Win32/Sirefef.DA trojan

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

socketwrench

Thread Starter
Joined
Dec 12, 2011
Messages
2
This aging but beloved and venerable single core Intel, XP Service Pack 3 is a mess and could would greatly appreciate your help! Symptoms were dramatically slow response and redirect of website with Firefox and IE. Malwarebytes removed as far as I could tell XP Virus 2012, AVG kept popping up threat alerts thereafter and ESET online scanner found and could not repair or remove Win32/Sirefef.DA trojan. That short report follows, please let me know if you can, whether this is repairable or requires reformat. OS, MS and Adobe program CDs no longer available ($$$). And what risk to passwords and financial/personal info? Thanks.

ESET

C:\Documents and Settings\Anthony S\Application Data\Sun\Java\Deployment\cache\6.0\0\3023a1c0-761e9945 Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined
C:\Documents and Settings\Anthony S\Application Data\Sun\Java\Deployment\cache\6.0\17\2ff2a511-2e1033ec multiple threats deleted - quarantined
C:\Documents and Settings\Anthony S\Application Data\Sun\Java\Deployment\cache\6.0\61\3e9e997d-6f67da20 multiple threats deleted - quarantined
C:\WINDOWS\system32\drivers\serial.sys Win32/Sirefef.DA trojan unable to clean
Operating memory multiple threats






Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:23:01 AM, on 12/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxecserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\lxeccoms.exe
C:\WINDOWS\System32\ping.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Anthony S\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {538F8201-992A-AD4D-BFA8-757116A97B3F} - (no file)
O2 - BHO: (no name) - {E7D786C8-AEAE-75A3-E2AA-6242E4EDCBE4} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [lxecmon.exe] "C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe"
O4 - HKLM\..\Run: [Lexmark Pro800-Pro900 Series Fax Server] "C:\Program Files\Lexmark Pro800-Pro900 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - http://www.pcflashbang.com/statistics/inst.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxx.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O20 - Winlogon Notify: xmlproservice - xmlrpw32.dll (file missing)
O20 - Winlogon Notify: xmlrpw32 - xmlrpw32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxecCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe
O23 - Service: lxec_device - - C:\WINDOWS\system32\lxeccoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9679 bytes




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Anthony S at 10:28:17 on 2011-12-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.306 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxecserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\lxeccoms.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://news.bbc.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NCLaunch] c:\windows\NCLAUNCH.EXe
uRun: [Chckup] c:\windows\system32\Netverchk.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [lxecmon.exe] "c:\program files\lexmark pro800-pro900 series\lxecmon.exe"
mRun: [EzPrint] "c:\program files\lexmark pro800-pro900 series\ezprint.exe"
mRun: [Lexmark Pro800-Pro900 Series Fax Server] "c:\program files\lexmark pro800-pro900 series\fm3032.exe" /s
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - hxxp://www.pcflashbang.com/statistics/inst.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab?
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F5F37F4F-FC9E-4AF9-8DB9-99F82364CC58} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: A3dxq - c:\windows\system32\a3dxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: TPSvc - TPSvc.dll
Notify: xmlproservice - xmlrpw32.dll
Notify: xmlrpw32 - xmlrpw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\anthony s\application data\mozilla\firefox\profiles\default.3ue\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-1-16 77312]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-17 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-17 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-17 108552]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-12-11 116608]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-17 297752]
R2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe -service --> c:\windows\system32\lxeccoms.exe -service [?]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxecserv.exe [2010-8-19 98984]
RUnknown szkg5;szkg5; [x]
RUnknown szkgfs;szkgfs; [x]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 wincom32;wincom32;\??\c:\windows\system32\wincom32.sys --> c:\windows\system32\wincom32.sys [?]
S2 windev-710-ed2;windev-710-ed2;\??\c:\windows\system32\windev-710-ed2.sys --> c:\windows\system32\windev-710-ed2.sys [?]
S2 XMLProvS;Network ProService;c:\windows\system32\svchost.exe -k xmlpros [2003-3-31 14336]
S3 o1394bul;o1394bul;\??\c:\docume~1\anthon~1\locals~1\temp\o1394bul.sys --> c:\docume~1\anthon~1\locals~1\temp\o1394bul.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
UnknownUnknown is3srv;is3srv; [x]
.
=============== Created Last 30 ================
.
2011-12-12 12:48:02 -------- d-----w- c:\program files\common files\iS3
2011-12-12 08:42:56 53248 ----a-w- c:\windows\system32\6to4v32.dll
2011-12-12 08:42:44 37888 ----a-w- c:\windows\system32\xmlrpw32.dll
2011-12-12 06:54:15 -------- d-----w- c:\program files\ESET
2011-12-12 03:11:48 500657 ----a-w- c:\documents and settings\all users\SPL301.tmp
2011-12-05 01:28:07 -------- d-----w- c:\documents and settings\anthony s\application data\Clearwire
2011-12-05 01:21:40 -------- d-----w- c:\program files\Sierra Wireless Inc
2011-12-05 01:21:40 -------- d-----w- c:\documents and settings\anthony s\application data\Sierra Wireless
2011-11-21 14:16:01 -------- d-----w- c:\program files\iPod
2011-11-21 14:14:50 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 07:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-02 19:44:06 7796 ----a-w- c:\documents and settings\all users\SPL7BF.tmp
.
============= FINISH: 10:28:40.20 ===============





GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-12 14:14:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\viasraid1Port2Path0Target0Lun0 WDC_WD80 rev.13.0
Running: um15ixfy.exe; Driver: C:\DOCUME~1\ANTHON~1\LOCALS~1\Temp\uxldrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\szkgfs.sys ZwTerminateProcess [0xA76C04DA]

---- Kernel code sections - GMER 1.0.15 ----

? system32\DRIVERS\szkg.sys The system cannot find the path specified. !
? system32\drivers\szkgfs.sys The system cannot find the path specified. !
? C:\DOCUME~1\ANTHON~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) F676F000-F6785000 (90112 bytes)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB58566$\1025563110 0 bytes
File C:\WINDOWS\$NtUninstallKB58566$\1025563110\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB58566$\1025563110\bckfg.tmp 850 bytes
File C:\WINDOWS\$NtUninstallKB58566$\1025563110\cfg.ini 208 bytes
File C:\WINDOWS\$NtUninstallKB58566$\1025563110\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB58566$\1025563110\keywords 201 bytes
File C:\WINDOWS\$NtUninstallKB58566$\1025563110\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB58566$\1025563110\L 0 bytes
File C:\WINDOWS\$NtUninstallKB58566$\1025563110\L\ffczebdy 64512 bytes
File C:\WINDOWS\$NtUninstallKB58566$\1025563110\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB58566$\1025563110\U 0 bytes
File C:\WINDOWS\$NtUninstallKB58566$\1025563110\U\[email protected] 2048 bytes
File C:\WINDOWS\$NtUninstallKB58566$\1025563110\U\[email protected] 224768 bytes
File C:\WINDOWS\$NtUninstallKB58566$\1025563110\U\[email protected] 1024 bytes
File C:\WINDOWS\$NtUninstallKB58566$\1025563110\U\[email protected] 1024 bytes
File C:\WINDOWS\$NtUninstallKB58566$\1025563110\U\[email protected] 12800 bytes
File C:\WINDOWS\$NtUninstallKB58566$\1025563110\U\[email protected] 98304 bytes
File C:\WINDOWS\$NtUninstallKB58566$\1665486683 0 bytes

---- EOF - GMER 1.0.15 ----
 

Attachments

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi,

Please do not access any financial information on this machine, as a precaution, change all your on line passwords from a machine that has never been infected:

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
 

socketwrench

Thread Starter
Joined
Dec 12, 2011
Messages
2
Ok meow and thank you very much! Here goes.

TDSS Killer (ran twice, first time AVG popup while scanning, both scans found no infection)

14:11:37.0312 3128 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
14:11:37.0937 3128 ============================================================
14:11:37.0937 3128 Current date / time: 2011/12/15 14:11:37.0937
14:11:37.0937 3128 SystemInfo:
14:11:37.0937 3128
14:11:37.0937 3128 OS Version: 5.1.2600 ServicePack: 3.0
14:11:37.0937 3128 Product type: Workstation
14:11:37.0937 3128 ComputerName: ANTHONY
14:11:37.0937 3128 UserName: Anthony S
14:11:37.0937 3128 Windows directory: C:\WINDOWS
14:11:37.0953 3128 System windows directory: C:\WINDOWS
14:11:37.0953 3128 Processor architecture: Intel x86
14:11:37.0953 3128 Number of processors: 1
14:11:37.0953 3128 Page size: 0x1000
14:11:37.0953 3128 Boot type: Normal boot
14:11:37.0953 3128 ============================================================
14:11:38.0796 3128 Initialize success
14:11:42.0468 3276 ============================================================
14:11:42.0468 3276 Scan started
14:11:42.0468 3276 Mode: Manual;
14:11:42.0468 3276 ============================================================
14:11:48.0046 3276 Abiosdsk - ok
14:11:48.0125 3276 abp480n5 - ok
14:11:48.0281 3276 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:11:48.0296 3276 ACPI - ok
14:11:48.0484 3276 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:11:48.0531 3276 ACPIEC - ok
14:11:48.0906 3276 adpu160m - ok
14:11:49.0078 3276 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:11:49.0078 3276 aec - ok
14:11:49.0234 3276 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
14:11:49.0250 3276 AFD - ok
14:11:49.0453 3276 Aha154x - ok
14:11:49.0703 3276 aic78u2 - ok
14:11:49.0734 3276 aic78xx - ok
14:11:49.0781 3276 ALCXSENS - ok
14:11:51.0687 3276 ALCXWDM (5003d2e3f6b220ed3b0f1ac2816c2a18) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
14:11:53.0593 3276 ALCXWDM - ok
14:11:53.0875 3276 AliIde - ok
14:11:53.0984 3276 amsint - ok
14:11:54.0046 3276 asc - ok
14:11:54.0078 3276 asc3350p - ok
14:11:54.0093 3276 asc3550 - ok
14:11:54.0156 3276 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
14:11:54.0171 3276 ASCTRM - ok
14:11:54.0234 3276 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:11:54.0250 3276 AsyncMac - ok
14:11:54.0468 3276 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:11:54.0484 3276 atapi - ok
14:11:54.0546 3276 Atdisk - ok
14:11:54.0609 3276 ati2mtag (4fb6bb54371b3829dd15fd42188a99e6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:11:54.0640 3276 ati2mtag - ok
14:11:54.0687 3276 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:11:54.0703 3276 Atmarpc - ok
14:11:54.0765 3276 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:11:54.0781 3276 audstub - ok
14:11:54.0859 3276 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
14:11:54.0906 3276 AvgLdx86 - ok
14:11:54.0953 3276 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
14:11:54.0968 3276 AvgMfx86 - ok
14:11:55.0046 3276 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
14:11:55.0062 3276 AvgTdiX - ok
14:11:55.0109 3276 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:11:55.0125 3276 Beep - ok
14:11:55.0187 3276 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:11:55.0203 3276 cbidf2k - ok
14:11:55.0250 3276 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:11:55.0265 3276 CCDECODE - ok
14:11:55.0296 3276 cd20xrnt - ok
14:11:55.0328 3276 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:11:55.0343 3276 Cdaudio - ok
14:11:55.0421 3276 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:11:55.0453 3276 Cdfs - ok
14:11:55.0484 3276 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:11:55.0500 3276 Cdrom - ok
14:11:55.0531 3276 Changer - ok
14:11:55.0562 3276 CmdIde - ok
14:11:55.0609 3276 Cpqarray - ok
14:11:55.0625 3276 dac2w2k - ok
14:11:55.0656 3276 dac960nt - ok
14:11:55.0687 3276 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:11:55.0703 3276 Disk - ok
14:11:55.0765 3276 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:11:55.0843 3276 dmboot - ok
14:11:55.0875 3276 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:11:55.0906 3276 dmio - ok
14:11:55.0937 3276 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:11:55.0953 3276 dmload - ok
14:11:56.0000 3276 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:11:56.0000 3276 DMusic - ok
14:11:56.0031 3276 dpti2o - ok
14:11:56.0046 3276 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:11:56.0062 3276 drmkaud - ok
14:11:56.0109 3276 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:11:56.0125 3276 Fastfat - ok
14:11:56.0156 3276 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:11:56.0171 3276 Fdc - ok
14:11:56.0218 3276 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
14:11:56.0250 3276 FETND5BV - ok
14:11:56.0296 3276 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
14:11:56.0312 3276 FETNDIS - ok
14:11:56.0375 3276 FETNDISB (d3b19a8bae6c20b4d305c7a72e255eb9) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
14:11:56.0390 3276 FETNDISB - ok
14:11:56.0437 3276 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:11:56.0453 3276 Fips - ok
14:11:56.0500 3276 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:11:56.0500 3276 Flpydisk - ok
14:11:56.0562 3276 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:11:56.0609 3276 FltMgr - ok
14:11:56.0687 3276 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:11:56.0703 3276 Fs_Rec - ok
14:11:56.0734 3276 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:11:56.0765 3276 Ftdisk - ok
14:11:56.0828 3276 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:11:56.0843 3276 GEARAspiWDM - ok
14:11:56.0859 3276 GMSIPCI - ok
14:11:56.0921 3276 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:11:56.0937 3276 Gpc - ok
14:11:57.0015 3276 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:11:57.0031 3276 HidUsb - ok
14:11:57.0046 3276 hpn - ok
14:11:57.0109 3276 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:11:57.0125 3276 HPZid412 - ok
14:11:57.0171 3276 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:11:57.0187 3276 HPZipr12 - ok
14:11:57.0250 3276 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:11:57.0265 3276 HPZius12 - ok
14:11:57.0328 3276 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:11:57.0328 3276 HTTP - ok
14:11:57.0359 3276 i2omgmt - ok
14:11:57.0375 3276 i2omp - ok
14:11:57.0406 3276 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:11:57.0421 3276 i8042prt - ok
14:11:57.0484 3276 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:11:57.0500 3276 Imapi - ok
14:11:57.0531 3276 ini910u - ok
14:11:57.0562 3276 IntelIde - ok
14:11:57.0609 3276 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:11:57.0625 3276 intelppm - ok
14:11:57.0687 3276 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:11:57.0703 3276 ip6fw - ok
14:11:57.0750 3276 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:11:57.0765 3276 IpFilterDriver - ok
14:11:57.0828 3276 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:11:57.0843 3276 IpInIp - ok
14:11:57.0890 3276 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:11:57.0890 3276 IpNat - ok
14:11:57.0921 3276 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:11:57.0937 3276 IPSec - ok
14:11:57.0984 3276 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:11:58.0000 3276 IRENUM - ok
14:11:58.0093 3276 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:11:58.0109 3276 isapnp - ok
14:11:58.0140 3276 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:11:58.0140 3276 Kbdclass - ok
14:11:58.0171 3276 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:11:58.0187 3276 kbdhid - ok
14:11:58.0218 3276 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:11:58.0218 3276 kmixer - ok
14:11:58.0296 3276 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:11:58.0328 3276 KSecDD - ok
14:11:58.0375 3276 lbrtfdc - ok
14:11:58.0453 3276 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:11:58.0468 3276 mnmdd - ok
14:11:58.0515 3276 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:11:58.0531 3276 Modem - ok
14:11:58.0562 3276 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:11:58.0562 3276 Mouclass - ok
14:11:58.0625 3276 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:11:58.0625 3276 mouhid - ok
14:11:58.0671 3276 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:11:58.0687 3276 MountMgr - ok
14:11:58.0718 3276 mraid35x - ok
14:11:58.0765 3276 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:11:58.0765 3276 MRxDAV - ok
14:11:58.0828 3276 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:11:58.0875 3276 MRxSmb - ok
14:11:58.0906 3276 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:11:58.0921 3276 Msfs - ok
14:11:58.0968 3276 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:11:58.0984 3276 MSKSSRV - ok
14:11:59.0046 3276 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:11:59.0062 3276 MSPCLOCK - ok
14:11:59.0093 3276 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:11:59.0109 3276 MSPQM - ok
14:11:59.0171 3276 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:11:59.0171 3276 mssmbios - ok
14:11:59.0203 3276 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:11:59.0218 3276 MSTEE - ok
14:11:59.0265 3276 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
14:11:59.0281 3276 Mup - ok
14:11:59.0343 3276 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:11:59.0359 3276 NABTSFEC - ok
14:11:59.0406 3276 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:11:59.0453 3276 NDIS - ok
14:11:59.0484 3276 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:11:59.0500 3276 NdisIP - ok
14:11:59.0531 3276 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:11:59.0546 3276 NdisTapi - ok
14:11:59.0562 3276 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:11:59.0562 3276 Ndisuio - ok
14:11:59.0609 3276 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:11:59.0625 3276 NdisWan - ok
14:11:59.0671 3276 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:11:59.0687 3276 NDProxy - ok
14:11:59.0734 3276 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:11:59.0750 3276 NetBIOS - ok
14:11:59.0796 3276 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:11:59.0812 3276 NetBT - ok
14:11:59.0859 3276 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:11:59.0875 3276 Npfs - ok
14:11:59.0890 3276 NTACCESS - ok
14:11:59.0937 3276 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:12:00.0000 3276 Ntfs - ok
14:12:00.0062 3276 NTIDrvr (3c25d8a23c366fbe1511b4a250a1a2ad) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
14:12:00.0062 3276 NTIDrvr - ok
14:12:00.0093 3276 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:12:00.0109 3276 Null - ok
14:12:00.0171 3276 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:12:00.0187 3276 NwlnkFlt - ok
14:12:00.0218 3276 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:12:00.0234 3276 NwlnkFwd - ok
14:12:00.0484 3276 o1394bul - ok
14:12:00.0703 3276 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:12:00.0781 3276 Parport - ok
14:12:00.0890 3276 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:12:00.0906 3276 PartMgr - ok
14:12:01.0000 3276 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:12:01.0000 3276 ParVdm - ok
14:12:01.0062 3276 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:12:01.0078 3276 PCI - ok
14:12:01.0109 3276 PCIDump - ok
14:12:01.0125 3276 PCIIde - ok
14:12:01.0171 3276 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:12:01.0187 3276 Pcmcia - ok
14:12:01.0203 3276 PDCOMP - ok
14:12:01.0234 3276 PDFRAME - ok
14:12:01.0359 3276 PDRELI - ok
14:12:01.0515 3276 PDRFRAME - ok
14:12:01.0687 3276 perc2 - ok
14:12:01.0859 3276 perc2hib - ok
14:12:02.0000 3276 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:12:02.0015 3276 PptpMiniport - ok
14:12:02.0046 3276 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:12:02.0062 3276 Processor - ok
14:12:02.0140 3276 prodrv06 (f2e3c8f1eb6ba0733e0a1f6373df7957) C:\WINDOWS\System32\drivers\prodrv06.sys
14:12:02.0203 3276 prodrv06 - ok
14:12:02.0265 3276 prohlp02 (150307b52807d0c493c605ab913038ad) C:\WINDOWS\system32\drivers\prohlp02.sys
14:12:02.0437 3276 prohlp02 - ok
14:12:02.0562 3276 prosync1 (f3471e7971ee62420451d958da635064) C:\WINDOWS\system32\drivers\prosync1.sys
14:12:02.0578 3276 prosync1 - ok
14:12:02.0687 3276 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:12:02.0703 3276 PSched - ok
14:12:02.0765 3276 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:12:02.0781 3276 Ptilink - ok
14:12:02.0859 3276 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:12:02.0875 3276 PxHelp20 - ok
14:12:02.0890 3276 ql1080 - ok
14:12:02.0921 3276 Ql10wnt - ok
14:12:02.0937 3276 ql12160 - ok
14:12:02.0953 3276 ql1240 - ok
14:12:02.0968 3276 ql1280 - ok
14:12:03.0015 3276 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:12:03.0015 3276 RasAcd - ok
14:12:03.0062 3276 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:12:03.0078 3276 Rasl2tp - ok
14:12:03.0125 3276 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:12:03.0140 3276 RasPppoe - ok
14:12:03.0187 3276 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:12:03.0203 3276 Raspti - ok
14:12:03.0265 3276 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:12:03.0406 3276 Rdbss - ok
14:12:03.0609 3276 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:12:03.0640 3276 RDPCDD - ok
14:12:03.0765 3276 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
14:12:03.0796 3276 RDPWD - ok
14:12:03.0875 3276 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:12:03.0890 3276 redbook - ok
14:12:04.0031 3276 SANDRA (c85403529dac07266e94ed4ef00ad166) C:\Program Files\SiSoftware\SiSoftware Sandra Standard 2004.SP2 (Win32 x86)\Sandra.sys
14:12:04.0046 3276 SANDRA - ok
14:12:04.0109 3276 SASKUTIL - ok
14:12:04.0187 3276 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:12:04.0187 3276 Secdrv - ok
14:12:04.0250 3276 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:12:04.0265 3276 serenum - ok
14:12:04.0500 3276 Serial (f8dc39cdd4c1e5873effd2e990026dd3) C:\WINDOWS\system32\DRIVERS\serial.sys
14:12:04.0562 3276 Serial - ok
14:12:04.0562 3276 SetupNTGLM7X - ok
14:12:04.0812 3276 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
14:12:04.0859 3276 sfhlp01 - ok
14:12:05.0000 3276 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:12:05.0015 3276 Sfloppy - ok
14:12:05.0078 3276 Simbad - ok
14:12:05.0125 3276 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:12:05.0140 3276 SLIP - ok
14:12:05.0203 3276 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:12:05.0218 3276 SONYPVU1 - ok
14:12:05.0234 3276 Sparrow - ok
14:12:05.0500 3276 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:12:05.0515 3276 splitter - ok
14:12:05.0796 3276 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:12:05.0843 3276 sr - ok
14:12:06.0046 3276 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:12:06.0125 3276 Srv - ok
14:12:06.0203 3276 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:12:06.0250 3276 streamip - ok
14:12:06.0562 3276 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:12:06.0593 3276 swenum - ok
14:12:06.0828 3276 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:12:06.0828 3276 swmidi - ok
14:12:06.0906 3276 symc810 - ok
14:12:07.0359 3276 symc8xx - ok
14:12:07.0609 3276 sym_hi - ok
14:12:07.0671 3276 sym_u3 - ok
14:12:07.0734 3276 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:12:07.0734 3276 sysaudio - ok
14:12:07.0843 3276 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:12:07.0968 3276 Tcpip - ok
14:12:08.0031 3276 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:12:08.0078 3276 TDPIPE - ok
14:12:08.0218 3276 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:12:08.0234 3276 TDTCP - ok
14:12:08.0484 3276 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:12:08.0515 3276 TermDD - ok
14:12:08.0843 3276 TosIde - ok
14:12:09.0015 3276 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:12:09.0031 3276 Udfs - ok
14:12:09.0125 3276 ultra - ok
14:12:09.0437 3276 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:12:09.0531 3276 Update - ok
14:12:10.0000 3276 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:12:10.0062 3276 USBAAPL - ok
14:12:10.0359 3276 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:12:10.0375 3276 usbccgp - ok
14:12:10.0500 3276 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:12:10.0515 3276 usbehci - ok
14:12:10.0609 3276 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:12:10.0625 3276 usbhub - ok
14:12:10.0687 3276 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:12:10.0703 3276 usbprint - ok
14:12:10.0781 3276 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:12:10.0796 3276 usbscan - ok
14:12:10.0843 3276 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:12:10.0859 3276 USBSTOR - ok
14:12:10.0890 3276 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:12:10.0906 3276 usbuhci - ok
14:12:10.0984 3276 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
14:12:11.0000 3276 usbvideo - ok
14:12:11.0031 3276 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:12:11.0046 3276 VgaSave - ok
14:12:11.0109 3276 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
14:12:11.0125 3276 viaagp1 - ok
14:12:11.0187 3276 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:12:11.0203 3276 ViaIde - ok
14:12:11.0265 3276 viasraid (ebe101c01d80a42868f57b327be1b564) C:\WINDOWS\system32\drivers\viasraid.sys
14:12:11.0265 3276 viasraid - ok
14:12:11.0390 3276 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:12:11.0406 3276 VolSnap - ok
14:12:11.0515 3276 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:12:11.0531 3276 Wanarp - ok
14:12:11.0593 3276 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
14:12:11.0609 3276 wanatw - ok
14:12:11.0640 3276 WDICA - ok
14:12:11.0687 3276 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:12:11.0703 3276 wdmaud - ok
14:12:11.0718 3276 wincom32 - ok
14:12:11.0734 3276 windev-710-ed2 - ok
14:12:11.0828 3276 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
14:12:11.0843 3276 WpdUsb - ok
14:12:11.0906 3276 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:12:11.0921 3276 WS2IFSL - ok
14:12:11.0953 3276 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:12:11.0968 3276 WSTCODEC - ok
14:12:12.0031 3276 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:12:12.0046 3276 WudfPf - ok
14:12:12.0062 3276 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:12:12.0078 3276 WudfRd - ok
14:12:12.0140 3276 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:12:12.0250 3276 \Device\Harddisk0\DR0 - ok
14:12:12.0250 3276 Boot (0x1200) (0403fdf5572e1183cd965005712897bd) \Device\Harddisk0\DR0\Partition0
14:12:12.0250 3276 \Device\Harddisk0\DR0\Partition0 - ok
14:12:12.0265 3276 ============================================================
14:12:12.0265 3276 Scan finished
14:12:12.0265 3276 ============================================================
14:12:12.0281 3684 Detected object count: 0
14:12:12.0281 3684 Actual detected object count: 0
14:16:04.0046 4064 ============================================================
14:16:04.0046 4064 Scan started
14:16:04.0046 4064 Mode: Manual;
14:16:04.0046 4064 ============================================================
14:16:05.0781 4064 Abiosdsk - ok
14:16:05.0828 4064 abp480n5 - ok
14:16:05.0890 4064 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:16:05.0921 4064 ACPI - ok
14:16:05.0984 4064 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:16:06.0000 4064 ACPIEC - ok
14:16:06.0015 4064 adpu160m - ok
14:16:06.0093 4064 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:16:06.0093 4064 aec - ok
14:16:06.0171 4064 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
14:16:06.0187 4064 AFD - ok
14:16:06.0203 4064 Aha154x - ok
14:16:06.0234 4064 aic78u2 - ok
14:16:06.0250 4064 aic78xx - ok
14:16:06.0265 4064 ALCXSENS - ok
14:16:06.0484 4064 ALCXWDM (5003d2e3f6b220ed3b0f1ac2816c2a18) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
14:16:06.0812 4064 ALCXWDM - ok
14:16:06.0921 4064 AliIde - ok
14:16:06.0937 4064 amsint - ok
14:16:06.0968 4064 asc - ok
14:16:07.0000 4064 asc3350p - ok
14:16:07.0031 4064 asc3550 - ok
14:16:07.0109 4064 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
14:16:07.0125 4064 ASCTRM - ok
14:16:07.0187 4064 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:16:07.0203 4064 AsyncMac - ok
14:16:07.0359 4064 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:16:07.0375 4064 atapi - ok
14:16:07.0437 4064 Atdisk - ok
14:16:07.0546 4064 ati2mtag (4fb6bb54371b3829dd15fd42188a99e6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:16:07.0593 4064 ati2mtag - ok
14:16:07.0625 4064 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:16:07.0640 4064 Atmarpc - ok
14:16:07.0703 4064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:16:07.0718 4064 audstub - ok
14:16:07.0796 4064 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
14:16:07.0843 4064 AvgLdx86 - ok
14:16:07.0875 4064 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
14:16:07.0890 4064 AvgMfx86 - ok
14:16:07.0953 4064 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
14:16:07.0968 4064 AvgTdiX - ok
14:16:08.0031 4064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:16:08.0046 4064 Beep - ok
14:16:08.0125 4064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:16:08.0140 4064 cbidf2k - ok
14:16:08.0234 4064 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:16:08.0250 4064 CCDECODE - ok
14:16:08.0265 4064 cd20xrnt - ok
14:16:08.0328 4064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:16:08.0343 4064 Cdaudio - ok
14:16:08.0406 4064 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:16:08.0421 4064 Cdfs - ok
14:16:08.0484 4064 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:16:08.0500 4064 Cdrom - ok
14:16:08.0515 4064 Changer - ok
14:16:08.0562 4064 CmdIde - ok
14:16:08.0593 4064 Cpqarray - ok
14:16:08.0609 4064 dac2w2k - ok
14:16:08.0640 4064 dac960nt - ok
14:16:08.0703 4064 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:16:08.0718 4064 Disk - ok
14:16:08.0828 4064 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:16:08.0906 4064 dmboot - ok
14:16:08.0968 4064 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:16:09.0000 4064 dmio - ok
14:16:09.0062 4064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:16:09.0062 4064 dmload - ok
14:16:09.0125 4064 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:16:09.0140 4064 DMusic - ok
14:16:09.0171 4064 dpti2o - ok
14:16:09.0203 4064 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:16:09.0218 4064 drmkaud - ok
14:16:09.0265 4064 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:16:09.0281 4064 Fastfat - ok
14:16:09.0312 4064 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:16:09.0328 4064 Fdc - ok
14:16:09.0390 4064 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
14:16:09.0406 4064 FETND5BV - ok
14:16:09.0468 4064 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
14:16:09.0484 4064 FETNDIS - ok
14:16:09.0531 4064 FETNDISB (d3b19a8bae6c20b4d305c7a72e255eb9) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
14:16:09.0546 4064 FETNDISB - ok
14:16:09.0578 4064 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:16:09.0593 4064 Fips - ok
14:16:09.0687 4064 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:16:09.0703 4064 Flpydisk - ok
14:16:09.0765 4064 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:16:09.0812 4064 FltMgr - ok
14:16:09.0859 4064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:16:09.0875 4064 Fs_Rec - ok
14:16:09.0937 4064 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:16:09.0953 4064 Ftdisk - ok
14:16:10.0015 4064 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:16:10.0031 4064 GEARAspiWDM - ok
14:16:10.0046 4064 GMSIPCI - ok
14:16:10.0062 4064 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:16:10.0078 4064 Gpc - ok
14:16:10.0125 4064 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:16:10.0140 4064 HidUsb - ok
14:16:10.0171 4064 hpn - ok
14:16:10.0218 4064 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:16:10.0234 4064 HPZid412 - ok
14:16:10.0296 4064 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:16:10.0312 4064 HPZipr12 - ok
14:16:10.0359 4064 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:16:10.0375 4064 HPZius12 - ok
14:16:10.0437 4064 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:16:10.0468 4064 HTTP - ok
14:16:10.0500 4064 i2omgmt - ok
14:16:10.0515 4064 i2omp - ok
14:16:10.0578 4064 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:16:10.0593 4064 i8042prt - ok
14:16:10.0656 4064 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:16:10.0671 4064 Imapi - ok
14:16:10.0687 4064 ini910u - ok
14:16:10.0718 4064 IntelIde - ok
14:16:10.0781 4064 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:16:10.0796 4064 intelppm - ok
14:16:10.0843 4064 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:16:10.0859 4064 ip6fw - ok
14:16:10.0906 4064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:16:10.0921 4064 IpFilterDriver - ok
14:16:11.0046 4064 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:16:11.0062 4064 IpInIp - ok
14:16:11.0093 4064 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:16:11.0109 4064 IpNat - ok
14:16:11.0140 4064 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:16:11.0156 4064 IPSec - ok
14:16:11.0203 4064 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:16:11.0218 4064 IRENUM - ok
14:16:11.0281 4064 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:16:11.0296 4064 isapnp - ok
14:16:11.0328 4064 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:16:11.0343 4064 Kbdclass - ok
14:16:11.0406 4064 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:16:11.0421 4064 kbdhid - ok
14:16:11.0484 4064 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:16:11.0500 4064 kmixer - ok
14:16:11.0562 4064 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:16:11.0578 4064 KSecDD - ok
14:16:11.0609 4064 lbrtfdc - ok
14:16:11.0718 4064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:16:11.0734 4064 mnmdd - ok
14:16:11.0781 4064 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:16:11.0796 4064 Modem - ok
14:16:11.0843 4064 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:16:11.0859 4064 Mouclass - ok
14:16:11.0906 4064 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:16:11.0921 4064 mouhid - ok
14:16:11.0953 4064 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:16:11.0968 4064 MountMgr - ok
14:16:11.0984 4064 mraid35x - ok
14:16:12.0031 4064 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:16:12.0031 4064 MRxDAV - ok
14:16:12.0093 4064 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:16:12.0125 4064 MRxSmb - ok
14:16:12.0156 4064 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:16:12.0171 4064 Msfs - ok
14:16:12.0218 4064 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:16:12.0234 4064 MSKSSRV - ok
14:16:12.0312 4064 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:16:12.0328 4064 MSPCLOCK - ok
14:16:12.0359 4064 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:16:12.0375 4064 MSPQM - ok
14:16:12.0437 4064 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:16:12.0437 4064 mssmbios - ok
14:16:12.0484 4064 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:16:12.0500 4064 MSTEE - ok
14:16:12.0562 4064 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
14:16:12.0687 4064 Mup - ok
14:16:12.0765 4064 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:16:12.0781 4064 NABTSFEC - ok
14:16:12.0828 4064 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:16:12.0843 4064 NDIS - ok
14:16:12.0890 4064 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:16:12.0906 4064 NdisIP - ok
14:16:12.0937 4064 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:16:12.0937 4064 NdisTapi - ok
14:16:13.0000 4064 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:16:13.0000 4064 Ndisuio - ok
14:16:13.0062 4064 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:16:13.0078 4064 NdisWan - ok
14:16:13.0140 4064 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:16:13.0156 4064 NDProxy - ok
14:16:13.0218 4064 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:16:13.0234 4064 NetBIOS - ok
14:16:13.0296 4064 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:16:13.0312 4064 NetBT - ok
14:16:13.0375 4064 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:16:13.0390 4064 Npfs - ok
14:16:13.0406 4064 NTACCESS - ok
14:16:13.0468 4064 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:16:13.0515 4064 Ntfs - ok
14:16:13.0640 4064 NTIDrvr (3c25d8a23c366fbe1511b4a250a1a2ad) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
14:16:13.0640 4064 NTIDrvr - ok
14:16:13.0687 4064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:16:13.0703 4064 Null - ok
14:16:13.0750 4064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:16:13.0765 4064 NwlnkFlt - ok
14:16:13.0796 4064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:16:13.0812 4064 NwlnkFwd - ok
14:16:14.0171 4064 o1394bul - ok
14:16:14.0218 4064 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:16:14.0234 4064 Parport - ok
14:16:14.0296 4064 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:16:14.0312 4064 PartMgr - ok
14:16:14.0343 4064 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:16:14.0359 4064 ParVdm - ok
14:16:14.0375 4064 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:16:14.0390 4064 PCI - ok
14:16:14.0421 4064 PCIDump - ok
14:16:14.0437 4064 PCIIde - ok
14:16:14.0484 4064 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:16:14.0500 4064 Pcmcia - ok
14:16:14.0515 4064 PDCOMP - ok
14:16:14.0531 4064 PDFRAME - ok
14:16:14.0562 4064 PDRELI - ok
14:16:14.0578 4064 PDRFRAME - ok
14:16:14.0593 4064 perc2 - ok
14:16:14.0625 4064 perc2hib - ok
14:16:14.0687 4064 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:16:14.0703 4064 PptpMiniport - ok
14:16:14.0750 4064 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:16:14.0765 4064 Processor - ok
14:16:14.0843 4064 prodrv06 (f2e3c8f1eb6ba0733e0a1f6373df7957) C:\WINDOWS\System32\drivers\prodrv06.sys
14:16:14.0921 4064 prodrv06 - ok
14:16:14.0984 4064 prohlp02 (150307b52807d0c493c605ab913038ad) C:\WINDOWS\system32\drivers\prohlp02.sys
14:16:15.0109 4064 prohlp02 - ok
14:16:15.0171 4064 prosync1 (f3471e7971ee62420451d958da635064) C:\WINDOWS\system32\drivers\prosync1.sys
14:16:15.0187 4064 prosync1 - ok
14:16:15.0218 4064 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:16:15.0234 4064 PSched - ok
14:16:15.0296 4064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:16:15.0328 4064 Ptilink - ok
14:16:15.0359 4064 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:16:15.0375 4064 PxHelp20 - ok
14:16:15.0406 4064 ql1080 - ok
14:16:15.0421 4064 Ql10wnt - ok
14:16:15.0453 4064 ql12160 - ok
14:16:15.0484 4064 ql1240 - ok
14:16:15.0515 4064 ql1280 - ok
14:16:15.0546 4064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:16:15.0562 4064 RasAcd - ok
14:16:15.0593 4064 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:16:15.0609 4064 Rasl2tp - ok
14:16:15.0640 4064 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:16:15.0656 4064 RasPppoe - ok
14:16:15.0703 4064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:16:15.0718 4064 Raspti - ok
14:16:15.0765 4064 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:16:15.0796 4064 Rdbss - ok
14:16:15.0843 4064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:16:15.0859 4064 RDPCDD - ok
14:16:15.0921 4064 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
14:16:15.0953 4064 RDPWD - ok
14:16:16.0031 4064 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:16:16.0046 4064 redbook - ok
14:16:16.0156 4064 SANDRA (c85403529dac07266e94ed4ef00ad166) C:\Program Files\SiSoftware\SiSoftware Sandra Standard 2004.SP2 (Win32 x86)\Sandra.sys
14:16:16.0171 4064 SANDRA - ok
14:16:16.0218 4064 SASKUTIL - ok
14:16:16.0359 4064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:16:16.0359 4064 Secdrv - ok
14:16:16.0390 4064 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:16:16.0421 4064 serenum - ok
14:16:16.0468 4064 Serial (f8dc39cdd4c1e5873effd2e990026dd3) C:\WINDOWS\system32\DRIVERS\serial.sys
14:16:16.0640 4064 Serial - ok
14:16:16.0640 4064 SetupNTGLM7X - ok
14:16:16.0750 4064 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
14:16:16.0765 4064 sfhlp01 - ok
14:16:17.0093 4064 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:16:17.0109 4064 Sfloppy - ok
14:16:17.0265 4064 Simbad - ok
14:16:17.0437 4064 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:16:17.0468 4064 SLIP - ok
14:16:17.0546 4064 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:16:17.0562 4064 SONYPVU1 - ok
14:16:17.0625 4064 Sparrow - ok
14:16:17.0921 4064 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:16:17.0937 4064 splitter - ok
14:16:17.0968 4064 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:16:18.0000 4064 sr - ok
14:16:18.0062 4064 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:16:18.0109 4064 Srv - ok
14:16:18.0171 4064 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:16:18.0187 4064 streamip - ok
14:16:18.0250 4064 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:16:18.0265 4064 swenum - ok
14:16:18.0343 4064 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:16:18.0343 4064 swmidi - ok
14:16:18.0375 4064 symc810 - ok
14:16:18.0406 4064 symc8xx - ok
14:16:18.0437 4064 sym_hi - ok
14:16:18.0453 4064 sym_u3 - ok
14:16:18.0500 4064 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:16:18.0500 4064 sysaudio - ok
14:16:18.0578 4064 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:16:18.0640 4064 Tcpip - ok
14:16:18.0703 4064 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:16:18.0718 4064 TDPIPE - ok
14:16:18.0765 4064 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:16:18.0781 4064 TDTCP - ok
14:16:18.0812 4064 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:16:18.0828 4064 TermDD - ok
14:16:18.0875 4064 TosIde - ok
14:16:18.0921 4064 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:16:18.0937 4064 Udfs - ok
14:16:18.0953 4064 ultra - ok
14:16:19.0031 4064 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:16:19.0062 4064 Update - ok
14:16:19.0187 4064 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:16:19.0218 4064 USBAAPL - ok
14:16:19.0265 4064 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:16:19.0281 4064 usbccgp - ok
14:16:19.0343 4064 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:16:19.0359 4064 usbehci - ok
14:16:19.0421 4064 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:16:19.0437 4064 usbhub - ok
14:16:19.0484 4064 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:16:19.0500 4064 usbprint - ok
14:16:19.0546 4064 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:16:19.0562 4064 usbscan - ok
14:16:19.0593 4064 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:16:19.0609 4064 USBSTOR - ok
14:16:19.0640 4064 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:16:19.0656 4064 usbuhci - ok
14:16:19.0718 4064 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
14:16:19.0734 4064 usbvideo - ok
14:16:19.0781 4064 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:16:19.0796 4064 VgaSave - ok
14:16:19.0875 4064 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
14:16:19.0890 4064 viaagp1 - ok
14:16:19.0953 4064 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:16:19.0953 4064 ViaIde - ok
14:16:20.0000 4064 viasraid (ebe101c01d80a42868f57b327be1b564) C:\WINDOWS\system32\drivers\viasraid.sys
14:16:20.0015 4064 viasraid - ok
14:16:20.0062 4064 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:16:20.0078 4064 VolSnap - ok
14:16:20.0140 4064 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:16:20.0156 4064 Wanarp - ok
14:16:20.0234 4064 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
14:16:20.0234 4064 wanatw - ok
14:16:20.0265 4064 WDICA - ok
14:16:20.0343 4064 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:16:20.0375 4064 wdmaud - ok
14:16:20.0406 4064 wincom32 - ok
14:16:20.0421 4064 windev-710-ed2 - ok
14:16:20.0531 4064 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
14:16:20.0562 4064 WpdUsb - ok
14:16:20.0593 4064 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:16:20.0609 4064 WS2IFSL - ok
14:16:20.0640 4064 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:16:20.0656 4064 WSTCODEC - ok
14:16:20.0703 4064 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:16:20.0734 4064 WudfPf - ok
14:16:20.0812 4064 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:16:20.0843 4064 WudfRd - ok
14:16:20.0890 4064 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:16:21.0000 4064 \Device\Harddisk0\DR0 - ok
14:16:21.0015 4064 Boot (0x1200) (0403fdf5572e1183cd965005712897bd) \Device\Harddisk0\DR0\Partition0
14:16:21.0015 4064 \Device\Harddisk0\DR0\Partition0 - ok
14:16:21.0015 4064 ============================================================
14:16:21.0015 4064 Scan finished
14:16:21.0015 4064 ============================================================
14:16:21.0031 4052 Detected object count: 0
14:16:21.0031 4052 Actual detected object count: 0
14:16:36.0734 3160 Deinitialize success


ComboFix log, hope this worked!

ComboFix 11-12-15.02 - Anthony S 12/15/2011 14:49:10.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.601 [GMT -5:00]
Running from: c:\documents and settings\Anthony S\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.\documents\settings
c:\documents and settings\All Users.\documents\settings\desktop.ini
c:\documents and settings\All Users\Documents\Settings\desktop.ini
c:\documents and settings\All Users\SPL12C.tmp
c:\documents and settings\All Users\SPL1E7.tmp
c:\documents and settings\All Users\SPL245.tmp
c:\documents and settings\All Users\SPL26C.tmp
c:\documents and settings\All Users\SPL301.tmp
c:\documents and settings\All Users\SPL38.tmp
c:\documents and settings\All Users\SPL479.tmp
c:\documents and settings\All Users\SPL7BF.tmp
c:\documents and settings\All Users\SPLF2.tmp
c:\documents and settings\Anthony S\WINDOWS
c:\documents and settings\Dr. Jacqueline Sagen\1998.jpg
c:\windows\$NtUninstallKB58566$\1025563110\@
c:\windows\$NtUninstallKB58566$\1025563110\bckfg.tmp
c:\windows\$NtUninstallKB58566$\1025563110\cfg.ini
c:\windows\$NtUninstallKB58566$\1025563110\Desktop.ini
c:\windows\$NtUninstallKB58566$\1025563110\keywords
c:\windows\$NtUninstallKB58566$\1025563110\kwrd.dll
c:\windows\$NtUninstallKB58566$\1025563110\L\ffczebdy
c:\windows\$NtUninstallKB58566$\1025563110\lsflt7.ver
c:\windows\$NtUninstallKB58566$\1025563110\U\[email protected]
c:\windows\$NtUninstallKB58566$\1025563110\U\[email protected]
c:\windows\$NtUninstallKB58566$\1025563110\U\[email protected]
c:\windows\$NtUninstallKB58566$\1025563110\U\[email protected]
c:\windows\$NtUninstallKB58566$\1025563110\U\[email protected]
c:\windows\$NtUninstallKB58566$\1025563110\U\[email protected]
c:\windows\$NtUninstallKB58566$\1665486683
c:\windows\system32\41605211.dll
c:\windows\$NtUninstallKB58566$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_CORE
-------\Legacy_NDNET1
-------\Legacy_NET_AGENT
-------\Legacy_WINCOM32
-------\Service_6to4
-------\Service_wincom32
-------\Service_windev-710-ed2
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-12 12:48 . 2011-12-12 12:48 -------- d-----w- c:\program files\Common Files\iS3
2011-12-12 08:42 . 2011-12-12 08:42 53248 ----a-w- c:\windows\system32\6to4v32.dll
2011-12-12 08:42 . 2011-12-12 08:42 37888 ----a-w- c:\windows\system32\xmlrpw32.dll
2011-12-12 06:54 . 2011-12-12 06:54 -------- d-----w- c:\program files\ESET
2011-12-12 06:23 . 2011-12-12 06:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-12-09 19:20 . 2011-12-09 19:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-05 01:28 . 2011-12-05 01:28 -------- d-----w- c:\documents and settings\Anthony S\Application Data\Clearwire
2011-12-05 01:21 . 2011-12-05 01:21 -------- d-----w- c:\program files\Sierra Wireless Inc
2011-12-05 01:21 . 2011-12-05 01:21 -------- d-----w- c:\documents and settings\Anthony S\Application Data\Sierra Wireless
2011-11-21 14:16 . 2011-11-21 14:16 -------- d-----w- c:\program files\iPod
2011-11-21 14:14 . 2011-11-21 14:17 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-03 10:06 . 2011-05-15 11:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 07:37 . 2009-04-30 01:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2007-06-21 22:38 . 2007-06-21 22:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 22:38 . 2007-06-21 22:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 22:38 . 2007-06-21 22:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 22:38 . 2007-06-21 22:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 22:39 . 2007-06-21 22:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 22:39 . 2007-06-21 22:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 22:39 . 2007-06-21 22:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 22:39 . 2007-06-21 22:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 22:40 . 2007-06-21 22:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-11-09 23:25 . 2011-05-10 23:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2005-01-22 40960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-17 2042208]
"lxecmon.exe"="c:\program files\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2010-01-18 770728]
"EzPrint"="c:\program files\Lexmark Pro800-Pro900 Series\ezprint.exe" [2010-01-18 139944]
"Lexmark Pro800-Pro900 Series Fax Server"="c:\program files\Lexmark Pro800-Pro900 Series\fm3032.exe" [2010-01-18 316072]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 22:58 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xmlproservice]
2011-12-12 08:42 37888 ----a-w- c:\windows\system32\xmlrpw32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xmlrpw32]
2011-12-12 08:42 37888 ----a-w- c:\windows\system32\xmlrpw32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McComponentHostService"=3 (0x3)
"AOL ACS"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\Anthony S\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\WINDOWS\\system32\\lxeccoms.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"c:\\WINDOWS\\system32\\javaws.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [1/16/2004 4:04 AM 77312]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/17/2009 11:18 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/17/2009 11:18 AM 108552]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [12/11/2011 1:47 PM 116608]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/17/2009 11:18 AM 297752]
R2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe -service --> c:\windows\system32\lxeccoms.exe -service [?]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxecserv.exe [8/19/2010 3:36 AM 98984]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 XMLProvS;Network ProService;c:\windows\System32\svchost.exe -k xmlpros [3/31/2003 7:00 AM 14336]
S3 o1394bul;o1394bul;\??\c:\docume~1\ANTHON~1\LOCALS~1\Temp\o1394bul.sys --> c:\docume~1\ANTHON~1\LOCALS~1\Temp\o1394bul.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
xmlpros REG_MULTI_SZ XMLProvS
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.bbc.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Anthony S\Application Data\Mozilla\Firefox\Profiles\default.3ue\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{538F8201-992A-AD4D-BFA8-757116A97B3F} - (no file)
BHO-{E7D786C8-AEAE-75A3-E2AA-6242E4EDCBE4} - (no file)
HKCU-Run-Chckup - c:\windows\system32\Netverchk.exe
Notify-TPSvc - TPSvc.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-15 15:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,d0,ff,2c,db,c0,18,49,9c,4a,f9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,d0,ff,2c,db,c0,18,49,9c,4a,f9,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\XP*]
"DisplayName"="?\13?\13"
"DeviceDesc"="?\13?\13"
"ProviderName"=""
"MFG"="???\\"
"ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\?\13\\DriverFiles\\.INF"
"DeviceInstanceIds"=multi:"inf\\cx_08346.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\xmlrpw32.dll
.
- - - - - - - > 'explorer.exe'(2676)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxeccoms.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\HPZipm12.exe
c:\windows\wanmpsvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-12-15 15:14:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-15 20:14
.
Pre-Run: 8,846,041,088 bytes free
Post-Run: 10,717,360,128 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 88B8A7AF20D154CF1C403A8C55EC5F27
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
http://forums.techguy.org/virus-other-malware-removal/1030984-win32-sirefef-da-trojan.html#post8187394

Folder::
c:\windows\$NtUninstallKB58566$ 

Collect::
c:\docume~1\ANTHON~1\LOCALS~1\Temp\o1394bul.sys
c:\windows\system32\6to4v32.dll

Driver::
o1394bul

ClearJavaCache::
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top