A dirty little bug is in my house

Status
Not open for further replies.

mnyyoungs

New member
Hi All! I've something that an antibiotic won't do anything for. I'd love some help. I've read through and am pretty sure I've followed all the steps correctly. I have a slightly above average understanding of pc's but am by no means an xpert and these logs, mean very little to me. As such, I don't want to break my life-line, my best buddy, my co-hort in the outside world! ;). I ran the ERU last night but have the laptop continuously crashing...might have to give you the logs in additional posts.....

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_22
Run by Family at 14:16:54 on 2011-10-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2037.764 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\2129821162:360844673.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\ProgramData\Clickfree\C2NPlus\UACProxy.exe
C:\Windows\system32\CSHelper.exe
C:\Windows\system32\dlbxcoms.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\WerFault.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\ProgramData\Clickfree\C2NPlus\Reminder\SacReminder.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
"C:\Windows\system32\svchost.exe"
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uWindow Title = Internet Explorer provided by Dell
uSearch Bar =
mDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2071122
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uWinlogon: Shell=c:\users\family\appdata\local\ea7df27e\X
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - McAfee Phishing Filter
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - Yontoo Layers
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [SacReminderHDDV2N] c:\programdata\clickfree\c2nplus\reminder\SacReminder.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [DLBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBXtime.dll,_RunDLLEntry@16
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
StartupFolder: c:\users\family\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableStartupSound = 1 (0x1)
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{764E5182-D195-4A9C-8CDE-86780F3355D6} : DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\family\appdata\roaming\mozilla\firefox\profiles\85q3ua9k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.sympatico.ca/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e2b35e5&v=7.008.031.001&i=23&tp=ab&iy=b&ychte=ca&lng=en-GB&q=
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\family\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\family\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\family\appdata\roaming\mozilla\firefox\profiles\85q3ua9k.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\users\family\program files\dna\plugins\npbtdna.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Canadian English Dictionary:
misc.php
- %profile%\extensions\en-CA@dictionaries.addons.mozilla.org
FF - Ext: Ancestry.com Advanced Image Viewer:
misc.php
- %profile%\extensions\support@ancestry.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Security Toolbar em:version=7.008.031.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-6 64288]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2010-11-27 22312]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-12-6 101720]
R2 CFUACProxy_c2nplus;CFUACProxy_c2nplus;c:\programdata\clickfree\c2nplus\UACProxy.exe [2011-4-3 87368]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-3-20 266240]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-30 21504]
R2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\clickfree\c2nplus\reminder\SacNetAgent.exe [2011-4-3 157296]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-7-23 1153368]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-11-22 179712]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9834ebde52a90;Google Update Service (gupdate1c9834ebde52a90);c:\program files\google\update\GoogleUpdate.exe [2009-1-30 133104]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-10-8 246600]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-7-23 1025352]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-17 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-9-9 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-1-30 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-11-22 73728]
.
=============== File Associations ===============
.
regfile=regedit.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-10-25 23:55:28 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{460a1ddd-02b4-43e1-8a2d-b57b1c65334a}\offreg.dll
2011-10-25 23:55:18 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{460a1ddd-02b4-43e1-8a2d-b57b1c65334a}\mpengine.dll
2011-10-25 22:48:06 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-10-24 17:56:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-24 17:36:43 163840 ----a-w- c:\users\family\taskmgr.exe
2011-10-24 17:36:42 25088 --sha-w- c:\users\family\wevtapi.dll
2011-10-24 17:36:42 -------- d-sh--w- c:\users\family\appdata\local\ea7df27e
2011-10-12 15:35:57 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 15:35:56 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 15:35:56 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 15:35:56 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-08 14:44:33 -------- d-----w- c:\program files\common files\AVG Secure Search
2011-10-08 14:44:28 -------- d-----w- c:\program files\AVG Secure Search
2011-10-08 14:41:06 -------- d-----w- c:\users\family\appdata\roaming\AVG2012
2011-10-08 14:39:59 -------- d-----w- c:\programdata\AVG2012
.
==================== Find3M ====================
.
2011-10-25 23:46:59 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-13 10:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 11:57:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-11 04:09:49 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-29 16:01:34 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-07-29 16:01:33 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-07-29 16:00:14 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-07-29 16:00:05 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
.
============= FINISH: 14:19:31.82 ===============
 
Last edited by a moderator:
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


Having said that....Let's get going!! :thumbup:
----------

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

What you have on your system is called the ZeroAccess rootkit. It is an extremely nasty infection! I would highly recommend to format and reinstall your operating system entirely. This infection, even after being cleaned has even shown to destroy internet connections completely.

If you would like to format and reinstall your Operating System please let me know and I can assist you with that.

If you would like to continue with the cleaning, please let me know and I will be more than happy to help. :)
----------
 
Ohhhhhh JEFF!!!! Are you going to say, "Trick or Treat" soon???? UGH....ok....here's the scoop. I've been away from home for 7 weeks and did a clickfree back up before I left. Is there any way to determine or estimate when this little parasite found it's way into my computer? If we can't. I'd like to try to clean or disable or whatever we can do, so that I can safely save the newer files before the format and make a list of ALL the programs I'd need to gather and download again UGHHHHH....this is worse than a root canal while having one's toe nails pulled!!!!! Also, I'd need to find the disks for computer in order to do this work. FINALLY, are you able to walk me though a format and re-install of windows...it's been forever since i've done it....ummmmm.....Windows 1...maybe 2 ;) None of this new fangled, high tech stuff!

I do completely and utterly appreciate your assistance. I will be back in the home saddle this weekend and raring to fix up my 'puter! Please advise. :D
 
Hi mnyyoungs,

Ohhhhhh JEFF!!!! Are you going to say, "Trick or Treat" soon????
I wish that I were kidding. :red: There is no way to accurately determine when this infection got onto your system unfortunately.

If you want we can attempt to clean the system, but we MAY end up having to reformat. If you want to give it a go please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
 
Jeff...here is the NON Trick or Treat log....it would NOT let me select Cure for the second mal. item found....delete was what came up, no Cure. I chose quarantine. I have NOT run this a second time. Please advise. I am in airport h e double hockey sticks now and have been for the past 24 hours....I'm not doing much, so here's hoping you get a chance to look at it while I'm in this purgatory...lol... Thanks again!


10:36:17.0148 2828 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
10:36:17.0301 2828 ============================================================
10:36:17.0301 2828 Current date / time: 2011/10/30 10:36:17.0301
10:36:17.0301 2828 SystemInfo:
10:36:17.0301 2828
10:36:17.0301 2828 OS Version: 6.0.6002 ServicePack: 2.0
10:36:17.0301 2828 Product type: Workstation
10:36:17.0301 2828 ComputerName: FAMILY-PC
10:36:17.0302 2828 UserName: Family
10:36:17.0302 2828 Windows directory: C:\Windows
10:36:17.0302 2828 System windows directory: C:\Windows
10:36:17.0302 2828 Processor architecture: Intel x86
10:36:17.0302 2828 Number of processors: 2
10:36:17.0302 2828 Page size: 0x1000
10:36:17.0302 2828 Boot type: Normal boot
10:36:17.0302 2828 ============================================================
10:36:18.0190 2828 Initialize success
10:36:25.0661 1228 ============================================================
10:36:25.0661 1228 Scan started
10:36:25.0661 1228 Mode: Manual;
10:36:25.0662 1228 ============================================================
10:36:26.0745 1228 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:36:26.0753 1228 ACPI - ok
10:36:26.0980 1228 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
10:36:27.0004 1228 adp94xx - ok
10:36:27.0374 1228 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
10:36:27.0383 1228 adpahci - ok
10:36:27.0818 1228 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
10:36:27.0822 1228 adpu160m - ok
10:36:28.0370 1228 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
10:36:28.0375 1228 adpu320 - ok
10:36:28.0518 1228 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:36:28.0525 1228 AFD - ok
10:36:28.0711 1228 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
10:36:28.0746 1228 agp440 - ok
10:36:29.0077 1228 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:36:29.0090 1228 aic78xx - ok
10:36:29.0547 1228 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
10:36:29.0549 1228 aliide - ok
10:36:29.0753 1228 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
10:36:29.0756 1228 amdagp - ok
10:36:29.0961 1228 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
10:36:29.0990 1228 amdide - ok
10:36:30.0090 1228 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
10:36:30.0093 1228 AmdK7 - ok
10:36:30.0202 1228 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
10:36:30.0228 1228 AmdK8 - ok
10:36:30.0366 1228 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
10:36:30.0371 1228 ApfiltrService - ok
10:36:30.0506 1228 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
10:36:30.0509 1228 arc - ok
10:36:30.0632 1228 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
10:36:30.0664 1228 arcsas - ok
10:36:30.0780 1228 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:36:30.0782 1228 AsyncMac - ok
10:36:30.0909 1228 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:36:30.0911 1228 atapi - ok
10:36:31.0126 1228 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
10:36:31.0130 1228 AVGIDSDriver - ok
10:36:31.0233 1228 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
10:36:31.0235 1228 AVGIDSEH - ok
10:36:31.0287 1228 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
10:36:31.0289 1228 AVGIDSFilter - ok
10:36:31.0392 1228 AVGIDSShim (54d710b7d2e30e1ddc8ce2c6e685576b) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
10:36:31.0394 1228 AVGIDSShim - ok
10:36:31.0622 1228 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\Windows\system32\DRIVERS\avgldx86.sys
10:36:31.0634 1228 Avgldx86 - ok
10:36:31.0704 1228 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
10:36:31.0707 1228 Avgmfx86 - ok
10:36:31.0850 1228 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
10:36:31.0853 1228 Avgrkx86 - ok
10:36:32.0095 1228 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
10:36:32.0104 1228 Avgtdix - ok
10:36:32.0341 1228 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:36:32.0346 1228 b57nd60x - ok
10:36:32.0451 1228 BCM43XX (559db7c7d958c6262cc3efee4ad95cce) C:\Windows\system32\DRIVERS\bcmwl6.sys
10:36:32.0496 1228 BCM43XX - ok
10:36:32.0708 1228 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:36:32.0709 1228 Beep - ok
10:36:32.0771 1228 blbdrive - ok
10:36:32.0839 1228 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:36:32.0842 1228 bowser - ok
10:36:32.0925 1228 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:36:32.0927 1228 BrFiltLo - ok
10:36:33.0007 1228 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:36:33.0009 1228 BrFiltUp - ok
10:36:33.0092 1228 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:36:33.0095 1228 Brserid - ok
10:36:33.0155 1228 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:36:33.0159 1228 BrSerWdm - ok
10:36:33.0282 1228 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:36:33.0284 1228 BrUsbMdm - ok
10:36:33.0375 1228 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:36:33.0377 1228 BrUsbSer - ok
10:36:33.0548 1228 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:36:33.0550 1228 BTHMODEM - ok
10:36:33.0696 1228 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:36:33.0700 1228 cdfs - ok
10:36:33.0768 1228 cdrom (17ad374538e70b02e38949a93f15d646) C:\Windows\system32\DRIVERS\cdrom.sys
10:36:33.0772 1228 cdrom ( Rootkit.Win32.ZAccess.g ) - infected
10:36:33.0772 1228 cdrom - detected Rootkit.Win32.ZAccess.g (0)
10:36:33.0932 1228 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
10:36:33.0934 1228 circlass - ok
10:36:34.0069 1228 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:36:34.0103 1228 CLFS - ok
10:36:34.0397 1228 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
10:36:34.0399 1228 CmBatt - ok
10:36:34.0521 1228 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
10:36:34.0523 1228 cmdide - ok
10:36:34.0577 1228 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:36:34.0580 1228 Compbatt - ok
10:36:34.0624 1228 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
10:36:34.0626 1228 crcdisk - ok
10:36:34.0699 1228 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
10:36:34.0701 1228 Crusoe - ok
10:36:34.0845 1228 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
10:36:34.0849 1228 DfsC - ok
10:36:34.0967 1228 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:36:34.0969 1228 disk - ok
10:36:35.0107 1228 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:36:35.0109 1228 drmkaud - ok
10:36:35.0202 1228 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
10:36:35.0204 1228 DSproct - ok
10:36:35.0265 1228 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
10:36:35.0266 1228 dsunidrv - ok
10:36:35.0491 1228 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:36:35.0536 1228 DXGKrnl - ok
10:36:35.0652 1228 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
10:36:35.0688 1228 e1express - ok
10:36:35.0855 1228 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:36:35.0860 1228 E1G60 - ok
10:36:35.0921 1228 ea7df27e (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\2129821162:360844673.exe
10:36:35.0923 1228 Suspicious file (Hidden): C:\Windows\2129821162:360844673.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
10:36:35.0924 1228 ea7df27e ( Rootkit.Win32.PMax.gen ) - infected
10:36:35.0924 1228 ea7df27e - detected Rootkit.Win32.PMax.gen (0)
10:36:36.0043 1228 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:36:36.0048 1228 Ecache - ok
10:36:36.0175 1228 ElRawDisk (b8eac99b14772bdc36ca963aed109fa2) C:\Windows\system32\drivers\rsdrv.sys
10:36:36.0202 1228 ElRawDisk - ok
10:36:36.0358 1228 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
10:36:36.0368 1228 elxstor - ok
10:36:36.0574 1228 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:36:36.0579 1228 exfat - ok
10:36:36.0665 1228 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:36:36.0670 1228 fastfat - ok
10:36:36.0767 1228 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
10:36:36.0769 1228 fdc - ok
10:36:36.0905 1228 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:36:36.0908 1228 FileInfo - ok
10:36:36.0987 1228 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:36:36.0989 1228 Filetrace - ok
10:36:37.0032 1228 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
10:36:37.0034 1228 flpydisk - ok
10:36:37.0204 1228 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:36:37.0232 1228 FltMgr - ok
10:36:37.0414 1228 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
10:36:37.0418 1228 fssfltr - ok
10:36:37.0522 1228 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:36:37.0524 1228 Fs_Rec - ok
10:36:37.0596 1228 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\Windows\system32\drivers\ftdibus.sys
10:36:37.0599 1228 FTDIBUS - ok
10:36:37.0729 1228 FTSER2K (23220a4709cc5785f9633ba71416145c) C:\Windows\system32\drivers\ftser2k.sys
10:36:37.0733 1228 FTSER2K - ok
10:36:37.0931 1228 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
10:36:37.0944 1228 gagp30kx - ok
10:36:38.0034 1228 GEARAspiWDM - ok
10:36:38.0382 1228 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:36:38.0405 1228 HDAudBus - ok
10:36:38.0480 1228 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:36:38.0482 1228 HidBth - ok
10:36:38.0584 1228 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:36:38.0587 1228 HidIr - ok
10:36:38.0750 1228 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:36:38.0761 1228 HidUsb - ok
10:36:39.0061 1228 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
10:36:39.0063 1228 HpCISSs - ok
10:36:39.0198 1228 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
10:36:39.0276 1228 HSF_DPV - ok
10:36:39.0495 1228 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
10:36:39.0534 1228 HSXHWAZL - ok
10:36:39.0822 1228 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:36:39.0845 1228 HTTP - ok
10:36:39.0953 1228 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
10:36:39.0956 1228 i2omp - ok
10:36:40.0085 1228 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:36:40.0119 1228 i8042prt - ok
10:36:40.0208 1228 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
10:36:40.0213 1228 iaStor - ok
10:36:40.0335 1228 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
10:36:40.0343 1228 iaStorV - ok
10:36:40.0689 1228 igfx (bbace0293b73bf8c7cb591f2d06f26fa) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:36:40.0793 1228 igfx - ok
10:36:40.0902 1228 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:36:40.0904 1228 iirsp - ok
10:36:41.0011 1228 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
10:36:41.0013 1228 intelide - ok
10:36:41.0076 1228 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:36:41.0078 1228 intelppm - ok
10:36:41.0283 1228 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:36:41.0285 1228 IpFilterDriver - ok
10:36:41.0323 1228 IpInIp - ok
10:36:41.0379 1228 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
10:36:41.0382 1228 IPMIDRV - ok
10:36:41.0503 1228 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:36:41.0508 1228 IPNAT - ok
10:36:41.0597 1228 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:36:41.0599 1228 IRENUM - ok
10:36:41.0666 1228 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
10:36:41.0669 1228 isapnp - ok
10:36:41.0749 1228 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:36:41.0754 1228 iScsiPrt - ok
10:36:42.0030 1228 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:36:42.0032 1228 iteatapi - ok
10:36:42.0084 1228 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:36:42.0087 1228 iteraid - ok
10:36:42.0154 1228 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:36:42.0157 1228 kbdclass - ok
10:36:42.0316 1228 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
10:36:42.0351 1228 kbdhid - ok
10:36:42.0464 1228 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
10:36:42.0487 1228 KSecDD - ok
10:36:42.0573 1228 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
10:36:42.0576 1228 Lbd - ok
10:36:42.0739 1228 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:36:42.0741 1228 lltdio - ok
10:36:42.0833 1228 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
10:36:42.0837 1228 LSI_FC - ok
10:36:42.0937 1228 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
10:36:42.0940 1228 LSI_SAS - ok
10:36:43.0240 1228 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
10:36:43.0243 1228 LSI_SCSI - ok
10:36:43.0320 1228 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:36:43.0323 1228 luafv - ok
10:36:43.0385 1228 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
10:36:43.0388 1228 LVPr2Mon - ok
10:36:43.0558 1228 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys
10:36:43.0603 1228 LVRS - ok
10:36:44.0331 1228 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
10:36:44.0579 1228 LVUVC - ok
10:36:44.0727 1228 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:36:44.0730 1228 mdmxsdk - ok
10:36:44.0782 1228 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
10:36:44.0784 1228 megasas - ok
10:36:45.0089 1228 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:36:45.0091 1228 Modem - ok
10:36:45.0333 1228 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:36:45.0335 1228 monitor - ok
10:36:45.0401 1228 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:36:45.0403 1228 mouclass - ok
10:36:45.0441 1228 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:36:45.0444 1228 mouhid - ok
10:36:45.0827 1228 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:36:45.0869 1228 MountMgr - ok
10:36:45.0954 1228 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
10:36:45.0958 1228 mpio - ok
10:36:46.0294 1228 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:36:46.0331 1228 mpsdrv - ok
10:36:46.0400 1228 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:36:46.0402 1228 Mraid35x - ok
10:36:46.0489 1228 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
10:36:46.0492 1228 MREMP50 - ok
10:36:46.0572 1228 MREMP50a64 - ok
10:36:46.0603 1228 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
10:36:46.0605 1228 MRESP50 - ok
10:36:46.0645 1228 MRESP50a64 - ok
10:36:46.0706 1228 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:36:46.0711 1228 MRxDAV - ok
10:36:46.0776 1228 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:36:46.0782 1228 mrxsmb - ok
10:36:46.0898 1228 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:36:46.0938 1228 mrxsmb10 - ok
10:36:46.0998 1228 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:36:47.0002 1228 mrxsmb20 - ok
10:36:47.0063 1228 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
10:36:47.0065 1228 msahci - ok
10:36:47.0155 1228 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
10:36:47.0159 1228 msdsm - ok
10:36:47.0251 1228 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:36:47.0253 1228 Msfs - ok
10:36:47.0316 1228 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:36:47.0319 1228 msisadrv - ok
10:36:47.0451 1228 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:36:47.0453 1228 MSKSSRV - ok
10:36:47.0579 1228 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:36:47.0581 1228 MSPCLOCK - ok
10:36:47.0631 1228 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:36:47.0633 1228 MSPQM - ok
10:36:47.0752 1228 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:36:47.0758 1228 MsRPC - ok
10:36:47.0894 1228 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:36:47.0929 1228 mssmbios - ok
10:36:48.0070 1228 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:36:48.0106 1228 MSTEE - ok
10:36:48.0275 1228 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:36:48.0278 1228 Mup - ok
10:36:48.0422 1228 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:36:48.0427 1228 NativeWifiP - ok
10:36:48.0988 1228 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:36:49.0023 1228 NDIS - ok
10:36:49.0137 1228 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:36:49.0140 1228 NdisTapi - ok
10:36:49.0218 1228 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:36:49.0220 1228 Ndisuio - ok
10:36:49.0286 1228 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:36:49.0290 1228 NdisWan - ok
10:36:49.0420 1228 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:36:49.0423 1228 NDProxy - ok
10:36:49.0676 1228 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:36:49.0679 1228 NetBIOS - ok
10:36:49.0753 1228 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:36:49.0759 1228 netbt - ok
10:36:49.0879 1228 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:36:49.0882 1228 nfrd960 - ok
10:36:50.0210 1228 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:36:50.0212 1228 Npfs - ok
10:36:50.0267 1228 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:36:50.0269 1228 nsiproxy - ok
10:36:50.0344 1228 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:36:50.0390 1228 Ntfs - ok
10:36:50.0501 1228 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:36:50.0503 1228 ntrigdigi - ok
10:36:50.0614 1228 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:36:50.0616 1228 Null - ok
10:36:50.0681 1228 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
10:36:50.0685 1228 nvraid - ok
10:36:50.0759 1228 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
10:36:50.0762 1228 nvstor - ok
10:36:51.0044 1228 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
10:36:51.0048 1228 nv_agp - ok
10:36:51.0090 1228 NwlnkFlt - ok
10:36:51.0124 1228 NwlnkFwd - ok
10:36:51.0219 1228 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
10:36:51.0221 1228 ohci1394 - ok
10:36:51.0335 1228 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:36:51.0338 1228 Parport - ok
10:36:51.0395 1228 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:36:51.0466 1228 partmgr - ok
10:36:51.0533 1228 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:36:51.0536 1228 Parvdm - ok
10:36:51.0700 1228 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:36:51.0740 1228 pci - ok
10:36:51.0812 1228 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
10:36:51.0814 1228 pciide - ok
10:36:51.0958 1228 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:36:51.0964 1228 pcmcia - ok
10:36:52.0114 1228 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
10:36:52.0117 1228 pcouffin - ok
10:36:52.0217 1228 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:36:52.0252 1228 PEAUTH - ok
10:36:52.0488 1228 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:36:52.0491 1228 PptpMiniport - ok
10:36:52.0668 1228 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
10:36:52.0670 1228 Processor - ok
10:36:52.0754 1228 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:36:52.0757 1228 PSched - ok
10:36:52.0878 1228 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
10:36:52.0880 1228 PxHelp20 - ok
10:36:53.0017 1228 qgdttjh - ok
10:36:53.0134 1228 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
10:36:53.0212 1228 ql2300 - ok
10:36:53.0367 1228 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:36:53.0371 1228 ql40xx - ok
10:36:53.0491 1228 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:36:53.0494 1228 QWAVEdrv - ok
10:36:53.0693 1228 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
10:36:53.0781 1228 R300 - ok
10:36:53.0867 1228 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:36:53.0870 1228 RasAcd - ok
10:36:54.0166 1228 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:36:54.0170 1228 Rasl2tp - ok
10:36:54.0293 1228 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:36:54.0296 1228 RasPppoe - ok
10:36:54.0401 1228 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:36:54.0405 1228 RasSstp - ok
10:36:54.0573 1228 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:36:54.0611 1228 rdbss - ok
10:36:54.0689 1228 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:36:54.0692 1228 RDPCDD - ok
10:36:54.0906 1228 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
10:36:54.0914 1228 rdpdr - ok
10:36:54.0947 1228 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:36:54.0950 1228 RDPENCDD - ok
10:36:55.0025 1228 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
10:36:55.0031 1228 RDPWD - ok
10:36:55.0144 1228 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
10:36:55.0147 1228 rimmptsk - ok
10:36:55.0251 1228 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
10:36:55.0253 1228 rimsptsk - ok
10:36:55.0303 1228 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
10:36:55.0306 1228 rismxdp - ok
10:36:55.0436 1228 RPSKT - ok
10:36:55.0514 1228 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:36:55.0518 1228 rspndr - ok
10:36:55.0785 1228 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:36:55.0789 1228 sbp2port - ok
10:36:55.0876 1228 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\Windows\system32\drivers\SBREdrv.sys
10:36:55.0880 1228 SBRE - ok
10:36:56.0381 1228 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
10:36:56.0385 1228 sdbus - ok
10:36:56.0527 1228 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:36:56.0529 1228 secdrv - ok
10:36:56.0769 1228 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
10:36:56.0801 1228 Serenum - ok
10:36:56.0880 1228 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:36:56.0884 1228 Serial - ok
10:36:57.0079 1228 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:36:57.0081 1228 sermouse - ok
10:36:57.0294 1228 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
10:36:57.0296 1228 sffdisk - ok
10:36:57.0375 1228 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
10:36:57.0377 1228 sffp_mmc - ok
10:36:57.0518 1228 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:36:57.0520 1228 sffp_sd - ok
10:36:57.0595 1228 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:36:57.0597 1228 sfloppy - ok
10:36:57.0762 1228 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
10:36:57.0765 1228 sisagp - ok
10:36:57.0847 1228 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
10:36:57.0850 1228 SiSRaid2 - ok
10:36:58.0081 1228 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
10:36:58.0109 1228 SiSRaid4 - ok
10:36:58.0215 1228 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:36:58.0299 1228 Smb - ok
10:36:58.0448 1228 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:36:58.0450 1228 spldr - ok
10:36:58.0570 1228 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:36:58.0579 1228 srv - ok
10:36:58.0706 1228 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
10:36:58.0712 1228 srv2 - ok
10:36:58.0791 1228 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
10:36:58.0795 1228 srvnet - ok
10:36:58.0866 1228 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
10:36:58.0901 1228 sscdbus - ok
10:36:59.0025 1228 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
10:36:59.0028 1228 sscdmdfl - ok
10:36:59.0132 1228 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
10:36:59.0136 1228 sscdmdm - ok
10:36:59.0312 1228 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
10:36:59.0351 1228 sscdserd - ok
10:36:59.0495 1228 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys
10:36:59.0506 1228 STHDA - ok
10:36:59.0585 1228 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:36:59.0587 1228 swenum - ok
10:36:59.0655 1228 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:36:59.0657 1228 Symc8xx - ok
10:36:59.0703 1228 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:36:59.0735 1228 Sym_hi - ok
10:36:59.0836 1228 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:36:59.0839 1228 Sym_u3 - ok
10:36:59.0975 1228 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
10:37:00.0009 1228 Tcpip - ok
10:37:00.0720 1228 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
10:37:00.0734 1228 Tcpip6 - ok
10:37:00.0864 1228 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
10:37:00.0868 1228 tcpipreg - ok
10:37:00.0952 1228 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:37:00.0954 1228 TDPIPE - ok
10:37:01.0013 1228 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:37:01.0015 1228 TDTCP - ok
10:37:01.0118 1228 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:37:01.0121 1228 tdx - ok
10:37:01.0254 1228 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:37:01.0258 1228 TermDD - ok
10:37:01.0388 1228 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:37:01.0391 1228 tssecsrv - ok
10:37:01.0610 1228 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:37:01.0612 1228 tunmp - ok
10:37:01.0689 1228 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:37:01.0691 1228 tunnel - ok
10:37:01.0760 1228 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
10:37:01.0764 1228 uagp35 - ok
10:37:01.0887 1228 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:37:01.0896 1228 udfs - ok
10:37:02.0092 1228 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
10:37:02.0095 1228 uliagpkx - ok
10:37:02.0177 1228 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
10:37:02.0185 1228 uliahci - ok
10:37:02.0240 1228 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:37:02.0245 1228 UlSata - ok
10:37:02.0432 1228 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:37:02.0437 1228 ulsata2 - ok
10:37:02.0566 1228 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:37:02.0568 1228 umbus - ok
10:37:02.0645 1228 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
10:37:02.0647 1228 USBAAPL - ok
10:37:02.0727 1228 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
10:37:02.0731 1228 usbaudio - ok
10:37:02.0816 1228 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:37:02.0820 1228 usbccgp - ok
10:37:02.0943 1228 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:37:02.0947 1228 usbcir - ok
10:37:03.0040 1228 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:37:03.0043 1228 usbehci - ok
10:37:03.0102 1228 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:37:03.0109 1228 usbhub - ok
10:37:03.0248 1228 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:37:03.0251 1228 usbohci - ok
10:37:03.0329 1228 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:37:03.0331 1228 usbprint - ok
10:37:03.0434 1228 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:37:03.0437 1228 usbscan - ok
10:37:03.0594 1228 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:37:03.0597 1228 USBSTOR - ok
10:37:03.0675 1228 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:37:03.0678 1228 usbuhci - ok
10:37:03.0760 1228 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
10:37:03.0766 1228 usbvideo - ok
10:37:03.0840 1228 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
10:37:03.0842 1228 usb_rndisx - ok
10:37:03.0958 1228 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
10:37:03.0961 1228 vga - ok
10:37:04.0076 1228 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:37:04.0078 1228 VgaSave - ok
10:37:04.0125 1228 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
10:37:04.0128 1228 viaagp - ok
10:37:04.0191 1228 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
10:37:04.0194 1228 ViaC7 - ok
10:37:04.0268 1228 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
10:37:04.0270 1228 viaide - ok
10:37:04.0379 1228 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:37:04.0382 1228 volmgr - ok
10:37:04.0479 1228 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:37:04.0488 1228 volmgrx - ok
10:37:04.0566 1228 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:37:04.0573 1228 volsnap - ok
10:37:04.0686 1228 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
10:37:04.0691 1228 vsmraid - ok
10:37:04.0788 1228 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:37:04.0791 1228 WacomPen - ok
10:37:04.0865 1228 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:37:04.0868 1228 Wanarp - ok
10:37:04.0893 1228 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:37:04.0895 1228 Wanarpv6 - ok
10:37:05.0014 1228 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
10:37:05.0017 1228 Wd - ok
10:37:05.0114 1228 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:37:05.0148 1228 Wdf01000 - ok
10:37:05.0383 1228 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
10:37:05.0416 1228 winachsf - ok
10:37:05.0582 1228 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:37:05.0584 1228 WmiAcpi - ok
10:37:05.0682 1228 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
10:37:05.0685 1228 WpdUsb - ok
10:37:05.0749 1228 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:37:05.0752 1228 ws2ifsl - ok
10:37:05.0885 1228 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:37:05.0889 1228 WUDFRd - ok
10:37:05.0967 1228 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
10:37:05.0970 1228 XAudio - ok
10:37:06.0092 1228 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:37:06.0136 1228 \Device\Harddisk0\DR0 - ok
10:37:06.0158 1228 Boot (0x1200) (b36b2b1cf28f89c9eb2043708663ea66) \Device\Harddisk0\DR0\Partition0
10:37:06.0161 1228 \Device\Harddisk0\DR0\Partition0 - ok
10:37:06.0170 1228 Boot (0x1200) (bf8884cc45984339a36a4361ad4c2dbd) \Device\Harddisk0\DR0\Partition1
10:37:06.0172 1228 \Device\Harddisk0\DR0\Partition1 - ok
10:37:06.0176 1228 ============================================================
10:37:06.0176 1228 Scan finished
10:37:06.0176 1228 ============================================================
10:37:06.0203 3064 Detected object count: 2
10:37:06.0203 3064 Actual detected object count: 2
10:38:19.0714 3064 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\cdrom.sys) error 1813
10:38:20.0355 3064 Backup copy found, using it..
10:38:20.0371 3064 C:\Windows\system32\DRIVERS\cdrom.sys - will be cured on reboot
10:38:20.0371 3064 cdrom ( Rootkit.Win32.ZAccess.g ) - User select action: Cure
10:38:20.0515 3064 C:\Windows\2129821162:360844673.exe - copied to quarantine
10:38:20.0516 3064 ea7df27e ( Rootkit.Win32.PMax.gen ) - User select action: Quarantine
 
Hi mnyyoungs,

LOL!! I hate sitting waiting on flights hahahaha!! Lets get this going and try to knock this out.

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
 
my laptop starts up fine, but the mouse seems to be frozen, as such, I need some help! :( Any suggestions. I've tried cont/alt/del..nadda...pulled the battery out to restart...same thing...is that the nasty bug? :( or driver error....lol
 
Hi mnyyoungs,

It is hard to tell just yet what might be causing the mouse problem, but it is likely the virus. Try to boot into Safe Mode with Networking and follow the earlier instructions for ComboFix. When ComboFix completes there will be a log produced I will need in your next reply.

If you still have a problem let me know. I have provided the instructions below for how to boot into Safe Mode. :)

Reboot Your System in Safe Mode

How to use the F8 method to Start Your Computer in Safe Mode
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe mode with Networking menu item
  • Press Enter.
 
External mouse working on the infected computer, but keyboard and mouse pad aren't working...however, here is the Combo Fix scan....is it good news?!?!?!


ComboFix 11-10-30.03 - Family 31/10/2011 13:44:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2037.1225 [GMT -4:00]
Running from: c:\users\Family\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Family\AppData\Local\ea7df27e
c:\users\Family\AppData\Local\ea7df27e\@
c:\users\Family\AppData\Local\ea7df27e\U\80000000.@
c:\users\Family\AppData\Local\ea7df27e\U\800000cb.@
c:\users\Family\AppData\Local\ea7df27e\X
c:\users\Family\Documents\~WRL0001.tmp
c:\users\Family\Documents\~WRL3224.tmp
c:\users\Family\g2mdlhlpx.exe
c:\users\Family\wevtapi.dll
c:\windows\$NtUninstallKB59388$
c:\windows\$NtUninstallKB59388$\2762484775
c:\windows\$NtUninstallKB59388$\3934122622\@
c:\windows\$NtUninstallKB59388$\3934122622\L\qnbwvoto
c:\windows\$NtUninstallKB59388$\3934122622\loader.tlb
c:\windows\$NtUninstallKB59388$\3934122622\U\@00000001
c:\windows\$NtUninstallKB59388$\3934122622\U\@000000c0
c:\windows\$NtUninstallKB59388$\3934122622\U\@000000cb
c:\windows\$NtUninstallKB59388$\3934122622\U\@000000cf
c:\windows\$NtUninstallKB59388$\3934122622\U\@80000000
c:\windows\$NtUninstallKB59388$\3934122622\U\@800000c0
c:\windows\$NtUninstallKB59388$\3934122622\U\@800000cb
c:\windows\$NtUninstallKB59388$\3934122622\U\@800000cf
c:\windows\security\Database\tmp.edb
c:\windows\system32\
c:\windows\system32\c_41644.nls
c:\windows\system32\drivers\
.
Infected copy of c:\windows\system32\drivers\dfsc.sys was found and disinfected
Restored copy from - The cat found it :)
Infected copy of c:\program files\AVG\AVG2012\avgwdsvc.exe was found and disinfected
Restored copy from - c:\program files\AVG\AVG2012\
.
Infected copy of c:\programdata\Clickfree\C2NPlus\UACProxy.exe was found and disinfected
Restored copy from - c:\programdata\Clickfree\C2NPlus\
.
c:\windows\system32\CSHelper.exe . . . is infected!!
c:\windows\system32\CSHelper.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\windows\system32\dlbxcoms.exe . . . is infected!!
c:\windows\system32\dlbxcoms.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\windows\2129821162:360844673.exe . . . is infected!!
c:\windows\2129821162:360844673.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy1_!Program Files!Google!Update!GoogleUpdate.exe
.
Infected copy of c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe was found and disinfected
Restored copy from - c:\program files\Google\Common\Google Updater\
.
Infected copy of c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe was found and disinfected
Restored copy from - c:\program files\Common Files\LogiShrd\LVMVFM\
.
Infected copy of c:\program files\Common Files\Motive\McciCMService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Motive\
.
Infected copy of c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE was found and disinfected
Restored copy from - c:\program files\Common Files\microsoft shared\Source Engine\
.
Infected copy of c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Intuit\QuickBooks\
.
.
c:\windows\system32\STacSV.exe . . . is infected!!
c:\windows\system32\STacSV.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe was found and disinfected
Restored copy from - c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\
.
Infected copy of c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE was found and disinfected
Restored copy from - c:\program files\Common Files\microsoft shared\Windows Live\
.
Infected copy of c:\windows\system32\DRIVERS\xaudio.exe was found and disinfected
Restored copy from - c:\windows\System32\DriverStore\FileRepository\del000fz.inf_291182ff\XAudio.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ea7df27e
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-31 )))))))))))))))))))))))))))))))
.
.
2011-10-31 18:23 . 2011-10-31 18:23 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-10-31 18:23 . 2011-10-31 18:23 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-10-31 18:23 . 2011-10-31 18:23 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-10-31 18:23 . 2011-10-31 18:23 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-10-31 18:23 . 2011-10-31 18:23 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-10-31 18:23 . 2011-10-31 18:23 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-10-31 18:23 . 2011-10-31 18:23 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-10-31 18:18 . 2011-10-31 18:18 1529728 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2011-10-31 18:13 . 2011-10-31 18:13 145184 ----a-w- c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2011-10-30 14:44 . 2011-10-30 14:44 48016 --sha-w- c:\windows\system32\c_41644.nl_
2011-10-30 14:38 . 2011-10-30 14:38 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-28 08:13 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D208FC11-8E7A-4DE4-917E-F39D40F22D8F}\mpengine.dll
2011-10-26 02:11 . 2011-10-26 02:11 -------- d-----w- c:\program files\ERUNT
2011-10-25 22:48 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-24 17:56 . 2011-10-24 17:56 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-24 17:36 . 2008-01-19 07:33 163840 ----a-w- c:\users\Family\taskmgr.exe
2011-10-12 15:35 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 15:35 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 15:35 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 15:35 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-08 14:44 . 2011-10-08 14:44 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-10-08 14:44 . 2011-10-08 14:44 -------- d-----w- c:\program files\AVG Secure Search
2011-10-08 14:41 . 2011-10-08 14:41 -------- d-----w- c:\users\Family\AppData\Roaming\AVG2012
2011-10-08 14:39 . 2011-10-13 07:58 -------- d-----w- c:\programdata\AVG2012
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 14:43 . 2009-07-26 02:26 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-25 23:46 . 2008-07-19 16:29 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-13 10:30 . 2011-09-13 10:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-08-31 21:00 . 2008-05-06 03:54 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 11:57 . 2011-08-24 11:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-11 04:09 . 2011-08-11 04:09 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-08 10:08 . 2011-08-08 10:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-09-10 00:46 . 2011-09-10 00:46 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-04-14 18:01 . 2010-10-25 17:37 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 14:15 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2N"="c:\programdata\Clickfree\C2NPlus\reminder\SacReminder.exe" [2011-01-20 870224]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-22 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-26 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-26 129560]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"DLBXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2007-02-22 73728]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-09-10 30192]
.
c:\users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-10-13 984408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\c:\0autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 13:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-09-24 09:27 159744 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-20 04:48 342848 ----a-w- c:\users\Family\Program Files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-08-31 21:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-04-16 22:10 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-11-22 12:06 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R0 qgdttjh;qgdttjh;c:\windows\System32\drivers\bpfvii.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [x]
R2 gupdate1c9834ebde52a90;Google Update Service (gupdate1c9834ebde52a90);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-09-10 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2008-07-09 47360]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-11 229840]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2009-02-12 22312]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-28 101720]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-10-31 192776]
S2 CFUACProxy_c2nplus;CFUACProxy_c2nplus;c:\programdata\Clickfree\C2NPlus\UACProxy.exe [2011-10-31 87368]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\Clickfree\C2NPlus\Reminder\SacNetAgent.exe [2011-10-25 157296]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2011-10-31 1153368]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-10-31 18:10]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{1A27E350-4EB9-4A64-8D25-115B91043FBF}.job
- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.2.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\85q3ua9k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.sympatico.ca/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e2b35e5&v=7.008.031.001&i=23&tp=ab&iy=b&ychte=ca&lng=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Canadian English Dictionary: en-CA@dictionaries.addons.mozilla.org - %profile%\extensions\en-CA@dictionaries.addons.mozilla.org
FF - Ext: Ancestry.com Advanced Image Viewer: support@ancestry.com - %profile%\extensions\support@ancestry.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Security Toolbar em:version=7.008.031.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
SafeBoot-86822721.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-31 14:23
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.kbdclass]
"ImagePath"="\*"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,f0,d9,f8,d9,92,fd,4d,ae,29,ae,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,f0,d9,f8,d9,92,fd,4d,ae,29,ae,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,f0,d9,f8,d9,92,fd,4d,ae,29,ae,\
.
[HKEY_USERS\S-1-5-21-2740605613-3585765697-2305856818-1000\Software\SecuROM\License information*]
"datasecu"=hex:cb,cc,19,08,d8,6d,2e,40,1a,65,bb,68,0a,b9,d8,3d,ed,1e,80,69,df,
e9,de,db,27,4a,44,51,86,72,49,6f,cd,da,71,56,3c,29,57,35,4a,5a,58,0d,a3,ce,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-10-31 14:34:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-31 18:34
.
Pre-Run: 66,512,236,544 bytes free
Post-Run: 65,855,041,536 bytes free
.
- - End Of File - - 2B2AE00A9DEEF47EF37C81E0E8BC7EE4
 
Hi mnyyoungs,

Good job getting that log. About how good it is the jury is still out, but I will look it over.

Please run TDSSKiller once again and post that log while I am looking over the ComboFix log. :)
 
ok...here's the greek...aka...'puter speak, from that scan.

18:06:19.0752 1136 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
18:06:20.0160 1136 ============================================================
18:06:20.0160 1136 Current date / time: 2011/10/31 18:06:20.0160
18:06:20.0160 1136 SystemInfo:
18:06:20.0160 1136
18:06:20.0161 1136 OS Version: 6.0.6002 ServicePack: 2.0
18:06:20.0161 1136 Product type: Workstation
18:06:20.0161 1136 ComputerName: FAMILY-PC
18:06:20.0162 1136 UserName: Family
18:06:20.0162 1136 Windows directory: C:\Windows
18:06:20.0162 1136 System windows directory: C:\Windows
18:06:20.0162 1136 Processor architecture: Intel x86
18:06:20.0162 1136 Number of processors: 2
18:06:20.0162 1136 Page size: 0x1000
18:06:20.0162 1136 Boot type: Normal boot
18:06:20.0162 1136 ============================================================
18:06:21.0114 1136 Initialize success
18:06:22.0487 2168 ============================================================
18:06:22.0487 2168 Scan started
18:06:22.0487 2168 Mode: Manual;
18:06:22.0487 2168 ============================================================
18:06:22.0955 2168 .kbdclass - ok
18:06:23.0347 2168 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:06:23.0357 2168 ACPI - ok
18:06:23.0452 2168 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:06:23.0462 2168 adp94xx - ok
18:06:23.0531 2168 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:06:23.0538 2168 adpahci - ok
18:06:23.0639 2168 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:06:23.0644 2168 adpu160m - ok
18:06:23.0691 2168 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:06:23.0695 2168 adpu320 - ok
18:06:23.0800 2168 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:06:23.0811 2168 AFD - ok
18:06:23.0990 2168 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
18:06:23.0994 2168 agp440 - ok
18:06:24.0045 2168 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:06:24.0048 2168 aic78xx - ok
18:06:24.0102 2168 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
18:06:24.0104 2168 aliide - ok
18:06:24.0163 2168 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
18:06:24.0166 2168 amdagp - ok
18:06:24.0211 2168 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
18:06:24.0212 2168 amdide - ok
18:06:24.0346 2168 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:06:24.0348 2168 AmdK7 - ok
18:06:24.0393 2168 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
18:06:24.0395 2168 AmdK8 - ok
18:06:24.0479 2168 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
18:06:24.0483 2168 ApfiltrService - ok
18:06:24.0661 2168 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:06:24.0663 2168 arc - ok
18:06:24.0730 2168 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:06:24.0734 2168 arcsas - ok
18:06:24.0804 2168 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:06:24.0806 2168 AsyncMac - ok
18:06:24.0922 2168 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:06:24.0923 2168 atapi - ok
18:06:25.0082 2168 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
18:06:25.0086 2168 AVGIDSDriver - ok
18:06:25.0157 2168 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
18:06:25.0158 2168 AVGIDSEH - ok
18:06:25.0244 2168 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
18:06:25.0246 2168 AVGIDSFilter - ok
18:06:25.0327 2168 AVGIDSShim (54d710b7d2e30e1ddc8ce2c6e685576b) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
18:06:25.0328 2168 AVGIDSShim - ok
18:06:25.0424 2168 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\Windows\system32\DRIVERS\avgldx86.sys
18:06:25.0430 2168 Avgldx86 - ok
18:06:25.0525 2168 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
18:06:25.0527 2168 Avgmfx86 - ok
18:06:25.0628 2168 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
18:06:25.0630 2168 Avgrkx86 - ok
18:06:25.0712 2168 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
18:06:25.0720 2168 Avgtdix - ok
18:06:25.0832 2168 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:06:25.0836 2168 b57nd60x - ok
18:06:25.0969 2168 BCM43XX (559db7c7d958c6262cc3efee4ad95cce) C:\Windows\system32\DRIVERS\bcmwl6.sys
18:06:25.0992 2168 BCM43XX - ok
18:06:26.0076 2168 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:06:26.0077 2168 Beep - ok
18:06:26.0168 2168 blbdrive - ok
18:06:26.0241 2168 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:06:26.0244 2168 bowser - ok
18:06:26.0338 2168 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:06:26.0340 2168 BrFiltLo - ok
18:06:26.0440 2168 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:06:26.0441 2168 BrFiltUp - ok
18:06:26.0542 2168 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:06:26.0544 2168 Brserid - ok
18:06:26.0595 2168 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:06:26.0598 2168 BrSerWdm - ok
18:06:26.0682 2168 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:06:26.0684 2168 BrUsbMdm - ok
18:06:26.0737 2168 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:06:26.0739 2168 BrUsbSer - ok
18:06:26.0831 2168 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:06:26.0834 2168 BTHMODEM - ok
18:06:26.0878 2168 catchme - ok
18:06:26.0964 2168 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:06:26.0967 2168 cdfs - ok
18:06:27.0025 2168 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
18:06:27.0030 2168 cdrom - ok
18:06:27.0145 2168 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
18:06:27.0147 2168 circlass - ok
18:06:27.0229 2168 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:06:27.0238 2168 CLFS - ok
18:06:27.0365 2168 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:06:27.0367 2168 CmBatt - ok
18:06:27.0432 2168 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
18:06:27.0434 2168 cmdide - ok
18:06:27.0500 2168 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:06:27.0502 2168 Compbatt - ok
18:06:27.0564 2168 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:06:27.0566 2168 crcdisk - ok
18:06:27.0617 2168 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:06:27.0619 2168 Crusoe - ok
18:06:27.0765 2168 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:06:27.0768 2168 DfsC - ok
18:06:27.0935 2168 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:06:27.0937 2168 disk - ok
18:06:28.0086 2168 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:06:28.0088 2168 drmkaud - ok
18:06:28.0184 2168 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
18:06:28.0185 2168 DSproct - ok
18:06:28.0255 2168 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
18:06:28.0258 2168 dsunidrv - ok
18:06:28.0340 2168 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:06:28.0375 2168 DXGKrnl - ok
18:06:28.0471 2168 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
18:06:28.0476 2168 e1express - ok
18:06:28.0561 2168 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:06:28.0565 2168 E1G60 - ok
18:06:28.0667 2168 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:06:28.0673 2168 Ecache - ok
18:06:28.0798 2168 ElRawDisk (b8eac99b14772bdc36ca963aed109fa2) C:\Windows\system32\drivers\rsdrv.sys
18:06:28.0802 2168 ElRawDisk - ok
18:06:28.0901 2168 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:06:28.0910 2168 elxstor - ok
18:06:29.0052 2168 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:06:29.0059 2168 exfat - ok
18:06:29.0123 2168 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:06:29.0128 2168 fastfat - ok
18:06:29.0251 2168 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
18:06:29.0252 2168 fdc - ok
18:06:29.0340 2168 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:06:29.0343 2168 FileInfo - ok
18:06:29.0415 2168 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:06:29.0419 2168 Filetrace - ok
18:06:29.0470 2168 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:06:29.0472 2168 flpydisk - ok
18:06:29.0584 2168 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:06:29.0591 2168 FltMgr - ok
18:06:29.0756 2168 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
18:06:29.0758 2168 fssfltr - ok
18:06:29.0901 2168 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:06:29.0904 2168 Fs_Rec - ok
18:06:29.0961 2168 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\Windows\system32\drivers\ftdibus.sys
18:06:29.0964 2168 FTDIBUS - ok
18:06:30.0046 2168 FTSER2K (23220a4709cc5785f9633ba71416145c) C:\Windows\system32\drivers\ftser2k.sys
18:06:30.0049 2168 FTSER2K - ok
18:06:30.0113 2168 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:06:30.0116 2168 gagp30kx - ok
18:06:30.0185 2168 GEARAspiWDM - ok
18:06:30.0374 2168 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:06:30.0410 2168 HDAudBus - ok
18:06:30.0555 2168 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:06:30.0556 2168 HidBth - ok
18:06:30.0603 2168 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:06:30.0605 2168 HidIr - ok
18:06:30.0694 2168 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:06:30.0697 2168 HidUsb - ok
18:06:30.0865 2168 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:06:30.0867 2168 HpCISSs - ok
18:06:31.0026 2168 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:06:31.0048 2168 HSF_DPV - ok
18:06:31.0119 2168 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:06:31.0127 2168 HSXHWAZL - ok
18:06:31.0202 2168 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:06:31.0226 2168 HTTP - ok
18:06:31.0329 2168 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:06:31.0332 2168 i2omp - ok
18:06:31.0453 2168 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:06:31.0457 2168 i8042prt - ok
18:06:31.0533 2168 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
18:06:31.0540 2168 iaStor - ok
18:06:31.0659 2168 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:06:31.0667 2168 iaStorV - ok
18:06:31.0883 2168 igfx (bbace0293b73bf8c7cb591f2d06f26fa) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:06:31.0925 2168 igfx - ok
18:06:32.0124 2168 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:06:32.0127 2168 iirsp - ok
18:06:32.0201 2168 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
18:06:32.0204 2168 intelide - ok
18:06:32.0311 2168 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:06:32.0313 2168 intelppm - ok
18:06:32.0417 2168 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:06:32.0422 2168 IpFilterDriver - ok
18:06:32.0502 2168 IpInIp - ok
18:06:32.0573 2168 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:06:32.0577 2168 IPMIDRV - ok
18:06:32.0671 2168 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:06:32.0677 2168 IPNAT - ok
18:06:32.0754 2168 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:06:32.0757 2168 IRENUM - ok
18:06:32.0827 2168 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
18:06:32.0830 2168 isapnp - ok
18:06:32.0917 2168 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:06:32.0924 2168 iScsiPrt - ok
18:06:32.0990 2168 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:06:32.0993 2168 iteatapi - ok
18:06:33.0093 2168 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:06:33.0098 2168 iteraid - ok
18:06:33.0173 2168 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:06:33.0176 2168 kbdhid - ok
18:06:33.0266 2168 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
18:06:33.0290 2168 KSecDD - ok
18:06:33.0419 2168 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
18:06:33.0422 2168 Lbd - ok
18:06:33.0507 2168 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:06:33.0511 2168 lltdio - ok
18:06:33.0596 2168 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:06:33.0600 2168 LSI_FC - ok
18:06:33.0683 2168 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:06:33.0687 2168 LSI_SAS - ok
18:06:33.0778 2168 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:06:33.0782 2168 LSI_SCSI - ok
18:06:33.0854 2168 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:06:33.0858 2168 luafv - ok
18:06:33.0957 2168 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
18:06:33.0959 2168 LVPr2Mon - ok
18:06:34.0091 2168 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys
18:06:34.0103 2168 LVRS - ok
18:06:34.0483 2168 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
18:06:34.0775 2168 LVUVC - ok
18:06:34.0939 2168 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:06:34.0951 2168 mdmxsdk - ok
18:06:35.0083 2168 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:06:35.0086 2168 megasas - ok
18:06:35.0167 2168 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:06:35.0169 2168 Modem - ok
18:06:35.0356 2168 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:06:35.0359 2168 monitor - ok
18:06:35.0446 2168 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:06:35.0451 2168 mouclass - ok
18:06:35.0491 2168 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:06:35.0494 2168 mouhid - ok
18:06:35.0561 2168 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:06:35.0564 2168 MountMgr - ok
18:06:35.0722 2168 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:06:35.0728 2168 mpio - ok
18:06:35.0817 2168 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:06:35.0822 2168 mpsdrv - ok
18:06:35.0890 2168 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:06:35.0893 2168 Mraid35x - ok
18:06:36.0002 2168 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
18:06:36.0006 2168 MREMP50 - ok
18:06:36.0118 2168 MREMP50a64 - ok
18:06:36.0160 2168 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
18:06:36.0164 2168 MRESP50 - ok
18:06:36.0215 2168 MRESP50a64 - ok
18:06:36.0308 2168 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:06:36.0313 2168 MRxDAV - ok
18:06:36.0510 2168 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:06:36.0514 2168 mrxsmb - ok
18:06:36.0655 2168 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:06:36.0662 2168 mrxsmb10 - ok
18:06:36.0722 2168 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:06:36.0726 2168 mrxsmb20 - ok
18:06:36.0808 2168 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
18:06:36.0812 2168 msahci - ok
18:06:36.0868 2168 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:06:36.0874 2168 msdsm - ok
18:06:37.0051 2168 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:06:37.0053 2168 Msfs - ok
18:06:37.0117 2168 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:06:37.0120 2168 msisadrv - ok
18:06:37.0219 2168 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:06:37.0222 2168 MSKSSRV - ok
18:06:37.0335 2168 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:06:37.0338 2168 MSPCLOCK - ok
18:06:37.0399 2168 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:06:37.0402 2168 MSPQM - ok
18:06:37.0475 2168 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:06:37.0481 2168 MsRPC - ok
18:06:37.0551 2168 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:06:37.0553 2168 mssmbios - ok
18:06:37.0694 2168 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:06:37.0697 2168 MSTEE - ok
18:06:37.0758 2168 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:06:37.0760 2168 Mup - ok
18:06:37.0879 2168 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:06:37.0887 2168 NativeWifiP - ok
18:06:38.0056 2168 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:06:38.0092 2168 NDIS - ok
18:06:38.0170 2168 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:06:38.0174 2168 NdisTapi - ok
18:06:38.0275 2168 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:06:38.0278 2168 Ndisuio - ok
18:06:38.0520 2168 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:06:38.0526 2168 NdisWan - ok
18:06:38.0588 2168 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:06:38.0593 2168 NDProxy - ok
18:06:38.0666 2168 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:06:38.0669 2168 NetBIOS - ok
18:06:38.0809 2168 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:06:38.0817 2168 netbt - ok
18:06:38.0924 2168 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:06:38.0929 2168 nfrd960 - ok
18:06:39.0011 2168 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:06:39.0014 2168 Npfs - ok
18:06:39.0123 2168 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:06:39.0126 2168 nsiproxy - ok
18:06:39.0239 2168 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:06:39.0285 2168 Ntfs - ok
18:06:39.0368 2168 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:06:39.0372 2168 ntrigdigi - ok
18:06:39.0432 2168 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:06:39.0435 2168 Null - ok
18:06:39.0627 2168 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
18:06:39.0643 2168 nvraid - ok
18:06:39.0738 2168 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
18:06:39.0743 2168 nvstor - ok
18:06:39.0857 2168 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
18:06:39.0863 2168 nv_agp - ok
18:06:39.0918 2168 NwlnkFlt - ok
18:06:40.0059 2168 NwlnkFwd - ok
18:06:40.0153 2168 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
18:06:40.0157 2168 ohci1394 - ok
18:06:40.0314 2168 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:06:40.0319 2168 Parport - ok
18:06:40.0385 2168 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:06:40.0388 2168 partmgr - ok
18:06:40.0445 2168 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:06:40.0448 2168 Parvdm - ok
18:06:40.0524 2168 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:06:40.0529 2168 pci - ok
18:06:40.0635 2168 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
18:06:40.0637 2168 pciide - ok
18:06:40.0725 2168 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:06:40.0733 2168 pcmcia - ok
18:06:40.0820 2168 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
18:06:40.0824 2168 pcouffin - ok
18:06:41.0078 2168 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:06:41.0123 2168 PEAUTH - ok
18:06:41.0278 2168 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:06:41.0283 2168 PptpMiniport - ok
18:06:41.0347 2168 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
18:06:41.0351 2168 Processor - ok
18:06:41.0433 2168 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:06:41.0437 2168 PSched - ok
18:06:41.0579 2168 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
18:06:41.0581 2168 PxHelp20 - ok
18:06:41.0693 2168 qgdttjh - ok
18:06:41.0824 2168 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:06:41.0858 2168 ql2300 - ok
18:06:42.0135 2168 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:06:42.0141 2168 ql40xx - ok
18:06:42.0215 2168 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:06:42.0218 2168 QWAVEdrv - ok
18:06:42.0408 2168 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
18:06:42.0485 2168 R300 - ok
18:06:42.0579 2168 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:06:42.0583 2168 RasAcd - ok
18:06:42.0735 2168 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:06:42.0740 2168 Rasl2tp - ok
18:06:42.0872 2168 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:06:42.0876 2168 RasPppoe - ok
18:06:42.0949 2168 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:06:42.0955 2168 RasSstp - ok
18:06:43.0030 2168 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:06:43.0038 2168 rdbss - ok
18:06:43.0168 2168 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:06:43.0171 2168 RDPCDD - ok
18:06:43.0308 2168 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
18:06:43.0318 2168 rdpdr - ok
18:06:43.0360 2168 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:06:43.0364 2168 RDPENCDD - ok
18:06:43.0450 2168 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:06:43.0459 2168 RDPWD - ok
18:06:43.0545 2168 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
18:06:43.0549 2168 rimmptsk - ok
18:06:43.0674 2168 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
18:06:43.0678 2168 rimsptsk - ok
18:06:43.0726 2168 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
18:06:43.0730 2168 rismxdp - ok
18:06:43.0837 2168 RPSKT - ok
18:06:43.0927 2168 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:06:43.0935 2168 rspndr - ok
18:06:44.0074 2168 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:06:44.0079 2168 sbp2port - ok
18:06:44.0144 2168 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\Windows\system32\drivers\SBREdrv.sys
18:06:44.0149 2168 SBRE - ok
18:06:44.0271 2168 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
18:06:44.0276 2168 sdbus - ok
18:06:44.0339 2168 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:06:44.0342 2168 secdrv - ok
18:06:44.0471 2168 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
18:06:44.0474 2168 Serenum - ok
18:06:44.0524 2168 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:06:44.0529 2168 Serial - ok
18:06:44.0602 2168 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:06:44.0605 2168 sermouse - ok
18:06:44.0707 2168 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
18:06:44.0711 2168 sffdisk - ok
18:06:44.0817 2168 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
18:06:44.0820 2168 sffp_mmc - ok
18:06:44.0879 2168 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:06:44.0883 2168 sffp_sd - ok
18:06:44.0943 2168 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:06:44.0946 2168 sfloppy - ok
18:06:45.0015 2168 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
18:06:45.0019 2168 sisagp - ok
18:06:45.0135 2168 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
18:06:45.0138 2168 SiSRaid2 - ok
18:06:45.0229 2168 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:06:45.0234 2168 SiSRaid4 - ok
18:06:45.0338 2168 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:06:45.0344 2168 Smb - ok
18:06:45.0437 2168 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:06:45.0440 2168 spldr - ok
18:06:45.0550 2168 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:06:45.0573 2168 srv - ok
18:06:45.0774 2168 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:06:45.0779 2168 srv2 - ok
18:06:45.0825 2168 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:06:45.0829 2168 srvnet - ok
18:06:45.0941 2168 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
18:06:45.0952 2168 sscdbus - ok
18:06:46.0088 2168 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
18:06:46.0091 2168 sscdmdfl - ok
18:06:46.0142 2168 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
18:06:46.0146 2168 sscdmdm - ok
18:06:46.0235 2168 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
18:06:46.0239 2168 sscdserd - ok
18:06:46.0419 2168 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys
18:06:46.0431 2168 STHDA - ok
18:06:46.0519 2168 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:06:46.0522 2168 swenum - ok
18:06:46.0626 2168 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:06:46.0629 2168 Symc8xx - ok
18:06:46.0684 2168 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:06:46.0688 2168 Sym_hi - ok
18:06:46.0744 2168 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:06:46.0747 2168 Sym_u3 - ok
18:06:46.0903 2168 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
18:06:47.0004 2168 Tcpip - ok
18:06:47.0248 2168 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
18:06:47.0268 2168 Tcpip6 - ok
18:06:47.0332 2168 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:06:47.0336 2168 tcpipreg - ok
18:06:47.0398 2168 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:06:47.0401 2168 TDPIPE - ok
18:06:47.0448 2168 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:06:47.0452 2168 TDTCP - ok
18:06:47.0574 2168 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:06:47.0578 2168 tdx - ok
18:06:47.0666 2168 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:06:47.0669 2168 TermDD - ok
18:06:47.0788 2168 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:06:47.0792 2168 tssecsrv - ok
18:06:47.0899 2168 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:06:47.0903 2168 tunmp - ok
18:06:47.0978 2168 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:06:47.0984 2168 tunnel - ok
18:06:48.0064 2168 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:06:48.0068 2168 uagp35 - ok
18:06:48.0140 2168 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:06:48.0147 2168 udfs - ok
18:06:48.0242 2168 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
18:06:48.0249 2168 uliagpkx - ok
18:06:48.0304 2168 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:06:48.0314 2168 uliahci - ok
18:06:48.0445 2168 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:06:48.0450 2168 UlSata - ok
18:06:48.0518 2168 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:06:48.0522 2168 ulsata2 - ok
18:06:48.0589 2168 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:06:48.0594 2168 umbus - ok
18:06:48.0737 2168 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
18:06:48.0741 2168 USBAAPL - ok
18:06:48.0816 2168 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
18:06:48.0821 2168 usbaudio - ok
18:06:48.0901 2168 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:06:48.0905 2168 usbccgp - ok
18:06:49.0069 2168 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:06:49.0074 2168 usbcir - ok
18:06:49.0152 2168 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:06:49.0156 2168 usbehci - ok
18:06:49.0215 2168 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:06:49.0222 2168 usbhub - ok
18:06:49.0357 2168 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:06:49.0360 2168 usbohci - ok
18:06:49.0451 2168 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:06:49.0456 2168 usbprint - ok
18:06:49.0562 2168 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:06:49.0566 2168 usbscan - ok
18:06:49.0646 2168 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:06:49.0650 2168 USBSTOR - ok
18:06:49.0720 2168 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:06:49.0724 2168 usbuhci - ok
18:06:49.0829 2168 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:06:49.0835 2168 usbvideo - ok
18:06:49.0907 2168 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
18:06:49.0911 2168 usb_rndisx - ok
18:06:50.0028 2168 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
18:06:50.0031 2168 vga - ok
18:06:50.0110 2168 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:06:50.0116 2168 VgaSave - ok
18:06:50.0176 2168 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
18:06:50.0180 2168 viaagp - ok
18:06:50.0306 2168 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:06:50.0309 2168 ViaC7 - ok
18:06:50.0385 2168 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
18:06:50.0388 2168 viaide - ok
18:06:50.0457 2168 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:06:50.0461 2168 volmgr - ok
18:06:50.0548 2168 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:06:50.0557 2168 volmgrx - ok
18:06:50.0679 2168 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:06:50.0686 2168 volsnap - ok
18:06:50.0842 2168 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:06:50.0848 2168 vsmraid - ok
18:06:51.0006 2168 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:06:51.0008 2168 WacomPen - ok
18:06:51.0077 2168 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:06:51.0081 2168 Wanarp - ok
18:06:51.0102 2168 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:06:51.0105 2168 Wanarpv6 - ok
18:06:51.0263 2168 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:06:51.0266 2168 Wd - ok
18:06:51.0361 2168 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:06:51.0396 2168 Wdf01000 - ok
18:06:51.0619 2168 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:06:51.0654 2168 winachsf - ok
18:06:51.0893 2168 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:06:51.0896 2168 WmiAcpi - ok
18:06:52.0119 2168 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:06:52.0123 2168 WpdUsb - ok
18:06:52.0195 2168 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:06:52.0205 2168 ws2ifsl - ok
18:06:52.0442 2168 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:06:52.0446 2168 WUDFRd - ok
18:06:52.0546 2168 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
18:06:52.0548 2168 XAudio - ok
18:06:52.0648 2168 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:06:52.0692 2168 \Device\Harddisk0\DR0 - ok
18:06:52.0715 2168 Boot (0x1200) (b36b2b1cf28f89c9eb2043708663ea66) \Device\Harddisk0\DR0\Partition0
18:06:52.0739 2168 \Device\Harddisk0\DR0\Partition0 - ok
18:06:52.0750 2168 Boot (0x1200) (bf8884cc45984339a36a4361ad4c2dbd) \Device\Harddisk0\DR0\Partition1
18:06:52.0752 2168 \Device\Harddisk0\DR0\Partition1 - ok
18:06:52.0758 2168 ============================================================
18:06:52.0758 2168 Scan finished
18:06:52.0758 2168 ============================================================
18:06:52.0792 4672 Detected object count: 0
18:06:52.0792 4672 Actual detected object count: 0
 
Hi mnyyoungs,

TDSSKiller looked good. :)
-----------

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Code:
    File::
    c:\windows\system32\c_41644.nl_
    c:\windows\System32\drivers\bpfvii.sys
    c:\windows\system32\ConduitEngine.tmp
    
    Firefox::
    FF - ProfilePath - c:\users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\85q3ua9k.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
    
    RegLock::
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,f0,d9,f8,d9,92,fd,4d,ae,29,ae,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,f0,d9,f8,d9,92,fd,4d,ae,29,ae,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,f0,d9,f8,d9,92,fd,4d,ae,29,ae,\
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    
    RegNull::
    [HKEY_USERS\S-1-5-21-2740605613-3585765697-2305856818-1000\Software\SecuROM\License information*]
    "datasecu"=hex:cb,cc,19,08,d8,6d,2e,40,1a,65,bb,68,0a,b9,d8,3d,ed,1e,80,69,df,
    e9,de,db,27,4a,44,51,86,72,49,6f,cd,da,71,56,3c,29,57,35,4a,5a,58,0d,a3,ce,\
    "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
    
    Driver::
    qgdttjh
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 
Am working on running, as described, but the program has stalled at:

"deleting files"

Does this mean it's done? Please advise.

THANKS!!!!
 
Hi mnyyoungs,

If ComboFix stalls just go ahead and run it again using the instructions I provided before. If you still have problems just let me know. :bigthumb:
 
urg....quick q. should the blue box say anything in it when I've followed your directions re: notebook, disable any clean-ware, and drag note-file into combo fix. I get nadda...blue box opens...cursor bounces...and nothing else...also getting A LOT of spybot notices about changes to the system....no spybot in the tray to disable...so I didn't...but should I be getting notices of system changes, at this point unless it's that bug i've got?
 
Hi mnyyoungs,

I am sorry you are having these troubles. This infection that is on your system is the real-deal so this may take some time.

What I would like for you to do is just uninstall Spybot completely. We can reinstall it later. Go to Control Panel > Programs and Features and then delete Spybot.
------------

Delete your ComboFix icon and then get a fresh copy using the links I provided earlier. Once you get a fresh copy of ComboFix please try to run the cfscript.txt that we created earlier. If you are still having problems let me know. :)
 
Hi Jeff....Combo Fix removed and re-installed after I removed Spybot. I'm still waiting for a log, but the program has been hung up on "Completed Stage__50" for quite some time.

Now as far as my data that i'd like to save from this laptop...since this does not seem to be going well. Would word, excel, powerpoint files, photos and some .exe extensions....be affected by this rootkit that I don't seem to be able to give the bootkick to?

Also, WHO makes these nasty things...do these delinquent masterminds really get what they want when they cause this havoc to people? I mean, really...I believe in Karma, so I'd hope they get "theirs" but besides Karma, does "Big Brother" find them and take them to one of North America's plush prisons? Seriously, WHO does this crap and why?
 
Hi mnyyoungs,

WHO makes these nasty things...do these delinquent masterminds really get what they want when they cause this havoc to people?
LOL!! I have no idea but they do get more creative.

As far as what you should backup, I have been treating this with the idea that ANY .exe should be considered infected throughout the system. Saving photos, music, word documents and such should be just fine but nothing else. Absolutely no .exe files at all though.

If ComboFix has not completed yet, go ahead and reboot then take a look in your C:\ drive and look for the most recent copy of ComboFix.txt and post that into your next reply. :)
 
I've followed the steps you mentioned in your last post. I've followed them and it's still getting hung up at the same place. There is NO Log in the C: drive either.....any further suggestions? Now, if I was using ehemmmm, Adult sites, or opening those incessant emails about how I've won a gazillion dollars from a long lost uncle, I wouldn't be so angry about this computer trauma....but I'm a clean surfer! lol.

I'm afraid to use my click-free to back up my personal files....I wonder if this nasty bug is what caused my external hard drive to give up the fight a few weeks ago....it wasn't that old....garrrrrrr.
 
Hi mnyyoungs,

I wouldn't be so angry about this computer trauma....but I'm a clean surfer! lol.
It is amazing the places that people can pick up these infections. There is just never any way to really tell.

Let's try something different. You will need a jump drive for this next part (or a CD).
  • I want you to delete ComboFix from your desktop.
  • Download a fresh copy of ComboFix to a USB drive from another computer, but before saving it to the USB drive I want you to rename it to svchost.exe.
  • Now transfer it to the infected computer and save it to C:\Windows.
  • Now move the CFScript.txt that you made on your desktop to C:\Windows as well.
  • Drag the cfscript.txt onto svchost.exe and let it run.

If there is a log created post that into your next reply. If you still have problems let me know.
 
Status
Not open for further replies.
Back
Top