Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Rootkit Zero Access Trojan / Virus

This is a discussion on Rootkit Zero Access Trojan / Virus within the Resolved HJT Threads forums, part of the Tech Support Forum category. System Dell Duo inspiron 1090 Windows 7 Home Premium Machine has been infected by above mentioned virus this was deduced


 
 
Thread Tools Search this Thread
Old 11-09-2011, 02:18 PM   #1
Registered Member
 
Join Date: Nov 2011
Posts: 45
OS: windows 7 home premium



System Dell Duo inspiron 1090 Windows 7 Home Premium Machine has been infected by above mentioned virus this was deduced by running task manager and the top process read something 778686798.123456.exe then browsing google to see what I could find it couldn't be stopped and it has disabled all virus checkers and anything trying to remove it and it jumped to various websites at random intervals as well

The actual process now seems to have gone but it has disabled all internet connection's and i am unable to restore them also no virus program will either run or uninstall which is why i am using a separate pc to surf the net as the dell has no internet capability

Virus appears to have been acquired via yes you guessed a torrent website ie piratebay.org as a keygen for final cut 5 studio which I was trying to run on a hackingtosh type machine which has now been abandoned

I'm thinking of using dells own inbut restore my machine back to factory settings and starting again but will this completely clear out the virus or does it need a total format of the whole drive to get rid of it

Thanks for any help offered
bigfoot57 is offline  
Sponsored Links
Advertisement
 
Old 11-11-2011, 03:49 PM   #2
Security Team
Analyst
 
Join Date: Sep 2010
Location: Maryland
Posts: 565
OS: Windows 7 64-bit



The .exe file you described is indeed symptomatic of a Zero Access infection. This infection has several components, and it is important we identify them all prior to trying to remove it. I think it is very likely we can take care of this without you needing to reformat your hard drive.

Please print out the following instructions so you will have them when you run the scans on the infected machine. I'd like you to download the necessary files to a USB drive and then transfer them to the infected machine to run them. If you encounter any issues running them, please post back and let me know.


Download and Run DDS by sUBs

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Save both reports to your desktop.
---------------------------------------------------

Please Please copy / paste the scan reults.

DDS.txt and Attach.txt






Please read carefully and follow these steps. There is a difference between what you see in one of the images below and what I need you to do.
We are only creating a log - I do NOT want you to "cure" or try to fix anything in this step. It is very important that you don't choose Cure when presented with that option.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.




  • If an infected file is detected, the default action will be Cure but I want you to choose SKIP instead , click on Continue.




  • If a suspicious file is detected, the default action will be Skip, click on Continue.




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
patndoris is offline  
Old 11-12-2011, 03:00 AM   #3
Registered Member
 
Join Date: Nov 2011
Posts: 45
OS: windows 7 home premium



Could only find 1 log file contents pasted below hope this is correct once again thanks for your help with this.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Administrator at 10:35:39 on 2011-11-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2036.672 [GMT 0:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell Wireless\Ath_CoexAgent.exe
C:\Program Files\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Windows\system32\CxAudMsg32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\vmnat.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell\duo Stage\duoStage.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Dell DataSafe Local Backup\SftVss.exe
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\conhost.exe
svchost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.babylon.com/?babsrc=HP_ss&affID=18474&mntrId=1844e1a400000000000092252cc31e74
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.4.35.10\bh\BabylonToolbar.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.35.10\BabylonToolbarTlbr.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [replay_telecorder_skype] c:\program files\replay telecorder for skype\replay_telecorder_skype.exe /start_context sys_auto
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [AtherosBtStack] "c:\program files\dell wireless\bluetooth suite\BtvStack.exe"
mRun: [AthBtTray] "c:\program files\dell wireless\bluetooth suite\AthBtTray.exe"
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [Dell Magneto Popup] c:\program files\stmicroelectronics\accelerometer-magnetometer\PopUp_DM.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Syncables] c:\program files\syncables\syncables desktop\syncables.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Stage Remote] c:\program files\dell\stage remote\StageRemote.exe -Quiet
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\admini~1.col\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\delldu~1.lnk - c:\program files\dell\duo stage\duoStage.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\freeme~1.lnk - c:\program files\freemeter\FreeMeter.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\utorrent.lnk - c:\program files\utorrent\uTorrent.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: Interfaces\{8B498DBD-B098-4D2E-BCF2-380866CE863E} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{8B498DBD-B098-4D2E-BCF2-380866CE863E}\244584F6D656845726D254338313 : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{8B498DBD-B098-4D2E-BCF2-380866CE863E}\244584F6D656845726D254338313 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8B498DBD-B098-4D2E-BCF2-380866CE863E}\45D2D4F62696C6560275962756C65637370205F696E6475627 : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{8B498DBD-B098-4D2E-BCF2-380866CE863E}\45D2D4F62696C6560275962756C65637370205F696E6475627 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{F2674200-358B-4D30-83E8-B07ACA5ABBA8} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{F2674200-358B-4D30-83E8-B07ACA5ABBA8} : DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
mASetup: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - c:\windows\system32\wscript.exe "c:\program files\dell\duo stage\PinItem.vbs"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2011-9-26 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2011-8-16 59080]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-7 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-7 301528]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-7 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-7 53592]
R3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2011-8-25 28256]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2010-7-30 28200]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-12-4 146528]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-5-11 70656]
R3 LSM303DLH;STMicroelectronics™ 3-Axis Accelerometer/Magnetometer;c:\windows\system32\drivers\LSM303DLH.sys [2010-12-4 28272]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-6 22216]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 QWARQNet;Qwarq Virtual Miniport;c:\windows\system32\drivers\QWARQNet.sys [2010-12-4 10624]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2011-9-26 61328]
S2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2011-7-3 6016]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2011-8-25 28256]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2010-7-30 37224]
S3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\drivers\AthDfu.sys [2010-7-30 47144]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-7-30 256360]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2010-7-30 177704]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2010-7-30 46952]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2010-7-30 143080]
S3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2010-7-31 230760]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-12-4 134144]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-5-11 101504]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-5-11 206336]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-11-11 191008]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2011-11-09 19:25:52 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a320a2d2-f35e-4ab2-b683-3792972b0a8b}\offreg.dll
2011-11-08 02:11:44 -------- d-s---w- C:\ComboFix
2011-11-08 00:26:36 -------- d-----w- C:\$RECYCLE.BIN
2011-11-08 00:21:21 -------- d-----w- c:\users\administrator.colin-pc-tablet\appdata\local\temp
2011-11-07 22:55:54 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-11-07 22:36:16 98816 ----a-w- c:\windows\sed.exe
2011-11-07 22:36:16 518144 ----a-w- c:\windows\SWREG.exe
2011-11-07 22:36:16 256000 ----a-w- c:\windows\PEV.exe
2011-11-07 22:36:16 208896 ----a-w- c:\windows\MBR.exe
2011-11-07 20:19:26 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-07 19:45:52 -------- d-----w- c:\program files\BabylonToolbar
2011-11-07 19:45:44 -------- d-----w- c:\users\administrator.colin-pc-tablet\appdata\local\Babylon
2011-11-07 19:45:30 -------- d-----w- c:\users\administrator.colin-pc-tablet\appdata\roaming\FileHunter
2011-11-07 1525 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-07 1524 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-07 1500 40648 ----a-w- c:\windows\avastSS.scr
2011-11-07 06:34:54 41680 ----a-w- c:\windows\system32\drivers\qpzhhfbt.sys
2011-11-06 23:23:52 -------- d-----w- c:\users\administrator.colin-pc-tablet\appdata\roaming\Malwarebytes
2011-11-06 23:23:42 -------- d-----w- c:\programdata\Malwarebytes
2011-11-06 23:23:39 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-06 23:23:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-06 19:59:35 -------- d-----w- c:\program files\STOPzilla!
2011-11-06 19:59:34 -------- d-----w- c:\programdata\STOPzilla!
2011-11-06 19:59:34 -------- d-----w- c:\program files\common files\iS3
2011-11-06 17:43:07 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a320a2d2-f35e-4ab2-b683-3792972b0a8b}\mpengine.dll
2011-11-06 13:55:15 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b8d05044-b634-4f06-bd85-db2a159982d3}\MpKsl7f05a2a1.sys
2011-11-06 13:50:01 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-11-06 1233 -------- d-----w- c:\programdata\NoVirusThanks
2011-11-06 11:58:42 -------- d-----w- c:\program files\NoVirusThanks
2011-11-06 11:34:12 -------- d-----w- c:\programdata\AVAST Software
2011-11-06 11:34:12 -------- d-----w- c:\program files\AVAST Software
2011-11-06 10:19:52 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b8d05044-b634-4f06-bd85-db2a159982d3}\mpengine.dll
2011-11-06 09:35:54 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-06 09:31:26 -------- d-sh--w- c:\users\administrator.colin-pc-tablet\appdata\local\781e2328
2011-11-05 00:47:42 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-11-05 00:47:42 480720 ----a-r- c:\windows\system32\SZBase5.dll
2011-11-05 00:47:42 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-11-05 00:47:42 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-11-05 00:47:40 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-11-05 00:47:40 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-11-05 00:47:40 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-11-05 00:47:40 456144 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-11-05 00:47:40 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-11-05 00:47:40 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-11-05 00:47:40 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-11-05 00:47:40 103888 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-11-04 21:43:36 -------- d-----w- c:\users\administrator.colin-pc-tablet\appdata\local\uTorrent
2011-10-22 14:45:21 -------- d-----w- c:\program files\common files\Symantec Shared
2011-10-16 00:40:16 -------- d-----w- c:\users\administrator.colin-pc-tablet\appdata\local\GHISLER
2011-10-13 22:48:22 -------- d-----w- c:\users\administrator.colin-pc-tablet\appdata\local\VMware
2011-10-13 22:36:24 347560 ----a-w- c:\windows\system32\vmnetdhcp.exe
2011-10-13 22:36:20 425864 ----a-w- c:\windows\system32\vmnat.exe
2011-10-13 22:36:20 25712 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-10-13 22:36:05 783472 ----a-w- c:\windows\system32\vnetlib.dll
2011-10-13 22:35:45 25584 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2011-10-13 22:34:27 -------- d-----w- c:\program files\VMware
2011-10-13 22:33:12 -------- d-----w- c:\program files\common files\VMware
2011-10-13 13:53:39 -------- d-----w- c:\users\administrator.colin-pc-tablet\appdata\roaming\Babylon
.
==================== Find3M ====================
.
2011-10-03 15:49:32 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-10-03 15:49:32 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-10-03 15:49:32 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-10-03 15:49:32 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-10-03 15:49:32 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-10-03 0403 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-26 12:21:00 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2011-09-26 12:21:00 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys
2011-09-17 15:50:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-12 21:56:58 338432 ----a-w- c:\windows\system32\REX Shared Library.dll
2011-09-12 21:56:57 406528 ----a-w- c:\windows\system32\ReWire.dll
2011-09-06 02:28:37 2334720 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-27 04:26:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-22 16:23:36 55280 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-08-22 14:40:08 252016 ----a-w- c:\windows\system32\vmnc.dll
2011-08-22 14:12:26 55408 ----a-w- c:\windows\system32\vmnetbridge.dll
2011-08-22 14:12:26 49776 ----a-w- c:\windows\system32\vnetinst.dll
2011-08-22 14:12:26 36464 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2011-08-22 14:12:26 19568 ----a-w- c:\windows\system32\drivers\vmnet.sys
2011-08-22 14:12:26 16624 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2011-08-21 22:11:22 32496 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-08-21 22:01:24 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys
2011-08-17 04:24:12 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-08-16 17:48:30 59080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
.
============= FINISH: 10:40:55.10 ===============
bigfoot57 is offline  
Sponsored Links
Advertisement
 
Old 11-12-2011, 03:15 AM   #4
Registered Member
 
Join Date: Nov 2011
Posts: 45
OS: windows 7 home premium



Here is the TDSS report

1120.0426 14076 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
1120.0801 14076 ============================================================
1120.0801 14076 Current date / time: 2011/11/12 1120.0801
1120.0801 14076 SystemInfo:
1120.0801 14076
1120.0801 14076 OS Version: 6.1.7601 ServicePack: 1.0
1120.0801 14076 Product type: Workstation
1120.0801 14076 ComputerName: COLIN-PC-TABLET
1120.0801 14076 UserName: Administrator
1120.0801 14076 Windows directory: C:\Windows
1120.0801 14076 System windows directory: C:\Windows
1120.0801 14076 Processor architecture: Intel x86
1120.0801 14076 Number of processors: 4
1120.0801 14076 Page size: 0x1000
1120.0801 14076 Boot type: Normal boot
1120.0801 14076 ============================================================
1122.0533 14076 Initialize success
1134.0966 14524 ============================================================
1134.0966 14524 Scan started
1134.0966 14524 Mode: Manual;
1134.0966 14524 ============================================================
1135.0886 14524 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
1135.0902 14524 1394ohci - ok
1136.0027 14524 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
1136.0027 14524 ACPI - ok
1136.0198 14524 acpials (79d6b28027c398b728ce7cd0570248b0) C:\Windows\system32\DRIVERS\acpials.sys
1136.0214 14524 acpials - ok
1136.0307 14524 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
1136.0307 14524 AcpiPmi - ok
1136.0432 14524 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
1136.0448 14524 adp94xx - ok
1136.0541 14524 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
1136.0557 14524 adpahci - ok
1136.0697 14524 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
1136.0713 14524 adpu320 - ok
1137.0041 14524 AFD (ee4aa90f68cc283c8e438a6a2dc9585d) C:\Windows\system32\drivers\afd.sys
1137.0056 14524 AFD ( Rootkit.Win32.ZAccess.g ) - infected
1137.0056 14524 AFD - detected Rootkit.Win32.ZAccess.g (0)
1137.0134 14524 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
1137.0134 14524 agp440 - ok
1137.0290 14524 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
1137.0306 14524 aic78xx - ok
1137.0368 14524 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
1137.0368 14524 aliide - ok
1137.0524 14524 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
1137.0540 14524 amdagp - ok
1137.0602 14524 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
1137.0618 14524 amdide - ok
1137.0758 14524 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
1137.0774 14524 AmdK8 - ok
1137.0821 14524 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
1137.0836 14524 AmdPPM - ok
1137.0883 14524 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
1137.0899 14524 amdsata - ok
1138.0023 14524 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
1138.0039 14524 amdsbs - ok
1138.0117 14524 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
1138.0117 14524 amdxata - ok
1138.0242 14524 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
1138.0257 14524 AppID - ok
1138.0491 14524 appliand (69370f2e2827ffba910d0bfa9e62e484) C:\Windows\system32\DRIVERS\appliand.sys
1138.0491 14524 appliand - ok
1138.0554 14524 appliandMP (69370f2e2827ffba910d0bfa9e62e484) C:\Windows\system32\DRIVERS\appliand.sys
1138.0554 14524 appliandMP - ok
1138.0725 14524 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
1138.0741 14524 arc - ok
1138.0788 14524 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
1138.0803 14524 arcsas - ok
1139.0115 14524 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
1139.0131 14524 aswFsBlk - ok
1139.0209 14524 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
1139.0225 14524 aswMonFlt - ok
1139.0396 14524 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
1139.0396 14524 aswRdr - ok
1139.0474 14524 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
1139.0490 14524 aswSnx - ok
1139.0802 14524 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
1139.0817 14524 aswSP - ok
1139.0973 14524 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
1139.0989 14524 aswTdi - ok
1140.0067 14524 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
1140.0067 14524 AsyncMac - ok
1140.0239 14524 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
1140.0239 14524 atapi - ok
1140.0395 14524 AthBTPort (c71f8c212cbd7254dce59c168890da63) C:\Windows\system32\DRIVERS\btath_flt.sys
1140.0410 14524 AthBTPort - ok
1140.0582 14524 ATHDFU (70441751b1d988608e135d4f903aba5c) C:\Windows\system32\Drivers\AthDfu.sys
1140.0597 14524 ATHDFU - ok
1140.0941 14524 athr (30a3f6ec0aa3470f71f52255d9e9c681) C:\Windows\system32\DRIVERS\athr.sys
1140.0987 14524 athr - ok
1141.0253 14524 AVGIDSDriver (2177e7448c1ecfb35a5db417603d205a) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
1141.0268 14524 AVGIDSDriver - ok
1141.0455 14524 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
1141.0471 14524 AVGIDSEH - ok
1141.0565 14524 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
1141.0580 14524 AVGIDSFilter - ok
1141.0752 14524 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
1141.0767 14524 AVGIDSShim - ok
1141.0939 14524 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
1141.0955 14524 Avgldx86 - ok
1142.0173 14524 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
1142.0189 14524 Avgmfx86 - ok
1142.0345 14524 Avgrkx86 - ok
1142.0501 14524 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
1142.0516 14524 Avgtdix - ok
1142.0781 14524 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
1142.0797 14524 b06bdrv - ok
1142.0859 14524 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
1142.0875 14524 b57nd60x - ok
1143.0062 14524 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
1143.0078 14524 Beep - ok
1143.0296 14524 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
1143.0296 14524 blbdrive - ok
1143.0530 14524 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
1143.0530 14524 bowser - ok
1143.0780 14524 BRCMDECO (a829cae879189857448f0e05c982f592) C:\Windows\system32\DRIVERS\BRCMHD32.sys
1143.0795 14524 BRCMDECO - ok
1143.0873 14524 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
1143.0889 14524 BrFiltLo - ok
1144.0029 14524 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
1144.0029 14524 BrFiltUp - ok
1144.0185 14524 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
1144.0201 14524 Brserid - ok
1144.0263 14524 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
1144.0279 14524 BrSerWdm - ok
1144.0373 14524 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
1144.0404 14524 BrUsbMdm - ok
1144.0466 14524 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
1144.0482 14524 BrUsbSer - ok
1144.0669 14524 BTATH_A2DP (414909ecaa306519ca9bb5cab34a4dee) C:\Windows\system32\drivers\btath_a2dp.sys
1144.0685 14524 BTATH_A2DP - ok
1144.0763 14524 BTATH_BUS (1386d2a1e0bc3f95e5492272f6aaec29) C:\Windows\system32\DRIVERS\btath_bus.sys
1144.0763 14524 BTATH_BUS - ok
1144.0997 14524 BTATH_HCRP (4d4ce30cbc8048ba630b62e35b4bb020) C:\Windows\system32\DRIVERS\btath_hcrp.sys
1145.0012 14524 BTATH_HCRP - ok
1145.0215 14524 BTATH_LWFLT (f59d6fcbb26cbd633088ee0402dbcef0) C:\Windows\system32\DRIVERS\btath_lwflt.sys
1145.0231 14524 BTATH_LWFLT - ok
1145.0355 14524 BTATH_RCP (f7784f58b05838af42a0574ac701e4f6) C:\Windows\system32\DRIVERS\btath_rcp.sys
1145.0371 14524 BTATH_RCP - ok
1145.0667 14524 BtFilter (c75aa634a9f7bde0264f17507a15322a) C:\Windows\system32\DRIVERS\btfilter.sys
1145.0667 14524 BtFilter - ok
1145.0933 14524 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
1145.0948 14524 BthEnum - ok
1145.0995 14524 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
1146.0011 14524 BTHMODEM - ok
1146.0213 14524 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
1146.0229 14524 BthPan - ok
1146.0432 14524 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
1146.0447 14524 BTHPORT - ok
1146.0666 14524 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
1146.0697 14524 BTHUSB - ok
1146.0962 14524 catchme - ok
1147.0134 14524 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
1147.0149 14524 cdfs - ok
1147.0243 14524 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
1147.0259 14524 cdrom - ok
1147.0383 14524 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
1147.0399 14524 circlass - ok
1147.0586 14524 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
1147.0602 14524 CLFS - ok
1147.0805 14524 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
1147.0805 14524 CmBatt - ok
1147.0914 14524 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
1147.0914 14524 cmdide - ok
1148.0054 14524 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
1148.0085 14524 CNG - ok
1148.0163 14524 CnxtHdAudService (a08d9a4eb4f9d2faa1d4e10bc91b695c) C:\Windows\system32\drivers\CHDRT32.sys
1148.0195 14524 CnxtHdAudService - ok
1148.0382 14524 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
1148.0382 14524 Compbatt - ok
1148.0475 14524 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
1148.0491 14524 CompositeBus - ok
1148.0616 14524 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
1148.0631 14524 crcdisk - ok
1148.0850 14524 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
1148.0865 14524 CtAudDrv - ok
1149.0021 14524 CtClsFlt (ceba8413f9b2c73a4e9e16dbd127dc25) C:\Windows\system32\DRIVERS\CtClsFlt.sys
1149.0053 14524 CtClsFlt - ok
1149.0318 14524 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
1149.0318 14524 DfsC - ok
1149.0505 14524 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
1149.0505 14524 discache - ok
1149.0567 14524 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
1149.0567 14524 Disk - ok
1149.0817 14524 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
1149.0833 14524 drmkaud - ok
1149.0989 14524 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
1150.0004 14524 DXGKrnl - ok
1150.0238 14524 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
1150.0316 14524 ebdrv - ok
1150.0581 14524 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
1150.0613 14524 elxstor - ok
1150.0815 14524 eqhfv - ok
1150.0893 14524 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
1150.0909 14524 ErrDev - ok
1151.0159 14524 ewusbnet (aba5756393410ec871d803d8d1b12fcd) C:\Windows\system32\DRIVERS\ewusbnet.sys
1151.0174 14524 ewusbnet - ok
1151.0237 14524 ew_hwusbdev (e98a64c7f106740a38fb2b78197816f8) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
1151.0252 14524 ew_hwusbdev - ok
1151.0377 14524 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
1151.0393 14524 exfat - ok
1151.0486 14524 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
1151.0502 14524 fastfat - ok
1151.0673 14524 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
1151.0705 14524 fdc - ok
1151.0876 14524 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
1151.0892 14524 FileInfo - ok
1151.0954 14524 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
1151.0970 14524 Filetrace - ok
1152.0079 14524 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
1152.0095 14524 flpydisk - ok
1152.0204 14524 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
1152.0235 14524 FltMgr - ok
1152.0407 14524 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
1152.0422 14524 FsDepends - ok
1152.0516 14524 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
1152.0531 14524 Fs_Rec - ok
1152.0734 14524 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
1152.0750 14524 fvevol - ok
1152.0828 14524 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
1152.0843 14524 gagp30kx - ok
1153.0077 14524 hcmon (d2a04f50b18b85fe236143399123ec0d) C:\Windows\system32\drivers\hcmon.sys
1153.0109 14524 hcmon - ok
1153.0187 14524 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
1153.0202 14524 hcw85cir - ok
1153.0343 14524 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
1153.0358 14524 HDAudBus - ok
1153.0436 14524 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
1153.0452 14524 HidBatt - ok
1153.0623 14524 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
1153.0639 14524 HidBth - ok
1153.0686 14524 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
1153.0701 14524 HidIr - ok
1153.0873 14524 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
1153.0889 14524 HidUsb - ok
1153.0982 14524 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
1153.0998 14524 HpSAMD - ok
1154.0201 14524 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
1154.0232 14524 HTTP - ok
1154.0388 14524 huawei_enumerator (bb3c8e4b88842f3a1b9c5d603210c277) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
1154.0403 14524 huawei_enumerator - ok
1154.0591 14524 hwdatacard (0b3957226ec94b1ecb7b9348bb535a23) C:\Windows\system32\DRIVERS\ewusbmdm.sys
1154.0606 14524 hwdatacard - ok
1154.0731 14524 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
1154.0747 14524 hwpolicy - ok
1154.0918 14524 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
1154.0934 14524 i8042prt - ok
1155.0043 14524 iaStor (d80aa0907748d7cc8efab3773f32629b) C:\Windows\system32\DRIVERS\iaStor.sys
1155.0059 14524 iaStor - ok
1155.0246 14524 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
1155.0277 14524 iaStorV - ok
1155.0605 14524 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\Windows\system32\DRIVERS\igdkmd32.sys
1155.0729 14524 igfx - ok
1155.0885 14524 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
1155.0901 14524 iirsp - ok
1156.0026 14524 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
1156.0041 14524 intelide - ok
1156.0213 14524 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
1156.0229 14524 intelppm - ok
1156.0322 14524 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
1156.0338 14524 IpFilterDriver - ok
1156.0416 14524 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
1156.0431 14524 IPMIDRV - ok
1156.0541 14524 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
1156.0556 14524 IPNAT - ok
1156.0619 14524 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
1156.0634 14524 IRENUM - ok
1157.0040 14524 is3srv (447e6a7c3e7e1cd550a8af889a8209e9) C:\Windows\system32\drivers\is3srv.sys
1157.0055 14524 is3srv - ok
1157.0102 14524 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
1157.0118 14524 isapnp - ok
1157.0227 14524 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
1157.0258 14524 iScsiPrt - ok
1157.0367 14524 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
1157.0383 14524 kbdclass - ok
1157.0492 14524 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
1157.0508 14524 kbdhid - ok
1157.0679 14524 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
1157.0695 14524 KSecDD - ok
1157.0804 14524 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
1157.0820 14524 KSecPkg - ok
1158.0085 14524 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
1158.0101 14524 lltdio - ok
1158.0225 14524 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
1158.0241 14524 LSI_FC - ok
1158.0288 14524 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
1158.0303 14524 LSI_SAS - ok
1158.0413 14524 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
1158.0428 14524 LSI_SAS2 - ok
1158.0491 14524 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
1158.0506 14524 LSI_SCSI - ok
1158.0647 14524 LSM303DLH (558c83bcfb81950d91a607997d177288) C:\Windows\system32\DRIVERS\LSM303DLH.sys
1158.0662 14524 LSM303DLH - ok
1158.0912 14524 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
1158.0927 14524 luafv - ok
1159.0068 14524 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
1159.0083 14524 MBAMProtector - ok
1159.0364 14524 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
1159.0395 14524 mcdbus - ok
1159.0489 14524 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
1159.0505 14524 megasas - ok
1159.0661 14524 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
1159.0676 14524 MegaSR - ok
1159.0801 14524 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
1159.0817 14524 Modem - ok
1159.0973 14524 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
1159.0988 14524 monitor - ok
11:07:00.0082 14524 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
11:07:00.0097 14524 mouclass - ok
11:07:00.0285 14524 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:07:00.0300 14524 mouhid - ok
11:07:00.0378 14524 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
11:07:00.0394 14524 mountmgr - ok
11:07:00.0565 14524 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
11:07:00.0581 14524 MpFilter - ok
11:07:00.0643 14524 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
11:07:00.0659 14524 mpio - ok
11:07:00.0924 14524 MpKsl01189c55 - ok
11:07:00.0971 14524 MpKsl075ac2a2 - ok
11:07:01.0002 14524 MpKsl1552b508 - ok
11:07:01.0049 14524 MpKsl29a6e976 - ok
11:07:01.0111 14524 MpKsl2f3d1eac - ok
11:07:01.0143 14524 MpKsl391243de - ok
11:07:01.0174 14524 MpKsl3a376c3b - ok
11:07:01.0205 14524 MpKsl43a7e482 - ok
11:07:01.0236 14524 MpKsl489a5610 - ok
11:07:01.0283 14524 MpKsl5d04fe8d - ok
11:07:01.0330 14524 MpKsl613c5c69 - ok
11:07:01.0361 14524 MpKsl6853931e - ok
11:07:01.0392 14524 MpKsl73ca684e - ok
11:07:01.0423 14524 MpKsl7aa09a36 - ok
11:07:01.0470 14524 MpKsl864d6a95 - ok
11:07:01.0595 14524 MpKsl885197d3 - ok
11:07:01.0657 14524 MpKsl918b5994 - ok
11:07:01.0720 14524 MpKsl98f571d2 - ok
11:07:01.0813 14524 MpKsl99f1cdc2 - ok
11:07:01.0845 14524 MpKsl9c50a85e - ok
11:07:01.0876 14524 MpKslb997f421 - ok
11:07:01.0923 14524 MpKslc0374af8 - ok
11:07:01.0954 14524 MpKslcf69ee51 - ok
11:07:02.0001 14524 MpKsld3c47538 - ok
11:07:02.0047 14524 MpKsld70fb57c - ok
11:07:02.0094 14524 MpKsle6417336 - ok
11:07:02.0219 14524 MpKslf680a7f8 - ok
11:07:02.0266 14524 MpKslfdda9708 - ok
11:07:02.0375 14524 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
11:07:02.0391 14524 MpNWMon - ok
11:07:02.0469 14524 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:07:02.0484 14524 mpsdrv - ok
11:07:02.0593 14524 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
11:07:02.0625 14524 MRxDAV - ok
11:07:02.0827 14524 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:07:02.0843 14524 mrxsmb - ok
11:07:03.0046 14524 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:07:03.0061 14524 mrxsmb10 - ok
11:07:03.0233 14524 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:07:03.0264 14524 mrxsmb20 - ok
11:07:03.0311 14524 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
11:07:03.0327 14524 msahci - ok
11:07:03.0451 14524 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
11:07:03.0467 14524 msdsm - ok
11:07:03.0592 14524 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:07:03.0607 14524 Msfs - ok
11:07:03.0717 14524 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:07:03.0748 14524 mshidkmdf - ok
11:07:03.0810 14524 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
11:07:03.0826 14524 msisadrv - ok
11:07:03.0982 14524 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:07:03.0997 14524 MSKSSRV - ok
11:07:04.0185 14524 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:07:04.0200 14524 MSPCLOCK - ok
11:07:04.0294 14524 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:07:04.0325 14524 MSPQM - ok
11:07:04.0450 14524 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:07:04.0465 14524 MsRPC - ok
11:07:04.0543 14524 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
11:07:04.0559 14524 mssmbios - ok
11:07:04.0684 14524 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:07:04.0699 14524 MSTEE - ok
11:07:04.0793 14524 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:07:04.0809 14524 MTConfig - ok
11:07:04.0855 14524 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:07:04.0887 14524 Mup - ok
11:07:05.0074 14524 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:07:05.0089 14524 NativeWifiP - ok
11:07:05.0167 14524 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
11:07:05.0214 14524 NDIS - ok
11:07:05.0323 14524 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:07:05.0355 14524 NdisCap - ok
11:07:05.0417 14524 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:07:05.0433 14524 NdisTapi - ok
11:07:05.0604 14524 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
11:07:05.0620 14524 Ndisuio - ok
11:07:05.0729 14524 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
11:07:05.0745 14524 NdisWan - ok
11:07:05.0916 14524 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
11:07:05.0947 14524 NDProxy - ok
11:07:06.0057 14524 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:07:06.0072 14524 NetBIOS - ok
11:07:06.0244 14524 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
11:07:06.0259 14524 NetBT - ok
11:07:06.0634 14524 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:07:06.0649 14524 nfrd960 - ok
11:07:06.0899 14524 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:07:06.0915 14524 NisDrv - ok
11:07:07.0117 14524 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
11:07:07.0133 14524 NPF - ok
11:07:07.0289 14524 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:07:07.0305 14524 Npfs - ok
11:07:07.0398 14524 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:07:07.0429 14524 nsiproxy - ok
11:07:07.0617 14524 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
11:07:07.0663 14524 Ntfs - ok
11:07:07.0773 14524 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:07:07.0788 14524 Null - ok
11:07:07.0913 14524 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
11:07:07.0960 14524 nvraid - ok
11:07:08.0178 14524 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
11:07:08.0209 14524 nvstor - ok
11:07:08.0256 14524 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
11:07:08.0287 14524 nv_agp - ok
11:07:08.0350 14524 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
11:07:08.0365 14524 ohci1394 - ok
11:07:08.0615 14524 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:07:08.0646 14524 Parport - ok
11:07:08.0740 14524 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
11:07:08.0771 14524 partmgr - ok
11:07:08.0880 14524 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:07:08.0911 14524 Parvdm - ok
11:07:09.0052 14524 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
11:07:09.0067 14524 pci - ok
11:07:09.0286 14524 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
11:07:09.0317 14524 pciide - ok
11:07:09.0395 14524 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:07:09.0411 14524 pcmcia - ok
11:07:09.0535 14524 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:07:09.0551 14524 pcw - ok
11:07:09.0629 14524 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:07:09.0645 14524 PEAUTH - ok
11:07:09.0910 14524 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:07:09.0941 14524 PptpMiniport - ok
11:07:10.0050 14524 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:07:10.0066 14524 Processor - ok
11:07:10.0206 14524 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:07:10.0222 14524 Psched - ok
11:07:10.0425 14524 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:07:10.0471 14524 ql2300 - ok
11:07:10.0581 14524 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:07:10.0612 14524 ql40xx - ok
11:07:10.0674 14524 QWARQNet (03a79a2cf1fd2caf00ccafaa55d01da1) C:\Windows\system32\DRIVERS\QWARQNet.sys
11:07:10.0690 14524 QWARQNet - ok
11:07:10.0893 14524 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:07:10.0908 14524 QWAVEdrv - ok
11:07:10.0955 14524 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:07:10.0986 14524 RasAcd - ok
11:07:11.0111 14524 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:07:11.0111 14524 RasAgileVpn - ok
11:07:11.0205 14524 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:07:11.0220 14524 Rasl2tp - ok
11:07:11.0345 14524 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:07:11.0361 14524 RasPppoe - ok
11:07:11.0485 14524 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:07:11.0501 14524 RasSstp - ok
11:07:11.0735 14524 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
11:07:11.0751 14524 rdbss - ok
11:07:11.0813 14524 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:07:11.0844 14524 rdpbus - ok
11:07:11.0969 14524 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:07:11.0985 14524 RDPCDD - ok
11:07:12.0063 14524 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:07:12.0094 14524 RDPENCDD - ok
11:07:12.0250 14524 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:07:12.0265 14524 RDPREFMP - ok
11:07:12.0328 14524 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
11:07:12.0359 14524 RDPWD - ok
11:07:12.0484 14524 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
11:07:12.0515 14524 rdyboost - ok
11:07:12.0827 14524 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
11:07:12.0843 14524 RFCOMM - ok
11:07:13.0077 14524 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:07:13.0092 14524 rspndr - ok
11:07:13.0170 14524 RSUSBSTOR (a633399432491bb173bb3cf3b41b9c55) C:\Windows\System32\Drivers\RtsUStor.sys
11:07:13.0186 14524 RSUSBSTOR - ok
11:07:13.0326 14524 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
11:07:13.0342 14524 sbp2port - ok
11:07:13.0435 14524 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
11:07:13.0451 14524 scfilter - ok
11:07:13.0623 14524 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:07:13.0654 14524 secdrv - ok
11:07:13.0763 14524 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:07:13.0779 14524 Serenum - ok
11:07:13.0966 14524 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:07:13.0997 14524 Serial - ok
11:07:14.0091 14524 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:07:14.0106 14524 sermouse - ok
11:07:14.0293 14524 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
11:07:14.0325 14524 sffdisk - ok
11:07:14.0371 14524 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
11:07:14.0403 14524 sffp_mmc - ok
11:07:14.0527 14524 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
11:07:14.0543 14524 sffp_sd - ok
11:07:14.0621 14524 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:07:14.0652 14524 sfloppy - ok
11:07:14.0995 14524 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
11:07:15.0027 14524 sisagp - ok
11:07:15.0089 14524 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:07:15.0120 14524 SiSRaid2 - ok
11:07:15.0292 14524 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:07:15.0307 14524 SiSRaid4 - ok
11:07:15.0370 14524 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:07:15.0401 14524 Smb - ok
11:07:15.0619 14524 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:07:15.0635 14524 spldr - ok
11:07:15.0853 14524 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
11:07:15.0885 14524 srv - ok
11:07:16.0087 14524 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
11:07:16.0103 14524 srv2 - ok
11:07:16.0165 14524 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
11:07:16.0197 14524 srvnet - ok
11:07:16.0290 14524 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:07:16.0321 14524 stexstor - ok
11:07:16.0477 14524 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
11:07:16.0509 14524 swenum - ok
11:07:16.0665 14524 SynTP (957539e35bcd76d4ef08df5136c6d382) C:\Windows\system32\DRIVERS\SynTP.sys
11:07:16.0727 14524 SynTP - ok
11:07:16.0961 14524 szkg5 (447e6a7c3e7e1cd550a8af889a8209e9) C:\Windows\system32\DRIVERS\szkg.sys
11:07:16.0977 14524 szkg5 - ok
11:07:17.0148 14524 szkgfs (2b8581dc75d6d043e273eb0244632bcb) C:\Windows\system32\drivers\szkgfs.sys
11:07:17.0179 14524 szkgfs - ok
11:07:17.0445 14524 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
11:07:17.0491 14524 Tcpip - ok
11:07:17.0788 14524 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
11:07:17.0819 14524 TCPIP6 - ok
11:07:18.0022 14524 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
11:07:18.0037 14524 tcpipreg - ok
11:07:18.0162 14524 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
11:07:18.0193 14524 TDPIPE - ok
11:07:18.0287 14524 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
11:07:18.0318 14524 TDTCP - ok
11:07:18.0427 14524 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
11:07:18.0459 14524 tdx - ok
11:07:18.0552 14524 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
11:07:18.0583 14524 TermDD - ok
11:07:18.0942 14524 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:07:18.0973 14524 tssecsrv - ok
11:07:19.0145 14524 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
11:07:19.0161 14524 TsUsbFlt - ok
11:07:19.0239 14524 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
11:07:19.0254 14524 tunnel - ok
11:07:19.0379 14524 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:07:19.0410 14524 uagp35 - ok
11:07:19.0488 14524 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
11:07:19.0519 14524 udfs - ok
11:07:19.0738 14524 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
11:07:19.0769 14524 uliagpkx - ok
11:07:19.0831 14524 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
11:07:19.0863 14524 umbus - ok
11:07:19.0987 14524 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:07:20.0019 14524 UmPass - ok
11:07:20.0112 14524 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
11:07:20.0128 14524 usbccgp - ok
11:07:20.0268 14524 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
11:07:20.0299 14524 usbcir - ok
11:07:20.0393 14524 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
11:07:20.0409 14524 usbehci - ok
11:07:20.0658 14524 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
11:07:20.0689 14524 usbhub - ok
11:07:20.0877 14524 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
11:07:20.0892 14524 usbohci - ok
11:07:20.0970 14524 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:07:20.0986 14524 usbprint - ok
11:07:21.0126 14524 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:07:21.0142 14524 USBSTOR - ok
11:07:21.0298 14524 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
11:07:21.0313 14524 usbuhci - ok
11:07:21.0391 14524 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
11:07:21.0407 14524 usbvideo - ok
11:07:21.0594 14524 VBoxDrv (8f417b4b9985f0095ccaf37c58859c4e) C:\Windows\system32\DRIVERS\VBoxDrv.sys
11:07:21.0610 14524 VBoxDrv - ok
11:07:21.0797 14524 VBoxNetAdp (ef3f7e498ad2e617fdcbee939a258015) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
11:07:21.0828 14524 VBoxNetAdp - ok
11:07:21.0984 14524 VBoxNetFlt (0e6574175245acfe0410947e415f408f) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
11:07:22.0015 14524 VBoxNetFlt - ok
11:07:22.0093 14524 VBoxUSBMon (8adaa94b516c7cb6962846e527fbcbfa) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
11:07:22.0125 14524 VBoxUSBMon - ok
11:07:22.0281 14524 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
11:07:22.0312 14524 vdrvroot - ok
11:07:22.0390 14524 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:07:22.0421 14524 vga - ok
11:07:22.0577 14524 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:07:22.0593 14524 VgaSave - ok
11:07:22.0671 14524 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
11:07:22.0702 14524 vhdmp - ok
11:07:22.0811 14524 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
11:07:22.0827 14524 viaagp - ok
11:07:22.0905 14524 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:07:22.0936 14524 ViaC7 - ok
11:07:23.0045 14524 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
11:07:23.0076 14524 viaide - ok
11:07:23.0217 14524 vmci (15759158f7531853616b2b43af962fcb) C:\Windows\system32\DRIVERS\vmci.sys
11:07:23.0248 14524 vmci - ok
11:07:23.0451 14524 vmkbd (a9e4854540b6ac08b223acc421f8723c) C:\Windows\system32\drivers\VMkbd.sys
11:07:23.0466 14524 vmkbd - ok
11:07:23.0529 14524 VMnetAdapter (1afa4af55cbea579a4bbe4f90967f720) C:\Windows\system32\DRIVERS\vmnetadapter.sys
11:07:23.0544 14524 VMnetAdapter - ok
11:07:23.0747 14524 VMnetBridge (392964a7bf46986fbd44b24a3bec2088) C:\Windows\system32\DRIVERS\vmnetbridge.sys
11:07:23.0763 14524 VMnetBridge - ok
11:07:23.0965 14524 VMnetuserif (45f7c87ec9a7965f8fe133eaa0bc162a) C:\Windows\system32\drivers\vmnetuserif.sys
11:07:23.0981 14524 VMnetuserif - ok
11:07:24.0043 14524 vmusb (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\Windows\system32\Drivers\vmusb.sys
11:07:24.0075 14524 vmusb - ok
11:07:24.0324 14524 vmx86 (5db0e62ba22d7b1dda7f97873c3b9a46) C:\Windows\system32\Drivers\vmx86.sys
11:07:24.0340 14524 vmx86 - ok
11:07:24.0449 14524 vnccom (b67632451f760797bb183e1fb99f4b39) C:\Windows\system32\Drivers\vnccom.SYS
11:07:24.0480 14524 vnccom - ok
11:07:24.0683 14524 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\Windows\system32\DRIVERS\vncdrv.sys
11:07:24.0699 14524 vncdrv - ok
11:07:24.0823 14524 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
11:07:24.0855 14524 volmgr - ok
11:07:24.0964 14524 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:07:24.0995 14524 volmgrx - ok
11:07:25.0120 14524 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
11:07:25.0151 14524 volsnap - ok
11:07:25.0198 14524 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:07:25.0229 14524 vsmraid - ok
11:07:25.0432 14524 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
11:07:25.0463 14524 vwifibus - ok
11:07:25.0572 14524 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
11:07:25.0603 14524 vwififlt - ok
11:07:25.0837 14524 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
11:07:25.0869 14524 vwifimp - ok
11:07:26.0087 14524 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:07:26.0118 14524 WacomPen - ok
11:07:26.0196 14524 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:07:26.0212 14524 WANARP - ok
11:07:26.0274 14524 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:07:26.0290 14524 Wanarpv6 - ok
11:07:26.0539 14524 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:07:26.0571 14524 Wd - ok
11:07:26.0789 14524 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
11:07:26.0820 14524 WDC_SAM - ok
11:07:26.0961 14524 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:07:26.0992 14524 Wdf01000 - ok
11:07:27.0257 14524 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:07:27.0288 14524 WfpLwf - ok
11:07:27.0475 14524 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
11:07:27.0491 14524 WimFltr - ok
11:07:27.0569 14524 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:07:27.0600 14524 WIMMount - ok
11:07:27.0897 14524 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
11:07:27.0928 14524 WinUsb - ok
11:07:28.0162 14524 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
11:07:28.0193 14524 WmiAcpi - ok
11:07:28.0365 14524 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:07:28.0380 14524 ws2ifsl - ok
11:07:28.0599 14524 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
11:07:28.0630 14524 WudfPf - ok
11:07:28.0739 14524 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:07:28.0770 14524 WUDFRd - ok
11:07:29.0098 14524 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:07:29.0129 14524 \Device\Harddisk0\DR0 - ok
11:07:29.0145 14524 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
11:07:29.0160 14524 \Device\Harddisk1\DR2 - ok
11:07:29.0176 14524 Boot (0x1200) (08faf5b954646e2f50fa072570c39cfe) \Device\Harddisk0\DR0\Partition0
11:07:29.0191 14524 \Device\Harddisk0\DR0\Partition0 - ok
11:07:29.0223 14524 Boot (0x1200) (bff6bd4c01957d3301e62696fb4972c8) \Device\Harddisk0\DR0\Partition1
11:07:29.0223 14524 \Device\Harddisk0\DR0\Partition1 - ok
11:07:29.0254 14524 Boot (0x1200) (18333a5804bd80dcb3b6bb2a8d45d0c4) \Device\Harddisk1\DR2\Partition0
11:07:29.0254 14524 \Device\Harddisk1\DR2\Partition0 - ok
11:07:29.0269 14524 ============================================================
11:07:29.0269 14524 Scan finished
11:07:29.0269 14524 ============================================================
11:07:29.0332 28188 Detected object count: 1
11:07:29.0332 28188 Actual detected object count: 1
11:07:55.0431 28188 AFD ( Rootkit.Win32.ZAccess.g ) - skipped by user
11:07:55.0431 28188 AFD ( Rootkit.Win32.ZAccess.g ) - User select action: Skip
bigfoot57 is offline  
Old 11-12-2011, 08:29 PM   #5
Security Team
Analyst
 
Join Date: Sep 2010
Location: Maryland
Posts: 565
OS: Windows 7 64-bit



It appears you may already have already recently installed Combofix on your machine.
Have you already run this tool (which is NEVER advisable unless directed by a trained malware helper)?
If so, please post the resulting log file which will be located at C:\ComboFix.txt



Once again, you'll need to transfer the downloaded file via USB to the desktop of the infected machine:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Right-click and choose Run as Administrator on SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :filefind
    afd.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
patndoris is offline  
Old 11-13-2011, 06:23 AM   #6
Registered Member
 
Join Date: Nov 2011
Posts: 45
OS: windows 7 home premium



Here is the Combofix file that you correctly deduced has been run as per a suggestion from another source before I found your forum

ComboFix 11-11-07.03 - Administrator 07/11/2011 23:08:30.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2036.1178 [GMT 0:00]
Running from: c:\users\Administrator.Colin-PC-TABLET\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB42185$\2015241000\@
c:\windows\$NtUninstallKB42185$\2015241000\L\xadqgnnk
c:\windows\$NtUninstallKB42185$\2015241000\loader.tlb
c:\windows\$NtUninstallKB42185$\2015241000\U\@00000001
c:\windows\$NtUninstallKB42185$\2015241000\U\@000000c0
c:\windows\$NtUninstallKB42185$\2015241000\U\@000000cb
c:\windows\$NtUninstallKB42185$\2015241000\U\@000000cf
c:\windows\$NtUninstallKB42185$\2015241000\U\@80000000
c:\windows\$NtUninstallKB42185$\2015241000\U\@800000c0
c:\windows\$NtUninstallKB42185$\2015241000\U\@800000cb
c:\windows\$NtUninstallKB42185$\2015241000\U\@800000cf
c:\windows\$NtUninstallKB42185$\2103263665
c:\windows\673390200
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\security\Database\tmp.edb
c:\windows\system32\
c:\windows\system32\c_59142.nls
c:\windows\$NtUninstallKB42185$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_781e2328
.
.
((((((((((((((((((((((((( Files Created from 2011-10-08 to 2011-11-08 )))))))))))))))))))))))))))))))
.
.
2011-11-08 00:21 . 2011-11-08 00:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-08 00:21 . 2011-11-08 00:21 -------- d-----w- c:\users\Colin\AppData\Local\temp
2011-11-08 00:21 . 2011-11-08 00:27 -------- d-----w- c:\users\Administrator.Colin-PC-TABLET\AppData\Local\temp
2011-11-08 00:21 . 2011-11-08 00:21 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-11-07 23:00 . 2011-11-08 00:25 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A320A2D2-F35E-4AB2-B683-3792972B0A8B}\offreg.dll
2011-11-07 22:55 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-11-07 20:19 . 2011-11-07 20:19 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-07 19:45 . 2011-11-07 19:45 -------- d-----w- c:\program files\BabylonToolbar
2011-11-07 19:45 . 2011-11-07 19:45 -------- d-----w- c:\users\Administrator.Colin-PC-TABLET\AppData\Local\Babylon
2011-11-07 19:45 . 2011-11-07 19:45 -------- d-----w- c:\users\Administrator.Colin-PC-TABLET\AppData\Roaming\FileHunter
2011-11-07 15:06 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-07 15:06 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-07 15:06 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-07 15:06 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-07 15:06 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-07 15:06 . 2011-02-23 14:55 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-07 15:06 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-11-07 15:06 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-07 06:34 . 2011-11-07 06:34 41680 ----a-w- c:\windows\system32\drivers\qpzhhfbt.sys
2011-11-06 23:23 . 2011-11-06 23:23 -------- d-----w- c:\users\Administrator.Colin-PC-TABLET\AppData\Roaming\Malwarebytes
2011-11-06 23:23 . 2011-11-06 23:23 -------- d-----w- c:\programdata\Malwarebytes
2011-11-06 23:23 . 2011-11-07 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-06 23:23 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-06 19:59 . 2011-11-06 19:59 -------- d-----w- c:\program files\STOPzilla!
2011-11-06 19:59 . 2011-11-06 23:18 -------- d-----w- c:\programdata\STOPzilla!
2011-11-06 19:59 . 2011-11-06 19:59 -------- d-----w- c:\program files\Common Files\iS3
2011-11-06 17:43 . 2011-10-18 02:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A320A2D2-F35E-4AB2-B683-3792972B0A8B}\mpengine.dll
2011-11-06 13:55 . 2011-11-06 13:55 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8D05044-B634-4F06-BD85-DB2A159982D3}\MpKsl7f05a2a1.sys
2011-11-06 13:50 . 2011-11-06 13:50 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-11-06 12:06 . 2011-11-06 12:06 -------- d-----w- c:\programdata\NoVirusThanks
2011-11-06 11:58 . 2011-11-06 11:58 -------- d-----w- c:\program files\NoVirusThanks
2011-11-06 11:34 . 2011-11-07 15:05 -------- d-----w- c:\programdata\AVAST Software
2011-11-06 11:34 . 2011-11-06 11:34 -------- d-----w- c:\program files\AVAST Software
2011-11-06 10:19 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8D05044-B634-4F06-BD85-DB2A159982D3}\mpengine.dll
2011-11-06 09:35 . 2011-11-06 09:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-06 09:31 . 2011-11-06 09:31 -------- d-sh--w- c:\users\Administrator.Colin-PC-TABLET\AppData\Local\781e2328
2011-11-05 00:47 . 2011-11-05 00:47 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-11-05 00:47 . 2011-11-05 00:47 480720 ----a-r- c:\windows\system32\SZBase5.dll
2011-11-05 00:47 . 2011-11-05 00:47 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-11-05 00:47 . 2011-11-05 00:47 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-11-05 00:47 . 2011-11-05 00:47 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-11-05 00:47 . 2011-11-05 00:47 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-11-05 00:47 . 2011-11-05 00:47 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-11-05 00:47 . 2011-11-05 00:47 456144 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-11-05 00:47 . 2011-11-05 00:47 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-11-05 00:47 . 2011-11-05 00:47 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-11-05 00:47 . 2011-11-05 00:47 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-11-05 00:47 . 2011-11-05 00:47 103888 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-11-04 21:43 . 2011-11-04 21:43 -------- d-----w- c:\users\Administrator.Colin-PC-TABLET\AppData\Local\uTorrent
2011-10-22 14:45 . 2011-10-22 14:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-10-22 13:06 . 2011-10-22 13:06 -------- d-----w- c:\program files\Common Files\Java
2011-10-16 00:40 . 2011-10-16 00:40 -------- d-----w- c:\users\Administrator.Colin-PC-TABLET\AppData\Local\GHISLER
2011-10-13 22:48 . 2011-11-07 16:34 -------- d-----w- c:\users\Administrator.Colin-PC-TABLET\AppData\Local\VMware
2011-10-13 22:48 . 2011-11-07 16:35 -------- d-----w- c:\users\Administrator.Colin-PC-TABLET\AppData\Roaming\VMware
2011-10-13 22:36 . 2011-08-22 16:23 347560 ----a-w- c:\windows\system32\vmnetdhcp.exe
2011-10-13 22:36 . 2011-08-22 16:22 425864 ----a-w- c:\windows\system32\vmnat.exe
2011-10-13 22:36 . 2011-08-22 16:22 25712 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-10-13 22:36 . 2011-08-22 16:23 783472 ----a-w- c:\windows\system32\vnetlib.dll
2011-10-13 22:35 . 2011-08-22 16:22 25584 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2011-10-13 22:34 . 2011-11-08 00:25 -------- d-----w- c:\programdata\VMware
2011-10-13 22:34 . 2011-10-13 22:34 -------- d-----w- c:\program files\VMware
2011-10-13 22:33 . 2011-10-13 22:34 -------- d-----w- c:\program files\Common Files\VMware
2011-10-13 13:53 . 2011-10-13 13:53 -------- d-----w- c:\users\Administrator.Colin-PC-TABLET\AppData\Roaming\Babylon
2011-10-12 12:45 . 2011-10-03 15:49 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-10-12 12:45 . 2011-10-03 15:49 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-10-12 12:45 . 2011-10-12 12:45 -------- d-----w- c:\program files\Oracle
2011-10-12 10:57 . 2011-10-15 13:02 -------- d-----w- c:\users\Administrator.Colin-PC-TABLET\VirtualBox VMs
2011-10-12 10:56 . 2011-10-15 13:09 -------- d-----w- c:\users\Administrator.Colin-PC-TABLET\.VirtualBox
2011-10-11 21:33 . 2011-10-11 21:33 -------- d-----w- c:\programdata\Symantec
2011-10-11 21:33 . 2011-10-11 21:33 -------- d-----w- c:\windows\system32\drivers\NSS
2011-10-11 21:33 . 2011-10-11 21:33 -------- d-----w- c:\program files\Norton Security Scan
2011-10-11 21:33 . 2011-10-11 21:33 -------- d-----w- c:\programdata\Norton
2011-10-11 21:33 . 2011-10-11 21:33 -------- d-----w- c:\program files\NortonInstaller
2011-10-11 20:32 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-11 20:32 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-11 20:32 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-11 20:32 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-11 20:32 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys
2011-10-11 18:41 . 2011-10-11 18:40 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{744E8EBB-9934-41E6-8BA9-68AADBAF9DAC}\gapaengine.dll
2011-10-09 11:38 . 2010-12-17 06:56 545 ----a-w- c:\windows\UC.PIF
2011-10-09 11:38 . 2010-12-17 06:56 545 ----a-w- c:\windows\RAR.PIF
2011-10-09 11:38 . 2010-12-17 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-10-09 11:38 . 2010-12-17 06:56 545 ----a-w- c:\windows\LHA.PIF
2011-10-09 11:38 . 2010-12-17 06:56 545 ----a-w- c:\windows\ARJ.PIF
2011-10-09 11:38 . 2011-10-09 11:51 -------- d-----w- C:\totalcmd
2011-10-09 11:38 . 2011-10-09 11:38 -------- d-----w- c:\users\Administrator.Colin-PC-TABLET\AppData\Roaming\GHISLER
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 03:48 . 2011-08-13 03:09 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 15:49 . 2011-10-03 15:49 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-10-03 15:49 . 2011-10-03 15:49 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-10-03 15:49 . 2011-10-03 15:49 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-10-03 04:06 . 2010-12-04 22:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-26 12:21 . 2011-09-26 12:21 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2011-09-26 12:21 . 2011-09-26 12:21 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys
2011-09-17 15:50 . 2011-05-16 02:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-12 21:56 . 2011-09-12 21:56 338432 ----a-w- c:\windows\system32\REX Shared Library.dll
2011-09-12 21:56 . 2011-09-12 21:56 406528 ----a-w- c:\windows\system32\ReWire.dll
2011-08-22 16:23 . 2011-08-22 16:23 55280 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-08-22 14:40 . 2011-08-22 14:40 252016 ----a-w- c:\windows\system32\vmnc.dll
2011-08-22 14:12 . 2011-08-22 14:12 55408 ----a-w- c:\windows\system32\vmnetbridge.dll
2011-08-22 14:12 . 2011-08-22 14:12 49776 ----a-w- c:\windows\system32\vnetinst.dll
2011-08-22 14:12 . 2011-08-22 14:12 36464 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2011-08-22 14:12 . 2011-08-22 14:12 19568 ----a-w- c:\windows\system32\drivers\vmnet.sys
2011-08-22 14:12 . 2011-08-22 14:12 16624 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2011-08-21 22:11 . 2011-08-21 22:11 32496 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-08-21 22:01 . 2011-08-21 22:01 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys
2011-08-16 17:48 . 2011-08-16 17:48 59080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2011-08-11 23:58 . 2011-08-13 03:10 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"replay_telecorder_skype"="c:\program files\Replay Telecorder for Skype\replay_telecorder_skype.exe" [2011-02-25 1573888]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-11-04 641400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-08-13 1873192]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"AtherosBtStack"="c:\program files\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2010-07-30 470176]
"AthBtTray"="c:\program files\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2010-07-30 289952]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Dell Magneto Popup"="c:\program files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe" [2010-11-03 111216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Syncables"="c:\program files\syncables\syncables desktop\syncables.exe" [2010-01-20 370480]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Stage Remote"="c:\program files\Dell\Stage Remote\StageRemote.exe" [2011-06-27 2022976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Administrator.Colin-PC-TABLET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-9-12 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell duo Stage.lnk - c:\program files\Dell\duo Stage\duoStage.exe [2010-10-18 1021504]
FreeMeter.lnk - c:\program files\FreeMeter\FreeMeter.exe [2011-7-2 614400]
uTorrent.lnk - c:\program files\uTorrent\uTorrent.exe [2011-4-30 641400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2011-04-18 16:40 2334560 ----a-w- c:\program files\AVG\AVG10\avgtray.exe
.
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
R0 eqhfv;eqhfv;c:\windows\System32\drivers\khfif.sys [x]
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2011-09-26 61328]
R1 MpKsl01189c55;MpKsl01189c55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76FF21B9-BADA-455D-8E6B-1A3D97069D50}\MpKsl01189c55.sys [x]
R1 MpKsl075ac2a2;MpKsl075ac2a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BA5B73A-A0DC-4034-B080-7070BAFC0D32}\MpKsl075ac2a2.sys [x]
R1 MpKsl1552b508;MpKsl1552b508;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B84F83E5-2BC7-4092-AE4C-59F2D0107A83}\MpKsl1552b508.sys [x]
R1 MpKsl29a6e976;MpKsl29a6e976;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE6988D5-1048-47A7-AFCB-A6603D3E3DDC}\MpKsl29a6e976.sys [x]
R1 MpKsl2f3d1eac;MpKsl2f3d1eac;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{00AF56C6-4A85-4C43-957F-2A4F7A018D13}\MpKsl2f3d1eac.sys [x]
R1 MpKsl391243de;MpKsl391243de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9063E547-6C1C-48BA-B90E-E084A36D0BE5}\MpKsl391243de.sys [x]
R1 MpKsl3a376c3b;MpKsl3a376c3b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E71F6109-447C-4CCC-94AF-523E68F92BB3}\MpKsl3a376c3b.sys [x]
R1 MpKsl43a7e482;MpKsl43a7e482;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{993046E5-8CFE-4B16-84BB-620B5D3B9F39}\MpKsl43a7e482.sys [x]
R1 MpKsl489a5610;MpKsl489a5610;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FAE8B463-E9F9-44FF-BE75-AAFE57722230}\MpKsl489a5610.sys [x]
R1 MpKsl5d04fe8d;MpKsl5d04fe8d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BA5B73A-A0DC-4034-B080-7070BAFC0D32}\MpKsl5d04fe8d.sys [x]
R1 MpKsl613c5c69;MpKsl613c5c69;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BA5B73A-A0DC-4034-B080-7070BAFC0D32}\MpKsl613c5c69.sys [x]
R1 MpKsl6853931e;MpKsl6853931e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D136C77C-F761-470C-A593-EB5E62CBC3CD}\MpKsl6853931e.sys [x]
R1 MpKsl73ca684e;MpKsl73ca684e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{99FE4DFA-7D13-4928-96F6-1C6E96689B72}\MpKsl73ca684e.sys [x]
R1 MpKsl7aa09a36;MpKsl7aa09a36;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F3932AE-5FAE-416B-A1BA-47D143573338}\MpKsl7aa09a36.sys [x]
R1 MpKsl864d6a95;MpKsl864d6a95;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DB949C9-99CC-4C61-BEE5-A075CD515257}\MpKsl864d6a95.sys [x]
R1 MpKsl885197d3;MpKsl885197d3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94DD2394-0E33-4D16-857E-4947D01366C1}\MpKsl885197d3.sys [x]
R1 MpKsl918b5994;MpKsl918b5994;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8D05044-B634-4F06-BD85-DB2A159982D3}\MpKsl918b5994.sys [x]
R1 MpKsl98f571d2;MpKsl98f571d2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05115FF7-74CE-467B-91BF-AD7FD9346C74}\MpKsl98f571d2.sys [x]
R1 MpKsl99f1cdc2;MpKsl99f1cdc2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6192BCED-2AE3-4594-A733-223DECA04E08}\MpKsl99f1cdc2.sys [x]
R1 MpKsl9c50a85e;MpKsl9c50a85e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3199E6E8-3E63-4562-A792-91F470211CCC}\MpKsl9c50a85e.sys [x]
R1 MpKslb997f421;MpKslb997f421;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C15F678-0EBF-45A6-85CE-37B73FD7C421}\MpKslb997f421.sys [x]
R1 MpKslc0374af8;MpKslc0374af8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E71F6109-447C-4CCC-94AF-523E68F92BB3}\MpKslc0374af8.sys [x]
R1 MpKslcf69ee51;MpKslcf69ee51;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D136C77C-F761-470C-A593-EB5E62CBC3CD}\MpKslcf69ee51.sys [x]
R1 MpKsld3c47538;MpKsld3c47538;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BA5B73A-A0DC-4034-B080-7070BAFC0D32}\MpKsld3c47538.sys [x]
R1 MpKsld70fb57c;MpKsld70fb57c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE0F7EB7-6F89-4EB1-8073-EE0A429E7C4B}\MpKsld70fb57c.sys [x]
R1 MpKsle6417336;MpKsle6417336;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE6988D5-1048-47A7-AFCB-A6603D3E3DDC}\MpKsle6417336.sys [x]
R1 MpKslf680a7f8;MpKslf680a7f8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0403984-DD62-4A83-934E-1D5A70FA8AC3}\MpKslf680a7f8.sys [x]
R1 MpKslfdda9708;MpKslfdda9708;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39F7A562-09C3-4D2E-A65B-00F39FDCB5B0}\MpKslfdda9708.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 6156]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 vnccom;vnccom;c:\windows\system32\Drivers\vnccom.SYS [2004-06-26 6016]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 28256]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-07-30 47144]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 CxUSBDock;Conexant USB Audio Dock Service;c:\windows\system32\CxUSBDock32.exe [2010-09-23 123008]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-04-30 206336]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-03-24 191008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-30 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]
R4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [2011-09-26 61328]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [2011-08-16 59080]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 98928]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-10-03 158512]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-10-03 91440]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Dell Wireless\Ath_CoexAgent.exe [2010-05-24 148980]
S2 AtherosSvc;AtherosSvc;c:\program files\Dell Wireless\Bluetooth Suite\adminservice.exe [2010-07-30 34928]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2010-09-23 190592]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1686648]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-08-21 658256]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 28256]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-07-30 37224]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-07-30 256360]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-07-30 28200]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-07-30 177704]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-07-30 46952]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-07-30 143080]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-07-31 230760]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 146528]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-05-22 70656]
S3 LSM303DLH;STMicroelectronics™ 3-Axis Accelerometer/Magnetometer;c:\windows\system32\DRIVERS\LSM303DLH.sys [2010-09-21 28272]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S3 QWARQNet;Qwarq Virtual Miniport;c:\windows\system32\DRIVERS\QWARQNet.sys [2010-02-23 10624]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-10-03 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-10-03 116016]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135307441-3158957637-1266189313-1001Core.job
- c:\users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 16:58]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135307441-3158957637-1266189313-1001UA.job
- c:\users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 16:58]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135307441-3158957637-1266189313-500Core.job
- c:\users\Administrator.Colin-PC-TABLET\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-11 23:17]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135307441-3158957637-1266189313-500UA.job
- c:\users\Administrator.Colin-PC-TABLET\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-11 23:17]
.
2011-11-06 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~2\Engine\360~1.31\Nss.exe [2011-10-11 15:22]
.
2011-11-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
2011-11-07 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.babylon.com/?babsrc=HP_ss&affID=18474&mntrId=1844e1a400000000000092252cc31e74
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: Interfaces\{8B498DBD-B098-4D2E-BCF2-380866CE863E}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{8B498DBD-B098-4D2E-BCF2-380866CE863E}\244584F6D656845726D254338313: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{8B498DBD-B098-4D2E-BCF2-380866CE863E}\45D2D4F62696C6560275962756C65637370205F696E6475627: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{F2674200-358B-4D30-83E8-B07ACA5ABBA8}: NameServer = 156.154.70.22,156.154.71.22
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=hex:51,66,7a,6c,4c,1d,38,12,4e,a0,d4,
c8,f8,fd,f7,04,ce,b0,dc,11,68,88,dc,3d
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=hex:51,66,7a,6c,4c,1d,38,12,cc,76,af,
a7,b5,51,e8,03,d5,55,10,07,d2,08,45,68
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:53,bd,8a,e8,a7,1c,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,e4,7a,c4,71,86,9f,4f,b0,a4,e1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,e4,7a,c4,71,86,9f,4f,b0,a4,e1,\
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,85,9b,
82,1f,14,b2,03,81,d8,9f,c6,68,aa,3d,a8
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,cc,
02,9f,b8,ec,08,bd,99,b9,17,8f,6c,fd,d7
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,3b,1b,28,ca,ff,
34,76,08,f6,00,ac,b9,57,2b,fb,40,21,2f
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,3b,1b,9d,6b,7d,
28,b0,11,92,0c,84,19,57,09,a7,d5,d5,e0
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,3b,1b,02,ee,b1,
26,5c,3f,3c,01,be,61,0d,25,e7,d5,88,d4
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,3b,1b,d6,c3,2e,
43,5a,24,b2,06,88,ee,01,9a,d9,e0,62,fd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2c,96,
68,f7,60,4d,07,af,f6,48,fc,1e,7a,e3,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c9,23,
8a,30,1c,d0,00,96,c3,12,24,75,4a,23,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,3b,1b,7b,fc,ce,
85,5d,d3,69,02,b3,10,57,15,c8,ad,b2,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,3b,1b,79,45,93,
b4,6e,7e,bb,04,97,74,b2,b7,86,58,04,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b5,e0,
ae,13,5e,36,03,a2,2d,01,f3,03,cc,42,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,db,
c1,77,f4,34,09,a4,7b,df,65,c2,87,c8,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,07,47,
30,c4,0b,0a,0c,b0,ac,8c,e9,64,6c,02,85
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,3b,1b,4b,e2,e1,
8d,3e,76,a0,06,9b,45,6e,9a,4d,6b,a3,8a
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:7d,f1,7a,a6,79,58,cc,01
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,8b,84,6b,89,36,0e,4f,b5,62,f9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,8b,84,6b,89,36,0e,4f,b5,62,f9,\
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_avi_file"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bin\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\MagicDisc.exe"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.flv"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML.Administrator"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML.Administrator"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mkv_file"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.msg.14"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NFO\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML.Administrator"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4088)
c:\program files\Dell Wireless\Bluetooth Suite\AthCopyHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\vmnat.exe
c:\program files\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Completion time: 2011-11-08 00:47:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-08 00:47
.
Pre-Run: 2,214,547,456 bytes free
Post-Run: 4,384,563,200 bytes free
.
- - End Of File - - 755BD34C1688B53C48A671523CAF17DD
bigfoot57 is offline  
Old 11-13-2011, 06:36 AM   #7
Registered Member
 
Join Date: Nov 2011
Posts: 45
OS: windows 7 home premium



Here is the Systemlook file

SystemLook 30.07.11 by jpshortstuff
Log created at 14:26 on 13/11/2011 by Administrator
Administrator - Elevation successful
========== filefind ==========
Searching for "afd.sys"
C:\Windows\System32\drivers\afd.sys --a---- 338944 bytes [04:50 15/06/2011] [02:18 25/04/2011] EE4AA90F68CC283C8E438A6A2DC9585D
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys --a---- 338944 bytes [23:12 13/07/2009] [23:12 13/07/2009] DDC040FDB01EF1712A6B13E52AFB104C
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys --a---- 338944 bytes [04:50 15/06/2011] [02:35 25/04/2011] 0DB7A48388D54D154EBEC120461A0FCD
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys --a---- 338944 bytes [04:50 15/06/2011] [02:27 25/04/2011] C114AB7A1550D42EA1700FFD4179CF5A
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys --a---- 338944 bytes [19:21 21/06/2011] [08:40 20/11/2010] 1151FD4FB0216CFED887BFDE29EBD516
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys --a---- 338944 bytes [04:50 15/06/2011] [02:18 25/04/2011] EE4AA90F68CC283C8E438A6A2DC9585D
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys --a---- 338944 bytes [04:50 15/06/2011] [03:24 25/04/2011] C427F91A748CD342A2B3F9278D9FD6A5
-= EOF =-
bigfoot57 is offline  
Old 11-13-2011, 03:05 PM   #8
Security Team
Analyst
 
Join Date: Sep 2010
Location: Maryland
Posts: 565
OS: Windows 7 64-bit



Since it has been several days since Combofix was originally run, and the program is updated regularly, I'd like to have you run it again. You'll need to right-click and delete the copy on the desktop of the infected machine. Then download a fresh copy and transfer it via USB.


Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
patndoris is offline  
Old 11-14-2011, 04:44 AM   #9
Registered Member
 
Join Date: Nov 2011
Posts: 45
OS: windows 7 home premium



The infected pc has no internet connectivity it can't even find my router for some reason just says unidentified network no internet haven't tried running anything else previous to your intervention none of the virus scanners installed would work they were stopped with error messages along the lines of you do not have significate privillages to run this program etc this happened even running them with administrator privilages so I haven't tried running them since.As for the rest of the pc it seems stable dosent shut down or do anything else strange but at the moment it's not being used for anything until it is either cured or trashed and reformatted if it can't be reinstated to functionality
Combofix has stalled for 2 hours on stage 48
bigfoot57 is offline  
Old 11-14-2011, 08:18 AM   #10
Registered Member
 
Join Date: Nov 2011
Posts: 45
OS: windows 7 home premium



Correction Here is the Combofix file nearly 5 hours after it 1st started

ComboFix 11-11-09.01 - Administrator 14/11/2011 10:03:41.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2036.853 [GMT 0:00]
Running from: c:\users\Administrator.Colin-PC-TABLET\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
E:\autorun.inf
Y:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-14 15:24 . 2011-11-14 15:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-14 15:24 . 2011-11-14 15:24 -------- d-----w- c:\users\Colin\AppData\Local\temp
2011-11-14 15:24 . 2011-11-14 15:24 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-11-14 15:24 . 2011-11-14 15:24 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-09 19:25 . 2011-11-14 09:15 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A320A2D2-F35E-4AB2-B683-3792972B0A8B}\offreg.dll
2011-11-08 00:21 . 2011-11-14 15:25 -------- d-----w- c:\users\Administrator.Colin-PC-TABLET\AppData\Local\temp
2011-11-07 22:55 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-11-07 20:19 . 2011-11-07 20:19 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-07 19:45 . 2011-11-07 19:45 -------- d-----w- c:\program files\BabylonToolbar
2011-11-07 19:45 . 2011-11-07 19:45 -------- d-----w- c:\users\Administrator.Colin-PC-TABLET\AppData\Local\Babylon
2011-11-07 19:45 . 2011-11-07 19:45 -------- d-----w- c:\users\Administrator.Colin-PC-TABLET\AppData\Roaming\FileHunter
2011-11-07 15:06 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-07 15:06 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-07 15:06 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-07 15:06 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-07 15:06 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-07 15:06 . 2011-02-23 14:55 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-07 15:06 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-11-07 15:06 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-07 06:34 . 2011-11-07 06:34 41680 ----a-w- c:\windows\system32\drivers\qpzhhfbt.sys
2011-11-06 23:23 . 2011-11-06 23:23 -------- d-----w- c:\users\Administrator.Colin-PC-TABLET\AppData\Roaming\Malwarebytes
2011-11-06 23:23 . 2011-11-06 23:23 -------- d-----w- c:\programdata\Malwarebytes
2011-11-06 23:23 . 2011-11-07 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-06 23:23 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-06 19:59 . 2011-11-06 19:59 -------- d-----w- c:\program files\STOPzilla!
2011-11-06 19:59 . 2011-11-06 23:18 -------- d-----w- c:\programdata\STOPzilla!
2011-11-06 19:59 . 2011-11-06 19:59 -------- d-----w- c:\program files\Common Files\iS3
2011-11-06 17:43 . 2011-10-18 02:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A320A2D2-F35E-4AB2-B683-3792972B0A8B}\mpengine.dll
2011-11-06 13:55 . 2011-11-06 13:55 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8D05044-B634-4F06-BD85-DB2A159982D3}\MpKsl7f05a2a1.sys
2011-11-06 13:50 . 2011-11-06 13:50 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-11-06 12:06 . 2011-11-06 12:06 -------- d-----w- c:\programdata\NoVirusThanks
2011-11-06 11:58 . 2011-11-06 11:58 -------- d-----w- c:\program files\NoVirusThanks
2011-11-06 11:34 . 2011-11-07 15:05 -------- d-----w- c:\programdata\AVAST Software
2011-11-06 11:34 . 2011-11-06 11:34 -------- d-----w- c:\program files\AVAST Software
2011-11-06 10:19 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8D05044-B634-4F06-BD85-DB2A159982D3}\mpengine.dll
2011-11-06 09:35 . 2011-11-06 09:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-06 09:31 . 2011-11-06 09:31 -------- d-sh--w- c:\users\Administrator.Colin-PC-TABLET\AppData\Local\781e2328
2011-11-05 00:47 . 2011-11-05 00:47 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-11-05 00:47 . 2011-11-05 00:47 480720 ----a-r- c:\windows\system32\SZBase5.dll
2011-11-05 00:47 . 2011-11-05 00:47 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-11-05 00:47 . 2011-11-05 00:47 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-11-05 00:47 . 2011-11-05 00:47 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-11-05 00:47 . 2011-11-05 00:47 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-11-05 00:47 . 2011-11-05 00:47 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-11-05 00:47 . 2011-11-05 00:47 456144 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-11-05 00:47 . 2011-11-05 00:47 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-11-05 00:47 . 2011-11-05 00:47 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-11-05 00:47 . 2011-11-05 00:47 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-11-05 00:47 . 2011-11-05 00:47 103888 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-11-04 21:43 . 2011-11-04 21:43 -------- d-----w- c:\users\Administrator.Colin-PC-TABLET\AppData\Local\uTorrent
2011-10-22 14:45 . 2011-10-22 14:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-10-22 13:06 . 2011-10-22 13:06 -------- d-----w- c:\program files\Common Files\Java
2011-10-16 00:40 . 2011-10-16 00:40 -------- d-----w- c:\users\Administrator.Colin-PC-TABLET\AppData\Local\GHISLER
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 18:40 . 2011-10-11 18:41 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{744E8EBB-9934-41E6-8BA9-68AADBAF9DAC}\gapaengine.dll
2011-10-07 03:48 . 2011-08-13 03:09 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 15:49 . 2011-10-12 12:45 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-10-03 15:49 . 2011-10-12 12:45 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-10-03 15:49 . 2011-10-03 15:49 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-10-03 15:49 . 2011-10-03 15:49 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-10-03 15:49 . 2011-10-03 15:49 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-10-03 04:06 . 2010-12-04 22:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-26 12:21 . 2011-09-26 12:21 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2011-09-26 12:21 . 2011-09-26 12:21 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys
2011-09-17 15:50 . 2011-05-16 02:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-12 21:56 . 2011-09-12 21:56 338432 ----a-w- c:\windows\system32\REX Shared Library.dll
2011-09-12 21:56 . 2011-09-12 21:56 406528 ----a-w- c:\windows\system32\ReWire.dll
2011-09-06 02:28 . 2011-10-11 20:32 2334720 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-12 12:31 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-12 12:31 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-12 12:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-27 04:26 . 2011-10-11 20:32 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-11 20:32 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-22 16:23 . 2011-08-22 16:23 55280 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-08-22 16:23 . 2011-10-13 22:36 347560 ----a-w- c:\windows\system32\vmnetdhcp.exe
2011-08-22 16:23 . 2011-10-13 22:36 783472 ----a-w- c:\windows\system32\vnetlib.dll
2011-08-22 16:22 . 2011-10-13 22:36 425864 ----a-w- c:\windows\system32\vmnat.exe
2011-08-22 16:22 . 2011-10-13 22:35 25584 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2011-08-22 16:22 . 2011-10-13 22:36 25712 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-08-22 14:40 . 2011-08-22 14:40 252016 ----a-w- c:\windows\system32\vmnc.dll
2011-08-22 14:12 . 2011-08-22 14:12 55408 ----a-w- c:\windows\system32\vmnetbridge.dll
2011-08-22 14:12 . 2011-08-22 14:12 49776 ----a-w- c:\windows\system32\vnetinst.dll
2011-08-22 14:12 . 2011-08-22 14:12 36464 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2011-08-22 14:12 . 2011-08-22 14:12 19568 ----a-w- c:\windows\system32\drivers\vmnet.sys
2011-08-22 14:12 . 2011-08-22 14:12 16624 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2011-08-21 22:11 . 2011-08-21 22:11 32496 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-08-21 22:01 . 2011-08-21 22:01 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys
2011-08-17 04:24 . 2011-10-11 20:32 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 04:19 . 2011-10-11 20:32 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-08-16 17:48 . 2011-08-16 17:48 59080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"replay_telecorder_skype"="c:\program files\Replay Telecorder for Skype\replay_telecorder_skype.exe" [2011-02-25 1573888]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-11-04 641400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-08-13 1873192]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"AtherosBtStack"="c:\program files\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2010-07-30 470176]
"AthBtTray"="c:\program files\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2010-07-30 289952]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Dell Magneto Popup"="c:\program files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe" [2010-11-03 111216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Syncables"="c:\program files\syncables\syncables desktop\syncables.exe" [2010-01-20 370480]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Stage Remote"="c:\program files\Dell\Stage Remote\StageRemote.exe" [2011-06-27 2022976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Administrator.Colin-PC-TABLET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-9-12 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell duo Stage.lnk - c:\program files\Dell\duo Stage\duoStage.exe [2010-10-18 1021504]
FreeMeter.lnk - c:\program files\FreeMeter\FreeMeter.exe [2011-7-2 614400]
uTorrent.lnk - c:\program files\uTorrent\uTorrent.exe [2011-4-30 641400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2011-04-18 16:40 2334560 ----a-w- c:\program files\AVG\AVG10\avgtray.exe
.
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
R0 eqhfv;eqhfv;c:\windows\System32\drivers\khfif.sys [x]
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2011-09-26 61328]
R1 MpKsl01189c55;MpKsl01189c55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76FF21B9-BADA-455D-8E6B-1A3D97069D50}\MpKsl01189c55.sys [x]
R1 MpKsl075ac2a2;MpKsl075ac2a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BA5B73A-A0DC-4034-B080-7070BAFC0D32}\MpKsl075ac2a2.sys [x]
R1 MpKsl1552b508;MpKsl1552b508;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B84F83E5-2BC7-4092-AE4C-59F2D0107A83}\MpKsl1552b508.sys [x]
R1 MpKsl29a6e976;MpKsl29a6e976;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE6988D5-1048-47A7-AFCB-A6603D3E3DDC}\MpKsl29a6e976.sys [x]
R1 MpKsl2f3d1eac;MpKsl2f3d1eac;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{00AF56C6-4A85-4C43-957F-2A4F7A018D13}\MpKsl2f3d1eac.sys [x]
R1 MpKsl391243de;MpKsl391243de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9063E547-6C1C-48BA-B90E-E084A36D0BE5}\MpKsl391243de.sys [x]
R1 MpKsl3a376c3b;MpKsl3a376c3b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E71F6109-447C-4CCC-94AF-523E68F92BB3}\MpKsl3a376c3b.sys [x]
R1 MpKsl43a7e482;MpKsl43a7e482;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{993046E5-8CFE-4B16-84BB-620B5D3B9F39}\MpKsl43a7e482.sys [x]
R1 MpKsl489a5610;MpKsl489a5610;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FAE8B463-E9F9-44FF-BE75-AAFE57722230}\MpKsl489a5610.sys [x]
R1 MpKsl5d04fe8d;MpKsl5d04fe8d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BA5B73A-A0DC-4034-B080-7070BAFC0D32}\MpKsl5d04fe8d.sys [x]
R1 MpKsl613c5c69;MpKsl613c5c69;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BA5B73A-A0DC-4034-B080-7070BAFC0D32}\MpKsl613c5c69.sys [x]
R1 MpKsl6853931e;MpKsl6853931e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D136C77C-F761-470C-A593-EB5E62CBC3CD}\MpKsl6853931e.sys [x]
R1 MpKsl73ca684e;MpKsl73ca684e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{99FE4DFA-7D13-4928-96F6-1C6E96689B72}\MpKsl73ca684e.sys [x]
R1 MpKsl7aa09a36;MpKsl7aa09a36;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F3932AE-5FAE-416B-A1BA-47D143573338}\MpKsl7aa09a36.sys [x]
R1 MpKsl864d6a95;MpKsl864d6a95;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DB949C9-99CC-4C61-BEE5-A075CD515257}\MpKsl864d6a95.sys [x]
R1 MpKsl885197d3;MpKsl885197d3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94DD2394-0E33-4D16-857E-4947D01366C1}\MpKsl885197d3.sys [x]
R1 MpKsl918b5994;MpKsl918b5994;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8D05044-B634-4F06-BD85-DB2A159982D3}\MpKsl918b5994.sys [x]
R1 MpKsl98f571d2;MpKsl98f571d2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05115FF7-74CE-467B-91BF-AD7FD9346C74}\MpKsl98f571d2.sys [x]
R1 MpKsl99f1cdc2;MpKsl99f1cdc2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6192BCED-2AE3-4594-A733-223DECA04E08}\MpKsl99f1cdc2.sys [x]
R1 MpKsl9c50a85e;MpKsl9c50a85e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3199E6E8-3E63-4562-A792-91F470211CCC}\MpKsl9c50a85e.sys [x]
R1 MpKslb997f421;MpKslb997f421;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C15F678-0EBF-45A6-85CE-37B73FD7C421}\MpKslb997f421.sys [x]
R1 MpKslc0374af8;MpKslc0374af8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E71F6109-447C-4CCC-94AF-523E68F92BB3}\MpKslc0374af8.sys [x]
R1 MpKslcf69ee51;MpKslcf69ee51;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D136C77C-F761-470C-A593-EB5E62CBC3CD}\MpKslcf69ee51.sys [x]
R1 MpKsld3c47538;MpKsld3c47538;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BA5B73A-A0DC-4034-B080-7070BAFC0D32}\MpKsld3c47538.sys [x]
R1 MpKsld70fb57c;MpKsld70fb57c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE0F7EB7-6F89-4EB1-8073-EE0A429E7C4B}\MpKsld70fb57c.sys [x]
R1 MpKsle6417336;MpKsle6417336;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE6988D5-1048-47A7-AFCB-A6603D3E3DDC}\MpKsle6417336.sys [x]
R1 MpKslf680a7f8;MpKslf680a7f8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0403984-DD62-4A83-934E-1D5A70FA8AC3}\MpKslf680a7f8.sys [x]
R1 MpKslfdda9708;MpKslfdda9708;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39F7A562-09C3-4D2E-A65B-00F39FDCB5B0}\MpKslfdda9708.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 6156]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 vnccom;vnccom;c:\windows\system32\Drivers\vnccom.SYS [2004-06-26 6016]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 28256]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-07-30 37224]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-07-30 47144]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-07-30 256360]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-07-30 177704]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-07-30 46952]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-07-30 143080]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-07-31 230760]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 CxUSBDock;Conexant USB Audio Dock Service;c:\windows\system32\CxUSBDock32.exe [2010-09-23 123008]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-04-30 206336]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 QWARQNet;Qwarq Virtual Miniport;c:\windows\system32\DRIVERS\QWARQNet.sys [2010-02-23 10624]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-03-24 191008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-30 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]
R4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [2011-09-26 61328]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [2011-08-16 59080]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 98928]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-10-03 158512]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-10-03 91440]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Dell Wireless\Ath_CoexAgent.exe [2010-05-24 148980]
S2 AtherosSvc;AtherosSvc;c:\program files\Dell Wireless\Bluetooth Suite\adminservice.exe [2010-07-30 34928]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2010-09-23 190592]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1686648]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-08-21 658256]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 28256]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-07-30 28200]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 146528]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-05-22 70656]
S3 LSM303DLH;STMicroelectronics™ 3-Axis Accelerometer/Magnetometer;c:\windows\system32\DRIVERS\LSM303DLH.sys [2010-09-21 28272]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-10-03 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-10-03 116016]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135307441-3158957637-1266189313-1001Core.job
- c:\users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 16:58]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135307441-3158957637-1266189313-1001UA.job
- c:\users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 16:58]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135307441-3158957637-1266189313-500Core.job
- c:\users\Administrator.Colin-PC-TABLET\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-11 23:17]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135307441-3158957637-1266189313-500UA.job
- c:\users\Administrator.Colin-PC-TABLET\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-11 23:17]
.
2011-11-06 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~2\Engine\360~1.31\Nss.exe [2011-10-11 15:22]
.
2011-11-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
2011-11-07 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.babylon.com/?babsrc=HP_ss&affID=18474&mntrId=1844e1a400000000000092252cc31e74
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: Interfaces\{8B498DBD-B098-4D2E-BCF2-380866CE863E}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{8B498DBD-B098-4D2E-BCF2-380866CE863E}\244584F6D656845726D254338313: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{8B498DBD-B098-4D2E-BCF2-380866CE863E}\45D2D4F62696C6560275962756C65637370205F696E6475627: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{F2674200-358B-4D30-83E8-B07ACA5ABBA8}: NameServer = 156.154.70.22,156.154.71.22
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=hex:51,66,7a,6c,4c,1d,38,12,4e,a0,d4,
c8,f8,fd,f7,04,ce,b0,dc,11,68,88,dc,3d
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=hex:51,66,7a,6c,4c,1d,38,12,cc,76,af,
a7,b5,51,e8,03,d5,55,10,07,d2,08,45,68
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:53,bd,8a,e8,a7,1c,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,e4,7a,c4,71,86,9f,4f,b0,a4,e1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,e4,7a,c4,71,86,9f,4f,b0,a4,e1,\
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,85,9b,
82,1f,14,b2,03,81,d8,9f,c6,68,aa,3d,a8
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,cc,
02,9f,b8,ec,08,bd,99,b9,17,8f,6c,fd,d7
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,3b,1b,28,ca,ff,
34,76,08,f6,00,ac,b9,57,2b,fb,40,21,2f
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,3b,1b,9d,6b,7d,
28,b0,11,92,0c,84,19,57,09,a7,d5,d5,e0
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,3b,1b,02,ee,b1,
26,5c,3f,3c,01,be,61,0d,25,e7,d5,88,d4
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,3b,1b,d6,c3,2e,
43,5a,24,b2,06,88,ee,01,9a,d9,e0,62,fd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2c,96,
68,f7,60,4d,07,af,f6,48,fc,1e,7a,e3,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c9,23,
8a,30,1c,d0,00,96,c3,12,24,75,4a,23,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,3b,1b,7b,fc,ce,
85,5d,d3,69,02,b3,10,57,15,c8,ad,b2,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,3b,1b,79,45,93,
b4,6e,7e,bb,04,97,74,b2,b7,86,58,04,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b5,e0,
ae,13,5e,36,03,a2,2d,01,f3,03,cc,42,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,db,
c1,77,f4,34,09,a4,7b,df,65,c2,87,c8,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,07,47,
30,c4,0b,0a,0c,b0,ac,8c,e9,64,6c,02,85
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,3b,1b,4b,e2,e1,
8d,3e,76,a0,06,9b,45,6e,9a,4d,6b,a3,8a
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:7d,f1,7a,a6,79,58,cc,01
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,8b,84,6b,89,36,0e,4f,b5,62,f9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,8b,84,6b,89,36,0e,4f,b5,62,f9,\
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_avi_file"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bin\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\MagicDisc.exe"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.flv"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML.Administrator"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML.Administrator"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mkv_file"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.msg.14"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NFO\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML.Administrator"
.
[HKEY_USERS\S-1-5-21-3135307441-3158957637-1266189313-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-14 15:38:38
ComboFix-quarantined-files.txt 2011-11-14 15:38
ComboFix2.txt 2011-11-08 00:47
.
Pre-Run: 4,383,166,464 bytes free
Post-Run: 3,972,431,872 bytes free
.
- - End Of File - - 34F986B02F9F5ADDF819876911DC1614
bigfoot57 is offline  
Old 11-14-2011, 02:30 PM   #11
Security Team
Analyst
 
Join Date: Sep 2010
Location: Maryland
Posts: 565
OS: Windows 7 64-bit



Can you please locate the following file and copy/paste the contents in your next reply c:\qoobox\combofix-quarantined-files.txt

The Zero Access infection doesn't affect any two machines quite the same, so it can be tricky to remove.

You'll need to transfer the GMER file in the next instructions via USB please.
Download and Run GMER


Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Right-click and choose Run as Administrator on GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Click the image to enlarge it
  • In the right panel, you will see several boxes that may have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one - make sure it is UNCHECKED)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries




In the next steps it may seem like I'm asking you to run the same things you've already done, but I assure you it is necessary.

Please read carefully and follow these steps. There is a difference between what you see in one of the images below and what I need you to do.
We are only creating a log - I do NOT want you to "cure" or try to fix anything in this step. It is very important that you don't choose Cure when presented with that option.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.




  • If an infected file is detected, the default action will be Cure but I want you to choose SKIP instead , click on Continue.




  • If a suspicious file is detected, the default action will be Skip, click on Continue.




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
patndoris is offline  
Old 11-16-2011, 06:21 AM   #12
Registered Member
 
Join Date: Nov 2011
Posts: 45
OS: windows 7 home premium



Here is the Combofix Quarentined Files Txt
GMER ran for over 12 hours crashed the computer and left me with a desktop in minature which i had to reboot and restore back to it's original size do you want me to run GMER again before running the TDSSkiller again

2011-11-14 15:25:20 . 2011-11-14 15:25:20 365 ----a-w- C:\Qoobox\Quarantine\Y\av2.zip
2011-11-14 15:25:19 . 2004-04-30 23:01:00 53 ----a-w- C:\Qoobox\Quarantine\Y\Autorun.inf.vir
2011-11-14 15:25:18 . 2011-11-14 15:25:18 332 ----a-w- C:\Qoobox\Quarantine\E\av2.zip
2011-11-14 15:25:17 . 2002-10-16 17:56:50 36 ----a-w- C:\Qoobox\Quarantine\E\autorun.inf.vir
2011-11-08 00:37:21 . 2011-11-08 00:37:21 132 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2011-11-08 00:37:19 . 2011-11-08 00:37:19 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2011-11-07 23:59:07 . 2011-11-07 23:59:07 410 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_781e2328.reg.dat
2011-11-07 23:50:46 . 2011-11-14 10:42:08 15,112 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-11-07 22:35:55 . 2011-11-14 10:03:41 237 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-11-07 1500 . 2011-02-23 15:04:17 190,016 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\ .vir
2011-11-06 16:49:59 . 2011-11-06 17:56:43 23,040 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB42185$\2015241000\U\@800000cb.vir
2011-11-06 12:01:44 . 2011-11-06 13:53:05 29,184 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB42185$\2015241000\U\@800000cf.vir
2011-11-06 11:37:23 . 2011-11-06 13:53:04 3,072 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB42185$\2015241000\U\@000000c0.vir
2011-11-06 09:39:57 . 2011-11-07 21:54:09 28,160 ----a-w- C:\Qoobox\Quarantine\C\Windows\assembly\GAC_MSIL\desktop.ini.vir
2011-11-06 09:35:13 . 2011-11-07 21:57:09 2,632 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB42185$\2015241000\loader.tlb.vir
2011-11-06 09:31:25 . 2011-11-06 09:31:26 2,048 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB42185$\2015241000\@.vir
2011-11-06 09:31:25 . 2011-11-07 21:54:24 0 ----a-w- C:\Qoobox\Quarantine\C\Windows\673390200.vir
2011-11-06 09:31:25 . 2011-11-06 09:31:25 338,944 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB42185$\2015241000\L\xadqgnnk.vir
2011-11-06 09:31:18 . 2011-11-06 09:31:18 0 -c--a-we C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB42185$\2103263665.vir
2011-10-22 22:50:54 . 2011-11-06 09:31:42 23,040 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB42185$\2015241000\U\@80000000.vir
2011-10-09 11:38:56 . 2010-12-17 06:56:10 545 ----a-w- C:\Qoobox\Quarantine\C\Windows\pkzip.pif.vir
2011-10-09 11:38:56 . 2010-12-17 06:56:10 545 ----a-w- C:\Qoobox\Quarantine\C\Windows\pkunzip.pif.vir
2011-09-30 00:34:34 . 2011-11-06 09:31:42 3,072 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB42185$\2015241000\U\@000000cb.vir
2011-09-16 08:29:44 . 2011-11-06 09:31:42 35,840 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB42185$\2015241000\U\@800000c0.vir
2011-09-10 14:59:36 . 2011-11-06 09:31:42 45,968 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB42185$\2015241000\U\@00000001.vir
2011-09-09 19:03:00 . 2011-11-06 09:31:42 1,536 -c--a-w- C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB42185$\2015241000\U\@000000cf.vir
2011-06-21 22:12:52 . 2011-06-21 22:12:52 1,056,768 ----a-w- C:\Qoobox\Quarantine\C\Windows\security\database\tmp.edb.vir
2009-07-13 20:22:41 . 2009-06-10 21:48:14 48,016 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\c_59142.nls.vir
bigfoot57 is offline  
Old 11-16-2011, 01:18 PM   #13
Security Team
Analyst
 
Join Date: Sep 2010
Location: Maryland
Posts: 565
OS: Windows 7 64-bit



It would appear that you have more than one anti-virus solution on your machine. I can see both AVG and Microsoft Security Essentials installed.

Having more than one anti-virus program on your machine, even if only one is running, can cause conflicts and slowdowns in the performance of the machine.
Before continuing on, please completely uninstall one of the programs via Programs & Features in your control panel. If you are not prompted to do so, please reboot after uninstalling one of them.

Then please try the GMER and TDSSKiller w/skip instructions again and see how it goes.

Let me know if you have any issues with them again.
patndoris is offline  
Old 11-16-2011, 02:17 PM   #14
Registered Member
 
Join Date: Nov 2011
Posts: 45
OS: windows 7 home premium



The uninstallers for these programs do not work nor does the control panel option so how do er remove them ? reload new versions and then uninstall assuming i get permission from the pc to install these programs in the 1st place
bigfoot57 is offline  
Old 11-16-2011, 03:02 PM   #15
Registered Member
 
Join Date: Nov 2011
Posts: 45
OS: windows 7 home premium



Ok got rid of MSE can't get rid of AVG for some reason now going to run GMER again will post log when if it completes
bigfoot57 is offline  
Old 11-16-2011, 04:51 PM   #16
Security Team
Analyst
 
Join Date: Sep 2010
Location: Maryland
Posts: 565
OS: Windows 7 64-bit



Sorry, I was out for a bit. For now, please go ahead with just AVG on the machine. If you want to remove it later when we are done with malware removal I'll help you do so at that time. I'll wait to hear back how GMER and TDSSKiller do.
patndoris is offline  
Old 11-17-2011, 10:01 AM   #17
Registered Member
 
Join Date: Nov 2011
Posts: 45
OS: windows 7 home premium



Hello again well GMER crashed the machine again after running since about 23:00 last night until 17:45 today this time I saw it happen the screen went black and then the machine switched off completely not even the power light was lit which it normaly does to show it's plugged into the mains or running on battery I now believe that GMER will not run sucsessfully on that machine this being the case do I now run TDSSKiller and forget about GMER or is there somesort of log produced before the crash that can be salvaged
bigfoot57 is offline  
Old 11-17-2011, 10:04 AM   #18
Security Team
Analyst
 
Join Date: Sep 2010
Location: Maryland
Posts: 565
OS: Windows 7 64-bit



Go ahead with TDSSKiller w/skip instructions and let's see what we get.
patndoris is offline  
Old 11-17-2011, 11:11 AM   #19
Registered Member
 
Join Date: Nov 2011
Posts: 45
OS: windows 7 home premium



OK here is the TDSSKiler log file

19:02:15.0818 10280 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
19:02:16.0005 10280 ============================================================
19:02:16.0005 10280 Current date / time: 2011/11/17 19:02:16.0005
19:02:16.0005 10280 SystemInfo:
19:02:16.0005 10280
19:02:16.0005 10280 OS Version: 6.1.7601 ServicePack: 1.0
19:02:16.0005 10280 Product type: Workstation
19:02:16.0005 10280 ComputerName: COLIN-PC-TABLET
19:02:16.0005 10280 UserName: Administrator
19:02:16.0005 10280 Windows directory: C:\Windows
19:02:16.0005 10280 System windows directory: C:\Windows
19:02:16.0005 10280 Processor architecture: Intel x86
19:02:16.0005 10280 Number of processors: 4
19:02:16.0005 10280 Page size: 0x1000
19:02:16.0005 10280 Boot type: Normal boot
19:02:16.0005 10280 ============================================================
19:02:17.0160 10280 Initialize success
19:02:22.0667 8372 ============================================================
19:02:22.0667 8372 Scan started
19:02:22.0667 8372 Mode: Manual;
19:02:22.0667 8372 ============================================================
19:02:23.0525 8372 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:02:23.0540 8372 1394ohci - ok
19:02:23.0618 8372 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:02:23.0618 8372 ACPI - ok
19:02:23.0759 8372 acpials (79d6b28027c398b728ce7cd0570248b0) C:\Windows\system32\DRIVERS\acpials.sys
19:02:23.0759 8372 acpials - ok
19:02:23.0899 8372 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:02:23.0930 8372 AcpiPmi - ok
19:02:24.0039 8372 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:02:24.0055 8372 adp94xx - ok
19:02:24.0149 8372 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:02:24.0164 8372 adpahci - ok
19:02:24.0242 8372 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:02:24.0242 8372 adpu320 - ok
19:02:24.0539 8372 AFD (ee4aa90f68cc283c8e438a6a2dc9585d) C:\Windows\system32\drivers\afd.sys
19:02:24.0554 8372 AFD ( Rootkit.Win32.ZAccess.g ) - infected
19:02:24.0554 8372 AFD - detected Rootkit.Win32.ZAccess.g (0)
19:02:24.0617 8372 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:02:24.0617 8372 agp440 - ok
19:02:24.0819 8372 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:02:24.0819 8372 aic78xx - ok
19:02:24.0913 8372 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:02:24.0913 8372 aliide - ok
19:02:25.0100 8372 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:02:25.0100 8372 amdagp - ok
19:02:25.0209 8372 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:02:25.0209 8372 amdide - ok
19:02:25.0319 8372 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:02:25.0334 8372 AmdK8 - ok
19:02:25.0381 8372 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:02:25.0397 8372 AmdPPM - ok
19:02:25.0506 8372 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:02:25.0521 8372 amdsata - ok
19:02:25.0599 8372 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:02:25.0615 8372 amdsbs - ok
19:02:25.0709 8372 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:02:25.0724 8372 amdxata - ok
19:02:25.0787 8372 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:02:25.0802 8372 AppID - ok
19:02:26.0036 8372 appliand (69370f2e2827ffba910d0bfa9e62e484) C:\Windows\system32\DRIVERS\appliand.sys
19:02:26.0036 8372 appliand - ok
19:02:26.0083 8372 appliandMP (69370f2e2827ffba910d0bfa9e62e484) C:\Windows\system32\DRIVERS\appliand.sys
19:02:26.0099 8372 appliandMP - ok
19:02:26.0239 8372 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:02:26.0255 8372 arc - ok
19:02:26.0301 8372 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:02:26.0317 8372 arcsas - ok
19:02:26.0567 8372 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
19:02:26.0567 8372 aswFsBlk - ok
19:02:26.0645 8372 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
19:02:26.0645 8372 aswMonFlt - ok
19:02:26.0816 8372 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
19:02:26.0832 8372 aswRdr - ok
19:02:26.0910 8372 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
19:02:26.0925 8372 aswSnx - ok
19:02:27.0253 8372 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
19:02:27.0269 8372 aswSP - ok
19:02:27.0440 8372 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
19:02:27.0456 8372 aswTdi - ok
19:02:27.0518 8372 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:02:27.0518 8372 AsyncMac - ok
19:02:27.0690 8372 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:02:27.0690 8372 atapi - ok
19:02:27.0846 8372 AthBTPort (c71f8c212cbd7254dce59c168890da63) C:\Windows\system32\DRIVERS\btath_flt.sys
19:02:27.0861 8372 AthBTPort - ok
19:02:28.0049 8372 ATHDFU (70441751b1d988608e135d4f903aba5c) C:\Windows\system32\Drivers\AthDfu.sys
19:02:28.0049 8372 ATHDFU - ok
19:02:28.0298 8372 athr (30a3f6ec0aa3470f71f52255d9e9c681) C:\Windows\system32\DRIVERS\athr.sys
19:02:28.0345 8372 athr - ok
19:02:28.0579 8372 AVGIDSDriver (2177e7448c1ecfb35a5db417603d205a) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
19:02:28.0595 8372 AVGIDSDriver - ok
19:02:28.0766 8372 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
19:02:28.0782 8372 AVGIDSEH - ok
19:02:29.0000 8372 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
19:02:29.0000 8372 AVGIDSFilter - ok
19:02:29.0234 8372 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
19:02:29.0250 8372 AVGIDSShim - ok
19:02:29.0390 8372 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
19:02:29.0406 8372 Avgldx86 - ok
19:02:29.0593 8372 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
19:02:29.0593 8372 Avgmfx86 - ok
19:02:29.0733 8372 Avgrkx86 - ok
19:02:29.0874 8372 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
19:02:29.0889 8372 Avgtdix - ok
19:02:30.0123 8372 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:02:30.0139 8372 b06bdrv - ok
19:02:30.0201 8372 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:02:30.0217 8372 b57nd60x - ok
19:02:30.0435 8372 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:02:30.0451 8372 Beep - ok
19:02:30.0654 8372 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:02:30.0654 8372 blbdrive - ok
19:02:30.0810 8372 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:02:30.0825 8372 bowser - ok
19:02:30.0919 8372 BRCMDECO (a829cae879189857448f0e05c982f592) C:\Windows\system32\DRIVERS\BRCMHD32.sys
19:02:30.0950 8372 BRCMDECO - ok
19:02:31.0075 8372 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:02:31.0075 8372 BrFiltLo - ok
19:02:31.0169 8372 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:02:31.0169 8372 BrFiltUp - ok
19:02:31.0309 8372 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:02:31.0325 8372 Brserid - ok
19:02:31.0418 8372 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:02:31.0434 8372 BrSerWdm - ok
19:02:31.0574 8372 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:02:31.0574 8372 BrUsbMdm - ok
19:02:31.0637 8372 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:02:31.0637 8372 BrUsbSer - ok
19:02:31.0824 8372 BTATH_A2DP (414909ecaa306519ca9bb5cab34a4dee) C:\Windows\system32\drivers\btath_a2dp.sys
19:02:31.0839 8372 BTATH_A2DP - ok
19:02:31.0902 8372 BTATH_BUS (1386d2a1e0bc3f95e5492272f6aaec29) C:\Windows\system32\DRIVERS\btath_bus.sys
19:02:31.0917 8372 BTATH_BUS - ok
19:02:32.0058 8372 BTATH_HCRP (4d4ce30cbc8048ba630b62e35b4bb020) C:\Windows\system32\DRIVERS\btath_hcrp.sys
19:02:32.0073 8372 BTATH_HCRP - ok
19:02:32.0198 8372 BTATH_LWFLT (f59d6fcbb26cbd633088ee0402dbcef0) C:\Windows\system32\DRIVERS\btath_lwflt.sys
19:02:32.0214 8372 BTATH_LWFLT - ok
19:02:32.0323 8372 BTATH_RCP (f7784f58b05838af42a0574ac701e4f6) C:\Windows\system32\DRIVERS\btath_rcp.sys
19:02:32.0323 8372 BTATH_RCP - ok
19:02:32.0526 8372 BtFilter (c75aa634a9f7bde0264f17507a15322a) C:\Windows\system32\DRIVERS\btfilter.sys
19:02:32.0541 8372 BtFilter - ok
19:02:32.0682 8372 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
19:02:32.0713 8372 BthEnum - ok
19:02:32.0791 8372 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:02:32.0807 8372 BTHMODEM - ok
19:02:32.0994 8372 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
19:02:33.0009 8372 BthPan - ok
19:02:33.0212 8372 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
19:02:33.0228 8372 BTHPORT - ok
19:02:33.0415 8372 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
19:02:33.0431 8372 BTHUSB - ok
19:02:33.0587 8372 catchme - ok
19:02:33.0758 8372 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:02:33.0774 8372 cdfs - ok
19:02:33.0867 8372 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
19:02:33.0883 8372 cdrom - ok
19:02:34.0023 8372 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:02:34.0039 8372 circlass - ok
19:02:34.0211 8372 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:02:34.0226 8372 CLFS - ok
19:02:34.0351 8372 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:02:34.0367 8372 CmBatt - ok
19:02:34.0523 8372 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:02:34.0523 8372 cmdide - ok
19:02:34.0694 8372 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
19:02:34.0710 8372 CNG - ok
19:02:34.0803 8372 CnxtHdAudService (a08d9a4eb4f9d2faa1d4e10bc91b695c) C:\Windows\system32\drivers\CHDRT32.sys
19:02:34.0819 8372 CnxtHdAudService - ok
19:02:34.0991 8372 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:02:35.0006 8372 Compbatt - ok
19:02:35.0084 8372 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:02:35.0100 8372 CompositeBus - ok
19:02:35.0162 8372 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:02:35.0178 8372 crcdisk - ok
19:02:35.0459 8372 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
19:02:35.0459 8372 CtAudDrv - ok
19:02:35.0568 8372 CtClsFlt (ceba8413f9b2c73a4e9e16dbd127dc25) C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:02:35.0583 8372 CtClsFlt - ok
19:02:35.0864 8372 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:02:35.0880 8372 DfsC - ok
19:02:36.0005 8372 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:02:36.0005 8372 discache - ok
19:02:36.0129 8372 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:02:36.0145 8372 Disk - ok
19:02:36.0285 8372 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:02:36.0301 8372 drmkaud - ok
19:02:36.0488 8372 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:02:36.0519 8372 DXGKrnl - ok
19:02:36.0691 8372 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:02:36.0769 8372 ebdrv - ok
19:02:37.0003 8372 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:02:37.0034 8372 elxstor - ok
19:02:37.0175 8372 eqhfv - ok
19:02:37.0253 8372 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:02:37.0268 8372 ErrDev - ok
19:02:37.0518 8372 ewusbnet (aba5756393410ec871d803d8d1b12fcd) C:\Windows\system32\DRIVERS\ewusbnet.sys
19:02:37.0549 8372 ewusbnet - ok
19:02:37.0643 8372 ew_hwusbdev (e98a64c7f106740a38fb2b78197816f8) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
19:02:37.0658 8372 ew_hwusbdev - ok
19:02:37.0752 8372 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:02:37.0767 8372 exfat - ok
19:02:37.0892 8372 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:02:37.0908 8372 fastfat - ok
19:02:38.0095 8372 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:02:38.0111 8372 fdc - ok
19:02:38.0313 8372 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:02:38.0329 8372 FileInfo - ok
19:02:38.0376 8372 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:02:38.0391 8372 Filetrace - ok
19:02:38.0438 8372 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:02:38.0454 8372 flpydisk - ok
19:02:38.0641 8372 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:02:38.0657 8372 FltMgr - ok
19:02:38.0781 8372 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:02:38.0797 8372 FsDepends - ok
19:02:38.0953 8372 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:02:38.0969 8372 Fs_Rec - ok
19:02:39.0109 8372 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:02:39.0125 8372 fvevol - ok
19:02:39.0234 8372 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:02:39.0249 8372 gagp30kx - ok
19:02:39.0437 8372 hcmon (d2a04f50b18b85fe236143399123ec0d) C:\Windows\system32\drivers\hcmon.sys
19:02:39.0437 8372 hcmon - ok
19:02:39.0515 8372 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:02:39.0530 8372 hcw85cir - ok
19:02:39.0639 8372 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:02:39.0639 8372 HDAudBus - ok
19:02:39.0717 8372 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:02:39.0733 8372 HidBatt - ok
19:02:39.0858 8372 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:02:39.0873 8372 HidBth - ok
19:02:39.0967 8372 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:02:39.0983 8372 HidIr - ok
19:02:40.0139 8372 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
19:02:40.0154 8372 HidUsb - ok
19:02:40.0263 8372 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:02:40.0279 8372 HpSAMD - ok
19:02:40.0513 8372 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:02:40.0529 8372 HTTP - ok
19:02:40.0700 8372 huawei_enumerator (bb3c8e4b88842f3a1b9c5d603210c277) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
19:02:40.0700 8372 huawei_enumerator - ok
19:02:40.0872 8372 hwdatacard (0b3957226ec94b1ecb7b9348bb535a23) C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:02:40.0887 8372 hwdatacard - ok
19:02:40.0950 8372 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:02:40.0965 8372 hwpolicy - ok
19:02:41.0153 8372 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
19:02:41.0168 8372 i8042prt - ok
19:02:41.0262 8372 iaStor (d80aa0907748d7cc8efab3773f32629b) C:\Windows\system32\DRIVERS\iaStor.sys
19:02:41.0277 8372 iaStor - ok
19:02:41.0465 8372 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:02:41.0480 8372 iaStorV - ok
19:02:41.0808 8372 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:02:41.0933 8372 igfx - ok
19:02:42.0089 8372 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:02:42.0104 8372 iirsp - ok
19:02:42.0245 8372 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:02:42.0260 8372 intelide - ok
19:02:42.0401 8372 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:02:42.0416 8372 intelppm - ok
19:02:42.0510 8372 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:02:42.0525 8372 IpFilterDriver - ok
19:02:42.0635 8372 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:02:42.0650 8372 IPMIDRV - ok
19:02:42.0713 8372 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:02:42.0728 8372 IPNAT - ok
19:02:42.0853 8372 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:02:42.0869 8372 IRENUM - ok
19:02:43.0071 8372 is3srv (447e6a7c3e7e1cd550a8af889a8209e9) C:\Windows\system32\drivers\is3srv.sys
19:02:43.0087 8372 is3srv - ok
19:02:43.0149 8372 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:02:43.0165 8372 isapnp - ok
19:02:43.0274 8372 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:02:43.0305 8372 iScsiPrt - ok
19:02:43.0415 8372 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
19:02:43.0430 8372 kbdclass - ok
19:02:43.0539 8372 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
19:02:43.0555 8372 kbdhid - ok
19:02:43.0742 8372 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
19:02:43.0742 8372 KSecDD - ok
19:02:43.0867 8372 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
19:02:43.0883 8372 KSecPkg - ok
19:02:44.0054 8372 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:02:44.0070 8372 lltdio - ok
19:02:44.0179 8372 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:02:44.0210 8372 LSI_FC - ok
19:02:44.0319 8372 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:02:44.0335 8372 LSI_SAS - ok
19:02:44.0397 8372 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:02:44.0413 8372 LSI_SAS2 - ok
19:02:44.0460 8372 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:02:44.0475 8372 LSI_SCSI - ok
19:02:44.0631 8372 LSM303DLH (558c83bcfb81950d91a607997d177288) C:\Windows\system32\DRIVERS\LSM303DLH.sys
19:02:44.0647 8372 LSM303DLH - ok
19:02:44.0834 8372 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:02:44.0850 8372 luafv - ok
19:02:44.0912 8372 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
19:02:44.0928 8372 MBAMProtector - ok
19:02:45.0209 8372 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
19:02:45.0224 8372 mcdbus - ok
19:02:45.0333 8372 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:02:45.0349 8372 megasas - ok
19:02:45.0567 8372 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:02:45.0583 8372 MegaSR - ok
19:02:45.0786 8372 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:02:45.0801 8372 Modem - ok
19:02:45.0957 8372 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:02:45.0973 8372 monitor - ok
19:02:46.0082 8372 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
19:02:46.0098 8372 mouclass - ok
19:02:46.0254 8372 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:02:46.0269 8372 mouhid - ok
19:02:46.0347 8372 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:02:46.0363 8372 mountmgr - ok
19:02:46.0488 8372 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:02:46.0503 8372 mpio - ok
19:02:46.0644 8372 MpKsl01189c55 - ok
19:02:46.0691 8372 MpKsl075ac2a2 - ok
19:02:46.0722 8372 MpKsl1552b508 - ok
19:02:46.0769 8372 MpKsl29a6e976 - ok
19:02:46.0800 8372 MpKsl2f3d1eac - ok
19:02:46.0862 8372 MpKsl391243de - ok
19:02:46.0878 8372 MpKsl3a376c3b - ok
19:02:46.0925 8372 MpKsl43a7e482 - ok
19:02:46.0956 8372 MpKsl489a5610 - ok
19:02:47.0003 8372 MpKsl5d04fe8d - ok
19:02:47.0049 8372 MpKsl613c5c69 - ok
19:02:47.0081 8372 MpKsl6853931e - ok
19:02:47.0112 8372 MpKsl73ca684e - ok
19:02:47.0143 8372 MpKsl7aa09a36 - ok
19:02:47.0205 8372 MpKsl864d6a95 - ok
19:02:47.0237 8372 MpKsl885197d3 - ok
19:02:47.0283 8372 MpKsl918b5994 - ok
19:02:47.0330 8372 MpKsl98f571d2 - ok
19:02:47.0455 8372 MpKsl99f1cdc2 - ok
19:02:47.0486 8372 MpKsl9c50a85e - ok
19:02:47.0564 8372 MpKslb997f421 - ok
19:02:47.0627 8372 MpKslc0374af8 - ok
19:02:47.0658 8372 MpKslcf69ee51 - ok
19:02:47.0689 8372 MpKsld3c47538 - ok
19:02:47.0720 8372 MpKsld70fb57c - ok
19:02:47.0751 8372 MpKsle6417336 - ok
19:02:47.0783 8372 MpKslf680a7f8 - ok
19:02:47.0829 8372 MpKslfdda9708 - ok
19:02:47.0970 8372 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:02:47.0985 8372 mpsdrv - ok
19:02:48.0095 8372 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:02:48.0110 8372 MRxDAV - ok
19:02:48.0266 8372 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:02:48.0282 8372 mrxsmb - ok
19:02:48.0438 8372 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:02:48.0453 8372 mrxsmb10 - ok
19:02:48.0563 8372 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:02:48.0578 8372 mrxsmb20 - ok
19:02:48.0719 8372 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:02:48.0734 8372 msahci - ok
19:02:48.0797 8372 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:02:48.0812 8372 msdsm - ok
19:02:48.0968 8372 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:02:48.0984 8372 Msfs - ok
19:02:49.0062 8372 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:02:49.0062 8372 mshidkmdf - ok
19:02:49.0187 8372 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:02:49.0202 8372 msisadrv - ok
19:02:49.0311 8372 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:02:49.0327 8372 MSKSSRV - ok
19:02:49.0436 8372 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:02:49.0452 8372 MSPCLOCK - ok
19:02:49.0623 8372 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:02:49.0639 8372 MSPQM - ok
19:02:49.0701 8372 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:02:49.0717 8372 MsRPC - ok
19:02:49.0826 8372 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:02:49.0857 8372 mssmbios - ok
19:02:49.0967 8372 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:02:49.0982 8372 MSTEE - ok
19:02:50.0045 8372 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:02:50.0060 8372 MTConfig - ok
19:02:50.0185 8372 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:02:50.0201 8372 Mup - ok
19:02:50.0388 8372 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:02:50.0419 8372 NativeWifiP - ok
19:02:50.0528 8372 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:02:50.0559 8372 NDIS - ok
19:02:50.0684 8372 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:02:50.0700 8372 NdisCap - ok
19:02:50.0778 8372 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:02:50.0793 8372 NdisTapi - ok
19:02:50.0949 8372 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:02:50.0981 8372 Ndisuio - ok
19:02:51.0074 8372 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:02:51.0090 8372 NdisWan - ok
19:02:51.0246 8372 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:02:51.0277 8372 NDProxy - ok
19:02:51.0402 8372 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:02:51.0417 8372 NetBIOS - ok
19:02:51.0573 8372 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:02:51.0589 8372 NetBT - ok
19:02:51.0885 8372 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:02:51.0901 8372 nfrd960 - ok
19:02:52.0026 8372 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
19:02:52.0057 8372 NPF - ok
19:02:52.0213 8372 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:02:52.0244 8372 Npfs - ok
19:02:52.0307 8372 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:02:52.0322 8372 nsiproxy - ok
19:02:52.0541 8372 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:02:52.0572 8372 Ntfs - ok
19:02:52.0634 8372 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:02:52.0650 8372 Null - ok
19:02:52.0775 8372 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:02:52.0806 8372 nvraid - ok
19:02:52.0946 8372 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:02:52.0962 8372 nvstor - ok
19:02:53.0009 8372 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:02:53.0040 8372 nv_agp - ok
19:02:53.0102 8372 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:02:53.0118 8372 ohci1394 - ok
19:02:53.0367 8372 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:02:53.0383 8372 Parport - ok
19:02:53.0445 8372 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
19:02:53.0461 8372 partmgr - ok
19:02:53.0601 8372 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:02:53.0617 8372 Parvdm - ok
19:02:53.0789 8372 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:02:53.0804 8372 pci - ok
19:02:53.0913 8372 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:02:53.0929 8372 pciide - ok
19:02:54.0054 8372 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:02:54.0069 8372 pcmcia - ok
19:02:54.0132 8372 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:02:54.0147 8372 pcw - ok
19:02:54.0288 8372 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:02:54.0303 8372 PEAUTH - ok
19:02:54.0584 8372 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:02:54.0600 8372 PptpMiniport - ok
19:02:54.0725 8372 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:02:54.0740 8372 Processor - ok
19:02:54.0881 8372 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:02:54.0896 8372 Psched - ok
19:02:55.0083 8372 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:02:55.0130 8372 ql2300 - ok
19:02:55.0239 8372 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:02:55.0255 8372 ql40xx - ok
19:02:55.0380 8372 QWARQNet (03a79a2cf1fd2caf00ccafaa55d01da1) C:\Windows\system32\DRIVERS\QWARQNet.sys
19:02:55.0395 8372 QWARQNet - ok
19:02:55.0473 8372 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:02:55.0505 8372 QWAVEdrv - ok
19:02:55.0614 8372 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:02:55.0629 8372 RasAcd - ok
19:02:55.0692 8372 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:02:55.0707 8372 RasAgileVpn - ok
19:02:55.0848 8372 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:02:55.0863 8372 Rasl2tp - ok
19:02:55.0910 8372 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:02:55.0941 8372 RasPppoe - ok
19:02:56.0004 8372 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:02:56.0019 8372 RasSstp - ok
19:02:56.0222 8372 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:02:56.0238 8372 rdbss - ok
19:02:56.0300 8372 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:02:56.0331 8372 rdpbus - ok
19:02:56.0456 8372 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:02:56.0472 8372 RDPCDD - ok
19:02:56.0550 8372 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:02:56.0565 8372 RDPENCDD - ok
19:02:56.0690 8372 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:02:56.0706 8372 RDPREFMP - ok
19:02:56.0784 8372 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
19:02:56.0799 8372 RDPWD - ok
19:02:56.0955 8372 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:02:56.0971 8372 rdyboost - ok
19:02:57.0127 8372 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
19:02:57.0143 8372 RFCOMM - ok
19:02:57.0377 8372 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:02:57.0392 8372 rspndr - ok
19:02:57.0455 8372 RSUSBSTOR (a633399432491bb173bb3cf3b41b9c55) C:\Windows\System32\Drivers\RtsUStor.sys
19:02:57.0486 8372 RSUSBSTOR - ok
19:02:57.0564 8372 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:02:57.0579 8372 sbp2port - ok
19:02:57.0735 8372 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:02:57.0751 8372 scfilter - ok
19:02:57.0969 8372 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:02:57.0985 8372 secdrv - ok
19:02:58.0141 8372 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:02:58.0157 8372 Serenum - ok
19:02:58.0281 8372 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:02:58.0313 8372 Serial - ok
19:02:58.0359 8372 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:02:58.0391 8372 sermouse - ok
19:02:58.0562 8372 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:02:58.0578 8372 sffdisk - ok
19:02:58.0640 8372 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:02:58.0656 8372 sffp_mmc - ok
19:02:58.0796 8372 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:02:58.0812 8372 sffp_sd - ok
19:02:58.0874 8372 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:02:58.0890 8372 sfloppy - ok
19:02:59.0108 8372 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:02:59.0124 8372 sisagp - ok
19:02:59.0186 8372 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:02:59.0217 8372 SiSRaid2 - ok
19:02:59.0358 8372 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:02:59.0389 8372 SiSRaid4 - ok
19:02:59.0436 8372 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:02:59.0451 8372 Smb - ok
19:02:59.0654 8372 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:02:59.0670 8372 spldr - ok
19:02:59.0888 8372 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:02:59.0919 8372 srv - ok
19:03:00.0091 8372 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:03:00.0122 8372 srv2 - ok
19:03:00.0169 8372 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:03:00.0185 8372 srvnet - ok
19:03:00.0278 8372 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:03:00.0309 8372 stexstor - ok
19:03:00.0512 8372 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:03:00.0528 8372 swenum - ok
19:03:00.0699 8372 SynTP (957539e35bcd76d4ef08df5136c6d382) C:\Windows\system32\DRIVERS\SynTP.sys
19:03:00.0746 8372 SynTP - ok
19:03:00.0996 8372 szkg5 (447e6a7c3e7e1cd550a8af889a8209e9) C:\Windows\system32\DRIVERS\szkg.sys
19:03:01.0027 8372 szkg5 - ok
19:03:01.0214 8372 szkgfs (2b8581dc75d6d043e273eb0244632bcb) C:\Windows\system32\drivers\szkgfs.sys
19:03:01.0245 8372 szkgfs - ok
19:03:01.0511 8372 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
19:03:01.0542 8372 Tcpip - ok
19:03:01.0729 8372 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
19:03:01.0776 8372 TCPIP6 - ok
19:03:01.0963 8372 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:03:01.0994 8372 tcpipreg - ok
19:03:02.0119 8372 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:03:02.0135 8372 TDPIPE - ok
19:03:02.0259 8372 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
19:03:02.0291 8372 TDTCP - ok
19:03:02.0447 8372 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:03:02.0478 8372 tdx - ok
19:03:02.0540 8372 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:03:02.0571 8372 TermDD - ok
19:03:02.0883 8372 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:03:02.0915 8372 tssecsrv - ok
19:03:03.0102 8372 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:03:03.0117 8372 TsUsbFlt - ok
19:03:03.0211 8372 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:03:03.0227 8372 tunnel - ok
19:03:03.0367 8372 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:03:03.0398 8372 uagp35 - ok
19:03:03.0476 8372 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:03:03.0507 8372 udfs - ok
19:03:03.0663 8372 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:03:03.0679 8372 uliagpkx - ok
19:03:03.0741 8372 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
19:03:03.0757 8372 umbus - ok
19:03:03.0897 8372 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:03:03.0929 8372 UmPass - ok
19:03:04.0022 8372 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
19:03:04.0038 8372 usbccgp - ok
19:03:04.0147 8372 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:03:04.0163 8372 usbcir - ok
19:03:04.0272 8372 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
19:03:04.0303 8372 usbehci - ok
19:03:04.0459 8372 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:03:04.0475 8372 usbhub - ok
19:03:04.0553 8372 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
19:03:04.0568 8372 usbohci - ok
19:03:04.0771 8372 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:03:04.0787 8372 usbprint - ok
19:03:04.0865 8372 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:03:04.0880 8372 USBSTOR - ok
19:03:05.0036 8372 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
19:03:05.0067 8372 usbuhci - ok
19:03:05.0130 8372 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
19:03:05.0145 8372 usbvideo - ok
19:03:05.0317 8372 VBoxDrv (8f417b4b9985f0095ccaf37c58859c4e) C:\Windows\system32\DRIVERS\VBoxDrv.sys
19:03:05.0348 8372 VBoxDrv - ok
19:03:05.0520 8372 VBoxNetAdp (ef3f7e498ad2e617fdcbee939a258015) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
19:03:05.0551 8372 VBoxNetAdp - ok
19:03:05.0692 8372 VBoxNetFlt (0e6574175245acfe0410947e415f408f) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
19:03:05.0723 8372 VBoxNetFlt - ok
19:03:05.0785 8372 VBoxUSBMon (8adaa94b516c7cb6962846e527fbcbfa) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
19:03:05.0801 8372 VBoxUSBMon - ok
19:03:05.0972 8372 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:03:05.0988 8372 vdrvroot - ok
19:03:06.0082 8372 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:03:06.0097 8372 vga - ok
19:03:06.0269 8372 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:03:06.0284 8372 VgaSave - ok
19:03:06.0362 8372 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:03:06.0394 8372 vhdmp - ok
19:03:06.0518 8372 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:03:06.0534 8372 viaagp - ok
19:03:06.0596 8372 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:03:06.0628 8372 ViaC7 - ok
19:03:06.0752 8372 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:03:06.0768 8372 viaide - ok
19:03:06.0893 8372 vmci (15759158f7531853616b2b43af962fcb) C:\Windows\system32\DRIVERS\vmci.sys
19:03:06.0908 8372 vmci - ok
19:03:07.0096 8372 vmkbd (a9e4854540b6ac08b223acc421f8723c) C:\Windows\system32\drivers\VMkbd.sys
19:03:07.0127 8372 vmkbd - ok
19:03:07.0174 8372 VMnetAdapter (1afa4af55cbea579a4bbe4f90967f720) C:\Windows\system32\DRIVERS\vmnetadapter.sys
19:03:07.0189 8372 VMnetAdapter - ok
19:03:07.0439 8372 VMnetBridge (392964a7bf46986fbd44b24a3bec2088) C:\Windows\system32\DRIVERS\vmnetbridge.sys
19:03:07.0454 8372 VMnetBridge - ok
19:03:07.0579 8372 VMnetuserif (45f7c87ec9a7965f8fe133eaa0bc162a) C:\Windows\system32\drivers\vmnetuserif.sys
19:03:07.0595 8372 VMnetuserif - ok
19:03:07.0720 8372 vmusb (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\Windows\system32\Drivers\vmusb.sys
19:03:07.0751 8372 vmusb - ok
19:03:07.0985 8372 vmx86 (5db0e62ba22d7b1dda7f97873c3b9a46) C:\Windows\system32\Drivers\vmx86.sys
19:03:08.0016 8372 vmx86 - ok
19:03:08.0125 8372 vnccom (b67632451f760797bb183e1fb99f4b39) C:\Windows\system32\Drivers\vnccom.SYS
19:03:08.0141 8372 vnccom - ok
19:03:08.0312 8372 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\Windows\system32\DRIVERS\vncdrv.sys
19:03:08.0344 8372 vncdrv - ok
19:03:08.0515 8372 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:03:08.0546 8372 volmgr - ok
19:03:08.0718 8372 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:03:08.0749 8372 volmgrx - ok
19:03:08.0796 8372 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:03:08.0827 8372 volsnap - ok
19:03:08.0968 8372 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:03:08.0999 8372 vsmraid - ok
19:03:09.0233 8372 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
19:03:09.0248 8372 vwifibus - ok
19:03:09.0326 8372 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
19:03:09.0358 8372 vwififlt - ok
19:03:09.0498 8372 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
19:03:09.0514 8372 vwifimp - ok
19:03:09.0701 8372 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:03:09.0716 8372 WacomPen - ok
19:03:09.0888 8372 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:03:09.0904 8372 WANARP - ok
19:03:09.0950 8372 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:03:09.0966 8372 Wanarpv6 - ok
19:03:10.0200 8372 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:03:10.0231 8372 Wd - ok
19:03:10.0418 8372 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
19:03:10.0450 8372 WDC_SAM - ok
19:03:10.0621 8372 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:03:10.0668 8372 Wdf01000 - ok
19:03:10.0871 8372 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:03:10.0886 8372 WfpLwf - ok
19:03:11.0058 8372 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
19:03:11.0089 8372 WimFltr - ok
19:03:11.0152 8372 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:03:11.0167 8372 WIMMount - ok
19:03:11.0448 8372 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
19:03:11.0464 8372 WinUsb - ok
19:03:11.0698 8372 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:03:11.0729 8372 WmiAcpi - ok
19:03:11.0900 8372 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:03:11.0916 8372 ws2ifsl - ok
19:03:12.0119 8372 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:03:12.0150 8372 WudfPf - ok
19:03:12.0259 8372 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:03:12.0290 8372 WUDFRd - ok
19:03:12.0602 8372 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:03:12.0634 8372 \Device\Harddisk0\DR0 - ok
19:03:12.0649 8372 Boot (0x1200) (08faf5b954646e2f50fa072570c39cfe) \Device\Harddisk0\DR0\Partition0
19:03:12.0649 8372 \Device\Harddisk0\DR0\Partition0 - ok
19:03:12.0696 8372 Boot (0x1200) (bff6bd4c01957d3301e62696fb4972c8) \Device\Harddisk0\DR0\Partition1
19:03:12.0696 8372 \Device\Harddisk0\DR0\Partition1 - ok
19:03:12.0712 8372 ============================================================
19:03:12.0712 8372 Scan finished
19:03:12.0712 8372 ============================================================
19:03:12.0790 14072 Detected object count: 1
19:03:12.0790 14072 Actual detected object count: 1
19:03:23.0257 14072 AFD ( Rootkit.Win32.ZAccess.g ) - skipped by user
19:03:23.0257 14072 AFD ( Rootkit.Win32.ZAccess.g ) - User select action: Skip
bigfoot57 is offline  
Old 11-17-2011, 03:27 PM   #20
Security Team
Analyst
 
Join Date: Sep 2010
Location: Maryland
Posts: 565
OS: Windows 7 64-bit



We are going to utilize the Repair your computer option.
You may wish to print these instructions so you will have them available. They will not be available to you as you complete the steps below.

To make things easier for you when we get to the Recovery Environment, open Notepad and copy/paste the following text inside the code box, into Notepad.
Code:
copy C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys c:\
Save this as replace.bat Choose to "Save type as - All Files"

It should look like this:

Right click on replace.bat & run as administrator.



Reboot your computer and tap F8 on startup. Select Repair your computer from the list of startup options.
In the subsequent System Recovery Options menu, select Command Prompt

at the X:\sources> prompt type the following:

cd /d c:\ (Note: there is a space after cd and after /d)

Press Enter

copy afd.sys c:\windows\system32\drivers\afd.sys (Note: make sure there is a space between afd.sys and c:\windows)

Press Enter, then type in the letter Y when prompted to overwrite the file.



Your computer should exit the recovery console and reboot.

Immediately upon reboot,
Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal.

Double click ComboFix.exe to run it. It will prompt you that an update is available - please allow it to update.

Follow all prompts. Post the C:\ComboFix.txt when it has completed.



Please read carefully and follow these steps. There is a difference between what you see in one of the images below and what I need you to do.
We are only creating a log - I do NOT want you to "cure" or try to fix anything in this step. It is very important that you don't choose Cure when presented with that option.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.




  • If an infected file is detected, the default action will be Cure but I want you to choose SKIP instead , click on Continue.




  • If a suspicious file is detected, the default action will be Skip, click on Continue.




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Please confirm that you have internet access back again at this point and let me know how the machine is behaving.
patndoris is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Redirect virus as well
First of all just let me say I do apologize for posting this again (it's probably the third time I have) I know that you don't like or want, as you say, to repeatedly remove (help us remove, in this case) malware. I've been following the things you suggest in first steps, don't use P2P services,...
PC person Resolved HJT Threads 53 07-31-2011 08:17 PM
Alureon infection/erased settings
I recently turned on my computer and found that when starting up into windows there was a black screen replacing my background and all my preferences had been removed or hidden. The start menu was empty and the task bar was even empty. I restarted the computer into safe mode and had a similar...
grunt422 Inactive Malware Help Topics 16 06-26-2011 12:47 PM
browser links redirecting me to other websites
I think I have some type of virus. I run on windows 7. Every time I am on my browser both Internet explorer and Mozilla I click on a results link and I am redirected to a completely different site. I have already ran Malwarebytes and nothing was found . What can I do to fix this?
zay812 Resolved HJT Threads 10 06-12-2011 06:00 PM
Removed Virus but still having problems
Hello, I'm working on a computer that has a problem. It firsted started off with AntiVirus AntiSpyware 2011 issues. Changed all the files to hidden, and Read-only. Disabled the Task manger. Once it got the Internet it would re-install. Went through the register and deleted all keys that...
sblair_5 Resolved HJT Threads 45 05-27-2011 08:05 PM
Google Redirecting Virus (reposting after 2 weeks)
So when i ever i click on a link from a google search i am redirected to a new website. I haven't recently downloaded anything that i think maybe the cause. My computer is just an old hp running xp with 768mb ram. The problem happens in all browsers but the ones i use most are Firefox and...
blackbrawler Inactive Malware Help Topics 23 03-20-2011 07:12 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:48 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts