Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create a FREE account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you sign in.
Create an Account Login to Account

Google won't load after malware was removed


  • Please log in to reply

#1
pfehringer

pfehringer

    Member

  • Member
  • PipPip
  • 23 posts
This morning my AVG spyware said I had a malware threat which I moved to the virus vault and rebooted the computer. Now I can't get into any Google site. I can't check my Google calendar or Gmail. It redirects me to a Verizon site (I have Verizon DSL) that states that www.google.com can not be found. I tried my wife's laptop and she can get it on hers as can my daughter on her laptop. So it seems to be just mine. After researcheing the problem through another search engine I started trying diferent things with no good results. Here is what I have so far...

I can ping www.google with no problems.
My host file is empty
If I enter the google isp numbers I got off one website it will pull up Google, allow me to sign in and I can access my gmail. When I click on the calendar icon from this page it drops Google again.
I have cleared all cookies
The problem is with both Firefox (my usual browser) and IE
I have checked security settings and even allowed google.com

Now I am getting blue screens and I have to use the computer in safe mode. I ran OTL and came up with this...

OTL logfile created on: 2/9/2012 6:38:09 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Paul\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 83.50% Memory free
2.31 Gb Paging File | 2.02 Gb Available in Paging File | 87.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 1.03 Gb Free Space | 2.77% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 917.96 Gb Free Space | 98.55% Space Free | Partition Type: NTFS

Computer Name: PAUL-LAPTOP | User Name: Paul | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/09 18:29:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
PRC - [2012/01/13 06:36:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/13 06:36:28 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/03/15 06:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/31 19:58:06 | 000,068,648 | R--- | M] (iS3, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/05 07:26:34 | 000,045,056 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/03/03 19:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/20 18:06:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/01/04 13:06:32 | 000,072,080 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2011/09/26 11:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2011/09/26 11:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2011/05/27 18:05:32 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/07/12 13:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2010/07/12 13:48:56 | 000,073,032 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/06/18 19:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/03/07 02:08:46 | 002,595,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2005/06/03 15:50:40 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15557&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 D4 99 CE 42 AF CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Good Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..keyword.URL: "http://search.avg.co...&tp=ab&nt=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Paul\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Paul\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/04 16:29:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/13 06:36:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/15 18:32:55 | 000,000,000 | ---D | M]

[2010/02/16 15:13:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Extensions
[2012/01/04 08:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\tb66223y.default\extensions
[2011/09/08 11:44:45 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\tb66223y.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/04/14 18:18:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\tb66223y.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}-trash
[2012/01/04 08:49:40 | 000,000,000 | ---D | M] ("GoodSearch Toolbar") -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\tb66223y.default\extensions\{1CD12824-AE3B-44EE-BD8F-403F1E48FD3A}
[2011/01/21 16:52:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\tb66223y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/01/21 16:52:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\tb66223y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
[2011/11/08 20:23:38 | 000,000,000 | ---D | M] (Coupon Cabin Toolbar) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\tb66223y.default\extensions\{CAD77134-400A-41f9-83BE-5FBF5F1A42C0}
[2010/08/16 19:53:07 | 000,002,555 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\tb66223y.default\searchplugins\askcom.xml
[2011/11/08 17:50:00 | 000,001,599 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\tb66223y.default\searchplugins\good-search.xml
[2011/11/09 18:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/13 06:36:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/09/22 20:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 18:45:27 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [0D1.exe] C:\Program Files\LP\F797\0D1.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [IFEvuifXpHuouiv.exe] C:\ProgramData\IFEvuifXpHuouiv.exe (Mioft)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Video Converter... - C:\Program Files\Media Player Utilities 5.22\AVIConverter\grab.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EC46DF4-E396-467E-82D7-3600CC429D45}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75C2AB1D-0AAA-48EE-BA98-822F58CA39F4}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/02 06:19:42 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 07:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/09 18:29:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2012/02/09 18:23:34 | 000,447,488 | ---- | C] (Mioft) -- C:\ProgramData\IFEvuifXpHuouiv.exe
[2012/02/09 18:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\7DABB
[2012/02/09 18:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2012/02/08 19:17:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2012/02/08 19:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2012/02/08 19:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2012/02/08 10:20:00 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/31 19:58:00 | 000,547,880 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2012/01/31 19:58:00 | 000,482,344 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2012/01/31 19:58:00 | 000,134,184 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2012/01/31 19:58:00 | 000,024,616 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2012/01/31 19:57:58 | 000,457,768 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2012/01/31 19:57:58 | 000,392,232 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2012/01/31 19:57:58 | 000,105,512 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2012/01/31 19:57:58 | 000,101,416 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2012/01/31 19:57:58 | 000,068,648 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2012/01/31 19:57:58 | 000,030,248 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2012/01/31 19:57:56 | 000,810,024 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2012/01/31 19:57:56 | 000,232,488 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2012/01/30 18:47:17 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\24 liberty
[2012/01/14 20:48:46 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media Player Utilities 5.22
[2012/01/14 20:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Utilities 5.22
[2012/01/10 21:49:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[1 C:\Users\Paul\Documents\*.tmp files -> C:\Users\Paul\Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/09 18:36:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/09 18:35:36 | 1603,915,776 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/09 18:29:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2012/02/09 18:20:13 | 000,447,488 | ---- | M] (Mioft) -- C:\ProgramData\IFEvuifXpHuouiv.exe
[2012/02/09 17:45:37 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/08 20:19:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/08 19:22:32 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/08 19:22:31 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/08 18:15:47 | 000,001,105 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/02/08 18:02:25 | 000,631,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/08 18:02:25 | 000,109,310 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/08 09:23:55 | 000,002,002 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/08 08:02:05 | 088,473,191 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/02/04 18:27:19 | 000,306,699 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/01/31 19:58:00 | 000,547,880 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2012/01/31 19:58:00 | 000,482,344 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2012/01/31 19:58:00 | 000,134,184 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2012/01/31 19:58:00 | 000,024,616 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2012/01/31 19:57:58 | 000,457,768 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2012/01/31 19:57:58 | 000,392,232 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2012/01/31 19:57:58 | 000,105,512 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2012/01/31 19:57:58 | 000,101,416 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2012/01/31 19:57:58 | 000,068,648 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2012/01/31 19:57:58 | 000,030,248 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2012/01/31 19:57:56 | 000,810,024 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2012/01/31 19:57:56 | 000,232,488 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[1 C:\Users\Paul\Documents\*.tmp files -> C:\Users\Paul\Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/12 17:00:41 | 000,007,605 | ---- | C] () -- C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
[2011/05/11 20:38:32 | 000,008,704 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/29 09:57:24 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/05/05 14:13:34 | 000,000,092 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010/03/26 08:14:31 | 000,000,078 | ---- | C] () -- C:\Windows\ricdb.ini
[2010/03/26 08:14:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\RPCS.ini
[2010/02/21 20:12:02 | 000,000,140 | ---- | C] () -- C:\Windows\pstudio.ini
[2010/02/21 20:12:02 | 000,000,021 | ---- | C] () -- C:\Windows\mp_setup.ini
[2010/02/21 20:12:01 | 000,059,776 | ---- | C] () -- C:\Windows\System32\FLORA16.DLL
[2010/02/19 17:36:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/02/17 19:58:47 | 000,000,445 | ---- | C] () -- C:\Windows\System32\gmsblist.dll
[2010/02/17 09:10:30 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2010/02/17 08:47:45 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,414,520 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,631,224 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,109,310 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/14 07:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2007/01/13 10:46:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v4764.dll
[2006/09/18 13:37:50 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2006/09/18 13:37:48 | 000,667,280 | ---- | C] () -- C:\Windows\System32\tx12.dll
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AMV_DecDLL.dll
[2004/01/13 17:46:34 | 000,172,032 | ---- | C] () -- C:\Windows\System32\tifmicon.dll

========== LOP Check ==========

[2010/11/13 20:40:20 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\AVG
[2010/11/13 20:14:51 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\AVG10
[2011/02/19 20:47:16 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Bandit
[2010/09/29 18:45:17 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Canon
[2011/02/13 19:33:02 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/06 20:28:15 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\EurekaLog
[2010/05/18 19:42:18 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Facebook
[2010/10/05 19:34:36 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GARMIN
[2011/12/05 16:31:46 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\gsak
[2011/11/08 20:22:40 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OpenCandy
[2011/12/16 22:22:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Orbit
[2011/11/08 20:23:02 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ProgSense
[2011/04/28 15:58:27 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\webex
[2010/02/19 20:14:12 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\WinBatch
[2012/02/09 17:46:01 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
  • 0

Similar Topics: Google won't load after malware was removed     x


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 13,200 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2012/01/04 08:49:40 | 000,000,000 | ---D | M] ("GoodSearch Toolbar") -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\tb66223y.default\extensions\{1CD12824-AE3B-44EE-BD8F-403F1E48FD3A}
[2011/01/21 16:52:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\tb66223y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/01/21 16:52:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\tb66223y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
[2011/11/08 20:23:38 | 000,000,000 | ---D | M] (Coupon Cabin Toolbar) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\tb66223y.default\extensions\{CAD77134-400A-41f9-83BE-5FBF5F1A42C0}
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [0D1.exe] C:\Program Files\LP\F797\0D1.exe ()
O4 - HKLM..\Run: [IFEvuifXpHuouiv.exe] C:\ProgramData\IFEvuifXpHuouiv.exe (Mioft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O15 - HKCU\..Trusted Domains: google.com ([]https in Trusted sites)
[2012/02/09 18:23:34 | 000,447,488 | ---- | C] (Mioft) -- C:\ProgramData\IFEvuifXpHuouiv.exe
[2012/02/09 18:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\7DABB
[2012/02/09 18:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\LP
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

If you get an error: 'illegal operation attempted on a registry key that has been marked for deletion'
just reboot once and it should go away.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

uncheck trace disk IO calls
Click the "Scan" button to start scan (allow the Avast Engine)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#3
pfehringer

pfehringer

    Member

  • Member
  • PipPip
  • 23 posts
Took awhile to go through all the steps, but I did it. About halfway through I had Google back and I am now out of safe mode and no blue screens. I think it is fixed. I've attached all the logs from all the steps.

Thanks for the help!

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 13,200 posts
  • MVP
TDSSKiller log?

You have old versions of Java and Adobe. You should uninstall them then get the latest versions from java.com and adobe.com.

I would turn off the Computer Browser service. You don't need it for anything and it's not working:

Right click on Computer and select Manage (Continue) then Services and Applications then Services. Find Computer Browser and right click and select Properties. Change the Startup Type to Disabled. Apply.

Other than that your logs look pretty good.

If the TDSSKiller log looks good then we are done and you can clean up:

We need to cleanup System Restore:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#5
pfehringer

pfehringer

    Member

  • Member
  • PipPip
  • 23 posts
Woke up this morning and ran to the laptop to see if it was still OK. Everything seems to be fine except I just noticed that all my start menu and desktop program icons are missing. When I check the programs file it looks like they are there, but no start icons for most of them. Any ideas where they all went? I'd hate to have to spend all day manually putting them all back on.

Thanks for the further suggestions. I'll get on those.
  • 0

#6
pfehringer

pfehringer

    Member

  • Member
  • PipPip
  • 23 posts
Here's the tdss killer log...

21:33:32.0469 0296 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
21:33:32.0799 0296 ============================================================
21:33:32.0799 0296 Current date / time: 2012/02/09 21:33:32.0799
21:33:32.0799 0296 SystemInfo:
21:33:32.0799 0296
21:33:32.0799 0296 OS Version: 6.1.7600 ServicePack: 0.0
21:33:32.0799 0296 Product type: Workstation
21:33:32.0799 0296 ComputerName: PAUL-LAPTOP
21:33:32.0799 0296 UserName: Paul
21:33:32.0799 0296 Windows directory: C:\Windows
21:33:32.0799 0296 System windows directory: C:\Windows
21:33:32.0799 0296 Processor architecture: Intel x86
21:33:32.0799 0296 Number of processors: 1
21:33:32.0799 0296 Page size: 0x1000
21:33:32.0799 0296 Boot type: Safe boot with network
21:33:32.0799 0296 ============================================================
21:33:34.0431 0296 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1430, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
21:33:34.0461 0296 \Device\Harddisk0\DR0:
21:33:34.0461 0296 MBR used
21:33:34.0461 0296 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A817B1
21:33:34.0632 0296 Initialize success
21:33:34.0632 0296 ============================================================
21:33:38.0688 1564 ============================================================
21:33:38.0688 1564 Scan started
21:33:38.0688 1564 Mode: Manual;
21:33:38.0688 1564 ============================================================
21:33:39.0969 1564 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
21:33:39.0969 1564 1394ohci - ok
21:33:40.0180 1564 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
21:33:40.0180 1564 ACPI - ok
21:33:40.0460 1564 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
21:33:40.0460 1564 AcpiPmi - ok
21:33:40.0801 1564 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:33:40.0801 1564 adp94xx - ok
21:33:41.0061 1564 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:33:41.0061 1564 adpahci - ok
21:33:41.0381 1564 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:33:41.0381 1564 adpu320 - ok
21:33:41.0642 1564 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
21:33:41.0642 1564 AFD - ok
21:33:41.0922 1564 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
21:33:41.0932 1564 AgereSoftModem - ok
21:33:42.0132 1564 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
21:33:42.0132 1564 agp440 - ok
21:33:42.0323 1564 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:33:42.0323 1564 aic78xx - ok
21:33:42.0793 1564 ALCXWDM (7997b6f02cbda0e31fa18cc85871b938) C:\Windows\system32\drivers\RTKVAC.SYS
21:33:42.0823 1564 ALCXWDM - ok
21:33:43.0074 1564 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
21:33:43.0074 1564 aliide - ok
21:33:43.0274 1564 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
21:33:43.0274 1564 amdagp - ok
21:33:43.0504 1564 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
21:33:43.0504 1564 amdide - ok
21:33:43.0725 1564 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:33:43.0735 1564 AmdK8 - ok
21:33:43.0955 1564 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:33:43.0955 1564 AmdPPM - ok
21:33:44.0175 1564 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
21:33:44.0175 1564 amdsata - ok
21:33:44.0396 1564 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:33:44.0396 1564 amdsbs - ok
21:33:44.0616 1564 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
21:33:44.0616 1564 amdxata - ok
21:33:44.0836 1564 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
21:33:44.0836 1564 AppID - ok
21:33:45.0147 1564 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:33:45.0147 1564 arc - ok
21:33:45.0367 1564 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:33:45.0367 1564 arcsas - ok
21:33:45.0587 1564 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:33:45.0587 1564 AsyncMac - ok
21:33:45.0758 1564 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
21:33:45.0758 1564 atapi - ok
21:33:46.0068 1564 AVGIDSDriver (b9acb889ba1e0561868c025f95d63e25) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
21:33:46.0068 1564 AVGIDSDriver - ok
21:33:46.0318 1564 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
21:33:46.0318 1564 AVGIDSEH - ok
21:33:46.0539 1564 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
21:33:46.0539 1564 AVGIDSFilter - ok
21:33:46.0799 1564 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
21:33:46.0799 1564 AVGIDSShim - ok
21:33:47.0070 1564 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
21:33:47.0070 1564 Avgldx86 - ok
21:33:47.0320 1564 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
21:33:47.0320 1564 Avgmfx86 - ok
21:33:47.0590 1564 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
21:33:47.0590 1564 Avgrkx86 - ok
21:33:47.0841 1564 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
21:33:47.0841 1564 Avgtdix - ok
21:33:48.0121 1564 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:33:48.0131 1564 b06bdrv - ok
21:33:48.0381 1564 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:33:48.0381 1564 b57nd60x - ok
21:33:48.0672 1564 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:33:48.0672 1564 Beep - ok
21:33:48.0892 1564 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:33:48.0892 1564 blbdrive - ok
21:33:49.0173 1564 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
21:33:49.0173 1564 bowser - ok
21:33:49.0343 1564 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:33:49.0343 1564 BrFiltLo - ok
21:33:49.0553 1564 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:33:49.0553 1564 BrFiltUp - ok
21:33:49.0783 1564 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
21:33:49.0783 1564 BridgeMP - ok
21:33:50.0024 1564 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:33:50.0024 1564 Brserid - ok
21:33:50.0214 1564 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:33:50.0214 1564 BrSerWdm - ok
21:33:50.0414 1564 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:33:50.0414 1564 BrUsbMdm - ok
21:33:50.0645 1564 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:33:50.0645 1564 BrUsbSer - ok
21:33:50.0825 1564 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:33:50.0825 1564 BTHMODEM - ok
21:33:51.0035 1564 catchme - ok
21:33:51.0286 1564 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:33:51.0286 1564 cdfs - ok
21:33:51.0566 1564 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
21:33:51.0576 1564 cdrom - ok
21:33:51.0816 1564 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:33:51.0816 1564 circlass - ok
21:33:51.0997 1564 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:33:52.0007 1564 CLFS - ok
21:33:52.0267 1564 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:33:52.0267 1564 CmBatt - ok
21:33:52.0457 1564 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
21:33:52.0457 1564 cmdide - ok
21:33:52.0748 1564 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
21:33:52.0748 1564 CNG - ok
21:33:52.0958 1564 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:33:52.0958 1564 Compbatt - ok
21:33:53.0178 1564 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:33:53.0178 1564 CompositeBus - ok
21:33:53.0379 1564 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:33:53.0379 1564 crcdisk - ok
21:33:53.0659 1564 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
21:33:53.0679 1564 CSC - ok
21:33:53.0939 1564 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
21:33:53.0939 1564 DfsC - ok
21:33:54.0160 1564 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:33:54.0160 1564 discache - ok
21:33:54.0390 1564 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:33:54.0390 1564 Disk - ok
21:33:54.0630 1564 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:33:54.0640 1564 drmkaud - ok
21:33:54.0901 1564 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
21:33:54.0911 1564 DXGKrnl - ok
21:33:55.0361 1564 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:33:55.0392 1564 ebdrv - ok
21:33:55.0682 1564 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:33:55.0682 1564 elxstor - ok
21:33:55.0852 1564 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
21:33:55.0862 1564 ErrDev - ok
21:33:56.0103 1564 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:33:56.0103 1564 exfat - ok
21:33:56.0343 1564 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:33:56.0343 1564 fastfat - ok
21:33:56.0583 1564 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:33:56.0583 1564 fdc - ok
21:33:56.0794 1564 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:33:56.0804 1564 FileInfo - ok
21:33:56.0994 1564 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:33:57.0004 1564 Filetrace - ok
21:33:57.0194 1564 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:33:57.0194 1564 flpydisk - ok
21:33:57.0434 1564 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:33:57.0434 1564 FltMgr - ok
21:33:57.0625 1564 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:33:57.0625 1564 FsDepends - ok
21:33:57.0825 1564 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:33:57.0825 1564 Fs_Rec - ok
21:33:58.0065 1564 FTDIBUS (8142d5d886829b9876cb93af59475c09) C:\Windows\system32\drivers\ftdibus.sys
21:33:58.0065 1564 FTDIBUS - ok
21:33:58.0296 1564 FTSER2K (63d72a4cf9f163b59db0ceed940a7d76) C:\Windows\system32\drivers\ftser2k.sys
21:33:58.0296 1564 FTSER2K - ok
21:33:58.0536 1564 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
21:33:58.0546 1564 fvevol - ok
21:33:58.0776 1564 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:33:58.0786 1564 gagp30kx - ok
21:33:59.0007 1564 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:33:59.0007 1564 GEARAspiWDM - ok
21:33:59.0237 1564 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys
21:33:59.0237 1564 grmnusb - ok
21:33:59.0558 1564 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:33:59.0568 1564 hcw85cir - ok
21:33:59.0778 1564 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:33:59.0788 1564 HDAudBus - ok
21:33:59.0978 1564 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:33:59.0978 1564 HidBatt - ok
21:34:00.0168 1564 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:34:00.0168 1564 HidBth - ok
21:34:00.0559 1564 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:34:00.0559 1564 HidIr - ok
21:34:00.0919 1564 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
21:34:00.0919 1564 HidUsb - ok
21:34:01.0170 1564 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:34:01.0170 1564 HpSAMD - ok
21:34:01.0661 1564 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
21:34:01.0661 1564 HTTP - ok
21:34:01.0871 1564 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
21:34:01.0871 1564 hwpolicy - ok
21:34:02.0111 1564 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
21:34:02.0111 1564 i8042prt - ok
21:34:02.0772 1564 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\Windows\system32\DRIVERS\igxpmp32.sys
21:34:02.0822 1564 ialm - ok
21:34:03.0063 1564 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
21:34:03.0063 1564 iaStorV - ok
21:34:03.0293 1564 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:34:03.0293 1564 iirsp - ok
21:34:03.0493 1564 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
21:34:03.0493 1564 intelide - ok
21:34:03.0713 1564 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:34:03.0724 1564 intelppm - ok
21:34:04.0034 1564 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:34:04.0034 1564 IpFilterDriver - ok
21:34:04.0294 1564 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:34:04.0294 1564 IPMIDRV - ok
21:34:04.0485 1564 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:34:04.0485 1564 IPNAT - ok
21:34:04.0885 1564 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:34:04.0885 1564 IRENUM - ok
21:34:05.0085 1564 is3srv (447e6a7c3e7e1cd550a8af889a8209e9) C:\Windows\system32\drivers\is3srv.sys
21:34:05.0085 1564 is3srv - ok
21:34:05.0286 1564 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
21:34:05.0286 1564 isapnp - ok
21:34:05.0486 1564 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
21:34:05.0496 1564 iScsiPrt - ok
21:34:05.0706 1564 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:34:05.0706 1564 kbdclass - ok
21:34:05.0937 1564 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
21:34:05.0937 1564 kbdhid - ok
21:34:06.0157 1564 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
21:34:06.0157 1564 KSecDD - ok
21:34:06.0357 1564 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
21:34:06.0357 1564 KSecPkg - ok
21:34:06.0678 1564 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:34:06.0688 1564 lltdio - ok
21:34:06.0928 1564 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:34:06.0938 1564 LSI_FC - ok
21:34:07.0168 1564 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:34:07.0168 1564 LSI_SAS - ok
21:34:07.0379 1564 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:34:07.0379 1564 LSI_SAS2 - ok
21:34:07.0589 1564 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:34:07.0589 1564 LSI_SCSI - ok
21:34:07.0809 1564 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:34:07.0809 1564 luafv - ok
21:34:08.0020 1564 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:34:08.0020 1564 megasas - ok
21:34:08.0280 1564 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:34:08.0290 1564 MegaSR - ok
21:34:08.0520 1564 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:34:08.0520 1564 Modem - ok
21:34:08.0761 1564 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:34:08.0761 1564 monitor - ok
21:34:09.0001 1564 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:34:09.0001 1564 mouclass - ok
21:34:09.0231 1564 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:34:09.0231 1564 mouhid - ok
21:34:09.0452 1564 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
21:34:09.0452 1564 mountmgr - ok
21:34:09.0672 1564 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
21:34:09.0672 1564 mpio - ok
21:34:09.0902 1564 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:34:09.0902 1564 mpsdrv - ok
21:34:10.0103 1564 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
21:34:10.0103 1564 MRxDAV - ok
21:34:10.0313 1564 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:34:10.0313 1564 mrxsmb - ok
21:34:10.0493 1564 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:34:10.0493 1564 mrxsmb10 - ok
21:34:10.0714 1564 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:34:10.0714 1564 mrxsmb20 - ok
21:34:10.0954 1564 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
21:34:10.0954 1564 msahci - ok
21:34:11.0314 1564 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
21:34:11.0324 1564 msdsm - ok
21:34:11.0875 1564 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:34:11.0885 1564 Msfs - ok
21:34:12.0096 1564 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:34:12.0106 1564 mshidkmdf - ok
21:34:12.0296 1564 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
21:34:12.0296 1564 msisadrv - ok
21:34:12.0566 1564 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:34:12.0566 1564 MSKSSRV - ok
21:34:12.0787 1564 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:34:12.0787 1564 MSPCLOCK - ok
21:34:13.0007 1564 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:34:13.0007 1564 MSPQM - ok
21:34:13.0217 1564 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:34:13.0217 1564 MsRPC - ok
21:34:13.0437 1564 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
21:34:13.0437 1564 mssmbios - ok
21:34:13.0678 1564 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:34:13.0678 1564 MSTEE - ok
21:34:13.0868 1564 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:34:13.0878 1564 MTConfig - ok
21:34:14.0349 1564 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:34:14.0349 1564 Mup - ok
21:34:14.0850 1564 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:34:14.0850 1564 NativeWifiP - ok
21:34:15.0100 1564 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
21:34:15.0110 1564 NDIS - ok
21:34:15.0340 1564 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:34:15.0340 1564 NdisCap - ok
21:34:15.0571 1564 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:34:15.0571 1564 NdisTapi - ok
21:34:15.0791 1564 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
21:34:15.0791 1564 Ndisuio - ok
21:34:15.0991 1564 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
21:34:16.0001 1564 NdisWan - ok
21:34:16.0181 1564 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
21:34:16.0181 1564 NDProxy - ok
21:34:16.0422 1564 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:34:16.0422 1564 NetBIOS - ok
21:34:16.0652 1564 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
21:34:16.0652 1564 NetBT - ok
21:34:17.0513 1564 NETw2v32 (2ba416a948360fcba8016df6dcbc4165) C:\Windows\system32\DRIVERS\NETw2v32.sys
21:34:17.0543 1564 NETw2v32 - ok
21:34:17.0784 1564 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:34:17.0784 1564 nfrd960 - ok
21:34:18.0004 1564 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:34:18.0004 1564 Npfs - ok
21:34:18.0244 1564 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:34:18.0244 1564 nsiproxy - ok
21:34:18.0505 1564 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
21:34:18.0515 1564 Ntfs - ok
21:34:18.0715 1564 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:34:18.0715 1564 Null - ok
21:34:18.0925 1564 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
21:34:18.0925 1564 nvraid - ok
21:34:19.0156 1564 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
21:34:19.0156 1564 nvstor - ok
21:34:19.0356 1564 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
21:34:19.0356 1564 nv_agp - ok
21:34:19.0937 1564 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
21:34:19.0937 1564 ohci1394 - ok
21:34:20.0598 1564 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:34:20.0598 1564 Parport - ok
21:34:20.0808 1564 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
21:34:20.0808 1564 partmgr - ok
21:34:20.0988 1564 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:34:20.0988 1564 Parvdm - ok
21:34:21.0219 1564 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
21:34:21.0219 1564 pci - ok
21:34:21.0429 1564 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
21:34:21.0429 1564 pciide - ok
21:34:21.0629 1564 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:34:21.0629 1564 pcmcia - ok
21:34:21.0840 1564 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:34:21.0840 1564 pcw - ok
21:34:22.0080 1564 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:34:22.0090 1564 PEAUTH - ok
21:34:22.0420 1564 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:34:22.0430 1564 PptpMiniport - ok
21:34:22.0971 1564 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:34:22.0971 1564 Processor - ok
21:34:23.0582 1564 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:34:23.0582 1564 Psched - ok
21:34:24.0103 1564 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:34:24.0113 1564 ql2300 - ok
21:34:24.0323 1564 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:34:24.0323 1564 ql40xx - ok
21:34:24.0553 1564 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:34:24.0553 1564 QWAVEdrv - ok
21:34:24.0754 1564 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:34:24.0754 1564 RasAcd - ok
21:34:24.0984 1564 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:34:24.0984 1564 RasAgileVpn - ok
21:34:25.0214 1564 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:34:25.0214 1564 Rasl2tp - ok
21:34:25.0445 1564 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:34:25.0455 1564 RasPppoe - ok
21:34:25.0665 1564 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:34:25.0665 1564 RasSstp - ok
21:34:25.0875 1564 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
21:34:25.0875 1564 rdbss - ok
21:34:26.0056 1564 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:34:26.0056 1564 rdpbus - ok
21:34:26.0276 1564 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:34:26.0276 1564 RDPCDD - ok
21:34:26.0526 1564 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
21:34:26.0526 1564 RDPDR - ok
21:34:26.0757 1564 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:34:26.0757 1564 RDPENCDD - ok
21:34:26.0947 1564 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:34:26.0957 1564 RDPREFMP - ok
21:34:27.0207 1564 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
21:34:27.0217 1564 RDPWD - ok
21:34:27.0468 1564 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
21:34:27.0468 1564 rdyboost - ok
21:34:27.0738 1564 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:34:27.0738 1564 rspndr - ok
21:34:27.0928 1564 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
21:34:27.0928 1564 s3cap - ok
21:34:28.0169 1564 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
21:34:28.0179 1564 sbp2port - ok
21:34:28.0399 1564 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
21:34:28.0399 1564 scfilter - ok
21:34:28.0679 1564 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
21:34:28.0679 1564 sdbus - ok
21:34:28.0890 1564 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:34:28.0890 1564 secdrv - ok
21:34:29.0190 1564 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:34:29.0190 1564 Serenum - ok
21:34:29.0390 1564 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:34:29.0390 1564 Serial - ok
21:34:29.0601 1564 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:34:29.0601 1564 sermouse - ok
21:34:29.0811 1564 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
21:34:29.0811 1564 sffdisk - ok
21:34:30.0031 1564 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:34:30.0031 1564 sffp_mmc - ok
21:34:30.0242 1564 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:34:30.0242 1564 sffp_sd - ok
21:34:30.0452 1564 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:34:30.0452 1564 sfloppy - ok
21:34:30.0692 1564 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
21:34:30.0692 1564 sisagp - ok
21:34:30.0913 1564 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:34:30.0913 1564 SiSRaid2 - ok
21:34:31.0123 1564 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:34:31.0123 1564 SiSRaid4 - ok
21:34:31.0333 1564 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:34:31.0343 1564 Smb - ok
21:34:31.0604 1564 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:34:31.0604 1564 spldr - ok
21:34:31.0854 1564 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
21:34:31.0854 1564 srv - ok
21:34:32.0084 1564 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
21:34:32.0084 1564 srv2 - ok
21:34:32.0335 1564 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
21:34:32.0335 1564 srvnet - ok
21:34:32.0575 1564 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:34:32.0575 1564 stexstor - ok
21:34:32.0775 1564 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
21:34:32.0775 1564 storflt - ok
21:34:32.0986 1564 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
21:34:32.0996 1564 storvsc - ok
21:34:33.0176 1564 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
21:34:33.0176 1564 swenum - ok
21:34:33.0426 1564 SynTP (6bef3acd6ee22eec55b68699e8aace09) C:\Windows\system32\DRIVERS\SynTP.sys
21:34:33.0426 1564 SynTP - ok
21:34:33.0667 1564 szkg5 (447e6a7c3e7e1cd550a8af889a8209e9) C:\Windows\system32\DRIVERS\szkg.sys
21:34:33.0677 1564 szkg5 - ok
21:34:33.0887 1564 szkgfs (24abe4a9d7faf255f1e4c4fd27b7fe58) C:\Windows\system32\drivers\szkgfs.sys
21:34:33.0887 1564 szkgfs - ok
21:34:34.0187 1564 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
21:34:34.0207 1564 Tcpip - ok
21:34:34.0558 1564 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
21:34:34.0578 1564 TCPIP6 - ok
21:34:34.0808 1564 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
21:34:34.0808 1564 tcpipreg - ok
21:34:35.0019 1564 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
21:34:35.0019 1564 TDPIPE - ok
21:34:35.0209 1564 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
21:34:35.0209 1564 TDTCP - ok
21:34:35.0599 1564 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
21:34:35.0599 1564 tdx - ok
21:34:35.0950 1564 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
21:34:35.0950 1564 TermDD - ok
21:34:36.0210 1564 tifm21 (046ea1353dd599dac9abdcd13504b06c) C:\Windows\system32\drivers\tifm21.sys
21:34:36.0210 1564 tifm21 - ok
21:34:36.0441 1564 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:34:36.0441 1564 tssecsrv - ok
21:34:36.0851 1564 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
21:34:36.0851 1564 tunnel - ok
21:34:37.0051 1564 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:34:37.0051 1564 uagp35 - ok
21:34:37.0282 1564 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
21:34:37.0282 1564 udfs - ok
21:34:37.0532 1564 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:34:37.0532 1564 uliagpkx - ok
21:34:37.0742 1564 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
21:34:37.0742 1564 umbus - ok
21:34:37.0933 1564 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:34:37.0933 1564 UmPass - ok
21:34:38.0153 1564 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:34:38.0153 1564 USBAAPL - ok
21:34:38.0363 1564 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
21:34:38.0363 1564 usbccgp - ok
21:34:38.0584 1564 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
21:34:38.0584 1564 usbcir - ok
21:34:38.0794 1564 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
21:34:38.0794 1564 usbehci - ok
21:34:39.0014 1564 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
21:34:39.0024 1564 usbhub - ok
21:34:39.0225 1564 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
21:34:39.0235 1564 usbohci - ok
21:34:39.0455 1564 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:34:39.0455 1564 usbprint - ok
21:34:39.0705 1564 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:34:39.0705 1564 usbscan - ok
21:34:39.0916 1564 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:34:39.0916 1564 USBSTOR - ok
21:34:40.0116 1564 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
21:34:40.0116 1564 usbuhci - ok
21:34:40.0326 1564 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:34:40.0326 1564 vdrvroot - ok
21:34:40.0566 1564 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:34:40.0576 1564 vga - ok
21:34:40.0807 1564 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:34:40.0807 1564 VgaSave - ok
21:34:41.0037 1564 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
21:34:41.0037 1564 vhdmp - ok
21:34:41.0227 1564 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
21:34:41.0237 1564 viaagp - ok
21:34:41.0438 1564 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:34:41.0438 1564 ViaC7 - ok
21:34:41.0648 1564 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
21:34:41.0648 1564 viaide - ok
21:34:41.0858 1564 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
21:34:41.0858 1564 vmbus - ok
21:34:42.0069 1564 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
21:34:42.0069 1564 VMBusHID - ok
21:34:42.0279 1564 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
21:34:42.0289 1564 volmgr - ok
21:34:42.0489 1564 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:34:42.0489 1564 volmgrx - ok
21:34:42.0820 1564 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
21:34:42.0820 1564 volsnap - ok
21:34:43.0060 1564 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:34:43.0060 1564 vsmraid - ok
21:34:43.0260 1564 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:34:43.0260 1564 vwifibus - ok
21:34:43.0491 1564 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:34:43.0491 1564 WacomPen - ok
21:34:43.0711 1564 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:34:43.0711 1564 WANARP - ok
21:34:43.0731 1564 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:34:43.0731 1564 Wanarpv6 - ok
21:34:44.0011 1564 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:34:44.0011 1564 Wd - ok
21:34:44.0242 1564 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:34:44.0242 1564 Wdf01000 - ok
21:34:44.0522 1564 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:34:44.0522 1564 WfpLwf - ok
21:34:44.0742 1564 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:34:44.0753 1564 WIMMount - ok
21:34:45.0063 1564 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
21:34:45.0063 1564 WinUsb - ok
21:34:45.0283 1564 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:34:45.0283 1564 WmiAcpi - ok
21:34:45.0554 1564 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:34:45.0554 1564 ws2ifsl - ok
21:34:45.0834 1564 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
21:34:45.0844 1564 WudfPf - ok
21:34:46.0074 1564 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:34:46.0074 1564 WUDFRd - ok
21:34:46.0355 1564 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
21:34:46.0365 1564 yukonw7 - ok
21:34:46.0465 1564 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
21:34:46.0495 1564 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:34:46.0495 1564 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:34:46.0505 1564 Boot (0x1200) (21e0110f898354e4691ff10cbdca79de) \Device\Harddisk0\DR0\Partition0
21:34:46.0505 1564 \Device\Harddisk0\DR0\Partition0 - ok
21:34:46.0515 1564 ============================================================
21:34:46.0515 1564 Scan finished
21:34:46.0515 1564 ============================================================
21:34:46.0525 1460 Detected object count: 1
21:34:46.0525 1460 Actual detected object count: 1
21:35:37.0548 1460 \Device\Harddisk0\DR0\# - copied to quarantine
21:35:37.0548 1460 \Device\Harddisk0\DR0 - copied to quarantine
21:35:37.0609 1460 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
21:35:37.0619 1460 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:35:37.0619 1460 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
21:35:37.0619 1460 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
21:35:37.0629 1460 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
21:35:37.0639 1460 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
21:35:37.0639 1460 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
21:35:37.0639 1460 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
21:35:37.0649 1460 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
21:35:37.0649 1460 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
21:35:37.0649 1460 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
21:35:37.0749 1460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:35:37.0749 1460 \Device\Harddisk0\DR0 - ok
21:35:37.0749 1460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
21:35:48.0504 2032 Deinitialize success
  • 0

#7
pfehringer

pfehringer

    Member

  • Member
  • PipPip
  • 23 posts
Right click on Computer and select Manage (Continue) then Services and Applications then Services. Find Computer Browser and right click and select Properties. Change the Startup Type to Disabled. Apply.

When I do this step I get an error message that the file can't be found.
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 13,200 posts
  • MVP
Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download, Save and Right click on unhide.exe and Run As Administrator from

http://download.blee...nler/unhide.exe

Sometimes that will bring back your missing links.

Copy the next line.

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser /s > \junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter the type (with an Enter after the line):

notepad  \junk.txt

  • 0

#9
pfehringer

pfehringer

    Member

  • Member
  • PipPip
  • 23 posts
Ran the program and my start menu is mostly back. The desktop icons I can manually load on. Here are the results you asked for...

20:10:36.0815 6096 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
20:10:37.0957 6096 ============================================================
20:10:37.0957 6096 Current date / time: 2012/02/11 20:10:37.0957
20:10:37.0957 6096 SystemInfo:
20:10:37.0957 6096
20:10:37.0957 6096 OS Version: 6.1.7600 ServicePack: 0.0
20:10:37.0957 6096 Product type: Workstation
20:10:37.0958 6096 ComputerName: PAUL-LAPTOP
20:10:37.0958 6096 UserName: Paul
20:10:37.0958 6096 Windows directory: C:\Windows
20:10:37.0958 6096 System windows directory: C:\Windows
20:10:37.0958 6096 Processor architecture: Intel x86
20:10:37.0958 6096 Number of processors: 1
20:10:37.0958 6096 Page size: 0x1000
20:10:37.0958 6096 Boot type: Normal boot
20:10:37.0958 6096 ============================================================
20:10:40.0100 6096 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1430, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
20:10:40.0103 6096 \Device\Harddisk0\DR0:
20:10:40.0103 6096 MBR used
20:10:40.0103 6096 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A817B1
20:10:40.0132 6096 Initialize success
20:10:40.0132 6096 ============================================================
20:11:12.0962 5080 ============================================================
20:11:12.0962 5080 Scan started
20:11:12.0962 5080 Mode: Manual; SigCheck; TDLFS;
20:11:12.0962 5080 ============================================================
20:11:14.0253 5080 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
20:11:14.0510 5080 1394ohci - ok
20:11:14.0734 5080 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
20:11:14.0773 5080 ACPI - ok
20:11:15.0229 5080 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
20:11:15.0700 5080 AcpiPmi - ok
20:11:16.0018 5080 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:11:16.0137 5080 adp94xx - ok
20:11:16.0474 5080 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:11:16.0517 5080 adpahci - ok
20:11:16.0750 5080 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:11:16.0773 5080 adpu320 - ok
20:11:17.0016 5080 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
20:11:17.0065 5080 AFD - ok
20:11:17.0355 5080 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
20:11:17.0478 5080 AgereSoftModem - ok
20:11:17.0679 5080 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
20:11:17.0700 5080 agp440 - ok
20:11:17.0858 5080 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:11:17.0878 5080 aic78xx - ok
20:11:18.0341 5080 ALCXWDM (7997b6f02cbda0e31fa18cc85871b938) C:\Windows\system32\drivers\RTKVAC.SYS
20:11:18.0791 5080 ALCXWDM - ok
20:11:19.0203 5080 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
20:11:19.0222 5080 aliide - ok
20:11:19.0392 5080 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
20:11:19.0412 5080 amdagp - ok
20:11:19.0579 5080 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
20:11:19.0598 5080 amdide - ok
20:11:19.0761 5080 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:11:19.0808 5080 AmdK8 - ok
20:11:19.0988 5080 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:11:20.0043 5080 AmdPPM - ok
20:11:20.0250 5080 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
20:11:20.0270 5080 amdsata - ok
20:11:20.0923 5080 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:11:21.0011 5080 amdsbs - ok
20:11:21.0222 5080 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
20:11:21.0242 5080 amdxata - ok
20:11:21.0517 5080 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
20:11:21.0668 5080 AppID - ok
20:11:21.0963 5080 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:11:21.0983 5080 arc - ok
20:11:22.0170 5080 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:11:22.0191 5080 arcsas - ok
20:11:22.0354 5080 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:11:22.0463 5080 AsyncMac - ok
20:11:22.0708 5080 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
20:11:22.0738 5080 atapi - ok
20:11:22.0978 5080 AVGIDSDriver (b9acb889ba1e0561868c025f95d63e25) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
20:11:23.0004 5080 AVGIDSDriver - ok
20:11:23.0191 5080 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
20:11:23.0213 5080 AVGIDSEH - ok
20:11:23.0396 5080 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
20:11:23.0422 5080 AVGIDSFilter - ok
20:11:23.0643 5080 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
20:11:23.0678 5080 AVGIDSShim - ok
20:11:23.0895 5080 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
20:11:23.0930 5080 Avgldx86 - ok
20:11:24.0162 5080 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
20:11:24.0189 5080 Avgmfx86 - ok
20:11:24.0405 5080 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
20:11:24.0428 5080 Avgrkx86 - ok
20:11:24.0629 5080 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
20:11:24.0662 5080 Avgtdix - ok
20:11:24.0911 5080 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:11:25.0005 5080 b06bdrv - ok
20:11:25.0224 5080 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:11:25.0277 5080 b57nd60x - ok
20:11:25.0662 5080 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:11:25.0745 5080 Beep - ok
20:11:25.0956 5080 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:11:26.0016 5080 blbdrive - ok
20:11:26.0295 5080 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
20:11:26.0374 5080 bowser - ok
20:11:26.0557 5080 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:11:26.0607 5080 BrFiltLo - ok
20:11:26.0765 5080 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:11:26.0823 5080 BrFiltUp - ok
20:11:27.0039 5080 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
20:11:27.0121 5080 BridgeMP - ok
20:11:27.0284 5080 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:11:27.0350 5080 Brserid - ok
20:11:27.0502 5080 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:11:27.0557 5080 BrSerWdm - ok
20:11:27.0710 5080 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:11:27.0774 5080 BrUsbMdm - ok
20:11:27.0926 5080 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:11:27.0985 5080 BrUsbSer - ok
20:11:28.0138 5080 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:11:28.0201 5080 BTHMODEM - ok
20:11:28.0416 5080 catchme - ok
20:11:28.0594 5080 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:11:28.0676 5080 cdfs - ok
20:11:28.0890 5080 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
20:11:28.0946 5080 cdrom - ok
20:11:29.0139 5080 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:11:29.0199 5080 circlass - ok
20:11:29.0350 5080 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:11:29.0384 5080 CLFS - ok
20:11:29.0630 5080 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:11:29.0688 5080 CmBatt - ok
20:11:29.0850 5080 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
20:11:29.0873 5080 cmdide - ok
20:11:30.0055 5080 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
20:11:30.0125 5080 CNG - ok
20:11:30.0382 5080 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:11:30.0452 5080 Compbatt - ok
20:11:30.0668 5080 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:11:30.0868 5080 CompositeBus - ok
20:11:31.0135 5080 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:11:31.0205 5080 crcdisk - ok
20:11:31.0395 5080 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
20:11:31.0541 5080 CSC - ok
20:11:31.0787 5080 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
20:11:31.0871 5080 DfsC - ok
20:11:32.0104 5080 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:11:32.0182 5080 discache - ok
20:11:32.0418 5080 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:11:32.0449 5080 Disk - ok
20:11:32.0661 5080 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:11:32.0741 5080 drmkaud - ok
20:11:32.0936 5080 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
20:11:32.0994 5080 DXGKrnl - ok
20:11:33.0427 5080 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:11:33.0755 5080 ebdrv - ok
20:11:34.0028 5080 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:11:34.0062 5080 elxstor - ok
20:11:34.0250 5080 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
20:11:34.0304 5080 ErrDev - ok
20:11:34.0492 5080 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:11:34.0560 5080 exfat - ok
20:11:34.0722 5080 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:11:34.0817 5080 fastfat - ok
20:11:35.0044 5080 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:11:35.0099 5080 fdc - ok
20:11:35.0281 5080 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:11:35.0301 5080 FileInfo - ok
20:11:35.0471 5080 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:11:35.0594 5080 Filetrace - ok
20:11:36.0238 5080 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:11:36.0339 5080 flpydisk - ok
20:11:36.0854 5080 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:11:36.0877 5080 FltMgr - ok
20:11:37.0309 5080 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:11:37.0338 5080 FsDepends - ok
20:11:37.0849 5080 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
20:11:37.0867 5080 Fs_Rec - ok
20:11:38.0208 5080 FTDIBUS (8142d5d886829b9876cb93af59475c09) C:\Windows\system32\drivers\ftdibus.sys
20:11:38.0223 5080 FTDIBUS - ok
20:11:38.0454 5080 FTSER2K (63d72a4cf9f163b59db0ceed940a7d76) C:\Windows\system32\drivers\ftser2k.sys
20:11:38.0504 5080 FTSER2K - ok
20:11:38.0724 5080 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
20:11:38.0754 5080 fvevol - ok
20:11:39.0043 5080 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:11:39.0061 5080 gagp30kx - ok
20:11:39.0251 5080 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:11:39.0266 5080 GEARAspiWDM - ok
20:11:39.0467 5080 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys
20:11:39.0557 5080 grmnusb - ok
20:11:39.0931 5080 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:11:40.0020 5080 hcw85cir - ok
20:11:40.0207 5080 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:11:40.0268 5080 HDAudBus - ok
20:11:40.0446 5080 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:11:40.0503 5080 HidBatt - ok
20:11:40.0710 5080 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:11:40.0774 5080 HidBth - ok
20:11:40.0971 5080 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:11:41.0031 5080 HidIr - ok
20:11:41.0331 5080 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
20:11:41.0388 5080 HidUsb - ok
20:11:41.0639 5080 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:11:41.0670 5080 HpSAMD - ok
20:11:41.0850 5080 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
20:11:41.0966 5080 HTTP - ok
20:11:42.0158 5080 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
20:11:42.0173 5080 hwpolicy - ok
20:11:42.0358 5080 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
20:11:42.0392 5080 i8042prt - ok
20:11:43.0113 5080 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\Windows\system32\DRIVERS\igxpmp32.sys
20:11:43.0639 5080 ialm - ok
20:11:43.0871 5080 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
20:11:43.0915 5080 iaStorV - ok
20:11:44.0135 5080 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:11:44.0154 5080 iirsp - ok
20:11:44.0334 5080 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
20:11:44.0352 5080 intelide - ok
20:11:44.0523 5080 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:11:44.0596 5080 intelppm - ok
20:11:44.0900 5080 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:11:44.0979 5080 IpFilterDriver - ok
20:11:45.0188 5080 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:11:45.0244 5080 IPMIDRV - ok
20:11:45.0419 5080 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:11:45.0507 5080 IPNAT - ok
20:11:45.0743 5080 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:11:45.0808 5080 IRENUM - ok
20:11:46.0003 5080 is3srv (447e6a7c3e7e1cd550a8af889a8209e9) C:\Windows\system32\drivers\is3srv.sys
20:11:46.0061 5080 is3srv - ok
20:11:46.0241 5080 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
20:11:46.0273 5080 isapnp - ok
20:11:46.0799 5080 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
20:11:46.0916 5080 iScsiPrt - ok
20:11:47.0135 5080 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:11:47.0153 5080 kbdclass - ok
20:11:47.0319 5080 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
20:11:47.0380 5080 kbdhid - ok
20:11:47.0585 5080 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
20:11:47.0606 5080 KSecDD - ok
20:11:47.0790 5080 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
20:11:47.0824 5080 KSecPkg - ok
20:11:48.0059 5080 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:11:48.0148 5080 lltdio - ok
20:11:48.0395 5080 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:11:48.0434 5080 LSI_FC - ok
20:11:48.0599 5080 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:11:48.0619 5080 LSI_SAS - ok
20:11:48.0841 5080 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:11:48.0873 5080 LSI_SAS2 - ok
20:11:49.0042 5080 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:11:49.0071 5080 LSI_SCSI - ok
20:11:49.0229 5080 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:11:49.0323 5080 luafv - ok
20:11:49.0511 5080 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:11:49.0531 5080 megasas - ok
20:11:49.0742 5080 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:11:49.0767 5080 MegaSR - ok
20:11:49.0951 5080 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:11:50.0039 5080 Modem - ok
20:11:50.0289 5080 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:11:50.0345 5080 monitor - ok
20:11:50.0568 5080 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
20:11:50.0587 5080 mouclass - ok
20:11:50.0969 5080 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:11:51.0055 5080 mouhid - ok
20:11:51.0267 5080 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
20:11:51.0285 5080 mountmgr - ok
20:11:51.0448 5080 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
20:11:51.0469 5080 mpio - ok
20:11:51.0629 5080 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:11:51.0901 5080 mpsdrv - ok
20:11:52.0137 5080 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
20:11:52.0219 5080 MRxDAV - ok
20:11:52.0412 5080 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:11:52.0525 5080 mrxsmb - ok
20:11:52.0715 5080 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:11:52.0786 5080 mrxsmb10 - ok
20:11:52.0960 5080 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:11:52.0995 5080 mrxsmb20 - ok
20:11:53.0161 5080 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
20:11:53.0179 5080 msahci - ok
20:11:53.0352 5080 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
20:11:53.0375 5080 msdsm - ok
20:11:53.0616 5080 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:11:53.0672 5080 Msfs - ok
20:11:53.0990 5080 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:11:54.0093 5080 mshidkmdf - ok
20:11:54.0287 5080 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
20:11:54.0306 5080 msisadrv - ok
20:11:54.0566 5080 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:11:54.0654 5080 MSKSSRV - ok
20:11:54.0892 5080 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:11:54.0978 5080 MSPCLOCK - ok
20:11:55.0352 5080 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:11:55.0454 5080 MSPQM - ok
20:11:55.0932 5080 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:11:55.0955 5080 MsRPC - ok
20:11:56.0484 5080 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
20:11:56.0503 5080 mssmbios - ok
20:11:57.0073 5080 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:11:57.0175 5080 MSTEE - ok
20:11:57.0556 5080 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:11:57.0632 5080 MTConfig - ok
20:11:58.0027 5080 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:11:58.0046 5080 Mup - ok
20:11:58.0463 5080 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:11:58.0539 5080 NativeWifiP - ok
20:11:59.0137 5080 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
20:11:59.0247 5080 NDIS - ok
20:11:59.0735 5080 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:11:59.0836 5080 NdisCap - ok
20:12:00.0211 5080 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:12:00.0295 5080 NdisTapi - ok
20:12:00.0736 5080 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
20:12:00.0837 5080 Ndisuio - ok
20:12:01.0210 5080 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
20:12:01.0270 5080 NdisWan - ok
20:12:01.0611 5080 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
20:12:01.0670 5080 NDProxy - ok
20:12:01.0989 5080 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:12:02.0088 5080 NetBIOS - ok
20:12:02.0509 5080 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
20:12:02.0619 5080 NetBT - ok
20:12:03.0524 5080 NETw2v32 (2ba416a948360fcba8016df6dcbc4165) C:\Windows\system32\DRIVERS\NETw2v32.sys
20:12:03.0767 5080 NETw2v32 - ok
20:12:04.0095 5080 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:12:04.0114 5080 nfrd960 - ok
20:12:04.0430 5080 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:12:04.0645 5080 Npfs - ok
20:12:04.0879 5080 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:12:04.0975 5080 nsiproxy - ok
20:12:05.0670 5080 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
20:12:05.0875 5080 Ntfs - ok
20:12:06.0236 5080 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:12:06.0396 5080 Null - ok
20:12:06.0647 5080 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
20:12:06.0668 5080 nvraid - ok
20:12:07.0031 5080 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
20:12:07.0054 5080 nvstor - ok
20:12:07.0377 5080 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
20:12:07.0413 5080 nv_agp - ok
20:12:07.0844 5080 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
20:12:07.0902 5080 ohci1394 - ok
20:12:08.0472 5080 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:12:08.0507 5080 Parport - ok
20:12:08.0930 5080 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
20:12:08.0964 5080 partmgr - ok
20:12:09.0298 5080 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:12:09.0431 5080 Parvdm - ok
20:12:09.0905 5080 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
20:12:09.0928 5080 pci - ok
20:12:10.0214 5080 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
20:12:10.0232 5080 pciide - ok
20:12:10.0548 5080 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:12:10.0571 5080 pcmcia - ok
20:12:10.0985 5080 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:12:11.0017 5080 pcw - ok
20:12:11.0542 5080 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:12:11.0640 5080 PEAUTH - ok
20:12:12.0172 5080 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:12:12.0320 5080 PptpMiniport - ok
20:12:12.0871 5080 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:12:12.0942 5080 Processor - ok
20:12:13.0388 5080 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:12:13.0482 5080 Psched - ok
20:12:14.0198 5080 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:12:14.0463 5080 ql2300 - ok
20:12:14.0900 5080 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:12:14.0921 5080 ql40xx - ok
20:12:15.0402 5080 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:12:15.0440 5080 QWAVEdrv - ok
20:12:15.0990 5080 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:12:16.0116 5080 RasAcd - ok
20:12:16.0489 5080 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:12:16.0553 5080 RasAgileVpn - ok
20:12:17.0055 5080 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:12:17.0149 5080 Rasl2tp - ok
20:12:17.0661 5080 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:12:17.0758 5080 RasPppoe - ok
20:12:18.0100 5080 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:12:18.0159 5080 RasSstp - ok
20:12:18.0584 5080 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
20:12:18.0703 5080 rdbss - ok
20:12:19.0093 5080 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:12:19.0171 5080 rdpbus - ok
20:12:19.0650 5080 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:12:19.0741 5080 RDPCDD - ok
20:12:20.0162 5080 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
20:12:20.0300 5080 RDPDR - ok
20:12:20.0483 5080 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:12:20.0602 5080 RDPENCDD - ok
20:12:20.0993 5080 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:12:21.0197 5080 RDPREFMP - ok
20:12:21.0751 5080 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
20:12:21.0823 5080 RDPWD - ok
20:12:22.0253 5080 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
20:12:22.0276 5080 rdyboost - ok
20:12:22.0736 5080 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:12:22.0938 5080 rspndr - ok
20:12:23.0243 5080 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
20:12:23.0332 5080 s3cap - ok
20:12:23.0831 5080 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
20:12:23.0868 5080 sbp2port - ok
20:12:24.0364 5080 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
20:12:24.0471 5080 scfilter - ok
20:12:24.0878 5080 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
20:12:24.0985 5080 sdbus - ok
20:12:25.0310 5080 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:12:25.0420 5080 secdrv - ok
20:12:25.0689 5080 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:12:25.0726 5080 Serenum - ok
20:12:25.0902 5080 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:12:25.0974 5080 Serial - ok
20:12:26.0196 5080 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:12:26.0258 5080 sermouse - ok
20:12:26.0491 5080 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
20:12:26.0550 5080 sffdisk - ok
20:12:26.0727 5080 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:12:26.0789 5080 sffp_mmc - ok
20:12:26.0977 5080 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:12:27.0013 5080 sffp_sd - ok
20:12:27.0192 5080 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:12:27.0310 5080 sfloppy - ok
20:12:27.0503 5080 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
20:12:27.0544 5080 sisagp - ok
20:12:27.0722 5080 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:12:27.0741 5080 SiSRaid2 - ok
20:12:27.0901 5080 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:12:27.0922 5080 SiSRaid4 - ok
20:12:28.0090 5080 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:12:28.0186 5080 Smb - ok
20:12:28.0415 5080 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:12:28.0433 5080 spldr - ok
20:12:28.0649 5080 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
20:12:28.0762 5080 srv - ok
20:12:28.0991 5080 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
20:12:29.0068 5080 srv2 - ok
20:12:29.0285 5080 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
20:12:29.0349 5080 srvnet - ok
20:12:29.0573 5080 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:12:29.0591 5080 stexstor - ok
20:12:29.0799 5080 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
20:12:29.0818 5080 storflt - ok
20:12:29.0985 5080 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
20:12:30.0021 5080 storvsc - ok
20:12:30.0176 5080 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
20:12:30.0194 5080 swenum - ok
20:12:30.0774 5080 SynTP (6bef3acd6ee22eec55b68699e8aace09) C:\Windows\system32\DRIVERS\SynTP.sys
20:12:30.0939 5080 SynTP - ok
20:12:31.0148 5080 szkg5 (447e6a7c3e7e1cd550a8af889a8209e9) C:\Windows\system32\DRIVERS\szkg.sys
20:12:31.0181 5080 szkg5 - ok
20:12:31.0393 5080 szkgfs (24abe4a9d7faf255f1e4c4fd27b7fe58) C:\Windows\system32\drivers\szkgfs.sys
20:12:31.0470 5080 szkgfs - ok
20:12:31.0776 5080 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
20:12:31.0867 5080 Tcpip - ok
20:12:32.0173 5080 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
20:12:32.0221 5080 TCPIP6 - ok
20:12:32.0404 5080 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
20:12:32.0493 5080 tcpipreg - ok
20:12:32.0682 5080 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
20:12:32.0763 5080 TDPIPE - ok
20:12:33.0074 5080 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
20:12:33.0167 5080 TDTCP - ok
20:12:33.0340 5080 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
20:12:33.0434 5080 tdx - ok
20:12:33.0614 5080 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
20:12:33.0664 5080 TermDD - ok
20:12:33.0913 5080 tifm21 (046ea1353dd599dac9abdcd13504b06c) C:\Windows\system32\drivers\tifm21.sys
20:12:34.0006 5080 tifm21 - ok
20:12:34.0230 5080 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:12:34.0330 5080 tssecsrv - ok
20:12:34.0549 5080 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
20:12:34.0635 5080 tunnel - ok
20:12:34.0855 5080 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:12:34.0893 5080 uagp35 - ok
20:12:35.0077 5080 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
20:12:35.0165 5080 udfs - ok
20:12:35.0350 5080 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:12:35.0391 5080 uliagpkx - ok
20:12:35.0579 5080 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
20:12:35.0653 5080 umbus - ok
20:12:35.0818 5080 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:12:35.0884 5080 UmPass - ok
20:12:36.0142 5080 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
20:12:36.0303 5080 USBAAPL - ok
20:12:36.0534 5080 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
20:12:36.0651 5080 usbccgp - ok
20:12:36.0829 5080 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
20:12:36.0876 5080 usbcir - ok
20:12:37.0033 5080 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
20:12:37.0107 5080 usbehci - ok
20:12:37.0297 5080 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
20:12:37.0353 5080 usbhub - ok
20:12:37.0517 5080 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
20:12:37.0588 5080 usbohci - ok
20:12:37.0767 5080 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:12:37.0825 5080 usbprint - ok
20:12:38.0008 5080 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
20:12:38.0077 5080 usbscan - ok
20:12:38.0239 5080 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:12:38.0327 5080 USBSTOR - ok
20:12:38.0499 5080 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
20:12:38.0564 5080 usbuhci - ok
20:12:38.0973 5080 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:12:38.0992 5080 vdrvroot - ok
20:12:39.0244 5080 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:12:39.0314 5080 vga - ok
20:12:39.0510 5080 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:12:39.0574 5080 VgaSave - ok
20:12:39.0746 5080 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
20:12:39.0789 5080 vhdmp - ok
20:12:40.0004 5080 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
20:12:40.0023 5080 viaagp - ok
20:12:40.0203 5080 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:12:40.0264 5080 ViaC7 - ok
20:12:40.0433 5080 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
20:12:40.0483 5080 viaide - ok
20:12:40.0658 5080 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
20:12:40.0684 5080 vmbus - ok
20:12:40.0871 5080 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
20:12:40.0910 5080 VMBusHID - ok
20:12:41.0081 5080 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
20:12:41.0121 5080 volmgr - ok
20:12:41.0304 5080 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:12:41.0330 5080 volmgrx - ok
20:12:41.0492 5080 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
20:12:41.0553 5080 volsnap - ok
20:12:41.0744 5080 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:12:41.0767 5080 vsmraid - ok
20:12:41.0939 5080 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
20:12:42.0018 5080 vwifibus - ok
20:12:42.0308 5080 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:12:42.0369 5080 WacomPen - ok
20:12:42.0591 5080 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:12:42.0702 5080 WANARP - ok
20:12:42.0727 5080 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:12:42.0793 5080 Wanarpv6 - ok
20:12:43.0068 5080 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:12:43.0086 5080 Wd - ok
20:12:43.0277 5080 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:12:43.0332 5080 Wdf01000 - ok
20:12:43.0617 5080 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:12:43.0698 5080 WfpLwf - ok
20:12:43.0875 5080 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:12:43.0893 5080 WIMMount - ok
20:12:44.0215 5080 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
20:12:44.0257 5080 WinUsb - ok
20:12:44.0480 5080 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:12:44.0548 5080 WmiAcpi - ok
20:12:44.0816 5080 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:12:44.0903 5080 ws2ifsl - ok
20:12:45.0165 5080 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
20:12:45.0265 5080 WudfPf - ok
20:12:45.0491 5080 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:12:45.0587 5080 WUDFRd - ok
20:12:45.0956 5080 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
20:12:46.0009 5080 yukonw7 - ok
20:12:46.0130 5080 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:12:46.0215 5080 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:12:46.0215 5080 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:12:46.0238 5080 Boot (0x1200) (21e0110f898354e4691ff10cbdca79de) \Device\Harddisk0\DR0\Partition0
20:12:46.0239 5080 \Device\Harddisk0\DR0\Partition0 - ok
20:12:46.0250 5080 ============================================================
20:12:46.0250 5080 Scan finished
20:12:46.0250 5080 ============================================================
20:12:46.0288 0388 Detected object count: 1


And....


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser
DisplayName REG_SZ @%systemroot%\system32\browser.dll,-100
Group REG_SZ NetworkProvider
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
Description REG_SZ @%systemroot%\system32\browser.dll,-101
ObjectName REG_SZ LocalSystem
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x3
Type REG_DWORD 0x20
DependOnService REG_MULTI_SZ LanmanWorkstation\0LanmanServer
FailureActions REG_BINARY 840300000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\browser.dll
ServiceDllUnloadOnStop REG_DWORD 0x1
MaintainServerList REG_SZ Auto

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser\TriggerInfo

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser\TriggerInfo\0
Type REG_DWORD 0x4
Action REG_DWORD 0x1
GUID REG_BINARY 079E56B72184E04EAD1086915AFDAD09
Data0 REG_BINARY 31003300390000005400430050000000530079007300740065006D0000000000
DataType0 REG_DWORD 0x2
Data1 REG_BINARY 31003300370000005500440050000000530079007300740065006D0000000000
DataType1 REG_DWORD 0x2
Data2 REG_BINARY 31003300380000005500440050000000530079007300740065006D0000000000
DataType2 REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser\TriggerInfo\1
Type REG_DWORD 0x4
Action REG_DWORD 0x2
GUID REG_BINARY 38ED44A1128EE44D9D96E64740B1A524
Data0 REG_BINARY 31003300390000005400430050000000530079007300740065006D0000000000
DataType0 REG_DWORD 0x2
Data1 REG_BINARY 31003300370000005500440050000000530079007300740065006D0000000000
DataType1 REG_DWORD 0x2
Data2 REG_BINARY 31003300380000005500440050000000530079007300740065006D0000000000
DataType2 REG_DWORD 0x2


20:12:46.0288 0388 Actual detected object count: 1
20:13:19.0119 0388 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:13:19.0120 0388 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0

#10
pfehringer

pfehringer

    Member

  • Member
  • PipPip
  • 23 posts
Just checked and it brought back my start menu folders, but they are all empty. No program starts in them.
  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 13,200 posts
  • MVP
Run TDSSKiller again and have it delete the TDSS (Change the SKIP to Delete):

20:13:19.0119 0388 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:13:19.0120 0388 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Then reboot and run TDSSKiller again.

See if you have the file:

C:\windows\system32\browser.dll

Run OTL, Quickscan and post the log.
  • 0

#12
pfehringer

pfehringer

    Member

  • Member
  • PipPip
  • 23 posts
Yes, browser.dll is there. Below is the log from OTL...

OTL logfile created on: 2/12/2012 12:36:56 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Paul\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.02% Memory free
2.23 Gb Paging File | 1.10 Gb Available in Paging File | 49.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 1.01 Gb Free Space | 2.72% Space Free | Partition Type: NTFS

Computer Name: PAUL-LAPTOP | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/12 12:34:19 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/09 18:29:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
PRC - [2012/01/31 19:58:06 | 000,068,648 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/17 20:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/04/05 07:26:34 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/03 19:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/03/03 19:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/07/26 13:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/19 16:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/12 12:34:19 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/15 06:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/31 19:58:06 | 000,068,648 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/05 07:26:34 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/03/03 19:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/20 18:06:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/01/04 13:06:32 | 000,072,080 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2011/09/26 11:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2011/09/26 11:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2011/05/27 18:05:32 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/07/12 13:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2010/07/12 13:48:56 | 000,073,032 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/06/18 19:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/03/07 02:08:46 | 002,595,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2005/06/03 15:50:40 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15557&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 D4 99 CE 42 AF CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Good Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Paul\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Paul\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/04 16:29:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/12 12:34:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/11 15:55:34 | 000,000,000 | ---D | M]

[2010/02/16 15:13:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Extensions
[2012/02/09 20:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\tb66223y.default\extensions
[2011/09/08 11:44:45 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\tb66223y.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/04/14 18:18:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\tb66223y.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}-trash
[2010/08/16 19:53:07 | 000,002,555 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\tb66223y.default\searchplugins\askcom.xml
[2011/11/08 17:50:00 | 000,001,599 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\tb66223y.default\searchplugins\good-search.xml
[2012/02/12 12:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/12 12:34:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/12 12:34:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/12 12:34:13 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/09 21:24:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Video Converter... - C:\Program Files\Media Player Utilities 5.22\AVIConverter\grab.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EC46DF4-E396-467E-82D7-3600CC429D45}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75C2AB1D-0AAA-48EE-BA98-822F58CA39F4}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/11 09:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/02/11 09:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/09 21:35:37 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/09 21:32:29 | 002,059,824 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Paul\Desktop\tdsskiller.exe
[2012/02/09 21:30:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/09 21:30:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/09 21:30:22 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\temp
[2012/02/09 21:09:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/09 21:09:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/09 21:09:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/09 21:09:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/09 21:04:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/09 20:41:40 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
[2012/02/09 20:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/09 20:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/09 20:41:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/09 20:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/09 20:24:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/09 18:29:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2012/02/08 19:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2012/02/08 19:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2012/02/08 19:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2012/02/08 10:20:00 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/31 19:58:00 | 000,547,880 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2012/01/31 19:58:00 | 000,482,344 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2012/01/31 19:58:00 | 000,134,184 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2012/01/31 19:58:00 | 000,024,616 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2012/01/31 19:57:58 | 000,457,768 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2012/01/31 19:57:58 | 000,392,232 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2012/01/31 19:57:58 | 000,105,512 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2012/01/31 19:57:58 | 000,101,416 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2012/01/31 19:57:58 | 000,068,648 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2012/01/31 19:57:58 | 000,030,248 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2012/01/31 19:57:56 | 000,810,024 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2012/01/31 19:57:56 | 000,232,488 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2012/01/30 18:47:17 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\24 liberty
[2012/01/14 20:48:46 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media Player Utilities 5.22
[2012/01/14 20:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Utilities 5.22
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/12 12:44:47 | 000,001,705 | ---- | M] () -- C:\Users\Paul\Desktop\QBW32PremierNonprofit - Shortcut.lnk
[2012/02/12 12:34:28 | 000,001,994 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/12 12:32:52 | 000,015,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/12 12:32:50 | 000,015,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/12 12:28:48 | 000,000,280 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2012/02/12 12:24:04 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/02/12 12:22:42 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/12 12:21:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/12 12:21:37 | 1603,915,776 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/12 12:19:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/12 12:08:55 | 088,773,504 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/02/10 17:07:02 | 000,307,407 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/02/09 21:32:44 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Paul\Desktop\tdsskiller.exe
[2012/02/09 21:24:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/09 20:41:33 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/09 18:29:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2012/02/08 18:15:47 | 000,001,105 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/02/08 18:02:25 | 000,631,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/08 18:02:25 | 000,109,310 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/31 19:58:00 | 000,547,880 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2012/01/31 19:58:00 | 000,482,344 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2012/01/31 19:58:00 | 000,134,184 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2012/01/31 19:58:00 | 000,024,616 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2012/01/31 19:57:58 | 000,457,768 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2012/01/31 19:57:58 | 000,392,232 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2012/01/31 19:57:58 | 000,105,512 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2012/01/31 19:57:58 | 000,101,416 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2012/01/31 19:57:58 | 000,068,648 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2012/01/31 19:57:58 | 000,030,248 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2012/01/31 19:57:56 | 000,810,024 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2012/01/31 19:57:56 | 000,232,488 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/12 12:44:47 | 000,001,705 | ---- | C] () -- C:\Users\Paul\Desktop\QBW32PremierNonprofit - Shortcut.lnk
[2012/02/12 12:28:48 | 000,000,280 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2012/02/11 09:29:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/02/09 21:09:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/09 21:09:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/09 21:09:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/09 21:09:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/09 21:09:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/09 20:41:33 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/07/12 17:00:41 | 000,007,605 | ---- | C] () -- C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
[2011/05/11 20:38:32 | 000,008,704 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/29 09:57:24 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/05/05 14:13:34 | 000,000,092 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010/03/26 08:14:31 | 000,000,078 | ---- | C] () -- C:\Windows\ricdb.ini
[2010/03/26 08:14:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\RPCS.ini
[2010/02/21 20:12:02 | 000,000,140 | ---- | C] () -- C:\Windows\pstudio.ini
[2010/02/21 20:12:02 | 000,000,021 | ---- | C] () -- C:\Windows\mp_setup.ini
[2010/02/21 20:12:01 | 000,059,776 | ---- | C] () -- C:\Windows\System32\FLORA16.DLL
[2010/02/19 17:36:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/02/17 19:58:47 | 000,000,445 | ---- | C] () -- C:\Windows\System32\gmsblist.dll
[2010/02/17 09:10:30 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2010/02/17 08:47:45 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,414,520 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,631,224 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,109,310 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/14 07:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2007/01/13 10:46:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v4764.dll
[2006/09/18 13:37:50 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2006/09/18 13:37:48 | 000,667,280 | ---- | C] () -- C:\Windows\System32\tx12.dll
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AMV_DecDLL.dll
[2004/01/13 17:46:34 | 000,172,032 | ---- | C] () -- C:\Windows\System32\tifmicon.dll

========== LOP Check ==========

[2010/11/13 20:40:20 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\AVG
[2010/11/13 20:14:51 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\AVG10
[2011/02/19 20:47:16 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Bandit
[2010/09/29 18:45:17 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Canon
[2011/02/13 19:33:02 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/18 19:42:18 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Facebook
[2010/10/05 19:34:36 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GARMIN
[2011/12/05 16:31:46 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\gsak
[2011/11/08 20:22:40 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OpenCandy
[2011/12/16 22:22:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Orbit
[2011/11/08 20:23:02 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ProgSense
[2011/04/28 15:58:27 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\webex
[2010/02/19 20:14:12 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\WinBatch
[2012/02/09 17:46:01 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Thanks!
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 13,200 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c



:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]



then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will not reboot the PC when it is done. Save the log and copy and paste it into a reply.
  • 0

#14
pfehringer

pfehringer

    Member

  • Member
  • PipPip
  • 23 posts
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Paul\Desktop\cmd.bat deleted successfully.
C:\Users\Paul\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Paul\Desktop\cmd.bat deleted successfully.
C:\Users\Paul\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Paul\Desktop\cmd.bat deleted successfully.
C:\Users\Paul\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Paul\Desktop\cmd.bat deleted successfully.
C:\Users\Paul\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Paul
->Flash cache emptied: 1089 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Paul
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02122012_142438
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 13,200 posts
  • MVP
Nothing in the usual place. Guess we have to do it the hard way:

Restore Accessories Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Ensure that the following check boxes are checked (as seen in this image below):

Posted Image

Once they are, click on the Restore button.



Restore Admin Tools Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Click on the Restore Administrative Tools Items button.

As seen in this image below:

Posted Image

This next one will produce the necessary shortcut links which you can cut and paste into the start menu folder

To use this download the attached zip file
Extract the repair.vbs file to your destop
Run the repair.vbs
It will ask for a folder name call it recovery
The tool will let you know when it is finished
On the desktop will be a recovery folder
Open the folder
Cut and Paste the links that you want to C:\documents and settings\your name\start menu
Posted Image
Posted Image

Ron

Attached Files


  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured