Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

get-answers-fast redirects, slow loading vista system


  • Please log in to reply

#1
builder4580

builder4580

    Member

  • Member
  • PipPip
  • 78 posts
I am having issues with Google redirects to either - "get-answers-fast", "gimmeanswers.org", "search-123.com" and maybe others as well. My Windows Vista system is very slow loading programs, and is even slower after downloading Spybot - Search and Destroy. I'm a little leary of uninstalling it as I don't now what changes (if any) it has made to system files. I was getting messages that "ping command has stopped working", but have not had that message for days now. AVG was also displaying "Threat Blocked" messages several times a day, but those too have dissipated. The messages I was getting were:
Threat detected!
12/04/11 1:57pm
Filename: c:\Windows\System32\drivers\dfsc.sys
Threat Name: Trojan horse Hider.OMK
Show Details: Process name: c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Process ID: 7900
************************
Threat detected!
12/04/11 2:40pm
Filename: c:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys
Threat Name: Trojan horse Hider.OMK
******************************************
Threat detected!
12/05/11 12:23pm
Filename: C:\WINDOWS\TEMP\FVLOWQ\SETUP.EXE
******************************
12/15/11 8:47AM
Filename: C:\USERS\CORMACT\APPDATA\ROAMING\PRIVACY.EXE
Threat Name: WIN32:FAKEAV-CRC
*************************

I have also experienced a couple of instances of BSOD and reboot.
I'm not real tech savy, but I can follow most instructions given in layman terms.
I have no idea how I got infected initially. I trade Forex, so I leave my computer on overnight - don't know if anything happened while I was sleeping.

Below is my OTL log - which I ran as Administrator

OTL logfile created on: 1/4/2012 6:17:39 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\cormact\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 31.00% Memory free
6.00 Gb Paging File | 3.00 Gb Available in Paging File | 49.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.31 Gb Total Space | 152.72 Gb Free Space | 69.32% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.81 Gb Free Space | 58.12% Space Free | Partition Type: NTFS

Computer Name: CORMACT-PC | User Name: cormact | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/16 10:19:32 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2011/12/16 10:19:31 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2011/12/06 23:40:15 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\880\g2mstart.exe
PRC - [2011/12/06 23:40:15 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\880\g2mlauncher.exe
PRC - [2011/12/06 23:40:15 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\880\g2mcomm.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/27 09:11:46 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/10 08:08:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/10/05 15:46:52 | 003,578,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2011/10/05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
PRC - [2011/10/05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2011/10/05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/27 11:40:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\cormact\Desktop\OTL.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/06/10 12:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/12/02 12:48:22 | 000,139,264 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\ArcSoft\MediaConverter 4 Platinum\Monitor.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 01:33:19 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
PRC - [2007/09/07 12:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/07 12:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/08/29 15:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/08/28 23:54:58 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/07/20 18:13:26 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/04/16 23:05:52 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
PRC - [2007/04/16 22:55:00 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\psqltray.exe
PRC - [2007/04/16 16:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2006/11/03 17:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 17:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe


========== Modules (SafeList) ==========

MOD - [2011/10/05 15:45:44 | 000,380,808 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDHook32.dll
MOD - [2011/03/27 11:40:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\cormact\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/04/11 00:28:18 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credui.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/10/05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService)
SRV - [2011/10/05 15:45:42 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe -- (SDWSCService)
SRV - [2011/10/05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)
SRV - [2011/10/05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2007/09/07 12:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 15:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/05 15:45:46 | 000,038,504 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys -- (SDHookDriver)
DRV - [2011/10/04 05:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/14 08:59:03 | 000,075,264 | ---- | M] () [File_System | Unknown | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2009/06/16 13:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/07 12:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/28 23:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 23:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/13 03:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/02/28 05:25:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/28 05:25:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/02/28 05:25:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 01:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...E-D302366B6C78}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80126
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2009/12/25 22:13:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2009/12/25 22:16:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 08:36:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/27 09:12:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 08:09:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/16 10:23:18 | 000,000,000 | ---D | M]

[2011/08/29 11:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cormact\AppData\Roaming\Mozilla\Extensions
[2012/01/03 23:32:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\extensions
[2010/06/19 10:53:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/18 10:25:01 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/11/27 17:51:56 | 000,000,000 | ---D | M] (vshare.tv Bar Community Toolbar) -- C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
[2011/11/30 00:35:23 | 000,000,000 | ---D | M] (TenchisTV Community Toolbar) -- C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\extensions\{ece24dcf-8548-4655-b392-47a388721482}
[2012/01/03 23:32:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\extensions\staged
[2011/12/16 10:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/25 07:05:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/10 08:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/12/16 10:20:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/11/10 08:08:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/12/16 10:19:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2011/08/23 20:29:38 | 000,002,506 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
[2011/11/10 08:08:59 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\cormact\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\cormact\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Read EXIF - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] https in Trusted sites)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - SDWinLogon.dll - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Red.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Red.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/02 23:27:00 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{9B462714-650F-448D-9DF6-7DB633F93558}
[2012/01/02 23:26:39 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{5652AC2F-4587-4674-AA15-BB444ACFA734}
[2012/01/02 08:00:09 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{846B23B4-EBE6-41CE-A28A-D93242C87FD5}
[2012/01/01 08:27:37 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{E96E452B-DF95-4EC5-9DA5-834E7748C090}
[2012/01/01 08:27:10 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{0D0F0BA0-FA39-42B8-AA71-A6FE76E0B109}
[2011/12/31 21:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/31 21:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2011/12/31 21:33:24 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2011/12/31 21:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2011/12/31 20:42:03 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\PackageAware
[2011/12/31 09:11:36 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{14460796-B467-4A8A-A333-BC6160A50E19}
[2011/12/31 09:11:23 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{4E64CF22-C644-467C-A163-6D640C6C23E3}
[2011/12/27 08:01:12 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{DB46FA76-63F3-4425-88CB-7B9181725D65}
[2011/12/27 08:01:03 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{D2E0171E-DBDA-4F38-B5E2-B7514EA1DD03}
[2011/12/25 11:17:11 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{298745A9-4573-4D33-B125-32D90C39AA2E}
[2011/12/24 12:48:43 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{EA3208B4-1E01-4697-B715-F630368D5DBE}
[2011/12/23 22:34:13 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{CEFA4BA7-FF72-4C11-A79E-B3BFF7FB78E8}
[2011/12/18 10:22:29 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{E0851EB8-A3B3-4315-9CC3-E7B74CAA28EA}
[2011/12/18 10:22:16 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{7EBE2D1F-FCAC-4D93-B09C-E2B7E6999111}
[2011/12/16 23:59:17 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{7D18A82C-5181-4F55-B37B-CE5C1BD6831C}
[2011/12/16 23:59:03 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{FEBA97C4-A424-4683-ADB8-59805962F393}
[2011/12/16 10:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/16 10:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/15 09:31:58 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{A4C9FBCF-726F-43C6-B329-7C0EE8DAA25A}
[2011/12/15 08:07:48 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{DC2783E3-21DB-4F51-BEB8-1C0B60DC297F}
[2011/12/14 19:39:08 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{083229A2-D9C0-4B22-B282-ED08CB8E0A86}
[2011/12/11 18:50:01 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{458D795A-EB0B-4355-84DF-79AE8F092420}
[2011/12/10 11:32:35 | 000,000,000 | ---D | C] -- C:\Users\cormact\Desktop\Video How to Webinars
[2011/12/08 19:50:49 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\cormact\Desktop\HijackThis.exe
[2011/12/08 08:07:03 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{55164C6D-1394-4DA6-91E0-572CD0C9C5EF}
[2011/12/08 08:06:49 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{1969709F-8DDF-47F3-B8ED-EE089F0EF644}
[2011/12/07 23:46:18 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{C7346DED-42F3-487E-BFBB-90B6BBD72E62}
[2011/12/07 08:09:03 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{6E80117D-B576-4062-8143-FF0276E1A001}
[2011/12/07 08:08:45 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{3DB794E7-A8A5-4C3F-9C8A-A3FFF09F938B}
[2011/12/06 07:43:16 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{E92B7045-4FB5-4D0A-9CDB-01D2C59FB963}
[2011/12/06 07:42:31 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{58C175EE-D401-4E59-B1E6-45172B0E55EB}
[2008/04/30 15:04:31 | 000,008,192 | ---- | C] ( ) -- C:\Windows\System32\cshost.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/04 18:19:01 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/04 18:18:01 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/01/04 17:39:04 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1305091848-4078153160-3836742915-1000UA.job
[2012/01/04 17:19:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 17:19:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 09:22:04 | 085,932,469 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/01/03 23:39:31 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1305091848-4078153160-3836742915-1000Core.job
[2012/01/03 20:22:04 | 000,060,304 | ---- | M] () -- C:\Users\cormact\g2mdlhlpx.exe
[2012/01/03 18:05:22 | 000,476,925 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/01/02 23:55:23 | 000,001,030 | ---- | M] () -- C:\Users\cormact\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012/01/02 23:27:12 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/02 23:27:12 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/02 23:24:05 | 000,114,119 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/01/02 23:20:18 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/01/02 23:19:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/02 23:19:03 | 3219,173,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/02 09:27:06 | 000,012,032 | ---- | M] () -- C:\Users\cormact\Documents\MARKET HOLIDAYS 2012.odt
[2012/01/02 05:32:25 | 328,957,610 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/01 11:47:57 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/01/01 08:15:08 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/01/01 00:15:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/12/31 21:33:30 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2011/12/31 14:58:43 | 000,002,855 | ---- | M] () -- C:\Users\cormact\Desktop\rkill - Shortcut.pif
[2011/12/31 11:44:59 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/27 22:50:22 | 000,000,813 | ---- | M] () -- C:\Users\cormact\Desktop\i_view32 - Shortcut.lnk
[2011/12/27 22:43:41 | 000,000,595 | ---- | M] () -- C:\Users\cormact\Desktop\explorer - Shortcut.lnk
[2011/12/23 08:36:21 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/12/18 03:35:36 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/17 11:40:33 | 000,001,003 | ---- | M] () -- C:\Users\cormact\Desktop\OpenOffice.org.lnk
[2011/12/15 03:29:39 | 000,298,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 08:27:28 | 000,001,396 | ---- | M] () -- C:\Users\cormact\Desktop\notepad - Shortcut.lnk
[2011/12/11 23:03:32 | 000,031,232 | ---- | M] () -- C:\Users\cormact\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/11 12:38:08 | 000,001,180 | -HS- | M] () -- C:\Users\cormact\AppData\Local\vssccn8v5nix1mvd1ytf7e741l7k
[2011/12/11 12:38:08 | 000,001,180 | -HS- | M] () -- C:\ProgramData\vssccn8v5nix1mvd1ytf7e741l7k
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/08 19:50:50 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\cormact\Desktop\HijackThis.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/02 23:55:23 | 000,001,030 | ---- | C] () -- C:\Users\cormact\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012/01/02 09:27:04 | 000,012,032 | ---- | C] () -- C:\Users\cormact\Documents\MARKET HOLIDAYS 2012.odt
[2012/01/01 09:14:27 | 328,957,610 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/31 21:33:44 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/12/31 21:33:44 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/12/31 21:33:43 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/12/31 21:33:30 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2011/12/31 21:33:30 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2011/12/31 14:58:43 | 000,002,855 | ---- | C] () -- C:\Users\cormact\Desktop\rkill - Shortcut.pif
[2011/12/31 11:44:59 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/27 22:50:22 | 000,000,813 | ---- | C] () -- C:\Users\cormact\Desktop\i_view32 - Shortcut.lnk
[2011/12/27 22:43:41 | 000,000,595 | ---- | C] () -- C:\Users\cormact\Desktop\explorer - Shortcut.lnk
[2011/12/17 11:40:33 | 000,001,003 | ---- | C] () -- C:\Users\cormact\Desktop\OpenOffice.org.lnk
[2011/12/13 08:27:06 | 000,001,396 | ---- | C] () -- C:\Users\cormact\Desktop\notepad - Shortcut.lnk
[2011/12/11 12:37:58 | 000,001,180 | -HS- | C] () -- C:\Users\cormact\AppData\Local\vssccn8v5nix1mvd1ytf7e741l7k
[2011/12/11 12:37:58 | 000,001,180 | -HS- | C] () -- C:\ProgramData\vssccn8v5nix1mvd1ytf7e741l7k
[2011/12/04 16:38:29 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2011/12/02 00:01:56 | 000,001,328 | -HS- | C] () -- C:\Users\cormact\AppData\Local\6m72ty5l22j837
[2011/12/02 00:01:56 | 000,001,328 | -HS- | C] () -- C:\ProgramData\6m72ty5l22j837
[2011/12/01 19:44:13 | 000,001,140 | -HS- | C] () -- C:\Users\cormact\AppData\Local\08455368k8t88sw5klh3d8vkse5rhtf0020
[2011/12/01 19:44:13 | 000,001,140 | -HS- | C] () -- C:\ProgramData\08455368k8t88sw5klh3d8vkse5rhtf0020
[2011/09/28 16:11:55 | 000,332,298 | ---- | C] () -- C:\Users\cormact\AppData\Local\fswiv
[2011/08/11 19:02:28 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011/08/11 19:02:27 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2011/08/11 19:02:26 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2011/06/16 16:24:44 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys
[2011/04/20 21:01:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/27 08:50:56 | 000,280,082 | ---- | C] () -- C:\ProgramData\12345.zip
[2010/09/25 23:52:43 | 000,000,271 | ---- | C] () -- C:\Users\cormact\AppData\Roaming\hgksfg.bat
[2009/10/20 18:25:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 18:25:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/01 06:43:00 | 000,116,840 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/04/17 20:33:25 | 000,114,119 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/04/17 20:32:55 | 000,114,119 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/18 23:00:41 | 000,000,680 | ---- | C] () -- C:\Users\cormact\AppData\Local\d3d9caps.dat
[2008/10/16 07:32:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/04 16:32:10 | 000,054,527 | ---- | C] () -- C:\Users\cormact\AppData\Roaming\nvModes.001
[2008/06/29 17:20:11 | 000,054,527 | ---- | C] () -- C:\Users\cormact\AppData\Roaming\nvModes.dat
[2008/05/17 13:41:23 | 000,031,232 | ---- | C] () -- C:\Users\cormact\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/28 16:29:50 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/12/28 16:29:40 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/12/28 08:50:47 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2007/12/28 08:36:23 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/07/25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/10 07:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 13:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,298,008 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011/11/19 22:22:13 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\AmG5sQJ6dKfZhXj
[2011/10/01 08:12:28 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\AVG2012
[2011/08/23 20:29:41 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\Bandoo
[2011/11/19 22:38:35 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\c99hhTXXqjUekBz
[2011/11/19 22:14:09 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\cSSS1iivD
[2011/11/19 22:14:28 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\D2iiDG4aQsW
[2011/09/27 23:23:48 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\DriverFinder
[2011/11/19 22:16:02 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\E4amH5sWJdLgZhX
[2011/05/24 21:06:39 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\Elluminate
[2011/11/10 21:42:05 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\Eltima Software
[2011/11/19 22:27:12 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\F0ycS1ivDoFaHsJ
[2011/07/14 19:19:38 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\FDRLab
[2011/11/05 11:46:42 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\FileZilla
[2011/11/19 22:14:28 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\FZjjYYCwk
[2011/11/19 22:23:57 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\GL9gTZqjYwIrOtP
[2011/11/19 22:16:02 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\gUVelOBtz0c1v2n
[2011/11/19 22:38:44 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\HuuvvD22obFpm5s
[2011/09/17 21:47:12 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\IrfanView
[2011/11/19 22:27:12 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\kEL8gTZqhCkVlBx
[2011/10/19 21:27:26 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\KompoZer
[2011/11/19 22:23:56 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\lcS2ibD3pGaHsKf
[2009/01/24 18:28:46 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\OpenOffice.org
[2009/08/16 21:39:03 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\Participatory Culture Foundation
[2011/03/03 07:52:58 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\PCDr
[2011/05/01 15:48:43 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\PCF-VLC
[2011/11/19 22:38:44 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\sjjUUVelIBtzPyA
[2011/09/18 15:11:13 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\StreamTorrent
[2011/11/19 22:22:13 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\uCelIBrzPyAu
[2010/11/15 21:04:26 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\Uniblue
[2011/08/13 08:52:54 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\uTorrent
[2010/12/04 15:24:00 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\Windows Live Writer
[2011/11/19 22:14:08 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\XjjYYCekIVrzNx0
[2011/12/02 16:13:40 | 000,000,000 | ---D | M] -- C:\Users\cormact\AppData\Roaming\zsWWK77EE9
[2012/01/02 23:20:18 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
[2012/01/03 23:39:31 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1305091848-4078153160-3836742915-1000Core.job
[2012/01/04 17:39:04 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1305091848-4078153160-3836742915-1000UA.job
[2012/01/04 18:19:01 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/01 08:15:08 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/01/01 11:47:57 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
[2012/01/01 00:15:37 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/04 18:18:01 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Welcome to GeeksToGo builder4580,

Quite a bit of malware indications showing in this log. Not so sure about some of what your AVG log shows. One part seems to show it picking up on a driver file during a Malwarebytes scan are monitoring activity, which means it was interfering with that. But I was able to check a copy of that privacy.exe file you log shows, and it is part of a fake, scam security software package. Let's get two other checks in, then start some repairs.

Did OTL create a second log, Extras.Txt? It should be located in the same place as OTL.exe. If so, please post that as well in your next reply.


The system is Vista, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Decline a download of avast itself if offered
  • If avast! antivirus is already installed, go to the dropdown next to AV engine: and select (none)
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

A lot, but comprehensive, and will make sure we get a good view of everything.
  • 0

#3
builder4580

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Hi Jintan,
Thank you so much for your help - I have been trying to get help since Dec 4, 2011 on a couple of other sites
but my posts just disappear. Don't know if I am posting incorrectly, but it has been a frustrating time.

OTL did not appear to generate the file Extras.Txt - at least a search for the file turned up nothing, while the
OTL.txt file downloaded to my desktop.
The OTL program I used was already on my desktop from earlier days. (OTL by OldTimer - Version 3.2.22.3 Folder)
Should I uninstall and re-install a later version? (Is there one?)

GMER - downloaded as this file:
y8w2su0r.exe
296KB - gmer.net

My download popup does not give me an option as to where I want to save to - it seems everything now goes to
"/downloads" automatically. I used to get options as to where I wanted to download - don't know if this has been
changed by malware, or is program specific.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-07 12:48:16
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB01
Running: y8w2su0r.exe; Driver: C:\Users\cormact\AppData\Local\Temp\uwriafoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

I got this far, then ran Scan. The scan ran for maybe a couple of minutes, then crashed.
I re-scanned twice more, with the same result. I saved the Crash details for the 2nd & 3rd crash,
but was unable to save the partial scan log as my on options on the crash popup were to check
online for a solution and close the program, or, close the program.
I believe all my anti-malware, firewall programs are disabled. (AVG for 15 mins!)


Second Crash

Problem signature:
Problem Event Name: APPCRASH
Application Name: y8w2su0r.exe
Application Version: 1.0.15.15641
Application Timestamp: 4e21f2b1
Fault Module Name: y8w2su0r.exe
Fault Module Version: 1.0.15.15641
Fault Module Timestamp: 4e21f2b1
Exception Code: c0000005
Exception Offset: 0000c676
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
Additional Information 1: 7325
Additional Information 2: fe37b6b073701b8a8c03ca7fe5d1f0f5
Additional Information 3: af52
Additional Information 4: 853afec48741d4112a2dcefa78ce1be5

Third Crash

Problem signature:
Problem Event Name: APPCRASH
Application Name: y8w2su0r.exe
Application Version: 1.0.15.15641
Application Timestamp: 4e21f2b1
Fault Module Name: y8w2su0r.exe
Fault Module Version: 1.0.15.15641
Fault Module Timestamp: 4e21f2b1
Exception Code: c0000005
Exception Offset: 0000c676
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
Additional Information 1: 7325
Additional Information 2: fe37b6b073701b8a8c03ca7fe5d1f0f5
Additional Information 3: af52
Additional Information 4: 853afec48741d4112a2dcefa78ce1be5

I am posting what I have to date. I am not downloading aswMBR until I get further instructions from you,
as I suspect I may still have work to do on OTL.

Once again thank you for your help, it is deeply appreciated.

builder4580
  • 0

#4
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Yeah, I hadn't noticed that your OTL copy is pretty dated. For the remainder of our repairs, please delete any older tool files, and do the new downloads.

Please disable security programs permanently/until you re-enable it, if that option is available. They have done what they can, and for now, can only serve to interfere with repairs (as AVG already did with your Malwarebytes scan).


Right off see if you can access Safe Mode, where the malware is less active. At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear.

Just to be sure on ping, open Task Manager (press Ctrl - Alt - Delete), right click ping.exe, and select End Process. Then before closing Task Manager, watch for a second just to see if it restarts - let me know here in your next reply on that. May not show in Safe Mode though, which is fine.

Go ahead then and do the aswMBR step, and post that log please.
  • 0

#5
builder4580

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Feeling kind of naked!!!
Couldn't disable MalwareBytes, AVG, or Spybot S&D so uninstalled all three!

ping.exe was not listed in TaskManager Processes (nor Services)

Here is my aswMbr log:

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-08 22:36:41
-----------------------------
22:36:41.328 OS Version: Windows 6.0.6002 Service Pack 2
22:36:41.328 Number of processors: 2 586 0xF0B
22:36:41.328 ComputerName: CORMACT-PC UserName: cormact
22:37:12.700 Initialize success
22:38:04.851 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:38:04.851 Disk 0 Vendor: TOSHIBA_ LB01 Size: 238475MB BusType: 3
22:38:04.866 Disk 0 MBR read successfully
22:38:04.866 Disk 0 MBR scan
22:38:04.866 Disk 0 Windows VISTA default MBR code
22:38:04.882 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
22:38:04.898 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 161792
22:38:04.913 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 225595 MB offset 21133312
22:38:04.929 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 483151872
22:38:04.991 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 483153920
22:38:04.991 Disk 0 scanning sectors +488394752
22:38:05.054 Disk 0 scanning C:\Windows\system32\drivers
22:38:09.890 File: C:\Windows\system32\drivers\dfsc.sys **SUSPICIOUS**
22:38:17.830 Disk 0 trace - called modules:
22:38:18.407 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89107f10]<<
22:38:18.423 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861384a0]
22:38:18.423 3 CLASSPNP.SYS[8a99f8b3] -> nt!IofCallDriver -> [0x89058340]
22:38:18.454 \Driver\00000754[0x89058478] -> IRP_MJ_CREATE -> 0x89107f10
22:38:18.454 Scan finished successfully
22:39:09.778 Disk 0 MBR has been saved successfully to "C:\Users\cormact\Documents\MBR.dat"
22:39:09.794 The log file has been saved successfully to "C:\Users\cormact\Documents\aswMBR.txt"


Another problem I am having, that I haven't mentioned is that when I turn my computer off, then turn it on again
(or if I do a reboot) I lose my internet connection. I have to turn off my modem, unplug it for 10 secs, then
plug it in again and turn on my modem. I then stay connected till I turn it off again (or get a BSOD).
Now in safe mode, I am losing my connection about every 5 mins it seems.

Once again, thanks for your help.
builder4580
  • 0

#6
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Still in Safe Mode, click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot if requested.

When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please.

--------

Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
  • 0

#7
builder4580

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Could not access internet in "safe mode with networking", so rebooted into windows regular
and downloaded and ran TDSSKiller. Didn't get an option to rename, so this log is from filename
TDSSKiller. Will do the same for ConboFix

Log attached:
21:04:58.0348 4888 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
21:04:58.0850 4888 ============================================================
21:04:58.0850 4888 Current date / time: 2012/01/09 21:04:58.0850
21:04:58.0850 4888 SystemInfo:
21:04:58.0851 4888
21:04:58.0851 4888 OS Version: 6.0.6002 ServicePack: 2.0
21:04:58.0851 4888 Product type: Workstation
21:04:58.0851 4888 ComputerName: CORMACT-PC
21:04:58.0851 4888 UserName: cormact
21:04:58.0851 4888 Windows directory: C:\Windows
21:04:58.0851 4888 System windows directory: C:\Windows
21:04:58.0851 4888 Processor architecture: Intel x86
21:04:58.0851 4888 Number of processors: 2
21:04:58.0851 4888 Page size: 0x1000
21:04:58.0851 4888 Boot type: Normal boot
21:04:58.0851 4888 ============================================================
21:04:59.0533 4888 Initialize success
21:05:37.0338 5116 ============================================================
21:05:37.0338 5116 Scan started
21:05:37.0338 5116 Mode: Manual;
21:05:37.0338 5116 ============================================================
21:05:38.0841 5116 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:05:38.0845 5116 ACPI - ok
21:05:38.0989 5116 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:05:38.0997 5116 adp94xx - ok
21:05:39.0126 5116 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:05:39.0133 5116 adpahci - ok
21:05:39.0163 5116 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:05:39.0166 5116 adpu160m - ok
21:05:39.0289 5116 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:05:39.0293 5116 adpu320 - ok
21:05:39.0446 5116 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:05:39.0450 5116 AFD - ok
21:05:39.0538 5116 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
21:05:39.0541 5116 agp440 - ok
21:05:39.0654 5116 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:05:39.0658 5116 aic78xx - ok
21:05:39.0720 5116 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
21:05:39.0721 5116 aliide - ok
21:05:39.0840 5116 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
21:05:39.0841 5116 amdagp - ok
21:05:39.0876 5116 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
21:05:39.0878 5116 amdide - ok
21:05:40.0004 5116 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:05:40.0005 5116 AmdK7 - ok
21:05:40.0038 5116 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:05:40.0040 5116 AmdK8 - ok
21:05:40.0102 5116 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:05:40.0104 5116 arc - ok
21:05:40.0209 5116 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:05:40.0211 5116 arcsas - ok
21:05:40.0290 5116 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:05:40.0291 5116 AsyncMac - ok
21:05:40.0378 5116 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:05:40.0379 5116 atapi - ok
21:05:40.0494 5116 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:05:40.0496 5116 b57nd60x - ok
21:05:40.0640 5116 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:05:40.0641 5116 Beep - ok
21:05:40.0666 5116 blbdrive - ok
21:05:40.0719 5116 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:05:40.0720 5116 bowser - ok
21:05:40.0867 5116 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:05:40.0868 5116 BrFiltLo - ok
21:05:40.0904 5116 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:05:40.0906 5116 BrFiltUp - ok
21:05:41.0053 5116 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:05:41.0056 5116 Brserid - ok
21:05:41.0078 5116 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:05:41.0080 5116 BrSerWdm - ok
21:05:41.0112 5116 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:05:41.0114 5116 BrUsbMdm - ok
21:05:41.0145 5116 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:05:41.0147 5116 BrUsbSer - ok
21:05:41.0275 5116 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
21:05:41.0275 5116 BthEnum - ok
21:05:41.0319 5116 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:05:41.0322 5116 BTHMODEM - ok
21:05:41.0488 5116 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
21:05:41.0490 5116 BthPan - ok
21:05:41.0582 5116 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
21:05:41.0590 5116 BTHPORT - ok
21:05:41.0724 5116 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
21:05:41.0726 5116 BTHUSB - ok
21:05:41.0864 5116 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
21:05:41.0866 5116 btwaudio - ok
21:05:41.0889 5116 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
21:05:41.0891 5116 btwavdt - ok
21:05:42.0041 5116 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
21:05:42.0042 5116 btwrchid - ok
21:05:42.0099 5116 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:05:42.0101 5116 cdfs - ok
21:05:42.0192 5116 cdrom - ok
21:05:42.0241 5116 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:05:42.0242 5116 circlass - ok
21:05:42.0277 5116 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:05:42.0279 5116 CLFS - ok
21:05:42.0417 5116 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:05:42.0418 5116 CmBatt - ok
21:05:42.0529 5116 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
21:05:42.0530 5116 cmdide - ok
21:05:42.0569 5116 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:05:42.0570 5116 Compbatt - ok
21:05:42.0653 5116 cpuz134 - ok
21:05:42.0726 5116 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:05:42.0727 5116 crcdisk - ok
21:05:42.0756 5116 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:05:42.0758 5116 Crusoe - ok
21:05:42.0883 5116 DfsC (5824c3b2d41f7d756c82112ca2a821b1) C:\Windows\system32\Drivers\dfsc.sys
21:05:42.0883 5116 Suspicious file (Forged): C:\Windows\system32\Drivers\dfsc.sys. Real md5: 5824c3b2d41f7d756c82112ca2a821b1, Fake md5: 622c41a07ca7e6dd91770f50d532cb6c
21:05:42.0884 5116 DfsC ( Rootkit.Win32.ZAccess.k ) - infected
21:05:42.0884 5116 DfsC - detected Rootkit.Win32.ZAccess.k (0)
21:05:43.0012 5116 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:05:43.0013 5116 disk - ok
21:05:43.0094 5116 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:05:43.0095 5116 drmkaud - ok
21:05:43.0242 5116 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:05:43.0251 5116 DXGKrnl - ok
21:05:43.0304 5116 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
21:05:43.0308 5116 e1express - ok
21:05:43.0426 5116 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:05:43.0428 5116 E1G60 - ok
21:05:43.0515 5116 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:05:43.0517 5116 Ecache - ok
21:05:43.0638 5116 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:05:43.0645 5116 elxstor - ok
21:05:43.0747 5116 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:05:43.0750 5116 exfat - ok
21:05:43.0863 5116 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:05:43.0866 5116 fastfat - ok
21:05:43.0939 5116 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:05:43.0940 5116 fdc - ok
21:05:44.0056 5116 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:05:44.0057 5116 FileInfo - ok
21:05:44.0146 5116 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:05:44.0148 5116 Filetrace - ok
21:05:44.0235 5116 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:05:44.0237 5116 flpydisk - ok
21:05:44.0283 5116 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:05:44.0286 5116 FltMgr - ok
21:05:44.0476 5116 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:05:44.0478 5116 Fs_Rec - ok
21:05:44.0542 5116 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:05:44.0545 5116 gagp30kx - ok
21:05:44.0659 5116 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:05:44.0663 5116 HDAudBus - ok
21:05:44.0702 5116 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:05:44.0703 5116 HidBth - ok
21:05:44.0797 5116 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:05:44.0798 5116 HidIr - ok
21:05:44.0841 5116 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:05:44.0842 5116 HidUsb - ok
21:05:44.0947 5116 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:05:44.0948 5116 HpCISSs - ok
21:05:45.0003 5116 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:05:45.0006 5116 HTTP - ok
21:05:45.0139 5116 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:05:45.0140 5116 i2omp - ok
21:05:45.0209 5116 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:05:45.0210 5116 i8042prt - ok
21:05:45.0338 5116 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
21:05:45.0340 5116 iaStor - ok
21:05:45.0403 5116 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:05:45.0405 5116 iaStorV - ok
21:05:45.0506 5116 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:05:45.0507 5116 iirsp - ok
21:05:45.0645 5116 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
21:05:45.0646 5116 intelide - ok
21:05:45.0700 5116 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:05:45.0701 5116 intelppm - ok
21:05:45.0842 5116 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:05:45.0843 5116 IpFilterDriver - ok
21:05:45.0854 5116 IpInIp - ok
21:05:45.0905 5116 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:05:45.0908 5116 IPMIDRV - ok
21:05:46.0033 5116 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:05:46.0036 5116 IPNAT - ok
21:05:46.0099 5116 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:05:46.0100 5116 IRENUM - ok
21:05:46.0216 5116 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
21:05:46.0218 5116 isapnp - ok
21:05:46.0265 5116 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:05:46.0268 5116 iScsiPrt - ok
21:05:46.0382 5116 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:05:46.0384 5116 iteatapi - ok
21:05:46.0408 5116 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:05:46.0410 5116 iteraid - ok
21:05:46.0469 5116 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:05:46.0471 5116 kbdclass - ok
21:05:46.0590 5116 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:05:46.0592 5116 kbdhid - ok
21:05:46.0670 5116 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:05:46.0677 5116 KSecDD - ok
21:05:46.0824 5116 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:05:46.0825 5116 lltdio - ok
21:05:46.0864 5116 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:05:46.0866 5116 LSI_FC - ok
21:05:46.0985 5116 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:05:46.0986 5116 LSI_SAS - ok
21:05:47.0068 5116 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:05:47.0070 5116 LSI_SCSI - ok
21:05:47.0209 5116 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:05:47.0210 5116 luafv - ok
21:05:47.0246 5116 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:05:47.0247 5116 megasas - ok
21:05:47.0309 5116 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:05:47.0310 5116 Modem - ok
21:05:47.0439 5116 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:05:47.0439 5116 monitor - ok
21:05:47.0491 5116 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:05:47.0492 5116 mouclass - ok
21:05:47.0537 5116 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:05:47.0538 5116 mouhid - ok
21:05:47.0640 5116 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:05:47.0642 5116 MountMgr - ok
21:05:47.0732 5116 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:05:47.0734 5116 mpio - ok
21:05:47.0825 5116 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:05:47.0826 5116 mpsdrv - ok
21:05:47.0851 5116 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:05:47.0853 5116 Mraid35x - ok
21:05:47.0903 5116 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:05:47.0906 5116 MRxDAV - ok
21:05:48.0005 5116 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:05:48.0007 5116 mrxsmb - ok
21:05:48.0068 5116 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:05:48.0071 5116 mrxsmb10 - ok
21:05:48.0111 5116 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:05:48.0112 5116 mrxsmb20 - ok
21:05:48.0187 5116 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
21:05:48.0189 5116 msahci - ok
21:05:48.0267 5116 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:05:48.0270 5116 msdsm - ok
21:05:48.0317 5116 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:05:48.0319 5116 Msfs - ok
21:05:48.0461 5116 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:05:48.0462 5116 msisadrv - ok
21:05:48.0552 5116 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:05:48.0554 5116 MSKSSRV - ok
21:05:48.0705 5116 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:05:48.0707 5116 MSPCLOCK - ok
21:05:48.0751 5116 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:05:48.0753 5116 MSPQM - ok
21:05:48.0876 5116 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:05:48.0882 5116 MsRPC - ok
21:05:48.0925 5116 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:05:48.0926 5116 mssmbios - ok
21:05:49.0067 5116 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:05:49.0070 5116 MSTEE - ok
21:05:49.0091 5116 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:05:49.0093 5116 Mup - ok
21:05:49.0241 5116 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:05:49.0244 5116 NativeWifiP - ok
21:05:49.0339 5116 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:05:49.0347 5116 NDIS - ok
21:05:49.0503 5116 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:05:49.0505 5116 NdisTapi - ok
21:05:49.0545 5116 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:05:49.0546 5116 Ndisuio - ok
21:05:49.0602 5116 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:05:49.0604 5116 NdisWan - ok
21:05:49.0745 5116 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:05:49.0747 5116 NDProxy - ok
21:05:49.0894 5116 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:05:49.0896 5116 NetBIOS - ok
21:05:49.0952 5116 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:05:49.0955 5116 netbt - ok
21:05:50.0225 5116 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
21:05:50.0266 5116 NETw4v32 - ok
21:05:50.0399 5116 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:05:50.0402 5116 nfrd960 - ok
21:05:50.0447 5116 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:05:50.0449 5116 Npfs - ok
21:05:50.0571 5116 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:05:50.0573 5116 nsiproxy - ok
21:05:50.0642 5116 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:05:50.0667 5116 Ntfs - ok
21:05:50.0774 5116 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:05:50.0776 5116 ntrigdigi - ok
21:05:50.0829 5116 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:05:50.0830 5116 Null - ok
21:05:51.0284 5116 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:05:51.0529 5116 nvlddmkm - ok
21:05:51.0639 5116 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:05:51.0641 5116 nvraid - ok
21:05:51.0657 5116 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:05:51.0659 5116 nvstor - ok
21:05:51.0774 5116 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
21:05:51.0776 5116 nv_agp - ok
21:05:51.0784 5116 NwlnkFlt - ok
21:05:51.0794 5116 NwlnkFwd - ok
21:05:51.0831 5116 OEM02Dev (9d20fa5d8875f6063aa5e1c44446f698) C:\Windows\system32\DRIVERS\OEM02Dev.sys
21:05:51.0833 5116 OEM02Dev - ok
21:05:51.0923 5116 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
21:05:51.0924 5116 OEM02Vfx - ok
21:05:51.0975 5116 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:05:51.0976 5116 ohci1394 - ok
21:05:52.0082 5116 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:05:52.0084 5116 Parport - ok
21:05:52.0144 5116 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:05:52.0145 5116 partmgr - ok
21:05:52.0250 5116 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:05:52.0251 5116 Parvdm - ok
21:05:52.0278 5116 PcdrNdisuio - ok
21:05:52.0337 5116 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:05:52.0339 5116 pci - ok
21:05:52.0452 5116 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:05:52.0453 5116 pciide - ok
21:05:52.0484 5116 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:05:52.0488 5116 pcmcia - ok
21:05:52.0660 5116 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:05:52.0667 5116 PEAUTH - ok
21:05:52.0839 5116 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:05:52.0840 5116 PptpMiniport - ok
21:05:52.0871 5116 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:05:52.0873 5116 Processor - ok
21:05:53.0004 5116 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:05:53.0006 5116 PSched - ok
21:05:53.0066 5116 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
21:05:53.0067 5116 PxHelp20 - ok
21:05:53.0208 5116 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:05:53.0229 5116 ql2300 - ok
21:05:53.0343 5116 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:05:53.0348 5116 ql40xx - ok
21:05:53.0414 5116 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:05:53.0416 5116 QWAVEdrv - ok
21:05:53.0600 5116 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
21:05:53.0651 5116 R300 - ok
21:05:53.0832 5116 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:05:53.0832 5116 RasAcd - ok
21:05:53.0889 5116 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:05:53.0889 5116 Rasl2tp - ok
21:05:53.0976 5116 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:05:53.0976 5116 RasPppoe - ok
21:05:54.0024 5116 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:05:54.0025 5116 RasSstp - ok
21:05:54.0151 5116 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:05:54.0153 5116 rdbss - ok
21:05:54.0197 5116 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:05:54.0198 5116 RDPCDD - ok
21:05:54.0251 5116 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
21:05:54.0255 5116 rdpdr - ok
21:05:54.0353 5116 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:05:54.0353 5116 RDPENCDD - ok
21:05:54.0398 5116 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:05:54.0401 5116 RDPWD - ok
21:05:54.0520 5116 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
21:05:54.0521 5116 RFCOMM - ok
21:05:54.0561 5116 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
21:05:54.0563 5116 rimmptsk - ok
21:05:54.0684 5116 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
21:05:54.0685 5116 rimsptsk - ok
21:05:54.0717 5116 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:05:54.0718 5116 rismxdp - ok
21:05:54.0792 5116 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:05:54.0793 5116 rspndr - ok
21:05:54.0896 5116 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:05:54.0899 5116 sbp2port - ok
21:05:54.0948 5116 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
21:05:54.0949 5116 sdbus - ok
21:05:55.0061 5116 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:05:55.0062 5116 secdrv - ok
21:05:55.0108 5116 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:05:55.0110 5116 Serenum - ok
21:05:55.0156 5116 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:05:55.0159 5116 Serial - ok
21:05:55.0290 5116 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:05:55.0292 5116 sermouse - ok
21:05:55.0347 5116 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
21:05:55.0349 5116 sffdisk - ok
21:05:55.0441 5116 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
21:05:55.0464 5116 sffp_mmc - ok
21:05:55.0484 5116 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
21:05:55.0486 5116 sffp_sd - ok
21:05:55.0552 5116 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:05:55.0554 5116 sfloppy - ok
21:05:55.0653 5116 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
21:05:55.0656 5116 sisagp - ok
21:05:55.0701 5116 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:05:55.0704 5116 SiSRaid2 - ok
21:05:55.0813 5116 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:05:55.0817 5116 SiSRaid4 - ok
21:05:55.0883 5116 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:05:55.0885 5116 Smb - ok
21:05:56.0018 5116 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:05:56.0020 5116 spldr - ok
21:05:56.0106 5116 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:05:56.0112 5116 srv - ok
21:05:56.0223 5116 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:05:56.0224 5116 srv2 - ok
21:05:56.0251 5116 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:05:56.0252 5116 srvnet - ok
21:05:56.0394 5116 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys
21:05:56.0396 5116 STHDA - ok
21:05:56.0451 5116 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:05:56.0452 5116 swenum - ok
21:05:56.0558 5116 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:05:56.0582 5116 Symc8xx - ok
21:05:56.0609 5116 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:05:56.0610 5116 Sym_hi - ok
21:05:56.0728 5116 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:05:56.0729 5116 Sym_u3 - ok
21:05:56.0860 5116 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys
21:05:56.0863 5116 SynTP - ok
21:05:56.0943 5116 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:05:56.0949 5116 Tcpip - ok
21:05:57.0089 5116 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:05:57.0094 5116 Tcpip6 - ok
21:05:57.0224 5116 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:05:57.0225 5116 tcpipreg - ok
21:05:57.0280 5116 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys
21:05:57.0282 5116 TcUsb - ok
21:05:57.0405 5116 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:05:57.0407 5116 TDPIPE - ok
21:05:57.0438 5116 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:05:57.0439 5116 TDTCP - ok
21:05:57.0552 5116 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:05:57.0553 5116 tdx - ok
21:05:57.0607 5116 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:05:57.0608 5116 TermDD - ok
21:05:57.0743 5116 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:05:57.0745 5116 tssecsrv - ok
21:05:57.0810 5116 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:05:57.0811 5116 tunmp - ok
21:05:57.0936 5116 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:05:57.0937 5116 tunnel - ok
21:05:57.0972 5116 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:05:57.0974 5116 uagp35 - ok
21:05:58.0104 5116 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:05:58.0110 5116 udfs - ok
21:05:58.0199 5116 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
21:05:58.0201 5116 uliagpkx - ok
21:05:58.0378 5116 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:05:58.0384 5116 uliahci - ok
21:05:58.0422 5116 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:05:58.0424 5116 UlSata - ok
21:05:58.0532 5116 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:05:58.0534 5116 ulsata2 - ok
21:05:58.0594 5116 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:05:58.0595 5116 umbus - ok
21:05:58.0745 5116 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:05:58.0747 5116 usbaudio - ok
21:05:58.0798 5116 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:05:58.0799 5116 usbccgp - ok
21:05:58.0916 5116 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:05:58.0919 5116 usbcir - ok
21:05:58.0979 5116 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:05:58.0980 5116 usbehci - ok
21:05:59.0173 5116 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:05:59.0174 5116 usbhub - ok
21:05:59.0258 5116 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:05:59.0259 5116 usbohci - ok
21:05:59.0413 5116 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:05:59.0414 5116 usbprint - ok
21:05:59.0460 5116 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:05:59.0462 5116 USBSTOR - ok
21:05:59.0563 5116 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:05:59.0564 5116 usbuhci - ok
21:05:59.0638 5116 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:05:59.0661 5116 vga - ok
21:05:59.0759 5116 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:05:59.0760 5116 VgaSave - ok
21:05:59.0820 5116 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
21:05:59.0821 5116 viaagp - ok
21:05:59.0858 5116 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:05:59.0859 5116 ViaC7 - ok
21:05:59.0937 5116 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
21:05:59.0939 5116 viaide - ok
21:06:00.0054 5116 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:06:00.0056 5116 volmgr - ok
21:06:00.0143 5116 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:06:00.0157 5116 volmgrx - ok
21:06:00.0237 5116 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:06:00.0239 5116 volsnap - ok
21:06:00.0330 5116 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:06:00.0333 5116 vsmraid - ok
21:06:00.0394 5116 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:06:00.0396 5116 WacomPen - ok
21:06:00.0500 5116 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:06:00.0501 5116 Wanarp - ok
21:06:00.0513 5116 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:06:00.0514 5116 Wanarpv6 - ok
21:06:00.0593 5116 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:06:00.0594 5116 Wd - ok
21:06:00.0712 5116 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:06:00.0716 5116 Wdf01000 - ok
21:06:00.0909 5116 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:06:00.0910 5116 WmiAcpi - ok
21:06:00.0973 5116 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:06:00.0975 5116 ws2ifsl - ok
21:06:01.0125 5116 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:06:01.0130 5116 WUDFRd - ok
21:06:01.0175 5116 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:06:01.0246 5116 \Device\Harddisk0\DR0 - ok
21:06:01.0260 5116 Boot (0x1200) (cc06d38a4d9080b0eb42f866591bf709) \Device\Harddisk0\DR0\Partition0
21:06:01.0261 5116 \Device\Harddisk0\DR0\Partition0 - ok
21:06:01.0265 5116 Boot (0x1200) (95fcf421605db8d7e89666e2b3a5d36d) \Device\Harddisk0\DR0\Partition1
21:06:01.0266 5116 \Device\Harddisk0\DR0\Partition1 - ok
21:06:01.0267 5116 ============================================================
21:06:01.0267 5116 Scan finished
21:06:01.0267 5116 ============================================================
21:06:01.0279 1352 Detected object count: 1
21:06:01.0279 1352 Actual detected object count: 1
21:08:16.0765 1352 Backup copy not found, trying to cure infected file..
21:08:16.0785 1352 Cure success, using it..
21:08:16.0942 1352 C:\Windows\system32\Drivers\dfsc.sys - will be cured on reboot
21:08:23.0922 1352 DfsC ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
21:08:33.0487 5396 Deinitialize success
  • 0

#8
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
There's your Internet problem - ZAccess bootkit. Good, let's see what ComboFix finds as well.
  • 0

#9
builder4580

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
ComboFix is telling me that AVG Antivirus 2012 is active and that running combofix
will result in unpredictable results.
I uninstalled AVG yesterday, together with MBAM and SBotS&D.
A system search for AVG returns nothing.
Should I just OK through the warnings?


Warning!!
ComboFix has detected the following real time scanner(s) to be active

Antivirus: AVG Anti-Virus Free Edition 2012
Antispyware: AVG Anti-Virus Free Edition 2012

Antivirus and intrusion prevention programs are known to interfere
with ComboFix's running. This may lead to unpredictable results or
possible machine damage.

Please disable these scanners before clicking OK
  • 0

#10
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
It should be okay - go ahead and click Okay and allow it to run the can.
  • 0

Advertisements


#11
builder4580

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Tried to run ComboFix in safe mode twice.
First time the run panel showed:
Scanning for infested files
This typically doesn't take more than 10 minutes
However scan times for badly infected machines
may easily double.
SED: -e expression #1, char 10: bad escape sequence
SED: -e expression #1, char 10: bad escape sequence

I quit the program after 1hr10mins, then re-ran it and let it run for 5 hrs.
same result, but without the last 2 lines (SED: etc)

Rebooted and got a popup message
The recycle bin on C:\ is corrupted
Do you want to empty the recycle bin for this drive
yes/no

I clicked yes and rebooted to regular windows.
Everything seems ok for now - Earlier AVG warning does not seem to have effected anything,
No sign of C:\ComboFix.txt
  • 0

#12
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Please run TDSSKiller again, then a new aswMBR scan, and post those logs. If they show clean we'll go back to check OTL again, but let's check first.
  • 0

#13
builder4580

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Ran TDSSKiller OK, then ran aswMBR -scan ran through "modules scanning" then I got a BSOD.
Rebooted and ran aswMBR again. Scan completed without issues this time. Logs below

22:15:42.0755 4804 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
22:15:43.0176 4804 ============================================================
22:15:43.0176 4804 Current date / time: 2012/01/10 22:15:43.0176
22:15:43.0176 4804 SystemInfo:
22:15:43.0176 4804
22:15:43.0176 4804 OS Version: 6.0.6002 ServicePack: 2.0
22:15:43.0176 4804 Product type: Workstation
22:15:43.0176 4804 ComputerName: CORMACT-PC
22:15:43.0176 4804 UserName: cormact
22:15:43.0176 4804 Windows directory: C:\Windows
22:15:43.0176 4804 System windows directory: C:\Windows
22:15:43.0176 4804 Processor architecture: Intel x86
22:15:43.0176 4804 Number of processors: 2
22:15:43.0176 4804 Page size: 0x1000
22:15:43.0176 4804 Boot type: Normal boot
22:15:43.0176 4804 ============================================================
22:15:43.0800 4804 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000, SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
22:15:44.0050 4804 Initialize success
22:16:12.0832 5164 ============================================================
22:16:12.0832 5164 Scan started
22:16:12.0832 5164 Mode: Manual;
22:16:12.0832 5164 ============================================================
22:16:14.0470 5164 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:16:14.0485 5164 ACPI - ok
22:16:14.0797 5164 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:16:14.0797 5164 adp94xx - ok
22:16:14.0953 5164 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:16:14.0969 5164 adpahci - ok
22:16:15.0234 5164 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:16:15.0234 5164 adpu160m - ok
22:16:15.0375 5164 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:16:15.0375 5164 adpu320 - ok
22:16:15.0609 5164 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:16:15.0609 5164 AFD - ok
22:16:15.0733 5164 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
22:16:15.0749 5164 agp440 - ok
22:16:15.0796 5164 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:16:15.0796 5164 aic78xx - ok
22:16:15.0967 5164 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
22:16:15.0967 5164 aliide - ok
22:16:16.0155 5164 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
22:16:16.0155 5164 amdagp - ok
22:16:16.0201 5164 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
22:16:16.0201 5164 amdide - ok
22:16:16.0467 5164 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:16:16.0467 5164 AmdK7 - ok
22:16:16.0685 5164 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
22:16:16.0685 5164 AmdK8 - ok
22:16:16.0935 5164 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:16:16.0935 5164 arc - ok
22:16:17.0106 5164 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:16:17.0106 5164 arcsas - ok
22:16:17.0293 5164 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:16:17.0293 5164 AsyncMac - ok
22:16:17.0418 5164 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:16:17.0418 5164 atapi - ok
22:16:17.0668 5164 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:16:17.0668 5164 b57nd60x - ok
22:16:17.0933 5164 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:16:17.0933 5164 Beep - ok
22:16:18.0136 5164 blbdrive - ok
22:16:18.0214 5164 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:16:18.0229 5164 bowser - ok
22:16:18.0510 5164 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:16:18.0510 5164 BrFiltLo - ok
22:16:18.0635 5164 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:16:18.0635 5164 BrFiltUp - ok
22:16:18.0791 5164 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:16:18.0791 5164 Brserid - ok
22:16:18.0978 5164 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:16:18.0978 5164 BrSerWdm - ok
22:16:19.0119 5164 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:16:19.0119 5164 BrUsbMdm - ok
22:16:19.0275 5164 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:16:19.0275 5164 BrUsbSer - ok
22:16:19.0727 5164 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
22:16:19.0774 5164 BthEnum - ok
22:16:20.0554 5164 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:16:20.0554 5164 BTHMODEM - ok
22:16:20.0725 5164 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
22:16:20.0741 5164 BthPan - ok
22:16:21.0069 5164 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
22:16:21.0084 5164 BTHPORT - ok
22:16:21.0256 5164 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
22:16:21.0256 5164 BTHUSB - ok
22:16:21.0459 5164 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
22:16:21.0459 5164 btwaudio - ok
22:16:21.0474 5164 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
22:16:21.0474 5164 btwavdt - ok
22:16:21.0724 5164 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
22:16:21.0739 5164 btwrchid - ok
22:16:21.0833 5164 catchme - ok
22:16:21.0942 5164 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:16:21.0942 5164 cdfs - ok
22:16:22.0098 5164 cdrom - ok
22:16:22.0192 5164 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
22:16:22.0207 5164 circlass - ok
22:16:22.0301 5164 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:16:22.0301 5164 CLFS - ok
22:16:22.0457 5164 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:16:22.0457 5164 CmBatt - ok
22:16:22.0551 5164 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
22:16:22.0551 5164 cmdide - ok
22:16:22.0722 5164 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:16:22.0722 5164 Compbatt - ok
22:16:22.0816 5164 cpuz134 - ok
22:16:22.0956 5164 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:16:22.0956 5164 crcdisk - ok
22:16:23.0050 5164 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:16:23.0050 5164 Crusoe - ok
22:16:23.0190 5164 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:16:23.0190 5164 DfsC - ok
22:16:23.0455 5164 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:16:23.0455 5164 disk - ok
22:16:24.0189 5164 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:16:24.0189 5164 drmkaud - ok
22:16:24.0797 5164 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:16:24.0813 5164 DXGKrnl - ok
22:16:24.0969 5164 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
22:16:24.0984 5164 e1express - ok
22:16:25.0156 5164 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:16:25.0156 5164 E1G60 - ok
22:16:25.0359 5164 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:16:25.0359 5164 Ecache - ok
22:16:25.0593 5164 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:16:25.0593 5164 elxstor - ok
22:16:25.0889 5164 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:16:25.0905 5164 exfat - ok
22:16:26.0076 5164 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:16:26.0076 5164 fastfat - ok
22:16:26.0357 5164 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:16:26.0357 5164 fdc - ok
22:16:26.0653 5164 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:16:26.0653 5164 FileInfo - ok
22:16:26.0965 5164 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:16:26.0965 5164 Filetrace - ok
22:16:27.0153 5164 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:16:27.0153 5164 flpydisk - ok
22:16:27.0246 5164 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:16:27.0262 5164 FltMgr - ok
22:16:27.0433 5164 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:16:27.0433 5164 Fs_Rec - ok
22:16:27.0480 5164 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:16:27.0496 5164 gagp30kx - ok
22:16:27.0683 5164 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:16:27.0683 5164 HDAudBus - ok
22:16:27.0855 5164 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:16:27.0855 5164 HidBth - ok
22:16:27.0948 5164 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:16:27.0964 5164 HidIr - ok
22:16:28.0229 5164 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:16:28.0229 5164 HidUsb - ok
22:16:28.0463 5164 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:16:28.0463 5164 HpCISSs - ok
22:16:28.0650 5164 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:16:28.0666 5164 HTTP - ok
22:16:28.0759 5164 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:16:28.0759 5164 i2omp - ok
22:16:28.0947 5164 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:16:28.0947 5164 i8042prt - ok
22:16:28.0993 5164 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
22:16:29.0009 5164 iaStor - ok
22:16:29.0368 5164 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:16:29.0368 5164 iaStorV - ok
22:16:29.0617 5164 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:16:29.0617 5164 iirsp - ok
22:16:29.0742 5164 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
22:16:29.0742 5164 intelide - ok
22:16:29.0836 5164 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:16:29.0836 5164 intelppm - ok
22:16:30.0054 5164 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:16:30.0054 5164 IpFilterDriver - ok
22:16:30.0179 5164 IpInIp - ok
22:16:30.0366 5164 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:16:30.0382 5164 IPMIDRV - ok
22:16:30.0507 5164 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:16:30.0507 5164 IPNAT - ok
22:16:30.0741 5164 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:16:30.0741 5164 IRENUM - ok
22:16:30.0912 5164 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
22:16:30.0912 5164 isapnp - ok
22:16:30.0959 5164 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:16:30.0975 5164 iScsiPrt - ok
22:16:31.0255 5164 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:16:31.0271 5164 iteatapi - ok
22:16:31.0318 5164 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:16:31.0318 5164 iteraid - ok
22:16:31.0380 5164 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:16:31.0380 5164 kbdclass - ok
22:16:31.0474 5164 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:16:31.0489 5164 kbdhid - ok
22:16:31.0614 5164 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:16:31.0630 5164 KSecDD - ok
22:16:31.0755 5164 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:16:31.0755 5164 lltdio - ok
22:16:31.0879 5164 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:16:31.0879 5164 LSI_FC - ok
22:16:31.0911 5164 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:16:31.0911 5164 LSI_SAS - ok
22:16:32.0020 5164 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:16:32.0035 5164 LSI_SCSI - ok
22:16:32.0129 5164 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:16:32.0129 5164 luafv - ok
22:16:32.0254 5164 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:16:32.0254 5164 megasas - ok
22:16:32.0363 5164 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:16:32.0363 5164 Modem - ok
22:16:32.0472 5164 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:16:32.0472 5164 monitor - ok
22:16:32.0597 5164 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:16:32.0597 5164 mouclass - ok
22:16:32.0644 5164 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:16:32.0644 5164 mouhid - ok
22:16:32.0737 5164 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:16:32.0737 5164 MountMgr - ok
22:16:32.0815 5164 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:16:32.0815 5164 mpio - ok
22:16:32.0925 5164 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:16:32.0925 5164 mpsdrv - ok
22:16:33.0049 5164 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:16:33.0049 5164 Mraid35x - ok
22:16:33.0127 5164 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:16:33.0127 5164 MRxDAV - ok
22:16:33.0174 5164 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:16:33.0174 5164 mrxsmb - ok
22:16:33.0237 5164 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:16:33.0237 5164 mrxsmb10 - ok
22:16:33.0564 5164 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:16:33.0564 5164 mrxsmb20 - ok
22:16:33.0627 5164 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
22:16:33.0627 5164 msahci - ok
22:16:33.0705 5164 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:16:33.0705 5164 msdsm - ok
22:16:33.0829 5164 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:16:33.0829 5164 Msfs - ok
22:16:33.0892 5164 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:16:33.0892 5164 msisadrv - ok
22:16:34.0032 5164 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:16:34.0032 5164 MSKSSRV - ok
22:16:34.0079 5164 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:16:34.0079 5164 MSPCLOCK - ok
22:16:34.0173 5164 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:16:34.0173 5164 MSPQM - ok
22:16:34.0219 5164 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:16:34.0219 5164 MsRPC - ok
22:16:34.0329 5164 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:16:34.0329 5164 mssmbios - ok
22:16:34.0375 5164 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:16:34.0375 5164 MSTEE - ok
22:16:34.0407 5164 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:16:34.0407 5164 Mup - ok
22:16:34.0531 5164 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:16:34.0531 5164 NativeWifiP - ok
22:16:34.0594 5164 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:16:34.0609 5164 NDIS - ok
22:16:34.0734 5164 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:16:34.0734 5164 NdisTapi - ok
22:16:34.0812 5164 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:16:34.0812 5164 Ndisuio - ok
22:16:34.0968 5164 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:16:34.0968 5164 NdisWan - ok
22:16:35.0436 5164 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:16:35.0436 5164 NDProxy - ok
22:16:35.0733 5164 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:16:35.0733 5164 NetBIOS - ok
22:16:35.0998 5164 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:16:35.0998 5164 netbt - ok
22:16:36.0388 5164 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
22:16:36.0435 5164 NETw4v32 - ok
22:16:36.0715 5164 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:16:36.0731 5164 nfrd960 - ok
22:16:37.0059 5164 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:16:37.0059 5164 Npfs - ok
22:16:37.0261 5164 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:16:37.0261 5164 nsiproxy - ok
22:16:37.0433 5164 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:16:37.0449 5164 Ntfs - ok
22:16:37.0558 5164 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:16:37.0573 5164 ntrigdigi - ok
22:16:37.0651 5164 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:16:37.0651 5164 Null - ok
22:16:38.0244 5164 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:16:38.0541 5164 nvlddmkm - ok
22:16:38.0712 5164 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
22:16:38.0712 5164 nvraid - ok
22:16:38.0743 5164 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
22:16:38.0743 5164 nvstor - ok
22:16:39.0149 5164 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
22:16:39.0149 5164 nv_agp - ok
22:16:39.0258 5164 NwlnkFlt - ok
22:16:39.0274 5164 NwlnkFwd - ok
22:16:39.0633 5164 OEM02Dev (9d20fa5d8875f6063aa5e1c44446f698) C:\Windows\system32\DRIVERS\OEM02Dev.sys
22:16:39.0648 5164 OEM02Dev - ok
22:16:39.0835 5164 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
22:16:39.0835 5164 OEM02Vfx - ok
22:16:39.0960 5164 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:16:39.0960 5164 ohci1394 - ok
22:16:40.0257 5164 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:16:40.0257 5164 Parport - ok
22:16:40.0319 5164 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:16:40.0319 5164 partmgr - ok
22:16:40.0522 5164 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:16:40.0522 5164 Parvdm - ok
22:16:40.0787 5164 PcdrNdisuio - ok
22:16:41.0146 5164 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:16:41.0146 5164 pci - ok
22:16:41.0302 5164 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
22:16:41.0317 5164 pciide - ok
22:16:41.0739 5164 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:16:41.0739 5164 pcmcia - ok
22:16:41.0910 5164 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:16:41.0926 5164 PEAUTH - ok
22:16:42.0175 5164 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:16:42.0175 5164 PptpMiniport - ok
22:16:42.0363 5164 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:16:42.0363 5164 Processor - ok
22:16:43.0049 5164 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:16:43.0049 5164 PSched - ok
22:16:43.0252 5164 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
22:16:43.0252 5164 PxHelp20 - ok
22:16:43.0845 5164 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:16:43.0860 5164 ql2300 - ok
22:16:44.0079 5164 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:16:44.0079 5164 ql40xx - ok
22:16:44.0235 5164 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:16:44.0235 5164 QWAVEdrv - ok
22:16:44.0578 5164 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
22:16:44.0671 5164 R300 - ok
22:16:44.0952 5164 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:16:44.0952 5164 RasAcd - ok
22:16:45.0264 5164 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:16:45.0264 5164 Rasl2tp - ok
22:16:45.0451 5164 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:16:45.0451 5164 RasPppoe - ok
22:16:45.0561 5164 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:16:45.0561 5164 RasSstp - ok
22:16:45.0654 5164 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:16:45.0654 5164 rdbss - ok
22:16:45.0888 5164 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:16:45.0888 5164 RDPCDD - ok
22:16:46.0029 5164 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
22:16:46.0029 5164 rdpdr - ok
22:16:46.0294 5164 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:16:46.0294 5164 RDPENCDD - ok
22:16:46.0465 5164 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:16:46.0465 5164 RDPWD - ok
22:16:46.0746 5164 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
22:16:46.0746 5164 RFCOMM - ok
22:16:46.0871 5164 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
22:16:46.0871 5164 rimmptsk - ok
22:16:47.0011 5164 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
22:16:47.0011 5164 rimsptsk - ok
22:16:47.0245 5164 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
22:16:47.0245 5164 rismxdp - ok
22:16:47.0401 5164 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:16:47.0401 5164 rspndr - ok
22:16:47.0448 5164 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:16:47.0448 5164 sbp2port - ok
22:16:47.0604 5164 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
22:16:47.0604 5164 sdbus - ok
22:16:47.0760 5164 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:16:47.0760 5164 secdrv - ok
22:16:47.0838 5164 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:16:47.0854 5164 Serenum - ok
22:16:47.0994 5164 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:16:47.0994 5164 Serial - ok
22:16:48.0041 5164 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:16:48.0057 5164 sermouse - ok
22:16:48.0322 5164 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
22:16:48.0322 5164 sffdisk - ok
22:16:48.0946 5164 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
22:16:48.0946 5164 sffp_mmc - ok
22:16:49.0149 5164 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
22:16:49.0149 5164 sffp_sd - ok
22:16:49.0195 5164 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:16:49.0195 5164 sfloppy - ok
22:16:49.0383 5164 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
22:16:49.0383 5164 sisagp - ok
22:16:49.0507 5164 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
22:16:49.0523 5164 SiSRaid2 - ok
22:16:49.0617 5164 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:16:49.0617 5164 SiSRaid4 - ok
22:16:49.0695 5164 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:16:49.0695 5164 Smb - ok
22:16:50.0007 5164 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:16:50.0007 5164 spldr - ok
22:16:50.0287 5164 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:16:50.0287 5164 srv - ok
22:16:50.0443 5164 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:16:50.0443 5164 srv2 - ok
22:16:50.0662 5164 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:16:50.0662 5164 srvnet - ok
22:16:50.0849 5164 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys
22:16:50.0849 5164 STHDA - ok
22:16:51.0052 5164 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:16:51.0052 5164 swenum - ok
22:16:51.0208 5164 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:16:51.0208 5164 Symc8xx - ok
22:16:51.0270 5164 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:16:51.0270 5164 Sym_hi - ok
22:16:51.0348 5164 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:16:51.0348 5164 Sym_u3 - ok
22:16:51.0738 5164 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys
22:16:51.0738 5164 SynTP - ok
22:16:52.0019 5164 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:16:52.0035 5164 Tcpip - ok
22:16:52.0315 5164 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:16:52.0331 5164 Tcpip6 - ok
22:16:52.0456 5164 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:16:52.0456 5164 tcpipreg - ok
22:16:52.0596 5164 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys
22:16:52.0596 5164 TcUsb - ok
22:16:52.0737 5164 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:16:52.0737 5164 TDPIPE - ok
22:16:52.0986 5164 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:16:52.0986 5164 TDTCP - ok
22:16:53.0173 5164 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:16:53.0173 5164 tdx - ok
22:16:53.0267 5164 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:16:53.0267 5164 TermDD - ok
22:16:53.0454 5164 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:16:53.0454 5164 tssecsrv - ok
22:16:53.0579 5164 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:16:53.0579 5164 tunmp - ok
22:16:53.0782 5164 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:16:53.0782 5164 tunnel - ok
22:16:53.0938 5164 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:16:53.0938 5164 uagp35 - ok
22:16:54.0203 5164 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:16:54.0219 5164 udfs - ok
22:16:54.0484 5164 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
22:16:54.0484 5164 uliagpkx - ok
22:16:54.0609 5164 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:16:54.0624 5164 uliahci - ok
22:16:54.0733 5164 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:16:54.0733 5164 UlSata - ok
22:16:54.0843 5164 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:16:54.0843 5164 ulsata2 - ok
22:16:54.0936 5164 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:16:54.0936 5164 umbus - ok
22:16:55.0186 5164 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
22:16:55.0186 5164 usbaudio - ok
22:16:55.0373 5164 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:16:55.0389 5164 usbccgp - ok
22:16:55.0576 5164 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:16:55.0576 5164 usbcir - ok
22:16:55.0732 5164 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:16:55.0747 5164 usbehci - ok
22:16:55.0935 5164 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:16:55.0935 5164 usbhub - ok
22:16:56.0044 5164 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:16:56.0044 5164 usbohci - ok
22:16:56.0169 5164 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:16:56.0169 5164 usbprint - ok
22:16:56.0325 5164 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:16:56.0325 5164 USBSTOR - ok
22:16:56.0481 5164 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:16:56.0481 5164 usbuhci - ok
22:16:56.0574 5164 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
22:16:56.0590 5164 vga - ok
22:16:56.0746 5164 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:16:56.0746 5164 VgaSave - ok
22:16:57.0105 5164 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
22:16:57.0105 5164 viaagp - ok
22:16:57.0323 5164 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:16:57.0323 5164 ViaC7 - ok
22:16:57.0432 5164 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
22:16:57.0432 5164 viaide - ok
22:16:57.0526 5164 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:16:57.0526 5164 volmgr - ok
22:16:57.0744 5164 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:16:57.0744 5164 volmgrx - ok
22:16:57.0947 5164 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:16:57.0963 5164 volsnap - ok
22:16:58.0087 5164 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:16:58.0087 5164 vsmraid - ok
22:16:58.0150 5164 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:16:58.0150 5164 WacomPen - ok
22:16:58.0290 5164 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:16:58.0290 5164 Wanarp - ok
22:16:58.0337 5164 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:16:58.0337 5164 Wanarpv6 - ok
22:16:58.0462 5164 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:16:58.0462 5164 Wd - ok
22:16:58.0540 5164 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:16:58.0555 5164 Wdf01000 - ok
22:16:59.0117 5164 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:16:59.0133 5164 WmiAcpi - ok
22:16:59.0569 5164 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:16:59.0585 5164 ws2ifsl - ok
22:16:59.0788 5164 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:16:59.0788 5164 WUDFRd - ok
22:16:59.0850 5164 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:16:59.0944 5164 \Device\Harddisk0\DR0 - ok
22:16:59.0991 5164 Boot (0x1200) (cc06d38a4d9080b0eb42f866591bf709) \Device\Harddisk0\DR0\Partition0
22:17:00.0006 5164 \Device\Harddisk0\DR0\Partition0 - ok
22:17:00.0006 5164 Boot (0x1200) (95fcf421605db8d7e89666e2b3a5d36d) \Device\Harddisk0\DR0\Partition1
22:17:00.0006 5164 \Device\Harddisk0\DR0\Partition1 - ok
22:17:00.0006 5164 ============================================================
22:17:00.0006 5164 Scan finished
22:17:00.0006 5164 ============================================================
22:17:00.0037 5156 Detected object count: 0
22:17:00.0037 5156 Actual detected object count: 0





aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-10 22:28:00
-----------------------------
22:28:00.824 OS Version: Windows 6.0.6002 Service Pack 2
22:28:00.824 Number of processors: 2 586 0xF0B
22:28:00.824 ComputerName: CORMACT-PC UserName: cormact
22:28:46.610 Initialize success
22:29:02.122 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:29:02.122 Disk 0 Vendor: TOSHIBA_ LB01 Size: 238475MB BusType: 3
22:29:02.153 Disk 0 MBR read successfully
22:29:02.169 Disk 0 MBR scan
22:29:02.169 Disk 0 Windows VISTA default MBR code
22:29:02.184 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
22:29:02.216 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 161792
22:29:02.247 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 225595 MB offset 21133312
22:29:02.262 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 483151872
22:29:02.294 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 483153920
22:29:02.309 Disk 0 scanning sectors +488394752
22:29:02.450 Disk 0 scanning C:\Windows\system32\drivers
22:29:20.670 Service scanning
22:29:22.558 Modules scanning
22:29:51.870 Disk 0 trace - called modules:
22:29:51.933 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
22:29:51.933 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867591f0]
22:29:51.948 3 CLASSPNP.SYS[8a99f8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85737030]
22:29:51.964 Scan finished successfully
22:30:20.684 Disk 0 MBR has been saved successfully to "C:\Users\cormact\Downloads\MBR.dat"
22:30:20.699 The log file has been saved successfully to "C:\Users\cormact\Downloads\aswMBR.txt"
  • 0

#14
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Try ComboFix from Safe Mode now please.
  • 0

#15
builder4580

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Started to run Combofix in safe mode
The program loaded (I think?)
A panel displayed with rapidly scrolling lines (program loading?)
The screen went blank for about 20-30secs
Then the following popup:

pev.3XE has stopped working

Windows can check online for a solution to the problem

View problem details

Problem signature:
Problem Event Name: APPCRASH
Application Name: pev.3XE
Application Version: 0.0.0.0
Application Timestamp: 4e06cfe8
Fault Module Name: pev.3XE
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 4e06cfe8
Exception Code: 40000015
Exception Offset: 0008d1c0
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
Additional Information 1: 6e00
Additional Information 2: 50428c8b02b10d9f186d86925177726f
Additional Information 3: a51d
Additional Information 4: 3264da970776ce43b43e6e53251b7bad

Read our privacy statement:
http://go.microsoft....63&clcid=0x0409

When I check online for a solution to the problem I get the same Warning Popup
that I got yesterday. ie ComboFix has detected the following real time scanner(s) to be active:
Antivirus: AVG Anti-Virus Free Edition 2012
Antispyware: AVG Anti-Virus Free Edition 2012

Antivirus and intrusion prevention programs are known to interfere
with ComboFix's running. This may lead to unpredictable results or
possible machine damage.

Please disable these scanners before clicking OK

Clicked OK
Got a message that there is an updated version of ComboFix
Downloaded update and it ran automatically to the following point:

Scanning for infested files
This typically doesn't take more than 10 minutes
However scan times for badly infected machines may easily double.


Began scan at 6:10pm, exited program at 6:55pm

Other than being unable to run ComboFix, my machine appears to be running fine now.
It loads programs fast, no more redirects. Still get the occasional pop-behind, but I think that is site related
rather than spyware.
I don't understand why CFix is detecting currently Active AVG when it has been uninstalled from my system.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP