Solved Trojan horse Crypt.AQLW, Internet pops up, computer crashing

Logs posted above,

Thanks for your help guys!

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Download BTKR_RunBox to your desktop.

Double click on downloaded BTKR_RunBox.exe file.
Small RunBox DOS window will open.
Press any key to continue.
Press "1" to select "Run a scan with Bootkit Remover" option.
Press "Enter".
Press "Enter" one more time to generate log.
Click OK, IF any "Warning" message pops up.
Notepad will open with Bootkit Remover log.
Copy the content and post it in your next reply.
In RunBox press "4" then Enter to exit it.

NOTE. In case you lost the log it's also located on your desktop as "scan.txt"

Hello again

Are there some posts missing from this thread?

I thought I was going mad but found the email notifications from the thread telling me to install combofix, but they no longer appear in the thread?!

Anyhow, I uninstalled AVG and now when the computer boots I get a suspicious pop up box stating "The recycle bin on C:\ is corrupted, Do you want to empty the recycle bin on this drive?" with a yes and no option,

I ran Combofix as instructed but the system seemed to lock up on the search part. I let it run for a few hours and got an error message stating that "freeware implementation of XCACLAS has stopped working". I closed that, I then got a message stating it was a bad infection that would take time to clear up. The machine then rebooted itself but got into a cycle where it would reboot on reaching the password prompt screen, briefly displaying a message about group access before rebooting. I let it reboot itself about a dozen times and then launched it in safe mode which was successful, but I still get the prompt box about Recycle bin, and when running in safe mode, combofix upacks itself but doesn't seem to run...

Further to the above, any attempt to boot normally puts the machine into a reboot loop again.

First of all I didn't ask you to run Combofix.

Run tools mentioned in my previous reply from safe mode.

Hello again,

I am very grateful for your help, which I know I am not being charged for; and I will donate to your site regardless of the outcome, but I do have this email in my account; and the post was definately in the thread:

"Dear Pr011,

Broni has just replied to a discussion you have subscribed to entitled "Trojan Horse Crypt.AQLW, Internet pops up, computer crashing" in the Virus and Malware Removal forum at TechSpot.

You can read this discussion at:
https://www.techspot.com/vb/newintopic177970.html

Here is the message that has just been posted:

***************
Please download ComboFix from *Here* (https://www.techspot.com/downloads/5587-combofix.html) or *Here* (https://www.techspot.com/downloads/5587-combofix.html) to your Desktop.

***Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop***
* Never rename Combofix unless instructed.
* Close any open browsers.
* Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix..." etc etc

I do not wish to cause any problems and it is not for me to argue when I am being helped (esp. for free!), but I did get the instruction to run combofix, I know there was sever maintenance last night on site, maybe that explains it??

I will run the tools requested from safe mode and post. Again, thanks for your help.

My logs:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-26 00:34:37
-----------------------------
00:34:37.958 OS Version: Windows 6.0.6002 Service Pack 2
00:34:37.958 Number of processors: 4 586 0xF0B
00:34:37.959 ComputerName: MARK-PC UserName: Mark
00:34:55.903 Initialize success
00:39:56.449 AVAST engine defs: 12022502
00:41:12.286 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1
00:41:12.288 Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
00:41:12.291 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000059
00:41:12.295 Disk 1 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 6
00:41:12.323 Disk 0 MBR read successfully
00:41:12.326 Disk 0 MBR scan
00:41:12.331 Disk 0 Windows VISTA default MBR code
00:41:12.336 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 2048
00:41:12.342 Disk 0 scanning sectors +312578048
00:41:12.409 Disk 0 scanning C:\Windows\system32\drivers
00:41:13.676 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Sirefef-JQ [Trj]
00:41:21.994 Disk 0 trace - called modules:
00:41:22.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85bcb1f8]<<
00:41:22.047 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a3d470]
00:41:22.053 3 CLASSPNP.SYS[8b5a78b3] -> nt!IofCallDriver -> [0x85c5c598]
00:41:22.060 5 acpi.sys[82e0f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-1[0x85c9a8a0]
00:41:22.067 \Driver\atapi[0x85c6c6e8] -> IRP_MJ_CREATE -> 0x85bcb1f8
00:41:22.724 AVAST engine scan C:\Windows
00:41:26.017 AVAST engine scan C:\Windows\system32
00:44:05.788 AVAST engine scan C:\Windows\system32\drivers
00:44:06.973 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Sirefef-JQ [Trj]
00:44:16.571 AVAST engine scan C:\Users\Mark
00:45:18.898 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
00:45:18.915 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"

Hello again,

The download link for BTKR_runbox appears to be dead... I get an error screen in french telling me it's not available.

RogueKiller V7.1.0 [02/15/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Mark [Admin rights]
Mode: Scan -- Date: 02/26/2012 01:13:29

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600AAJB-00PVA0 ATA Device +++++
--- User ---
[MBR] 7be4d50977873353752aa4c68214641c
[BSP] 40f40e7e33546ef3548f3ee71c27c7ca : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD64 01AALS-00L3B SCSI Disk Device +++++
--- User ---
[MBR] 8a22d489db3b89375fd554178146aad4
[BSP] bac0c001ecfd76fe391e8a7490c585ab : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610478 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

01:22:01.0653 0512 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
01:22:01.0789 0512 ============================================================
01:22:01.0789 0512 Current date / time: 2012/02/26 01:22:01.0789
01:22:01.0789 0512 SystemInfo:
01:22:01.0789 0512
01:22:01.0789 0512 OS Version: 6.0.6002 ServicePack: 2.0
01:22:01.0789 0512 Product type: Workstation
01:22:01.0789 0512 ComputerName: MARK-PC
01:22:01.0789 0512 UserName: Mark
01:22:01.0789 0512 Windows directory: C:\Windows
01:22:01.0789 0512 System windows directory: C:\Windows
01:22:01.0789 0512 Processor architecture: Intel x86
01:22:01.0789 0512 Number of processors: 4
01:22:01.0789 0512 Page size: 0x1000
01:22:01.0789 0512 Boot type: Safe boot with network
01:22:01.0789 0512 ============================================================
01:22:02.0721 0512 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:22:02.0728 0512 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:22:02.0729 0512 \Device\Harddisk0\DR0:
01:22:02.0730 0512 MBR used
01:22:02.0730 0512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
01:22:02.0730 0512 \Device\Harddisk1\DR1:
01:22:02.0730 0512 MBR used
01:22:02.0730 0512 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
01:22:02.0765 0512 Initialize success
01:22:02.0765 0512 ============================================================
01:22:11.0706 1620 ============================================================
01:22:11.0706 1620 Scan started
01:22:11.0706 1620 Mode: Manual;
01:22:11.0706 1620 ============================================================
01:22:12.0155 1620 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
01:22:12.0159 1620 ACPI - ok
01:22:12.0216 1620 ADIHdAudAddService (81a61c3fe6f0f8c084c9a80b584cce21) C:\Windows\system32\drivers\ADIHdAud.sys
01:22:12.0220 1620 ADIHdAudAddService - ok
01:22:12.0256 1620 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
01:22:12.0262 1620 adp94xx - ok
01:22:12.0290 1620 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
01:22:12.0294 1620 adpahci - ok
01:22:12.0318 1620 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
01:22:12.0319 1620 adpu160m - ok
01:22:12.0344 1620 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
01:22:12.0345 1620 adpu320 - ok
01:22:12.0416 1620 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
01:22:12.0419 1620 AFD - ok
01:22:12.0449 1620 AFGMp50 - ok
01:22:12.0504 1620 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\AFGSp50.sys
01:22:12.0505 1620 AFGSp50 - ok
01:22:12.0548 1620 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
01:22:12.0549 1620 agp440 - ok
01:22:12.0582 1620 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
01:22:12.0583 1620 aic78xx - ok
01:22:12.0628 1620 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
01:22:12.0629 1620 aliide - ok
01:22:12.0667 1620 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
01:22:12.0667 1620 amdagp - ok
01:22:12.0683 1620 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
01:22:12.0683 1620 amdide - ok
01:22:12.0706 1620 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
01:22:12.0706 1620 AmdK7 - ok
01:22:12.0740 1620 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
01:22:12.0740 1620 AmdK8 - ok
01:22:12.0773 1620 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
01:22:12.0773 1620 arc - ok
01:22:12.0796 1620 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
01:22:12.0796 1620 arcsas - ok
01:22:12.0840 1620 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
01:22:12.0840 1620 AsyncMac - ok
01:22:12.0882 1620 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
01:22:12.0882 1620 atapi - ok
01:22:12.0983 1620 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
01:22:12.0984 1620 Beep - ok
01:22:13.0009 1620 blbdrive - ok
01:22:13.0053 1620 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
01:22:13.0053 1620 bowser - ok
01:22:13.0086 1620 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
01:22:13.0087 1620 BrFiltLo - ok
01:22:13.0111 1620 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
01:22:13.0111 1620 BrFiltUp - ok
01:22:13.0142 1620 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
01:22:13.0143 1620 Brserid - ok
01:22:13.0166 1620 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
01:22:13.0166 1620 BrSerWdm - ok
01:22:13.0189 1620 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
01:22:13.0189 1620 BrUsbMdm - ok
01:22:13.0213 1620 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
01:22:13.0214 1620 BrUsbSer - ok
01:22:13.0243 1620 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
01:22:13.0243 1620 BTHMODEM - ok
01:22:13.0300 1620 catchme - ok
01:22:13.0347 1620 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
01:22:13.0348 1620 cdfs - ok
01:22:13.0387 1620 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
01:22:13.0387 1620 cdrom - ok
01:22:13.0438 1620 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
01:22:13.0439 1620 circlass - ok
01:22:13.0485 1620 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
01:22:13.0488 1620 CLFS - ok
01:22:13.0520 1620 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
01:22:13.0520 1620 cmdide - ok
01:22:13.0542 1620 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
01:22:13.0542 1620 Compbatt - ok
01:22:13.0566 1620 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
01:22:13.0566 1620 crcdisk - ok
01:22:13.0598 1620 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
01:22:13.0598 1620 Crusoe - ok
01:22:13.0695 1620 DfsC (048d6fec8033b3c0ed624693ec9ada2b) C:\Windows\system32\Drivers\dfsc.sys
01:22:13.0696 1620 DfsC ( Virus.Win32.ZAccess.c ) - infected
01:22:13.0696 1620 DfsC - detected Virus.Win32.ZAccess.c (0)
01:22:13.0763 1620 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
01:22:13.0763 1620 disk - ok
01:22:13.0823 1620 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
01:22:13.0824 1620 Dot4 - ok
01:22:13.0870 1620 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
01:22:13.0870 1620 Dot4Print - ok
01:22:13.0888 1620 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
01:22:13.0888 1620 dot4usb - ok
01:22:13.0920 1620 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
01:22:13.0920 1620 drmkaud - ok
01:22:13.0974 1620 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
01:22:13.0984 1620 DXGKrnl - ok
01:22:14.0023 1620 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
01:22:14.0025 1620 E1G60 - ok
01:22:14.0100 1620 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
01:22:14.0101 1620 Ecache - ok
01:22:14.0146 1620 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
01:22:14.0150 1620 elxstor - ok
01:22:14.0215 1620 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
01:22:14.0216 1620 exfat - ok
01:22:14.0264 1620 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
01:22:14.0265 1620 fastfat - ok
01:22:14.0304 1620 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
01:22:14.0304 1620 fdc - ok
01:22:14.0356 1620 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
01:22:14.0356 1620 FileInfo - ok
01:22:14.0393 1620 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
01:22:14.0393 1620 Filetrace - ok
01:22:14.0420 1620 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
01:22:14.0420 1620 flpydisk - ok
01:22:14.0460 1620 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
01:22:14.0462 1620 FltMgr - ok
01:22:14.0524 1620 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
01:22:14.0524 1620 Fs_Rec - ok
01:22:14.0562 1620 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
01:22:14.0563 1620 gagp30kx - ok
01:22:14.0648 1620 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
01:22:14.0650 1620 HdAudAddService - ok
01:22:14.0695 1620 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:22:14.0704 1620 HDAudBus - ok
01:22:14.0854 1620 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
01:22:14.0854 1620 HidBth - ok
01:22:14.0899 1620 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
01:22:14.0900 1620 HidIr - ok
01:22:14.0945 1620 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
01:22:14.0946 1620 HidUsb - ok
01:22:14.0976 1620 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
01:22:14.0977 1620 HpCISSs - ok
01:22:15.0071 1620 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
01:22:15.0077 1620 HTTP - ok
01:22:15.0121 1620 hwdatacard (4154079a88089155d10168333b19627f) C:\Windows\system32\DRIVERS\ewusbmdm.sys
01:22:15.0121 1620 hwdatacard - ok
01:22:15.0153 1620 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
01:22:15.0153 1620 i2omp - ok
01:22:15.0209 1620 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
01:22:15.0210 1620 i8042prt - ok
01:22:15.0242 1620 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
01:22:15.0244 1620 iaStorV - ok
01:22:15.0274 1620 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
01:22:15.0275 1620 iirsp - ok
01:22:15.0302 1620 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
01:22:15.0302 1620 intelide - ok
01:22:15.0347 1620 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
01:22:15.0347 1620 intelppm - ok
01:22:15.0396 1620 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:22:15.0397 1620 IpFilterDriver - ok
01:22:15.0414 1620 IpInIp - ok
01:22:15.0450 1620 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
01:22:15.0451 1620 IPMIDRV - ok
01:22:15.0492 1620 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
01:22:15.0493 1620 IPNAT - ok
01:22:15.0528 1620 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
01:22:15.0528 1620 IRENUM - ok
01:22:15.0552 1620 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
01:22:15.0553 1620 isapnp - ok
01:22:15.0599 1620 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
01:22:15.0600 1620 iScsiPrt - ok
01:22:15.0624 1620 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
01:22:15.0625 1620 iteatapi - ok
01:22:15.0665 1620 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
01:22:15.0666 1620 iteraid - ok
01:22:15.0755 1620 jbridgep (22fabdc07b4de09773a92d49201c9f94) C:\Users\Mark\AppData\Local\Temp\jbridgep.sys
01:22:15.0756 1620 jbridgep - ok
01:22:15.0787 1620 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
01:22:15.0787 1620 kbdclass - ok
01:22:15.0815 1620 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
01:22:15.0815 1620 kbdhid - ok
01:22:15.0868 1620 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
01:22:15.0874 1620 KSecDD - ok
01:22:15.0916 1620 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
01:22:15.0917 1620 lltdio - ok
01:22:15.0965 1620 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
01:22:15.0966 1620 LSI_FC - ok
01:22:15.0992 1620 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
01:22:15.0993 1620 LSI_SAS - ok
01:22:16.0020 1620 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
01:22:16.0021 1620 LSI_SCSI - ok
01:22:16.0061 1620 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
01:22:16.0062 1620 luafv - ok
01:22:16.0095 1620 massfilter (6490fe1b088c7199a9b6ce0e04a98a8b) C:\Windows\system32\DRIVERS\massfilter.sys
01:22:16.0096 1620 massfilter - ok
01:22:16.0131 1620 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
01:22:16.0131 1620 MBAMProtector - ok
01:22:16.0196 1620 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\Windows\system32\mbmiodrvr.sys
01:22:16.0197 1620 mbmiodrvr - ok
01:22:16.0233 1620 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
01:22:16.0233 1620 megasas - ok
01:22:16.0264 1620 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
01:22:16.0264 1620 Modem - ok
01:22:16.0323 1620 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
01:22:16.0324 1620 monitor - ok
01:22:16.0354 1620 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
01:22:16.0354 1620 mouclass - ok
01:22:16.0388 1620 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
01:22:16.0388 1620 mouhid - ok
01:22:16.0419 1620 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
01:22:16.0420 1620 MountMgr - ok
01:22:16.0468 1620 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
01:22:16.0468 1620 mpio - ok
01:22:16.0535 1620 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
01:22:16.0536 1620 mpsdrv - ok
01:22:16.0565 1620 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
01:22:16.0566 1620 Mraid35x - ok
01:22:16.0635 1620 MRV6X32P (02b74ba962232ea2a1771aa522143eaa) C:\Windows\system32\DRIVERS\MRVW13B.sys
01:22:16.0638 1620 MRV6X32P - ok
01:22:16.0685 1620 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
01:22:16.0685 1620 MRxDAV - ok
01:22:16.0725 1620 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:22:16.0725 1620 mrxsmb - ok
01:22:16.0776 1620 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:22:16.0778 1620 mrxsmb10 - ok
01:22:16.0797 1620 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:22:16.0798 1620 mrxsmb20 - ok
01:22:16.0827 1620 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
01:22:16.0828 1620 msahci - ok
01:22:16.0852 1620 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
01:22:16.0853 1620 msdsm - ok
01:22:16.0902 1620 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
01:22:16.0903 1620 Msfs - ok
01:22:16.0952 1620 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
01:22:16.0952 1620 msisadrv - ok
01:22:16.0993 1620 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
01:22:16.0993 1620 MSKSSRV - ok
01:22:17.0037 1620 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
01:22:17.0037 1620 MSPCLOCK - ok
01:22:17.0071 1620 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
01:22:17.0071 1620 MSPQM - ok
01:22:17.0112 1620 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
01:22:17.0114 1620 MsRPC - ok
01:22:17.0157 1620 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
01:22:17.0158 1620 mssmbios - ok
01:22:17.0191 1620 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
01:22:17.0191 1620 MSTEE - ok
01:22:17.0222 1620 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
01:22:17.0222 1620 MTsensor - ok
01:22:17.0236 1620 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
01:22:17.0237 1620 Mup - ok
01:22:17.0280 1620 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
01:22:17.0281 1620 NativeWifiP - ok
01:22:17.0332 1620 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
01:22:17.0341 1620 NDIS - ok
01:22:17.0371 1620 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
01:22:17.0371 1620 NdisTapi - ok
01:22:17.0409 1620 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
01:22:17.0409 1620 Ndisuio - ok
01:22:17.0440 1620 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
01:22:17.0441 1620 NdisWan - ok
01:22:17.0490 1620 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
01:22:17.0491 1620 NDProxy - ok
01:22:17.0517 1620 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
01:22:17.0518 1620 NetBIOS - ok
01:22:17.0574 1620 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
01:22:17.0574 1620 nfrd960 - ok
01:22:17.0618 1620 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
01:22:17.0618 1620 Npfs - ok
01:22:17.0657 1620 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
01:22:17.0658 1620 nsiproxy - ok
01:22:17.0722 1620 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
01:22:17.0748 1620 Ntfs - ok
01:22:17.0778 1620 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
01:22:17.0778 1620 ntrigdigi - ok
01:22:17.0837 1620 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
01:22:17.0838 1620 NuidFltr - ok
01:22:17.0892 1620 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
01:22:17.0892 1620 Null - ok
01:22:17.0949 1620 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
01:22:17.0955 1620 NVENETFD - ok
01:22:18.0218 1620 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:22:18.0414 1620 nvlddmkm - ok
01:22:18.0453 1620 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
01:22:18.0453 1620 nvraid - ok
01:22:18.0497 1620 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
01:22:18.0497 1620 nvstor - ok
01:22:18.0531 1620 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
01:22:18.0531 1620 nvstor32 - ok
01:22:18.0577 1620 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
01:22:18.0578 1620 nv_agp - ok
01:22:18.0595 1620 NwlnkFlt - ok
01:22:18.0609 1620 NwlnkFwd - ok
01:22:18.0659 1620 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
01:22:18.0660 1620 ohci1394 - ok
01:22:18.0689 1620 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
01:22:18.0690 1620 Parport - ok
01:22:18.0732 1620 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
01:22:18.0732 1620 partmgr - ok
01:22:18.0759 1620 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
01:22:18.0759 1620 Parvdm - ok
01:22:18.0787 1620 PCASp50 - ok
01:22:18.0836 1620 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
01:22:18.0837 1620 pci - ok
01:22:18.0864 1620 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
01:22:18.0864 1620 pciide - ok
01:22:18.0899 1620 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
01:22:18.0900 1620 pcmcia - ok
01:22:18.0950 1620 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
01:22:18.0967 1620 PEAUTH - ok
01:22:19.0045 1620 Point32 (5b6f99087cc1342b3d193e8155f26b6f) C:\Windows\system32\DRIVERS\point32k.sys
01:22:19.0046 1620 Point32 - ok
01:22:19.0085 1620 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
01:22:19.0086 1620 PptpMiniport - ok
01:22:19.0111 1620 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
01:22:19.0112 1620 Processor - ok
01:22:19.0176 1620 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
01:22:19.0177 1620 PSched - ok
01:22:19.0235 1620 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
01:22:19.0259 1620 ql2300 - ok
01:22:19.0286 1620 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
01:22:19.0287 1620 ql40xx - ok
01:22:19.0327 1620 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
01:22:19.0328 1620 QWAVEdrv - ok
01:22:19.0371 1620 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
01:22:19.0371 1620 RasAcd - ok
01:22:19.0408 1620 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:22:19.0409 1620 Rasl2tp - ok
01:22:19.0464 1620 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
01:22:19.0465 1620 RasPppoe - ok
01:22:19.0481 1620 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
01:22:19.0482 1620 RasSstp - ok
01:22:19.0533 1620 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
01:22:19.0535 1620 rdbss - ok
01:22:19.0576 1620 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:22:19.0577 1620 RDPCDD - ok
01:22:19.0625 1620 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
01:22:19.0628 1620 rdpdr - ok
01:22:19.0641 1620 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
01:22:19.0641 1620 RDPENCDD - ok
01:22:19.0677 1620 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
01:22:19.0680 1620 RDPWD - ok
01:22:19.0722 1620 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
01:22:19.0722 1620 rspndr - ok
01:22:19.0745 1620 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
01:22:19.0746 1620 sbp2port - ok
01:22:19.0791 1620 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
01:22:19.0792 1620 secdrv - ok
01:22:19.0816 1620 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
01:22:19.0816 1620 Serenum - ok
01:22:19.0851 1620 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
01:22:19.0851 1620 Serial - ok
01:22:19.0910 1620 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
01:22:19.0910 1620 sermouse - ok
01:22:19.0938 1620 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
01:22:19.0938 1620 sffdisk - ok
01:22:19.0958 1620 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
01:22:19.0959 1620 sffp_mmc - ok
01:22:19.0981 1620 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
01:22:19.0981 1620 sffp_sd - ok
01:22:20.0006 1620 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
01:22:20.0007 1620 sfloppy - ok
01:22:20.0041 1620 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
01:22:20.0042 1620 sisagp - ok
01:22:20.0068 1620 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
01:22:20.0068 1620 SiSRaid2 - ok
01:22:20.0094 1620 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
01:22:20.0095 1620 SiSRaid4 - ok
01:22:20.0139 1620 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
01:22:20.0140 1620 Smb - ok
01:22:20.0187 1620 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
01:22:20.0187 1620 spldr - ok
01:22:20.0238 1620 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
01:22:20.0238 1620 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
01:22:20.0245 1620 sptd ( LockedFile.Multi.Generic ) - warning
01:22:20.0245 1620 sptd - detected LockedFile.Multi.Generic (1)
01:22:20.0292 1620 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
01:22:20.0296 1620 srv - ok
01:22:20.0337 1620 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
01:22:20.0339 1620 srv2 - ok
01:22:20.0378 1620 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
01:22:20.0379 1620 srvnet - ok
01:22:20.0466 1620 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
01:22:20.0467 1620 swenum - ok
01:22:20.0499 1620 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
01:22:20.0499 1620 Symc8xx - ok
01:22:20.0525 1620 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
01:22:20.0526 1620 Sym_hi - ok
01:22:20.0550 1620 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
01:22:20.0551 1620 Sym_u3 - ok
01:22:20.0608 1620 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
01:22:20.0626 1620 Tcpip - ok
01:22:20.0657 1620 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
01:22:20.0662 1620 Tcpip6 - ok
01:22:20.0705 1620 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
01:22:20.0706 1620 tcpipreg - ok
01:22:20.0741 1620 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
01:22:20.0742 1620 TDPIPE - ok
01:22:20.0767 1620 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
01:22:20.0767 1620 TDTCP - ok
01:22:20.0805 1620 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
01:22:20.0806 1620 tdx - ok
01:22:20.0848 1620 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
01:22:20.0849 1620 TermDD - ok
01:22:20.0882 1620 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:22:20.0883 1620 tssecsrv - ok
01:22:20.0940 1620 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
01:22:20.0940 1620 tunmp - ok
01:22:20.0976 1620 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
01:22:20.0977 1620 tunnel - ok
01:22:21.0029 1620 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
01:22:21.0029 1620 uagp35 - ok
01:22:21.0071 1620 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
01:22:21.0074 1620 udfs - ok
01:22:21.0117 1620 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
01:22:21.0118 1620 uliagpkx - ok
01:22:21.0144 1620 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
01:22:21.0147 1620 uliahci - ok
01:22:21.0174 1620 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
01:22:21.0174 1620 UlSata - ok
01:22:21.0204 1620 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
01:22:21.0205 1620 ulsata2 - ok
01:22:21.0243 1620 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
01:22:21.0244 1620 umbus - ok
01:22:21.0285 1620 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
01:22:21.0285 1620 usbccgp - ok
01:22:21.0311 1620 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
01:22:21.0312 1620 usbcir - ok
01:22:21.0343 1620 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
01:22:21.0344 1620 usbehci - ok
01:22:21.0379 1620 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
01:22:21.0381 1620 usbhub - ok
01:22:21.0410 1620 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
01:22:21.0410 1620 usbohci - ok
01:22:21.0456 1620 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
01:22:21.0457 1620 usbprint - ok
01:22:21.0504 1620 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
01:22:21.0505 1620 usbscan - ok
01:22:21.0528 1620 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:22:21.0529 1620 USBSTOR - ok
01:22:21.0553 1620 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
01:22:21.0554 1620 usbuhci - ok
01:22:21.0593 1620 USB_RNDIS (830d5d8456b822c1247c1e59b4c464fa) C:\Windows\system32\DRIVERS\usb8023.sys
01:22:21.0593 1620 USB_RNDIS - ok
01:22:21.0645 1620 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
01:22:21.0646 1620 vga - ok
01:22:21.0685 1620 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
01:22:21.0686 1620 VgaSave - ok
01:22:21.0722 1620 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
01:22:21.0723 1620 viaagp - ok
01:22:21.0745 1620 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
01:22:21.0745 1620 ViaC7 - ok
01:22:21.0770 1620 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
01:22:21.0771 1620 viaide - ok
01:22:21.0809 1620 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
01:22:21.0810 1620 volmgr - ok
01:22:21.0859 1620 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
01:22:21.0863 1620 volmgrx - ok
01:22:21.0902 1620 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
01:22:21.0905 1620 volsnap - ok
01:22:21.0939 1620 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
01:22:21.0940 1620 vsmraid - ok
01:22:21.0974 1620 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
01:22:21.0974 1620 WacomPen - ok
01:22:22.0007 1620 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
01:22:22.0008 1620 Wanarp - ok
01:22:22.0017 1620 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
01:22:22.0018 1620 Wanarpv6 - ok
01:22:22.0044 1620 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
01:22:22.0044 1620 Wd - ok
01:22:22.0089 1620 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
01:22:22.0097 1620 Wdf01000 - ok
01:22:22.0166 1620 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
01:22:22.0167 1620 WmiAcpi - ok
01:22:22.0207 1620 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
01:22:22.0207 1620 WpdUsb - ok
01:22:22.0244 1620 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
01:22:22.0244 1620 ws2ifsl - ok
01:22:22.0288 1620 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:22:22.0289 1620 WUDFRd - ok
01:22:22.0345 1620 ZTEusbmdm6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
01:22:22.0346 1620 ZTEusbmdm6k - ok
01:22:22.0413 1620 ZTEusbnmea (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
01:22:22.0414 1620 ZTEusbnmea - ok
01:22:22.0460 1620 ZTEusbser6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
01:22:22.0460 1620 ZTEusbser6k - ok
01:22:22.0497 1620 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
01:22:22.0544 1620 \Device\Harddisk0\DR0 - ok
01:22:22.0554 1620 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
01:22:22.0596 1620 \Device\Harddisk1\DR1 - ok
01:22:22.0598 1620 Boot (0x1200) (0764067473881a4af3236f319ce802b5) \Device\Harddisk0\DR0\Partition0
01:22:22.0599 1620 \Device\Harddisk0\DR0\Partition0 - ok
01:22:22.0601 1620 Boot (0x1200) (21fa605b69522b273bd08e3b52a2ee70) \Device\Harddisk1\DR1\Partition0
01:22:22.0602 1620 \Device\Harddisk1\DR1\Partition0 - ok
01:22:22.0603 1620 ============================================================
01:22:22.0603 1620 Scan finished
01:22:22.0603 1620 ============================================================
01:22:22.0609 1440 Detected object count: 2
01:22:22.0609 1440 Actual detected object count: 2
01:22:43.0548 1440 C:\Windows\system32\Drivers\dfsc.sys - copied to quarantine
01:22:43.0551 1440 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\dfsc.sys) error 1813
01:22:51.0390 1440 Backup copy not found, trying to cure infected file..
01:22:51.0391 1440 C:\Windows\system32\Drivers\dfsc.sys - Cure failed (FFFFFFFF)
01:22:51.0391 1440 C:\Windows\system32\Drivers\dfsc.sys - processing error
01:22:54.0218 1440 DfsC ( Virus.Win32.ZAccess.c ) - User select action: Cure
01:22:54.0219 1440 sptd ( LockedFile.Multi.Generic ) - skipped by user
01:22:54.0219 1440 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

We have one system file infected and that's causing the issues.

Delete your Combofix file, download fresh one and re-run it from Safe Mode.

Please see the combofix log below:

ComboFix 12-02-24.02 - Mark 26/02/2012 3:03.1.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2934 [GMT 0:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\cmdline.cfg
c:\program files\3
c:\program files\3\3Connect\3ConnectHelp.chm
c:\program files\3\3Connect\AceDb.encrypt
c:\program files\3\3Connect\AutoRun.dat
c:\program files\3\3Connect\AutoUpdateSrv.exe
c:\program files\3\3Connect\birdstepping.cmd
c:\program files\3\3Connect\BlackListedDev.cfg
c:\program files\3\3Connect\BlacklistedProcesses.xml
c:\program files\3\3Connect\browsing1.html
c:\program files\3\3Connect\capicom.dll
c:\program files\3\3Connect\checkdata_online.html
c:\program files\3\3Connect\CiscoApiWrapper.dll
c:\program files\3\3Connect\Config.encrypt
c:\program files\3\3Connect\Config.xml
c:\program files\3\3Connect\Config_23420.encrypt
c:\program files\3\3Connect\Config_23420.xml
c:\program files\3\3Connect\Config_27205.encrypt
c:\program files\3\3Connect\Config_27205.xml
c:\program files\3\3Connect\Config_Default.encrypt
c:\program files\3\3Connect\Config_Default.xml
c:\program files\3\3Connect\ConfigAup.encrypt
c:\program files\3\3Connect\ConfigAup.xml
c:\program files\3\3Connect\connecting1.html
c:\program files\3\3Connect\Content.css2
c:\program files\3\3Connect\Convert.xsl
c:\program files\3\3Connect\datausageguide1.html
c:\program files\3\3Connect\DeviceInstaller.exe
c:\program files\3\3Connect\Devices.xml
c:\program files\3\3Connect\Dialog.cfg
c:\program files\3\3Connect\ejectdisk.exe
c:\program files\3\3Connect\endpoint.css
c:\program files\3\3Connect\endpoint2.css
c:\program files\3\3Connect\Flash.ocx
c:\program files\3\3Connect\homepage1.html
c:\program files\3\3Connect\HuaweiE220.dll
c:\program files\3\3Connect\HuaweiE620.dll
c:\program files\3\3Connect\ImportConfiguration.exe
c:\program files\3\3Connect\incompatiblesoft.htm
c:\program files\3\3Connect\Instalhelper.log
c:\program files\3\3Connect\InstallHelpers.dll
c:\program files\3\3Connect\LanDevice.dll
c:\program files\3\3Connect\live.css
c:\program files\3\3Connect\Logger.dll
c:\program files\3\3Connect\mbbhelp.chm
c:\program files\3\3Connect\mfc80u.dll
c:\program files\3\3Connect\Microsoft.VC80.CRT.manifest
c:\program files\3\3Connect\Microsoft.VC80.MFC.manifest
c:\program files\3\3Connect\modemcust.cfg
c:\program files\3\3Connect\modeminfo.cfg
c:\program files\3\3Connect\Modems\ZTE_MF6X6_USB_MODEM_1.2050.0.6.exe
c:\program files\3\3Connect\msvcp80.dll
c:\program files\3\3Connect\msvcr80.dll
c:\program files\3\3Connect\NetworkCodes.cfg
c:\program files\3\3Connect\OperatorList.xml
c:\program files\3\3Connect\OptGlobetrotterGTMax72.dll
c:\program files\3\3Connect\PatchInfo.ini
c:\program files\3\3Connect\ping1.html
c:\program files\3\3Connect\pingtest.JPG
c:\program files\3\3Connect\proxy.JPG
c:\program files\3\3Connect\Res.dll
c:\program files\3\3Connect\Roaming\RoamingPrice_23420.ini
c:\program files\3\3Connect\Skins\FlashSkin\gui.swf
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\account.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\arrow_dwn.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\arrow_up.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_history.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_main.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_rss.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_sidebox.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_back.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_connect.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_default.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_disconnect.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_login.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_rssclose.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_rssopen.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\exit.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\globe.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\graph.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\minimize.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\nr_sms.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_history.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_main.swf
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_rss.swf
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\roaming.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\signal.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\sms.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\tab_1.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\tab_2.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\settings\constructor.xml
c:\program files\3\3Connect\Skins\FlashSkin\resources\settings\offline.xml
c:\program files\3\3Connect\Skins\FlashSkin\resources\settings\strings.xml
c:\program files\3\3Connect\Skins\FlexSkin\assets\banner.swf
c:\program files\3\3Connect\Skins\FlexSkin\assets\bec_go_lite.swf
c:\program files\3\3Connect\Skins\FlexSkin\assets\config.xml
c:\program files\3\3Connect\Skins\FlexSkin\assets\menu_lite.xml
c:\program files\3\3Connect\Skins\FlexSkin\assets\signal.swf
c:\program files\3\3Connect\Skins\FlexSkin\assets\strings.xml
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_0.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_1.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_2.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_3.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_4.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_5.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_6.png
c:\program files\3\3Connect\Skins\FlexSkin\gui.swf
c:\program files\3\3Connect\Skins\FlexSkin\modules\guiOverrides.swf
c:\program files\3\3Connect\Sms.xml
c:\program files\3\3Connect\SmsApp2.dll
c:\program files\3\3Connect\SoftOpt.encrypt
c:\program files\3\3Connect\startup.exe
c:\program files\3\3Connect\Strings.txt
c:\program files\3\3Connect\SwiApiInterface.dll
c:\program files\3\3Connect\SwiApiMux.exe
c:\program files\3\3Connect\SwiCardDetect.dll
c:\program files\3\3Connect\SysConfig.dat
c:\program files\3\3Connect\SystemInfo.txt
c:\program files\3\3Connect\topup.html
c:\program files\3\3Connect\Update\ConfigAup.encrypt
c:\program files\3\3Connect\Update\ConfigAup.xml
c:\program files\3\3Connect\Wilog.exe
c:\program files\3\3Connect\WilogApp.exe
c:\program files\3\3Connect\WWanDevice.dll
c:\program files\3\3Connect\ZTE_MF636_startup.exe
c:\program files\3\3Connect\ZTE620.dll
c:\program files\INSTALL.LOG
c:\users\Mark\Documents\~WRL0002.tmp
c:\users\Mark\Documents\~WRL0004.tmp
c:\users\Mark\Documents\~WRL3743.tmp
c:\users\Mark\Documents\~WRL3991.tmp
c:\windows\$NtUninstallKB32240$\1873154646\cfg.ini
c:\windows\system32\AutoRun.inf
F:\install.exe
c:\windows\$NtUninstallKB32240$ . . . . Failed to delete
.
c:\windows\system32\drivers\netbt.sys was missing
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy8_!Windows!System32!drivers!netbt.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-26 03:15 . 2012-02-26 03:20 -------- d-----w- c:\users\Mark\AppData\Local\temp
2012-02-26 03:15 . 2012-02-26 03:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-24 22:59 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 22:14 . 2011-12-15 06:21 129536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-22 00:17 . 2012-02-22 01:09 -------- d-----w- c:\users\UpdatusUser
2012-02-22 00:15 . 2012-02-10 04:13 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-22 00:15 . 2012-02-10 04:13 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-22 00:15 . 2012-02-10 04:13 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-22 00:15 . 2012-02-10 04:13 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-22 00:15 . 2012-02-10 04:13 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-22 00:15 . 2012-02-10 04:13 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-22 00:15 . 2012-02-10 04:13 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-17 22:47 . 2012-02-17 22:47 -------- d-----w- c:\users\Mark\AppData\Roaming\AVG2012
2012-02-17 22:44 . 2012-02-25 03:09 -------- d-----w- c:\programdata\AVG2012
2012-02-17 20:58 . 2012-02-25 02:42 -------- d-----w- c:\programdata\MFAData
2012-02-14 20:06 . 2012-02-17 20:29 -------- d-----w- c:\users\Mark\AppData\Roaming\Usukmo
2012-02-14 20:06 . 2012-02-14 20:06 -------- d-----w- c:\users\Mark\AppData\Roaming\Mywara
2012-02-12 11:17 . 2012-02-17 14:51 -------- d-----w- c:\users\Mark\AppData\Roaming\Aktuot
2012-02-12 11:17 . 2012-02-12 11:37 -------- d-----w- c:\users\Mark\AppData\Roaming\Xete
2012-02-11 23:20 . 2012-02-25 10:10 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 22:55 . 2010-09-11 16:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-10 04:13 . 2011-10-17 02:10 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13 . 2011-10-17 02:10 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:13 . 2011-02-23 01:57 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13 . 2009-06-10 17:33 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13 . 2009-06-10 17:33 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 03:02 . 2011-02-23 00:40 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-02-23 00:39 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-02-23 00:38 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-02-23 00:38 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:00 . 2009-06-10 08:34 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-01-12 19:52 . 2012-02-24 22:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 06:22 . 2012-02-24 22:14 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-02 15:15 . 2011-06-17 13:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-23 68856]
"Steam"="f:\program files\Steam\steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"DLBTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-6-9 2042088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [2005-8-31 1691648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
backup=c:\windows\pss\Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2008-11-04 11:40 2087424 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qmofiltr
pserve
vmparport
k750mdfl
delldmi
knobserv
tvtpktfilter
datasvr2
amdk77
clsched
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-23 07:15]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.bbc.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mod.uk\www.westminster
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/|http://www.hotmail.com/|http://www.facebook.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-Fallout Mod Manager_is1 - c:\program files\steam\steamapps\common\fallout 3\fomm\uninstall\unins000.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files\Common Files\BioWare\Uninstall Mass Effect 2.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:95,f0,cb,53,9a,96,d9,c6,ad,ef,7c,3c,7e,8b,6b,a3,ff,28,9d,b4,75,d4,82,
26,15,8f,b4,41,79,6c,09,51,8c,9d,91,01,67,9b,86,e0,74,e9,a2,47,79,c5,f6,54,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\License information*]
"datasecu"=hex:a5,92,72,63,87,4c,26,d5,74,ef,71,ff,4a,aa,92,e9,20,64,f7,bc,f8,
32,3b,d6,50,cc,b4,51,90,1d,35,56,e8,e2,2e,e2,dd,d9,c4,a7,e9,d2,7b,27,af,d3,\
"rkeysecu"=hex:1e,ae,06,95,0e,65,8d,3b,aa,24,d6,13,54,d5,ef,7b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\helppane.exe
.
**************************************************************************
.
Completion time: 2012-02-26 03:26:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-26 03:25
.
Pre-Run: 38,793,306,112 bytes free
Post-Run: 38,562,734,080 bytes free
.
- - End Of File - - A677ADA0F2097407EC75804B713FEC3F

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box and paste it into the main textfield:
  
  Code:

  :filefind
  dfsc.sys

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook 30.07.11 by jpshortstuff
Log created at 04:12 on 26/02/2012 by Mark
Administrator - Elevation successful

========== filefind ==========

Searching for "dfsc.sys"
C:\Windows\System32\drivers\dfsc.sys --a---- 75264 bytes [20:44 07/08/2011] [14:59 14/04/2011] 048D6FEC8033B3C0ED624693EC9ADA2B
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6000.16386_none_85636be1e930d40a\dfsc.sys --a---- 74752 bytes [08:31 02/11/2006] [08:31 02/11/2006] A7179DE59AE269AB70345527894CCD7C
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18000_none_879a2ddde61be4de\dfsc.sys --a---- 75264 bytes [10:51 10/06/2008] [05:28 19/01/2008] 9E635AE5E8AD93E2B5989E2E23679F97
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18633_none_877cca5be63173a0\dfsc.sys --a---- 75264 bytes [20:44 07/08/2011] [14:24 14/04/2011] A3E9FA213F443AC77C7746119D13FEEC
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.22899_none_87cb8b40ff7a5041\dfsc.sys --a---- 75264 bytes [20:44 07/08/2011] [13:22 13/04/2011] E20FB30D720810646ED24FB7CA9899A2
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a\dfsc.sys --a---- 75264 bytes [13:08 14/03/2011] [21:14 10/04/2009] 218D8AE46C88E82014F5D73D0236D9B2
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys --a---- 75264 bytes [20:44 07/08/2011] [14:59 14/04/2011] 048D6FEC8033B3C0ED624693EC9ADA2B
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.22625_none_89f9ad5afc6b7999\dfsc.sys --a---- 75264 bytes [20:44 07/08/2011] [14:36 14/04/2011] 3A3436F7DFE0E0C58CD5C3B6C9F21634

-= EOF =-

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:



3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

ComboFix 12-02-24.02 - Mark 26/02/2012 4:31.2.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2936 [GMT 0:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
Command switches used :: c:\users\Mark\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\dds_trash_log.cmd"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mark\AppData\Roaming\Aktuot
c:\users\Mark\AppData\Roaming\Mywara
c:\users\Mark\AppData\Roaming\Mywara\teif.exa
c:\users\Mark\AppData\Roaming\Usukmo
c:\users\Mark\AppData\Roaming\Xete
c:\windows\system32\dds_trash_log.cmd
.
Infected copy of c:\windows\system32\drivers\dfsc.sys was found and disinfected
Restored copy from - The cat found it
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6000.16386_none_85636be1e930d40a\dfsc.sys --> c:\windows\System32\drivers\dfsc.sys
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-26 04:39 . 2012-02-26 04:39 -------- d-----w- c:\users\Mark\AppData\Local\temp
2012-02-26 04:39 . 2012-02-26 04:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-26 03:14 . 2009-04-10 21:45 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-26 01:22 . 2012-02-26 02:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-24 22:59 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-22 00:17 . 2012-02-22 01:09 -------- d-----w- c:\users\UpdatusUser
2012-02-22 00:15 . 2012-02-10 04:13 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-22 00:15 . 2012-02-10 04:13 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-22 00:15 . 2012-02-10 04:13 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-22 00:15 . 2012-02-10 04:13 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-22 00:15 . 2012-02-10 04:13 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-22 00:15 . 2012-02-10 04:13 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-22 00:15 . 2012-02-10 04:13 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-17 22:47 . 2012-02-17 22:47 -------- d-----w- c:\users\Mark\AppData\Roaming\AVG2012
2012-02-17 22:44 . 2012-02-25 03:09 -------- d-----w- c:\programdata\AVG2012
2012-02-17 20:58 . 2012-02-25 02:42 -------- d-----w- c:\programdata\MFAData
2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 22:55 . 2010-09-11 16:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-10 04:13 . 2011-10-17 02:10 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13 . 2011-10-17 02:10 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:13 . 2011-02-23 01:57 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13 . 2009-06-10 17:33 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13 . 2009-06-10 17:33 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 03:02 . 2011-02-23 00:40 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-02-23 00:39 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-02-23 00:38 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-02-23 00:38 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:00 . 2009-06-10 08:34 62272 ----a-w- c:\windows\system32\nvshext.dll
2011-12-02 15:15 . 2011-06-17 13:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-23 68856]
"Steam"="f:\program files\Steam\steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"DLBTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-6-9 2042088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [2005-8-31 1691648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
backup=c:\windows\pss\Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2008-11-04 11:40 2087424 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qmofiltr
pserve
vmparport
k750mdfl
delldmi
knobserv
tvtpktfilter
datasvr2
amdk77
clsched
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-23 07:15]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.bbc.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mod.uk\www.westminster
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/|http://www.hotmail.com/|http://www.facebook.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-26 04:39
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:95,f0,cb,53,9a,96,d9,c6,ad,ef,7c,3c,7e,8b,6b,a3,ff,28,9d,b4,75,d4,82,
26,15,8f,b4,41,79,6c,09,51,8c,9d,91,01,67,9b,86,e0,74,e9,a2,47,79,c5,f6,54,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\License information*]
"datasecu"=hex:a5,92,72,63,87,4c,26,d5,74,ef,71,ff,4a,aa,92,e9,20,64,f7,bc,f8,
32,3b,d6,50,cc,b4,51,90,1d,35,56,e8,e2,2e,e2,dd,d9,c4,a7,e9,d2,7b,27,af,d3,\
"rkeysecu"=hex:1e,ae,06,95,0e,65,8d,3b,aa,24,d6,13,54,d5,ef,7b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-26 04:41:09
ComboFix-quarantined-files.txt 2012-02-26 04:41
ComboFix2.txt 2012-02-26 03:26
.
Pre-Run: 38,619,123,712 bytes free
Post-Run: 38,584,827,904 bytes free
.
- - End Of File - - 9E9BF5642B695815AE4B10B54C3798E2

Please post new aswMBR and TDSSKiller logs.

Also see if you can boot to normal mode.

Apologies for the delay. Logs below:

13:13:10.0311 1208 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
13:13:10.0443 1208 ============================================================
13:13:10.0443 1208 Current date / time: 2012/02/26 13:13:10.0443
13:13:10.0443 1208 SystemInfo:
13:13:10.0443 1208
13:13:10.0444 1208 OS Version: 6.0.6002 ServicePack: 2.0
13:13:10.0444 1208 Product type: Workstation
13:13:10.0444 1208 ComputerName: MARK-PC
13:13:10.0444 1208 UserName: Mark
13:13:10.0444 1208 Windows directory: C:\Windows
13:13:10.0444 1208 System windows directory: C:\Windows
13:13:10.0444 1208 Processor architecture: Intel x86
13:13:10.0444 1208 Number of processors: 4
13:13:10.0444 1208 Page size: 0x1000
13:13:10.0444 1208 Boot type: Safe boot with network
13:13:10.0444 1208 ============================================================
13:13:11.0484 1208 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:13:11.0500 1208 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:13:11.0501 1208 \Device\Harddisk0\DR0:
13:13:11.0501 1208 MBR used
13:13:11.0501 1208 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
13:13:11.0501 1208 \Device\Harddisk1\DR1:
13:13:11.0501 1208 MBR used
13:13:11.0501 1208 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
13:13:11.0537 1208 Initialize success
13:13:11.0537 1208 ============================================================
13:13:12.0969 1452 ============================================================
13:13:12.0969 1452 Scan started
13:13:12.0969 1452 Mode: Manual;
13:13:12.0969 1452 ============================================================
13:13:13.0951 1452 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:13:13.0953 1452 ACPI - ok
13:13:14.0028 1452 ADIHdAudAddService (81a61c3fe6f0f8c084c9a80b584cce21) C:\Windows\system32\drivers\ADIHdAud.sys
13:13:14.0030 1452 ADIHdAudAddService - ok
13:13:14.0093 1452 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:13:14.0095 1452 adp94xx - ok
13:13:14.0119 1452 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:13:14.0121 1452 adpahci - ok
13:13:14.0138 1452 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:13:14.0139 1452 adpu160m - ok
13:13:14.0164 1452 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:13:14.0165 1452 adpu320 - ok
13:13:14.0244 1452 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:13:14.0246 1452 AFD - ok
13:13:14.0283 1452 AFGMp50 - ok
13:13:14.0366 1452 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\AFGSp50.sys
13:13:14.0367 1452 AFGSp50 - ok
13:13:14.0419 1452 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
13:13:14.0420 1452 agp440 - ok
13:13:14.0453 1452 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:13:14.0453 1452 aic78xx - ok
13:13:14.0492 1452 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
13:13:14.0492 1452 aliide - ok
13:13:14.0537 1452 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
13:13:14.0538 1452 amdagp - ok
13:13:14.0553 1452 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
13:13:14.0554 1452 amdide - ok
13:13:14.0576 1452 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:13:14.0577 1452 AmdK7 - ok
13:13:14.0627 1452 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
13:13:14.0628 1452 AmdK8 - ok
13:13:14.0676 1452 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:13:14.0677 1452 arc - ok
13:13:14.0725 1452 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:13:14.0725 1452 arcsas - ok
13:13:14.0760 1452 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:13:14.0761 1452 AsyncMac - ok
13:13:14.0794 1452 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:13:14.0794 1452 atapi - ok
13:13:14.0862 1452 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:13:14.0863 1452 Beep - ok
13:13:14.0899 1452 blbdrive - ok
13:13:14.0940 1452 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:13:14.0941 1452 bowser - ok
13:13:14.0982 1452 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:13:14.0982 1452 BrFiltLo - ok
13:13:15.0007 1452 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:13:15.0007 1452 BrFiltUp - ok
13:13:15.0038 1452 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:13:15.0038 1452 Brserid - ok
13:13:15.0061 1452 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:13:15.0062 1452 BrSerWdm - ok
13:13:15.0084 1452 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:13:15.0085 1452 BrUsbMdm - ok
13:13:15.0101 1452 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:13:15.0101 1452 BrUsbSer - ok
13:13:15.0122 1452 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:13:15.0122 1452 BTHMODEM - ok
13:13:15.0206 1452 catchme - ok
13:13:15.0259 1452 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:13:15.0260 1452 cdfs - ok
13:13:15.0307 1452 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:13:15.0308 1452 cdrom - ok
13:13:15.0350 1452 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:13:15.0351 1452 circlass - ok
13:13:15.0397 1452 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:13:15.0399 1452 CLFS - ok
13:13:15.0424 1452 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
13:13:15.0424 1452 cmdide - ok
13:13:15.0446 1452 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
13:13:15.0446 1452 Compbatt - ok
13:13:15.0470 1452 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:13:15.0470 1452 crcdisk - ok
13:13:15.0502 1452 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:13:15.0502 1452 Crusoe - ok
13:13:15.0585 1452 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
13:13:15.0586 1452 DfsC - ok
13:13:15.0667 1452 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:13:15.0667 1452 disk - ok
13:13:15.0760 1452 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
13:13:15.0761 1452 Dot4 - ok
13:13:15.0824 1452 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:13:15.0824 1452 Dot4Print - ok
13:13:15.0858 1452 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
13:13:15.0859 1452 dot4usb - ok
13:13:15.0907 1452 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:13:15.0907 1452 drmkaud - ok
13:13:15.0961 1452 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:13:15.0965 1452 DXGKrnl - ok
13:13:16.0002 1452 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:13:16.0002 1452 E1G60 - ok
13:13:16.0062 1452 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:13:16.0063 1452 Ecache - ok
13:13:16.0116 1452 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:13:16.0118 1452 elxstor - ok
13:13:16.0178 1452 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:13:16.0179 1452 exfat - ok
13:13:16.0226 1452 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:13:16.0227 1452 fastfat - ok
13:13:16.0266 1452 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:13:16.0266 1452 fdc - ok
13:13:16.0326 1452 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:13:16.0327 1452 FileInfo - ok
13:13:16.0380 1452 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:13:16.0381 1452 Filetrace - ok
13:13:16.0407 1452 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:13:16.0407 1452 flpydisk - ok
13:13:16.0464 1452 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:13:16.0465 1452 FltMgr - ok
13:13:16.0510 1452 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:13:16.0510 1452 Fs_Rec - ok
13:13:16.0558 1452 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:13:16.0558 1452 gagp30kx - ok
13:13:16.0660 1452 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:13:16.0661 1452 HdAudAddService - ok
13:13:16.0707 1452 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:13:16.0710 1452 HDAudBus - ok
13:13:16.0733 1452 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:13:16.0733 1452 HidBth - ok
13:13:16.0753 1452 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:13:16.0754 1452 HidIr - ok
13:13:16.0816 1452 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:13:16.0816 1452 HidUsb - ok
13:13:16.0847 1452 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:13:16.0847 1452 HpCISSs - ok
13:13:16.0926 1452 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:13:16.0928 1452 HTTP - ok
13:13:16.0983 1452 hwdatacard (4154079a88089155d10168333b19627f) C:\Windows\system32\DRIVERS\ewusbmdm.sys
13:13:16.0983 1452 hwdatacard - ok
13:13:16.0997 1452 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:13:16.0997 1452 i2omp - ok
13:13:17.0055 1452 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:13:17.0055 1452 i8042prt - ok
13:13:17.0087 1452 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
13:13:17.0089 1452 iaStorV - ok
13:13:17.0112 1452 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:13:17.0112 1452 iirsp - ok
13:13:17.0139 1452 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
13:13:17.0139 1452 intelide - ok
13:13:17.0184 1452 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:13:17.0185 1452 intelppm - ok
13:13:17.0242 1452 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:13:17.0242 1452 IpFilterDriver - ok
13:13:17.0257 1452 IpInIp - ok
13:13:17.0296 1452 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:13:17.0296 1452 IPMIDRV - ok
13:13:17.0337 1452 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:13:17.0338 1452 IPNAT - ok
13:13:17.0373 1452 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:13:17.0373 1452 IRENUM - ok
13:13:17.0398 1452 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
13:13:17.0398 1452 isapnp - ok
13:13:17.0444 1452 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:13:17.0446 1452 iScsiPrt - ok
13:13:17.0470 1452 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:13:17.0470 1452 iteatapi - ok
13:13:17.0511 1452 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:13:17.0511 1452 iteraid - ok
13:13:17.0590 1452 jbridgep - ok
13:13:17.0624 1452 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:13:17.0624 1452 kbdclass - ok
13:13:17.0652 1452 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:13:17.0653 1452 kbdhid - ok
13:13:17.0730 1452 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
13:13:17.0733 1452 KSecDD - ok
13:13:17.0779 1452 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:13:17.0779 1452 lltdio - ok
13:13:17.0819 1452 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:13:17.0820 1452 LSI_FC - ok
13:13:17.0846 1452 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:13:17.0847 1452 LSI_SAS - ok
13:13:17.0874 1452 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:13:17.0874 1452 LSI_SCSI - ok
13:13:17.0915 1452 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:13:17.0916 1452 luafv - ok
13:13:17.0949 1452 massfilter (6490fe1b088c7199a9b6ce0e04a98a8b) C:\Windows\system32\DRIVERS\massfilter.sys
13:13:17.0950 1452 massfilter - ok
13:13:17.0993 1452 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
13:13:17.0993 1452 MBAMProtector - ok
13:13:18.0059 1452 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\Windows\system32\mbmiodrvr.sys
13:13:18.0060 1452 mbmiodrvr - ok
13:13:18.0120 1452 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:13:18.0120 1452 megasas - ok
13:13:18.0151 1452 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:13:18.0151 1452 Modem - ok
13:13:18.0202 1452 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:13:18.0203 1452 monitor - ok
13:13:18.0233 1452 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:13:18.0233 1452 mouclass - ok
13:13:18.0266 1452 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:13:18.0267 1452 mouhid - ok
13:13:18.0290 1452 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:13:18.0291 1452 MountMgr - ok
13:13:18.0338 1452 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:13:18.0339 1452 mpio - ok
13:13:18.0372 1452 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:13:18.0373 1452 mpsdrv - ok
13:13:18.0403 1452 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:13:18.0403 1452 Mraid35x - ok
13:13:18.0456 1452 MRV6X32P (02b74ba962232ea2a1771aa522143eaa) C:\Windows\system32\DRIVERS\MRVW13B.sys
13:13:18.0457 1452 MRV6X32P - ok
13:13:18.0505 1452 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:13:18.0506 1452 MRxDAV - ok
13:13:18.0545 1452 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:13:18.0546 1452 mrxsmb - ok
13:13:18.0596 1452 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:13:18.0597 1452 mrxsmb10 - ok
13:13:18.0618 1452 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:13:18.0618 1452 mrxsmb20 - ok
13:13:18.0648 1452 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
13:13:18.0648 1452 msahci - ok
13:13:18.0673 1452 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:13:18.0674 1452 msdsm - ok
13:13:18.0723 1452 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:13:18.0723 1452 Msfs - ok
13:13:18.0772 1452 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:13:18.0773 1452 msisadrv - ok
13:13:18.0813 1452 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:13:18.0814 1452 MSKSSRV - ok
13:13:18.0858 1452 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:13:18.0858 1452 MSPCLOCK - ok
13:13:18.0892 1452 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:13:18.0892 1452 MSPQM - ok
13:13:18.0920 1452 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:13:18.0921 1452 MsRPC - ok
13:13:18.0961 1452 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:13:18.0962 1452 mssmbios - ok
13:13:19.0003 1452 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:13:19.0003 1452 MSTEE - ok
13:13:19.0034 1452 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
13:13:19.0035 1452 MTsensor - ok
13:13:19.0053 1452 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:13:19.0053 1452 Mup - ok
13:13:19.0101 1452 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:13:19.0102 1452 NativeWifiP - ok
13:13:19.0136 1452 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:13:19.0139 1452 NDIS - ok
13:13:19.0183 1452 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:13:19.0183 1452 NdisTapi - ok
13:13:19.0229 1452 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:13:19.0230 1452 Ndisuio - ok
13:13:19.0261 1452 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:13:19.0262 1452 NdisWan - ok
13:13:19.0302 1452 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:13:19.0303 1452 NDProxy - ok
13:13:19.0388 1452 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:13:19.0388 1452 NetBIOS - ok
13:13:19.0461 1452 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\drivers\netbt.sys
13:13:19.0462 1452 netbt - ok
13:13:19.0511 1452 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:13:19.0511 1452 nfrd960 - ok
13:13:19.0555 1452 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:13:19.0556 1452 Npfs - ok
13:13:19.0595 1452 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:13:19.0595 1452 nsiproxy - ok
13:13:19.0659 1452 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:13:19.0665 1452 Ntfs - ok
13:13:19.0690 1452 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:13:19.0690 1452 ntrigdigi - ok
13:13:19.0758 1452 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
13:13:19.0758 1452 NuidFltr - ok
13:13:19.0796 1452 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:13:19.0796 1452 Null - ok
13:13:19.0870 1452 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
13:13:19.0875 1452 NVENETFD - ok
13:13:20.0148 1452 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:13:20.0204 1452 nvlddmkm - ok
13:13:20.0240 1452 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
13:13:20.0240 1452 nvraid - ok
13:13:20.0284 1452 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
13:13:20.0285 1452 nvstor - ok
13:13:20.0326 1452 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
13:13:20.0327 1452 nvstor32 - ok
13:13:20.0389 1452 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
13:13:20.0390 1452 nv_agp - ok
13:13:20.0403 1452 NwlnkFlt - ok
13:13:20.0416 1452 NwlnkFwd - ok
13:13:20.0471 1452 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:13:20.0472 1452 ohci1394 - ok
13:13:20.0501 1452 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:13:20.0502 1452 Parport - ok
13:13:20.0544 1452 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
13:13:20.0544 1452 partmgr - ok
13:13:20.0571 1452 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:13:20.0571 1452 Parvdm - ok
13:13:20.0602 1452 PCASp50 - ok
13:13:20.0648 1452 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:13:20.0649 1452 pci - ok
13:13:20.0709 1452 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
13:13:20.0710 1452 pciide - ok
13:13:20.0744 1452 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:13:20.0745 1452 pcmcia - ok
13:13:20.0804 1452 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:13:20.0809 1452 PEAUTH - ok
13:13:20.0891 1452 Point32 (5b6f99087cc1342b3d193e8155f26b6f) C:\Windows\system32\DRIVERS\point32k.sys
13:13:20.0891 1452 Point32 - ok
13:13:20.0931 1452 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:13:20.0931 1452 PptpMiniport - ok
13:13:20.0957 1452 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:13:20.0957 1452 Processor - ok
13:13:21.0022 1452 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:13:21.0022 1452 PSched - ok
13:13:21.0089 1452 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:13:21.0094 1452 ql2300 - ok
13:13:21.0123 1452 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:13:21.0124 1452 ql40xx - ok
13:13:21.0165 1452 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:13:21.0165 1452 QWAVEdrv - ok
13:13:21.0216 1452 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:13:21.0217 1452 RasAcd - ok
13:13:21.0253 1452 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:13:21.0254 1452 Rasl2tp - ok
13:13:21.0302 1452 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:13:21.0302 1452 RasPppoe - ok
13:13:21.0327 1452 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:13:21.0327 1452 RasSstp - ok
13:13:21.0378 1452 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:13:21.0380 1452 rdbss - ok
13:13:21.0430 1452 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:13:21.0431 1452 RDPCDD - ok
13:13:21.0479 1452 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
13:13:21.0480 1452 rdpdr - ok
13:13:21.0493 1452 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:13:21.0494 1452 RDPENCDD - ok
13:13:21.0531 1452 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
13:13:21.0532 1452 RDPWD - ok
13:13:21.0576 1452 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:13:21.0576 1452 rspndr - ok
13:13:21.0599 1452 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:13:21.0600 1452 sbp2port - ok
13:13:21.0654 1452 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:13:21.0654 1452 secdrv - ok
13:13:21.0686 1452 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:13:21.0687 1452 Serenum - ok
13:13:21.0713 1452 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:13:21.0714 1452 Serial - ok
13:13:21.0755 1452 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:13:21.0756 1452 sermouse - ok
13:13:21.0783 1452 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
13:13:21.0784 1452 sffdisk - ok
13:13:21.0812 1452 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
13:13:21.0813 1452 sffp_mmc - ok
13:13:21.0835 1452 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
13:13:21.0835 1452 sffp_sd - ok
13:13:21.0860 1452 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:13:21.0861 1452 sfloppy - ok
13:13:21.0895 1452 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
13:13:21.0896 1452 sisagp - ok
13:13:21.0930 1452 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:13:21.0931 1452 SiSRaid2 - ok
13:13:21.0956 1452 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:13:21.0957 1452 SiSRaid4 - ok
13:13:22.0001 1452 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:13:22.0002 1452 Smb - ok
13:13:22.0049 1452 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:13:22.0049 1452 spldr - ok
13:13:22.0100 1452 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
13:13:22.0100 1452 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
13:13:22.0121 1452 sptd ( LockedFile.Multi.Generic ) - warning
13:13:22.0121 1452 sptd - detected LockedFile.Multi.Generic (1)
13:13:22.0162 1452 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:13:22.0164 1452 srv - ok
13:13:22.0208 1452 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:13:22.0209 1452 srv2 - ok
13:13:22.0249 1452 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:13:22.0250 1452 srvnet - ok
13:13:22.0329 1452 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:13:22.0329 1452 swenum - ok
13:13:22.0378 1452 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:13:22.0378 1452 Symc8xx - ok
13:13:22.0404 1452 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:13:22.0405 1452 Sym_hi - ok
13:13:22.0429 1452 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:13:22.0430 1452 Sym_u3 - ok
13:13:22.0487 1452 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
13:13:22.0491 1452 Tcpip - ok
13:13:22.0528 1452 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
13:13:22.0534 1452 Tcpip6 - ok
13:13:22.0576 1452 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:13:22.0576 1452 tcpipreg - ok
13:13:22.0612 1452 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:13:22.0613 1452 TDPIPE - ok
13:13:22.0637 1452 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:13:22.0638 1452 TDTCP - ok
13:13:22.0676 1452 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:13:22.0676 1452 tdx - ok
13:13:22.0719 1452 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:13:22.0720 1452 TermDD - ok
13:13:22.0753 1452 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:13:22.0753 1452 tssecsrv - ok
13:13:22.0818 1452 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:13:22.0819 1452 tunmp - ok
13:13:22.0855 1452 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:13:22.0856 1452 tunnel - ok
13:13:22.0899 1452 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:13:22.0900 1452 uagp35 - ok
13:13:22.0942 1452 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:13:22.0943 1452 udfs - ok
13:13:22.0979 1452 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
13:13:22.0980 1452 uliagpkx - ok
13:13:23.0007 1452 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:13:23.0008 1452 uliahci - ok
13:13:23.0028 1452 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:13:23.0028 1452 UlSata - ok
13:13:23.0049 1452 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:13:23.0050 1452 ulsata2 - ok
13:13:23.0089 1452 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:13:23.0089 1452 umbus - ok
13:13:23.0155 1452 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:13:23.0156 1452 usbccgp - ok
13:13:23.0190 1452 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:13:23.0191 1452 usbcir - ok
13:13:23.0222 1452 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:13:23.0223 1452 usbehci - ok
13:13:23.0266 1452 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:13:23.0267 1452 usbhub - ok
13:13:23.0297 1452 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
13:13:23.0298 1452 usbohci - ok
13:13:23.0318 1452 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:13:23.0319 1452 usbprint - ok
13:13:23.0374 1452 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:13:23.0375 1452 usbscan - ok
13:13:23.0399 1452 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:13:23.0399 1452 USBSTOR - ok
13:13:23.0424 1452 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
13:13:23.0424 1452 usbuhci - ok
13:13:23.0455 1452 USB_RNDIS (830d5d8456b822c1247c1e59b4c464fa) C:\Windows\system32\DRIVERS\usb8023.sys
13:13:23.0456 1452 USB_RNDIS - ok
13:13:23.0499 1452 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:13:23.0499 1452 vga - ok
13:13:23.0539 1452 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:13:23.0540 1452 VgaSave - ok
13:13:23.0568 1452 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
13:13:23.0568 1452 viaagp - ok
13:13:23.0590 1452 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
13:13:23.0591 1452 ViaC7 - ok
13:13:23.0616 1452 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
13:13:23.0616 1452 viaide - ok
13:13:23.0655 1452 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:13:23.0656 1452 volmgr - ok
13:13:23.0705 1452 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:13:23.0707 1452 volmgrx - ok
13:13:23.0748 1452 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:13:23.0749 1452 volsnap - ok
13:13:23.0784 1452 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
13:13:23.0785 1452 vsmraid - ok
13:13:23.0819 1452 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:13:23.0820 1452 WacomPen - ok
13:13:23.0853 1452 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:13:23.0854 1452 Wanarp - ok
13:13:23.0876 1452 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:13:23.0876 1452 Wanarpv6 - ok
13:13:23.0906 1452 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
13:13:23.0907 1452 Wd - ok
13:13:23.0952 1452 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:13:23.0954 1452 Wdf01000 - ok
13:13:24.0045 1452 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
13:13:24.0046 1452 WmiAcpi - ok
13:13:24.0085 1452 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:13:24.0086 1452 WpdUsb - ok
13:13:24.0122 1452 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:13:24.0123 1452 ws2ifsl - ok
13:13:24.0167 1452 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:13:24.0168 1452 WUDFRd - ok
13:13:24.0240 1452 ZTEusbmdm6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
13:13:24.0241 1452 ZTEusbmdm6k - ok
13:13:24.0308 1452 ZTEusbnmea (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
13:13:24.0309 1452 ZTEusbnmea - ok
13:13:24.0363 1452 ZTEusbser6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
13:13:24.0364 1452 ZTEusbser6k - ok
13:13:24.0410 1452 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:13:24.0456 1452 \Device\Harddisk0\DR0 - ok
13:13:24.0467 1452 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
13:13:24.0509 1452 \Device\Harddisk1\DR1 - ok
13:13:24.0511 1452 Boot (0x1200) (0764067473881a4af3236f319ce802b5) \Device\Harddisk0\DR0\Partition0
13:13:24.0512 1452 \Device\Harddisk0\DR0\Partition0 - ok
13:13:24.0514 1452 Boot (0x1200) (21fa605b69522b273bd08e3b52a2ee70) \Device\Harddisk1\DR1\Partition0
13:13:24.0515 1452 \Device\Harddisk1\DR1\Partition0 - ok
13:13:24.0515 1452 ============================================================
13:13:24.0515 1452 Scan finished
13:13:24.0515 1452 ============================================================
13:13:24.0522 0280 Detected object count: 1
13:13:24.0523 0280 Actual detected object count: 1
13:13:31.0238 0280 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:13:31.0238 0280 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-26 13:01:10
-----------------------------
13:01:10.561 OS Version: Windows 6.0.6002 Service Pack 2
13:01:10.561 Number of processors: 4 586 0xF0B
13:01:10.562 ComputerName: MARK-PC UserName: Mark
13:01:11.149 Initialize success
13:05:05.446 AVAST engine defs: 12022602
13:08:29.168 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1
13:08:29.171 Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
13:08:29.173 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005a
13:08:29.176 Disk 1 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 6
13:08:29.207 Disk 0 MBR read successfully
13:08:29.211 Disk 0 MBR scan
13:08:29.216 Disk 0 Windows VISTA default MBR code
13:08:29.220 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 2048
13:08:29.227 Disk 0 scanning sectors +312578048
13:08:29.302 Disk 0 scanning C:\Windows\system32\drivers
13:08:37.702 Service scanning
13:08:50.092 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
13:08:55.321 Modules scanning
13:08:59.436 Disk 0 trace - called modules:
13:08:59.450 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85bcb1f8]<<
13:08:59.466 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a3a2c0]
13:08:59.473 3 CLASSPNP.SYS[8b5aa8b3] -> nt!IofCallDriver -> [0x85c3a598]
13:08:59.480 5 acpi.sys[807bc6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-1[0x85c7b8a0]
13:08:59.487 \Driver\atapi[0x85c3e6e8] -> IRP_MJ_CREATE -> 0x85bcb1f8
13:09:00.459 AVAST engine scan C:\Windows
13:09:02.935 AVAST engine scan C:\Windows\system32
13:11:24.873 AVAST engine scan C:\Windows\system32\drivers
13:11:34.875 AVAST engine scan C:\Users\Mark
13:13:02.760 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
13:13:02.766 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"

The machine has booted normally