Solved Google won't open correct links

[sspsyc]

When trying to open a link from google, it sends me to a totally different web page. I think it may be extending to Wikipedia as well. It is happening in Safari, Firefox, IE, and Google Chrome.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[sspsyc]

log from MBAM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122205

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

23/12/2011 10:13:56 AM
mbam-log-2011-12-23 (10-13-56).txt

Scan type: Quick scan
Objects scanned: 206996
Time elapsed: 13 minute(s), 35 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
c:\program files\common files\ArcSoft\connection service\Bin\acservice.exe (Trojan.PatchLoad) -> 2024 -> Unloaded process successfully.
c:\Users\Leah\AppData\Roaming\dpapgraf.exe (Trojan.Agent.MVO) -> 3648 -> Unloaded process successfully.

Memory Modules Infected:
c:\programdata\Windows\msdr.dll (Trojan.Downloader.bh) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACDaemon (Trojan.PatchLoad) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887} (Trojan.Downloader.bh) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jusched (Trojan.Agent.MVO) -> Value: jusched -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dpapgraf.exe (Trojan.Agent.MVO) -> Value: dpapgraf.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{E6595601-73B9-D849-0FDC-EEF58AB1291A} (Trojan.ZbotR.Gen) -> Value: {E6595601-73B9-D849-0FDC-EEF58AB1291A} -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{496ED063-7D84-AD7E-3F13-AB11014A880C} (Trojan.ZbotR.Gen) -> Value: {496ED063-7D84-AD7E-3F13-AB11014A880C} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\helpctrl.exe (Trojan.Agent.MVO) -> Value: helpctrl.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\common files\ArcSoft\connection service\Bin\acservice.exe (Trojan.PatchLoad) -> Quarantined and deleted successfully.
c:\programdata\Windows\msdr.dll (Trojan.Downloader.bh) -> Quarantined and deleted successfully.
c:\$RECYCLE.BIN\s-1-5-21-2194405111-3823188689-1545664750-1003\$RP4J4M3.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
c:\Users\Leah\AppData\Local\Temp\0.24371585273919405.exe (Trojan.FakeCC) -> Quarantined and deleted successfully.
c:\Users\Leah\AppData\Local\Temp\80dq587l.tmp\setup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
c:\Users\Leah\AppData\Local\Temp\kn891d4p.tmp\downloadsetup (11).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
c:\Users\Leah\local settings\application data\rkr.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
c:\Users\Leah\AppData\Roaming\dpapgraf.exe (Trojan.Agent.MVO) -> Quarantined and deleted successfully.
c:\Users\Leah\AppData\Roaming\Uckul\ydynno.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
c:\programdata\helpctrl.exe (Trojan.Agent.MVO) -> Quarantined and deleted successfully.

 

[sspsyc]

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Leah at 10:49:36 on 2011-12-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.2044.988 [GMT 10:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Norton Utilities 14\RMTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Leah\AppData\Local\Akamai\netsession_win.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Leah\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=91&bd=Presario&pf=cnnb
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.3.6\IPSBHO.DLL
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [NortonUtilities] c:\program files\norton utilities 14\RMTray.exe /H
uRun: [AdobeBridge]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Akamai NetSession Interface] "c:\users\leah\appdata\local\akamai\netsession_win.exe"
uRun: [\helpctrl.exe] c:\programdata\helpctrl.exe
uRun: [\dpapgraf.exe] c:\users\leah\appdata\roaming\dpapgraf.exe
uRun: [{E6595601-73B9-D849-0FDC-EEF58AB1291A}] c:\users\leah\appdata\roaming\uckul\ydynno.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Yahoo Messenger]
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\users\leah\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-au\local\search.html
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-au.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.warwick.ac.uk/newwebcam/AxisCamControl.ocx
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-au.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{07866014-B361-449E-B9D3-18691E21F589} : DhcpNameServer = 123.200.191.17 123.200.191.18
TCP: Interfaces\{7500193E-71FE-4BF8-B24A-C02C79F7EF0B} : DhcpNameServer = 123.200.191.17 123.200.191.18
TCP: Interfaces\{8C7E7665-25E1-45F8-827D-BD2B4630227D} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{F6AA36DF-35CE-4EA1-AA2F-56D979241D5D} : DhcpNameServer = 10.0.0.1
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.3.6\CoIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\leah\appdata\roaming\mozilla\firefox\profiles\us8cy4us.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.http - 206.210.225.240
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008030.006\SymEFA.sys [2011-10-11 310320]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-23 36000]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008030.006\BHDrvx86.sys [2011-10-11 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys [2011-10-11 467592]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110801.030\IDSvix86.sys [2011-8-2 367736]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-23 74640]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-12-21 793048]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-27 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-27 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-6-10 43040]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-23 86224]
S2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-23 110032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.3.6\ccSvcHst.exe [2011-10-11 117648]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-3-15 112640]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-9 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-12-23 00:27:16 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-22 23:58:45 -------- d-----w- c:\users\leah\appdata\roaming\Avira
2011-12-22 23:21:44 -------- d-----w- c:\users\leah\appdata\roaming\Malwarebytes
2011-12-22 23:21:27 -------- d-----w- c:\programdata\Malwarebytes
2011-12-22 23:21:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-22 23:21:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-22 23:15:24 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-22 23:15:24 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-22 23:15:18 -------- d-----w- c:\programdata\Avira
2011-12-22 23:15:18 -------- d-----w- c:\program files\Avira
2011-12-21 02:39:34 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-12-21 02:39:33 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-12-21 02:39:29 -------- d-----w- c:\program files\common files\PC Tools
2011-12-21 02:39:27 -------- d-----w- c:\program files\PC Tools Registry Mechanic
2011-12-20 23:26:50 -------- d-----w- c:\programdata\DivX
2011-12-18 07:50:05 -------- d--h--w- c:\programdata\Common Files
2011-12-18 07:49:44 -------- d-----w- c:\programdata\MFAData
2011-12-18 02:52:13 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-12-18 02:46:21 -------- d-sh--w- c:\users\leah\appdata\local\1cf6efbe
2011-12-17 20:58:24 -------- d-----w- c:\users\leah\appdata\roaming\MediaWmplay
2011-12-16 22:30:40 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{967eab1c-b051-433f-9fea-fd7e68ea8699}\mpengine.dll
2011-12-15 23:45:06 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 23:45:06 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 23:45:04 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 23:45:02 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 23:45:01 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-15 23:44:53 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 23:42:53 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-10 23:27:22 -------- d-----w- c:\users\leah\appdata\roaming\Uckul
2011-12-10 23:27:22 -------- d-----w- c:\users\leah\appdata\roaming\Doizwaq
2011-12-04 07:38:21 -------- d-----w- c:\programdata\Windows
2011-11-24 09:43:52 -------- d-----w- c:\users\leah\appdata\roaming\Ikbiby
2011-11-24 09:43:52 -------- d-----w- c:\users\leah\appdata\roaming\Evfyw
.
==================== Find3M ====================
.
2011-11-19 11:02:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-24 04:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 04:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-11 07:24:05 467592 ----a-w- c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys
.
============= FINISH: 10:50:35.37 ===============

 

[sspsyc]

Attach. txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/02/2009 8:25:11 PM
System Uptime: 23/12/2011 10:33:22 AM (0 hours ago)
.
Motherboard: Wistron | | 3617
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 1200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 158.253 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.847 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C4500 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C4500 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Nokia 6500s-1
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6500s-1
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
32 Bit HP CIO Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.1)
Adobe Shockwave Player
Akamai NetSession Interface
Akamai NetSession Interface Service
AOL Toolbar 5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Atheros Driver Installation Program
Audacity 1.3.13 (Unicode)
AutoUpdate
Avira Free Antivirus
Bing Bar
BitComet 1.12
Bonjour
BufferChm
Business Contact Manager for Outlook 2007 SP2
C4580
C4580_Help
Cards_Calendar_OrderGift_DoMorePlugout
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HD Audio
Copy
CyberLink DVD Suite
CyberLink YouCam
D3DX10
Destinations
DeviceDiscovery
DeviceManagementQFolder
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DivX Web Player
DJ_AIO_06_F2400_SW_Min
DocProc
DocProcQFolder
doPDF 7.2 printer
EPSON Printer Software
ESU for Microsoft Vista
F2400
Feedback Tool
Google Chrome
Google Earth
Google Quick Search Box
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Graboid Video 2.3
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Imaging Device Functions 13.0
HP Photosmart C4500 All-In-One Driver Software 11.0 Rel .4
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Print Projects 1.0
HP Quick Launch Buttons 6.40 H2
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPPhotoGadget
HPPhotoSmartPhotobookWebPack1
hpPrintProjects
HPProductAssistant
HPSSupply
HPTCSSetup
hpWLPGInstaller
iCloud
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 7
Junk Mail filter update
LabelPrint
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetWaiting
Network
Nokia Connectivity Cable Driver
Nokia PC Suite
Norton Internet Security
Norton Utilities
NVIDIA Drivers
OCR Software by I.R.I.S. 11.0
OGA Notifier 2.0.0048.0
PanoStandAlone
PC Connectivity Solution
PC Tools Registry Mechanic 11.0
PDF Settings CS5
Power2Go
PowerDirector
PS_AIO_04_C4580_ProductContext
PS_AIO_04_C4580_Software
PS_AIO_04_C4580_Software_Min
PSSWCORE
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Safari
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Shop for HP Supplies
Skype™ 5.3
SmartWebPrinting
SoftStylus
SolutionCenter
SPORE Creature Creator Trial Edition
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VC80CRTRedist - 8.0.50727.6195
VideoToolkit01
Virgin Mobile
VLC media player 1.0.1
WebReg
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
23/12/2011 9:49:25 AM, Error: EventLog [6008] - The previous system shutdown at 9:46:32 AM on 23/12/2011 was unexpected.
23/12/2011 9:17:18 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: Access is denied.
23/12/2011 9:17:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
23/12/2011 7:29:14 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.0.0.2 for the Network Card with network address 00242B2B114C has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
23/12/2011 7:27:36 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.0.0.2 with the system having network hardware address 00-1F-3A-53-18-32. Network operations on this system may be disrupted as a result.
23/12/2011 10:37:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
23/12/2011 10:37:00 AM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
23/12/2011 10:35:11 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
23/12/2011 10:35:11 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
23/12/2011 10:35:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
23/12/2011 10:35:02 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
23/12/2011 10:35:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.
23/12/2011 10:35:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Avira Scheduler service to connect.
23/12/2011 10:35:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Avira Realtime Protection service to connect.
23/12/2011 10:35:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
23/12/2011 10:35:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
23/12/2011 10:35:02 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
23/12/2011 10:35:02 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
23/12/2011 10:35:02 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
23/12/2011 10:35:02 AM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: Norton Internet Security is not a valid Win32 application.
23/12/2011 10:35:02 AM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
23/12/2011 10:35:02 AM, Error: Service Control Manager [7000] - The Avira Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
23/12/2011 10:35:02 AM, Error: Service Control Manager [7000] - The Avira Realtime Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
23/12/2011 10:35:02 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
23/12/2011 10:35:01 AM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
23/12/2011 10:33:51 AM, Error: EventLog [6008] - The previous system shutdown at 10:31:09 AM on 23/12/2011 was unexpected.
23/12/2011 10:13:56 AM, Error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s).
21/12/2011 8:35:02 AM, Error: EventLog [6008] - The previous system shutdown at 1:01:16 PM on 20/12/2011 was unexpected.
21/12/2011 4:56:52 PM, Error: EventLog [6008] - The previous system shutdown at 4:54:01 PM on 21/12/2011 was unexpected.
21/12/2011 3:03:40 PM, Error: EventLog [6008] - The previous system shutdown at 3:00:45 PM on 21/12/2011 was unexpected.
21/12/2011 12:33:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Office Source Engine service to connect.
21/12/2011 12:33:50 PM, Error: Service Control Manager [7000] - The Office Source Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
21/12/2011 12:20:05 PM, Error: EventLog [6008] - The previous system shutdown at 10:15:40 AM on 21/12/2011 was unexpected.
21/12/2011 10:09:04 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Ken-the-Koala\Leah SID (S-1-5-21-2194405111-3823188689-1545664750-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
20/12/2011 6:39:56 AM, Error: EventLog [6008] - The previous system shutdown at 6:38:26 AM on 20/12/2011 was unexpected.
20/12/2011 6:13:59 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.0.0.3 for the Network Card with network address 00242B2B114C has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
19/12/2011 8:10:58 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.0.0.4 for the Network Card with network address 00242B2B114C has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
18/12/2011 7:02:49 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
18/12/2011 3:33:29 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {4991D34B-80A1-4291-83B6-3328366B9097} to the user Ken-the-Koala\Leah SID (S-1-5-21-2194405111-3823188689-1545664750-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
17/12/2011 8:12:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
17/12/2011 8:12:29 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
17/12/2011 8:05:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================

 

[Broni]

I still need GMER log.

 

[sspsyc]

oops sorry - Gmer

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-23 10:45:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT1 rev.13.01A13
Running: xhsw3bg0.exe; Driver: C:\Users\Leah\AppData\Local\Temp\pwdirpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:348] 8E3EEE40
Thread System [4:352] 8E3EEE40
Thread System [4:356] 872CD520
Thread System [4:360] 872CD520

---- EOF - GMER 1.0.15 ----

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[sspsyc]

I have 2 logs, here is the first

15:47:03.0012 5904 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
15:47:04.0001 5904 ============================================================
15:47:04.0001 5904 Current date / time: 2011/12/24 15:47:04.0001
15:47:04.0001 5904 SystemInfo:
15:47:04.0001 5904
15:47:04.0001 5904 OS Version: 6.0.6002 ServicePack: 2.0
15:47:04.0001 5904 Product type: Workstation
15:47:04.0001 5904 ComputerName: KEN-THE-KOALA
15:47:04.0001 5904 UserName: Leah
15:47:04.0001 5904 Windows directory: C:\Windows
15:47:04.0002 5904 System windows directory: C:\Windows
15:47:04.0002 5904 Processor architecture: Intel x86
15:47:04.0002 5904 Number of processors: 2
15:47:04.0002 5904 Page size: 0x1000
15:47:04.0002 5904 Boot type: Normal boot
15:47:04.0002 5904 ============================================================
15:47:07.0899 5904 Initialize success
15:47:21.0874 5232 ============================================================
15:47:21.0874 5232 Scan started
15:47:21.0874 5232 Mode: Manual;
15:47:21.0874 5232 ============================================================
15:47:25.0845 5232 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:47:25.0851 5232 ACPI - ok
15:47:25.0955 5232 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:47:25.0965 5232 adp94xx - ok
15:47:25.0984 5232 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:47:25.0991 5232 adpahci - ok
15:47:26.0028 5232 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:47:26.0031 5232 adpu160m - ok
15:47:26.0047 5232 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:47:26.0051 5232 adpu320 - ok
15:47:26.0121 5232 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:47:26.0129 5232 AFD - ok
15:47:26.0178 5232 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:47:26.0183 5232 agp440 - ok
15:47:26.0225 5232 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:47:26.0227 5232 aic78xx - ok
15:47:26.0378 5232 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
15:47:26.0378 5232 aliide - ok
15:47:26.0418 5232 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:47:26.0422 5232 amdagp - ok
15:47:26.0436 5232 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
15:47:26.0436 5232 amdide - ok
15:47:26.0480 5232 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:47:26.0483 5232 AmdK7 - ok
15:47:26.0513 5232 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:47:26.0517 5232 AmdK8 - ok
15:47:26.0694 5232 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:47:26.0696 5232 arc - ok
15:47:26.0771 5232 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:47:26.0773 5232 arcsas - ok
15:47:26.0813 5232 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:47:26.0816 5232 AsyncMac - ok
15:47:26.0857 5232 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:47:26.0857 5232 atapi - ok
15:47:26.0972 5232 athr (c8bb2e935a5d195692140e795ea9ac14) C:\Windows\system32\DRIVERS\athr.sys
15:47:27.0094 5232 athr - ok
15:47:27.0211 5232 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
15:47:27.0212 5232 avgntflt - ok
15:47:27.0586 5232 avipbb (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
15:47:27.0588 5232 avipbb - ok
15:47:27.0667 5232 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
15:47:27.0668 5232 avkmgr - ok
15:47:27.0913 5232 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:47:27.0914 5232 Beep - ok
15:47:28.0724 5232 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\Windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys
15:47:28.0727 5232 BHDrvx86 - ok
15:47:28.0817 5232 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:47:28.0820 5232 blbdrive - ok
15:47:28.0955 5232 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:47:28.0958 5232 bowser - ok
15:47:29.0550 5232 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:47:29.0723 5232 BrFiltLo - ok
15:47:29.0805 5232 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:47:29.0808 5232 BrFiltUp - ok
15:47:31.0505 5232 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:47:31.0666 5232 Brserid - ok
15:47:32.0094 5232 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:47:32.0097 5232 BrSerWdm - ok
15:47:32.0360 5232 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:47:32.0362 5232 BrUsbMdm - ok
15:47:32.0388 5232 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:47:32.0391 5232 BrUsbSer - ok
15:47:32.0637 5232 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:47:32.0639 5232 BTHMODEM - ok
15:47:32.0787 5232 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
15:47:32.0789 5232 BVRPMPR5 - ok
15:47:33.0667 5232 ccHP (3182b846490dc4d71fabd4a8cb6b73ea) C:\Windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys
15:47:33.0672 5232 ccHP - ok
15:47:34.0819 5232 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:47:34.0821 5232 cdfs - ok
15:47:35.0687 5232 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:47:36.0582 5232 cdrom - ok
15:47:38.0373 5232 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:47:38.0377 5232 circlass - ok
15:47:38.0541 5232 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:47:38.0546 5232 CLFS - ok
15:47:39.0197 5232 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:47:39.0198 5232 CmBatt - ok
15:47:39.0320 5232 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
15:47:39.0321 5232 cmdide - ok
15:47:40.0964 5232 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\Windows\system32\drivers\CHDRT32.sys
15:47:40.0969 5232 CnxtHdAudService - ok
15:47:41.0105 5232 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:47:41.0105 5232 Compbatt - ok
15:47:41.0463 5232 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:47:41.0464 5232 crcdisk - ok
15:47:41.0540 5232 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:47:41.0543 5232 Crusoe - ok
15:47:41.0667 5232 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:47:41.0670 5232 DfsC - ok
15:47:41.0859 5232 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:47:41.0861 5232 disk - ok
15:47:41.0986 5232 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
15:47:41.0991 5232 Dot4 - ok
15:47:42.0054 5232 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:47:42.0057 5232 Dot4Print - ok
15:47:42.0142 5232 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
15:47:42.0144 5232 dot4usb - ok
15:47:42.0202 5232 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:47:42.0204 5232 drmkaud - ok
15:47:42.0345 5232 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:47:42.0351 5232 DXGKrnl - ok
15:47:42.0506 5232 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:47:42.0512 5232 E1G60 - ok
15:47:42.0600 5232 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:47:42.0603 5232 Ecache - ok
15:47:42.0709 5232 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:47:42.0713 5232 eeCtrl - ok
15:47:42.0856 5232 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:47:42.0864 5232 elxstor - ok
15:47:43.0580 5232 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:47:43.0583 5232 ErrDev - ok
15:47:43.0703 5232 ewusbnet (1fc8c55255d197aa3a423624786d090c) C:\Windows\system32\DRIVERS\ewusbnet.sys
15:47:43.0708 5232 ewusbnet - ok
15:47:43.0831 5232 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:47:43.0837 5232 exfat - ok
15:47:43.0897 5232 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:47:43.0902 5232 fastfat - ok
15:47:43.0971 5232 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:47:43.0974 5232 fdc - ok
15:47:44.0015 5232 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:47:44.0017 5232 FileInfo - ok
15:47:44.0042 5232 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:47:44.0045 5232 Filetrace - ok
15:47:44.0059 5232 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:47:44.0062 5232 flpydisk - ok
15:47:44.0114 5232 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:47:44.0119 5232 FltMgr - ok
15:47:44.0244 5232 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
15:47:44.0247 5232 fssfltr - ok
15:47:44.0322 5232 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:47:44.0323 5232 Fs_Rec - ok
15:47:44.0345 5232 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:47:44.0349 5232 gagp30kx - ok
15:47:44.0446 5232 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:47:44.0447 5232 GEARAspiWDM - ok
15:47:44.0668 5232 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:47:44.0676 5232 HdAudAddService - ok
15:47:44.0831 5232 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:47:44.0854 5232 HDAudBus - ok
15:47:44.0967 5232 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:47:44.0970 5232 HidBth - ok
15:47:45.0019 5232 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:47:45.0022 5232 HidIr - ok
15:47:45.0350 5232 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
15:47:45.0353 5232 HidUsb - ok
15:47:45.0438 5232 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:47:45.0440 5232 HpCISSs - ok
15:47:45.0604 5232 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:47:45.0605 5232 HpqKbFiltr - ok
15:47:45.0831 5232 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:47:45.0877 5232 HSF_DPV - ok
15:47:45.0972 5232 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:47:45.0978 5232 HSXHWAZL - ok
15:47:46.0115 5232 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:47:46.0125 5232 HTTP - ok
15:47:46.0304 5232 hwdatacard (0515065a3c7e8869dd01253e987c5bd1) C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:47:46.0308 5232 hwdatacard - ok
15:47:46.0434 5232 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:47:46.0435 5232 i2omp - ok
15:47:46.0587 5232 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:47:46.0589 5232 i8042prt - ok
15:47:46.0733 5232 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:47:46.0739 5232 iaStorV - ok
15:47:46.0893 5232 IDSVix86 (c15fcea5c150314489698b2571a5190d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110801.030\IDSvix86.sys
15:47:46.0897 5232 IDSVix86 - ok
15:47:46.0963 5232 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:47:46.0964 5232 iirsp - ok
15:47:47.0161 5232 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
15:47:47.0162 5232 intelide - ok
15:47:47.0268 5232 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:47:47.0269 5232 intelppm - ok
15:47:47.0530 5232 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:47:47.0576 5232 IpFilterDriver - ok
15:47:48.0060 5232 IpInIp - ok
15:47:48.0640 5232 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:47:48.0708 5232 IPMIDRV - ok
15:47:49.0506 5232 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:47:49.0511 5232 IPNAT - ok
15:47:50.0439 5232 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:47:50.0503 5232 IRENUM - ok
15:47:50.0782 5232 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:47:50.0784 5232 isapnp - ok
15:47:50.0897 5232 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:47:50.0899 5232 iScsiPrt - ok
15:47:50.0955 5232 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:47:50.0957 5232 iteatapi - ok
15:47:51.0081 5232 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:47:51.0083 5232 iteraid - ok
15:47:51.0199 5232 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:47:51.0200 5232 kbdclass - ok
15:47:51.0648 5232 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
15:47:51.0671 5232 kbdhid - ok
15:47:52.0285 5232 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
15:47:52.0296 5232 KSecDD - ok
15:47:52.0379 5232 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:47:52.0381 5232 lltdio - ok
15:47:52.0440 5232 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:47:52.0442 5232 LSI_FC - ok
15:47:52.0457 5232 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:47:52.0460 5232 LSI_SAS - ok
15:47:52.0493 5232 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:47:52.0496 5232 LSI_SCSI - ok
15:47:52.0514 5232 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:47:52.0518 5232 luafv - ok
15:47:52.0553 5232 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:47:52.0555 5232 mdmxsdk - ok
15:47:52.0583 5232 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:47:52.0584 5232 megasas - ok
15:47:52.0632 5232 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:47:52.0642 5232 MegaSR - ok
15:47:52.0687 5232 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:47:52.0689 5232 Modem - ok
15:47:52.0842 5232 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:47:52.0844 5232 monitor - ok
15:47:52.0882 5232 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:47:52.0883 5232 mouclass - ok
15:47:52.0910 5232 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
15:47:52.0913 5232 mouhid - ok
15:47:52.0942 5232 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:47:52.0944 5232 MountMgr - ok
15:47:52.0972 5232 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:47:52.0975 5232 mpio - ok
15:47:53.0001 5232 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:47:53.0004 5232 mpsdrv - ok
15:47:53.0052 5232 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:47:53.0053 5232 Mraid35x - ok
15:47:53.0110 5232 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:47:53.0114 5232 MRxDAV - ok
15:47:53.0174 5232 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:47:53.0178 5232 mrxsmb - ok
15:47:53.0237 5232 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:47:53.0243 5232 mrxsmb10 - ok
15:47:53.0377 5232 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:47:53.0380 5232 mrxsmb20 - ok
15:47:53.0444 5232 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
15:47:53.0445 5232 msahci - ok
15:47:53.0500 5232 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:47:53.0503 5232 msdsm - ok
15:47:53.0552 5232 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:47:53.0554 5232 Msfs - ok
15:47:53.0600 5232 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:47:53.0601 5232 msisadrv - ok
15:47:53.0656 5232 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:47:53.0658 5232 MSKSSRV - ok
15:47:53.0688 5232 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:47:53.0690 5232 MSPCLOCK - ok
15:47:53.0705 5232 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:47:53.0707 5232 MSPQM - ok
15:47:53.0764 5232 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:47:53.0768 5232 MsRPC - ok
15:47:53.0828 5232 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:47:53.0829 5232 mssmbios - ok
15:47:53.0852 5232 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:47:53.0854 5232 MSTEE - ok
15:47:53.0890 5232 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:47:53.0892 5232 Mup - ok
15:47:53.0985 5232 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:47:53.0990 5232 NativeWifiP - ok
15:47:54.0101 5232 NAVENG - ok
15:47:54.0120 5232 NAVEX15 - ok
15:47:54.0322 5232 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:47:54.0334 5232 NDIS - ok
15:47:54.0390 5232 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:47:54.0391 5232 NdisTapi - ok
15:47:54.0439 5232 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:47:54.0441 5232 Ndisuio - ok
15:47:54.0534 5232 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:47:54.0538 5232 NdisWan - ok
15:47:54.0568 5232 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:47:54.0570 5232 NDProxy - ok
15:47:54.0608 5232 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:47:54.0611 5232 NetBIOS - ok
15:47:54.0673 5232 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:47:54.0678 5232 netbt - ok
15:47:54.0826 5232 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
15:47:54.0905 5232 NETw3v32 - ok
15:47:54.0977 5232 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:47:54.0979 5232 nfrd960 - ok
15:47:55.0034 5232 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\Windows\system32\drivers\nmwcd.sys
15:47:55.0040 5232 nmwcd - ok
15:47:55.0083 5232 nmwcdc (bbb6010fc01d9239d88fcdf133e03ff0) C:\Windows\system32\drivers\nmwcdc.sys
15:47:55.0086 5232 nmwcdc - ok
15:47:55.0139 5232 nmwcdcj (4c3726467d67483f054c88f058e9c153) C:\Windows\system32\drivers\nmwcdcj.sys
15:47:55.0141 5232 nmwcdcj - ok
15:47:55.0207 5232 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\Windows\system32\drivers\nmwcdcm.sys
15:47:55.0210 5232 nmwcdcm - ok
15:47:55.0260 5232 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:47:55.0282 5232 Npfs - ok
15:47:55.0322 5232 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:47:55.0324 5232 nsiproxy - ok
15:47:55.0392 5232 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:47:55.0426 5232 Ntfs - ok
15:47:55.0462 5232 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:47:55.0464 5232 ntrigdigi - ok
15:47:55.0496 5232 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:47:55.0498 5232 Null - ok
15:47:55.0557 5232 NVHDA (11be4b269549173cff542591e4be2c08) C:\Windows\system32\drivers\nvhda32v.sys
15:47:55.0558 5232 NVHDA - ok
15:47:56.0409 5232 nvlddmkm (440690da4358d9682dbcc56da7d419ab) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:47:57.0175 5232 nvlddmkm - ok
15:47:57.0331 5232 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:47:57.0334 5232 nvraid - ok
15:47:57.0370 5232 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:47:57.0372 5232 nvstor - ok
15:47:57.0413 5232 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:47:57.0418 5232 nv_agp - ok
15:47:57.0434 5232 NwlnkFlt - ok
15:47:57.0449 5232 NwlnkFwd - ok
15:47:57.0499 5232 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
15:47:57.0503 5232 ohci1394 - ok
15:47:57.0569 5232 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:47:57.0572 5232 Parport - ok
15:47:57.0627 5232 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:47:57.0630 5232 partmgr - ok
15:47:57.0654 5232 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:47:57.0656 5232 Parvdm - ok
15:47:57.0718 5232 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:47:57.0722 5232 pci - ok
15:47:57.0759 5232 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
15:47:57.0760 5232 pciide - ok
15:47:57.0797 5232 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:47:57.0804 5232 pcmcia - ok
15:47:57.0926 5232 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:47:57.0961 5232 PEAUTH - ok
15:47:58.0264 5232 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:47:58.0291 5232 PptpMiniport - ok
15:47:58.0347 5232 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:47:58.0350 5232 Processor - ok
15:47:58.0439 5232 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:47:58.0442 5232 PSched - ok
15:47:58.0535 5232 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:47:58.0602 5232 ql2300 - ok
15:47:58.0706 5232 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:47:58.0709 5232 ql40xx - ok
15:47:58.0786 5232 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:47:58.0795 5232 QWAVEdrv - ok
15:47:58.0820 5232 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:47:58.0821 5232 RasAcd - ok
15:47:58.0901 5232 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:47:58.0904 5232 Rasl2tp - ok
15:47:58.0991 5232 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:47:58.0993 5232 RasPppoe - ok
15:47:59.0071 5232 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:47:59.0074 5232 RasSstp - ok
15:47:59.0121 5232 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:47:59.0129 5232 rdbss - ok
15:47:59.0156 5232 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:47:59.0157 5232 RDPCDD - ok
15:47:59.0204 5232 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:47:59.0212 5232 rdpdr - ok
15:47:59.0226 5232 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:47:59.0228 5232 RDPENCDD - ok
15:47:59.0319 5232 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
15:47:59.0326 5232 RDPWD - ok
15:47:59.0551 5232 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:47:59.0553 5232 rspndr - ok
15:47:59.0670 5232 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
15:47:59.0674 5232 RTL8169 - ok
15:47:59.0791 5232 RTSTOR (08c3394391ab0aff65d75ae65d4207e1) C:\Windows\system32\drivers\RTSTOR.SYS
15:47:59.0794 5232 RTSTOR - ok
15:47:59.0941 5232 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:47:59.0944 5232 sbp2port - ok
15:48:00.0026 5232 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
15:48:00.0030 5232 sdbus - ok
15:48:00.0183 5232 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:48:00.0184 5232 secdrv - ok
15:48:00.0499 5232 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:48:00.0502 5232 Serenum - ok
15:48:00.0679 5232 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:48:00.0683 5232 Serial - ok
15:48:00.0789 5232 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:48:00.0792 5232 sermouse - ok
15:48:00.0901 5232 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:48:00.0904 5232 sffdisk - ok
15:48:00.0984 5232 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:48:00.0987 5232 sffp_mmc - ok
15:48:01.0421 5232 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:48:01.0424 5232 sffp_sd - ok
15:48:01.0564 5232 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:48:01.0567 5232 sfloppy - ok
15:48:02.0830 5232 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:48:02.0835 5232 sisagp - ok
15:48:03.0509 5232 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:48:03.0511 5232 SiSRaid2 - ok
15:48:03.0565 5232 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:48:03.0568 5232 SiSRaid4 - ok
15:48:03.0625 5232 Smb (25eedefbd56fbd1c0d87690002ff6332) C:\Windows\system32\DRIVERS\smb.sys
15:48:03.0626 5232 Suspicious file (Forged): C:\Windows\system32\DRIVERS\smb.sys. Real md5: 25eedefbd56fbd1c0d87690002ff6332, Fake md5: 7b75299a4d201d6a6533603d6914ab04
15:48:03.0627 5232 Smb ( Rootkit.Win32.ZAccess.aml ) - infected
15:48:03.0627 5232 Smb - detected Rootkit.Win32.ZAccess.aml (0)
15:48:03.0664 5232 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:48:03.0665 5232 spldr - ok
15:48:03.0842 5232 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\Windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS
15:48:03.0850 5232 SRTSP - ok
15:48:03.0979 5232 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\Windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS
15:48:03.0980 5232 SRTSPX - ok
15:48:04.0104 5232 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:48:04.0113 5232 srv - ok
15:48:04.0169 5232 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:48:04.0173 5232 srv2 - ok
15:48:04.0232 5232 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:48:04.0235 5232 srvnet - ok
15:48:04.0324 5232 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
15:48:04.0325 5232 ssmdrv - ok
15:48:04.0419 5232 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
15:48:04.0422 5232 StillCam - ok
15:48:04.0490 5232 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:48:04.0491 5232 swenum - ok
15:48:04.0538 5232 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:48:04.0540 5232 Symc8xx - ok
15:48:04.0577 5232 SYMDNS - ok
15:48:05.0123 5232 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\Windows\system32\drivers\NIS\1008030.006\SYMEFA.SYS
15:48:05.0131 5232 SymEFA - ok
15:48:05.0335 5232 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
15:48:05.0337 5232 SymEvent - ok
15:48:05.0356 5232 SYMFW - ok
15:48:05.0395 5232 SymIM (34f1c9d5dcc19df1e824d6b73767b8af) C:\Windows\system32\DRIVERS\SymIMv.sys
15:48:05.0396 5232 SymIM - ok
15:48:05.0410 5232 SYMNDISV - ok
15:48:05.0428 5232 SYMREDRV - ok
15:48:05.0545 5232 SYMTDI (26bc80ec79d7ba478249c266cbdf17b4) C:\Windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS
15:48:05.0547 5232 SYMTDI - ok
15:48:05.0623 5232 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:48:05.0625 5232 Sym_hi - ok
15:48:05.0851 5232 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:48:05.0853 5232 Sym_u3 - ok
15:48:06.0211 5232 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
15:48:06.0214 5232 SynTP - ok
15:48:06.0424 5232 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:48:06.0459 5232 Tcpip - ok
15:48:06.0591 5232 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:48:06.0600 5232 Tcpip6 - ok
15:48:07.0082 5232 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:48:07.0084 5232 tcpipreg - ok
15:48:07.0160 5232 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:48:07.0163 5232 TDPIPE - ok
15:48:07.0236 5232 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:48:07.0239 5232 TDTCP - ok
15:48:07.0801 5232 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:48:07.0862 5232 tdx - ok
15:48:08.0144 5232 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:48:08.0146 5232 TermDD - ok
15:48:08.0326 5232 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:48:08.0329 5232 tssecsrv - ok
15:48:08.0372 5232 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:48:08.0374 5232 tunmp - ok
15:48:08.0424 5232 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:48:08.0426 5232 tunnel - ok
15:48:08.0454 5232 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:48:08.0457 5232 uagp35 - ok
15:48:08.0501 5232 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:48:08.0508 5232 udfs - ok
15:48:08.0565 5232 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:48:08.0569 5232 uliagpkx - ok
15:48:08.0607 5232 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:48:08.0613 5232 uliahci - ok
15:48:08.0644 5232 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:48:08.0647 5232 UlSata - ok
15:48:08.0663 5232 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:48:08.0668 5232 ulsata2 - ok
15:48:08.0716 5232 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:48:08.0718 5232 umbus - ok
15:48:08.0773 5232 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
15:48:08.0776 5232 USBAAPL - ok
15:48:08.0828 5232 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:48:08.0831 5232 usbccgp - ok
15:48:08.0862 5232 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:48:08.0866 5232 usbcir - ok
15:48:08.0932 5232 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:48:08.0934 5232 usbehci - ok
15:48:08.0979 5232 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:48:08.0984 5232 usbhub - ok
15:48:09.0029 5232 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:48:09.0033 5232 usbohci - ok
15:48:09.0081 5232 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:48:09.0084 5232 usbprint - ok
15:48:09.0119 5232 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:48:09.0122 5232 usbscan - ok
15:48:09.0155 5232 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:48:09.0161 5232 USBSTOR - ok
15:48:09.0187 5232 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:48:09.0189 5232 usbuhci - ok
15:48:09.0245 5232 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:48:09.0249 5232 usbvideo - ok
15:48:09.0329 5232 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:48:09.0332 5232 vga - ok
15:48:09.0366 5232 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:48:09.0368 5232 VgaSave - ok
15:48:09.0422 5232 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:48:09.0426 5232 viaagp - ok
15:48:09.0455 5232 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:48:09.0458 5232 ViaC7 - ok
15:48:09.0488 5232 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
15:48:09.0490 5232 viaide - ok
15:48:09.0518 5232 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:48:09.0527 5232 volmgr - ok
15:48:09.0584 5232 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:48:09.0590 5232 volmgrx - ok
15:48:09.0671 5232 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:48:09.0675 5232 volsnap - ok
15:48:09.0713 5232 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:48:09.0716 5232 vsmraid - ok
15:48:09.0781 5232 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:48:09.0784 5232 WacomPen - ok
15:48:09.0825 5232 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:48:09.0828 5232 Wanarp - ok
15:48:09.0854 5232 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:48:09.0856 5232 Wanarpv6 - ok
15:48:09.0917 5232 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:48:09.0918 5232 Wd - ok
15:48:10.0102 5232 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:48:10.0123 5232 Wdf01000 - ok
15:48:10.0200 5232 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:48:10.0257 5232 winachsf - ok
15:48:10.0394 5232 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:48:10.0395 5232 WmiAcpi - ok
15:48:10.0476 5232 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:48:10.0479 5232 WpdUsb - ok
15:48:10.0511 5232 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:48:10.0515 5232 ws2ifsl - ok
15:48:10.0583 5232 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:48:10.0587 5232 WUDFRd - ok
15:48:10.0652 5232 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
15:48:10.0654 5232 XAudio - ok
15:48:10.0721 5232 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
15:48:10.0727 5232 yukonwlh - ok
15:48:10.0782 5232 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
15:48:10.0819 5232 \Device\Harddisk0\DR0 - ok
15:48:10.0825 5232 Boot (0x1200) (afe3cbcc2b846b674b6bda15ef5da283) \Device\Harddisk0\DR0\Partition0
15:48:10.0827 5232 \Device\Harddisk0\DR0\Partition0 - ok
15:48:11.0286 5232 Boot (0x1200) (5c9d4f1a668ee9b50a50ce0e5522073b) \Device\Harddisk0\DR0\Partition1
15:48:11.0321 5232 \Device\Harddisk0\DR0\Partition1 - ok
15:48:11.0321 5232 ============================================================
15:48:11.0321 5232 Scan finished
15:48:11.0321 5232 ============================================================
15:48:11.0337 5216 Detected object count: 1
15:48:11.0338 5216 Actual detected object count: 1
15:48:22.0814 5216 Backup copy found, using it..
15:48:22.0828 5216 C:\Windows\system32\DRIVERS\smb.sys - will be cured on reboot
15:48:34.0881 5216 C:\Windows\System32\c_47915.nls - will be deleted on reboot
15:48:36.0790 5216 Smb ( Rootkit.Win32.ZAccess.aml ) - User select action: Cure
15:50:55.0884 4908 Deinitialize success

 

[sspsyc]

2nd log

15:58:23.0841 2452 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
15:58:24.0593 2452 ============================================================
15:58:24.0593 2452 Current date / time: 2011/12/24 15:58:24.0593
15:58:24.0593 2452 SystemInfo:
15:58:24.0593 2452
15:58:24.0594 2452 OS Version: 6.0.6002 ServicePack: 2.0
15:58:24.0594 2452 Product type: Workstation
15:58:24.0594 2452 ComputerName: KEN-THE-KOALA
15:58:24.0594 2452 UserName: Leah
15:58:24.0594 2452 Windows directory: C:\Windows
15:58:24.0594 2452 System windows directory: C:\Windows
15:58:24.0594 2452 Processor architecture: Intel x86
15:58:24.0595 2452 Number of processors: 2
15:58:24.0595 2452 Page size: 0x1000
15:58:24.0595 2452 Boot type: Normal boot
15:58:24.0595 2452 ============================================================
15:58:26.0041 2452 Initialize success
15:58:43.0490 2608 Deinitialize success

 

[Broni]

Good

Post new GMER log.

Then...

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[sspsyc]

2nd GMER log - sorry for lateness, it was Christmas

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-27 14:36:27
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT1 rev.13.01A13
Running: n610p41m.exe; Driver: C:\Users\Leah\AppData\Local\Temp\pwdirpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

[sspsyc]

anwMBR log

aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2011-12-27 14:41:05
-----------------------------
14:41:05.472 OS Version: Windows 6.0.6002 Service Pack 2
14:41:05.472 Number of processors: 2 586 0x170A
14:41:05.474 ComputerName: KEN-THE-KOALA UserName: Leah
14:41:07.711 Initialize success
14:41:41.642 The log file has been saved successfully to "C:\Users\Leah\Desktop\aswMBR.txt"

 

[Broni]

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

Then proceed with Combofix.

 

[sspsyc]

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: b23e5cbb74b4fcefd775b490fc8131e6

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

 

[Broni]

Go ahead with Combofix.

 

[sspsyc]

combofix won't finish. It will just continue on the same page for hours.

 

[Broni]

Did you?

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

 

[sspsyc]

not working

yes, neither worked.

 

[Broni]

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

• Place a blank CD in your CD drive.
• Double click on NTBR_CD.exe file and a folder of the same name will appear.
• Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
• Follow the prompts to burn the CD.

• Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
• If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

• Insert the newly created CD into your infected PC and reboot your computer.
• Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
• Read the warning and then continue as prompted.
• You first need to select your keyboard layout - press Enter for English.
• Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
• On the following screen enter 5 to select Install Standard MBR code.
• Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
• When asked to confirm please do so.
• Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
• Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run aswMBR again and post its log.

 

[sspsyc]

aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2011-12-28 18:00:02
-----------------------------
18:00:02.197 OS Version: Windows 6.0.6002 Service Pack 2
18:00:02.197 Number of processors: 2 586 0x170A
18:00:02.199 ComputerName: KEN-THE-KOALA UserName: Leah
18:00:27.657 Initialize success
18:00:45.652 The log file has been saved successfully to "C:\Users\Leah\Desktop\aswMBR.txt"

 

[Broni]

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

• Double click on downloaded file to run it.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log (FRST.txt) on your desktop.
• Please copy and paste it to your reply.

 

[sspsyc]

it says subscript used with non-array available and won't finish the scan

 

[Broni]

Re-run TDSSKiller one more time.

 

[sspsyc]

09:03:09.0241 5380 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
09:03:09.0967 5380 ============================================================
09:03:09.0967 5380 Current date / time: 2011/12/29 09:03:09.0967
09:03:09.0967 5380 SystemInfo:
09:03:09.0967 5380
09:03:09.0967 5380 OS Version: 6.0.6002 ServicePack: 2.0
09:03:09.0967 5380 Product type: Workstation
09:03:09.0967 5380 ComputerName: KEN-THE-KOALA
09:03:09.0968 5380 UserName: Leah
09:03:09.0968 5380 Windows directory: C:\Windows
09:03:09.0968 5380 System windows directory: C:\Windows
09:03:09.0968 5380 Processor architecture: Intel x86
09:03:09.0968 5380 Number of processors: 2
09:03:09.0968 5380 Page size: 0x1000
09:03:09.0968 5380 Boot type: Normal boot
09:03:09.0968 5380 ============================================================
09:03:11.0817 5380 Initialize success
09:03:13.0656 4936 ============================================================
09:03:13.0656 4936 Scan started
09:03:13.0656 4936 Mode: Manual;
09:03:13.0656 4936 ============================================================
09:03:16.0020 4936 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:03:16.0027 4936 ACPI - ok
09:03:16.0086 4936 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
09:03:16.0097 4936 adp94xx - ok
09:03:16.0115 4936 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
09:03:16.0123 4936 adpahci - ok
09:03:16.0148 4936 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
09:03:16.0152 4936 adpu160m - ok
09:03:16.0178 4936 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
09:03:16.0183 4936 adpu320 - ok
09:03:16.0264 4936 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:03:16.0271 4936 AFD - ok
09:03:16.0309 4936 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
09:03:16.0313 4936 agp440 - ok
09:03:16.0334 4936 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:03:16.0338 4936 aic78xx - ok
09:03:16.0376 4936 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
09:03:16.0378 4936 aliide - ok
09:03:16.0405 4936 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
09:03:16.0408 4936 amdagp - ok
09:03:16.0421 4936 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
09:03:16.0423 4936 amdide - ok
09:03:16.0445 4936 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
09:03:16.0448 4936 AmdK7 - ok
09:03:16.0467 4936 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
09:03:16.0470 4936 AmdK8 - ok
09:03:16.0559 4936 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
09:03:16.0563 4936 arc - ok
09:03:16.0602 4936 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
09:03:16.0606 4936 arcsas - ok
09:03:16.0644 4936 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:03:16.0646 4936 AsyncMac - ok
09:03:16.0688 4936 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:03:16.0689 4936 atapi - ok
09:03:16.0781 4936 athr (c8bb2e935a5d195692140e795ea9ac14) C:\Windows\system32\DRIVERS\athr.sys
09:03:16.0847 4936 athr - ok
09:03:16.0908 4936 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
09:03:16.0912 4936 avgntflt - ok
09:03:16.0939 4936 avipbb (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
09:03:16.0943 4936 avipbb - ok
09:03:16.0965 4936 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
09:03:16.0967 4936 avkmgr - ok
09:03:17.0022 4936 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:03:17.0024 4936 Beep - ok
09:03:17.0132 4936 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\Windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys
09:03:17.0138 4936 BHDrvx86 - ok
09:03:17.0203 4936 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
09:03:17.0205 4936 blbdrive - ok
09:03:17.0264 4936 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:03:17.0267 4936 bowser - ok
09:03:17.0302 4936 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:03:17.0304 4936 BrFiltLo - ok
09:03:17.0323 4936 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:03:17.0326 4936 BrFiltUp - ok
09:03:17.0356 4936 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:03:17.0359 4936 Brserid - ok
09:03:17.0378 4936 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:03:17.0381 4936 BrSerWdm - ok
09:03:17.0399 4936 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:03:17.0401 4936 BrUsbMdm - ok
09:03:17.0416 4936 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:03:17.0420 4936 BrUsbSer - ok
09:03:17.0442 4936 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:03:17.0445 4936 BTHMODEM - ok
09:03:17.0504 4936 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
09:03:17.0507 4936 BVRPMPR5 - ok
09:03:17.0588 4936 catchme - ok
09:03:17.0705 4936 ccHP (3182b846490dc4d71fabd4a8cb6b73ea) C:\Windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys
09:03:17.0727 4936 ccHP - ok
09:03:17.0779 4936 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:03:17.0783 4936 cdfs - ok
09:03:17.0847 4936 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:03:17.0850 4936 cdrom - ok
09:03:17.0876 4936 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
09:03:17.0879 4936 circlass - ok
09:03:17.0921 4936 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:03:17.0928 4936 CLFS - ok
09:03:17.0976 4936 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
09:03:17.0979 4936 CmBatt - ok
09:03:18.0000 4936 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
09:03:18.0003 4936 cmdide - ok
09:03:18.0054 4936 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\Windows\system32\drivers\CHDRT32.sys
09:03:18.0061 4936 CnxtHdAudService - ok
09:03:18.0097 4936 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
09:03:18.0100 4936 Compbatt - ok
09:03:18.0119 4936 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
09:03:18.0122 4936 crcdisk - ok
09:03:18.0141 4936 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
09:03:18.0144 4936 Crusoe - ok
09:03:18.0213 4936 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
09:03:18.0216 4936 DfsC - ok
09:03:18.0294 4936 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:03:18.0297 4936 disk - ok
09:03:18.0354 4936 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
09:03:18.0359 4936 Dot4 - ok
09:03:18.0378 4936 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:03:18.0380 4936 Dot4Print - ok
09:03:18.0431 4936 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
09:03:18.0434 4936 dot4usb - ok
09:03:18.0491 4936 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:03:18.0494 4936 drmkaud - ok
09:03:18.0557 4936 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
09:03:18.0580 4936 DXGKrnl - ok
09:03:18.0618 4936 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:03:18.0622 4936 E1G60 - ok
09:03:18.0690 4936 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:03:18.0695 4936 Ecache - ok
09:03:18.0776 4936 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:03:18.0787 4936 eeCtrl - ok
09:03:18.0901 4936 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
09:03:18.0910 4936 elxstor - ok
09:03:18.0947 4936 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
09:03:18.0949 4936 ErrDev - ok
09:03:19.0003 4936 ewusbnet (1fc8c55255d197aa3a423624786d090c) C:\Windows\system32\DRIVERS\ewusbnet.sys
09:03:19.0007 4936 ewusbnet - ok
09:03:19.0065 4936 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:03:19.0070 4936 exfat - ok
09:03:19.0120 4936 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:03:19.0124 4936 fastfat - ok
09:03:19.0171 4936 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
09:03:19.0173 4936 fdc - ok
09:03:19.0215 4936 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:03:19.0219 4936 FileInfo - ok
09:03:19.0242 4936 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:03:19.0245 4936 Filetrace - ok
09:03:19.0262 4936 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
09:03:19.0266 4936 flpydisk - ok
09:03:19.0326 4936 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:03:19.0331 4936 FltMgr - ok
09:03:19.0411 4936 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
09:03:19.0414 4936 fssfltr - ok
09:03:19.0473 4936 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
09:03:19.0476 4936 FsUsbExDisk - ok
09:03:19.0500 4936 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
09:03:19.0503 4936 Fs_Rec - ok
09:03:19.0523 4936 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
09:03:19.0526 4936 gagp30kx - ok
09:03:19.0568 4936 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:03:19.0570 4936 GEARAspiWDM - ok
09:03:19.0635 4936 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
09:03:19.0641 4936 HdAudAddService - ok
09:03:19.0698 4936 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:03:19.0720 4936 HDAudBus - ok
09:03:19.0745 4936 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:03:19.0747 4936 HidBth - ok
09:03:19.0775 4936 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:03:19.0777 4936 HidIr - ok
09:03:19.0818 4936 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
09:03:19.0820 4936 HidUsb - ok
09:03:19.0855 4936 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
09:03:19.0858 4936 HpCISSs - ok
09:03:19.0925 4936 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
09:03:19.0927 4936 HpqKbFiltr - ok
09:03:20.0019 4936 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:03:20.0053 4936 HSF_DPV - ok
09:03:20.0082 4936 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:03:20.0089 4936 HSXHWAZL - ok
09:03:20.0136 4936 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:03:20.0148 4936 HTTP - ok
09:03:20.0225 4936 hwdatacard (0515065a3c7e8869dd01253e987c5bd1) C:\Windows\system32\DRIVERS\ewusbmdm.sys
09:03:20.0229 4936 hwdatacard - ok
09:03:20.0300 4936 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
09:03:20.0302 4936 i2omp - ok
09:03:20.0353 4936 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:03:20.0356 4936 i8042prt - ok
09:03:20.0388 4936 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
09:03:20.0395 4936 iaStorV - ok
09:03:20.0537 4936 IDSVix86 (c15fcea5c150314489698b2571a5190d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110801.030\IDSvix86.sys
09:03:20.0547 4936 IDSVix86 - ok
09:03:20.0604 4936 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:03:20.0608 4936 iirsp - ok
09:03:20.0693 4936 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
09:03:20.0734 4936 intelide - ok
09:03:20.0856 4936 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:03:20.0857 4936 intelppm - ok
09:03:20.0907 4936 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:03:20.0910 4936 IpFilterDriver - ok
09:03:20.0922 4936 IpInIp - ok
09:03:20.0950 4936 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
09:03:20.0953 4936 IPMIDRV - ok
09:03:20.0993 4936 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:03:21.0072 4936 IPNAT - ok
09:03:21.0114 4936 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:03:21.0152 4936 IRENUM - ok
09:03:21.0190 4936 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
09:03:21.0193 4936 isapnp - ok
09:03:21.0238 4936 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:03:21.0242 4936 iScsiPrt - ok
09:03:21.0264 4936 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:03:21.0267 4936 iteatapi - ok
09:03:21.0290 4936 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:03:21.0292 4936 iteraid - ok
09:03:21.0318 4936 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:03:21.0321 4936 kbdclass - ok
09:03:21.0345 4936 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
09:03:21.0348 4936 kbdhid - ok
09:03:21.0412 4936 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
09:03:21.0424 4936 KSecDD - ok
09:03:21.0464 4936 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:03:21.0467 4936 lltdio - ok
09:03:21.0493 4936 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
09:03:21.0498 4936 LSI_FC - ok
09:03:21.0514 4936 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
09:03:21.0518 4936 LSI_SAS - ok
09:03:21.0542 4936 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
09:03:21.0546 4936 LSI_SCSI - ok
09:03:21.0567 4936 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:03:21.0571 4936 luafv - ok
09:03:21.0605 4936 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:03:21.0607 4936 mdmxsdk - ok
09:03:21.0647 4936 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
09:03:21.0649 4936 megasas - ok
09:03:21.0695 4936 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
09:03:21.0705 4936 MegaSR - ok
09:03:21.0772 4936 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:03:21.0802 4936 Modem - ok
09:03:21.0850 4936 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:03:21.0851 4936 monitor - ok
09:03:21.0878 4936 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:03:21.0881 4936 mouclass - ok
09:03:21.0906 4936 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
09:03:21.0909 4936 mouhid - ok
09:03:21.0924 4936 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:03:21.0927 4936 MountMgr - ok
09:03:21.0957 4936 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
09:03:21.0962 4936 mpio - ok
09:03:21.0985 4936 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:03:21.0988 4936 mpsdrv - ok
09:03:22.0015 4936 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:03:22.0018 4936 Mraid35x - ok
09:03:22.0062 4936 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:03:22.0068 4936 MRxDAV - ok
09:03:22.0116 4936 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:03:22.0121 4936 mrxsmb - ok
09:03:22.0172 4936 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:03:22.0191 4936 mrxsmb10 - ok
09:03:22.0219 4936 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:03:22.0224 4936 mrxsmb20 - ok
09:03:22.0285 4936 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
09:03:22.0286 4936 msahci - ok
09:03:22.0319 4936 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
09:03:22.0323 4936 msdsm - ok
09:03:22.0370 4936 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:03:22.0373 4936 Msfs - ok
09:03:22.0418 4936 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:03:22.0421 4936 msisadrv - ok
09:03:22.0463 4936 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:03:22.0465 4936 MSKSSRV - ok
09:03:22.0485 4936 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:03:22.0487 4936 MSPCLOCK - ok
09:03:22.0502 4936 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:03:22.0505 4936 MSPQM - ok
09:03:22.0560 4936 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:03:22.0565 4936 MsRPC - ok
09:03:22.0591 4936 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:03:22.0592 4936 mssmbios - ok
09:03:22.0613 4936 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:03:22.0615 4936 MSTEE - ok
09:03:22.0642 4936 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:03:22.0645 4936 Mup - ok
09:03:22.0703 4936 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:03:22.0709 4936 NativeWifiP - ok
09:03:22.0778 4936 NAVENG - ok
09:03:22.0789 4936 NAVEX15 - ok
09:03:22.0841 4936 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:03:22.0862 4936 NDIS - ok
09:03:22.0886 4936 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:03:22.0888 4936 NdisTapi - ok
09:03:22.0913 4936 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:03:22.0916 4936 Ndisuio - ok
09:03:22.0963 4936 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:03:22.0968 4936 NdisWan - ok
09:03:22.0986 4936 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:03:22.0989 4936 NDProxy - ok
09:03:23.0018 4936 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:03:23.0023 4936 NetBIOS - ok
09:03:23.0069 4936 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
09:03:23.0074 4936 netbt - ok
09:03:23.0190 4936 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
09:03:23.0256 4936 NETw3v32 - ok
09:03:23.0284 4936 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:03:23.0286 4936 nfrd960 - ok
09:03:23.0341 4936 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\Windows\system32\drivers\nmwcd.sys
09:03:23.0346 4936 nmwcd - ok
09:03:23.0368 4936 nmwcdc (bbb6010fc01d9239d88fcdf133e03ff0) C:\Windows\system32\drivers\nmwcdc.sys
09:03:23.0371 4936 nmwcdc - ok
09:03:23.0404 4936 nmwcdcj (4c3726467d67483f054c88f058e9c153) C:\Windows\system32\drivers\nmwcdcj.sys
09:03:23.0407 4936 nmwcdcj - ok
09:03:23.0458 4936 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\Windows\system32\drivers\nmwcdcm.sys
09:03:23.0461 4936 nmwcdcm - ok
09:03:23.0512 4936 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:03:23.0514 4936 Npfs - ok
09:03:23.0551 4936 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:03:23.0553 4936 nsiproxy - ok
09:03:23.0620 4936 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:03:23.0654 4936 Ntfs - ok
09:03:23.0680 4936 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:03:23.0682 4936 ntrigdigi - ok
09:03:23.0703 4936 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:03:23.0706 4936 Null - ok
09:03:23.0742 4936 NVHDA (11be4b269549173cff542591e4be2c08) C:\Windows\system32\drivers\nvhda32v.sys
09:03:23.0745 4936 NVHDA - ok
09:03:23.0974 4936 nvlddmkm (440690da4358d9682dbcc56da7d419ab) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:03:24.0164 4936 nvlddmkm - ok
09:03:24.0193 4936 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
09:03:24.0197 4936 nvraid - ok
09:03:24.0221 4936 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
09:03:24.0223 4936 nvstor - ok
09:03:24.0253 4936 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
09:03:24.0257 4936 nv_agp - ok
09:03:24.0269 4936 NwlnkFlt - ok
09:03:24.0285 4936 NwlnkFwd - ok
09:03:24.0327 4936 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
09:03:24.0331 4936 ohci1394 - ok
09:03:24.0375 4936 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:03:24.0379 4936 Parport - ok
09:03:24.0411 4936 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:03:24.0414 4936 partmgr - ok
09:03:24.0438 4936 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:03:24.0440 4936 Parvdm - ok
09:03:24.0491 4936 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
09:03:24.0494 4936 pccsmcfd - ok
09:03:24.0546 4936 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:03:24.0552 4936 pci - ok
09:03:24.0576 4936 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
09:03:24.0578 4936 pciide - ok
09:03:24.0602 4936 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:03:24.0607 4936 pcmcia - ok
09:03:24.0665 4936 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:03:24.0700 4936 PEAUTH - ok
09:03:24.0770 4936 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:03:24.0773 4936 PptpMiniport - ok
09:03:24.0808 4936 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
09:03:24.0811 4936 Processor - ok
09:03:24.0878 4936 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:03:24.0882 4936 PSched - ok
09:03:24.0941 4936 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
09:03:24.0974 4936 ql2300 - ok
09:03:25.0001 4936 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:03:25.0005 4936 ql40xx - ok
09:03:25.0025 4936 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:03:25.0028 4936 QWAVEdrv - ok
09:03:25.0048 4936 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:03:25.0050 4936 RasAcd - ok
09:03:25.0074 4936 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:03:25.0077 4936 Rasl2tp - ok
09:03:25.0130 4936 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:03:25.0132 4936 RasPppoe - ok
09:03:25.0177 4936 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:03:25.0180 4936 RasSstp - ok
09:03:25.0227 4936 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:03:25.0233 4936 rdbss - ok
09:03:25.0250 4936 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:03:25.0253 4936 RDPCDD - ok
09:03:25.0287 4936 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
09:03:25.0295 4936 rdpdr - ok
09:03:25.0314 4936 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:03:25.0316 4936 RDPENCDD - ok
09:03:25.0347 4936 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
09:03:25.0352 4936 RDPWD - ok
09:03:25.0412 4936 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:03:25.0415 4936 rspndr - ok
09:03:25.0465 4936 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
09:03:25.0471 4936 RTL8169 - ok
09:03:25.0519 4936 RTSTOR (08c3394391ab0aff65d75ae65d4207e1) C:\Windows\system32\drivers\RTSTOR.SYS
09:03:25.0523 4936 RTSTOR - ok
09:03:25.0558 4936 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:03:25.0561 4936 sbp2port - ok
09:03:25.0598 4936 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
09:03:25.0602 4936 sdbus - ok
09:03:25.0632 4936 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:03:25.0635 4936 secdrv - ok
09:03:25.0671 4936 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:03:25.0674 4936 Serenum - ok
09:03:25.0703 4936 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:03:25.0709 4936 Serial - ok
09:03:25.0730 4936 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:03:25.0735 4936 sermouse - ok
09:03:25.0773 4936 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
09:03:25.0775 4936 sffdisk - ok
09:03:25.0800 4936 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
09:03:25.0802 4936 sffp_mmc - ok
09:03:25.0823 4936 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
09:03:25.0825 4936 sffp_sd - ok
09:03:25.0973 4936 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:03:25.0975 4936 sfloppy - ok
09:03:26.0012 4936 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
09:03:26.0015 4936 sisagp - ok
09:03:26.0090 4936 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
09:03:26.0093 4936 SiSRaid2 - ok
09:03:26.0113 4936 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
09:03:26.0117 4936 SiSRaid4 - ok
09:03:26.0162 4936 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:03:26.0166 4936 Smb - ok
09:03:26.0223 4936 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:03:26.0226 4936 spldr - ok
09:03:26.0334 4936 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\Windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS
09:03:26.0343 4936 SRTSP - ok
09:03:26.0371 4936 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\Windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS
09:03:26.0374 4936 SRTSPX - ok
09:03:26.0419 4936 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:03:26.0427 4936 srv - ok
09:03:26.0472 4936 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:03:26.0477 4936 srv2 - ok
09:03:26.0524 4936 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:03:26.0529 4936 srvnet - ok
09:03:26.0583 4936 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
09:03:26.0586 4936 ssmdrv - ok
09:03:26.0645 4936 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
09:03:26.0647 4936 StillCam - ok
09:03:26.0704 4936 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:03:26.0706 4936 swenum - ok
09:03:26.0841 4936 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:03:26.0844 4936 Symc8xx - ok
09:03:26.0881 4936 SYMDNS - ok
09:03:26.0970 4936 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\Windows\system32\drivers\NIS\1008030.006\SYMEFA.SYS
09:03:26.0979 4936 SymEFA - ok
09:03:27.0016 4936 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
09:03:27.0019 4936 SymEvent - ok
09:03:27.0033 4936 SYMFW - ok
09:03:27.0075 4936 SymIM (34f1c9d5dcc19df1e824d6b73767b8af) C:\Windows\system32\DRIVERS\SymIMv.sys
09:03:27.0078 4936 SymIM - ok
09:03:27.0092 4936 SYMNDISV - ok
09:03:27.0109 4936 SYMREDRV - ok
09:03:27.0137 4936 SYMTDI (26bc80ec79d7ba478249c266cbdf17b4) C:\Windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS
09:03:27.0142 4936 SYMTDI - ok
09:03:27.0171 4936 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:03:27.0174 4936 Sym_hi - ok
09:03:27.0198 4936 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:03:27.0202 4936 Sym_u3 - ok
09:03:27.0236 4936 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
09:03:27.0242 4936 SynTP - ok
09:03:27.0338 4936 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
09:03:27.0372 4936 Tcpip - ok
09:03:27.0412 4936 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
09:03:27.0421 4936 Tcpip6 - ok
09:03:27.0473 4936 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
09:03:27.0476 4936 tcpipreg - ok
09:03:27.0507 4936 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:03:27.0509 4936 TDPIPE - ok
09:03:27.0538 4936 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:03:27.0541 4936 TDTCP - ok
09:03:27.0564 4936 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:03:27.0569 4936 tdx - ok
09:03:27.0601 4936 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:03:27.0604 4936 TermDD - ok
09:03:27.0683 4936 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:03:27.0686 4936 tssecsrv - ok
09:03:27.0718 4936 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:03:27.0721 4936 tunmp - ok
09:03:27.0759 4936 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:03:27.0762 4936 tunnel - ok
09:03:27.0788 4936 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
09:03:27.0792 4936 uagp35 - ok
09:03:27.0847 4936 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:03:27.0854 4936 udfs - ok
09:03:27.0889 4936 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
09:03:27.0892 4936 uliagpkx - ok
09:03:27.0920 4936 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
09:03:27.0927 4936 uliahci - ok
09:03:27.0945 4936 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:03:27.0950 4936 UlSata - ok
09:03:27.0967 4936 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:03:27.0971 4936 ulsata2 - ok
09:03:28.0017 4936 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:03:28.0020 4936 umbus - ok
09:03:28.0086 4936 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
09:03:28.0089 4936 USBAAPL - ok
09:03:28.0129 4936 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:03:28.0133 4936 usbccgp - ok
09:03:28.0164 4936 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:03:28.0167 4936 usbcir - ok
09:03:28.0222 4936 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:03:28.0225 4936 usbehci - ok
09:03:28.0270 4936 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:03:28.0276 4936 usbhub - ok
09:03:28.0297 4936 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
09:03:28.0300 4936 usbohci - ok
09:03:28.0349 4936 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
09:03:28.0351 4936 usbprint - ok
09:03:28.0398 4936 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
09:03:28.0401 4936 usbscan - ok
09:03:28.0434 4936 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:03:28.0437 4936 USBSTOR - ok
09:03:28.0466 4936 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
09:03:28.0469 4936 usbuhci - ok
09:03:28.0525 4936 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
09:03:28.0530 4936 usbvideo - ok
09:03:28.0564 4936 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
09:03:28.0566 4936 vga - ok
09:03:28.0590 4936 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:03:28.0592 4936 VgaSave - ok
09:03:28.0624 4936 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
09:03:28.0627 4936 viaagp - ok
09:03:28.0657 4936 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
09:03:28.0659 4936 ViaC7 - ok
09:03:28.0690 4936 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
09:03:28.0692 4936 viaide - ok
09:03:28.0719 4936 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:03:28.0723 4936 volmgr - ok
09:03:28.0776 4936 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:03:28.0784 4936 volmgrx - ok
09:03:28.0838 4936 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:03:28.0846 4936 volsnap - ok
09:03:28.0870 4936 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
09:03:28.0874 4936 vsmraid - ok
09:03:28.0916 4936 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:03:28.0918 4936 WacomPen - ok
09:03:28.0949 4936 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:03:28.0952 4936 Wanarp - ok
09:03:28.0978 4936 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:03:28.0979 4936 Wanarpv6 - ok
09:03:29.0029 4936 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
09:03:29.0034 4936 Wd - ok
09:03:29.0081 4936 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
09:03:29.0104 4936 Wdf01000 - ok
09:03:29.0190 4936 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:03:29.0213 4936 winachsf - ok
09:03:29.0284 4936 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:03:29.0285 4936 WmiAcpi - ok
09:03:29.0344 4936 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
09:03:29.0347 4936 WpdUsb - ok
09:03:29.0379 4936 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:03:29.0381 4936 ws2ifsl - ok
09:03:29.0451 4936 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:03:29.0455 4936 WUDFRd - ok
09:03:29.0488 4936 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
09:03:29.0491 4936 XAudio - ok
09:03:29.0545 4936 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
09:03:29.0551 4936 yukonwlh - ok
09:03:29.0605 4936 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:03:29.0972 4936 \Device\Harddisk0\DR0 - ok
09:03:29.0977 4936 Boot (0x1200) (afe3cbcc2b846b674b6bda15ef5da283) \Device\Harddisk0\DR0\Partition0
09:03:29.0979 4936 \Device\Harddisk0\DR0\Partition0 - ok
09:03:30.0009 4936 Boot (0x1200) (5c9d4f1a668ee9b50a50ce0e5522073b) \Device\Harddisk0\DR0\Partition1
09:03:30.0011 4936 \Device\Harddisk0\DR0\Partition1 - ok
09:03:30.0012 4936 ============================================================
09:03:30.0012 4936 Scan finished
09:03:30.0012 4936 ============================================================
09:03:30.0027 4612 Detected object count: 0
09:03:30.0027 4612 Actual detected object count: 0