A dirty little bug is in my house

Status
Not open for further replies.
Hi mnyyoungs,

Could your repost the log that was created by ComboFix and let me know what remaining issues you are having with your system. :)
 
here it is again

ComboFix 11-11-20.01 - Family 20/11/2011 9:50.10.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2037.1214 [GMT -5:00]
Running from: c:\users\Family\Downloads\ComboFix.exe
Command switches used :: c:\users\Family\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMSysApp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))
.
.
2011-11-20 15:11 . 2011-11-20 15:15 -------- d-----w- c:\users\Family\AppData\Local\temp
2011-11-20 15:11 . 2011-11-20 15:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-17 02:11 . 2008-02-29 08:13 35384 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2011-11-16 15:27 . 2011-11-16 15:27 -------- d-----w- c:\program files\ERUNT
2011-11-12 17:56 . 2011-11-12 17:56 -------- d-----w- c:\program files\ESET
2011-11-09 19:05 . 2011-11-09 19:05 -------- d-----w- c:\users\Family\AppData\Local\WinZip
2011-11-09 19:03 . 2011-11-09 19:04 -------- d-----w- c:\programdata\WinZip
2011-10-31 18:18 . 2011-10-31 18:18 1529728 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2011-10-31 18:13 . 2011-10-31 18:13 145184 ----a-w- c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2011-10-30 14:38 . 2011-10-30 14:38 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-28 08:13 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D208FC11-8E7A-4DE4-917E-F39D40F22D8F}\mpengine.dll
2011-10-25 22:48 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-24 17:56 . 2011-10-24 17:56 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 14:43 . 2009-07-26 02:26 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-25 23:46 . 2008-07-19 16:29 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-30 23:06 . 2011-10-12 15:36 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-12 15:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-12 15:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-12 15:36 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01 . 2011-10-12 15:36 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07 . 2011-10-12 15:36 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-12 15:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-12 15:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 13:30 . 2011-10-12 15:36 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00 . 2008-05-06 03:54 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15 . 2011-10-12 15:35 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-12 15:35 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 16:14 . 2011-10-12 15:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 13:31 . 2011-10-12 15:35 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-24 11:57 . 2011-08-24 11:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-14 18:01 . 2010-10-25 17:37 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2N"="c:\programdata\Clickfree\C2NPlus\reminder\SacReminder.exe" [2011-01-20 870224]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-22 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-26 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-26 129560]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"DLBXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2007-02-22 73728]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
.
c:\users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-10-13 984408]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2011-10-22 611144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 13:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-09-24 09:27 159744 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-20 04:48 342848 ----a-w- c:\users\Family\Program Files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-08-31 21:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-04-16 22:10 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-11-22 12:06 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [x]
R2 gupdate1c9834ebde52a90;Google Update Service (gupdate1c9834ebde52a90);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2008-07-09 47360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2009-02-12 22312]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-28 101720]
S2 CFUACProxy_c2nplus;CFUACProxy_c2nplus;c:\programdata\Clickfree\C2NPlus\UACProxy.exe [2011-10-31 87368]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\Clickfree\C2NPlus\Reminder\SacNetAgent.exe [2011-10-25 157296]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-10-31 18:10]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{1A27E350-4EB9-4A64-8D25-115B91043FBF}.job
- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\85q3ua9k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.sympatico.ca/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e2b35e5&v=7.008.031.001&i=23&tp=ab&iy=b&ychte=ca&lng=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Canadian English Dictionary: en-CA@dictionaries.addons.mozilla.org - %profile%\extensions\en-CA@dictionaries.addons.mozilla.org
FF - Ext: Ancestry.com Advanced Image Viewer: support@ancestry.com - %profile%\extensions\support@ancestry.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
 
Part 2...The system is very slow...other than that...it seems fine! Now you said that the rootkit is "neutralized" does that mean....if it gets wet or eats after midnight it will come back...lol...sorry for th Gremlin's reference...couldn't help it...lol.


**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-20 10:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.kbdclass]
"ImagePath"="\*"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Completion time: 2011-11-20 10:24:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-20 15:24
ComboFix2.txt 2011-11-17 02:38
ComboFix3.txt 2011-11-14 23:46
ComboFix4.txt 2011-11-09 01:02
.
Pre-Run: 53,153,501,184 bytes free
Post-Run: 53,019,660,288 bytes free
.
- - End Of File - - 2863A7BBFF4D39711F1ACCA3D821B1FD
 
Hi mnyyoungs,

LOL!! I just saw that movie the other day. I couldn't believe it when I saw it again!! I remember seeing it in the theater when it first came out. :laugh:

Looks like we have a bad registry key wanting to hang around. Please do the following and then post the logs created by OTM and TDSSKiller.
----------

Please download OTM by OldTimer.
  • Save it to your desktop.
  • Please Right-click and Run as Administrator OTM and then click >> run.
  • Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code: 
:Processes
explorer.exe

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.kbdclass]

:Commands
[purity]
[start explorer]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

--------------

Now run TDSSKiller again and post the new log that is created.
 
Log 1...

========== PROCESSES ==========
Process explorer.exe killed successfully!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.kbdclass\ deleted successfully.
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.19.0 log created on 11202011_164146
 
log 2....

17:01:17.0669 0680 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
17:01:18.0075 0680 ============================================================
17:01:18.0075 0680 Current date / time: 2011/11/20 17:01:18.0075
17:01:18.0075 0680 SystemInfo:
17:01:18.0075 0680
17:01:18.0091 0680 OS Version: 6.0.6002 ServicePack: 2.0
17:01:18.0091 0680 Product type: Workstation
17:01:18.0091 0680 ComputerName: FAMILY-PC
17:01:18.0091 0680 UserName: Family
17:01:18.0091 0680 Windows directory: C:\Windows
17:01:18.0091 0680 System windows directory: C:\Windows
17:01:18.0091 0680 Processor architecture: Intel x86
17:01:18.0091 0680 Number of processors: 2
17:01:18.0091 0680 Page size: 0x1000
17:01:18.0091 0680 Boot type: Normal boot
17:01:18.0091 0680 ============================================================
17:01:20.0462 0680 Initialize success
17:01:34.0096 0968 ============================================================
17:01:34.0096 0968 Scan started
17:01:34.0096 0968 Mode: Manual;
17:01:34.0096 0968 ============================================================
17:01:34.0876 0968 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:01:34.0876 0968 ACPI - ok
17:01:35.0001 0968 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:01:35.0017 0968 adp94xx - ok
17:01:35.0126 0968 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:01:35.0126 0968 adpahci - ok
17:01:35.0173 0968 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:01:35.0173 0968 adpu160m - ok
17:01:35.0219 0968 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:01:35.0235 0968 adpu320 - ok
17:01:35.0344 0968 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:01:35.0344 0968 AFD - ok
17:01:35.0485 0968 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
17:01:35.0485 0968 agp440 - ok
17:01:35.0531 0968 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:01:35.0531 0968 aic78xx - ok
17:01:35.0594 0968 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
17:01:35.0594 0968 aliide - ok
17:01:35.0625 0968 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
17:01:35.0641 0968 amdagp - ok
17:01:35.0719 0968 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
17:01:35.0719 0968 amdide - ok
17:01:35.0828 0968 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:01:35.0828 0968 AmdK7 - ok
17:01:35.0875 0968 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
17:01:35.0875 0968 AmdK8 - ok
17:01:35.0999 0968 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
17:01:35.0999 0968 ApfiltrService - ok
17:01:36.0187 0968 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:01:36.0187 0968 arc - ok
17:01:36.0296 0968 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:01:36.0296 0968 arcsas - ok
17:01:36.0389 0968 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:01:36.0389 0968 AsyncMac - ok
17:01:36.0452 0968 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:01:36.0452 0968 atapi - ok
17:01:36.0623 0968 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:01:36.0623 0968 b57nd60x - ok
17:01:36.0717 0968 BCM43XX (559db7c7d958c6262cc3efee4ad95cce) C:\Windows\system32\DRIVERS\bcmwl6.sys
17:01:36.0748 0968 BCM43XX - ok
17:01:36.0842 0968 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:01:36.0842 0968 Beep - ok
17:01:36.0951 0968 blbdrive - ok
17:01:37.0013 0968 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:01:37.0029 0968 bowser - ok
17:01:37.0107 0968 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:01:37.0107 0968 BrFiltLo - ok
17:01:37.0138 0968 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:01:37.0154 0968 BrFiltUp - ok
17:01:37.0263 0968 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:01:37.0263 0968 Brserid - ok
17:01:37.0310 0968 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:01:37.0310 0968 BrSerWdm - ok
17:01:37.0357 0968 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:01:37.0357 0968 BrUsbMdm - ok
17:01:37.0403 0968 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:01:37.0403 0968 BrUsbSer - ok
17:01:37.0466 0968 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:01:37.0481 0968 BTHMODEM - ok
17:01:37.0653 0968 catchme - ok
17:01:37.0778 0968 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:01:37.0778 0968 cdfs - ok
17:01:37.0856 0968 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
17:01:37.0856 0968 cdrom - ok
17:01:37.0949 0968 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
17:01:37.0949 0968 circlass - ok
17:01:38.0012 0968 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:01:38.0027 0968 CLFS - ok
17:01:38.0199 0968 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:01:38.0199 0968 CmBatt - ok
17:01:38.0261 0968 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
17:01:38.0261 0968 cmdide - ok
17:01:38.0308 0968 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:01:38.0308 0968 Compbatt - ok
17:01:38.0355 0968 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:01:38.0355 0968 crcdisk - ok
17:01:38.0433 0968 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:01:38.0449 0968 Crusoe - ok
17:01:38.0636 0968 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:01:38.0636 0968 DfsC - ok
17:01:38.0792 0968 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:01:38.0792 0968 disk - ok
17:01:38.0901 0968 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:01:38.0901 0968 drmkaud - ok
17:01:38.0995 0968 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
17:01:38.0995 0968 DSproct - ok
17:01:39.0073 0968 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
17:01:39.0073 0968 dsunidrv - ok
17:01:39.0166 0968 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:01:39.0197 0968 DXGKrnl - ok
17:01:39.0275 0968 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
17:01:39.0275 0968 e1express - ok
17:01:39.0463 0968 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:01:39.0463 0968 E1G60 - ok
17:01:39.0556 0968 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:01:39.0556 0968 Ecache - ok
17:01:39.0681 0968 ElRawDisk (b8eac99b14772bdc36ca963aed109fa2) C:\Windows\system32\drivers\rsdrv.sys
17:01:39.0697 0968 ElRawDisk - ok
17:01:39.0790 0968 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:01:39.0790 0968 elxstor - ok
17:01:39.0946 0968 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:01:39.0962 0968 exfat - ok
17:01:40.0055 0968 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:01:40.0055 0968 fastfat - ok
17:01:40.0180 0968 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
17:01:40.0180 0968 fdc - ok
17:01:40.0258 0968 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:01:40.0258 0968 FileInfo - ok
17:01:40.0321 0968 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:01:40.0336 0968 Filetrace - ok
17:01:40.0367 0968 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
17:01:40.0383 0968 flpydisk - ok
17:01:40.0477 0968 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:01:40.0477 0968 FltMgr - ok
17:01:40.0695 0968 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
17:01:40.0695 0968 fssfltr - ok
17:01:40.0820 0968 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:01:40.0820 0968 Fs_Rec - ok
17:01:40.0898 0968 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\Windows\system32\drivers\ftdibus.sys
17:01:40.0898 0968 FTDIBUS - ok
17:01:40.0991 0968 FTSER2K (23220a4709cc5785f9633ba71416145c) C:\Windows\system32\drivers\ftser2k.sys
17:01:40.0991 0968 FTSER2K - ok
17:01:41.0054 0968 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:01:41.0054 0968 gagp30kx - ok
17:01:41.0085 0968 GEARAspiWDM - ok
17:01:41.0288 0968 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:01:41.0303 0968 HDAudBus - ok
17:01:41.0350 0968 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:01:41.0350 0968 HidBth - ok
17:01:41.0413 0968 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:01:41.0413 0968 HidIr - ok
17:01:41.0475 0968 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:01:41.0475 0968 HidUsb - ok
17:01:41.0569 0968 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:01:41.0569 0968 HpCISSs - ok
17:01:41.0693 0968 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:01:41.0740 0968 HSF_DPV - ok
17:01:41.0803 0968 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:01:41.0803 0968 HSXHWAZL - ok
17:01:41.0896 0968 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:01:41.0927 0968 HTTP - ok
17:01:42.0037 0968 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:01:42.0037 0968 i2omp - ok
17:01:42.0161 0968 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:01:42.0161 0968 i8042prt - ok
17:01:42.0239 0968 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
17:01:42.0239 0968 iaStor - ok
17:01:42.0364 0968 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:01:42.0364 0968 iaStorV - ok
17:01:42.0505 0968 igfx (bbace0293b73bf8c7cb591f2d06f26fa) C:\Windows\system32\DRIVERS\igdkmd32.sys
17:01:42.0536 0968 igfx - ok
17:01:42.0567 0968 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:01:42.0567 0968 iirsp - ok
17:01:42.0707 0968 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
17:01:42.0723 0968 intelide - ok
17:01:42.0785 0968 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:01:42.0785 0968 intelppm - ok
17:01:42.0879 0968 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:01:42.0879 0968 IpFilterDriver - ok
17:01:42.0941 0968 IpInIp - ok
17:01:43.0035 0968 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:01:43.0051 0968 IPMIDRV - ok
17:01:43.0113 0968 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:01:43.0129 0968 IPNAT - ok
17:01:43.0191 0968 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:01:43.0207 0968 IRENUM - ok
17:01:43.0347 0968 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
17:01:43.0347 0968 isapnp - ok
17:01:43.0441 0968 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:01:43.0441 0968 iScsiPrt - ok
17:01:43.0487 0968 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:01:43.0487 0968 iteatapi - ok
17:01:43.0628 0968 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:01:43.0628 0968 iteraid - ok
17:01:43.0737 0968 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
17:01:43.0737 0968 kbdclass - ok
17:01:43.0846 0968 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:01:43.0846 0968 kbdhid - ok
17:01:43.0955 0968 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
17:01:43.0971 0968 KSecDD - ok
17:01:44.0096 0968 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
17:01:44.0096 0968 Lbd - ok
17:01:44.0205 0968 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:01:44.0205 0968 lltdio - ok
17:01:44.0299 0968 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:01:44.0299 0968 LSI_FC - ok
17:01:44.0377 0968 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:01:44.0377 0968 LSI_SAS - ok
17:01:44.0439 0968 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:01:44.0455 0968 LSI_SCSI - ok
17:01:44.0517 0968 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:01:44.0517 0968 luafv - ok
17:01:44.0611 0968 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
17:01:44.0611 0968 LVPr2Mon - ok
17:01:44.0735 0968 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys
17:01:44.0751 0968 LVRS - ok
17:01:45.0110 0968 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
17:01:45.0219 0968 LVUVC - ok
17:01:45.0344 0968 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:01:45.0344 0968 mdmxsdk - ok
17:01:45.0437 0968 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:01:45.0437 0968 megasas - ok
17:01:45.0500 0968 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:01:45.0500 0968 Modem - ok
17:01:45.0593 0968 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:01:45.0593 0968 monitor - ok
17:01:45.0656 0968 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:01:45.0656 0968 mouclass - ok
17:01:45.0749 0968 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:01:45.0749 0968 mouhid - ok
17:01:45.0812 0968 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:01:45.0812 0968 MountMgr - ok
17:01:45.0905 0968 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:01:45.0905 0968 mpio - ok
17:01:45.0968 0968 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:01:45.0983 0968 mpsdrv - ok
17:01:46.0093 0968 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:01:46.0093 0968 Mraid35x - ok
17:01:46.0217 0968 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
17:01:46.0217 0968 MREMP50 - ok
17:01:46.0264 0968 MREMP50a64 - ok
17:01:46.0342 0968 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
17:01:46.0342 0968 MRESP50 - ok
17:01:46.0420 0968 MRESP50a64 - ok
17:01:46.0514 0968 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:01:46.0514 0968 MRxDAV - ok
17:01:46.0561 0968 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:01:46.0576 0968 mrxsmb - ok
17:01:46.0748 0968 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:01:46.0763 0968 mrxsmb10 - ok
17:01:46.0857 0968 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:01:46.0857 0968 mrxsmb20 - ok
17:01:46.0919 0968 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
17:01:46.0919 0968 msahci - ok
17:01:46.0966 0968 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:01:46.0966 0968 msdsm - ok
17:01:47.0075 0968 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:01:47.0075 0968 Msfs - ok
17:01:47.0185 0968 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:01:47.0185 0968 msisadrv - ok
17:01:47.0294 0968 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:01:47.0294 0968 MSKSSRV - ok
17:01:47.0325 0968 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:01:47.0341 0968 MSPCLOCK - ok
17:01:47.0387 0968 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:01:47.0387 0968 MSPQM - ok
17:01:47.0465 0968 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:01:47.0465 0968 MsRPC - ok
17:01:47.0575 0968 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:01:47.0575 0968 mssmbios - ok
17:01:47.0668 0968 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:01:47.0668 0968 MSTEE - ok
17:01:47.0731 0968 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:01:47.0731 0968 Mup - ok
17:01:47.0887 0968 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:01:47.0887 0968 NativeWifiP - ok
17:01:47.0980 0968 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:01:47.0996 0968 NDIS - ok
17:01:48.0074 0968 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:01:48.0074 0968 NdisTapi - ok
17:01:48.0183 0968 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:01:48.0183 0968 Ndisuio - ok
17:01:48.0230 0968 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:01:48.0230 0968 NdisWan - ok
17:01:48.0308 0968 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:01:48.0308 0968 NDProxy - ok
17:01:48.0370 0968 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:01:48.0370 0968 NetBIOS - ok
17:01:48.0495 0968 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:01:48.0511 0968 netbt - ok
17:01:48.0604 0968 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:01:48.0604 0968 nfrd960 - ok
17:01:48.0682 0968 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:01:48.0682 0968 Npfs - ok
17:01:48.0745 0968 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:01:48.0760 0968 nsiproxy - ok
17:01:48.0932 0968 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:01:49.0025 0968 Ntfs - ok
17:01:49.0213 0968 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:01:49.0213 0968 ntrigdigi - ok
17:01:49.0400 0968 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:01:49.0400 0968 Null - ok
17:01:49.0447 0968 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
17:01:49.0447 0968 nvraid - ok
17:01:49.0493 0968 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
17:01:49.0493 0968 nvstor - ok
17:01:49.0618 0968 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
17:01:49.0618 0968 nv_agp - ok
17:01:49.0649 0968 NwlnkFlt - ok
17:01:49.0727 0968 NwlnkFwd - ok
17:01:49.0821 0968 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:01:49.0821 0968 ohci1394 - ok
17:01:49.0899 0968 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:01:49.0899 0968 Parport - ok
17:01:49.0946 0968 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:01:49.0961 0968 partmgr - ok
17:01:50.0008 0968 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:01:50.0008 0968 Parvdm - ok
17:01:50.0117 0968 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:01:50.0117 0968 pci - ok
17:01:50.0164 0968 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:01:50.0164 0968 pciide - ok
17:01:50.0227 0968 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:01:50.0242 0968 pcmcia - ok
17:01:50.0320 0968 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
17:01:50.0320 0968 pcouffin - ok
17:01:50.0461 0968 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:01:50.0492 0968 PEAUTH - ok
17:01:50.0648 0968 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:01:50.0648 0968 PptpMiniport - ok
17:01:50.0710 0968 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:01:50.0710 0968 Processor - ok
17:01:50.0804 0968 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:01:50.0819 0968 PSched - ok
17:01:50.0944 0968 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
17:01:50.0944 0968 PxHelp20 - ok
17:01:51.0116 0968 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:01:51.0163 0968 ql2300 - ok
17:01:51.0256 0968 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:01:51.0256 0968 ql40xx - ok
17:01:51.0334 0968 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:01:51.0334 0968 QWAVEdrv - ok
17:01:51.0475 0968 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
17:01:51.0537 0968 R300 - ok
17:01:51.0631 0968 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:01:51.0631 0968 RasAcd - ok
17:01:51.0740 0968 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:01:51.0740 0968 Rasl2tp - ok
17:01:51.0802 0968 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:01:51.0802 0968 RasPppoe - ok
17:01:51.0865 0968 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:01:51.0865 0968 RasSstp - ok
17:01:51.0927 0968 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:01:51.0943 0968 rdbss - ok
17:01:52.0083 0968 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:01:52.0083 0968 RDPCDD - ok
17:01:52.0161 0968 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
17:01:52.0161 0968 rdpdr - ok
17:01:52.0223 0968 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:01:52.0223 0968 RDPENCDD - ok
17:01:52.0286 0968 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
17:01:52.0301 0968 RDPWD - ok
17:01:52.0411 0968 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
17:01:52.0411 0968 rimmptsk - ok
17:01:52.0504 0968 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
17:01:52.0504 0968 rimsptsk - ok
17:01:52.0535 0968 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
17:01:52.0535 0968 rismxdp - ok
17:01:52.0660 0968 RPSKT - ok
17:01:52.0754 0968 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:01:52.0785 0968 rspndr - ok
17:01:52.0863 0968 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:01:52.0863 0968 sbp2port - ok
17:01:52.0988 0968 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\Windows\system32\drivers\SBREdrv.sys
17:01:52.0988 0968 SBRE - ok
17:01:53.0097 0968 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
17:01:53.0097 0968 sdbus - ok
17:01:53.0159 0968 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:01:53.0159 0968 secdrv - ok
17:01:53.0269 0968 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
17:01:53.0269 0968 Serenum - ok
17:01:53.0315 0968 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:01:53.0315 0968 Serial - ok
17:01:53.0393 0968 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:01:53.0393 0968 sermouse - ok
17:01:53.0487 0968 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
17:01:53.0487 0968 sffdisk - ok
17:01:53.0549 0968 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
17:01:53.0549 0968 sffp_mmc - ok
17:01:53.0659 0968 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:01:53.0659 0968 sffp_sd - ok
17:01:53.0705 0968 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:01:53.0721 0968 sfloppy - ok
17:01:53.0783 0968 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
17:01:53.0783 0968 sisagp - ok
17:01:53.0861 0968 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:01:53.0861 0968 SiSRaid2 - ok
17:01:53.0986 0968 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:01:53.0986 0968 SiSRaid4 - ok
17:01:54.0142 0968 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:01:54.0142 0968 Smb - ok
17:01:54.0236 0968 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:01:54.0251 0968 spldr - ok
17:01:54.0376 0968 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:01:54.0376 0968 srv - ok
17:01:54.0470 0968 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:01:54.0485 0968 srv2 - ok
17:01:54.0532 0968 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:01:54.0532 0968 srvnet - ok
17:01:54.0626 0968 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
17:01:54.0626 0968 sscdbus - ok
17:01:54.0751 0968 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
17:01:54.0751 0968 sscdmdfl - ok
17:01:54.0797 0968 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
17:01:54.0797 0968 sscdmdm - ok
17:01:54.0860 0968 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
17:01:54.0860 0968 sscdserd - ok
17:01:54.0985 0968 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys
17:01:54.0985 0968 STHDA - ok
17:01:55.0094 0968 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:01:55.0094 0968 swenum - ok
17:01:55.0172 0968 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:01:55.0172 0968 Symc8xx - ok
17:01:55.0219 0968 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:01:55.0219 0968 Sym_hi - ok
17:01:55.0265 0968 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:01:55.0265 0968 Sym_u3 - ok
17:01:55.0375 0968 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
17:01:55.0406 0968 Tcpip - ok
17:01:55.0562 0968 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
17:01:55.0577 0968 Tcpip6 - ok
17:01:55.0671 0968 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:01:55.0687 0968 tcpipreg - ok
17:01:55.0780 0968 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:01:55.0796 0968 TDPIPE - ok
17:01:55.0936 0968 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:01:55.0936 0968 TDTCP - ok
17:01:56.0045 0968 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:01:56.0045 0968 tdx - ok
17:01:56.0108 0968 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:01:56.0108 0968 TermDD - ok
17:01:56.0217 0968 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:01:56.0217 0968 tssecsrv - ok
17:01:56.0295 0968 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:01:56.0311 0968 tunmp - ok
17:01:56.0404 0968 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:01:56.0404 0968 tunnel - ok
17:01:56.0467 0968 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
17:01:56.0467 0968 uagp35 - ok
17:01:56.0529 0968 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:01:56.0545 0968 udfs - ok
17:01:56.0591 0968 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
17:01:56.0607 0968 uliagpkx - ok
17:01:56.0654 0968 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:01:56.0669 0968 uliahci - ok
17:01:56.0810 0968 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:01:56.0810 0968 UlSata - ok
17:01:56.0872 0968 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:01:56.0872 0968 ulsata2 - ok
17:01:56.0935 0968 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:01:56.0935 0968 umbus - ok
17:01:57.0075 0968 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
17:01:57.0075 0968 USBAAPL - ok
17:01:57.0200 0968 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
17:01:57.0200 0968 usbaudio - ok
17:01:57.0262 0968 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:01:57.0278 0968 usbccgp - ok
17:01:57.0325 0968 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:01:57.0340 0968 usbcir - ok
17:01:57.0403 0968 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:01:57.0418 0968 usbehci - ok
17:01:57.0496 0968 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:01:57.0496 0968 usbhub - ok
17:01:57.0543 0968 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:01:57.0543 0968 usbohci - ok
17:01:57.0590 0968 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:01:57.0605 0968 usbprint - ok
17:01:57.0715 0968 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:01:57.0715 0968 usbscan - ok
17:01:57.0808 0968 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:01:57.0824 0968 USBSTOR - ok
17:01:57.0871 0968 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:01:57.0886 0968 usbuhci - ok
17:01:57.0949 0968 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
17:01:57.0949 0968 usbvideo - ok
17:01:58.0042 0968 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
17:01:58.0042 0968 usb_rndisx - ok
17:01:58.0151 0968 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
17:01:58.0151 0968 vga - ok
17:01:58.0214 0968 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:01:58.0214 0968 VgaSave - ok
17:01:58.0261 0968 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
17:01:58.0261 0968 viaagp - ok
17:01:58.0307 0968 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:01:58.0307 0968 ViaC7 - ok
17:01:58.0370 0968 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
17:01:58.0370 0968 viaide - ok
17:01:58.0495 0968 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:01:58.0495 0968 volmgr - ok
17:01:58.0541 0968 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:01:58.0557 0968 volmgrx - ok
17:01:58.0635 0968 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:01:58.0651 0968 volsnap - ok
17:01:58.0713 0968 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:01:58.0713 0968 vsmraid - ok
17:01:58.0822 0968 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:01:58.0822 0968 WacomPen - ok
17:01:58.0885 0968 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:01:58.0885 0968 Wanarp - ok
17:01:58.0900 0968 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:01:58.0916 0968 Wanarpv6 - ok
17:01:58.0978 0968 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
17:01:58.0978 0968 Wd - ok
17:01:59.0056 0968 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:01:59.0087 0968 Wdf01000 - ok
17:01:59.0243 0968 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:01:59.0275 0968 winachsf - ok
17:01:59.0431 0968 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:01:59.0431 0968 WmiAcpi - ok
17:01:59.0524 0968 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:01:59.0524 0968 WpdUsb - ok
17:01:59.0649 0968 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:01:59.0649 0968 ws2ifsl - ok
17:01:59.0774 0968 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:01:59.0774 0968 WUDFRd - ok
17:01:59.0836 0968 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
17:01:59.0836 0968 XAudio - ok
17:01:59.0914 0968 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:01:59.0945 0968 \Device\Harddisk0\DR0 - ok
17:01:59.0977 0968 Boot (0x1200) (b36b2b1cf28f89c9eb2043708663ea66) \Device\Harddisk0\DR0\Partition0
17:01:59.0977 0968 \Device\Harddisk0\DR0\Partition0 - ok
17:01:59.0977 0968 Boot (0x1200) (bf8884cc45984339a36a4361ad4c2dbd) \Device\Harddisk0\DR0\Partition1
17:01:59.0977 0968 \Device\Harddisk0\DR0\Partition1 - ok
17:01:59.0992 0968 ============================================================
17:01:59.0992 0968 Scan finished
17:01:59.0992 0968 ============================================================
17:02:00.0008 3352 Detected object count: 0
17:02:00.0008 3352 Actual detected object count: 0
 
Update, Jeff...I've tried to run updates for Windows and get errors..when I troubleshoot this one of the suggestions MS gives is a check disk may correct the problem...however, I cannot get check disk to run at boot up. I don't want to go messing with things, in the event they are critical to your side of the nasty little carcase we'll call rootkit..lol
 
Hi mnyyoungs,

I really think that we are making headway with this. Outside of the chkdsk message you got how is your system running now?

-----------
 
so far so good...it seems...just minorly fiddling until I get the go ahead from you to install new virus/malware/spyware tools..etc...and clean up from our work together. :)
 
Hi mnyyoungs,

Lets keep our fingers crossed. :fear:
------------


I see that you have Malwarebytes on your system. Please open Malwarebytes, update it and then run a Quick Scan. Please save the log that is created for your next reply.
----------

Now please run DDS once more so we can get a last look.
 
Malware Bytes log...

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8206

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

21/11/2011 9:37:31 AM
mbam-log-2011-11-21 (09-37-31).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 295715
Time elapsed: 2 hour(s), 5 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\tdsskiller_quarantine\30.10.2011_10.36.17\pmax0000\svc0000\tsk0000.dta (Backdoor.0Access) -> Quarantined and deleted successfully.
 
...and tadaaaa DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_22
Run by Family at 9:50:41 on 2011-11-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2037.1146 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\ProgramData\Clickfree\C2NPlus\UACProxy.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\ProgramData\Clickfree\C2NPlus\Reminder\SacReminder.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - McAfee Phishing Filter
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [SacReminderHDDV2N] c:\programdata\clickfree\c2nplus\reminder\SacReminder.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [DLBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBXtime.dll,_RunDLLEntry@16
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\family\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableStartupSound = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{764E5182-D195-4A9C-8CDE-86780F3355D6} : DhcpNameServer = 192.168.2.1
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\family\appdata\roaming\mozilla\firefox\profiles\85q3ua9k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.sympatico.ca/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e2b35e5&v=7.008.031.001&i=23&tp=ab&iy=b&ychte=ca&lng=en-GB&q=
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\family\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\family\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\family\appdata\roaming\mozilla\firefox\profiles\85q3ua9k.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\users\family\program files\dna\plugins\npbtdna.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Canadian English Dictionary: en-CA@dictionaries.addons.mozilla.org - %profile%\extensions\en-CA@dictionaries.addons.mozilla.org
FF - Ext: Ancestry.com Advanced Image Viewer: support@ancestry.com - %profile%\extensions\support@ancestry.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-5 64288]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2010-11-27 22312]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-12-5 101720]
R2 CFUACProxy_c2nplus;CFUACProxy_c2nplus;c:\programdata\clickfree\c2nplus\UACProxy.exe [2011-10-31 87368]
R2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\clickfree\c2nplus\reminder\SacNetAgent.exe [2011-4-3 157296]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-31 1153368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-11-22 179712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\cshelper.exe --> c:\windows\system32\CSHelper.exe [?]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-30 21504]
S2 gupdate1c9834ebde52a90;Google Update Service (gupdate1c9834ebde52a90);c:\program files\google\update\googleupdate.exe /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-17 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-11-22 73728]
.
=============== Created Last 30 ================
.
2011-11-21 14:49:05 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d208fc11-8e7a-4de4-917e-f39d40f22d8f}\offreg.dll
2011-11-21 11:48:16 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-21 11:48:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-20 21:41:46 -------- d-----w- C:\_OTM
2011-11-20 15:24:35 -------- d-----w- c:\users\family\appdata\local\temp
2011-11-20 15:22:35 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-20 14:46:48 98816 ----a-w- c:\windows\sed.exe
2011-11-20 14:46:48 518144 ----a-w- c:\windows\SWREG.exe
2011-11-20 14:46:48 256000 ----a-w- c:\windows\PEV.exe
2011-11-20 14:46:48 208896 ----a-w- c:\windows\MBR.exe
2011-11-20 14:46:36 -------- d-----w- C:\ComboFix
2011-11-17 02:11:42 35384 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2011-11-14 22:57:57 4293777 ------r- C:\ComboFix.exe
2011-11-12 17:56:56 -------- d-----w- c:\program files\ESET
2011-11-09 19:05:01 -------- d-----w- c:\users\family\appdata\local\WinZip
2011-10-31 18:18:20 1529728 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE
2011-10-31 18:13:51 145184 ----a-w- c:\program files\common files\microsoft shared\source engine\OSE.EXE
2011-10-30 14:38:20 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-28 08:13:47 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d208fc11-8e7a-4de4-917e-f39d40f22d8f}\mpengine.dll
2011-10-25 22:48:06 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-10-24 17:56:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
==================== Find3M ====================
.
2011-10-30 14:43:29 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-24 11:57:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 9:57:43.36 ===============
 
and DDS

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 22/11/2007 6:44:16 AM
System Uptime: 21/11/2011 9:48:24 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0DT492
Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz | Microprocessor | 1467/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 99 GiB total, 49.597 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.033 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 8.2.0
Adobe Shockwave Player 11.5
AnswerWorks 5.0 English Runtime
ArtistScope Plugin IE
Bonjour
Browser Address Error Redirector
Computrace
Conexant HDA D330 MDC V.92 Modem
Dell Driver Download Manager
Dell Driver Download Manager - 1
Dell Touchpad
DellSupport
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DNA
ERUNT 1.1j
ESET Online Scanner v3
Eusing Free Registry Cleaner
Facebook Plug-In
Google Chrome
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Internet Check-Up
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 7
Junk Mail filter update
Logitech Vid HD
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware version 1.51.2.1300
Malwarebytes' RogueRemover
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6.24)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML4SP2
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
Personal Ancestral File 5
QuickBooks
QuickBooks Pro 2011
Quicken 2009
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
RPS CRT
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 4.2
Soap 3.0 Toolkit
Sonic Activation Module
Spybot - Search & Destroy
SupportSoft Assisted Service
System Requirements Lab
Taxman 2004 Version 1.1
Taxman 2005 Upgrade 1.2
Taxman 2006 Upgrade 1.3
Taxman 2007 Upgrade 1.6
Taxman 2008 Upgrade 1.5
Taxman 2009 Version 1.3
Taxman 2010 Upgrade 1.0
UFile 2007
UFile 2008
UFile 2009
UFile 2010
UFile Updater 2007
UFile Updater 2008
UFile Updater 2009
UFile Updater 2010
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User's Guides
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player 0.9.9
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinZip 16.0
.
==== Event Viewer Messages From Past Week ========
.
21/11/2011 9:51:13 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate1c9834ebde52a90) service failed to start due to the following error: The system cannot find the file specified.
21/11/2011 9:49:10 AM, Error: Service Control Manager [7000] - The SigmaTel Audio Service service failed to start due to the following error: The system cannot find the file specified.
21/11/2011 9:49:10 AM, Error: Service Control Manager [7000] - The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.
21/11/2011 9:49:10 AM, Error: Service Control Manager [7000] - The dlbx_device service failed to start due to the following error: The system cannot find the file specified.
21/11/2011 9:49:10 AM, Error: Service Control Manager [7000] - The CopySafe Helper Service service failed to start due to the following error: The system cannot find the file specified.
20/11/2011 6:44:42 AM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
20/11/2011 6:44:33 AM, Error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
20/11/2011 6:44:30 AM, Error: Service Control Manager [7034] - The SacNetAgentService_C57C4F854F53 service terminated unexpectedly. It has done this 1 time(s).
20/11/2011 6:44:30 AM, Error: Service Control Manager [7034] - The CFUACProxy_c2nplus service terminated unexpectedly. It has done this 1 time(s).
20/11/2011 5:36:08 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Samsung ML-2010 Series with shared resource name Samsung ML-2010 Series. Error 2114. The printer cannot be used by others on the network.
20/11/2011 3:08:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Windows Internet Explorer 9 for Windows Vista.
20/11/2011 10:11:32 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
16/11/2011 9:43:56 PM, Error: Service Control Manager [7038] - The FontCache service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: A system shutdown is in progress. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
16/11/2011 9:43:56 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not start due to a logon failure.
.
==== End Of File ===========================
 
ooops sorry for the DDS twice...a couple quirky things but I'm hoping that updating windows sorts that out...Malwarebytes wouldn't run for me earlier, so I had to uninstall and reinstall...but I imagine that things like that will happen since the infection was deep....what are your thoughts/suggestions/next step(s)?
 
Hi mnyyoungs,

It looks like one of our tools worked a little too hard. :)

Please navigate to C:\QooBox and post the contents of ComboFix-quarantined-files.txt.

Thank you.
 
WOW...if this means something to you, then you are more my hero than you were a few minutes ago!!!

2011-11-20 15:02:51 . 2011-11-20 15:02:51 4,464 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_COMSysApp.reg.dat
2011-11-17 02:35:36 . 2011-11-17 02:35:36 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2011-11-17 02:35:34 . 2011-11-17 02:35:34 132 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2011-11-14 23:16:45 . 2011-11-20 14:49:46 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2011-11-09 01:00:22 . 2011-11-09 01:00:22 580 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Powerful Employment Policies.reg.dat
2011-11-09 00:58:43 . 2011-11-09 00:58:43 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368}.reg.dat
2011-11-09 00:45:42 . 2011-11-20 15:02:09 7,213 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-11-09 00:28:00 . 2011-11-20 14:49:45 350 ----a-w- C:\Qoobox\Quarantine\catchme.log
 
WOW...if this means something to you, then you are more my hero than you were a few minutes ago!!!
Click to expand...
LOL!! Your my hero for sticking through all of this!!

------------------

Qoobox is the backup folder for items removed by combofix. it usually is removed when combofix is removed in the proper manner.

Please navigate to this file:

C:\Qoobox\Quarantine\Registry_backups\Service_COMSysApp.reg.dat
  • Right click it and click rename
  • Remove the .dat file extension so the file now looks like this:

C:\Qoobox\Quarantine\Registry_backups\Service_COMSysApp.reg
  • Left click on a blank spot near the filename and make sure it looks like the above
  • Right click the file and click merge
  • Accept any warnings

Let me know if it was successful.
 
aweeee gorsh..thank you...it's been educational, to say the least!

Ok..this reg.dat file is showing it is a dat file, but the name is only .reg. However when I look at it in properties, it is reg.dat. Does that make sense...not sure what you would like me to do.


file name - Service_COMSysApp.reg

:-s
 
Click start > run (you can use the search box also) . Copy and paste the following line in the box and click ok.

regedit /e "%userprofile%\desktop\lookCOM.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COMSysApp"

Don't miss the quote mark at the end,

You will now have a notepad on your desktop named lookcom.txt. Please post it's contents.
 
Status
Not open for further replies.
Back
Top