firefox 8.0.1 (x86 en-GB)
    MPM
    MS Access 97 SP2
    NetDeviceManager
    NETGEAR WG311v3 PCI Adapter
    NVIDIA 3D Vision Controller Driver
    NVIDIA 3D Vision Controller Driver 295.73
    NVIDIA 3D Vision Driver 295.73
    NVIDIA Control Panel 295.73
    NVIDIA Drivers
    NVIDIA Graphics Driver 295.73
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0209
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.7.11
    NVIDIA Update Components
    Oni
    OpenAL
    Operation Flashpoint: Dragon Rising
    Portal 2
    ProductContext
    PunkBuster Services
    PVSonyDll
    QuickTime
    RAD Video Tools
    RAGE
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Sid Meier's Civilization IV
    Sid Meier's Civilization V
    Sid Meier's Railroads!
    SimCity 4 Deluxe
    Sins of a Solar Empire
    Sins of a Solar Empire - Entrenchment
    SolutionCenter
    SoundMAX
    Status
    Steam
    System Requirements Lab
    The Elder Scrolls V: Skyrim
    The Moon Project
    The Witcher 2
    Tomb Raider: Anniversary
    Toolbox
    TrayApp
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VLC media player 1.1.7
    Vodafone Mobile Connect
    Vodafone Mobile Connect Lite Runtime Components
    Warhammer 40,000 Space Marine
    Warhammer 40,000: Dawn of War Gold Edition
    Warhammer 40,000: Dawn of War – Dark Crusade
    Warhammer 40,000: Dawn of War – Winter Assault
    Warzone 2100
    WebReg
    Windows Live ID Sign-in Assistant
    Windows Live installer
    Windows Live Messenger
    WinRAR archiver
    Wireless Manager
    Worms Reloaded Demo
    ZTE_MF6X6_USB_MODEM_1.2050.0.6
    .
    ==== Event Viewer Messages From Past Week ========
    .
    24/02/2012 23:36:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    24/02/2012 23:36:36, Error: Service Control Manager [7023] - The WUSB54GSv2SVC service terminated with the following error: The parameter is incorrect.
    24/02/2012 23:36:36, Error: Service Control Manager [7023] - The WcesComm service terminated with the following error: The specified module could not be found.
    24/02/2012 23:36:36, Error: Service Control Manager [7023] - The PSI_SVC_2 service terminated with the following error: The specified module could not be found.
    24/02/2012 23:36:36, Error: Service Control Manager [7023] - The Hpt3xx service terminated with the following error: The specified module could not be found.
    24/02/2012 23:36:36, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    24/02/2012 23:36:36, Error: Service Control Manager [7023] - The Cmudau service terminated with the following error: The specified module could not be found.
    24/02/2012 23:36:36, Error: Service Control Manager [7023] - The A8djusb service terminated with the following error: The specified module could not be found.
    24/02/2012 23:36:36, Error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.
    24/02/2012 23:36:36, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    24/02/2012 23:36:36, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    24/02/2012 23:36:36, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    24/02/2012 23:35:41, Error: EventLog [6008] - The previous system shutdown at 23:33:16 on 24/02/2012 was unexpected.
    24/02/2012 23:12:14, Error: Service Control Manager [7023] - The Hpt3xx service terminated with the following error: Access is denied.
    24/02/2012 22:57:13, Error: Service Control Manager [7023] - The PSI_SVC_2 service terminated with the following error: Access is denied.
    24/02/2012 22:43:51, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows Mail Junk E-mail Filter [January 2012] (KB905866).
    24/02/2012 22:42:14, Error: Service Control Manager [7023] - The WcesComm service terminated with the following error: Access is denied.
    24/02/2012 22:41:13, Error: Service Control Manager [7023] - The Cmudau service terminated with the following error: Access is denied.
    24/02/2012 22:06:38, Error: EventLog [6008] - The previous system shutdown at 19:37:12 on 24/02/2012 was unexpected.
    24/02/2012 18:14:18, Error: EventLog [6008] - The previous system shutdown at 18:12:11 on 24/02/2012 was unexpected.
    24/02/2012 17:32:48, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    22/02/2012 01:06:51, Error: EventLog [6008] - The previous system shutdown at 01:03:51 on 22/02/2012 was unexpected.
    17/02/2012 22:55:28, Error: EventLog [6008] - The previous system shutdown at 22:53:18 on 17/02/2012 was unexpected.
    17/02/2012 21:57:10, Error: netbt [4313] - Unable to open the Registry Linkage to read configuration information.
    17/02/2012 14:45:20, Error: EventLog [6008] - The previous system shutdown at 21:08:02 on 14/02/2012 was unexpected.
    .
    ==== End Of File ===========================
  4. Pr011

    Pr011 Newcomer, in training Topic Starter Posts: 66

    Logs posted above,

    Thanks for your help guys!
  5. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =================================================================

    Download BTKR_RunBox to your desktop.

    Double click on downloaded BTKR_RunBox.exe file.
    Small RunBox DOS window will open.
    Press any key to continue.
    Press "1" to select "Run a scan with Bootkit Remover" option.
    Press "Enter".
    Press "Enter" one more time to generate log.
    Click OK, IF any "Warning" message pops up.
    Notepad will open with Bootkit Remover log.
    Copy the content and post it in your next reply.
    In RunBox press "4" then Enter to exit it.

    NOTE. In case you lost the log it's also located on your desktop as "scan.txt"
  6. Pr011

    Pr011 Newcomer, in training Topic Starter Posts: 66

    Hello again

    Are there some posts missing from this thread?

    I thought I was going mad but found the email notifications from the thread telling me to install combofix, but they no longer appear in the thread?!

    Anyhow, I uninstalled AVG and now when the computer boots I get a suspicious pop up box stating "The recycle bin on C:\ is corrupted, Do you want to empty the recycle bin on this drive?" with a yes and no option,

    I ran Combofix as instructed but the system seemed to lock up on the search part. I let it run for a few hours and got an error message stating that "freeware implementation of XCACLAS has stopped working". I closed that, I then got a message stating it was a bad infection that would take time to clear up. The machine then rebooted itself but got into a cycle where it would reboot on reaching the password prompt screen, briefly displaying a message about group access before rebooting. I let it reboot itself about a dozen times and then launched it in safe mode which was successful, but I still get the prompt box about Recycle bin, and when running in safe mode, combofix upacks itself but doesn't seem to run...
  7. Pr011

    Pr011 Newcomer, in training Topic Starter Posts: 66

    Further to the above, any attempt to boot normally puts the machine into a reboot loop again.
  8. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    First of all I didn't ask you to run Combofix.

    Run tools mentioned in my previous reply from safe mode.
  9. Pr011

    Pr011 Newcomer, in training Topic Starter Posts: 66

    Hello again,

    I am very grateful for your help, which I know I am not being charged for; and I will donate to your site regardless of the outcome, but I do have this email in my account; and the post was definately in the thread:

    "Dear Pr011,

    Broni has just replied to a discussion you have subscribed to entitled "Trojan Horse Crypt.AQLW, Internet pops up, computer crashing" in the Virus and Malware Removal forum at TechSpot.

    You can read this discussion at:
    http://www.techspot.com/vb/newintopic177970.html

    Here is the message that has just been posted:

    ***************
    Please download ComboFix from *Here* (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) or *Here* (http://www.infospyware.net/antimalware/combofix/) to your Desktop.

    ***Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop***
    * Never rename Combofix unless instructed.
    * Close any open browsers.
    * Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix..." etc etc

    I do not wish to cause any problems and it is not for me to argue when I am being helped (esp. for free!), but I did get the instruction to run combofix, I know there was sever maintenance last night on site, maybe that explains it??

    I will run the tools requested from safe mode and post. Again, thanks for your help.
  10. Pr011

    Pr011 Newcomer, in training Topic Starter Posts: 66

    My logs:

    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-26 00:34:37
    -----------------------------
    00:34:37.958 OS Version: Windows 6.0.6002 Service Pack 2
    00:34:37.958 Number of processors: 4 586 0xF0B
    00:34:37.959 ComputerName: MARK-PC UserName: Mark
    00:34:55.903 Initialize success
    00:39:56.449 AVAST engine defs: 12022502
    00:41:12.286 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1
    00:41:12.288 Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
    00:41:12.291 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000059
    00:41:12.295 Disk 1 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 6
    00:41:12.323 Disk 0 MBR read successfully
    00:41:12.326 Disk 0 MBR scan
    00:41:12.331 Disk 0 Windows VISTA default MBR code
    00:41:12.336 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 2048
    00:41:12.342 Disk 0 scanning sectors +312578048
    00:41:12.409 Disk 0 scanning C:\Windows\system32\drivers
    00:41:13.676 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Sirefef-JQ [Trj]
    00:41:21.994 Disk 0 trace - called modules:
    00:41:22.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85bcb1f8]<<
    00:41:22.047 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a3d470]
    00:41:22.053 3 CLASSPNP.SYS[8b5a78b3] -> nt!IofCallDriver -> [0x85c5c598]
    00:41:22.060 5 acpi.sys[82e0f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-1[0x85c9a8a0]
    00:41:22.067 \Driver\atapi[0x85c6c6e8] -> IRP_MJ_CREATE -> 0x85bcb1f8
    00:41:22.724 AVAST engine scan C:\Windows
    00:41:26.017 AVAST engine scan C:\Windows\system32
    00:44:05.788 AVAST engine scan C:\Windows\system32\drivers
    00:44:06.973 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Sirefef-JQ [Trj]
    00:44:16.571 AVAST engine scan C:\Users\Mark
    00:45:18.898 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
    00:45:18.915 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"
  11. Pr011

    Pr011 Newcomer, in training Topic Starter Posts: 66

    Hello again,

    The download link for BTKR_runbox appears to be dead... I get an error screen in french telling me it's not available.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Click on SCAN.
      [/b]
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  13. Pr011

    Pr011 Newcomer, in training Topic Starter Posts: 66

    RogueKiller V7.1.0 [02/15/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Safe mode with network support
    User: Mark [Admin rights]
    Mode: Scan -- Date: 02/26/2012 01:13:29

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 3 ¤¤¤
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD1600AAJB-00PVA0 ATA Device +++++
    --- User ---
    [MBR] 7be4d50977873353752aa4c68214641c
    [BSP] 40f40e7e33546ef3548f3ee71c27c7ca : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WDC WD64 01AALS-00L3B SCSI Disk Device +++++
    --- User ---
    [MBR] 8a22d489db3b89375fd554178146aad4
    [BSP] bac0c001ecfd76fe391e8a7490c585ab : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610478 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
  14. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  15. Pr011

    Pr011 Newcomer, in training Topic Starter Posts: 66

    01:22:01.0653 0512 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
    01:22:01.0789 0512 ============================================================
    01:22:01.0789 0512 Current date / time: 2012/02/26 01:22:01.0789
    01:22:01.0789 0512 SystemInfo:
    01:22:01.0789 0512
    01:22:01.0789 0512 OS Version: 6.0.6002 ServicePack: 2.0
    01:22:01.0789 0512 Product type: Workstation
    01:22:01.0789 0512 ComputerName: MARK-PC
    01:22:01.0789 0512 UserName: Mark
    01:22:01.0789 0512 Windows directory: C:\Windows
    01:22:01.0789 0512 System windows directory: C:\Windows
    01:22:01.0789 0512 Processor architecture: Intel x86
    01:22:01.0789 0512 Number of processors: 4
    01:22:01.0789 0512 Page size: 0x1000
    01:22:01.0789 0512 Boot type: Safe boot with network
    01:22:01.0789 0512 ============================================================
    01:22:02.0721 0512 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    01:22:02.0728 0512 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    01:22:02.0729 0512 \Device\Harddisk0\DR0:
    01:22:02.0730 0512 MBR used
    01:22:02.0730 0512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
    01:22:02.0730 0512 \Device\Harddisk1\DR1:
    01:22:02.0730 0512 MBR used
    01:22:02.0730 0512 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
    01:22:02.0765 0512 Initialize success
    01:22:02.0765 0512 ============================================================
    01:22:11.0706 1620 ============================================================
    01:22:11.0706 1620 Scan started
    01:22:11.0706 1620 Mode: Manual;
    01:22:11.0706 1620 ============================================================
    01:22:12.0155 1620 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    01:22:12.0159 1620 ACPI - ok
    01:22:12.0216 1620 ADIHdAudAddService (81a61c3fe6f0f8c084c9a80b584cce21) C:\Windows\system32\drivers\ADIHdAud.sys
    01:22:12.0220 1620 ADIHdAudAddService - ok
    01:22:12.0256 1620 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    01:22:12.0262 1620 adp94xx - ok
    01:22:12.0290 1620 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    01:22:12.0294 1620 adpahci - ok
    01:22:12.0318 1620 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    01:22:12.0319 1620 adpu160m - ok
    01:22:12.0344 1620 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    01:22:12.0345 1620 adpu320 - ok
    01:22:12.0416 1620 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    01:22:12.0419 1620 AFD - ok
    01:22:12.0449 1620 AFGMp50 - ok
    01:22:12.0504 1620 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\AFGSp50.sys
    01:22:12.0505 1620 AFGSp50 - ok
    01:22:12.0548 1620 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    01:22:12.0549 1620 agp440 - ok
    01:22:12.0582 1620 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    01:22:12.0583 1620 aic78xx - ok
    01:22:12.0628 1620 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    01:22:12.0629 1620 aliide - ok
    01:22:12.0667 1620 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    01:22:12.0667 1620 amdagp - ok
    01:22:12.0683 1620 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    01:22:12.0683 1620 amdide - ok
    01:22:12.0706 1620 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    01:22:12.0706 1620 AmdK7 - ok
    01:22:12.0740 1620 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    01:22:12.0740 1620 AmdK8 - ok
    01:22:12.0773 1620 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    01:22:12.0773 1620 arc - ok
    01:22:12.0796 1620 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    01:22:12.0796 1620 arcsas - ok
    01:22:12.0840 1620 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    01:22:12.0840 1620 AsyncMac - ok
    01:22:12.0882 1620 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    01:22:12.0882 1620 atapi - ok
    01:22:12.0983 1620 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    01:22:12.0984 1620 Beep - ok
    01:22:13.0009 1620 blbdrive - ok
    01:22:13.0053 1620 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    01:22:13.0053 1620 bowser - ok
    01:22:13.0086 1620 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    01:22:13.0087 1620 BrFiltLo - ok
    01:22:13.0111 1620 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    01:22:13.0111 1620 BrFiltUp - ok
    01:22:13.0142 1620 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    01:22:13.0143 1620 Brserid - ok
    01:22:13.0166 1620 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    01:22:13.0166 1620 BrSerWdm - ok
    01:22:13.0189 1620 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    01:22:13.0189 1620 BrUsbMdm - ok
    01:22:13.0213 1620 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    01:22:13.0214 1620 BrUsbSer - ok
    01:22:13.0243 1620 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    01:22:13.0243 1620 BTHMODEM - ok
    01:22:13.0300 1620 catchme - ok
    01:22:13.0347 1620 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    01:22:13.0348 1620 cdfs - ok
    01:22:13.0387 1620 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    01:22:13.0387 1620 cdrom - ok
    01:22:13.0438 1620 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    01:22:13.0439 1620 circlass - ok
    01:22:13.0485 1620 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    01:22:13.0488 1620 CLFS - ok
    01:22:13.0520 1620 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    01:22:13.0520 1620 cmdide - ok
    01:22:13.0542 1620 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
    01:22:13.0542 1620 Compbatt - ok
    01:22:13.0566 1620 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    01:22:13.0566 1620 crcdisk - ok
    01:22:13.0598 1620 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    01:22:13.0598 1620 Crusoe - ok
    01:22:13.0695 1620 DfsC (048d6fec8033b3c0ed624693ec9ada2b) C:\Windows\system32\Drivers\dfsc.sys
    01:22:13.0696 1620 DfsC ( Virus.Win32.ZAccess.c ) - infected
    01:22:13.0696 1620 DfsC - detected Virus.Win32.ZAccess.c (0)
    01:22:13.0763 1620 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    01:22:13.0763 1620 disk - ok
    01:22:13.0823 1620 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    01:22:13.0824 1620 Dot4 - ok
    01:22:13.0870 1620 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    01:22:13.0870 1620 Dot4Print - ok
    01:22:13.0888 1620 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    01:22:13.0888 1620 dot4usb - ok
    01:22:13.0920 1620 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    01:22:13.0920 1620 drmkaud - ok
    01:22:13.0974 1620 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    01:22:13.0984 1620 DXGKrnl - ok
    01:22:14.0023 1620 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    01:22:14.0025 1620 E1G60 - ok
    01:22:14.0100 1620 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    01:22:14.0101 1620 Ecache - ok
    01:22:14.0146 1620 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    01:22:14.0150 1620 elxstor - ok
    01:22:14.0215 1620 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    01:22:14.0216 1620 exfat - ok
    01:22:14.0264 1620 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    01:22:14.0265 1620 fastfat - ok
    01:22:14.0304 1620 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    01:22:14.0304 1620 fdc - ok
    01:22:14.0356 1620 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    01:22:14.0356 1620 FileInfo - ok
    01:22:14.0393 1620 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    01:22:14.0393 1620 Filetrace - ok
    01:22:14.0420 1620 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    01:22:14.0420 1620 flpydisk - ok
    01:22:14.0460 1620 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    01:22:14.0462 1620 FltMgr - ok
    01:22:14.0524 1620 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    01:22:14.0524 1620 Fs_Rec - ok
    01:22:14.0562 1620 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    01:22:14.0563 1620 gagp30kx - ok
    01:22:14.0648 1620 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    01:22:14.0650 1620 HdAudAddService - ok
    01:22:14.0695 1620 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    01:22:14.0704 1620 HDAudBus - ok
    01:22:14.0854 1620 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    01:22:14.0854 1620 HidBth - ok
    01:22:14.0899 1620 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    01:22:14.0900 1620 HidIr - ok
    01:22:14.0945 1620 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    01:22:14.0946 1620 HidUsb - ok
    01:22:14.0976 1620 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    01:22:14.0977 1620 HpCISSs - ok
    01:22:15.0071 1620 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    01:22:15.0077 1620 HTTP - ok
    01:22:15.0121 1620 hwdatacard (4154079a88089155d10168333b19627f) C:\Windows\system32\DRIVERS\ewusbmdm.sys
    01:22:15.0121 1620 hwdatacard - ok
    01:22:15.0153 1620 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    01:22:15.0153 1620 i2omp - ok
    01:22:15.0209 1620 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    01:22:15.0210 1620 i8042prt - ok
    01:22:15.0242 1620 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    01:22:15.0244 1620 iaStorV - ok
    01:22:15.0274 1620 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    01:22:15.0275 1620 iirsp - ok
    01:22:15.0302 1620 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    01:22:15.0302 1620 intelide - ok
    01:22:15.0347 1620 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    01:22:15.0347 1620 intelppm - ok
    01:22:15.0396 1620 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    01:22:15.0397 1620 IpFilterDriver - ok
    01:22:15.0414 1620 IpInIp - ok
    01:22:15.0450 1620 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    01:22:15.0451 1620 IPMIDRV - ok
    01:22:15.0492 1620 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    01:22:15.0493 1620 IPNAT - ok
    01:22:15.0528 1620 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    01:22:15.0528 1620 IRENUM - ok
    01:22:15.0552 1620 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    01:22:15.0553 1620 isapnp - ok
    01:22:15.0599 1620 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    01:22:15.0600 1620 iScsiPrt - ok
    01:22:15.0624 1620 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    01:22:15.0625 1620 iteatapi - ok
    01:22:15.0665 1620 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    01:22:15.0666 1620 iteraid - ok
    01:22:15.0755 1620 jbridgep (22fabdc07b4de09773a92d49201c9f94) C:\Users\Mark\AppData\Local\Temp\jbridgep.sys
    01:22:15.0756 1620 jbridgep - ok
    01:22:15.0787 1620 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    01:22:15.0787 1620 kbdclass - ok
    01:22:15.0815 1620 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    01:22:15.0815 1620 kbdhid - ok
    01:22:15.0868 1620 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
    01:22:15.0874 1620 KSecDD - ok
    01:22:15.0916 1620 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    01:22:15.0917 1620 lltdio - ok
    01:22:15.0965 1620 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    01:22:15.0966 1620 LSI_FC - ok
    01:22:15.0992 1620 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    01:22:15.0993 1620 LSI_SAS - ok
    01:22:16.0020 1620 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    01:22:16.0021 1620 LSI_SCSI - ok
    01:22:16.0061 1620 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    01:22:16.0062 1620 luafv - ok
    01:22:16.0095 1620 massfilter (6490fe1b088c7199a9b6ce0e04a98a8b) C:\Windows\system32\DRIVERS\massfilter.sys
    01:22:16.0096 1620 massfilter - ok
    01:22:16.0131 1620 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
    01:22:16.0131 1620 MBAMProtector - ok
    01:22:16.0196 1620 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\Windows\system32\mbmiodrvr.sys
    01:22:16.0197 1620 mbmiodrvr - ok
    01:22:16.0233 1620 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    01:22:16.0233 1620 megasas - ok
    01:22:16.0264 1620 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    01:22:16.0264 1620 Modem - ok
    01:22:16.0323 1620 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    01:22:16.0324 1620 monitor - ok
    01:22:16.0354 1620 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    01:22:16.0354 1620 mouclass - ok
    01:22:16.0388 1620 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    01:22:16.0388 1620 mouhid - ok
    01:22:16.0419 1620 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    01:22:16.0420 1620 MountMgr - ok
    01:22:16.0468 1620 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    01:22:16.0468 1620 mpio - ok
    01:22:16.0535 1620 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    01:22:16.0536 1620 mpsdrv - ok
    01:22:16.0565 1620 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    01:22:16.0566 1620 Mraid35x - ok
    01:22:16.0635 1620 MRV6X32P (02b74ba962232ea2a1771aa522143eaa) C:\Windows\system32\DRIVERS\MRVW13B.sys
    01:22:16.0638 1620 MRV6X32P - ok
    01:22:16.0685 1620 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    01:22:16.0685 1620 MRxDAV - ok
    01:22:16.0725 1620 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    01:22:16.0725 1620 mrxsmb - ok
    01:22:16.0776 1620 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    01:22:16.0778 1620 mrxsmb10 - ok
    01:22:16.0797 1620 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    01:22:16.0798 1620 mrxsmb20 - ok
    01:22:16.0827 1620 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    01:22:16.0828 1620 msahci - ok
    01:22:16.0852 1620 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    01:22:16.0853 1620 msdsm - ok
    01:22:16.0902 1620 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    01:22:16.0903 1620 Msfs - ok
    01:22:16.0952 1620 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    01:22:16.0952 1620 msisadrv - ok
    01:22:16.0993 1620 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    01:22:16.0993 1620 MSKSSRV - ok
    01:22:17.0037 1620 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    01:22:17.0037 1620 MSPCLOCK - ok
    01:22:17.0071 1620 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    01:22:17.0071 1620 MSPQM - ok
    01:22:17.0112 1620 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    01:22:17.0114 1620 MsRPC - ok
    01:22:17.0157 1620 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    01:22:17.0158 1620 mssmbios - ok
    01:22:17.0191 1620 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    01:22:17.0191 1620 MSTEE - ok
    01:22:17.0222 1620 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
    01:22:17.0222 1620 MTsensor - ok
    01:22:17.0236 1620 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    01:22:17.0237 1620 Mup - ok
    01:22:17.0280 1620 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    01:22:17.0281 1620 NativeWifiP - ok
    01:22:17.0332 1620 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    01:22:17.0341 1620 NDIS - ok
    01:22:17.0371 1620 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    01:22:17.0371 1620 NdisTapi - ok
    01:22:17.0409 1620 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    01:22:17.0409 1620 Ndisuio - ok
    01:22:17.0440 1620 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    01:22:17.0441 1620 NdisWan - ok
    01:22:17.0490 1620 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    01:22:17.0491 1620 NDProxy - ok
    01:22:17.0517 1620 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    01:22:17.0518 1620 NetBIOS - ok
    01:22:17.0574 1620 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    01:22:17.0574 1620 nfrd960 - ok
    01:22:17.0618 1620 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    01:22:17.0618 1620 Npfs - ok
    01:22:17.0657 1620 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    01:22:17.0658 1620 nsiproxy - ok
    01:22:17.0722 1620 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    01:22:17.0748 1620 Ntfs - ok
    01:22:17.0778 1620 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    01:22:17.0778 1620 ntrigdigi - ok
    01:22:17.0837 1620 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
    01:22:17.0838 1620 NuidFltr - ok
    01:22:17.0892 1620 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    01:22:17.0892 1620 Null - ok
    01:22:17.0949 1620 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
    01:22:17.0955 1620 NVENETFD - ok
    01:22:18.0218 1620 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    01:22:18.0414 1620 nvlddmkm - ok
    01:22:18.0453 1620 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    01:22:18.0453 1620 nvraid - ok
    01:22:18.0497 1620 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
    01:22:18.0497 1620 nvstor - ok
    01:22:18.0531 1620 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
    01:22:18.0531 1620 nvstor32 - ok
    01:22:18.0577 1620 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    01:22:18.0578 1620 nv_agp - ok
    01:22:18.0595 1620 NwlnkFlt - ok
    01:22:18.0609 1620 NwlnkFwd - ok
    01:22:18.0659 1620 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    01:22:18.0660 1620 ohci1394 - ok
    01:22:18.0689 1620 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    01:22:18.0690 1620 Parport - ok
    01:22:18.0732 1620 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    01:22:18.0732 1620 partmgr - ok
    01:22:18.0759 1620 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    01:22:18.0759 1620 Parvdm - ok
    01:22:18.0787 1620 PCASp50 - ok
    01:22:18.0836 1620 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    01:22:18.0837 1620 pci - ok
    01:22:18.0864 1620 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    01:22:18.0864 1620 pciide - ok
    01:22:18.0899 1620 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    01:22:18.0900 1620 pcmcia - ok
    01:22:18.0950 1620 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    01:22:18.0967 1620 PEAUTH - ok
    01:22:19.0045 1620 Point32 (5b6f99087cc1342b3d193e8155f26b6f) C:\Windows\system32\DRIVERS\point32k.sys
    01:22:19.0046 1620 Point32 - ok
    01:22:19.0085 1620 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    01:22:19.0086 1620 PptpMiniport - ok
    01:22:19.0111 1620 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    01:22:19.0112 1620 Processor - ok
    01:22:19.0176 1620 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    01:22:19.0177 1620 PSched - ok
    01:22:19.0235 1620 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    01:22:19.0259 1620 ql2300 - ok
    01:22:19.0286 1620 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    01:22:19.0287 1620 ql40xx - ok
    01:22:19.0327 1620 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    01:22:19.0328 1620 QWAVEdrv - ok
    01:22:19.0371 1620 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    01:22:19.0371 1620 RasAcd - ok
    01:22:19.0408 1620 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    01:22:19.0409 1620 Rasl2tp - ok
    01:22:19.0464 1620 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    01:22:19.0465 1620 RasPppoe - ok
    01:22:19.0481 1620 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    01:22:19.0482 1620 RasSstp - ok
    01:22:19.0533 1620 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    01:22:19.0535 1620 rdbss - ok
    01:22:19.0576 1620 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    01:22:19.0577 1620 RDPCDD - ok
    01:22:19.0625 1620 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    01:22:19.0628 1620 rdpdr - ok
    01:22:19.0641 1620 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    01:22:19.0641 1620 RDPENCDD - ok
    01:22:19.0677 1620 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    01:22:19.0680 1620 RDPWD - ok
    01:22:19.0722 1620 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    01:22:19.0722 1620 rspndr - ok
    01:22:19.0745 1620 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    01:22:19.0746 1620 sbp2port - ok
    01:22:19.0791 1620 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    01:22:19.0792 1620 secdrv - ok
    01:22:19.0816 1620 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    01:22:19.0816 1620 Serenum - ok
    01:22:19.0851 1620 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    01:22:19.0851 1620 Serial - ok
    01:22:19.0910 1620 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    01:22:19.0910 1620 sermouse - ok
    01:22:19.0938 1620 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    01:22:19.0938 1620 sffdisk - ok
    01:22:19.0958 1620 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    01:22:19.0959 1620 sffp_mmc - ok
    01:22:19.0981 1620 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    01:22:19.0981 1620 sffp_sd - ok
    01:22:20.0006 1620 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    01:22:20.0007 1620 sfloppy - ok
    01:22:20.0041 1620 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    01:22:20.0042 1620 sisagp - ok
    01:22:20.0068 1620 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    01:22:20.0068 1620 SiSRaid2 - ok
    01:22:20.0094 1620 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    01:22:20.0095 1620 SiSRaid4 - ok
    01:22:20.0139 1620 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    01:22:20.0140 1620 Smb - ok
    01:22:20.0187 1620 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    01:22:20.0187 1620 spldr - ok
    01:22:20.0238 1620 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
    01:22:20.0238 1620 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
    01:22:20.0245 1620 sptd ( LockedFile.Multi.Generic ) - warning
    01:22:20.0245 1620 sptd - detected LockedFile.Multi.Generic (1)
    01:22:20.0292 1620 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    01:22:20.0296 1620 srv - ok
    01:22:20.0337 1620 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    01:22:20.0339 1620 srv2 - ok
    01:22:20.0378 1620 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    01:22:20.0379 1620 srvnet - ok
    01:22:20.0466 1620 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    01:22:20.0467 1620 swenum - ok
    01:22:20.0499 1620 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    01:22:20.0499 1620 Symc8xx - ok
    01:22:20.0525 1620 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    01:22:20.0526 1620 Sym_hi - ok
    01:22:20.0550 1620 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    01:22:20.0551 1620 Sym_u3 - ok
    01:22:20.0608 1620 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
    01:22:20.0626 1620 Tcpip - ok
    01:22:20.0657 1620 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
    01:22:20.0662 1620 Tcpip6 - ok
    01:22:20.0705 1620 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    01:22:20.0706 1620 tcpipreg - ok
    01:22:20.0741 1620 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    01:22:20.0742 1620 TDPIPE - ok
    01:22:20.0767 1620 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    01:22:20.0767 1620 TDTCP - ok
    01:22:20.0805 1620 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    01:22:20.0806 1620 tdx - ok
    01:22:20.0848 1620 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    01:22:20.0849 1620 TermDD - ok
    01:22:20.0882 1620 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    01:22:20.0883 1620 tssecsrv - ok
    01:22:20.0940 1620 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    01:22:20.0940 1620 tunmp - ok
    01:22:20.0976 1620 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    01:22:20.0977 1620 tunnel - ok
    01:22:21.0029 1620 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    01:22:21.0029 1620 uagp35 - ok
    01:22:21.0071 1620 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    01:22:21.0074 1620 udfs - ok
    01:22:21.0117 1620 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    01:22:21.0118 1620 uliagpkx - ok
    01:22:21.0144 1620 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    01:22:21.0147 1620 uliahci - ok
    01:22:21.0174 1620 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    01:22:21.0174 1620 UlSata - ok
    01:22:21.0204 1620 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    01:22:21.0205 1620 ulsata2 - ok
    01:22:21.0243 1620 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    01:22:21.0244 1620 umbus - ok
    01:22:21.0285 1620 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    01:22:21.0285 1620 usbccgp - ok
    01:22:21.0311 1620 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    01:22:21.0312 1620 usbcir - ok
    01:22:21.0343 1620 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    01:22:21.0344 1620 usbehci - ok
    01:22:21.0379 1620 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    01:22:21.0381 1620 usbhub - ok
    01:22:21.0410 1620 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
    01:22:21.0410 1620 usbohci - ok
    01:22:21.0456 1620 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    01:22:21.0457 1620 usbprint - ok
    01:22:21.0504 1620 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    01:22:21.0505 1620 usbscan - ok
    01:22:21.0528 1620 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    01:22:21.0529 1620 USBSTOR - ok
    01:22:21.0553 1620 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
    01:22:21.0554 1620 usbuhci - ok
    01:22:21.0593 1620 USB_RNDIS (830d5d8456b822c1247c1e59b4c464fa) C:\Windows\system32\DRIVERS\usb8023.sys
    01:22:21.0593 1620 USB_RNDIS - ok
    01:22:21.0645 1620 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    01:22:21.0646 1620 vga - ok
    01:22:21.0685 1620 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    01:22:21.0686 1620 VgaSave - ok
    01:22:21.0722 1620 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    01:22:21.0723 1620 viaagp - ok
    01:22:21.0745 1620 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    01:22:21.0745 1620 ViaC7 - ok
    01:22:21.0770 1620 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    01:22:21.0771 1620 viaide - ok
    01:22:21.0809 1620 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    01:22:21.0810 1620 volmgr - ok
    01:22:21.0859 1620 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    01:22:21.0863 1620 volmgrx - ok
    01:22:21.0902 1620 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    01:22:21.0905 1620 volsnap - ok
    01:22:21.0939 1620 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    01:22:21.0940 1620 vsmraid - ok
    01:22:21.0974 1620 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    01:22:21.0974 1620 WacomPen - ok
    01:22:22.0007 1620 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    01:22:22.0008 1620 Wanarp - ok
    01:22:22.0017 1620 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    01:22:22.0018 1620 Wanarpv6 - ok
    01:22:22.0044 1620 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    01:22:22.0044 1620 Wd - ok
    01:22:22.0089 1620 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    01:22:22.0097 1620 Wdf01000 - ok
    01:22:22.0166 1620 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    01:22:22.0167 1620 WmiAcpi - ok
    01:22:22.0207 1620 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    01:22:22.0207 1620 WpdUsb - ok
    01:22:22.0244 1620 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    01:22:22.0244 1620 ws2ifsl - ok
    01:22:22.0288 1620 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    01:22:22.0289 1620 WUDFRd - ok
    01:22:22.0345 1620 ZTEusbmdm6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
    01:22:22.0346 1620 ZTEusbmdm6k - ok
    01:22:22.0413 1620 ZTEusbnmea (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
    01:22:22.0414 1620 ZTEusbnmea - ok
    01:22:22.0460 1620 ZTEusbser6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
    01:22:22.0460 1620 ZTEusbser6k - ok
    01:22:22.0497 1620 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    01:22:22.0544 1620 \Device\Harddisk0\DR0 - ok
    01:22:22.0554 1620 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
    01:22:22.0596 1620 \Device\Harddisk1\DR1 - ok
    01:22:22.0598 1620 Boot (0x1200) (0764067473881a4af3236f319ce802b5) \Device\Harddisk0\DR0\Partition0
    01:22:22.0599 1620 \Device\Harddisk0\DR0\Partition0 - ok
    01:22:22.0601 1620 Boot (0x1200) (21fa605b69522b273bd08e3b52a2ee70) \Device\Harddisk1\DR1\Partition0
    01:22:22.0602 1620 \Device\Harddisk1\DR1\Partition0 - ok
    01:22:22.0603 1620 ============================================================
    01:22:22.0603 1620 Scan finished
    01:22:22.0603 1620 ============================================================
    01:22:22.0609 1440 Detected object count: 2
    01:22:22.0609 1440 Actual detected object count: 2
    01:22:43.0548 1440 C:\Windows\system32\Drivers\dfsc.sys - copied to quarantine
    01:22:43.0551 1440 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\dfsc.sys) error 1813
    01:22:51.0390 1440 Backup copy not found, trying to cure infected file..
    01:22:51.0391 1440 C:\Windows\system32\Drivers\dfsc.sys - Cure failed (FFFFFFFF)
    01:22:51.0391 1440 C:\Windows\system32\Drivers\dfsc.sys - processing error
    01:22:54.0218 1440 DfsC ( Virus.Win32.ZAccess.c ) - User select action: Cure
    01:22:54.0219 1440 sptd ( LockedFile.Multi.Generic ) - skipped by user
    01:22:54.0219 1440 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
  16. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    We have one system file infected and that's causing the issues.

    Delete your Combofix file, download fresh one and re-run it from Safe Mode.
  17. Pr011

    Pr011 Newcomer, in training Topic Starter Posts: 66

    Please see the combofix log below:

    ComboFix 12-02-24.02 - Mark 26/02/2012 3:03.1.4 - x86 NETWORK
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2934 [GMT 0:00]
    Running from: c:\users\Mark\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\data
    c:\data\cmdline.cfg
    c:\program files\3
    c:\program files\3\3Connect\3ConnectHelp.chm
    c:\program files\3\3Connect\AceDb.encrypt
    c:\program files\3\3Connect\AutoRun.dat
    c:\program files\3\3Connect\AutoUpdateSrv.exe
    c:\program files\3\3Connect\birdstepping.cmd
    c:\program files\3\3Connect\BlackListedDev.cfg
    c:\program files\3\3Connect\BlacklistedProcesses.xml
    c:\program files\3\3Connect\browsing1.html
    c:\program files\3\3Connect\capicom.dll
    c:\program files\3\3Connect\checkdata_online.html
    c:\program files\3\3Connect\CiscoApiWrapper.dll
    c:\program files\3\3Connect\Config.encrypt
    c:\program files\3\3Connect\Config.xml
    c:\program files\3\3Connect\Config_23420.encrypt
    c:\program files\3\3Connect\Config_23420.xml
    c:\program files\3\3Connect\Config_27205.encrypt
    c:\program files\3\3Connect\Config_27205.xml
    c:\program files\3\3Connect\Config_Default.encrypt
    c:\program files\3\3Connect\Config_Default.xml
    c:\program files\3\3Connect\ConfigAup.encrypt
    c:\program files\3\3Connect\ConfigAup.xml
    c:\program files\3\3Connect\connecting1.html
    c:\program files\3\3Connect\Content.css2
    c:\program files\3\3Connect\Convert.xsl
    c:\program files\3\3Connect\datausageguide1.html
    c:\program files\3\3Connect\DeviceInstaller.exe
    c:\program files\3\3Connect\Devices.xml
    c:\program files\3\3Connect\Dialog.cfg
    c:\program files\3\3Connect\ejectdisk.exe
    c:\program files\3\3Connect\endpoint.css
    c:\program files\3\3Connect\endpoint2.css
    c:\program files\3\3Connect\Flash.ocx
    c:\program files\3\3Connect\homepage1.html
    c:\program files\3\3Connect\HuaweiE220.dll
    c:\program files\3\3Connect\HuaweiE620.dll
    c:\program files\3\3Connect\ImportConfiguration.exe
    c:\program files\3\3Connect\incompatiblesoft.htm
    c:\program files\3\3Connect\Instalhelper.log
    c:\program files\3\3Connect\InstallHelpers.dll
    c:\program files\3\3Connect\LanDevice.dll
    c:\program files\3\3Connect\live.css
    c:\program files\3\3Connect\Logger.dll
    c:\program files\3\3Connect\mbbhelp.chm
    c:\program files\3\3Connect\mfc80u.dll
    c:\program files\3\3Connect\Microsoft.VC80.CRT.manifest
    c:\program files\3\3Connect\Microsoft.VC80.MFC.manifest
    c:\program files\3\3Connect\modemcust.cfg
    c:\program files\3\3Connect\modeminfo.cfg
    c:\program files\3\3Connect\Modems\ZTE_MF6X6_USB_MODEM_1.2050.0.6.exe
    c:\program files\3\3Connect\msvcp80.dll
    c:\program files\3\3Connect\msvcr80.dll
    c:\program files\3\3Connect\NetworkCodes.cfg
    c:\program files\3\3Connect\OperatorList.xml
    c:\program files\3\3Connect\OptGlobetrotterGTMax72.dll
    c:\program files\3\3Connect\PatchInfo.ini
    c:\program files\3\3Connect\ping1.html
    c:\program files\3\3Connect\pingtest.JPG
    c:\program files\3\3Connect\proxy.JPG
    c:\program files\3\3Connect\Res.dll
    c:\program files\3\3Connect\Roaming\RoamingPrice_23420.ini
    c:\program files\3\3Connect\Skins\FlashSkin\gui.swf
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\account.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\arrow_dwn.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\arrow_up.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_history.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_main.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_rss.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_sidebox.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_back.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_connect.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_default.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_disconnect.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_login.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_rssclose.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_rssopen.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\exit.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\globe.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\graph.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\minimize.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\nr_sms.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_history.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_main.swf
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_rss.swf
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\roaming.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\signal.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\sms.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\tab_1.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\images\tab_2.png
    c:\program files\3\3Connect\Skins\FlashSkin\resources\settings\constructor.xml
    c:\program files\3\3Connect\Skins\FlashSkin\resources\settings\offline.xml
    c:\program files\3\3Connect\Skins\FlashSkin\resources\settings\strings.xml
    c:\program files\3\3Connect\Skins\FlexSkin\assets\banner.swf
    c:\program files\3\3Connect\Skins\FlexSkin\assets\bec_go_lite.swf
    c:\program files\3\3Connect\Skins\FlexSkin\assets\config.xml
    c:\program files\3\3Connect\Skins\FlexSkin\assets\menu_lite.xml
    c:\program files\3\3Connect\Skins\FlexSkin\assets\signal.swf
    c:\program files\3\3Connect\Skins\FlexSkin\assets\strings.xml
    c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_0.png
    c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_1.png
    c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_2.png
    c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_3.png
    c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_4.png
    c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_5.png
    c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_6.png
    c:\program files\3\3Connect\Skins\FlexSkin\gui.swf
    c:\program files\3\3Connect\Skins\FlexSkin\modules\guiOverrides.swf
    c:\program files\3\3Connect\Sms.xml
    c:\program files\3\3Connect\SmsApp2.dll
    c:\program files\3\3Connect\SoftOpt.encrypt
    c:\program files\3\3Connect\startup.exe
    c:\program files\3\3Connect\Strings.txt
    c:\program files\3\3Connect\SwiApiInterface.dll
    c:\program files\3\3Connect\SwiApiMux.exe
    c:\program files\3\3Connect\SwiCardDetect.dll
    c:\program files\3\3Connect\SysConfig.dat
    c:\program files\3\3Connect\SystemInfo.txt
    c:\program files\3\3Connect\topup.html
    c:\program files\3\3Connect\Update\ConfigAup.encrypt
    c:\program files\3\3Connect\Update\ConfigAup.xml
    c:\program files\3\3Connect\Wilog.exe
    c:\program files\3\3Connect\WilogApp.exe
    c:\program files\3\3Connect\WWanDevice.dll
    c:\program files\3\3Connect\ZTE_MF636_startup.exe
    c:\program files\3\3Connect\ZTE620.dll
    c:\program files\INSTALL.LOG
    c:\users\Mark\Documents\~WRL0002.tmp
    c:\users\Mark\Documents\~WRL0004.tmp
    c:\users\Mark\Documents\~WRL3743.tmp
    c:\users\Mark\Documents\~WRL3991.tmp
    c:\windows\$NtUninstallKB32240$\1873154646\cfg.ini
    c:\windows\system32\AutoRun.inf
    F:\install.exe
    c:\windows\$NtUninstallKB32240$ . . . . Failed to delete
    .
    c:\windows\system32\drivers\netbt.sys was missing
    Restored copy from - c:\combofix\HarddiskVolumeShadowCopy8_!Windows!System32!drivers!netbt.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_usnjsvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-26 03:15 . 2012-02-26 03:20 -------- d-----w- c:\users\Mark\AppData\Local\temp
    2012-02-26 03:15 . 2012-02-26 03:15 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes
    2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-24 22:59 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-24 22:14 . 2011-12-15 06:21 129536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2012-02-22 00:17 . 2012-02-22 01:09 -------- d-----w- c:\users\UpdatusUser
    2012-02-22 00:15 . 2012-02-10 04:13 61248 ----a-w- c:\windows\system32\OpenCL.dll
    2012-02-22 00:15 . 2012-02-10 04:13 5892928 ----a-w- c:\windows\system32\nvcuda.dll
    2012-02-22 00:15 . 2012-02-10 04:13 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-02-22 00:15 . 2012-02-10 04:13 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-02-22 00:15 . 2012-02-10 04:13 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
    2012-02-22 00:15 . 2012-02-10 04:13 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-02-22 00:15 . 2012-02-10 04:13 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-02-17 22:47 . 2012-02-17 22:47 -------- d-----w- c:\users\Mark\AppData\Roaming\AVG2012
    2012-02-17 22:44 . 2012-02-25 03:09 -------- d-----w- c:\programdata\AVG2012
    2012-02-17 20:58 . 2012-02-25 02:42 -------- d-----w- c:\programdata\MFAData
    2012-02-14 20:06 . 2012-02-17 20:29 -------- d-----w- c:\users\Mark\AppData\Roaming\Usukmo
    2012-02-14 20:06 . 2012-02-14 20:06 -------- d-----w- c:\users\Mark\AppData\Roaming\Mywara
    2012-02-12 11:17 . 2012-02-17 14:51 -------- d-----w- c:\users\Mark\AppData\Roaming\Aktuot
    2012-02-12 11:17 . 2012-02-12 11:37 -------- d-----w- c:\users\Mark\AppData\Roaming\Xete
    2012-02-11 23:20 . 2012-02-25 10:10 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-24 22:55 . 2010-09-11 16:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-10 04:13 . 2011-10-17 02:10 881984 ----a-w- c:\windows\system32\nvgenco32.dll
    2012-02-10 04:13 . 2011-10-17 02:10 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
    2012-02-10 04:13 . 2011-02-23 01:57 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
    2012-02-10 04:13 . 2009-06-10 17:33 2301248 ----a-w- c:\windows\system32\nvapi.dll
    2012-02-10 04:13 . 2009-06-10 17:33 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
    2012-02-10 03:02 . 2011-02-23 00:40 3881792 ----a-w- c:\windows\system32\nvcpl.dll
    2012-02-10 03:00 . 2011-02-23 00:39 2719040 ----a-w- c:\windows\system32\nvsvc.dll
    2012-02-10 03:00 . 2011-02-23 00:38 645440 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-02-10 03:00 . 2011-02-23 00:38 108352 ----a-w- c:\windows\system32\nvmctray.dll
    2012-02-10 03:00 . 2009-06-10 08:34 62272 ----a-w- c:\windows\system32\nvshext.dll
    2012-01-12 19:52 . 2012-02-24 22:16 2044416 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 06:22 . 2012-02-24 22:14 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-02 15:15 . 2011-06-17 13:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-23 68856]
    "Steam"="f:\program files\Steam\steam.exe" [2011-08-02 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
    "DLBTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
    "Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-6-9 2042088]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
    NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [2005-8-31 1691648]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Agent.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
    backup=c:\windows\pss\Update Agent.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
    2008-11-04 11:40 2087424 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    qmofiltr
    pserve
    vmparport
    k750mdfl
    delldmi
    knobserv
    tvtpktfilter
    datasvr2
    amdk77
    clsched
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-11 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-23 07:15]
    .
    2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
    .
    2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://news.bbc.co.uk/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: mod.uk\www.westminster
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\
    FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/|http://www.hotmail.com/|http://www.facebook.com/
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
    AddRemove-Fallout Mod Manager_is1 - c:\program files\steam\steamapps\common\fallout 3\fomm\uninstall\unins000.exe
    AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files\Common Files\BioWare\Uninstall Mass Effect 2.exe
    .
    .
    .
    **************************************************************************
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLBTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:95,f0,cb,53,9a,96,d9,c6,ad,ef,7c,3c,7e,8b,6b,a3,ff,28,9d,b4,75,d4,82,
    26,15,8f,b4,41,79,6c,09,51,8c,9d,91,01,67,9b,86,e0,74,e9,a2,47,79,c5,f6,54,\
    "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
    .
    [HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\License information*]
    "datasecu"=hex:a5,92,72,63,87,4c,26,d5,74,ef,71,ff,4a,aa,92,e9,20,64,f7,bc,f8,
    32,3b,d6,50,cc,b4,51,90,1d,35,56,e8,e2,2e,e2,dd,d9,c4,a7,e9,d2,7b,27,af,d3,\
    "rkeysecu"=hex:1e,ae,06,95,0e,65,8d,3b,aa,24,d6,13,54,d5,ef,7b
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Windows Media Player\wmpnscfg.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    c:\windows\helppane.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-26 03:26:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-26 03:25
    .
    Pre-Run: 38,793,306,112 bytes free
    Post-Run: 38,562,734,080 bytes free
    .
    - - End Of File - - A677ADA0F2097407EC75804B713FEC3F
  18. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      dfsc.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  19. Pr011

    Pr011 Newcomer, in training Topic Starter Posts: 66

    SystemLook 30.07.11 by jpshortstuff
    Log created at 04:12 on 26/02/2012 by Mark
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "dfsc.sys"
    C:\Windows\System32\drivers\dfsc.sys --a---- 75264 bytes [20:44 07/08/2011] [14:59 14/04/2011] 048D6FEC8033B3C0ED624693EC9ADA2B
    C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6000.16386_none_85636be1e930d40a\dfsc.sys --a---- 74752 bytes [08:31 02/11/2006] [08:31 02/11/2006] A7179DE59AE269AB70345527894CCD7C
    C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18000_none_879a2ddde61be4de\dfsc.sys --a---- 75264 bytes [10:51 10/06/2008] [05:28 19/01/2008] 9E635AE5E8AD93E2B5989E2E23679F97
    C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18633_none_877cca5be63173a0\dfsc.sys --a---- 75264 bytes [20:44 07/08/2011] [14:24 14/04/2011] A3E9FA213F443AC77C7746119D13FEEC
    C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.22899_none_87cb8b40ff7a5041\dfsc.sys --a---- 75264 bytes [20:44 07/08/2011] [13:22 13/04/2011] E20FB30D720810646ED24FB7CA9899A2
    C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a\dfsc.sys --a---- 75264 bytes [13:08 14/03/2011] [21:14 10/04/2009] 218D8AE46C88E82014F5D73D0236D9B2
    C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys --a---- 75264 bytes [20:44 07/08/2011] [14:59 14/04/2011] 048D6FEC8033B3C0ED624693EC9ADA2B
    C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.22625_none_89f9ad5afc6b7999\dfsc.sys --a---- 75264 bytes [20:44 07/08/2011] [14:36 14/04/2011] 3A3436F7DFE0E0C58CD5C3B6C9F21634

    -= EOF =-
  20. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6000.16386_none_85636be1e930d40a\dfsc.sys | C:\Windows\System32\drivers\dfsc.sys
    
    
    File::
    c:\windows\system32\dds_trash_log.cmd
    
    Folder::
    c:\users\Mark\AppData\Roaming\Usukmo
    c:\users\Mark\AppData\Roaming\Mywara
    c:\users\Mark\AppData\Roaming\Aktuot
    c:\users\Mark\AppData\Roaming\Xete
    
    Driver::
    
    Registry::
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  21. Pr011

    Pr011 Newcomer, in training Topic Starter Posts: 66

    ComboFix 12-02-24.02 - Mark 26/02/2012 4:31.2.4 - x86 NETWORK
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2936 [GMT 0:00]
    Running from: c:\users\Mark\Desktop\ComboFix.exe
    Command switches used :: c:\users\Mark\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\windows\system32\dds_trash_log.cmd"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Mark\AppData\Roaming\Aktuot
    c:\users\Mark\AppData\Roaming\Mywara
    c:\users\Mark\AppData\Roaming\Mywara\teif.exa
    c:\users\Mark\AppData\Roaming\Usukmo
    c:\users\Mark\AppData\Roaming\Xete
    c:\windows\system32\dds_trash_log.cmd
    .
    Infected copy of c:\windows\system32\drivers\dfsc.sys was found and disinfected
    Restored copy from - The cat found it :)
    .
    --------------- FCopy ---------------
    .
    c:\windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6000.16386_none_85636be1e930d40a\dfsc.sys --> c:\windows\System32\drivers\dfsc.sys
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-26 04:39 . 2012-02-26 04:39 -------- d-----w- c:\users\Mark\AppData\Local\temp
    2012-02-26 04:39 . 2012-02-26 04:39 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-26 03:14 . 2009-04-10 21:45 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-02-26 01:22 . 2012-02-26 02:01 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes
    2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-24 22:59 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-22 00:17 . 2012-02-22 01:09 -------- d-----w- c:\users\UpdatusUser
    2012-02-22 00:15 . 2012-02-10 04:13 61248 ----a-w- c:\windows\system32\OpenCL.dll
    2012-02-22 00:15 . 2012-02-10 04:13 5892928 ----a-w- c:\windows\system32\nvcuda.dll
    2012-02-22 00:15 . 2012-02-10 04:13 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-02-22 00:15 . 2012-02-10 04:13 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-02-22 00:15 . 2012-02-10 04:13 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
    2012-02-22 00:15 . 2012-02-10 04:13 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-02-22 00:15 . 2012-02-10 04:13 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-02-17 22:47 . 2012-02-17 22:47 -------- d-----w- c:\users\Mark\AppData\Roaming\AVG2012
    2012-02-17 22:44 . 2012-02-25 03:09 -------- d-----w- c:\programdata\AVG2012
    2012-02-17 20:58 . 2012-02-25 02:42 -------- d-----w- c:\programdata\MFAData
    2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-24 22:55 . 2010-09-11 16:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-10 04:13 . 2011-10-17 02:10 881984 ----a-w- c:\windows\system32\nvgenco32.dll
    2012-02-10 04:13 . 2011-10-17 02:10 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
    2012-02-10 04:13 . 2011-02-23 01:57 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
    2012-02-10 04:13 . 2009-06-10 17:33 2301248 ----a-w- c:\windows\system32\nvapi.dll
    2012-02-10 04:13 . 2009-06-10 17:33 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
    2012-02-10 03:02 . 2011-02-23 00:40 3881792 ----a-w- c:\windows\system32\nvcpl.dll
    2012-02-10 03:00 . 2011-02-23 00:39 2719040 ----a-w- c:\windows\system32\nvsvc.dll
    2012-02-10 03:00 . 2011-02-23 00:38 645440 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-02-10 03:00 . 2011-02-23 00:38 108352 ----a-w- c:\windows\system32\nvmctray.dll
    2012-02-10 03:00 . 2009-06-10 08:34 62272 ----a-w- c:\windows\system32\nvshext.dll
    2011-12-02 15:15 . 2011-06-17 13:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-23 68856]
    "Steam"="f:\program files\Steam\steam.exe" [2011-08-02 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
    "DLBTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
    "Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-6-9 2042088]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
    NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [2005-8-31 1691648]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Agent.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
    backup=c:\windows\pss\Update Agent.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
    2008-11-04 11:40 2087424 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    qmofiltr
    pserve
    vmparport
    k750mdfl
    delldmi
    knobserv
    tvtpktfilter
    datasvr2
    amdk77
    clsched
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-11 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-23 07:15]
    .
    2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
    .
    2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://news.bbc.co.uk/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: mod.uk\www.westminster
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\
    FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/|http://www.hotmail.com/|http://www.facebook.com/
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-26 04:39
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLBTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:95,f0,cb,53,9a,96,d9,c6,ad,ef,7c,3c,7e,8b,6b,a3,ff,28,9d,b4,75,d4,82,
    26,15,8f,b4,41,79,6c,09,51,8c,9d,91,01,67,9b,86,e0,74,e9,a2,47,79,c5,f6,54,\
    "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
    .
    [HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\License information*]
    "datasecu"=hex:a5,92,72,63,87,4c,26,d5,74,ef,71,ff,4a,aa,92,e9,20,64,f7,bc,f8,
    32,3b,d6,50,cc,b4,51,90,1d,35,56,e8,e2,2e,e2,dd,d9,c4,a7,e9,d2,7b,27,af,d3,\
    "rkeysecu"=hex:1e,ae,06,95,0e,65,8d,3b,aa,24,d6,13,54,d5,ef,7b
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-02-26 04:41:09
    ComboFix-quarantined-files.txt 2012-02-26 04:41
    ComboFix2.txt 2012-02-26 03:26
    .
    Pre-Run: 38,619,123,712 bytes free
    Post-Run: 38,584,827,904 bytes free
    .
    - - End Of File - - 9E9BF5642B695815AE4B10B54C3798E2
  22. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Please post new aswMBR and TDSSKiller logs.

    Also see if you can boot to normal mode.
  23. Pr011

    Pr011 Newcomer, in training Topic Starter Posts: 66

    Apologies for the delay. Logs below:

    13:13:10.0311 1208 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
    13:13:10.0443 1208 ============================================================
    13:13:10.0443 1208 Current date / time: 2012/02/26 13:13:10.0443
    13:13:10.0443 1208 SystemInfo:
    13:13:10.0443 1208
    13:13:10.0444 1208 OS Version: 6.0.6002 ServicePack: 2.0
    13:13:10.0444 1208 Product type: Workstation
    13:13:10.0444 1208 ComputerName: MARK-PC
    13:13:10.0444 1208 UserName: Mark
    13:13:10.0444 1208 Windows directory: C:\Windows
    13:13:10.0444 1208 System windows directory: C:\Windows
    13:13:10.0444 1208 Processor architecture: Intel x86
    13:13:10.0444 1208 Number of processors: 4
    13:13:10.0444 1208 Page size: 0x1000
    13:13:10.0444 1208 Boot type: Safe boot with network
    13:13:10.0444 1208 ============================================================
    13:13:11.0484 1208 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    13:13:11.0500 1208 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    13:13:11.0501 1208 \Device\Harddisk0\DR0:
    13:13:11.0501 1208 MBR used
    13:13:11.0501 1208 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
    13:13:11.0501 1208 \Device\Harddisk1\DR1:
    13:13:11.0501 1208 MBR used
    13:13:11.0501 1208 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
    13:13:11.0537 1208 Initialize success
    13:13:11.0537 1208 ============================================================
    13:13:12.0969 1452 ============================================================
    13:13:12.0969 1452 Scan started
    13:13:12.0969 1452 Mode: Manual;
    13:13:12.0969 1452 ============================================================
    13:13:13.0951 1452 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    13:13:13.0953 1452 ACPI - ok
    13:13:14.0028 1452 ADIHdAudAddService (81a61c3fe6f0f8c084c9a80b584cce21) C:\Windows\system32\drivers\ADIHdAud.sys
    13:13:14.0030 1452 ADIHdAudAddService - ok
    13:13:14.0093 1452 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    13:13:14.0095 1452 adp94xx - ok
    13:13:14.0119 1452 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    13:13:14.0121 1452 adpahci - ok
    13:13:14.0138 1452 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    13:13:14.0139 1452 adpu160m - ok
    13:13:14.0164 1452 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    13:13:14.0165 1452 adpu320 - ok
    13:13:14.0244 1452 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    13:13:14.0246 1452 AFD - ok
    13:13:14.0283 1452 AFGMp50 - ok
    13:13:14.0366 1452 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\AFGSp50.sys
    13:13:14.0367 1452 AFGSp50 - ok
    13:13:14.0419 1452 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    13:13:14.0420 1452 agp440 - ok
    13:13:14.0453 1452 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    13:13:14.0453 1452 aic78xx - ok
    13:13:14.0492 1452 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    13:13:14.0492 1452 aliide - ok
    13:13:14.0537 1452 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    13:13:14.0538 1452 amdagp - ok
    13:13:14.0553 1452 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    13:13:14.0554 1452 amdide - ok
    13:13:14.0576 1452 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    13:13:14.0577 1452 AmdK7 - ok
    13:13:14.0627 1452 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    13:13:14.0628 1452 AmdK8 - ok
    13:13:14.0676 1452 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    13:13:14.0677 1452 arc - ok
    13:13:14.0725 1452 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    13:13:14.0725 1452 arcsas - ok
    13:13:14.0760 1452 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    13:13:14.0761 1452 AsyncMac - ok
    13:13:14.0794 1452 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    13:13:14.0794 1452 atapi - ok
    13:13:14.0862 1452 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    13:13:14.0863 1452 Beep - ok
    13:13:14.0899 1452 blbdrive - ok
    13:13:14.0940 1452 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    13:13:14.0941 1452 bowser - ok
    13:13:14.0982 1452 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    13:13:14.0982 1452 BrFiltLo - ok
    13:13:15.0007 1452 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    13:13:15.0007 1452 BrFiltUp - ok
    13:13:15.0038 1452 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    13:13:15.0038 1452 Brserid - ok
    13:13:15.0061 1452 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    13:13:15.0062 1452 BrSerWdm - ok
    13:13:15.0084 1452 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    13:13:15.0085 1452 BrUsbMdm - ok
    13:13:15.0101 1452 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    13:13:15.0101 1452 BrUsbSer - ok
    13:13:15.0122 1452 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    13:13:15.0122 1452 BTHMODEM - ok
    13:13:15.0206 1452 catchme - ok
    13:13:15.0259 1452 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    13:13:15.0260 1452 cdfs - ok
    13:13:15.0307 1452 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    13:13:15.0308 1452 cdrom - ok
    13:13:15.0350 1452 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    13:13:15.0351 1452 circlass - ok
    13:13:15.0397 1452 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    13:13:15.0399 1452 CLFS - ok
    13:13:15.0424 1452 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    13:13:15.0424 1452 cmdide - ok
    13:13:15.0446 1452 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
    13:13:15.0446 1452 Compbatt - ok
    13:13:15.0470 1452 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    13:13:15.0470 1452 crcdisk - ok
    13:13:15.0502 1452 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    13:13:15.0502 1452 Crusoe - ok
    13:13:15.0585 1452 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
    13:13:15.0586 1452 DfsC - ok
    13:13:15.0667 1452 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    13:13:15.0667 1452 disk - ok
    13:13:15.0760 1452 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    13:13:15.0761 1452 Dot4 - ok
    13:13:15.0824 1452 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    13:13:15.0824 1452 Dot4Print - ok
    13:13:15.0858 1452 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    13:13:15.0859 1452 dot4usb - ok
    13:13:15.0907 1452 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    13:13:15.0907 1452 drmkaud - ok
    13:13:15.0961 1452 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    13:13:15.0965 1452 DXGKrnl - ok
    13:13:16.0002 1452 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    13:13:16.0002 1452 E1G60 - ok
    13:13:16.0062 1452 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    13:13:16.0063 1452 Ecache - ok
    13:13:16.0116 1452 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    13:13:16.0118 1452 elxstor - ok
    13:13:16.0178 1452 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    13:13:16.0179 1452 exfat - ok
    13:13:16.0226 1452 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    13:13:16.0227 1452 fastfat - ok
    13:13:16.0266 1452 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    13:13:16.0266 1452 fdc - ok
    13:13:16.0326 1452 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    13:13:16.0327 1452 FileInfo - ok
    13:13:16.0380 1452 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    13:13:16.0381 1452 Filetrace - ok
    13:13:16.0407 1452 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    13:13:16.0407 1452 flpydisk - ok
    13:13:16.0464 1452 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    13:13:16.0465 1452 FltMgr - ok
    13:13:16.0510 1452 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    13:13:16.0510 1452 Fs_Rec - ok
    13:13:16.0558 1452 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    13:13:16.0558 1452 gagp30kx - ok
    13:13:16.0660 1452 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    13:13:16.0661 1452 HdAudAddService - ok
    13:13:16.0707 1452 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    13:13:16.0710 1452 HDAudBus - ok
    13:13:16.0733 1452 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    13:13:16.0733 1452 HidBth - ok
    13:13:16.0753 1452 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    13:13:16.0754 1452 HidIr - ok
    13:13:16.0816 1452 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    13:13:16.0816 1452 HidUsb - ok
    13:13:16.0847 1452 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    13:13:16.0847 1452 HpCISSs - ok
    13:13:16.0926 1452 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    13:13:16.0928 1452 HTTP - ok
    13:13:16.0983 1452 hwdatacard (4154079a88089155d10168333b19627f) C:\Windows\system32\DRIVERS\ewusbmdm.sys
    13:13:16.0983 1452 hwdatacard - ok
    13:13:16.0997 1452 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    13:13:16.0997 1452 i2omp - ok
    13:13:17.0055 1452 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    13:13:17.0055 1452 i8042prt - ok
    13:13:17.0087 1452 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    13:13:17.0089 1452 iaStorV - ok
    13:13:17.0112 1452 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    13:13:17.0112 1452 iirsp - ok
    13:13:17.0139 1452 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    13:13:17.0139 1452 intelide - ok
    13:13:17.0184 1452 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    13:13:17.0185 1452 intelppm - ok
    13:13:17.0242 1452 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    13:13:17.0242 1452 IpFilterDriver - ok
    13:13:17.0257 1452 IpInIp - ok
    13:13:17.0296 1452 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    13:13:17.0296 1452 IPMIDRV - ok
    13:13:17.0337 1452 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    13:13:17.0338 1452 IPNAT - ok
    13:13:17.0373 1452 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    13:13:17.0373 1452 IRENUM - ok
    13:13:17.0398 1452 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    13:13:17.0398 1452 isapnp - ok
    13:13:17.0444 1452 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    13:13:17.0446 1452 iScsiPrt - ok
    13:13:17.0470 1452 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    13:13:17.0470 1452 iteatapi - ok
    13:13:17.0511 1452 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    13:13:17.0511 1452 iteraid - ok
    13:13:17.0590 1452 jbridgep - ok
    13:13:17.0624 1452 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    13:13:17.0624 1452 kbdclass - ok
    13:13:17.0652 1452 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    13:13:17.0653 1452 kbdhid - ok
    13:13:17.0730 1452 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
    13:13:17.0733 1452 KSecDD - ok
    13:13:17.0779 1452 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    13:13:17.0779 1452 lltdio - ok
    13:13:17.0819 1452 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    13:13:17.0820 1452 LSI_FC - ok
    13:13:17.0846 1452 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    13:13:17.0847 1452 LSI_SAS - ok
    13:13:17.0874 1452 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    13:13:17.0874 1452 LSI_SCSI - ok
    13:13:17.0915 1452 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    13:13:17.0916 1452 luafv - ok
    13:13:17.0949 1452 massfilter (6490fe1b088c7199a9b6ce0e04a98a8b) C:\Windows\system32\DRIVERS\massfilter.sys
    13:13:17.0950 1452 massfilter - ok
    13:13:17.0993 1452 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
    13:13:17.0993 1452 MBAMProtector - ok
    13:13:18.0059 1452 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\Windows\system32\mbmiodrvr.sys
    13:13:18.0060 1452 mbmiodrvr - ok
    13:13:18.0120 1452 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    13:13:18.0120 1452 megasas - ok
    13:13:18.0151 1452 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    13:13:18.0151 1452 Modem - ok
    13:13:18.0202 1452 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    13:13:18.0203 1452 monitor - ok
    13:13:18.0233 1452 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    13:13:18.0233 1452 mouclass - ok
    13:13:18.0266 1452 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    13:13:18.0267 1452 mouhid - ok
    13:13:18.0290 1452 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    13:13:18.0291 1452 MountMgr - ok
    13:13:18.0338 1452 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    13:13:18.0339 1452 mpio - ok
    13:13:18.0372 1452 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    13:13:18.0373 1452 mpsdrv - ok
    13:13:18.0403 1452 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    13:13:18.0403 1452 Mraid35x - ok
    13:13:18.0456 1452 MRV6X32P (02b74ba962232ea2a1771aa522143eaa) C:\Windows\system32\DRIVERS\MRVW13B.sys
    13:13:18.0457 1452 MRV6X32P - ok
    13:13:18.0505 1452 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    13:13:18.0506 1452 MRxDAV - ok
    13:13:18.0545 1452 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    13:13:18.0546 1452 mrxsmb - ok
    13:13:18.0596 1452 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    13:13:18.0597 1452 mrxsmb10 - ok
    13:13:18.0618 1452 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    13:13:18.0618 1452 mrxsmb20 - ok
    13:13:18.0648 1452 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    13:13:18.0648 1452 msahci - ok
    13:13:18.0673 1452 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    13:13:18.0674 1452 msdsm - ok
    13:13:18.0723 1452 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    13:13:18.0723 1452 Msfs - ok
    13:13:18.0772 1452 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    13:13:18.0773 1452 msisadrv - ok
    13:13:18.0813 1452 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    13:13:18.0814 1452 MSKSSRV - ok
    13:13:18.0858 1452 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    13:13:18.0858 1452 MSPCLOCK - ok
    13:13:18.0892 1452 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    13:13:18.0892 1452 MSPQM - ok
    13:13:18.0920 1452 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    13:13:18.0921 1452 MsRPC - ok
    13:13:18.0961 1452 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    13:13:18.0962 1452 mssmbios - ok
    13:13:19.0003 1452 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    13:13:19.0003 1452 MSTEE - ok
    13:13:19.0034 1452 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
    13:13:19.0035 1452 MTsensor - ok
    13:13:19.0053 1452 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    13:13:19.0053 1452 Mup - ok
    13:13:19.0101 1452 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    13:13:19.0102 1452 NativeWifiP - ok
    13:13:19.0136 1452 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    13:13:19.0139 1452 NDIS - ok
    13:13:19.0183 1452 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    13:13:19.0183 1452 NdisTapi - ok
    13:13:19.0229 1452 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    13:13:19.0230 1452 Ndisuio - ok
    13:13:19.0261 1452 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    13:13:19.0262 1452 NdisWan - ok
    13:13:19.0302 1452 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    13:13:19.0303 1452 NDProxy - ok
    13:13:19.0388 1452 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    13:13:19.0388 1452 NetBIOS - ok
    13:13:19.0461 1452 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\drivers\netbt.sys
    13:13:19.0462 1452 netbt - ok
    13:13:19.0511 1452 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    13:13:19.0511 1452 nfrd960 - ok
    13:13:19.0555 1452 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    13:13:19.0556 1452 Npfs - ok
    13:13:19.0595 1452 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    13:13:19.0595 1452 nsiproxy - ok
    13:13:19.0659 1452 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    13:13:19.0665 1452 Ntfs - ok
    13:13:19.0690 1452 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    13:13:19.0690 1452 ntrigdigi - ok
    13:13:19.0758 1452 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
    13:13:19.0758 1452 NuidFltr - ok
    13:13:19.0796 1452 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    13:13:19.0796 1452 Null - ok
    13:13:19.0870 1452 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
    13:13:19.0875 1452 NVENETFD - ok
    13:13:20.0148 1452 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    13:13:20.0204 1452 nvlddmkm - ok
    13:13:20.0240 1452 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    13:13:20.0240 1452 nvraid - ok
    13:13:20.0284 1452 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
    13:13:20.0285 1452 nvstor - ok
    13:13:20.0326 1452 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
    13:13:20.0327 1452 nvstor32 - ok
    13:13:20.0389 1452 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    13:13:20.0390 1452 nv_agp - ok
    13:13:20.0403 1452 NwlnkFlt - ok
    13:13:20.0416 1452 NwlnkFwd - ok
    13:13:20.0471 1452 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    13:13:20.0472 1452 ohci1394 - ok
    13:13:20.0501 1452 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    13:13:20.0502 1452 Parport - ok
    13:13:20.0544 1452 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    13:13:20.0544 1452 partmgr - ok
    13:13:20.0571 1452 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    13:13:20.0571 1452 Parvdm - ok
    13:13:20.0602 1452 PCASp50 - ok
    13:13:20.0648 1452 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    13:13:20.0649 1452 pci - ok
    13:13:20.0709 1452 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    13:13:20.0710 1452 pciide - ok
    13:13:20.0744 1452 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    13:13:20.0745 1452 pcmcia - ok
    13:13:20.0804 1452 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    13:13:20.0809 1452 PEAUTH - ok
    13:13:20.0891 1452 Point32 (5b6f99087cc1342b3d193e8155f26b6f) C:\Windows\system32\DRIVERS\point32k.sys
    13:13:20.0891 1452 Point32 - ok
    13:13:20.0931 1452 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    13:13:20.0931 1452 PptpMiniport - ok
    13:13:20.0957 1452 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    13:13:20.0957 1452 Processor - ok
    13:13:21.0022 1452 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    13:13:21.0022 1452 PSched - ok
    13:13:21.0089 1452 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    13:13:21.0094 1452 ql2300 - ok
    13:13:21.0123 1452 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    13:13:21.0124 1452 ql40xx - ok
    13:13:21.0165 1452 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    13:13:21.0165 1452 QWAVEdrv - ok
    13:13:21.0216 1452 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    13:13:21.0217 1452 RasAcd - ok
    13:13:21.0253 1452 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    13:13:21.0254 1452 Rasl2tp - ok
    13:13:21.0302 1452 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    13:13:21.0302 1452 RasPppoe - ok
    13:13:21.0327 1452 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    13:13:21.0327 1452 RasSstp - ok
    13:13:21.0378 1452 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    13:13:21.0380 1452 rdbss - ok
    13:13:21.0430 1452 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    13:13:21.0431 1452 RDPCDD - ok
    13:13:21.0479 1452 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    13:13:21.0480 1452 rdpdr - ok
    13:13:21.0493 1452 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    13:13:21.0494 1452 RDPENCDD - ok
    13:13:21.0531 1452 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    13:13:21.0532 1452 RDPWD - ok
    13:13:21.0576 1452 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    13:13:21.0576 1452 rspndr - ok
    13:13:21.0599 1452 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    13:13:21.0600 1452 sbp2port - ok
    13:13:21.0654 1452 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    13:13:21.0654 1452 secdrv - ok
    13:13:21.0686 1452 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    13:13:21.0687 1452 Serenum - ok
    13:13:21.0713 1452 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    13:13:21.0714 1452 Serial - ok
    13:13:21.0755 1452 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    13:13:21.0756 1452 sermouse - ok
    13:13:21.0783 1452 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    13:13:21.0784 1452 sffdisk - ok
    13:13:21.0812 1452 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    13:13:21.0813 1452 sffp_mmc - ok
    13:13:21.0835 1452 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    13:13:21.0835 1452 sffp_sd - ok
    13:13:21.0860 1452 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    13:13:21.0861 1452 sfloppy - ok
    13:13:21.0895 1452 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    13:13:21.0896 1452 sisagp - ok
    13:13:21.0930 1452 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    13:13:21.0931 1452 SiSRaid2 - ok
    13:13:21.0956 1452 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    13:13:21.0957 1452 SiSRaid4 - ok
    13:13:22.0001 1452 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    13:13:22.0002 1452 Smb - ok
    13:13:22.0049 1452 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    13:13:22.0049 1452 spldr - ok
    13:13:22.0100 1452 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
    13:13:22.0100 1452 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
    13:13:22.0121 1452 sptd ( LockedFile.Multi.Generic ) - warning
    13:13:22.0121 1452 sptd - detected LockedFile.Multi.Generic (1)
    13:13:22.0162 1452 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    13:13:22.0164 1452 srv - ok
    13:13:22.0208 1452 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    13:13:22.0209 1452 srv2 - ok
    13:13:22.0249 1452 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    13:13:22.0250 1452 srvnet - ok
    13:13:22.0329 1452 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    13:13:22.0329 1452 swenum - ok
    13:13:22.0378 1452 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    13:13:22.0378 1452 Symc8xx - ok
    13:13:22.0404 1452 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    13:13:22.0405 1452 Sym_hi - ok
    13:13:22.0429 1452 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    13:13:22.0430 1452 Sym_u3 - ok
    13:13:22.0487 1452 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
    13:13:22.0491 1452 Tcpip - ok
    13:13:22.0528 1452 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
    13:13:22.0534 1452 Tcpip6 - ok
    13:13:22.0576 1452 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    13:13:22.0576 1452 tcpipreg - ok
    13:13:22.0612 1452 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    13:13:22.0613 1452 TDPIPE - ok
    13:13:22.0637 1452 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    13:13:22.0638 1452 TDTCP - ok
    13:13:22.0676 1452 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    13:13:22.0676 1452 tdx - ok
    13:13:22.0719 1452 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    13:13:22.0720 1452 TermDD - ok
    13:13:22.0753 1452 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    13:13:22.0753 1452 tssecsrv - ok
    13:13:22.0818 1452 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    13:13:22.0819 1452 tunmp - ok
    13:13:22.0855 1452 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    13:13:22.0856 1452 tunnel - ok
    13:13:22.0899 1452 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    13:13:22.0900 1452 uagp35 - ok
    13:13:22.0942 1452 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    13:13:22.0943 1452 udfs - ok
    13:13:22.0979 1452 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    13:13:22.0980 1452 uliagpkx - ok
    13:13:23.0007 1452 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    13:13:23.0008 1452 uliahci - ok
    13:13:23.0028 1452 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    13:13:23.0028 1452 UlSata - ok
    13:13:23.0049 1452 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    13:13:23.0050 1452 ulsata2 - ok
    13:13:23.0089 1452 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    13:13:23.0089 1452 umbus - ok
    13:13:23.0155 1452 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    13:13:23.0156 1452 usbccgp - ok
    13:13:23.0190 1452 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    13:13:23.0191 1452 usbcir - ok
    13:13:23.0222 1452 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    13:13:23.0223 1452 usbehci - ok
    13:13:23.0266 1452 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    13:13:23.0267 1452 usbhub - ok
    13:13:23.0297 1452 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
    13:13:23.0298 1452 usbohci - ok
    13:13:23.0318 1452 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    13:13:23.0319 1452 usbprint - ok
    13:13:23.0374 1452 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    13:13:23.0375 1452 usbscan - ok
    13:13:23.0399 1452 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    13:13:23.0399 1452 USBSTOR - ok
    13:13:23.0424 1452 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
    13:13:23.0424 1452 usbuhci - ok
    13:13:23.0455 1452 USB_RNDIS (830d5d8456b822c1247c1e59b4c464fa) C:\Windows\system32\DRIVERS\usb8023.sys
    13:13:23.0456 1452 USB_RNDIS - ok
    13:13:23.0499 1452 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    13:13:23.0499 1452 vga - ok
    13:13:23.0539 1452 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    13:13:23.0540 1452 VgaSave - ok
    13:13:23.0568 1452 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    13:13:23.0568 1452 viaagp - ok
    13:13:23.0590 1452 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    13:13:23.0591 1452 ViaC7 - ok
    13:13:23.0616 1452 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    13:13:23.0616 1452 viaide - ok
    13:13:23.0655 1452 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    13:13:23.0656 1452 volmgr - ok
    13:13:23.0705 1452 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    13:13:23.0707 1452 volmgrx - ok
    13:13:23.0748 1452 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    13:13:23.0749 1452 volsnap - ok
    13:13:23.0784 1452 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    13:13:23.0785 1452 vsmraid - ok
    13:13:23.0819 1452 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    13:13:23.0820 1452 WacomPen - ok
    13:13:23.0853 1452 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    13:13:23.0854 1452 Wanarp - ok
    13:13:23.0876 1452 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    13:13:23.0876 1452 Wanarpv6 - ok
    13:13:23.0906 1452 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    13:13:23.0907 1452 Wd - ok
    13:13:23.0952 1452 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    13:13:23.0954 1452 Wdf01000 - ok
    13:13:24.0045 1452 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    13:13:24.0046 1452 WmiAcpi - ok
    13:13:24.0085 1452 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    13:13:24.0086 1452 WpdUsb - ok
    13:13:24.0122 1452 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    13:13:24.0123 1452 ws2ifsl - ok
    13:13:24.0167 1452 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    13:13:24.0168 1452 WUDFRd - ok
    13:13:24.0240 1452 ZTEusbmdm6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
    13:13:24.0241 1452 ZTEusbmdm6k - ok
    13:13:24.0308 1452 ZTEusbnmea (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
    13:13:24.0309 1452 ZTEusbnmea - ok
    13:13:24.0363 1452 ZTEusbser6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
    13:13:24.0364 1452 ZTEusbser6k - ok
    13:13:24.0410 1452 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    13:13:24.0456 1452 \Device\Harddisk0\DR0 - ok
    13:13:24.0467 1452 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
    13:13:24.0509 1452 \Device\Harddisk1\DR1 - ok
    13:13:24.0511 1452 Boot (0x1200) (0764067473881a4af3236f319ce802b5) \Device\Harddisk0\DR0\Partition0
    13:13:24.0512 1452 \Device\Harddisk0\DR0\Partition0 - ok
    13:13:24.0514 1452 Boot (0x1200) (21fa605b69522b273bd08e3b52a2ee70) \Device\Harddisk1\DR1\Partition0
    13:13:24.0515 1452 \Device\Harddisk1\DR1\Partition0 - ok
    13:13:24.0515 1452 ============================================================
    13:13:24.0515 1452 Scan finished
    13:13:24.0515 1452 ============================================================
    13:13:24.0522 0280 Detected object count: 1
    13:13:24.0523 0280 Actual detected object count: 1
    13:13:31.0238 0280 sptd ( LockedFile.Multi.Generic ) - skipped by user
    13:13:31.0238 0280 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
  24. Pr011

    Pr011 Newcomer, in training Topic Starter Posts: 66

    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-26 13:01:10
    -----------------------------
    13:01:10.561 OS Version: Windows 6.0.6002 Service Pack 2
    13:01:10.561 Number of processors: 4 586 0xF0B
    13:01:10.562 ComputerName: MARK-PC UserName: Mark
    13:01:11.149 Initialize success
    13:05:05.446 AVAST engine defs: 12022602
    13:08:29.168 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1
    13:08:29.171 Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
    13:08:29.173 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005a
    13:08:29.176 Disk 1 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 6
    13:08:29.207 Disk 0 MBR read successfully
    13:08:29.211 Disk 0 MBR scan
    13:08:29.216 Disk 0 Windows VISTA default MBR code
    13:08:29.220 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 2048
    13:08:29.227 Disk 0 scanning sectors +312578048
    13:08:29.302 Disk 0 scanning C:\Windows\system32\drivers
    13:08:37.702 Service scanning
    13:08:50.092 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    13:08:55.321 Modules scanning
    13:08:59.436 Disk 0 trace - called modules:
    13:08:59.450 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85bcb1f8]<<
    13:08:59.466 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a3a2c0]
    13:08:59.473 3 CLASSPNP.SYS[8b5aa8b3] -> nt!IofCallDriver -> [0x85c3a598]
    13:08:59.480 5 acpi.sys[807bc6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-1[0x85c7b8a0]
    13:08:59.487 \Driver\atapi[0x85c3e6e8] -> IRP_MJ_CREATE -> 0x85bcb1f8
    13:09:00.459 AVAST engine scan C:\Windows
    13:09:02.935 AVAST engine scan C:\Windows\system32
    13:11:24.873 AVAST engine scan C:\Windows\system32\drivers
    13:11:34.875 AVAST engine scan C:\Users\Mark
    13:13:02.760 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
    13:13:02.766 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"
  25. Pr011

    Pr011 Newcomer, in training Topic Starter Posts: 66

    The machine has booted normally :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.