1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Win32/Sirefef.DA trojan

Discussion in 'Virus & Other Malware Removal' started by socketwrench, Dec 12, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. socketwrench

    socketwrench Thread Starter

    Joined:
    Dec 12, 2011
    Messages:
    2
    This aging but beloved and venerable single core Intel, XP Service Pack 3 is a mess and could would greatly appreciate your help! Symptoms were dramatically slow response and redirect of website with Firefox and IE. Malwarebytes removed as far as I could tell XP Virus 2012, AVG kept popping up threat alerts thereafter and ESET online scanner found and could not repair or remove Win32/Sirefef.DA trojan. That short report follows, please let me know if you can, whether this is repairable or requires reformat. OS, MS and Adobe program CDs no longer available ($$$). And what risk to passwords and financial/personal info? Thanks.

    ESET

    C:\Documents and Settings\Anthony S\Application Data\Sun\Java\Deployment\cache\6.0\0\3023a1c0-761e9945 Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined
    C:\Documents and Settings\Anthony S\Application Data\Sun\Java\Deployment\cache\6.0\17\2ff2a511-2e1033ec multiple threats deleted - quarantined
    C:\Documents and Settings\Anthony S\Application Data\Sun\Java\Deployment\cache\6.0\61\3e9e997d-6f67da20 multiple threats deleted - quarantined
    C:\WINDOWS\system32\drivers\serial.sys Win32/Sirefef.DA trojan unable to clean
    Operating memory multiple threats






    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:23:01 AM, on 12/12/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxecserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
    C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\NCLAUNCH.EXe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\lxeccoms.exe
    C:\WINDOWS\System32\ping.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Documents and Settings\Anthony S\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {538F8201-992A-AD4D-BFA8-757116A97B3F} - (no file)
    O2 - BHO: (no name) - {E7D786C8-AEAE-75A3-E2AA-6242E4EDCBE4} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [lxecmon.exe] "C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe"
    O4 - HKLM\..\Run: [Lexmark Pro800-Pro900 Series Fax Server] "C:\Program Files\Lexmark Pro800-Pro900 Series\fm3032.exe" /s
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
    O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - http://www.pcflashbang.com/statistics/inst.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab?
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxx.dll (file missing)
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
    O20 - Winlogon Notify: xmlproservice - xmlrpw32.dll (file missing)
    O20 - Winlogon Notify: xmlrpw32 - xmlrpw32.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxecCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe
    O23 - Service: lxec_device - - C:\WINDOWS\system32\lxeccoms.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 9679 bytes




    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by Anthony S at 10:28:17 on 2011-12-12
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.306 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxecserv.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
    C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\NCLAUNCH.EXe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\lxeccoms.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://news.bbc.co.uk/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [NCLaunch] c:\windows\NCLAUNCH.EXe
    uRun: [Chckup] c:\windows\system32\Netverchk.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [lxecmon.exe] "c:\program files\lexmark pro800-pro900 series\lxecmon.exe"
    mRun: [EzPrint] "c:\program files\lexmark pro800-pro900 series\ezprint.exe"
    mRun: [Lexmark Pro800-Pro900 Series Fax Server] "c:\program files\lexmark pro800-pro900 series\fm3032.exe" /s
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [<NO NAME>]
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    LSP: mswsock.dll
    DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - hxxp://www.pcflashbang.com/statistics/inst.exe
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab?
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{F5F37F4F-FC9E-4AF9-8DB9-99F82364CC58} : DhcpNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: A3dxq - c:\windows\system32\a3dxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: TPSvc - TPSvc.dll
    Notify: xmlproservice - xmlrpw32.dll
    Notify: xmlrpw32 - xmlrpw32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\anthony s\application data\mozilla\firefox\profiles\default.3ue\
    FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-1-16 77312]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-17 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-17 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-17 108552]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-12-11 116608]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-17 297752]
    R2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe -service --> c:\windows\system32\lxeccoms.exe -service [?]
    R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxecserv.exe [2010-8-19 98984]
    RUnknown szkg5;szkg5; [x]
    RUnknown szkgfs;szkgfs; [x]
    S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
    S2 wincom32;wincom32;\??\c:\windows\system32\wincom32.sys --> c:\windows\system32\wincom32.sys [?]
    S2 windev-710-ed2;windev-710-ed2;\??\c:\windows\system32\windev-710-ed2.sys --> c:\windows\system32\windev-710-ed2.sys [?]
    S2 XMLProvS;Network ProService;c:\windows\system32\svchost.exe -k xmlpros [2003-3-31 14336]
    S3 o1394bul;o1394bul;\??\c:\docume~1\anthon~1\locals~1\temp\o1394bul.sys --> c:\docume~1\anthon~1\locals~1\temp\o1394bul.sys [?]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
    S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    UnknownUnknown is3srv;is3srv; [x]
    .
    =============== Created Last 30 ================
    .
    2011-12-12 12:48:02 -------- d-----w- c:\program files\common files\iS3
    2011-12-12 08:42:56 53248 ----a-w- c:\windows\system32\6to4v32.dll
    2011-12-12 08:42:44 37888 ----a-w- c:\windows\system32\xmlrpw32.dll
    2011-12-12 06:54:15 -------- d-----w- c:\program files\ESET
    2011-12-12 03:11:48 500657 ----a-w- c:\documents and settings\all users\SPL301.tmp
    2011-12-05 01:28:07 -------- d-----w- c:\documents and settings\anthony s\application data\Clearwire
    2011-12-05 01:21:40 -------- d-----w- c:\program files\Sierra Wireless Inc
    2011-12-05 01:21:40 -------- d-----w- c:\documents and settings\anthony s\application data\Sierra Wireless
    2011-11-21 14:16:01 -------- d-----w- c:\program files\iPod
    2011-11-21 14:14:50 -------- d-----w- c:\program files\iTunes
    .
    ==================== Find3M ====================
    .
    2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-03 07:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-10-02 19:44:06 7796 ----a-w- c:\documents and settings\all users\SPL7BF.tmp
    .
    ============= FINISH: 10:28:40.20 ===============





    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-12 14:14:47
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\viasraid1Port2Path0Target0Lun0 WDC_WD80 rev.13.0
    Running: um15ixfy.exe; Driver: C:\DOCUME~1\ANTHON~1\LOCALS~1\Temp\uxldrpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\drivers\szkgfs.sys ZwTerminateProcess [0xA76C04DA]

    ---- Kernel code sections - GMER 1.0.15 ----

    ? system32\DRIVERS\szkg.sys The system cannot find the path specified. !
    ? system32\drivers\szkgfs.sys The system cannot find the path specified. !
    ? C:\DOCUME~1\ANTHON~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- Modules - GMER 1.0.15 ----

    Module (noname) (*** hidden *** ) F676F000-F6785000 (90112 bytes)

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\$NtUninstallKB58566$\1025563110 0 bytes
    File C:\WINDOWS\$NtUninstallKB58566$\1025563110\@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB58566$\1025563110\bckfg.tmp 850 bytes
    File C:\WINDOWS\$NtUninstallKB58566$\1025563110\cfg.ini 208 bytes
    File C:\WINDOWS\$NtUninstallKB58566$\1025563110\Desktop.ini 4608 bytes
    File C:\WINDOWS\$NtUninstallKB58566$\1025563110\keywords 201 bytes
    File C:\WINDOWS\$NtUninstallKB58566$\1025563110\kwrd.dll 223744 bytes
    File C:\WINDOWS\$NtUninstallKB58566$\1025563110\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB58566$\1025563110\L\ffczebdy 64512 bytes
    File C:\WINDOWS\$NtUninstallKB58566$\1025563110\lsflt7.ver 5176 bytes
    File C:\WINDOWS\$NtUninstallKB58566$\1025563110\U 0 bytes
    File C:\WINDOWS\$NtUninstallKB58566$\1025563110\U\[email protected] 2048 bytes
    File C:\WINDOWS\$NtUninstallKB58566$\1025563110\U\[email protected] 224768 bytes
    File C:\WINDOWS\$NtUninstallKB58566$\1025563110\U\[email protected] 1024 bytes
    File C:\WINDOWS\$NtUninstallKB58566$\1025563110\U\[email protected] 1024 bytes
    File C:\WINDOWS\$NtUninstallKB58566$\1025563110\U\[email protected] 12800 bytes
    File C:\WINDOWS\$NtUninstallKB58566$\1025563110\U\[email protected] 98304 bytes
    File C:\WINDOWS\$NtUninstallKB58566$\1665486683 0 bytes

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do not access any financial information on this machine, as a precaution, change all your on line passwords from a machine that has never been infected:

    Please do the following:

    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)


    NEXT



    Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    • Double click on ComboFix.exe & follow the prompts.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    • Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
     
  3. socketwrench

    socketwrench Thread Starter

    Joined:
    Dec 12, 2011
    Messages:
    2
    Ok meow and thank you very much! Here goes.

    TDSS Killer (ran twice, first time AVG popup while scanning, both scans found no infection)

    14:11:37.0312 3128 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
    14:11:37.0937 3128 ============================================================
    14:11:37.0937 3128 Current date / time: 2011/12/15 14:11:37.0937
    14:11:37.0937 3128 SystemInfo:
    14:11:37.0937 3128
    14:11:37.0937 3128 OS Version: 5.1.2600 ServicePack: 3.0
    14:11:37.0937 3128 Product type: Workstation
    14:11:37.0937 3128 ComputerName: ANTHONY
    14:11:37.0937 3128 UserName: Anthony S
    14:11:37.0937 3128 Windows directory: C:\WINDOWS
    14:11:37.0953 3128 System windows directory: C:\WINDOWS
    14:11:37.0953 3128 Processor architecture: Intel x86
    14:11:37.0953 3128 Number of processors: 1
    14:11:37.0953 3128 Page size: 0x1000
    14:11:37.0953 3128 Boot type: Normal boot
    14:11:37.0953 3128 ============================================================
    14:11:38.0796 3128 Initialize success
    14:11:42.0468 3276 ============================================================
    14:11:42.0468 3276 Scan started
    14:11:42.0468 3276 Mode: Manual;
    14:11:42.0468 3276 ============================================================
    14:11:48.0046 3276 Abiosdsk - ok
    14:11:48.0125 3276 abp480n5 - ok
    14:11:48.0281 3276 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    14:11:48.0296 3276 ACPI - ok
    14:11:48.0484 3276 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    14:11:48.0531 3276 ACPIEC - ok
    14:11:48.0906 3276 adpu160m - ok
    14:11:49.0078 3276 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    14:11:49.0078 3276 aec - ok
    14:11:49.0234 3276 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
    14:11:49.0250 3276 AFD - ok
    14:11:49.0453 3276 Aha154x - ok
    14:11:49.0703 3276 aic78u2 - ok
    14:11:49.0734 3276 aic78xx - ok
    14:11:49.0781 3276 ALCXSENS - ok
    14:11:51.0687 3276 ALCXWDM (5003d2e3f6b220ed3b0f1ac2816c2a18) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    14:11:53.0593 3276 ALCXWDM - ok
    14:11:53.0875 3276 AliIde - ok
    14:11:53.0984 3276 amsint - ok
    14:11:54.0046 3276 asc - ok
    14:11:54.0078 3276 asc3350p - ok
    14:11:54.0093 3276 asc3550 - ok
    14:11:54.0156 3276 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
    14:11:54.0171 3276 ASCTRM - ok
    14:11:54.0234 3276 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    14:11:54.0250 3276 AsyncMac - ok
    14:11:54.0468 3276 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    14:11:54.0484 3276 atapi - ok
    14:11:54.0546 3276 Atdisk - ok
    14:11:54.0609 3276 ati2mtag (4fb6bb54371b3829dd15fd42188a99e6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    14:11:54.0640 3276 ati2mtag - ok
    14:11:54.0687 3276 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    14:11:54.0703 3276 Atmarpc - ok
    14:11:54.0765 3276 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    14:11:54.0781 3276 audstub - ok
    14:11:54.0859 3276 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
    14:11:54.0906 3276 AvgLdx86 - ok
    14:11:54.0953 3276 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
    14:11:54.0968 3276 AvgMfx86 - ok
    14:11:55.0046 3276 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
    14:11:55.0062 3276 AvgTdiX - ok
    14:11:55.0109 3276 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    14:11:55.0125 3276 Beep - ok
    14:11:55.0187 3276 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    14:11:55.0203 3276 cbidf2k - ok
    14:11:55.0250 3276 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    14:11:55.0265 3276 CCDECODE - ok
    14:11:55.0296 3276 cd20xrnt - ok
    14:11:55.0328 3276 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    14:11:55.0343 3276 Cdaudio - ok
    14:11:55.0421 3276 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    14:11:55.0453 3276 Cdfs - ok
    14:11:55.0484 3276 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    14:11:55.0500 3276 Cdrom - ok
    14:11:55.0531 3276 Changer - ok
    14:11:55.0562 3276 CmdIde - ok
    14:11:55.0609 3276 Cpqarray - ok
    14:11:55.0625 3276 dac2w2k - ok
    14:11:55.0656 3276 dac960nt - ok
    14:11:55.0687 3276 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    14:11:55.0703 3276 Disk - ok
    14:11:55.0765 3276 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    14:11:55.0843 3276 dmboot - ok
    14:11:55.0875 3276 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    14:11:55.0906 3276 dmio - ok
    14:11:55.0937 3276 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    14:11:55.0953 3276 dmload - ok
    14:11:56.0000 3276 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    14:11:56.0000 3276 DMusic - ok
    14:11:56.0031 3276 dpti2o - ok
    14:11:56.0046 3276 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    14:11:56.0062 3276 drmkaud - ok
    14:11:56.0109 3276 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    14:11:56.0125 3276 Fastfat - ok
    14:11:56.0156 3276 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    14:11:56.0171 3276 Fdc - ok
    14:11:56.0218 3276 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
    14:11:56.0250 3276 FETND5BV - ok
    14:11:56.0296 3276 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
    14:11:56.0312 3276 FETNDIS - ok
    14:11:56.0375 3276 FETNDISB (d3b19a8bae6c20b4d305c7a72e255eb9) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
    14:11:56.0390 3276 FETNDISB - ok
    14:11:56.0437 3276 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    14:11:56.0453 3276 Fips - ok
    14:11:56.0500 3276 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    14:11:56.0500 3276 Flpydisk - ok
    14:11:56.0562 3276 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    14:11:56.0609 3276 FltMgr - ok
    14:11:56.0687 3276 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    14:11:56.0703 3276 Fs_Rec - ok
    14:11:56.0734 3276 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    14:11:56.0765 3276 Ftdisk - ok
    14:11:56.0828 3276 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    14:11:56.0843 3276 GEARAspiWDM - ok
    14:11:56.0859 3276 GMSIPCI - ok
    14:11:56.0921 3276 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    14:11:56.0937 3276 Gpc - ok
    14:11:57.0015 3276 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    14:11:57.0031 3276 HidUsb - ok
    14:11:57.0046 3276 hpn - ok
    14:11:57.0109 3276 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    14:11:57.0125 3276 HPZid412 - ok
    14:11:57.0171 3276 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    14:11:57.0187 3276 HPZipr12 - ok
    14:11:57.0250 3276 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    14:11:57.0265 3276 HPZius12 - ok
    14:11:57.0328 3276 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    14:11:57.0328 3276 HTTP - ok
    14:11:57.0359 3276 i2omgmt - ok
    14:11:57.0375 3276 i2omp - ok
    14:11:57.0406 3276 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    14:11:57.0421 3276 i8042prt - ok
    14:11:57.0484 3276 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    14:11:57.0500 3276 Imapi - ok
    14:11:57.0531 3276 ini910u - ok
    14:11:57.0562 3276 IntelIde - ok
    14:11:57.0609 3276 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    14:11:57.0625 3276 intelppm - ok
    14:11:57.0687 3276 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    14:11:57.0703 3276 ip6fw - ok
    14:11:57.0750 3276 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    14:11:57.0765 3276 IpFilterDriver - ok
    14:11:57.0828 3276 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    14:11:57.0843 3276 IpInIp - ok
    14:11:57.0890 3276 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    14:11:57.0890 3276 IpNat - ok
    14:11:57.0921 3276 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    14:11:57.0937 3276 IPSec - ok
    14:11:57.0984 3276 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    14:11:58.0000 3276 IRENUM - ok
    14:11:58.0093 3276 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    14:11:58.0109 3276 isapnp - ok
    14:11:58.0140 3276 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    14:11:58.0140 3276 Kbdclass - ok
    14:11:58.0171 3276 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    14:11:58.0187 3276 kbdhid - ok
    14:11:58.0218 3276 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    14:11:58.0218 3276 kmixer - ok
    14:11:58.0296 3276 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    14:11:58.0328 3276 KSecDD - ok
    14:11:58.0375 3276 lbrtfdc - ok
    14:11:58.0453 3276 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    14:11:58.0468 3276 mnmdd - ok
    14:11:58.0515 3276 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    14:11:58.0531 3276 Modem - ok
    14:11:58.0562 3276 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    14:11:58.0562 3276 Mouclass - ok
    14:11:58.0625 3276 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    14:11:58.0625 3276 mouhid - ok
    14:11:58.0671 3276 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    14:11:58.0687 3276 MountMgr - ok
    14:11:58.0718 3276 mraid35x - ok
    14:11:58.0765 3276 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    14:11:58.0765 3276 MRxDAV - ok
    14:11:58.0828 3276 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    14:11:58.0875 3276 MRxSmb - ok
    14:11:58.0906 3276 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    14:11:58.0921 3276 Msfs - ok
    14:11:58.0968 3276 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    14:11:58.0984 3276 MSKSSRV - ok
    14:11:59.0046 3276 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    14:11:59.0062 3276 MSPCLOCK - ok
    14:11:59.0093 3276 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    14:11:59.0109 3276 MSPQM - ok
    14:11:59.0171 3276 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    14:11:59.0171 3276 mssmbios - ok
    14:11:59.0203 3276 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    14:11:59.0218 3276 MSTEE - ok
    14:11:59.0265 3276 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    14:11:59.0281 3276 Mup - ok
    14:11:59.0343 3276 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    14:11:59.0359 3276 NABTSFEC - ok
    14:11:59.0406 3276 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    14:11:59.0453 3276 NDIS - ok
    14:11:59.0484 3276 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    14:11:59.0500 3276 NdisIP - ok
    14:11:59.0531 3276 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    14:11:59.0546 3276 NdisTapi - ok
    14:11:59.0562 3276 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    14:11:59.0562 3276 Ndisuio - ok
    14:11:59.0609 3276 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    14:11:59.0625 3276 NdisWan - ok
    14:11:59.0671 3276 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    14:11:59.0687 3276 NDProxy - ok
    14:11:59.0734 3276 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    14:11:59.0750 3276 NetBIOS - ok
    14:11:59.0796 3276 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    14:11:59.0812 3276 NetBT - ok
    14:11:59.0859 3276 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    14:11:59.0875 3276 Npfs - ok
    14:11:59.0890 3276 NTACCESS - ok
    14:11:59.0937 3276 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    14:12:00.0000 3276 Ntfs - ok
    14:12:00.0062 3276 NTIDrvr (3c25d8a23c366fbe1511b4a250a1a2ad) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
    14:12:00.0062 3276 NTIDrvr - ok
    14:12:00.0093 3276 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    14:12:00.0109 3276 Null - ok
    14:12:00.0171 3276 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    14:12:00.0187 3276 NwlnkFlt - ok
    14:12:00.0218 3276 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    14:12:00.0234 3276 NwlnkFwd - ok
    14:12:00.0484 3276 o1394bul - ok
    14:12:00.0703 3276 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    14:12:00.0781 3276 Parport - ok
    14:12:00.0890 3276 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    14:12:00.0906 3276 PartMgr - ok
    14:12:01.0000 3276 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    14:12:01.0000 3276 ParVdm - ok
    14:12:01.0062 3276 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    14:12:01.0078 3276 PCI - ok
    14:12:01.0109 3276 PCIDump - ok
    14:12:01.0125 3276 PCIIde - ok
    14:12:01.0171 3276 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    14:12:01.0187 3276 Pcmcia - ok
    14:12:01.0203 3276 PDCOMP - ok
    14:12:01.0234 3276 PDFRAME - ok
    14:12:01.0359 3276 PDRELI - ok
    14:12:01.0515 3276 PDRFRAME - ok
    14:12:01.0687 3276 perc2 - ok
    14:12:01.0859 3276 perc2hib - ok
    14:12:02.0000 3276 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    14:12:02.0015 3276 PptpMiniport - ok
    14:12:02.0046 3276 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    14:12:02.0062 3276 Processor - ok
    14:12:02.0140 3276 prodrv06 (f2e3c8f1eb6ba0733e0a1f6373df7957) C:\WINDOWS\System32\drivers\prodrv06.sys
    14:12:02.0203 3276 prodrv06 - ok
    14:12:02.0265 3276 prohlp02 (150307b52807d0c493c605ab913038ad) C:\WINDOWS\system32\drivers\prohlp02.sys
    14:12:02.0437 3276 prohlp02 - ok
    14:12:02.0562 3276 prosync1 (f3471e7971ee62420451d958da635064) C:\WINDOWS\system32\drivers\prosync1.sys
    14:12:02.0578 3276 prosync1 - ok
    14:12:02.0687 3276 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    14:12:02.0703 3276 PSched - ok
    14:12:02.0765 3276 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    14:12:02.0781 3276 Ptilink - ok
    14:12:02.0859 3276 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    14:12:02.0875 3276 PxHelp20 - ok
    14:12:02.0890 3276 ql1080 - ok
    14:12:02.0921 3276 Ql10wnt - ok
    14:12:02.0937 3276 ql12160 - ok
    14:12:02.0953 3276 ql1240 - ok
    14:12:02.0968 3276 ql1280 - ok
    14:12:03.0015 3276 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    14:12:03.0015 3276 RasAcd - ok
    14:12:03.0062 3276 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    14:12:03.0078 3276 Rasl2tp - ok
    14:12:03.0125 3276 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    14:12:03.0140 3276 RasPppoe - ok
    14:12:03.0187 3276 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    14:12:03.0203 3276 Raspti - ok
    14:12:03.0265 3276 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    14:12:03.0406 3276 Rdbss - ok
    14:12:03.0609 3276 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    14:12:03.0640 3276 RDPCDD - ok
    14:12:03.0765 3276 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    14:12:03.0796 3276 RDPWD - ok
    14:12:03.0875 3276 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    14:12:03.0890 3276 redbook - ok
    14:12:04.0031 3276 SANDRA (c85403529dac07266e94ed4ef00ad166) C:\Program Files\SiSoftware\SiSoftware Sandra Standard 2004.SP2 (Win32 x86)\Sandra.sys
    14:12:04.0046 3276 SANDRA - ok
    14:12:04.0109 3276 SASKUTIL - ok
    14:12:04.0187 3276 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    14:12:04.0187 3276 Secdrv - ok
    14:12:04.0250 3276 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    14:12:04.0265 3276 serenum - ok
    14:12:04.0500 3276 Serial (f8dc39cdd4c1e5873effd2e990026dd3) C:\WINDOWS\system32\DRIVERS\serial.sys
    14:12:04.0562 3276 Serial - ok
    14:12:04.0562 3276 SetupNTGLM7X - ok
    14:12:04.0812 3276 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
    14:12:04.0859 3276 sfhlp01 - ok
    14:12:05.0000 3276 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    14:12:05.0015 3276 Sfloppy - ok
    14:12:05.0078 3276 Simbad - ok
    14:12:05.0125 3276 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    14:12:05.0140 3276 SLIP - ok
    14:12:05.0203 3276 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    14:12:05.0218 3276 SONYPVU1 - ok
    14:12:05.0234 3276 Sparrow - ok
    14:12:05.0500 3276 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    14:12:05.0515 3276 splitter - ok
    14:12:05.0796 3276 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    14:12:05.0843 3276 sr - ok
    14:12:06.0046 3276 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    14:12:06.0125 3276 Srv - ok
    14:12:06.0203 3276 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    14:12:06.0250 3276 streamip - ok
    14:12:06.0562 3276 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    14:12:06.0593 3276 swenum - ok
    14:12:06.0828 3276 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    14:12:06.0828 3276 swmidi - ok
    14:12:06.0906 3276 symc810 - ok
    14:12:07.0359 3276 symc8xx - ok
    14:12:07.0609 3276 sym_hi - ok
    14:12:07.0671 3276 sym_u3 - ok
    14:12:07.0734 3276 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    14:12:07.0734 3276 sysaudio - ok
    14:12:07.0843 3276 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    14:12:07.0968 3276 Tcpip - ok
    14:12:08.0031 3276 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    14:12:08.0078 3276 TDPIPE - ok
    14:12:08.0218 3276 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    14:12:08.0234 3276 TDTCP - ok
    14:12:08.0484 3276 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    14:12:08.0515 3276 TermDD - ok
    14:12:08.0843 3276 TosIde - ok
    14:12:09.0015 3276 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    14:12:09.0031 3276 Udfs - ok
    14:12:09.0125 3276 ultra - ok
    14:12:09.0437 3276 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    14:12:09.0531 3276 Update - ok
    14:12:10.0000 3276 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    14:12:10.0062 3276 USBAAPL - ok
    14:12:10.0359 3276 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    14:12:10.0375 3276 usbccgp - ok
    14:12:10.0500 3276 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    14:12:10.0515 3276 usbehci - ok
    14:12:10.0609 3276 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    14:12:10.0625 3276 usbhub - ok
    14:12:10.0687 3276 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    14:12:10.0703 3276 usbprint - ok
    14:12:10.0781 3276 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    14:12:10.0796 3276 usbscan - ok
    14:12:10.0843 3276 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    14:12:10.0859 3276 USBSTOR - ok
    14:12:10.0890 3276 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    14:12:10.0906 3276 usbuhci - ok
    14:12:10.0984 3276 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    14:12:11.0000 3276 usbvideo - ok
    14:12:11.0031 3276 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    14:12:11.0046 3276 VgaSave - ok
    14:12:11.0109 3276 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
    14:12:11.0125 3276 viaagp1 - ok
    14:12:11.0187 3276 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    14:12:11.0203 3276 ViaIde - ok
    14:12:11.0265 3276 viasraid (ebe101c01d80a42868f57b327be1b564) C:\WINDOWS\system32\drivers\viasraid.sys
    14:12:11.0265 3276 viasraid - ok
    14:12:11.0390 3276 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    14:12:11.0406 3276 VolSnap - ok
    14:12:11.0515 3276 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    14:12:11.0531 3276 Wanarp - ok
    14:12:11.0593 3276 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    14:12:11.0609 3276 wanatw - ok
    14:12:11.0640 3276 WDICA - ok
    14:12:11.0687 3276 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    14:12:11.0703 3276 wdmaud - ok
    14:12:11.0718 3276 wincom32 - ok
    14:12:11.0734 3276 windev-710-ed2 - ok
    14:12:11.0828 3276 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
    14:12:11.0843 3276 WpdUsb - ok
    14:12:11.0906 3276 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    14:12:11.0921 3276 WS2IFSL - ok
    14:12:11.0953 3276 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    14:12:11.0968 3276 WSTCODEC - ok
    14:12:12.0031 3276 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    14:12:12.0046 3276 WudfPf - ok
    14:12:12.0062 3276 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    14:12:12.0078 3276 WudfRd - ok
    14:12:12.0140 3276 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    14:12:12.0250 3276 \Device\Harddisk0\DR0 - ok
    14:12:12.0250 3276 Boot (0x1200) (0403fdf5572e1183cd965005712897bd) \Device\Harddisk0\DR0\Partition0
    14:12:12.0250 3276 \Device\Harddisk0\DR0\Partition0 - ok
    14:12:12.0265 3276 ============================================================
    14:12:12.0265 3276 Scan finished
    14:12:12.0265 3276 ============================================================
    14:12:12.0281 3684 Detected object count: 0
    14:12:12.0281 3684 Actual detected object count: 0
    14:16:04.0046 4064 ============================================================
    14:16:04.0046 4064 Scan started
    14:16:04.0046 4064 Mode: Manual;
    14:16:04.0046 4064 ============================================================
    14:16:05.0781 4064 Abiosdsk - ok
    14:16:05.0828 4064 abp480n5 - ok
    14:16:05.0890 4064 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    14:16:05.0921 4064 ACPI - ok
    14:16:05.0984 4064 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    14:16:06.0000 4064 ACPIEC - ok
    14:16:06.0015 4064 adpu160m - ok
    14:16:06.0093 4064 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    14:16:06.0093 4064 aec - ok
    14:16:06.0171 4064 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
    14:16:06.0187 4064 AFD - ok
    14:16:06.0203 4064 Aha154x - ok
    14:16:06.0234 4064 aic78u2 - ok
    14:16:06.0250 4064 aic78xx - ok
    14:16:06.0265 4064 ALCXSENS - ok
    14:16:06.0484 4064 ALCXWDM (5003d2e3f6b220ed3b0f1ac2816c2a18) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    14:16:06.0812 4064 ALCXWDM - ok
    14:16:06.0921 4064 AliIde - ok
    14:16:06.0937 4064 amsint - ok
    14:16:06.0968 4064 asc - ok
    14:16:07.0000 4064 asc3350p - ok
    14:16:07.0031 4064 asc3550 - ok
    14:16:07.0109 4064 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
    14:16:07.0125 4064 ASCTRM - ok
    14:16:07.0187 4064 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    14:16:07.0203 4064 AsyncMac - ok
    14:16:07.0359 4064 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    14:16:07.0375 4064 atapi - ok
    14:16:07.0437 4064 Atdisk - ok
    14:16:07.0546 4064 ati2mtag (4fb6bb54371b3829dd15fd42188a99e6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    14:16:07.0593 4064 ati2mtag - ok
    14:16:07.0625 4064 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    14:16:07.0640 4064 Atmarpc - ok
    14:16:07.0703 4064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    14:16:07.0718 4064 audstub - ok
    14:16:07.0796 4064 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
    14:16:07.0843 4064 AvgLdx86 - ok
    14:16:07.0875 4064 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
    14:16:07.0890 4064 AvgMfx86 - ok
    14:16:07.0953 4064 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
    14:16:07.0968 4064 AvgTdiX - ok
    14:16:08.0031 4064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    14:16:08.0046 4064 Beep - ok
    14:16:08.0125 4064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    14:16:08.0140 4064 cbidf2k - ok
    14:16:08.0234 4064 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    14:16:08.0250 4064 CCDECODE - ok
    14:16:08.0265 4064 cd20xrnt - ok
    14:16:08.0328 4064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    14:16:08.0343 4064 Cdaudio - ok
    14:16:08.0406 4064 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    14:16:08.0421 4064 Cdfs - ok
    14:16:08.0484 4064 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    14:16:08.0500 4064 Cdrom - ok
    14:16:08.0515 4064 Changer - ok
    14:16:08.0562 4064 CmdIde - ok
    14:16:08.0593 4064 Cpqarray - ok
    14:16:08.0609 4064 dac2w2k - ok
    14:16:08.0640 4064 dac960nt - ok
    14:16:08.0703 4064 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    14:16:08.0718 4064 Disk - ok
    14:16:08.0828 4064 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    14:16:08.0906 4064 dmboot - ok
    14:16:08.0968 4064 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    14:16:09.0000 4064 dmio - ok
    14:16:09.0062 4064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    14:16:09.0062 4064 dmload - ok
    14:16:09.0125 4064 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    14:16:09.0140 4064 DMusic - ok
    14:16:09.0171 4064 dpti2o - ok
    14:16:09.0203 4064 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    14:16:09.0218 4064 drmkaud - ok
    14:16:09.0265 4064 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    14:16:09.0281 4064 Fastfat - ok
    14:16:09.0312 4064 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    14:16:09.0328 4064 Fdc - ok
    14:16:09.0390 4064 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
    14:16:09.0406 4064 FETND5BV - ok
    14:16:09.0468 4064 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
    14:16:09.0484 4064 FETNDIS - ok
    14:16:09.0531 4064 FETNDISB (d3b19a8bae6c20b4d305c7a72e255eb9) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
    14:16:09.0546 4064 FETNDISB - ok
    14:16:09.0578 4064 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    14:16:09.0593 4064 Fips - ok
    14:16:09.0687 4064 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    14:16:09.0703 4064 Flpydisk - ok
    14:16:09.0765 4064 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    14:16:09.0812 4064 FltMgr - ok
    14:16:09.0859 4064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    14:16:09.0875 4064 Fs_Rec - ok
    14:16:09.0937 4064 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    14:16:09.0953 4064 Ftdisk - ok
    14:16:10.0015 4064 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    14:16:10.0031 4064 GEARAspiWDM - ok
    14:16:10.0046 4064 GMSIPCI - ok
    14:16:10.0062 4064 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    14:16:10.0078 4064 Gpc - ok
    14:16:10.0125 4064 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    14:16:10.0140 4064 HidUsb - ok
    14:16:10.0171 4064 hpn - ok
    14:16:10.0218 4064 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    14:16:10.0234 4064 HPZid412 - ok
    14:16:10.0296 4064 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    14:16:10.0312 4064 HPZipr12 - ok
    14:16:10.0359 4064 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    14:16:10.0375 4064 HPZius12 - ok
    14:16:10.0437 4064 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    14:16:10.0468 4064 HTTP - ok
    14:16:10.0500 4064 i2omgmt - ok
    14:16:10.0515 4064 i2omp - ok
    14:16:10.0578 4064 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    14:16:10.0593 4064 i8042prt - ok
    14:16:10.0656 4064 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    14:16:10.0671 4064 Imapi - ok
    14:16:10.0687 4064 ini910u - ok
    14:16:10.0718 4064 IntelIde - ok
    14:16:10.0781 4064 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    14:16:10.0796 4064 intelppm - ok
    14:16:10.0843 4064 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    14:16:10.0859 4064 ip6fw - ok
    14:16:10.0906 4064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    14:16:10.0921 4064 IpFilterDriver - ok
    14:16:11.0046 4064 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    14:16:11.0062 4064 IpInIp - ok
    14:16:11.0093 4064 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    14:16:11.0109 4064 IpNat - ok
    14:16:11.0140 4064 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    14:16:11.0156 4064 IPSec - ok
    14:16:11.0203 4064 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    14:16:11.0218 4064 IRENUM - ok
    14:16:11.0281 4064 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    14:16:11.0296 4064 isapnp - ok
    14:16:11.0328 4064 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    14:16:11.0343 4064 Kbdclass - ok
    14:16:11.0406 4064 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    14:16:11.0421 4064 kbdhid - ok
    14:16:11.0484 4064 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    14:16:11.0500 4064 kmixer - ok
    14:16:11.0562 4064 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    14:16:11.0578 4064 KSecDD - ok
    14:16:11.0609 4064 lbrtfdc - ok
    14:16:11.0718 4064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    14:16:11.0734 4064 mnmdd - ok
    14:16:11.0781 4064 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    14:16:11.0796 4064 Modem - ok
    14:16:11.0843 4064 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    14:16:11.0859 4064 Mouclass - ok
    14:16:11.0906 4064 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    14:16:11.0921 4064 mouhid - ok
    14:16:11.0953 4064 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    14:16:11.0968 4064 MountMgr - ok
    14:16:11.0984 4064 mraid35x - ok
    14:16:12.0031 4064 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    14:16:12.0031 4064 MRxDAV - ok
    14:16:12.0093 4064 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    14:16:12.0125 4064 MRxSmb - ok
    14:16:12.0156 4064 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    14:16:12.0171 4064 Msfs - ok
    14:16:12.0218 4064 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    14:16:12.0234 4064 MSKSSRV - ok
    14:16:12.0312 4064 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    14:16:12.0328 4064 MSPCLOCK - ok
    14:16:12.0359 4064 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    14:16:12.0375 4064 MSPQM - ok
    14:16:12.0437 4064 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    14:16:12.0437 4064 mssmbios - ok
    14:16:12.0484 4064 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    14:16:12.0500 4064 MSTEE - ok
    14:16:12.0562 4064 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    14:16:12.0687 4064 Mup - ok
    14:16:12.0765 4064 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    14:16:12.0781 4064 NABTSFEC - ok
    14:16:12.0828 4064 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    14:16:12.0843 4064 NDIS - ok
    14:16:12.0890 4064 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    14:16:12.0906 4064 NdisIP - ok
    14:16:12.0937 4064 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    14:16:12.0937 4064 NdisTapi - ok
    14:16:13.0000 4064 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    14:16:13.0000 4064 Ndisuio - ok
    14:16:13.0062 4064 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    14:16:13.0078 4064 NdisWan - ok
    14:16:13.0140 4064 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    14:16:13.0156 4064 NDProxy - ok
    14:16:13.0218 4064 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    14:16:13.0234 4064 NetBIOS - ok
    14:16:13.0296 4064 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    14:16:13.0312 4064 NetBT - ok
    14:16:13.0375 4064 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    14:16:13.0390 4064 Npfs - ok
    14:16:13.0406 4064 NTACCESS - ok
    14:16:13.0468 4064 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    14:16:13.0515 4064 Ntfs - ok
    14:16:13.0640 4064 NTIDrvr (3c25d8a23c366fbe1511b4a250a1a2ad) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
    14:16:13.0640 4064 NTIDrvr - ok
    14:16:13.0687 4064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    14:16:13.0703 4064 Null - ok
    14:16:13.0750 4064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    14:16:13.0765 4064 NwlnkFlt - ok
    14:16:13.0796 4064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    14:16:13.0812 4064 NwlnkFwd - ok
    14:16:14.0171 4064 o1394bul - ok
    14:16:14.0218 4064 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    14:16:14.0234 4064 Parport - ok
    14:16:14.0296 4064 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    14:16:14.0312 4064 PartMgr - ok
    14:16:14.0343 4064 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    14:16:14.0359 4064 ParVdm - ok
    14:16:14.0375 4064 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    14:16:14.0390 4064 PCI - ok
    14:16:14.0421 4064 PCIDump - ok
    14:16:14.0437 4064 PCIIde - ok
    14:16:14.0484 4064 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    14:16:14.0500 4064 Pcmcia - ok
    14:16:14.0515 4064 PDCOMP - ok
    14:16:14.0531 4064 PDFRAME - ok
    14:16:14.0562 4064 PDRELI - ok
    14:16:14.0578 4064 PDRFRAME - ok
    14:16:14.0593 4064 perc2 - ok
    14:16:14.0625 4064 perc2hib - ok
    14:16:14.0687 4064 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    14:16:14.0703 4064 PptpMiniport - ok
    14:16:14.0750 4064 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    14:16:14.0765 4064 Processor - ok
    14:16:14.0843 4064 prodrv06 (f2e3c8f1eb6ba0733e0a1f6373df7957) C:\WINDOWS\System32\drivers\prodrv06.sys
    14:16:14.0921 4064 prodrv06 - ok
    14:16:14.0984 4064 prohlp02 (150307b52807d0c493c605ab913038ad) C:\WINDOWS\system32\drivers\prohlp02.sys
    14:16:15.0109 4064 prohlp02 - ok
    14:16:15.0171 4064 prosync1 (f3471e7971ee62420451d958da635064) C:\WINDOWS\system32\drivers\prosync1.sys
    14:16:15.0187 4064 prosync1 - ok
    14:16:15.0218 4064 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    14:16:15.0234 4064 PSched - ok
    14:16:15.0296 4064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    14:16:15.0328 4064 Ptilink - ok
    14:16:15.0359 4064 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    14:16:15.0375 4064 PxHelp20 - ok
    14:16:15.0406 4064 ql1080 - ok
    14:16:15.0421 4064 Ql10wnt - ok
    14:16:15.0453 4064 ql12160 - ok
    14:16:15.0484 4064 ql1240 - ok
    14:16:15.0515 4064 ql1280 - ok
    14:16:15.0546 4064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    14:16:15.0562 4064 RasAcd - ok
    14:16:15.0593 4064 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    14:16:15.0609 4064 Rasl2tp - ok
    14:16:15.0640 4064 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    14:16:15.0656 4064 RasPppoe - ok
    14:16:15.0703 4064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    14:16:15.0718 4064 Raspti - ok
    14:16:15.0765 4064 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    14:16:15.0796 4064 Rdbss - ok
    14:16:15.0843 4064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    14:16:15.0859 4064 RDPCDD - ok
    14:16:15.0921 4064 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    14:16:15.0953 4064 RDPWD - ok
    14:16:16.0031 4064 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    14:16:16.0046 4064 redbook - ok
    14:16:16.0156 4064 SANDRA (c85403529dac07266e94ed4ef00ad166) C:\Program Files\SiSoftware\SiSoftware Sandra Standard 2004.SP2 (Win32 x86)\Sandra.sys
    14:16:16.0171 4064 SANDRA - ok
    14:16:16.0218 4064 SASKUTIL - ok
    14:16:16.0359 4064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    14:16:16.0359 4064 Secdrv - ok
    14:16:16.0390 4064 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    14:16:16.0421 4064 serenum - ok
    14:16:16.0468 4064 Serial (f8dc39cdd4c1e5873effd2e990026dd3) C:\WINDOWS\system32\DRIVERS\serial.sys
    14:16:16.0640 4064 Serial - ok
    14:16:16.0640 4064 SetupNTGLM7X - ok
    14:16:16.0750 4064 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
    14:16:16.0765 4064 sfhlp01 - ok
    14:16:17.0093 4064 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    14:16:17.0109 4064 Sfloppy - ok
    14:16:17.0265 4064 Simbad - ok
    14:16:17.0437 4064 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    14:16:17.0468 4064 SLIP - ok
    14:16:17.0546 4064 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    14:16:17.0562 4064 SONYPVU1 - ok
    14:16:17.0625 4064 Sparrow - ok
    14:16:17.0921 4064 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    14:16:17.0937 4064 splitter - ok
    14:16:17.0968 4064 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    14:16:18.0000 4064 sr - ok
    14:16:18.0062 4064 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    14:16:18.0109 4064 Srv - ok
    14:16:18.0171 4064 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    14:16:18.0187 4064 streamip - ok
    14:16:18.0250 4064 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    14:16:18.0265 4064 swenum - ok
    14:16:18.0343 4064 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    14:16:18.0343 4064 swmidi - ok
    14:16:18.0375 4064 symc810 - ok
    14:16:18.0406 4064 symc8xx - ok
    14:16:18.0437 4064 sym_hi - ok
    14:16:18.0453 4064 sym_u3 - ok
    14:16:18.0500 4064 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    14:16:18.0500 4064 sysaudio - ok
    14:16:18.0578 4064 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    14:16:18.0640 4064 Tcpip - ok
    14:16:18.0703 4064 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    14:16:18.0718 4064 TDPIPE - ok
    14:16:18.0765 4064 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    14:16:18.0781 4064 TDTCP - ok
    14:16:18.0812 4064 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    14:16:18.0828 4064 TermDD - ok
    14:16:18.0875 4064 TosIde - ok
    14:16:18.0921 4064 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    14:16:18.0937 4064 Udfs - ok
    14:16:18.0953 4064 ultra - ok
    14:16:19.0031 4064 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    14:16:19.0062 4064 Update - ok
    14:16:19.0187 4064 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    14:16:19.0218 4064 USBAAPL - ok
    14:16:19.0265 4064 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    14:16:19.0281 4064 usbccgp - ok
    14:16:19.0343 4064 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    14:16:19.0359 4064 usbehci - ok
    14:16:19.0421 4064 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    14:16:19.0437 4064 usbhub - ok
    14:16:19.0484 4064 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    14:16:19.0500 4064 usbprint - ok
    14:16:19.0546 4064 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    14:16:19.0562 4064 usbscan - ok
    14:16:19.0593 4064 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    14:16:19.0609 4064 USBSTOR - ok
    14:16:19.0640 4064 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    14:16:19.0656 4064 usbuhci - ok
    14:16:19.0718 4064 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    14:16:19.0734 4064 usbvideo - ok
    14:16:19.0781 4064 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    14:16:19.0796 4064 VgaSave - ok
    14:16:19.0875 4064 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
    14:16:19.0890 4064 viaagp1 - ok
    14:16:19.0953 4064 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    14:16:19.0953 4064 ViaIde - ok
    14:16:20.0000 4064 viasraid (ebe101c01d80a42868f57b327be1b564) C:\WINDOWS\system32\drivers\viasraid.sys
    14:16:20.0015 4064 viasraid - ok
    14:16:20.0062 4064 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    14:16:20.0078 4064 VolSnap - ok
    14:16:20.0140 4064 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    14:16:20.0156 4064 Wanarp - ok
    14:16:20.0234 4064 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    14:16:20.0234 4064 wanatw - ok
    14:16:20.0265 4064 WDICA - ok
    14:16:20.0343 4064 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    14:16:20.0375 4064 wdmaud - ok
    14:16:20.0406 4064 wincom32 - ok
    14:16:20.0421 4064 windev-710-ed2 - ok
    14:16:20.0531 4064 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
    14:16:20.0562 4064 WpdUsb - ok
    14:16:20.0593 4064 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    14:16:20.0609 4064 WS2IFSL - ok
    14:16:20.0640 4064 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    14:16:20.0656 4064 WSTCODEC - ok
    14:16:20.0703 4064 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    14:16:20.0734 4064 WudfPf - ok
    14:16:20.0812 4064 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    14:16:20.0843 4064 WudfRd - ok
    14:16:20.0890 4064 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    14:16:21.0000 4064 \Device\Harddisk0\DR0 - ok
    14:16:21.0015 4064 Boot (0x1200) (0403fdf5572e1183cd965005712897bd) \Device\Harddisk0\DR0\Partition0
    14:16:21.0015 4064 \Device\Harddisk0\DR0\Partition0 - ok
    14:16:21.0015 4064 ============================================================
    14:16:21.0015 4064 Scan finished
    14:16:21.0015 4064 ============================================================
    14:16:21.0031 4052 Detected object count: 0
    14:16:21.0031 4052 Actual detected object count: 0
    14:16:36.0734 3160 Deinitialize success


    ComboFix log, hope this worked!

    ComboFix 11-12-15.02 - Anthony S 12/15/2011 14:49:10.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.601 [GMT -5:00]
    Running from: c:\documents and settings\Anthony S\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users.\documents\settings
    c:\documents and settings\All Users.\documents\settings\desktop.ini
    c:\documents and settings\All Users\Documents\Settings\desktop.ini
    c:\documents and settings\All Users\SPL12C.tmp
    c:\documents and settings\All Users\SPL1E7.tmp
    c:\documents and settings\All Users\SPL245.tmp
    c:\documents and settings\All Users\SPL26C.tmp
    c:\documents and settings\All Users\SPL301.tmp
    c:\documents and settings\All Users\SPL38.tmp
    c:\documents and settings\All Users\SPL479.tmp
    c:\documents and settings\All Users\SPL7BF.tmp
    c:\documents and settings\All Users\SPLF2.tmp
    c:\documents and settings\Anthony S\WINDOWS
    c:\documents and settings\Dr. Jacqueline Sagen\1998.jpg
    c:\windows\$NtUninstallKB58566$\1025563110\@
    c:\windows\$NtUninstallKB58566$\1025563110\bckfg.tmp
    c:\windows\$NtUninstallKB58566$\1025563110\cfg.ini
    c:\windows\$NtUninstallKB58566$\1025563110\Desktop.ini
    c:\windows\$NtUninstallKB58566$\1025563110\keywords
    c:\windows\$NtUninstallKB58566$\1025563110\kwrd.dll
    c:\windows\$NtUninstallKB58566$\1025563110\L\ffczebdy
    c:\windows\$NtUninstallKB58566$\1025563110\lsflt7.ver
    c:\windows\$NtUninstallKB58566$\1025563110\U\[email protected]
    c:\windows\$NtUninstallKB58566$\1025563110\U\[email protected]
    c:\windows\$NtUninstallKB58566$\1025563110\U\[email protected]
    c:\windows\$NtUninstallKB58566$\1025563110\U\[email protected]
    c:\windows\$NtUninstallKB58566$\1025563110\U\[email protected]
    c:\windows\$NtUninstallKB58566$\1025563110\U\[email protected]
    c:\windows\$NtUninstallKB58566$\1665486683
    c:\windows\system32\41605211.dll
    c:\windows\$NtUninstallKB58566$ . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_6TO4
    -------\Legacy_CORE
    -------\Legacy_NDNET1
    -------\Legacy_NET_AGENT
    -------\Legacy_WINCOM32
    -------\Service_6to4
    -------\Service_wincom32
    -------\Service_windev-710-ed2
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-12 12:48 . 2011-12-12 12:48 -------- d-----w- c:\program files\Common Files\iS3
    2011-12-12 08:42 . 2011-12-12 08:42 53248 ----a-w- c:\windows\system32\6to4v32.dll
    2011-12-12 08:42 . 2011-12-12 08:42 37888 ----a-w- c:\windows\system32\xmlrpw32.dll
    2011-12-12 06:54 . 2011-12-12 06:54 -------- d-----w- c:\program files\ESET
    2011-12-12 06:23 . 2011-12-12 06:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2011-12-09 19:20 . 2011-12-09 19:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-12-05 01:28 . 2011-12-05 01:28 -------- d-----w- c:\documents and settings\Anthony S\Application Data\Clearwire
    2011-12-05 01:21 . 2011-12-05 01:21 -------- d-----w- c:\program files\Sierra Wireless Inc
    2011-12-05 01:21 . 2011-12-05 01:21 -------- d-----w- c:\documents and settings\Anthony S\Application Data\Sierra Wireless
    2011-11-21 14:16 . 2011-11-21 14:16 -------- d-----w- c:\program files\iPod
    2011-11-21 14:14 . 2011-11-21 14:17 -------- d-----w- c:\program files\iTunes
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-03 10:06 . 2011-05-15 11:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-03 07:37 . 2009-04-30 01:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2007-06-21 22:38 . 2007-06-21 22:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2007-06-21 22:38 . 2007-06-21 22:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2007-06-21 22:38 . 2007-06-21 22:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2007-06-21 22:38 . 2007-06-21 22:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2007-06-21 22:39 . 2007-06-21 22:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2007-06-21 22:39 . 2007-06-21 22:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2007-06-21 22:39 . 2007-06-21 22:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
    2007-06-21 22:39 . 2007-06-21 22:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2007-06-21 22:40 . 2007-06-21 22:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2011-11-09 23:25 . 2011-05-10 23:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NCLaunch"="c:\windows\NCLAUNCH.EXe" [2005-01-22 40960]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-17 2042208]
    "lxecmon.exe"="c:\program files\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2010-01-18 770728]
    "EzPrint"="c:\program files\Lexmark Pro800-Pro900 Series\ezprint.exe" [2010-01-18 139944]
    "Lexmark Pro800-Pro900 Series Fax Server"="c:\program files\Lexmark Pro800-Pro900 Series\fm3032.exe" [2010-01-18 316072]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-08-28 22:58 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xmlproservice]
    2011-12-12 08:42 37888 ----a-w- c:\windows\system32\xmlrpw32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xmlrpw32]
    2011-12-12 08:42 37888 ----a-w- c:\windows\system32\xmlrpw32.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
    backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
    backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "McComponentHostService"=3 (0x3)
    "AOL ACS"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Documents and Settings\\Anthony S\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
    "c:\\WINDOWS\\system32\\lxeccoms.exe"=
    "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
    "c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
    "c:\\WINDOWS\\system32\\javaws.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
    .
    R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [1/16/2004 4:04 AM 77312]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/17/2009 11:18 AM 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/17/2009 11:18 AM 108552]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [12/11/2011 1:47 PM 116608]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/17/2009 11:18 AM 297752]
    R2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe -service --> c:\windows\system32\lxeccoms.exe -service [?]
    R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxecserv.exe [8/19/2010 3:36 AM 98984]
    S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
    S2 XMLProvS;Network ProService;c:\windows\System32\svchost.exe -k xmlpros [3/31/2003 7:00 AM 14336]
    S3 o1394bul;o1394bul;\??\c:\docume~1\ANTHON~1\LOCALS~1\Temp\o1394bul.sys --> c:\docume~1\ANTHON~1\LOCALS~1\Temp\o1394bul.sys [?]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
    S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    xmlpros REG_MULTI_SZ XMLProvS
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-12 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://news.bbc.co.uk/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Anthony S\Application Data\Mozilla\Firefox\Profiles\default.3ue\
    FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{538F8201-992A-AD4D-BFA8-757116A97B3F} - (no file)
    BHO-{E7D786C8-AEAE-75A3-E2AA-6242E4EDCBE4} - (no file)
    HKCU-Run-Chckup - c:\windows\system32\Netverchk.exe
    Notify-TPSvc - TPSvc.dll
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-15 15:08
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,d0,ff,2c,db,c0,18,49,9c,4a,f9,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,d0,ff,2c,db,c0,18,49,9c,4a,f9,\
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\XP*]
    "DisplayName"="?\13?\13"
    "DeviceDesc"="?\13?\13"
    "ProviderName"=""
    "MFG"="???\\"
    "ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\?\13\\DriverFiles\\.INF"
    "DeviceInstanceIds"=multi:"inf\\cx_08346.inf\00"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(632)
    c:\windows\system32\xmlrpw32.dll
    .
    - - - - - - - > 'explorer.exe'(2676)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\System32\Ati2evxx.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\lxeccoms.exe
    c:\progra~1\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\windows\system32\HPZipm12.exe
    c:\windows\wanmpsvc.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-15 15:14:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-15 20:14
    .
    Pre-Run: 8,846,041,088 bytes free
    Post-Run: 10,717,360,128 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 88B8A7AF20D154CF1C403A8C55EC5F27
     
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
    • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Copy/paste the text inside the Codebox below into notepad:

    Here's how to do that:
    Click Start > Run type Notepad click OK.
    This will open an empty notepad file:

    Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

    Code:
    http://forums.techguy.org/virus-other-malware-removal/1030984-win32-sirefef-da-trojan.html#post8187394
    
    Folder::
    c:\windows\$NtUninstallKB58566$ 
    
    Collect::
    c:\docume~1\ANTHON~1\LOCALS~1\Temp\o1394bul.sys
    c:\windows\system32\6to4v32.dll
    
    Driver::
    o1394bul
    
    ClearJavaCache::
    
    Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

    Save this file to your desktop, Save this as "CFScript"


    Here's how to do that:

    1.Click File;
    2.Click Save As... Change the directory to your desktop;
    3.Change the Save as type to "All Files";
    4.Type in the file name: CFScript
    5.Click Save ...

    [​IMG]
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix may request an update; please allow it.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you.
    • Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


    NEXT


    • Please open your MalwareBytes AntiMalware Program
    • Click the Update Tab and search for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT


    Go here to run an online scanner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activeX control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan completes, press the LIST OF THREATS FOUND button
    • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
    • Include the contents of this report in your next reply.
    • Press the BACK button.
    • Press Finish
     
  5. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Do you still need help with your machine?
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Win32 Sirefef trojan
  1. Olddog20
    Replies:
    0
    Views:
    365
  2. Sumfeg
    Replies:
    0
    Views:
    1,222
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1030984

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice