Google/Bing Search Hijack

Posted 11/17/2010 4:08 PM
#90028
User avatar

albert_bodden Member

Date Joined Nov 2016
Total Posts: 5
Hello and thank you for advance for the help. Two days ago I had a virus mimicking a Windows 7 antivirus program. This program would provide increasing difficulty with remaining logged in to Windows, and I was eventually forced to do a System Restore. The problem seems to be fixed, except that I now notice I have a problem using search engines. After the search I am able to click on one result to get to the correct website, but any other results I use off the same search are redirected to random "search result" sites. I am forced to right click on the result I want on Google or Bing and open a new tab in order to view legitimate search results. This problem occurs with both Google and Bing using both Internet Explorer and Chrome. Below I have posted the following logfiles in order (Hijackthis log, Malwarebyte log, DDs log files). Once again, thank you for your help: <br/> <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 10:51:02 AM, on 11/17/2010 <br/>Platform: Unknown Windows (WinNT 6.01.3504) <br/>MSIE: Internet Explorer v8.00 (8.00.7600.16671) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\Windows\system32\Dwm.exe <br/>C:\Program Files\Prevx\prevx.exe <br/>C:\Windows\system32\taskhost.exe <br/>C:\Windows\Explorer.EXE <br/>C:\Windows\system32\taskeng.exe <br/>C:\Windows\SYSTEM32\WISPTIS.EXE <br/>C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe <br/>C:\Windows\System32\ThpSrv.exe <br/>C:\Program Files\Apoint2K\Apoint.exe <br/>C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe <br/>C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe <br/>C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe <br/>C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe <br/>C:\Program Files\TOSHIBA\TOSHIBA Accelerometer Utilities\TAcelMgr\TAcelMgr.exe <br/>C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe <br/>C:\Program Files\TOSHIBA\TOSHIBA Accelerometer Utilities\Shaker\TSkrMain.exe <br/>C:\Windows\RtHDVCpl.exe <br/>C:\Windows\System32\igfxtray.exe <br/>C:\Windows\System32\hkcmd.exe <br/>C:\Windows\System32\igfxpers.exe <br/>C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe <br/>C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe <br/>C:\Users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe <br/>C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE <br/>C:\Windows\system32\igfxsrvc.exe <br/>C:\Program Files\Protector Suite QL\psqltray.exe <br/>C:\Windows\system32\igfxext.exe <br/>C:\Program Files\Apoint2K\ApMsgFwd.exe <br/>C:\Program Files\Apoint2K\HidFind.exe <br/>C:\Program Files\Apoint2K\Apntex.exe <br/>C:\Windows\system32\conhost.exe <br/>C:\Program Files\Vidalia Bundle\Tor\tor.exe <br/>C:\Windows\system32\conhost.exe <br/>C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe <br/>C:\Windows\system32\taskhost.exe <br/>C:\Program Files\Java\jre6\bin\javaws.exe <br/>C:\Program Files\Java\jre6\bin\javaw.exe <br/>C:\Windows\system32\SearchFilterHost.exe <br/>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon <br/>O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe <br/>O4 - HKLM\..\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe <br/>O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE <br/>O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe <br/>O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe <br/>O4 - HKLM\..\Run: [TRot.exe] %ProgramFiles%\Toshiba\TOSHIBA Rotation Utility\TRot.exe <br/>O4 - HKLM\..\Run: [TAcelMgr] %ProgramFiles%\Toshiba\TOSHIBA Accelerometer Utilities\TAcelMgr\TAcelMgr.exe <br/>O4 - HKLM\..\Run: [TSkrMain] %ProgramFiles%\Toshiba\TOSHIBA Accelerometer Utilities\Shaker\TSkrMain.exe <br/>O4 - HKLM\..\Run: [Button Disable] %ProgramFiles%\Toshiba\TOSHIBA Button Disable\TBD.exe <br/>O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe <br/>O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe <br/>O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe <br/>O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe <br/>O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" <br/>O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup <br/>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" <br/>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" <br/>O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" <br/>O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART <br/>O4 - HKCU\..\Run: [Google Update] "C:\Users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe" /c <br/>O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE <br/>O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 <br/>O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll <br/>O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL <br/>O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O13 - Gopher Prefix: <br/>O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB <br/>O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll <br/>O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe <br/>O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe <br/>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe <br/>O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe <br/>O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe <br/> <br/>-- <br/>End of file - 7576 bytes <br/> <br/> <br/> <br/>Malwarebytes' Anti-Malware 1.46 <br/>www.malwarebytes.org <br/> <br/>Database version: 5127 <br/> <br/>Windows 6.1.7600 <br/>Internet Explorer 8.0.7600.16385 <br/> <br/>11/17/2010 10:27:40 AM <br/>mbam-log-2010-11-17 (10-27-40).txt <br/> <br/>Scan type: Full scan (C:\|) <br/>Objects scanned: 236123 <br/>Time elapsed: 51 minute(s), 32 second(s) <br/> <br/>Memory Processes Infected: 0 <br/>Memory Modules Infected: 0 <br/>Registry Keys Infected: 0 <br/>Registry Values Infected: 0 <br/>Registry Data Items Infected: 0 <br/>Folders Infected: 0 <br/>Files Infected: 0 <br/> <br/>Memory Processes Infected: <br/>(No malicious items detected) <br/> <br/>Memory Modules Infected: <br/>(No malicious items detected) <br/> <br/>Registry Keys Infected: <br/>(No malicious items detected) <br/> <br/>Registry Values Infected: <br/>(No malicious items detected) <br/> <br/>Registry Data Items Infected: <br/>(No malicious items detected) <br/> <br/>Folders Infected: <br/>(No malicious items detected) <br/> <br/>Files Infected: <br/>(No malicious items detected) <br/> <br/> <br/> <br/> <br/>DDS (Ver_10-11-10.01) - NTFSx86 <br/>Run by Albert at 10:36:23.93 on Wed 11/17/2010 <br/>Internet Explorer: 8.0.7600.16385 <br/>Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1015.271 [GMT -5:00] <br/> <br/> <br/>============== Running Processes =============== <br/> <br/>C:\Windows\system32\wininit.exe <br/>C:\Windows\system32\lsm.exe <br/>C:\Windows\system32\svchost.exe -k DcomLaunch <br/>C:\Windows\system32\svchost.exe -k RPCSS <br/>C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted <br/>C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted <br/>C:\Windows\system32\svchost.exe -k netsvcs <br/>C:\Windows\system32\svchost.exe -k LocalService <br/>C:\Windows\SYSTEM32\WISPTIS.EXE <br/>C:\Windows\system32\svchost.exe -k NetworkService <br/>C:\Program Files\Protector Suite QL\upeksvr.exe <br/>C:\Windows\System32\spoolsv.exe <br/>C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork <br/>C:\Program Files\LSI SoftModem\agrsmsvc.exe <br/>C:\Program Files\Prevx\prevx.exe <br/>C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation <br/>C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe <br/>C:\Windows\system32\svchost.exe -k imgsvc <br/>C:\Windows\system32\ThpSrv.exe <br/>C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe <br/>C:\Windows\System32\svchost.exe -k secsvcs <br/>C:\Windows\system32\WUDFHost.exe <br/>C:\Program Files\Nero\Update\NASvc.exe <br/>C:\Program Files\Windows Media Player\wmpnetwk.exe <br/>C:\Windows\system32\SearchIndexer.exe <br/>C:\Windows\system32\Dwm.exe <br/>C:\Program Files\Prevx\prevx.exe <br/>C:\Windows\system32\taskhost.exe <br/>C:\Windows\Explorer.EXE <br/>C:\Windows\system32\taskeng.exe <br/>C:\Windows\SYSTEM32\WISPTIS.EXE <br/>C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe <br/>C:\Windows\System32\ThpSrv.exe <br/>C:\Program Files\Apoint2K\Apoint.exe <br/>C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe <br/>C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe <br/>C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe <br/>C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe <br/>C:\Program Files\TOSHIBA\TOSHIBA Accelerometer Utilities\TAcelMgr\TAcelMgr.exe <br/>C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe <br/>C:\Program Files\TOSHIBA\TOSHIBA Accelerometer Utilities\Shaker\TSkrMain.exe <br/>C:\Windows\RtHDVCpl.exe <br/>C:\Windows\System32\igfxtray.exe <br/>C:\Windows\System32\igfxpers.exe <br/>C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe <br/>C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe <br/>C:\Users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe <br/>C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE <br/>C:\Windows\system32\igfxsrvc.exe <br/>C:\Program Files\Protector Suite QL\psqltray.exe <br/>C:\Windows\system32\igfxext.exe <br/>C:\Windows\System32\svchost.exe -k LocalServicePeerNet <br/>C:\Program Files\Apoint2K\ApMsgFwd.exe <br/>C:\Program Files\Apoint2K\HidFind.exe <br/>C:\Program Files\Apoint2K\Apntex.exe <br/>C:\Windows\system32\conhost.exe <br/>C:\Program Files\Vidalia Bundle\Tor\tor.exe <br/>C:\Windows\system32\conhost.exe <br/>C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe <br/>C:\Windows\system32\wbem\wmiprvse.exe <br/>C:\Windows\system32\SearchProtocolHost.exe <br/>C:\Windows\system32\SearchFilterHost.exe <br/>C:\Users\Albert\Desktop\dds.scr <br/>C:\Windows\system32\conhost.exe <br/>C:\Windows\system32\wbem\wmiprvse.exe <br/> <br/>============== Pseudo HJT Report =============== <br/> <br/>BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll <br/>BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll <br/>BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll <br/>BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll <br/>TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File <br/>uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe" <br/>uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\devices.exe" -RESTART <br/>uRun: [Google Update] "c:\users\albert\appdata\local\google\update\GoogleUpdate.exe" /c <br/>mRun: [ThpSrv] c:\windows\system32\thpsrv /logon <br/>mRun: [Apoint] c:\program files\apoint2k\Apoint.exe <br/>mRun: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe <br/>mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE <br/>mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe <br/>mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe <br/>mRun: [TRot.exe] %ProgramFiles%\Toshiba\TOSHIBA Rotation Utility\TRot.exe <br/>mRun: [TAcelMgr] %ProgramFiles%\Toshiba\TOSHIBA Accelerometer Utilities\TAcelMgr\TAcelMgr.exe <br/>mRun: [TSkrMain] %ProgramFiles%\Toshiba\TOSHIBA Accelerometer Utilities\Shaker\TSkrMain.exe <br/>mRun: [Button Disable] %ProgramFiles%\Toshiba\TOSHIBA Button Disable\TBD.exe <br/>mRun: [RtHDVCpl] RtHDVCpl.exe <br/>mRun: [IgfxTray] c:\windows\system32\igfxtray.exe <br/>mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe <br/>mRun: [Persistence] c:\windows\system32\igfxpers.exe <br/>mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" <br/>mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup <br/>mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" <br/>mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" <br/>mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime <br/>StartupFolder: c:\users\albert\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE <br/>mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) <br/>mPolicies-system: EnableUIADesktopToggle = 0 (0x0) <br/>mPolicies-system: DisableCAD = 1 (0x1) <br/>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 <br/>IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 <br/>IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll <br/>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL <br/>IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll <br/>DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB <br/>Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll <br/>Notify: igfxcui - igfxdev.dll <br/>Notify: psfus - c:\windows\system32\psqlpwd.dll <br/>SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll <br/>LSA: Notification Packages = scecli psqlpwd <br/>Hosts: 127.0.0.1 www.spywareinfo.com <br/> <br/>============= SERVICES / DRIVERS =============== <br/> <br/>R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-11-16 22024] <br/>R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2010-11-16 27656] <br/>R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-29 30272] <br/>R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-29 13120] <br/>R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-14 214664] <br/>R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-11-16 4368952] <br/>R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080] <br/>R3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-8-29 6637056] <br/>R3 PGR1394b;HS 3d Sensor IEEE 1394 Bus host controllers;c:\windows\system32\drivers\HS3dSensor1394.sys [2010-9-20 72704] <br/>R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [2009-7-20 17216] <br/>R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2010-9-20 821760] <br/>S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] <br/>S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] <br/>S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-6-14 79816] <br/>S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-6-14 35272] <br/>S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-6-14 34248] <br/>S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-6-14 40552] <br/>S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-9-20 6638080] <br/>S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-12 1343400] <br/> <br/>=============== Created Last 30 ================ <br/> <br/>2010-11-17 13:56:36 -------- d-----w- c:\program files\CCleaner <br/>2010-11-17 13:28:17 -------- d-----w- c:\program files\common files\Config <br/>2010-11-17 13:21:28 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll <br/>2010-11-17 13:21:28 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll <br/>2010-11-17 13:21:28 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll <br/>2010-11-17 13:21:27 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll <br/>2010-11-17 13:21:27 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe <br/>2010-11-17 13:21:27 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll <br/>2010-11-17 13:21:26 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll <br/>2010-11-17 13:21:09 4199784 ----a-w- c:\windows\system32\cdintf400.dll <br/>2010-11-17 04:49:59 -------- d-----w- C:\!KillBox <br/>2010-11-17 03:17:16 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys <br/>2010-11-17 03:17:16 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys <br/>2010-11-17 03:17:15 -------- d-----w- c:\program files\Prevx <br/>2010-11-17 03:17:03 -------- d-----w- c:\progra~2\PrevxCSI <br/>2010-11-17 01:09:04 -------- d-----w- c:\program files\Spybot - Search & Destroy <br/>2010-11-17 01:09:04 -------- d-----w- c:\progra~2\Spybot - Search & Destroy <br/>2010-11-16 23:57:07 98816 ----a-w- c:\windows\sed.exe <br/>2010-11-16 23:57:07 89088 ----a-w- c:\windows\MBR.exe <br/>2010-11-16 23:57:07 256512 ----a-w- c:\windows\PEV.exe <br/>2010-11-16 23:57:07 161792 ----a-w- c:\windows\SWREG.exe <br/>2010-11-16 06:19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2010-11-16 06:18:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2010-11-16 06:18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2010-11-16 03:29:51 -------- d-----w- c:\windows\system32\%localappdata% <br/>2010-11-14 06:57:49 -------- d-----w- c:\program files\common files\AnswerWorks 5.0 <br/>2010-11-14 06:54:22 -------- d-----w- c:\program files\common files\Intuit <br/>2010-11-14 06:54:04 -------- d-----w- c:\users\albert\appdata\roaming\Intuit <br/>2010-11-14 06:54:04 -------- d-----w- c:\program files\Quicken <br/>2010-11-14 06:52:12 -------- d-----w- c:\progra~2\Intuit <br/>2010-11-11 20:19:37 169320 ----a-w- c:\progra~2\microsoft\windows\sqm\manifest\Sqm10135.bin <br/>2010-11-10 19:41:44 -------- d-----w- c:\users\albert\appdata\roaming\Acapela Group <br/>2010-11-10 19:27:14 -------- d-----w- c:\users\albert\appdata\local\Xtranormal <br/>2010-11-10 19:11:51 -------- d-----w- c:\program files\Xtranormal <br/>2010-11-10 19:10:59 -------- d-----w- c:\users\albert\appdata\roaming\Xtranormal <br/>2010-11-08 06:38:42 -------- d-----w- c:\program files\Flash Favorite <br/>2010-11-04 18:58:03 -------- d-----w- c:\program files\MSXML 4.0 <br/>2010-11-04 17:06:48 -------- d-----w- c:\progra~2\Nero <br/>2010-11-04 17:05:13 -------- d-----w- c:\program files\Nero <br/>2010-11-04 16:15:46 -------- d-----w- c:\users\albert\appdata\local\Thunderbird <br/>2010-11-04 13:33:17 -------- d-----w- c:\program files\DVD Shrink <br/>2010-10-27 16:29:43 641536 ----a-w- c:\windows\system32\CPFilters.dll <br/>2010-10-27 16:29:43 417792 ----a-w- c:\windows\system32\msdri.dll <br/>2010-10-27 16:29:42 204288 ----a-w- c:\windows\system32\MSNP.ax <br/>2010-10-27 16:29:42 199680 ----a-w- c:\windows\system32\mpg2splt.ax <br/>2010-10-27 16:29:00 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys <br/> <br/>==================== Find3M ==================== <br/> <br/>2010-09-21 17:18:44 423656 ----a-w- c:\windows\system32\deployJava1.dll <br/>2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx <br/>2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts <br/>2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll <br/>2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll <br/>2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec <br/>2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb <br/>2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL <br/>2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys <br/>2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll <br/>2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll <br/>2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll <br/>2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll <br/>2010-08-21 05:36:33 738816 ----a-w- c:\windows\system32\wmpmde.dll <br/>2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll <br/>2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll <br/>2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe <br/> <br/>=================== ROOTKIT ==================== <br/> <br/>Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net <br/>Windows 6.1.7600 Disk: HTS541010G9SA00 rev.MBZOC60R -> Harddisk0\DR0 -> \Device\00000072 <br/> <br/>device: opened successfully <br/>user: MBR read successfully <br/> <br/>Disk trace: <br/>called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll ACPI.sys >>UNKNOWN [0x85800446]<< <br/>c:\windows\system32\drivers\thpdrv.sys TOSHIBA Corporation TOSHIBA HDD Protection <br/>_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85806504]; MOV EAX, [0x85806580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } <br/>1 nt!IofCallDriver[0x82C41EE0] -> \Device\Harddisk0\DR0[0x857DF518] <br/>3 CLASSPNP[0x8800459E] -> nt!IofCallDriver[0x82C41EE0] -> \Device\THPDRV1[0x857DE030] <br/>5 thpdrv[0x87F89BD9] -> nt!IofCallDriver[0x82C41EE0] -> [0x85391878] <br/>7 ACPI[0x8360A3B2] -> nt!IofCallDriver[0x82C41EE0] -> \IdeDeviceP0T0L0-0[0x85365030] <br/>\Driver\atapi[0x857E5308] -> IRP_MJ_CREATE -> 0x85800446 <br/>error: Read The device is not ready. <br/>kernel: MBR read successfully <br/>_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; } <br/>detected disk devices: <br/>\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHTS541010G9SA00_________________________MBZOC60R#5&21929e47&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found <br/>detected hooks: <br/>user & kernel MBR OK <br/>Warning: possible TDL3 rootkit infection ! <br/> <br/>============= FINISH: 10:37:48.85 =============== <br/> <br/> <br/> <br/> <br/>UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. <br/>IF REQUESTED, ZIP IT UP & ATTACH IT <br/> <br/>DDS (Ver_10-11-10.01) <br/> <br/>Microsoft Windows 7 Ultimate <br/>Boot Device: \Device\HarddiskVolume1 <br/>Install Date: 6/11/2010 11:32:39 PM <br/>System Uptime: 11/17/2010 9:28:15 AM (1 hours ago) <br/> <br/>Motherboard: TOSHIBA | | Portable PC <br/>Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | uFC-PGA Socket | 1600/133mhz <br/> <br/>==== Disk Partitions ========================= <br/> <br/>C: is FIXED (NTFS) - 93 GiB total, 21.263 GiB free. <br/>D: is CDROM () <br/>E: is Removable <br/>F: is Removable <br/> <br/>==== Disabled Device Manager Items ============= <br/> <br/>==== System Restore Points =================== <br/> <br/>RP65: 11/17/2010 8:23:44 AM - Removed Xtranormal State <br/>RP66: 11/17/2010 8:28:11 AM - Removed Xtranormal State - Showpak-Playgoz-Preview <br/>RP67: 11/17/2010 8:30:59 AM - Removed Xtranormal State - SoundPack-Starter Kit <br/>RP68: 11/17/2010 8:34:11 AM - Removed Xtranormal State - Voicepack-English-UK-Daniel <br/>RP69: 11/17/2010 8:44:00 AM - Removed Xtranormal State - Voicepack-English-UK-Serena <br/>RP70: 11/17/2010 8:50:27 AM - Removed Xtranormal State - Voicepack-English-US-Samantha <br/>RP71: 11/17/2010 8:50:59 AM - Removed Xtranormal State - Voicepack-English-US-Tom <br/>RP72: 11/17/2010 9:19:40 AM - Removed Java(TM) 6 Update 21 <br/> <br/>==== Installed Programs ====================== <br/> <br/>AC3Filter 1.63b <br/>Adobe Flash Player 10 Plugin <br/>Adobe Reader 9.4.0 <br/>ALPS Touch Pad Driver <br/>AnswerWorks 5.0 English Runtime <br/>Apple Application Support <br/>Apple Software Update <br/>Avi2Dvd 0.6.1 <br/>AviSynth 2.5 <br/>calibre <br/>CCleaner <br/>Comical 0.8 <br/>CoreAAC Audio Decoder (remove only) <br/>DriverMax 5 <br/>DVD Shrink 3.2 <br/>ffdshow [rev 3299] [2010-03-03] <br/>FLV Player 2.0 (build 25) <br/>Glary Utilities 2.28.0.1011 <br/>Google Chrome <br/>Haali Media Splitter <br/>ImgBurn <br/>Intel(R) Graphics Media Accelerator Driver <br/>Intel(R) Network Connections Drivers <br/>Malwarebytes' Anti-Malware <br/>Microsoft .NET Framework 4 Client Profile <br/>Microsoft Office 2007 Service Pack 2 (SP2) <br/>Microsoft Office Access MUI (English) 2007 <br/>Microsoft Office Access Setup Metadata MUI (English) 2007 <br/>Microsoft Office Enterprise 2007 <br/>Microsoft Office Excel MUI (English) 2007 <br/>Microsoft Office Groove MUI (English) 2007 <br/>Microsoft Office Groove Setup Metadata MUI (English) 2007 <br/>Microsoft Office InfoPath MUI (English) 2007 <br/>Microsoft Office OneNote MUI (English) 2007 <br/>Microsoft Office Outlook MUI (English) 2007 <br/>Microsoft Office PowerPoint MUI (English) 2007 <br/>Microsoft Office Proof (English) 2007 <br/>Microsoft Office Proof (French) 2007 <br/>Microsoft Office Proof (Spanish) 2007 <br/>Microsoft Office Proofing (English) 2007 <br/>Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) <br/>Microsoft Office Publisher MUI (English) 2007 <br/>Microsoft Office Shared MUI (English) 2007 <br/>Microsoft Office Shared Setup Metadata MUI (English) 2007 <br/>Microsoft Office Word MUI (English) 2007 <br/>Microsoft Silverlight <br/>Microsoft Visual C++ 2005 Redistributable <br/>Mozilla Thunderbird (3.1.6) <br/>MSXML 4.0 SP2 (KB954430) <br/>MSXML 4.0 SP2 (KB973688) <br/>Nero BurnLite 10 <br/>Nero Control Center 10 <br/>Nero ControlCenter 10 Help (CHM) <br/>Nero Core Components 10 <br/>Nero Update <br/>OGA Notifier 2.0.0048.0 <br/>Picasa 3 <br/>Prevx 3.0 <br/>Protector Suite QL 5.8 <br/>Quicken 2010 <br/>QuickTime <br/>Realtek High Definition Audio Driver <br/>Security Update for 2007 Microsoft Office System (KB2288621) <br/>Security Update for 2007 Microsoft Office System (KB2289158) <br/>Security Update for 2007 Microsoft Office System (KB2344875) <br/>Security Update for 2007 Microsoft Office System (KB2345043) <br/>Security Update for 2007 Microsoft Office System (KB969559) <br/>Security Update for 2007 Microsoft Office System (KB976321) <br/>Security Update for CAPICOM (KB931906) <br/>Security Update for Microsoft Office Access 2007 (KB979440) <br/>Security Update for Microsoft Office Excel 2007 (KB2345035) <br/>Security Update for Microsoft Office InfoPath 2007 (KB979441) <br/>Security Update for Microsoft Office Outlook 2007 (KB2288953) <br/>Security Update for Microsoft Office PowerPoint 2007 (KB982158) <br/>Security Update for Microsoft Office PowerPoint Viewer (KB2413381) <br/>Security Update for Microsoft Office Publisher 2007 (KB982124) <br/>Security Update for Microsoft Office system 2007 (972581) <br/>Security Update for Microsoft Office system 2007 (KB974234) <br/>Security Update for Microsoft Office Visio Viewer 2007 (KB973709) <br/>Security Update for Microsoft Office Word 2007 (KB2344993) <br/>Smart Defrag <br/>Spybot - Search & Destroy <br/>System Requirements Lab for Intel <br/>TagScanner 5.1 build 563 <br/>Texas Instruments PCIxx21/x515/xx12 drivers. <br/>TIPCI <br/>Tor 0.2.1.26 <br/>TOSHIBA HDD Protection <br/>TOSHIBA Tablet PC Extension <br/>TOSHIBA Value Added Package <br/>TouchChip USB Driver 2.18 <br/>Update for 2007 Microsoft Office System (KB967642) <br/>Update for Microsoft Office 2007 Help for Common Features (KB963673) <br/>Update for Microsoft Office Access 2007 Help (KB963663) <br/>Update for Microsoft Office Excel 2007 Help (KB963678) <br/>Update for Microsoft Office Infopath 2007 Help (KB963662) <br/>Update for Microsoft Office OneNote 2007 (KB980729) <br/>Update for Microsoft Office OneNote 2007 Help (KB963670) <br/>Update for Microsoft Office Outlook 2007 Help (KB963677) <br/>Update for Microsoft Office Powerpoint 2007 Help (KB963669) <br/>Update for Microsoft Office Publisher 2007 Help (KB963667) <br/>Update for Microsoft Office Script Editor Help (KB963671) <br/>Update for Microsoft Office Word 2007 Help (KB963665) <br/>Update for Outlook 2007 Junk Email Filter (KB2443839) <br/>Vidalia 0.2.9 <br/>WinRAR archiver <br/> <br/>==== Event Viewer Messages From Past Week ======== <br/> <br/>11/17/2010 8:21:17 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. <br/>11/17/2010 8:21:15 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running. <br/>11/17/2010 8:21:15 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running. <br/>11/17/2010 8:21:13 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running. <br/>11/17/2010 8:20:14 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. <br/>11/17/2010 8:19:17 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. <br/>11/17/2010 8:19:17 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. <br/>11/17/2010 8:19:16 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. <br/>11/17/2010 8:19:16 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. <br/>11/17/2010 8:19:15 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. <br/>11/17/2010 8:19:15 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. <br/>11/17/2010 8:19:15 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. <br/>11/17/2010 8:19:15 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. <br/>11/17/2010 8:19:15 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. <br/>11/17/2010 8:19:14 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. <br/>11/17/2010 8:19:14 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. <br/>11/17/2010 8:19:14 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. <br/>11/17/2010 8:19:14 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. <br/>11/17/2010 8:19:14 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. <br/>11/17/2010 8:19:13 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s). <br/>11/17/2010 8:19:13 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. <br/>11/17/2010 8:19:13 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. <br/>11/17/2010 8:19:13 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. <br/>11/17/2010 8:13:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. <br/>11/17/2010 8:02:37 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. <br/>11/17/2010 1:15:33 AM, Error: WacomPen [3] - The device has been removed. <br/>11/16/2010 9:50:20 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s). <br/>11/16/2010 9:50:20 AM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s). <br/>11/16/2010 9:50:20 AM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s). <br/>11/16/2010 9:50:20 AM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s). <br/>11/16/2010 9:50:20 AM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s). <br/>11/16/2010 9:50:20 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s). <br/>11/16/2010 9:50:20 AM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s). <br/>11/16/2010 9:50:20 AM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s). <br/>11/16/2010 9:50:20 AM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s). <br/>11/16/2010 9:50:20 AM, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s). <br/>11/16/2010 9:50:20 AM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s). <br/>11/16/2010 9:35:57 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. <br/>11/16/2010 8:15:05 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s). <br/>11/16/2010 8:15:05 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. <br/>11/16/2010 8:15:05 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. <br/>11/16/2010 8:15:05 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. <br/>11/16/2010 8:15:05 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. <br/>11/16/2010 8:15:05 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. <br/>11/16/2010 8:15:05 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. <br/>11/16/2010 8:15:05 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. <br/>11/16/2010 8:15:05 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. <br/>11/16/2010 8:15:05 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. <br/>11/16/2010 8:15:05 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. <br/>11/16/2010 8:15:05 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. <br/>11/16/2010 8:15:05 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. <br/>11/16/2010 8:15:05 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. <br/>11/16/2010 8:15:05 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. <br/>11/16/2010 7:59:28 PM, Error: Service Control Manager [7034] - The TOSHIBA HDD Protection service terminated unexpectedly. It has done this 1 time(s). <br/>11/16/2010 7:23:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82cace9e, 0xa9d0b750, 0xa9d0b330). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111610-31059-01. <br/>11/16/2010 7:16:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007f (0x0000000d, 0x00000000, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111610-45957-01. <br/>11/16/2010 7:13:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service. <br/>11/16/2010 7:13:19 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. <br/>11/16/2010 7:12:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service. <br/>11/16/2010 7:12:48 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. <br/>11/16/2010 7:11:48 PM, Error: Service Control Manager [7022] - The Server service hung on starting. <br/>11/16/2010 7:11:48 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state. <br/>11/16/2010 7:09:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service. <br/>11/16/2010 7:08:58 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. <br/>11/16/2010 6:54:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AppMgmt service. <br/>11/16/2010 6:54:35 PM, Error: Service Control Manager [7000] - The Application Management service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. <br/>11/16/2010 5:56:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service. <br/>11/16/2010 5:56:52 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. <br/>11/16/2010 5:56:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} <br/>11/16/2010 5:53:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service. <br/>11/16/2010 5:53:01 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. <br/>11/16/2010 5:46:17 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds. <br/>11/16/2010 5:37:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820} <br/>11/16/2010 5:26:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} <br/>11/16/2010 5:22:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service. <br/>11/16/2010 12:55:16 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x00000002, 0xa96adc3c, 0xa96ad820). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111610-23899-01. <br/>11/16/2010 12:47:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000, 0x00000002, 0x00000001, 0x82cbdbce). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111610-27846-01. <br/>11/16/2010 12:42:06 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000be (0x82cc2be8, 0x02cc2121, 0x89d3fca4, 0x0000000b). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111610-26598-01. <br/>11/16/2010 11:52:48 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. <br/>11/16/2010 11:52:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} <br/>11/16/2010 11:52:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} <br/>11/16/2010 11:52:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} <br/>11/16/2010 11:52:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} <br/>11/16/2010 11:52:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} <br/>11/16/2010 11:52:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} <br/>11/16/2010 11:52:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} <br/>11/16/2010 11:52:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr Tcpip tdx Wanarpv6 WfpLwf <br/>11/16/2010 11:52:03 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. <br/>11/16/2010 11:52:03 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. <br/>11/16/2010 11:52:03 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. <br/>11/16/2010 11:52:03 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. <br/>11/16/2010 11:52:03 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. <br/>11/16/2010 11:52:03 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. <br/>11/16/2010 11:52:02 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. <br/>11/16/2010 11:52:02 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. <br/>11/16/2010 11:52:02 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. <br/>11/16/2010 11:52:02 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. <br/>11/16/2010 11:52:02 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. <br/>11/16/2010 10:23:45 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 5 time(s). <br/>11/16/2010 10:23:45 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s). <br/>11/16/2010 10:23:45 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. <br/>11/16/2010 10:11:31 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s). <br/>11/16/2010 10:11:31 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 4 time(s). <br/>11/16/2010 1:44:45 AM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: A system shutdown is in progress. <br/>11/16/2010 1:44:45 AM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: A system shutdown is in progress. <br/>11/16/2010 1:44:45 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: A system shutdown is in progress. <br/>11/16/2010 1:44:44 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: A system shutdown is in progress. <br/>11/16/2010 1:44:44 AM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: A system shutdown is in progress. <br/>11/16/2010 1:44:44 AM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: A system shutdown is in progress. <br/>11/16/2010 1:44:44 AM, Error: Service Control Manager [7000] - The Extensible Authentication Protocol service failed to start due to the following error: A system shutdown is in progress. <br/>11/15/2010 9:47:44 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 4 time(s). <br/>11/15/2010 8:54:00 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running. <br/>11/15/2010 8:18:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00250024, 0x00000002, 0x00000001, 0x82cfbbce). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111510-35973-01. <br/>11/15/2010 8:05:08 PM, Error: Service Control Manager [7034] - The Nero Update service terminated unexpectedly. It has done this 1 time(s). <br/>11/15/2010 8:04:58 PM, Error: Service Control Manager [7000] - The 1394 OHCI Compliant Host Controller service failed to start due to the following error: A device attached to the system is not functioning. <br/>11/15/2010 11:02:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A} <br/>11/15/2010 10:58:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MPFP NetBIOS NetBT nsiproxy Psched rdbss spldr Tcpip tdx Wanarpv6 WfpLwf <br/>11/15/2010 10:58:32 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start. <br/>11/15/2010 10:58:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x007810a4, 0x00000002, 0x00000001, 0x82c64129). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111510-22557-01. <br/>11/15/2010 10:40:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McShield with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} <br/>11/15/2010 10:36:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk MPFP NetBIOS NetBT nsiproxy Psched rdbss spldr Tcpip tdx Wanarpv6 WfpLwf <br/>11/15/2010 10:05:51 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10. <br/>11/15/2010 10:00:19 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 5 time(s). <br/>11/14/2010 2:34:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. <br/>11/14/2010 2:34:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service. <br/> <br/>==== End Of File ===========================
Posted 11/18/2010 5:30 AM
#90038
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello :smile: <br/> <br/> <br/> <br/> <br/> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Please download combofix:<SPAN style="mso-spacerun: yes"> <SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-bidi-font-size: 12.0pt"><SPAN style="mso-ansi-language: EN-GB" lang=EN-GB>[color=#0000ff>Here</FONT>[/url]<SPAN]<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Save it to Desktop.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>There are details for disabling many programmes: <SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-bidi-font-size: 12.0pt"><SPAN style="mso-ansi-language: EN-GB" lang=EN-GB><FONT color=#0000ff>Here[/color]<SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Now, please make sure no other programs are running, close all other windows.<o:p></o:p> <br/> <br/><SPAN style="COLOR: black" lang=EN-GB> <br/>Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. <br/>Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. <br/>It may take a while to complete scanning and this is normal. <br/> <br/>You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed. <br/> <br/>Combofix will create a logfile and display it after your computer has rebooted. <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Usually located in c:\combofix.txt, please post it to your next reply<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: AR-SA; mso-bidi-language: AR-SA; mso-bidi-font-family: 'Times New Roman'" lang=EN>The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.<BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break">

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/18/2010 4:40 PM
#90043
User avatar

albert_bodden Member

Date Joined Nov 2016
Total Posts: 5
Touch, <br/> <br/>Thank you for helping. Since I'm new to this whole thing and since I don't know what's important information and what isn't, I'll just give you a brief overview of my Combofix usage. <br/> <br/>I could not run it in Windows without the "blue screen", so I rebooted and ran in safe mode. Combofix informed me that there was a possible "boot sector" infection and then informed me of a possible "rootkit infection" and rebooted the computer in regular mode. After running through its tests it set itself up to reboot computer but before that point it warned me that "current registryfile not found: \Device\Harddisk\Volume1\Boot\BCD" and asked me if I wanted to restore the file. Having no idea if I should or not, I opted for "yes". Computer then restarted and displayed the following logfile. Also, original problem still exists: <br/> <br/> <br/> <br/>ComboFix 10-11-17.03 - Albert 11/18/2010 11:06:52.2.2 - x86 <br/>Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1015.307 [GMT -5:00] <br/>Running from: c:\users\Albert\Desktop\ComboFix.exe <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/> <br/>c:\program files\Internet Explorer\dmlconf.dat <br/> <br/>. <br/>\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected <br/>. <br/>((((((((((((((((((((((((( Files Created from 2010-10-18 to 2010-11-18 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2010-11-18 16:20 . 2010-11-18 16:20 -------- d-----w- C:\Device <br/>2010-11-18 16:16 . 2010-11-18 16:23 -------- d-----w- c:\users\Albert\AppData\Local\temp <br/>2010-11-18 16:16 . 2010-11-18 16:16 -------- d-----w- c:\users\Default\AppData\Local\temp <br/>2010-11-18 01:09 . 2010-11-16 17:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{27C4398B-1A6D-4D68-B5AF-44E8C9A20D07}\mpengine.dll <br/>2010-11-18 00:58 . 2010-11-18 00:58 -------- d-----w- c:\users\Mcx1-ALBERT-PC <br/>2010-11-18 00:49 . 2010-11-18 00:49 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll <br/>2010-11-18 00:48 . 2010-11-18 00:48 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll <br/>2010-11-18 00:47 . 2010-11-18 00:47 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll <br/>2010-11-18 00:47 . 2010-11-18 00:47 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll <br/>2010-11-17 15:50 . 2010-11-17 15:50 -------- d-----w- c:\program files\Trend Micro <br/>2010-11-17 15:50 . 2010-11-17 15:50 -------- d-----w- c:\program files\Common Files\Java <br/>2010-11-17 13:56 . 2010-11-17 13:56 -------- d-----w- c:\program files\CCleaner <br/>2010-11-17 13:28 . 2010-11-17 13:28 -------- d-----w- c:\program files\Common Files\Config <br/>2010-11-17 13:21 . 2004-04-19 04:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll <br/>2010-11-17 13:21 . 2004-04-19 04:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll <br/>2010-11-17 13:21 . 2004-04-19 04:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll <br/>2010-11-17 13:21 . 2010-11-17 13:21 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll <br/>2010-11-17 13:21 . 2004-04-19 04:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll <br/>2010-11-17 13:21 . 2004-04-19 04:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe <br/>2010-11-17 13:21 . 2010-11-17 13:21 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll <br/>2010-11-17 13:21 . 2010-01-13 15:30 4199784 ----a-w- c:\windows\system32\cdintf400.dll <br/>2010-11-17 04:49 . 2010-11-17 04:49 -------- d-----w- C:\!KillBox <br/>2010-11-17 03:17 . 2010-11-17 03:17 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys <br/>2010-11-17 03:17 . 2010-11-17 03:17 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys <br/>2010-11-17 03:17 . 2010-11-17 03:17 -------- d-----w- c:\program files\Prevx <br/>2010-11-17 03:17 . 2010-11-17 16:46 -------- d-----w- c:\programdata\PrevxCSI <br/>2010-11-17 01:09 . 2010-11-17 14:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy <br/>2010-11-17 01:09 . 2010-11-17 01:11 -------- d-----w- c:\program files\Spybot - Search & Destroy <br/>2010-11-16 06:19 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2010-11-16 06:18 . 2010-11-16 06:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2010-11-16 06:18 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2010-11-16 03:29 . 2010-11-16 03:29 -------- d-----w- c:\windows\system32\%localappdata% <br/>2010-11-14 06:57 . 2010-11-17 13:21 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0 <br/>2010-11-14 06:54 . 2010-11-14 06:54 -------- d-----w- c:\program files\Common Files\Intuit <br/>2010-11-14 06:54 . 2010-11-17 13:30 -------- d-----w- c:\program files\Quicken <br/>2010-11-14 06:54 . 2010-11-14 06:54 -------- d-----w- c:\users\Albert\AppData\Roaming\Intuit <br/>2010-11-14 06:52 . 2010-11-14 06:52 -------- d-----w- c:\programdata\Intuit <br/>2010-11-11 20:19 . 2010-11-11 20:19 169320 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10135.bin <br/>2010-11-10 19:41 . 2010-11-10 19:41 -------- d-----w- c:\users\Albert\AppData\Roaming\Acapela Group <br/>2010-11-10 19:27 . 2010-11-10 19:27 -------- d-----w- c:\users\Albert\AppData\Local\Xtranormal <br/>2010-11-10 19:11 . 2010-11-10 19:11 -------- d-----w- c:\program files\Xtranormal <br/>2010-11-10 19:10 . 2010-11-10 19:42 -------- d-----w- c:\users\Albert\AppData\Roaming\Xtranormal <br/>2010-11-08 06:38 . 2010-11-08 07:08 -------- d-----w- c:\program files\Flash Favorite <br/>2010-11-04 18:58 . 2010-11-04 18:58 -------- d-----w- c:\program files\MSXML 4.0 <br/>2010-11-04 18:38 . 2010-11-04 18:52 -------- d-----w- c:\users\Albert\AppData\Roaming\ImgBurn <br/>2010-11-04 18:19 . 2010-11-04 18:19 -------- d-----w- c:\program files\ImgBurn <br/>2010-11-04 17:25 . 2010-11-04 17:25 -------- d-----w- c:\users\Albert\AppData\Roaming\Nero <br/>2010-11-04 17:06 . 2010-11-04 17:09 -------- d-----w- c:\programdata\Nero <br/>2010-11-04 17:06 . 2010-11-04 17:06 -------- d-----w- c:\program files\Common Files\Nero <br/>2010-11-04 17:05 . 2010-11-04 17:08 -------- d-----w- c:\program files\Nero <br/>2010-11-04 16:15 . 2010-11-04 16:15 -------- d-----w- c:\users\Albert\AppData\Roaming\Thunderbird <br/>2010-11-04 16:15 . 2010-11-04 16:15 -------- d-----w- c:\users\Albert\AppData\Local\Thunderbird <br/>2010-11-04 16:09 . 2010-11-04 16:09 -------- d-----w- c:\program files\Mozilla Thunderbird <br/>2010-11-04 13:33 . 2010-11-06 20:19 -------- d-----w- c:\programdata\DVD Shrink <br/>2010-11-04 13:33 . 2010-11-04 13:33 -------- d-----w- c:\program files\DVD Shrink <br/>2010-10-27 16:29 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll <br/>2010-10-27 16:29 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll <br/>2010-10-27 16:29 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax <br/>2010-10-27 16:29 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax <br/>2010-10-27 16:29 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2010-11-17 15:48 . 2010-09-21 17:19 472808 ----a-w- c:\windows\system32\deployJava1.dll <br/>2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx <br/>2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts <br/>2010-09-08 04:30 . 2010-10-13 20:18 978432 ----a-w- c:\windows\system32\wininet.dll <br/>2010-09-08 04:28 . 2010-10-13 20:18 44544 ----a-w- c:\windows\system32\licmgr10.dll <br/>2010-09-08 03:22 . 2010-10-13 20:18 386048 ----a-w- c:\windows\system32\html.iec <br/>2010-09-08 02:48 . 2010-10-13 20:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb <br/>2010-09-01 04:23 . 2010-10-13 23:41 12625408 ----a-w- c:\windows\system32\wmploc.DLL <br/>2010-09-01 02:34 . 2010-10-13 20:08 2327552 ----a-w- c:\windows\system32\win32k.sys <br/>2010-08-31 04:32 . 2010-10-13 20:17 954752 ----a-w- c:\windows\system32\mfc40.dll <br/>2010-08-31 04:32 . 2010-10-13 20:17 954288 ----a-w- c:\windows\system32\mfc40u.dll <br/>2010-08-27 05:46 . 2010-10-13 20:08 168448 ----a-w- c:\windows\system32\srvsvc.dll <br/>2010-08-27 03:31 . 2010-10-13 20:08 310784 ----a-w- c:\windows\system32\drivers\srv.sys <br/>2010-08-27 03:30 . 2010-10-13 20:08 308736 ----a-w- c:\windows\system32\drivers\srv2.sys <br/>2010-08-27 03:30 . 2010-10-13 20:08 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys <br/>2010-08-26 04:39 . 2010-10-13 20:17 109056 ----a-w- c:\windows\system32\t2embed.dll <br/>2010-08-21 05:36 . 2010-10-13 20:07 738816 ----a-w- c:\windows\system32\wmpmde.dll <br/>2010-08-21 05:36 . 2010-10-13 20:17 224256 ----a-w- c:\windows\system32\schannel.dll <br/>2010-08-21 05:33 . 2010-10-13 20:17 530432 ----a-w- c:\windows\system32\comctl32.dll <br/>2010-08-21 05:32 . 2010-09-15 02:27 316928 ----a-w- c:\windows\system32\spoolsv.exe <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] <br/>@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] <br/>2008-04-29 22:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] <br/>@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" <br/>[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] <br/>2008-04-29 22:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2010-05-25 5475403] <br/>"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928] <br/>"Google Update"="c:\users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-11-16 136176] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"ThpSrv"="c:\windows\system32\thpsrv" [X] <br/>"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320] <br/>"RtHDVCpl"="RtHDVCpl.exe" [2008-08-28 6275072] <br/>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] <br/>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] <br/>"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] <br/>"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] <br/>"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-04-29 49928] <br/>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] <br/>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] <br/>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] <br/>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] <br/> <br/>c:\users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] <br/>"ConsentPromptBehaviorUser"= 3 (0x3) <br/>"EnableUIADesktopToggle"= 0 (0x0) <br/>"DisableCAD"= 1 (0x1) <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] <br/>2008-04-29 22:43 96008 ----a-w- c:\windows\System32\psqlpwd.dll <br/> <br/>R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] <br/>R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-05-31 6638080] <br/>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-12 1343400] <br/>S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2010-11-17 22024] <br/>S0 pxsec;pxsec;c:\windows\System32\drivers\pxsec.sys [2010-11-17 27656] <br/>S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272] <br/>S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 13120] <br/>S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2010-11-17 4368952] <br/>S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080] <br/>S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-08-16 6637056] <br/>S3 PGR1394b;HS 3d Sensor IEEE 1394 Bus host controllers;c:\windows\system32\DRIVERS\HS3dSensor1394.sys [2008-02-19 72704] <br/>S3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\DRIVERS\TBtnKey.sys [2009-07-20 17216] <br/>S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-08-06 821760] <br/> <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/> <br/>2010-11-18 c:\windows\Tasks\AutoSmartDefrag.job <br/>- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-06-23 22:08] <br/> <br/>2010-11-18 c:\windows\Tasks\GlaryInitialize.job <br/>- c:\program files\Glary Utilities\initialize.exe [2010-06-23 14:32] <br/> <br/>2010-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3454672891-2210883765-2090829426-1000Core.job <br/>- c:\users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-16 22:41] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 <br/>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/> <br/>WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) <br/>HKLM-Run-TOSDCR - %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe <br/>HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE <br/>HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe <br/>HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe <br/>HKLM-Run-TRot.exe - %ProgramFiles%\Toshiba\TOSHIBA Rotation Utility\TRot.exe <br/>HKLM-Run-TAcelMgr - %ProgramFiles%\Toshiba\TOSHIBA Accelerometer Utilities\TAcelMgr\TAcelMgr.exe <br/>HKLM-Run-TSkrMain - %ProgramFiles%\Toshiba\TOSHIBA Accelerometer Utilities\Shaker\TSkrMain.exe <br/>HKLM-Run-Button Disable - %ProgramFiles%\Toshiba\TOSHIBA Button Disable\TBD.exe <br/>SafeBoot-mcmscsvc <br/>SafeBoot-MCODS <br/> <br/> <br/> <br/>************************************************************************** <br/> <br/>Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net <br/>Windows 6.1.7600 Disk: HTS541010G9SA00 rev.MBZOC60R -> Harddisk0\DR0 -> \Device\00000078 <br/> <br/>device: opened successfully <br/>user: MBR read successfully <br/> <br/>Disk trace: <br/>called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll ACPI.sys >>UNKNOWN [0x85401446]<< <br/>c:\windows\system32\DRIVERS\thpdrv.sys TOSHIBA Corporation TOSHIBA HDD Protection <br/>_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85407504]; MOV EAX, [0x85407580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } <br/>1 nt!IofCallDriver[0x82C6CEE0] -> \Device\Harddisk0\DR0[0x853E0518] <br/>3 CLASSPNP[0x87C2259E] -> nt!IofCallDriver[0x82C6CEE0] -> \Device\THPDRV1[0x853DF030] <br/>5 thpdrv[0x87B55BD9] -> nt!IofCallDriver[0x82C6CEE0] -> [0x84F92898] <br/>7 ACPI[0x8362B3B2] -> nt!IofCallDriver[0x82C6CEE0] -> \IdeDeviceP0T0L0-0[0x84F88030] <br/>\Driver\atapi[0x853E33F8] -> IRP_MJ_CREATE -> 0x85401446 <br/>error: Read The device is not ready. <br/>kernel: MBR read successfully <br/>_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; } <br/>detected disk devices: <br/>\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHTS541010G9SA00_________________________MBZOC60R#5&21929e47&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found <br/>detected hooks: <br/>user & kernel MBR OK <br/>Warning: possible TDL3 rootkit infection ! <br/> <br/>************************************************************************** <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/> <br/>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] <br/>@Denied: (A) (Users) <br/>@Denied: (A) (Everyone) <br/>@Allowed: (B 1 2 3 4 5) (S-1-5-20) <br/>"BlindDial"=dword:00000000 <br/>"MSCurrentCountry"=dword:000000b5 <br/> <br/>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] <br/>@Denied: (Full) (Everyone) <br/>. <br/>--------------------- DLLs Loaded Under Running Processes --------------------- <br/> <br/>- - - - - - - > 'Explorer.exe'(2560) <br/>c:\program files\Protector Suite QL\farchns.dll <br/>c:\program files\Protector Suite QL\infql2.dll <br/>c:\program files\Protector Suite QL\qlbase.dll <br/>. <br/>------------------------ Other Running Processes ------------------------ <br/>. <br/>c:\windows\SYSTEM32\WISPTIS.EXE <br/>c:\program files\Protector Suite QL\upeksvr.exe <br/>c:\program files\LSI SoftModem\agrsmsvc.exe <br/>c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe <br/>c:\windows\system32\ThpSrv.exe <br/>c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe <br/>c:\windows\system32\taskhost.exe <br/>c:\windows\SYSTEM32\WISPTIS.EXE <br/>c:\program files\Common Files\microsoft shared\ink\TabTip.exe <br/>c:\windows\system32\WUDFHost.exe <br/>c:\windows\system32\conhost.exe <br/>c:\program files\Windows Media Player\wmpnetwk.exe <br/>c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe <br/>. <br/>************************************************************************** <br/>. <br/>Completion time: 2010-11-18 11:28:15 - machine was rebooted <br/>ComboFix-quarantined-files.txt 2010-11-18 16:28 <br/> <br/>Pre-Run: 21,384,822,784 bytes free <br/>Post-Run: 21,152,198,656 bytes free <br/> <br/>- - End Of File - - 503C29C0AB4F88890A34D80F01AE524A
Posted 11/19/2010 4:48 AM
#90050
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
[3][color=#0000ff>http://support.kaspersky.com/downloads/utils/tdsskiller.zip[/3]</A><SPAN] <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>[/color]</FONT> <br/><SPAN style="FONT-FAMILY: 'Times New Roman'; COLOR: #333333; FONT-SIZE: 12pt; mso-ansi-language: EN-GB; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA" lang=EN-GB>and download Kaspersky's TDSSKiller to your desktop, then unzip that and place a copy of the TDSSKiller.exe file on your desktop. Then click that to open the scanner. <br/> <br/>In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot if requested. <br/> <br/>When the scan completes it will create a log file on your C drive. <br/> <br/>Similar in name to this: <br/> <br/>C:\TDSSKiller. (numbers) log.txt <br/> <br/><SPAN style="mso-spacerun: yes"> <br/>Copy/paste those contents back here please.<BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break">

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/19/2010 8:52 AM
#90057
User avatar

albert_bodden Member

Date Joined Nov 2016
Total Posts: 5
Touch, <br/> <br/>I ran TDSSKiller twice. Once to locate the problem and kill it, and the second time to ensure that the problem did not recreate itself. I will post both logs below just to ensure that I am not being premature in assuming the entire problem is gone, however I am no longer having the redirect problem while using search. If there seems to be no problems below, then can you take some time out to suggest a method for protecting myself from a problem like this again? I was running McAfee, and Windows Firewall and I was hit with this. <br/> <br/>Thank you INCREDIBLY for your time and help. <br/> <br/>Below are the logs: <br/> <br/> <br/>2010/11/19 03:28:49.0453 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12 <br/>2010/11/19 03:28:49.0453 ================================================================================ <br/>2010/11/19 03:28:49.0453 SystemInfo: <br/>2010/11/19 03:28:49.0453 <br/>2010/11/19 03:28:49.0453 OS Version: 6.1.7600 ServicePack: 0.0 <br/>2010/11/19 03:28:49.0453 Product type: Workstation <br/>2010/11/19 03:28:49.0453 ComputerName: ALBERT-PC <br/>2010/11/19 03:28:49.0453 UserName: Albert <br/>2010/11/19 03:28:49.0453 Windows directory: C:\Windows <br/>2010/11/19 03:28:49.0453 System windows directory: C:\Windows <br/>2010/11/19 03:28:49.0453 Processor architecture: Intel x86 <br/>2010/11/19 03:28:49.0453 Number of processors: 2 <br/>2010/11/19 03:28:49.0453 Page size: 0x1000 <br/>2010/11/19 03:28:49.0453 Boot type: Normal boot <br/>2010/11/19 03:28:49.0453 ================================================================================ <br/>2010/11/19 03:28:50.0529 Initialize success <br/>2010/11/19 03:29:10.0784 ================================================================================ <br/>2010/11/19 03:29:10.0784 Scan started <br/>2010/11/19 03:29:10.0784 Mode: Manual; <br/>2010/11/19 03:29:10.0784 ================================================================================ <br/>2010/11/19 03:29:13.0012 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys <br/>2010/11/19 03:29:13.0085 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys <br/>2010/11/19 03:29:13.0143 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys <br/>2010/11/19 03:29:13.0205 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys <br/>2010/11/19 03:29:13.0257 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys <br/>2010/11/19 03:29:13.0309 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys <br/>2010/11/19 03:29:13.0376 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys <br/>2010/11/19 03:29:13.0492 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\Windows\system32\DRIVERS\AGRSM.sys <br/>2010/11/19 03:29:13.0668 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys <br/>2010/11/19 03:29:13.0719 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys <br/>2010/11/19 03:29:13.0770 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys <br/>2010/11/19 03:29:13.0806 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys <br/>2010/11/19 03:29:13.0839 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys <br/>2010/11/19 03:29:13.0878 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys <br/>2010/11/19 03:29:13.0903 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys <br/>2010/11/19 03:29:13.0930 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys <br/>2010/11/19 03:29:13.0976 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys <br/>2010/11/19 03:29:14.0021 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys <br/>2010/11/19 03:29:14.0090 ApfiltrService (95116e2bcfaf5a36af0369050e92b9a5) C:\Windows\system32\DRIVERS\Apfiltr.sys <br/>2010/11/19 03:29:14.0125 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys <br/>2010/11/19 03:29:14.0181 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys <br/>2010/11/19 03:29:14.0219 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys <br/>2010/11/19 03:29:14.0247 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys <br/>2010/11/19 03:29:14.0292 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys <br/>2010/11/19 03:29:14.0382 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys <br/>2010/11/19 03:29:14.0497 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys <br/>2010/11/19 03:29:14.0586 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys <br/>2010/11/19 03:29:14.0644 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys <br/>2010/11/19 03:29:14.0688 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys <br/>2010/11/19 03:29:14.0724 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys <br/>2010/11/19 03:29:14.0767 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys <br/>2010/11/19 03:29:14.0815 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys <br/>2010/11/19 03:29:14.0849 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys <br/>2010/11/19 03:29:14.0889 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys <br/>2010/11/19 03:29:14.0917 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys <br/>2010/11/19 03:29:14.0947 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys <br/>2010/11/19 03:29:15.0265 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys <br/>2010/11/19 03:29:15.0307 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys <br/>2010/11/19 03:29:15.0365 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys <br/>2010/11/19 03:29:15.0423 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys <br/>2010/11/19 03:29:15.0474 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys <br/>2010/11/19 03:29:15.0501 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys <br/>2010/11/19 03:29:15.0548 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys <br/>2010/11/19 03:29:15.0592 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys <br/>2010/11/19 03:29:15.0626 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys <br/>2010/11/19 03:29:15.0659 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys <br/>2010/11/19 03:29:15.0724 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys <br/>2010/11/19 03:29:15.0820 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys <br/>2010/11/19 03:29:15.0871 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys <br/>2010/11/19 03:29:15.0900 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys <br/>2010/11/19 03:29:15.0980 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys <br/>2010/11/19 03:29:16.0123 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys <br/>2010/11/19 03:29:16.0213 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\Windows\system32\DRIVERS\e100b325.sys <br/>2010/11/19 03:29:16.0400 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys <br/>2010/11/19 03:29:16.0634 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys <br/>2010/11/19 03:29:16.0690 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys <br/>2010/11/19 03:29:16.0748 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys <br/>2010/11/19 03:29:16.0800 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys <br/>2010/11/19 03:29:16.0851 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys <br/>2010/11/19 03:29:16.0894 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys <br/>2010/11/19 03:29:16.0941 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys <br/>2010/11/19 03:29:16.0980 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys <br/>2010/11/19 03:29:17.0028 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys <br/>2010/11/19 03:29:17.0087 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys <br/>2010/11/19 03:29:17.0117 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys <br/>2010/11/19 03:29:17.0179 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys <br/>2010/11/19 03:29:17.0279 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys <br/>2010/11/19 03:29:17.0349 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys <br/>2010/11/19 03:29:17.0465 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys <br/>2010/11/19 03:29:17.0534 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys <br/>2010/11/19 03:29:17.0589 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys <br/>2010/11/19 03:29:17.0633 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys <br/>2010/11/19 03:29:17.0667 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys <br/>2010/11/19 03:29:17.0702 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys <br/>2010/11/19 03:29:17.0786 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys <br/>2010/11/19 03:29:17.0860 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys <br/>2010/11/19 03:29:17.0898 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys <br/>2010/11/19 03:29:17.0994 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys <br/>2010/11/19 03:29:18.0067 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys <br/>2010/11/19 03:29:18.0343 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys <br/>2010/11/19 03:29:18.0543 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys <br/>2010/11/19 03:29:18.0730 IntcAzAudAddService (4522cd6376f49b50ccca77da7a92b289) C:\Windows\system32\drivers\RTKVHDA.sys <br/>2010/11/19 03:29:18.0831 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys <br/>2010/11/19 03:29:18.0878 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys <br/>2010/11/19 03:29:19.0011 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys <br/>2010/11/19 03:29:19.0086 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys <br/>2010/11/19 03:29:19.0137 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys <br/>2010/11/19 03:29:19.0183 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys <br/>2010/11/19 03:29:19.0219 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys <br/>2010/11/19 03:29:19.0276 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys <br/>2010/11/19 03:29:19.0310 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys <br/>2010/11/19 03:29:19.0346 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys <br/>2010/11/19 03:29:19.0387 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys <br/>2010/11/19 03:29:19.0450 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys <br/>2010/11/19 03:29:19.0525 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys <br/>2010/11/19 03:29:19.0578 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys <br/>2010/11/19 03:29:19.0610 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys <br/>2010/11/19 03:29:19.0654 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys <br/>2010/11/19 03:29:19.0690 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys <br/>2010/11/19 03:29:19.0737 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys <br/>2010/11/19 03:29:19.0880 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys <br/>2010/11/19 03:29:19.0927 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys <br/>2010/11/19 03:29:20.0008 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys <br/>2010/11/19 03:29:20.0057 mfebopk (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys <br/>2010/11/19 03:29:20.0123 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\Windows\system32\drivers\mfehidk.sys <br/>2010/11/19 03:29:20.0192 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys <br/>2010/11/19 03:29:20.0246 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys <br/>2010/11/19 03:29:20.0316 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys <br/>2010/11/19 03:29:20.0347 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys <br/>2010/11/19 03:29:20.0390 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys <br/>2010/11/19 03:29:20.0422 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys <br/>2010/11/19 03:29:20.0460 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys <br/>2010/11/19 03:29:20.0508 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys <br/>2010/11/19 03:29:20.0605 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys <br/>2010/11/19 03:29:20.0677 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys <br/>2010/11/19 03:29:20.0741 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys <br/>2010/11/19 03:29:20.0781 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys <br/>2010/11/19 03:29:20.0818 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys <br/>2010/11/19 03:29:20.0860 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys <br/>2010/11/19 03:29:20.0893 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys <br/>2010/11/19 03:29:20.0959 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys <br/>2010/11/19 03:29:20.0998 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys <br/>2010/11/19 03:29:21.0039 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys <br/>2010/11/19 03:29:21.0096 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys <br/>2010/11/19 03:29:21.0130 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys <br/>2010/11/19 03:29:21.0159 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys <br/>2010/11/19 03:29:21.0214 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys <br/>2010/11/19 03:29:21.0261 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys <br/>2010/11/19 03:29:21.0371 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys <br/>2010/11/19 03:29:21.0414 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys <br/>2010/11/19 03:29:21.0453 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys <br/>2010/11/19 03:29:21.0511 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys <br/>2010/11/19 03:29:21.0632 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys <br/>2010/11/19 03:29:21.0704 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys <br/>2010/11/19 03:29:21.0760 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys <br/>2010/11/19 03:29:21.0930 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys <br/>2010/11/19 03:29:21.0960 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys <br/>2010/11/19 03:29:21.0987 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys <br/>2010/11/19 03:29:22.0017 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys <br/>2010/11/19 03:29:22.0038 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys <br/>2010/11/19 03:29:22.0418 netw5v32 (72466acb50784545689ead2473003cb5) C:\Windows\system32\DRIVERS\netw5v32.sys <br/>2010/11/19 03:29:23.0059 NETwLv32 (3ec8dcca3c67d3549af4688dd9d303d1) C:\Windows\system32\DRIVERS\NETwLv32.sys <br/>2010/11/19 03:29:23.0461 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys <br/>2010/11/19 03:29:23.0516 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys <br/>2010/11/19 03:29:23.0565 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys <br/>2010/11/19 03:29:23.0649 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys <br/>2010/11/19 03:29:23.0723 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys <br/>2010/11/19 03:29:23.0757 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys <br/>2010/11/19 03:29:23.0886 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys <br/>2010/11/19 03:29:23.0937 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys <br/>2010/11/19 03:29:24.0008 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys <br/>2010/11/19 03:29:24.0074 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys <br/>2010/11/19 03:29:24.0103 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys <br/>2010/11/19 03:29:24.0138 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys <br/>2010/11/19 03:29:24.0182 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys <br/>2010/11/19 03:29:24.0221 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys <br/>2010/11/19 03:29:24.0265 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys <br/>2010/11/19 03:29:24.0316 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys <br/>2010/11/19 03:29:24.0370 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys <br/>2010/11/19 03:29:24.0538 PGR1394b (6fc9cda0b608dfda41e42d2e9c7d7874) C:\Windows\system32\DRIVERS\HS3dSensor1394.sys <br/>2010/11/19 03:29:24.0654 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys <br/>2010/11/19 03:29:24.0693 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys <br/>2010/11/19 03:29:24.0753 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys <br/>2010/11/19 03:29:24.0855 pxscan (a5b3922b9f821fc8ff2821423e40026c) C:\Windows\system32\drivers\pxscan.sys <br/>2010/11/19 03:29:24.0934 pxsec (6613bbed3b306aee00d8a7b8d4cad5cd) C:\Windows\system32\drivers\pxsec.sys <br/>2010/11/19 03:29:25.0029 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys <br/>2010/11/19 03:29:25.0176 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys <br/>2010/11/19 03:29:25.0238 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys <br/>2010/11/19 03:29:25.0275 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys <br/>2010/11/19 03:29:25.0329 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys <br/>2010/11/19 03:29:25.0388 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys <br/>2010/11/19 03:29:25.0430 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys <br/>2010/11/19 03:29:25.0460 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys <br/>2010/11/19 03:29:25.0499 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys <br/>2010/11/19 03:29:25.0537 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys <br/>2010/11/19 03:29:25.0567 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys <br/>2010/11/19 03:29:25.0621 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys <br/>2010/11/19 03:29:25.0659 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys <br/>2010/11/19 03:29:25.0705 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys <br/>2010/11/19 03:29:25.0738 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys <br/>2010/11/19 03:29:25.0767 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys <br/>2010/11/19 03:29:25.0869 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys <br/>2010/11/19 03:29:25.0988 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys <br/>2010/11/19 03:29:26.0058 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys <br/>2010/11/19 03:29:26.0190 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys <br/>2010/11/19 03:29:26.0271 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys <br/>2010/11/19 03:29:26.0322 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys <br/>2010/11/19 03:29:26.0389 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys <br/>2010/11/19 03:29:26.0414 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys <br/>2010/11/19 03:29:26.0451 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys <br/>2010/11/19 03:29:26.0518 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys <br/>2010/11/19 03:29:26.0553 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys <br/>2010/11/19 03:29:26.0589 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys <br/>2010/11/19 03:29:26.0692 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys <br/>2010/11/19 03:29:26.0789 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys <br/>2010/11/19 03:29:26.0825 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys <br/>2010/11/19 03:29:26.0860 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys <br/>2010/11/19 03:29:26.0899 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys <br/>2010/11/19 03:29:26.0960 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys <br/>2010/11/19 03:29:27.0045 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys <br/>2010/11/19 03:29:27.0088 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys <br/>2010/11/19 03:29:27.0141 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys <br/>2010/11/19 03:29:27.0193 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys <br/>2010/11/19 03:29:27.0314 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys <br/>2010/11/19 03:29:27.0360 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys <br/>2010/11/19 03:29:27.0413 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys <br/>2010/11/19 03:29:27.0521 TBtnKey (3b1020751c94851c21a99d08661ab01f) C:\Windows\system32\DRIVERS\TBtnKey.sys <br/>2010/11/19 03:29:27.0636 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys <br/>2010/11/19 03:29:27.0731 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys <br/>2010/11/19 03:29:27.0826 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys <br/>2010/11/19 03:29:27.0971 TcUsb (58e3eb5a5c78740c5870eee6648ccc46) C:\Windows\system32\Drivers\tcusb.sys <br/>2010/11/19 03:29:28.0035 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys <br/>2010/11/19 03:29:28.0082 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys <br/>2010/11/19 03:29:28.0120 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys <br/>2010/11/19 03:29:28.0148 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys <br/>2010/11/19 03:29:28.0217 Thpdrv (9528f2a39cb660a49f0592d57127f370) C:\Windows\system32\DRIVERS\thpdrv.sys <br/>2010/11/19 03:29:28.0245 Thpevm (e17dcde74ff00ca802643b4a9a4a4a5c) C:\Windows\system32\DRIVERS\Thpevm.SYS <br/>2010/11/19 03:29:28.0375 ti21sony (d0ddafe350e545dc67535be5d2c27f6c) C:\Windows\system32\drivers\ti21sony.sys <br/>2010/11/19 03:29:28.0536 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\Windows\system32\drivers\tifm21.sys <br/>2010/11/19 03:29:28.0657 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys <br/>2010/11/19 03:29:28.0701 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys <br/>2010/11/19 03:29:28.0755 TVALZ (6e614df4e1110dcf61b335ee02a34954) C:\Windows\system32\DRIVERS\TVALZ.SYS <br/>2010/11/19 03:29:28.0804 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys <br/>2010/11/19 03:29:28.0853 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys <br/>2010/11/19 03:29:28.0914 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys <br/>2010/11/19 03:29:28.0961 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys <br/>2010/11/19 03:29:29.0021 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys <br/>2010/11/19 03:29:29.0069 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys <br/>2010/11/19 03:29:29.0109 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys <br/>2010/11/19 03:29:29.0227 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys <br/>2010/11/19 03:29:29.0286 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys <br/>2010/11/19 03:29:29.0336 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys <br/>2010/11/19 03:29:29.0384 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys <br/>2010/11/19 03:29:29.0427 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS <br/>2010/11/19 03:29:29.0465 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys <br/>2010/11/19 03:29:29.0519 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys <br/>2010/11/19 03:29:29.0561 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys <br/>2010/11/19 03:29:29.0593 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys <br/>2010/11/19 03:29:29.0628 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys <br/>2010/11/19 03:29:29.0665 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys <br/>2010/11/19 03:29:29.0766 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys <br/>2010/11/19 03:29:29.0858 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys <br/>2010/11/19 03:29:29.0901 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys <br/>2010/11/19 03:29:29.0944 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys <br/>2010/11/19 03:29:29.0986 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys <br/>2010/11/19 03:29:30.0027 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys <br/>2010/11/19 03:29:30.0068 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys <br/>2010/11/19 03:29:30.0110 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys <br/>2010/11/19 03:29:30.0154 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys <br/>2010/11/19 03:29:30.0196 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys <br/>2010/11/19 03:29:30.0233 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys <br/>2010/11/19 03:29:30.0254 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys <br/>2010/11/19 03:29:30.0338 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys <br/>2010/11/19 03:29:30.0391 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys <br/>2010/11/19 03:29:30.0549 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys <br/>2010/11/19 03:29:30.0599 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys <br/>2010/11/19 03:29:30.0703 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys <br/>2010/11/19 03:29:30.0774 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys <br/>2010/11/19 03:29:30.0841 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys <br/>2010/11/19 03:29:30.0873 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys <br/>2010/11/19 03:29:30.0948 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) <br/>2010/11/19 03:29:30.0955 ================================================================================ <br/>2010/11/19 03:29:30.0955 Scan finished <br/>2010/11/19 03:29:30.0955 ================================================================================ <br/>2010/11/19 03:29:30.0976 Detected object count: 1 <br/>2010/11/19 03:29:48.0786 \HardDisk0 - will be cured after reboot <br/>2010/11/19 03:29:48.0786 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure <br/>2010/11/19 03:29:54.0148 Deinitialize success <br/> <br/> <br/> <br/>2010/11/19 03:39:47.0436 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12 <br/>2010/11/19 03:39:47.0436 ================================================================================ <br/>2010/11/19 03:39:47.0436 SystemInfo: <br/>2010/11/19 03:39:47.0436 <br/>2010/11/19 03:39:47.0436 OS Version: 6.1.7600 ServicePack: 0.0 <br/>2010/11/19 03:39:47.0436 Product type: Workstation <br/>2010/11/19 03:39:47.0436 ComputerName: ALBERT-PC <br/>2010/11/19 03:39:47.0436 UserName: Albert <br/>2010/11/19 03:39:47.0436 Windows directory: C:\Windows <br/>2010/11/19 03:39:47.0436 System windows directory: C:\Windows <br/>2010/11/19 03:39:47.0436 Processor architecture: Intel x86 <br/>2010/11/19 03:39:47.0436 Number of processors: 2 <br/>2010/11/19 03:39:47.0436 Page size: 0x1000 <br/>2010/11/19 03:39:47.0436 Boot type: Normal boot <br/>2010/11/19 03:39:47.0436 ================================================================================ <br/>2010/11/19 03:39:48.0356 Initialize success <br/>2010/11/19 03:39:50.0790 ================================================================================ <br/>2010/11/19 03:39:50.0790 Scan started <br/>2010/11/19 03:39:50.0790 Mode: Manual; <br/>2010/11/19 03:39:50.0790 ================================================================================ <br/>2010/11/19 03:39:53.0130 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys <br/>2010/11/19 03:39:53.0177 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys <br/>2010/11/19 03:39:53.0224 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys <br/>2010/11/19 03:39:53.0270 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys <br/>2010/11/19 03:39:53.0317 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys <br/>2010/11/19 03:39:53.0364 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys <br/>2010/11/19 03:39:53.0442 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys <br/>2010/11/19 03:39:53.0551 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\Windows\system32\DRIVERS\AGRSM.sys <br/>2010/11/19 03:39:53.0723 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys <br/>2010/11/19 03:39:53.0770 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys <br/>2010/11/19 03:39:53.0832 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys <br/>2010/11/19 03:39:53.0848 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys <br/>2010/11/19 03:39:53.0879 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys <br/>2010/11/19 03:39:53.0926 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys <br/>2010/11/19 03:39:53.0957 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys <br/>2010/11/19 03:39:53.0972 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys <br/>2010/11/19 03:39:54.0019 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys <br/>2010/11/19 03:39:54.0066 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys <br/>2010/11/19 03:39:54.0128 ApfiltrService (95116e2bcfaf5a36af0369050e92b9a5) C:\Windows\system32\DRIVERS\Apfiltr.sys <br/>2010/11/19 03:39:54.0175 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys <br/>2010/11/19 03:39:54.0222 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys <br/>2010/11/19 03:39:54.0253 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys <br/>2010/11/19 03:39:54.0284 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys <br/>2010/11/19 03:39:54.0316 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys <br/>2010/11/19 03:39:54.0394 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys <br/>2010/11/19 03:39:54.0440 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys <br/>2010/11/19 03:39:54.0503 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys <br/>2010/11/19 03:39:54.0628 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys <br/>2010/11/19 03:39:54.0784 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys <br/>2010/11/19 03:39:54.0846 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys <br/>2010/11/19 03:39:54.0877 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys <br/>2010/11/19 03:39:54.0908 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys <br/>2010/11/19 03:39:54.0955 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys <br/>2010/11/19 03:39:54.0986 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys <br/>2010/11/19 03:39:55.0018 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys <br/>2010/11/19 03:39:55.0049 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys <br/>2010/11/19 03:39:55.0330 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys <br/>2010/11/19 03:39:55.0423 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys <br/>2010/11/19 03:39:55.0751 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys <br/>2010/11/19 03:39:55.0798 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys <br/>2010/11/19 03:39:55.0844 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys <br/>2010/11/19 03:39:55.0876 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys <br/>2010/11/19 03:39:55.0922 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys <br/>2010/11/19 03:39:56.0032 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys <br/>2010/11/19 03:39:56.0078 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys <br/>2010/11/19 03:39:56.0094 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys <br/>2010/11/19 03:39:56.0172 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys <br/>2010/11/19 03:39:56.0266 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys <br/>2010/11/19 03:39:56.0312 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys <br/>2010/11/19 03:39:56.0344 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys <br/>2010/11/19 03:39:56.0406 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys <br/>2010/11/19 03:39:56.0500 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys <br/>2010/11/19 03:39:56.0640 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\Windows\system32\DRIVERS\e100b325.sys <br/>2010/11/19 03:39:56.0890 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys <br/>2010/11/19 03:39:57.0061 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys <br/>2010/11/19 03:39:57.0108 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys <br/>2010/11/19 03:39:57.0186 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys <br/>2010/11/19 03:39:57.0233 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys <br/>2010/11/19 03:39:57.0280 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys <br/>2010/11/19 03:39:57.0326 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys <br/>2010/11/19 03:39:57.0358 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys <br/>2010/11/19 03:39:57.0404 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys <br/>2010/11/19 03:39:57.0451 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys <br/>2010/11/19 03:39:57.0498 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys <br/>2010/11/19 03:39:57.0529 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys <br/>2010/11/19 03:39:57.0592 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys <br/>2010/11/19 03:39:57.0685 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys <br/>2010/11/19 03:39:57.0732 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys <br/>2010/11/19 03:39:57.0810 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys <br/>2010/11/19 03:39:57.0857 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys <br/>2010/11/19 03:39:57.0904 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys <br/>2010/11/19 03:39:57.0919 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys <br/>2010/11/19 03:39:57.0950 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys <br/>2010/11/19 03:39:57.0997 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys <br/>2010/11/19 03:39:58.0060 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys <br/>2010/11/19 03:39:58.0106 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys <br/>2010/11/19 03:39:58.0138 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys <br/>2010/11/19 03:39:58.0153 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys <br/>2010/11/19 03:39:58.0216 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys <br/>2010/11/19 03:39:58.0481 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys <br/>2010/11/19 03:39:58.0715 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys <br/>2010/11/19 03:39:58.0918 IntcAzAudAddService (4522cd6376f49b50ccca77da7a92b289) C:\Windows\system32\drivers\RTKVHDA.sys <br/>2010/11/19 03:39:58.0996 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys <br/>2010/11/19 03:39:59.0089 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys <br/>2010/11/19 03:39:59.0152 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys <br/>2010/11/19 03:39:59.0214 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys <br/>2010/11/19 03:39:59.0245 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys <br/>2010/11/19 03:39:59.0292 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys <br/>2010/11/19 03:39:59.0308 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys <br/>2010/11/19 03:39:59.0354 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys <br/>2010/11/19 03:39:59.0386 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys <br/>2010/11/19 03:39:59.0432 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys <br/>2010/11/19 03:39:59.0464 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys <br/>2010/11/19 03:39:59.0526 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys <br/>2010/11/19 03:39:59.0588 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys <br/>2010/11/19 03:39:59.0729 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys <br/>2010/11/19 03:39:59.0744 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys <br/>2010/11/19 03:39:59.0791 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys <br/>2010/11/19 03:39:59.0807 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys <br/>2010/11/19 03:39:59.0838 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys <br/>2010/11/19 03:39:59.0900 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys <br/>2010/11/19 03:39:59.0932 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys <br/>2010/11/19 03:40:00.0025 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys <br/>2010/11/19 03:40:00.0056 mfebopk (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys <br/>2010/11/19 03:40:00.0103 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\Windows\system32\drivers\mfehidk.sys <br/>2010/11/19 03:40:00.0166 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys <br/>2010/11/19 03:40:00.0197 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys <br/>2010/11/19 03:40:00.0368 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys <br/>2010/11/19 03:40:00.0384 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys <br/>2010/11/19 03:40:00.0415 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys <br/>2010/11/19 03:40:00.0462 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys <br/>2010/11/19 03:40:00.0493 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys <br/>2010/11/19 03:40:00.0524 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys <br/>2010/11/19 03:40:00.0556 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys <br/>2010/11/19 03:40:00.0602 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys <br/>2010/11/19 03:40:00.0680 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys <br/>2010/11/19 03:40:00.0727 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys <br/>2010/11/19 03:40:00.0821 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys <br/>2010/11/19 03:40:00.0868 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys <br/>2010/11/19 03:40:00.0946 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys <br/>2010/11/19 03:40:01.0055 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys <br/>2010/11/19 03:40:01.0086 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys <br/>2010/11/19 03:40:01.0117 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys <br/>2010/11/19 03:40:01.0164 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys <br/>2010/11/19 03:40:01.0195 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys <br/>2010/11/19 03:40:01.0226 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys <br/>2010/11/19 03:40:01.0258 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys <br/>2010/11/19 03:40:01.0320 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys <br/>2010/11/19 03:40:01.0351 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys <br/>2010/11/19 03:40:01.0382 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys <br/>2010/11/19 03:40:01.0414 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys <br/>2010/11/19 03:40:01.0460 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys <br/>2010/11/19 03:40:01.0648 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys <br/>2010/11/19 03:40:01.0710 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys <br/>2010/11/19 03:40:01.0741 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys <br/>2010/11/19 03:40:01.0772 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys <br/>2010/11/19 03:40:01.0788 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys <br/>2010/11/19 03:40:01.0835 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys <br/>2010/11/19 03:40:01.0866 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys <br/>2010/11/19 03:40:01.0897 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys <br/>2010/11/19 03:40:02.0318 netw5v32 (72466acb50784545689ead2473003cb5) C:\Windows\system32\DRIVERS\netw5v32.sys <br/>2010/11/19 03:40:02.0974 NETwLv32 (3ec8dcca3c67d3549af4688dd9d303d1) C:\Windows\system32\DRIVERS\NETwLv32.sys <br/>2010/11/19 03:40:03.0301 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys <br/>2010/11/19 03:40:03.0364 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys <br/>2010/11/19 03:40:03.0410 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys <br/>2010/11/19 03:40:03.0488 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys <br/>2010/11/19 03:40:03.0566 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys <br/>2010/11/19 03:40:03.0598 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys <br/>2010/11/19 03:40:03.0676 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys <br/>2010/11/19 03:40:03.0816 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys <br/>2010/11/19 03:40:03.0878 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys <br/>2010/11/19 03:40:03.0941 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys <br/>2010/11/19 03:40:03.0972 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys <br/>2010/11/19 03:40:04.0003 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys <br/>2010/11/19 03:40:04.0050 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys <br/>2010/11/19 03:40:04.0097 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys <br/>2010/11/19 03:40:04.0128 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys <br/>2010/11/19 03:40:04.0190 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys <br/>2010/11/19 03:40:04.0237 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys <br/>2010/11/19 03:40:04.0409 PGR1394b (6fc9cda0b608dfda41e42d2e9c7d7874) C:\Windows\system32\DRIVERS\HS3dSensor1394.sys <br/>2010/11/19 03:40:04.0518 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys <br/>2010/11/19 03:40:04.0549 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys <br/>2010/11/19 03:40:04.0596 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys <br/>2010/11/19 03:40:04.0752 pxscan (a5b3922b9f821fc8ff2821423e40026c) C:\Windows\system32\drivers\pxscan.sys <br/>2010/11/19 03:40:04.0830 pxsec (6613bbed3b306aee00d8a7b8d4cad5cd) C:\Windows\system32\drivers\pxsec.sys <br/>2010/11/19 03:40:04.0924 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys <br/>2010/11/19 03:40:05.0048 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys <br/>2010/11/19 03:40:05.0111 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys <br/>2010/11/19 03:40:05.0142 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys <br/>2010/11/19 03:40:05.0189 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys <br/>2010/11/19 03:40:05.0236 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys <br/>2010/11/19 03:40:05.0267 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys <br/>2010/11/19 03:40:05.0298 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys <br/>2010/11/19 03:40:05.0329 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys <br/>2010/11/19 03:40:05.0376 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys <br/>2010/11/19 03:40:05.0423 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys <br/>2010/11/19 03:40:05.0454 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys <br/>2010/11/19 03:40:05.0485 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys <br/>2010/11/19 03:40:05.0516 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys <br/>2010/11/19 03:40:05.0563 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys <br/>2010/11/19 03:40:05.0594 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys <br/>2010/11/19 03:40:05.0688 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys <br/>2010/11/19 03:40:05.0797 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys <br/>2010/11/19 03:40:05.0860 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys <br/>2010/11/19 03:40:05.0938 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys <br/>2010/11/19 03:40:06.0016 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys <br/>2010/11/19 03:40:06.0078 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys <br/>2010/11/19 03:40:06.0140 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys <br/>2010/11/19 03:40:06.0172 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys <br/>2010/11/19 03:40:06.0203 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys <br/>2010/11/19 03:40:06.0265 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys <br/>2010/11/19 03:40:06.0296 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys <br/>2010/11/19 03:40:06.0343 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys <br/>2010/11/19 03:40:06.0374 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys <br/>2010/11/19 03:40:06.0530 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys <br/>2010/11/19 03:40:06.0562 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys <br/>2010/11/19 03:40:06.0608 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys <br/>2010/11/19 03:40:06.0640 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys <br/>2010/11/19 03:40:07.0045 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys <br/>2010/11/19 03:40:07.0154 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys <br/>2010/11/19 03:40:07.0201 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys <br/>2010/11/19 03:40:07.0295 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys <br/>2010/11/19 03:40:07.0357 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys <br/>2010/11/19 03:40:07.0420 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys <br/>2010/11/19 03:40:07.0435 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys <br/>2010/11/19 03:40:07.0482 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys <br/>2010/11/19 03:40:07.0576 TBtnKey (3b1020751c94851c21a99d08661ab01f) C:\Windows\system32\DRIVERS\TBtnKey.sys <br/>2010/11/19 03:40:07.0685 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys <br/>2010/11/19 03:40:07.0810 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys <br/>2010/11/19 03:40:07.0966 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys <br/>2010/11/19 03:40:08.0059 TcUsb (58e3eb5a5c78740c5870eee6648ccc46) C:\Windows\system32\Drivers\tcusb.sys <br/>2010/11/19 03:40:08.0122 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys <br/>2010/11/19 03:40:08.0168 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys <br/>2010/11/19 03:40:08.0200 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys <br/>2010/11/19 03:40:08.0231 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys <br/>2010/11/19 03:40:08.0293 Thpdrv (9528f2a39cb660a49f0592d57127f370) C:\Windows\system32\DRIVERS\thpdrv.sys <br/>2010/11/19 03:40:08.0340 Thpevm (e17dcde74ff00ca802643b4a9a4a4a5c) C:\Windows\system32\DRIVERS\Thpevm.SYS <br/>2010/11/19 03:40:08.0434 ti21sony (d0ddafe350e545dc67535be5d2c27f6c) C:\Windows\system32\drivers\ti21sony.sys <br/>2010/11/19 03:40:08.0590 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\Windows\system32\drivers\tifm21.sys <br/>2010/11/19 03:40:08.0714 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys <br/>2010/11/19 03:40:08.0746 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys <br/>2010/11/19 03:40:08.0808 TVALZ (6e614df4e1110dcf61b335ee02a34954) C:\Windows\system32\DRIVERS\TVALZ.SYS <br/>2010/11/19 03:40:08.0855 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys <br/>2010/11/19 03:40:08.0902 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys <br/>2010/11/19 03:40:08.0948 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys <br/>2010/11/19 03:40:08.0995 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys <br/>2010/11/19 03:40:09.0058 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys <br/>2010/11/19 03:40:09.0120 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys <br/>2010/11/19 03:40:09.0151 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys <br/>2010/11/19 03:40:09.0292 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys <br/>2010/11/19 03:40:09.0338 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys <br/>2010/11/19 03:40:09.0401 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys <br/>2010/11/19 03:40:09.0432 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys <br/>2010/11/19 03:40:09.0479 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS <br/>2010/11/19 03:40:09.0510 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys <br/>2010/11/19 03:40:09.0557 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys <br/>2010/11/19 03:40:09.0604 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys <br/>2010/11/19 03:40:09.0635 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys <br/>2010/11/19 03:40:09.0682 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys <br/>2010/11/19 03:40:09.0728 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys <br/>2010/11/19 03:40:09.0760 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys <br/>2010/11/19 03:40:09.0791 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys <br/>2010/11/19 03:40:09.0900 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys <br/>2010/11/19 03:40:09.0947 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys <br/>2010/11/19 03:40:09.0994 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys <br/>2010/11/19 03:40:10.0040 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys <br/>2010/11/19 03:40:10.0072 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys <br/>2010/11/19 03:40:10.0134 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys <br/>2010/11/19 03:40:10.0181 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys <br/>2010/11/19 03:40:10.0228 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys <br/>2010/11/19 03:40:10.0274 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys <br/>2010/11/19 03:40:10.0290 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys <br/>2010/11/19 03:40:10.0368 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys <br/>2010/11/19 03:40:10.0430 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys <br/>2010/11/19 03:40:10.0524 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys <br/>2010/11/19 03:40:10.0555 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys <br/>2010/11/19 03:40:10.0727 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys <br/>2010/11/19 03:40:10.0820 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys <br/>2010/11/19 03:40:10.0883 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys <br/>2010/11/19 03:40:10.0914 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys <br/>2010/11/19 03:40:10.0992 ================================================================================ <br/>2010/11/19 03:40:10.0992 Scan finished <br/>2010/11/19 03:40:10.0992 ================================================================================
Posted 11/19/2010 12:11 PM
#90058
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Good. Please post new combofix log.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/19/2010 5:57 PM
#90064
User avatar

albert_bodden Member

Date Joined Nov 2016
Total Posts: 5
Combofix was able to run in Windows without having to enter safe mode. Log follows: <br/> <br/> <br/>ComboFix 10-11-18.05 - Albert 11/19/2010 12:39:37.3.2 - x86 <br/>Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1015.330 [GMT -5:00] <br/>Running from: c:\users\Albert\Desktop\Virus\ComboFix.exe <br/>. <br/> <br/>((((((((((((((((((((((((( Files Created from 2010-10-19 to 2010-11-19 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2010-11-19 17:46 . 2010-11-19 17:46 -------- d-----w- c:\users\Albert\AppData\Local\temp <br/>2010-11-19 17:46 . 2010-11-19 17:46 -------- d-----w- c:\users\Default\AppData\Local\temp <br/>2010-11-19 08:35 . 2010-11-16 17:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6B83B0A-9846-4F70-ABC1-E3E076635F6D}\mpengine.dll <br/>2010-11-18 17:13 . 2010-11-18 17:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll <br/>2010-11-18 17:13 . 2010-11-18 17:13 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll <br/>2010-11-18 17:12 . 2010-11-18 17:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll <br/>2010-11-18 16:20 . 2010-11-18 16:20 -------- d-----w- C:\Device <br/>2010-11-18 00:58 . 2010-11-18 00:58 -------- d-----w- c:\users\Mcx1-ALBERT-PC <br/>2010-11-18 00:49 . 2010-11-18 00:49 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll <br/>2010-11-18 00:48 . 2010-11-18 00:48 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll <br/>2010-11-18 00:47 . 2010-11-18 00:47 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll <br/>2010-11-18 00:47 . 2010-11-18 00:47 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll <br/>2010-11-17 15:50 . 2010-11-17 15:50 -------- d-----w- c:\program files\Trend Micro <br/>2010-11-17 15:50 . 2010-11-17 15:50 -------- d-----w- c:\program files\Common Files\Java <br/>2010-11-17 13:56 . 2010-11-17 13:56 -------- d-----w- c:\program files\CCleaner <br/>2010-11-17 13:28 . 2010-11-17 13:28 -------- d-----w- c:\program files\Common Files\Config <br/>2010-11-17 13:21 . 2004-04-19 04:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll <br/>2010-11-17 13:21 . 2004-04-19 04:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll <br/>2010-11-17 13:21 . 2004-04-19 04:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll <br/>2010-11-17 13:21 . 2010-11-17 13:21 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll <br/>2010-11-17 13:21 . 2004-04-19 04:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll <br/>2010-11-17 13:21 . 2004-04-19 04:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe <br/>2010-11-17 13:21 . 2010-11-17 13:21 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll <br/>2010-11-17 13:21 . 2010-01-13 15:30 4199784 ----a-w- c:\windows\system32\cdintf400.dll <br/>2010-11-17 04:49 . 2010-11-17 04:49 -------- d-----w- C:\!KillBox <br/>2010-11-17 03:17 . 2010-11-17 03:17 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys <br/>2010-11-17 03:17 . 2010-11-17 03:17 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys <br/>2010-11-17 03:17 . 2010-11-17 03:17 -------- d-----w- c:\program files\Prevx <br/>2010-11-17 03:17 . 2010-11-19 10:48 -------- d-----w- c:\programdata\PrevxCSI <br/>2010-11-17 01:09 . 2010-11-17 14:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy <br/>2010-11-17 01:09 . 2010-11-17 01:11 -------- d-----w- c:\program files\Spybot - Search & Destroy <br/>2010-11-16 06:19 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2010-11-16 06:18 . 2010-11-16 06:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2010-11-16 06:18 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2010-11-16 03:29 . 2010-11-16 03:29 -------- d-----w- c:\windows\system32\%localappdata% <br/>2010-11-14 06:57 . 2010-11-17 13:21 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0 <br/>2010-11-14 06:54 . 2010-11-14 06:54 -------- d-----w- c:\program files\Common Files\Intuit <br/>2010-11-14 06:54 . 2010-11-17 13:30 -------- d-----w- c:\program files\Quicken <br/>2010-11-14 06:54 . 2010-11-14 06:54 -------- d-----w- c:\users\Albert\AppData\Roaming\Intuit <br/>2010-11-14 06:52 . 2010-11-14 06:52 -------- d-----w- c:\programdata\Intuit <br/>2010-11-11 20:19 . 2010-11-11 20:19 169320 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10135.bin <br/>2010-11-10 19:41 . 2010-11-10 19:41 -------- d-----w- c:\users\Albert\AppData\Roaming\Acapela Group <br/>2010-11-10 19:27 . 2010-11-10 19:27 -------- d-----w- c:\users\Albert\AppData\Local\Xtranormal <br/>2010-11-10 19:11 . 2010-11-10 19:11 -------- d-----w- c:\program files\Xtranormal <br/>2010-11-10 19:10 . 2010-11-10 19:42 -------- d-----w- c:\users\Albert\AppData\Roaming\Xtranormal <br/>2010-11-08 06:38 . 2010-11-08 07:08 -------- d-----w- c:\program files\Flash Favorite <br/>2010-11-04 18:58 . 2010-11-04 18:58 -------- d-----w- c:\program files\MSXML 4.0 <br/>2010-11-04 18:38 . 2010-11-04 18:52 -------- d-----w- c:\users\Albert\AppData\Roaming\ImgBurn <br/>2010-11-04 18:19 . 2010-11-04 18:19 -------- d-----w- c:\program files\ImgBurn <br/>2010-11-04 17:25 . 2010-11-04 17:25 -------- d-----w- c:\users\Albert\AppData\Roaming\Nero <br/>2010-11-04 17:06 . 2010-11-04 17:09 -------- d-----w- c:\programdata\Nero <br/>2010-11-04 17:06 . 2010-11-04 17:06 -------- d-----w- c:\program files\Common Files\Nero <br/>2010-11-04 17:05 . 2010-11-04 17:08 -------- d-----w- c:\program files\Nero <br/>2010-11-04 16:15 . 2010-11-04 16:15 -------- d-----w- c:\users\Albert\AppData\Roaming\Thunderbird <br/>2010-11-04 16:15 . 2010-11-04 16:15 -------- d-----w- c:\users\Albert\AppData\Local\Thunderbird <br/>2010-11-04 16:09 . 2010-11-19 09:44 -------- d-----w- c:\program files\Mozilla Thunderbird <br/>2010-11-04 13:33 . 2010-11-06 20:19 -------- d-----w- c:\programdata\DVD Shrink <br/>2010-11-04 13:33 . 2010-11-04 13:33 -------- d-----w- c:\program files\DVD Shrink <br/>2010-10-27 16:29 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll <br/>2010-10-27 16:29 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll <br/>2010-10-27 16:29 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax <br/>2010-10-27 16:29 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax <br/>2010-10-27 16:29 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2010-11-17 15:48 . 2010-09-21 17:19 472808 ----a-w- c:\windows\system32\deployJava1.dll <br/>2010-10-19 15:41 . 2010-06-12 03:54 222080 ------w- c:\windows\system32\MpSigStub.exe <br/>2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx <br/>2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts <br/>2010-09-08 04:30 . 2010-10-13 20:18 978432 ----a-w- c:\windows\system32\wininet.dll <br/>2010-09-08 04:28 . 2010-10-13 20:18 44544 ----a-w- c:\windows\system32\licmgr10.dll <br/>2010-09-08 03:22 . 2010-10-13 20:18 386048 ----a-w- c:\windows\system32\html.iec <br/>2010-09-08 02:48 . 2010-10-13 20:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb <br/>2010-09-01 04:23 . 2010-10-13 23:41 12625408 ----a-w- c:\windows\system32\wmploc.DLL <br/>2010-09-01 02:34 . 2010-10-13 20:08 2327552 ----a-w- c:\windows\system32\win32k.sys <br/>2010-08-31 04:32 . 2010-10-13 20:17 954752 ----a-w- c:\windows\system32\mfc40.dll <br/>2010-08-31 04:32 . 2010-10-13 20:17 954288 ----a-w- c:\windows\system32\mfc40u.dll <br/>2010-08-27 05:46 . 2010-10-13 20:08 168448 ----a-w- c:\windows\system32\srvsvc.dll <br/>2010-08-27 03:31 . 2010-10-13 20:08 310784 ----a-w- c:\windows\system32\drivers\srv.sys <br/>2010-08-27 03:30 . 2010-10-13 20:08 308736 ----a-w- c:\windows\system32\drivers\srv2.sys <br/>2010-08-27 03:30 . 2010-10-13 20:08 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys <br/>2010-08-26 04:39 . 2010-10-13 20:17 109056 ----a-w- c:\windows\system32\t2embed.dll <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] <br/>@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] <br/>2008-04-29 22:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] <br/>@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" <br/>[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] <br/>2008-04-29 22:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2010-05-25 5475403] <br/>"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928] <br/>"Google Update"="c:\users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-11-16 136176] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"ThpSrv"="c:\windows\system32\thpsrv" [X] <br/>"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320] <br/>"RtHDVCpl"="RtHDVCpl.exe" [2008-08-28 6275072] <br/>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] <br/>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] <br/>"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] <br/>"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] <br/>"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-04-29 49928] <br/>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] <br/>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] <br/>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] <br/>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] <br/> <br/>c:\users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] <br/>"ConsentPromptBehaviorUser"= 3 (0x3) <br/>"EnableUIADesktopToggle"= 0 (0x0) <br/>"DisableCAD"= 1 (0x1) <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] <br/>2008-04-29 22:43 96008 ----a-w- c:\windows\System32\psqlpwd.dll <br/> <br/>R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] <br/>R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-05-31 6638080] <br/>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-12 1343400] <br/>S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2010-11-17 22024] <br/>S0 pxsec;pxsec;c:\windows\System32\drivers\pxsec.sys [2010-11-17 27656] <br/>S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272] <br/>S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 13120] <br/>S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2010-11-17 4368952] <br/>S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080] <br/>S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-08-16 6637056] <br/>S3 PGR1394b;HS 3d Sensor IEEE 1394 Bus host controllers;c:\windows\system32\DRIVERS\HS3dSensor1394.sys [2008-02-19 72704] <br/>S3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\DRIVERS\TBtnKey.sys [2009-07-20 17216] <br/>S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-08-06 821760] <br/> <br/> <br/>--- Other Services/Drivers In Memory --- <br/> <br/>*Deregistered* - klmd25 <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/> <br/>2010-11-19 c:\windows\Tasks\AutoSmartDefrag.job <br/>- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-06-23 22:08] <br/> <br/>2010-11-19 c:\windows\Tasks\GlaryInitialize.job <br/>- c:\program files\Glary Utilities\initialize.exe [2010-06-23 14:32] <br/> <br/>2010-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3454672891-2210883765-2090829426-1000Core.job <br/>- c:\users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-16 22:41] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 <br/>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 <br/>. <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/> <br/>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] <br/>@Denied: (A) (Users) <br/>@Denied: (A) (Everyone) <br/>@Allowed: (B 1 2 3 4 5) (S-1-5-20) <br/>"BlindDial"=dword:00000000 <br/>"MSCurrentCountry"=dword:000000b5 <br/> <br/>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] <br/>@Denied: (Full) (Everyone) <br/>. <br/>Completion time: 2010-11-19 12:50:22 <br/>ComboFix-quarantined-files.txt 2010-11-19 17:50 <br/>ComboFix2.txt 2010-11-18 16:28 <br/> <br/>Pre-Run: 35,755,921,408 bytes free <br/>Post-Run: 35,534,532,608 bytes free <br/> <br/>- - End Of File - - 5F4F26669F4AA98555F76162C51A3C09
Posted 11/20/2010 2:18 AM
#90067
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Clean log, please tell how things are running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/21/2010 5:47 AM
#90092
User avatar

albert_bodden Member

Date Joined Nov 2016
Total Posts: 5
Things seem to be running fine. Unless there are underlying problems I'm not noticing, I think my problem is gone. Thank you VERY much for your help!
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, December 8, 2016, 5:08 PM (GMT +1)
There are a total of 61,163 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Crawlerz.
There are currently no users on-line.