Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    TrickBot Banking Trojan Starts Stealing Windows Problem History

Featured Deal: Get 97% off The Complete C# Programming Bundle: Lifetime Access Bundle

Photo

Unable to turn on Windows Firewall

Started by Lorrretta , Jan 21 2011 01:28 AM

  • This topic is locked This topic is locked
37 replies to this topic

#1 Lorrretta

Lorrretta

  • Members
  • 38 posts
  • OFFLINE
    •  
  • Local time:08:17 PM

Posted 21 January 2011 - 01:28 AM

I have started a topic recently at http://www.bleepingcomputer.com/forums/topic372096.html and was unable to resolve the problem after following all the suggestions provided by members of the forum. I ran MBAM full scan in safe mode again (just before posting) and it detected some adware due to a program I have installed recently.
I managed to scan using DDS smoothly but was unable to follow the steps to Gmer.exe. All the options are unchecked (greyed boxes) except for Services, Registry, Files, ADS and Drives/Partition (C:\ was checked). I ran Gmer.exe with this and attached are Attach.txt and Ark.txt.

Below is the DDS log

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Vicky at 11:57:22.54 on Fri 21/01/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.65.1033.18.3892.1987 [GMT 8:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\atieclxx.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\KuGou\KuGou2011\KuGoo.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\KuGou\KuGou2011\kgdaemon.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Vicky\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Mobile Broadband Modem\Mobile Broadband Modem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Funshion Online\Funshion\FunshionService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\splwow64.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Vicky\Desktop\gmer\gmer.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Vicky\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [KuGou] "C:\Program Files (x86)\KuGou\KuGou2011\KuGoo.exe" min
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
mRun: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [Lenovo SplitScreen] "C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe"
mRun: [UCam_Menu] "c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [Lenovo SlideNav2] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Vicky\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Vicky\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Vicky\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Funshion.lnk - C:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe
StartupFolder: C:\Users\Vicky\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {097C9298-B565-4CF0-88ED-6480EC706E6C} = 203.116.1.94 203.116.254.150
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Windows\SysWOW64\KuGoo3DownXControl.ocx
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Windows\SysWOW64\KuGoo3DownXControl.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SynBtnAsst] %ProgramFiles%\Synaptics\SynTP\SynBtnAsst.exe Utility_Window
mRun-x64: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun-x64: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
mRun-x64: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
mRun-x64: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
mRun-x64: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
mRun-x64: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

============= SERVICES / DRIVERS ===============

R0 LHDmgr;LHDmgr;C:\Windows\System32\drivers\LhdX64.sys [2010-6-22 39008]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-17 202752]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-22 13336]
R2 Slidebar Notifier Service;Slidebar Notifier Service;C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [2010-6-22 69568]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-6-22 2320920]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\System32\drivers\AcpiVpc.sys [2010-6-22 28176]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-5-17 6366720]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-5-17 186880]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-2-25 53800]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-6-22 35104]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-1-4 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-12-17 151936]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-5-17 10322848]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-4-19 160880]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-18 7680512]
R3 vm332avs;Lenovo Camera2;C:\Windows\System32\drivers\vm332avs.sys [2010-2-25 214000]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-16 39832]
R3 wdmirror;wdmirror;C:\Windows\System32\drivers\WDMirror.sys [2010-6-22 11280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-16 135664]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 Bridge0;Bridge0;C:\Windows\System32\drivers\WDBridge.sys [2010-6-22 79376]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-15 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-6-22 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-6-22 575304]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-13 1255736]
S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2011-01-21 03:27:11 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-21 03:26:59 7844688 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{F60A675A-456D-4F8B-BEBF-D00A53852A25}\mpengine.dll
2011-01-19 14:16:57 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
2011-01-19 13:57:59 336896 ----a-w- C:\windows\System32\CNMLMA0.DLL
2011-01-19 13:57:45 14336 ----a-w- C:\windows\System32\drivers\sffp_sd.sys
2011-01-19 13:57:45 109056 ----a-w- C:\windows\System32\drivers\sdbus.sys
2011-01-19 13:54:44 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2011-01-18 16:46:33 549488 ----a-w- C:\windows\SysWow64\KuGoo3DownXControl.ocx
2011-01-18 16:46:31 -------- d-----w- C:\Users\Vicky\AppData\Roaming\KuGou
2011-01-18 16:46:31 -------- d-----w- C:\Program Files (x86)\KuGou
2011-01-18 16:42:36 -------- d-----w- C:\Users\Vicky\funshion
2011-01-18 16:42:36 -------- d-----w- C:\Program Files (x86)\Funshion Online
2011-01-18 07:34:24 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{AC021DA0-5F66-4DFF-9828-254B0CADC913}\mpengine.dll
2011-01-15 18:02:52 -------- d-----w- C:\Program Files\CCleaner
2011-01-15 18:02:33 -------- d-----w- C:\Users\Vicky\AppData\Local\Google
2011-01-15 17:38:58 -------- d-----w- C:\Program Files\PC Speed Up
2011-01-15 17:38:19 -------- d-----w- C:\Users\Vicky\AppData\Local\OpenCandy
2011-01-15 17:38:11 -------- d-----w- C:\Users\Vicky\AppData\Roaming\OpenCandy
2011-01-14 16:39:42 -------- d-----w- C:\Users\Vicky\AppData\Roaming\Registry Mechanic
2011-01-14 16:35:08 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2011-01-12 11:21:01 902656 ----a-w- C:\windows\System32\d2d1.dll
2011-01-12 11:21:01 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
2011-01-12 11:21:01 662528 ----a-w- C:\windows\System32\XpsPrint.dll
2011-01-12 11:21:01 1837568 ----a-w- C:\windows\System32\d3d10warp.dll
2011-01-12 11:21:01 1540608 ----a-w- C:\windows\System32\DWrite.dll
2011-01-12 11:21:01 1170944 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2011-01-12 11:21:01 1133568 ----a-w- C:\windows\System32\FntCache.dll
2011-01-12 11:21:01 1074176 ----a-w- C:\windows\SysWow64\DWrite.dll
2011-01-12 11:21:00 470016 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2011-01-12 11:21:00 442880 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2011-01-12 11:20:59 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2011-01-12 11:20:59 320512 ----a-w- C:\windows\System32\d3d10_1core.dll
2011-01-12 11:20:59 283648 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2011-01-12 11:20:59 258048 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2011-01-12 11:20:59 229888 ----a-w- C:\windows\System32\XpsRasterService.dll
2011-01-12 11:20:59 218624 ----a-w- C:\windows\SysWow64\d3d10_1core.dll
2011-01-12 11:20:59 197120 ----a-w- C:\windows\System32\d3d10_1.dll
2011-01-12 11:20:59 1863680 ----a-w- C:\windows\System32\ExplorerFrame.dll
2011-01-12 11:20:59 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
2011-01-12 11:20:59 1495040 ----a-w- C:\windows\SysWow64\ExplorerFrame.dll
2011-01-12 11:20:59 144384 ----a-w- C:\windows\System32\cdd.dll
2011-01-12 11:20:59 135168 ----a-w- C:\windows\SysWow64\XpsRasterService.dll
2011-01-12 11:19:22 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 11:19:22 720896 ----a-w- C:\windows\System32\odbc32.dll
2011-01-12 11:19:22 573440 ----a-w- C:\windows\SysWow64\odbc32.dll
2011-01-12 11:19:22 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-12 11:19:22 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-12 11:19:22 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 11:19:22 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 11:19:22 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-12 11:19:22 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-12 11:19:22 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-09 15:03:15 -------- d-----r- C:\Users\Vicky\Dropbox
2011-01-09 14:58:02 -------- d-----w- C:\Users\Vicky\AppData\Roaming\Dropbox
2011-01-08 16:12:41 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
2011-01-08 16:12:40 -------- d-----w- C:\Program Files (x86)\ParetoLogic
2011-01-08 09:38:04 374664 ----a-w- C:\windows\System32\drivers\netio.sys
2011-01-08 08:51:19 -------- d-----w- C:\Users\Vicky\AppData\Roaming\Malwarebytes
2011-01-08 08:51:12 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-08 08:51:12 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-08 08:51:06 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-01-08 08:51:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-04 15:32:51 -------- d-----w- C:\Application Data
2011-01-04 15:08:03 -------- d-----w- C:\PROGRA~3\SPSS
2011-01-04 06:11:26 -------- d-----w- C:\Users\Vicky\AppData\Roaming\ParetoLogic
2011-01-04 06:11:26 -------- d-----w- C:\Users\Vicky\AppData\Roaming\DriverCure
2011-01-04 06:10:45 -------- d-----w- C:\PROGRA~3\ParetoLogic
2011-01-03 03:22:03 -------- d-----w- C:\Users\Vicky\AppData\Roaming\OpenOffice.org
2011-01-02 10:44:39 -------- d-----w- C:\Program Files (x86)\JRE
2011-01-02 10:44:30 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2011-01-02 10:40:02 411368 ----a-w- C:\windows\SysWow64\deployJava1.dll

==================== Find3M ====================

2010-12-03 13:50:36 1024 ----a-w- C:\windows\SysWow64\grcauth2.dll
2010-12-03 13:50:36 1024 ----a-w- C:\windows\SysWow64\grcauth1.dll
2010-12-03 13:50:36 100 ----a-w- C:\windows\SysWow64\prsgrc.dll
2010-12-03 13:46:38 205 ----a-w- C:\windows\SysWow64\lsprst7.dll
2010-12-03 13:26:18 1025 ----a-w- C:\windows\SysWow64\sysprs7.dll
2010-11-29 09:38:30 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 09:38:30 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2010-11-04 06:35:53 1194496 ----a-w- C:\windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\windows\SysWow64\schtasks.exe
2010-10-27 05:06:22 2048 ----a-w- C:\windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\windows\SysWow64\tzres.dll

============= FINISH: 11:57:49.82 ===============

Attached Files


BC AdBot (Login to Remove)

 

#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:17 PM

Posted 26 January 2011 - 07:51 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Lorrretta

Lorrretta
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
    •  
  • Local time:08:17 PM

Posted 28 January 2011 - 04:50 AM

I am still here :) Thanks for offering to help :)

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:17 PM

Posted 28 January 2011 - 08:45 PM

I see that the collective decided that there may be malware on board so let's check that out now.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Then run this program

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 Lorrretta

Lorrretta
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
    •  
  • Local time:08:17 PM

Posted 31 January 2011 - 04:00 AM

2011/01/31 16:41:42.0152 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/31 16:41:42.0152 ================================================================================
2011/01/31 16:41:42.0152 SystemInfo:
2011/01/31 16:41:42.0152
2011/01/31 16:41:42.0152 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/31 16:41:42.0152 Product type: Workstation
2011/01/31 16:41:42.0152 ComputerName: VICKY-PC
2011/01/31 16:41:42.0152 UserName: Vicky
2011/01/31 16:41:42.0152 Windows directory: C:\windows
2011/01/31 16:41:42.0152 System windows directory: C:\windows
2011/01/31 16:41:42.0152 Running under WOW64
2011/01/31 16:41:42.0152 Processor architecture: Intel x64
2011/01/31 16:41:42.0152 Number of processors: 4
2011/01/31 16:41:42.0152 Page size: 0x1000
2011/01/31 16:41:42.0152 Boot type: Normal boot
2011/01/31 16:41:42.0152 ================================================================================
2011/01/31 16:41:49.0858 Initialize success
2011/01/31 16:42:00.0809 ================================================================================
2011/01/31 16:42:00.0809 Scan started
2011/01/31 16:42:00.0809 Mode: Manual;
2011/01/31 16:42:00.0809 ================================================================================
2011/01/31 16:42:03.0867 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
2011/01/31 16:42:03.0929 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
2011/01/31 16:42:03.0992 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
2011/01/31 16:42:04.0241 ACPIVPC (dc201246a14cb3b274df59faf539ab07) C:\windows\system32\DRIVERS\AcpiVpc.sys
2011/01/31 16:42:04.0335 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
2011/01/31 16:42:04.0584 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
2011/01/31 16:42:04.0662 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
2011/01/31 16:42:04.0990 AFD (b9384e03479d2506bc924c16a3db87bc) C:\windows\system32\drivers\afd.sys
2011/01/31 16:42:05.0240 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
2011/01/31 16:42:05.0380 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
2011/01/31 16:42:05.0645 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
2011/01/31 16:42:05.0692 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
2011/01/31 16:42:06.0347 amdkmdag (5a7f53e425bf675ab1b80435da70f676) C:\windows\system32\DRIVERS\atipmdag.sys
2011/01/31 16:42:06.0644 amdkmdap (d92ac218752b8f7f0a4296fca417c4cf) C:\windows\system32\DRIVERS\atikmpag.sys
2011/01/31 16:42:06.0706 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
2011/01/31 16:42:06.0846 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys
2011/01/31 16:42:06.0940 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
2011/01/31 16:42:09.0717 amdxata (7702b27661f74715060586b65246b849) C:\windows\system32\DRIVERS\amdxata.sys
2011/01/31 16:42:09.0779 Suspicious file (Forged): C:\windows\system32\DRIVERS\amdxata.sys. Real md5: 7702b27661f74715060586b65246b849, Fake md5: b4ad0cacbab298671dd6f6ef7e20679d
2011/01/31 16:42:09.0779 amdxata - detected Forged file (1)
2011/01/31 16:42:09.0920 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
2011/01/31 16:42:10.0310 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
2011/01/31 16:42:10.0434 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
2011/01/31 16:42:10.0497 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
2011/01/31 16:42:10.0637 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
2011/01/31 16:42:13.0383 b06bdrv (3e7fa18fea3be0af9614de5c65092795) C:\windows\system32\DRIVERS\bxvbda.sys
2011/01/31 16:42:13.0539 Suspicious file (Forged): C:\windows\system32\DRIVERS\bxvbda.sys. Real md5: 3e7fa18fea3be0af9614de5c65092795, Fake md5: 3e5b191307609f7514148c6832bb0842
2011/01/31 16:42:13.0554 b06bdrv - detected Forged file (1)
2011/01/31 16:42:13.0664 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
2011/01/31 16:42:16.0425 Beep (3c63825015aabd810674f44afac6d12b) C:\windows\system32\drivers\Beep.sys
2011/01/31 16:42:16.0534 Suspicious file (Forged): C:\windows\system32\drivers\Beep.sys. Real md5: 3c63825015aabd810674f44afac6d12b, Fake md5: 16a47ce2decc9b099349a5f840654746
2011/01/31 16:42:16.0534 Beep - detected Forged file (1)
2011/01/31 16:42:16.0674 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
2011/01/31 16:42:16.0815 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\windows\system32\DRIVERS\bowser.sys
2011/01/31 16:42:16.0940 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/01/31 16:42:17.0002 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/01/31 16:42:17.0080 Bridge0 (34f786535f9245e4028c57b28248c9d8) C:\windows\system32\drivers\WDBridge.sys
2011/01/31 16:42:17.0174 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
2011/01/31 16:42:17.0267 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
2011/01/31 16:42:17.0330 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/01/31 16:42:17.0439 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
2011/01/31 16:42:17.0564 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
2011/01/31 16:42:17.0626 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
2011/01/31 16:42:17.0720 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
2011/01/31 16:42:17.0813 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\windows\system32\Drivers\BTHport.sys
2011/01/31 16:42:17.0907 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\windows\system32\Drivers\BTHUSB.sys
2011/01/31 16:42:18.0188 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\windows\system32\drivers\btusbflt.sys
2011/01/31 16:42:18.0297 btwaudio (a72a9101f9730db7332714e566614e4d) C:\windows\system32\drivers\btwaudio.sys
2011/01/31 16:42:18.0437 btwavdt (5ceec634b617525f2b6ad29f871033f7) C:\windows\system32\drivers\btwavdt.sys
2011/01/31 16:42:18.0500 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\windows\system32\DRIVERS\btwl2cap.sys
2011/01/31 16:42:18.0531 btwrchid (2af5604d28bef77b7cf4b9d232fe7cd3) C:\windows\system32\DRIVERS\btwrchid.sys
2011/01/31 16:42:18.0578 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
2011/01/31 16:42:18.0749 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
2011/01/31 16:42:18.0874 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
2011/01/31 16:42:18.0952 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
2011/01/31 16:42:19.0155 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
2011/01/31 16:42:19.0202 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
2011/01/31 16:42:19.0264 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
2011/01/31 16:42:19.0342 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
2011/01/31 16:42:19.0498 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/01/31 16:42:19.0794 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
2011/01/31 16:42:20.0028 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\windows\system32\Drivers\dfsc.sys
2011/01/31 16:42:20.0091 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
2011/01/31 16:42:20.0216 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
2011/01/31 16:42:20.0652 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
2011/01/31 16:42:20.0808 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\windows\System32\drivers\dxgkrnl.sys
2011/01/31 16:42:21.0027 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
2011/01/31 16:42:21.0339 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
2011/01/31 16:42:21.0386 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
2011/01/31 16:42:21.0542 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
2011/01/31 16:42:21.0635 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
2011/01/31 16:42:21.0698 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
2011/01/31 16:42:21.0760 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
2011/01/31 16:42:21.0791 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
2011/01/31 16:42:21.0838 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
2011/01/31 16:42:21.0869 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
2011/01/31 16:42:24.0724 FsDepends (4a477823ff2d06e88a93e3fd7bea24c1) C:\windows\system32\drivers\FsDepends.sys
2011/01/31 16:42:25.0286 Suspicious file (Forged): C:\windows\system32\drivers\FsDepends.sys. Real md5: 4a477823ff2d06e88a93e3fd7bea24c1, Fake md5: d43703496149971890703b4b1b723eac
2011/01/31 16:42:25.0301 FsDepends - detected Forged file (1)
2011/01/31 16:42:25.0410 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
2011/01/31 16:42:25.0504 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
2011/01/31 16:42:25.0644 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
2011/01/31 16:42:25.0691 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/01/31 16:42:25.0988 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/01/31 16:42:26.0112 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
2011/01/31 16:42:26.0253 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
2011/01/31 16:42:26.0456 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/01/31 16:42:26.0705 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
2011/01/31 16:42:26.0752 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
2011/01/31 16:42:26.0830 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
2011/01/31 16:42:26.0908 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
2011/01/31 16:42:27.0126 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
2011/01/31 16:42:27.0314 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/01/31 16:42:27.0376 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
2011/01/31 16:42:27.0750 hwdatacard (cdaa8e257bb625b2387219e605dde37d) C:\windows\system32\DRIVERS\ewusbmdm.sys
2011/01/31 16:42:27.0813 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
2011/01/31 16:42:28.0047 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
2011/01/31 16:42:28.0686 iaStor (073a606333b6f7bbf20aa856df7f0997) C:\windows\system32\DRIVERS\iaStor.sys
2011/01/31 16:42:29.0014 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys
2011/01/31 16:42:29.0342 igfx (09ce164afa8483e41808784d7fca154e) C:\windows\system32\DRIVERS\igdkmd64.sys
2011/01/31 16:42:32.0696 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
2011/01/31 16:42:33.0070 Impcd (36fdf367a1dabff903e2214023d71368) C:\windows\system32\DRIVERS\Impcd.sys
2011/01/31 16:42:33.0304 IntcAzAudAddService (06b774e74f7e2b8ae903a70c45a03d61) C:\windows\system32\drivers\RTKVHD64.sys
2011/01/31 16:42:33.0663 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
2011/01/31 16:42:34.0365 intelkmd (09ce164afa8483e41808784d7fca154e) C:\windows\system32\DRIVERS\igdpmd64.sys
2011/01/31 16:42:34.0864 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
2011/01/31 16:42:35.0004 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/01/31 16:42:35.0051 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/01/31 16:42:35.0114 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
2011/01/31 16:42:35.0316 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
2011/01/31 16:42:35.0363 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
2011/01/31 16:42:35.0441 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
2011/01/31 16:42:35.0488 JMCR (3926c8c55a2cd2c94888be39b4beb629) C:\windows\system32\DRIVERS\jmcr.sys
2011/01/31 16:42:35.0644 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\windows\system32\DRIVERS\k57nd60a.sys
2011/01/31 16:42:35.0831 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
2011/01/31 16:42:35.0894 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
2011/01/31 16:42:35.0925 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
2011/01/31 16:42:36.0018 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
2011/01/31 16:42:36.0159 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
2011/01/31 16:42:36.0346 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys
2011/01/31 16:42:36.0939 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
2011/01/31 16:42:37.0313 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/01/31 16:42:37.0469 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/01/31 16:42:38.0936 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/01/31 16:42:39.0154 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/01/31 16:42:39.0544 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
2011/01/31 16:42:39.0591 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
2011/01/31 16:42:40.0340 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
2011/01/31 16:42:40.0386 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
2011/01/31 16:42:40.0433 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
2011/01/31 16:42:40.0574 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
2011/01/31 16:42:40.0636 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
2011/01/31 16:42:40.0745 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
2011/01/31 16:42:40.0948 MpFilter (c4d8c3031c7cd5884ca856b15307e997) C:\windows\system32\DRIVERS\MpFilter.sys
2011/01/31 16:42:41.0026 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
2011/01/31 16:42:41.0088 MpNWMon (a768f58c55d3f303e686a7646348aec3) C:\windows\system32\DRIVERS\MpNWMon.sys
2011/01/31 16:42:41.0166 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
2011/01/31 16:42:41.0229 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
2011/01/31 16:42:41.0307 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/01/31 16:42:41.0478 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/01/31 16:42:41.0588 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/01/31 16:42:41.0634 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
2011/01/31 16:42:41.0697 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
2011/01/31 16:42:41.0775 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
2011/01/31 16:42:41.0868 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
2011/01/31 16:42:41.0962 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
2011/01/31 16:42:42.0087 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
2011/01/31 16:42:42.0180 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
2011/01/31 16:42:42.0290 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
2011/01/31 16:42:42.0368 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
2011/01/31 16:42:42.0446 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
2011/01/31 16:42:42.0570 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
2011/01/31 16:42:42.0664 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
2011/01/31 16:42:45.0238 Mup (7eca5e95ad29a43c11d98cfcb1c25cc3) C:\windows\system32\Drivers\mup.sys
2011/01/31 16:42:45.0285 Suspicious file (Forged): C:\windows\system32\Drivers\mup.sys. Real md5: 7eca5e95ad29a43c11d98cfcb1c25cc3, Fake md5: f9a18612fd3526fe473c1bda678d61c8
2011/01/31 16:42:45.0285 Mup - detected Forged file (1)
2011/01/31 16:42:45.0550 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
2011/01/31 16:42:45.0706 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
2011/01/31 16:42:45.0815 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
2011/01/31 16:42:45.0956 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
2011/01/31 16:42:46.0049 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
2011/01/31 16:42:46.0143 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
2011/01/31 16:42:46.0221 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
2011/01/31 16:42:46.0767 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\windows\system32\DRIVERS\NETw5s64.sys
2011/01/31 16:42:47.0282 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys
2011/01/31 16:42:47.0531 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
2011/01/31 16:42:47.0672 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
2011/01/31 16:42:47.0718 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
2011/01/31 16:42:47.0812 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys
2011/01/31 16:42:47.0984 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
2011/01/31 16:42:48.0077 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys
2011/01/31 16:42:48.0124 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys
2011/01/31 16:42:48.0155 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
2011/01/31 16:42:48.0358 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
2011/01/31 16:42:48.0498 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
2011/01/31 16:42:48.0592 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
2011/01/31 16:42:48.0670 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
2011/01/31 16:42:48.0732 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
2011/01/31 16:42:48.0810 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
2011/01/31 16:42:48.0888 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
2011/01/31 16:42:49.0029 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
2011/01/31 16:42:49.0294 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
2011/01/31 16:42:49.0356 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
2011/01/31 16:42:49.0450 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
2011/01/31 16:42:50.0246 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
2011/01/31 16:42:50.0402 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
2011/01/31 16:42:50.0511 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
2011/01/31 16:42:53.0116 RasAcd (3209b6cc34f40e1180ce453e846050bf) C:\windows\system32\DRIVERS\rasacd.sys
2011/01/31 16:43:12.0211 Suspicious file (Forged): C:\windows\system32\DRIVERS\rasacd.sys. Real md5: 3209b6cc34f40e1180ce453e846050bf, Fake md5: 5a0da8ad5762fa2d91678a8a01311704
2011/01/31 16:43:12.0226 RasAcd - detected Forged file (1)
2011/01/31 16:43:12.0679 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/01/31 16:43:15.0455 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/01/31 16:43:15.0565 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
2011/01/31 16:43:15.0795 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
2011/01/31 16:43:15.0835 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
2011/01/31 16:43:15.0905 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
2011/01/31 16:43:15.0985 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/01/31 16:43:16.0075 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
2011/01/31 16:43:16.0265 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
2011/01/31 16:43:16.0365 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
2011/01/31 16:43:16.0505 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
2011/01/31 16:43:16.0725 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
2011/01/31 16:43:16.0912 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
2011/01/31 16:43:17.0084 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\windows\system32\drivers\RtHDMIVX.sys
2011/01/31 16:43:19.0705 sbp2port (a8bb20880b2d2444fd01c40994668c0c) C:\windows\system32\DRIVERS\sbp2port.sys
2011/01/31 16:43:19.0970 Suspicious file (Forged): C:\windows\system32\DRIVERS\sbp2port.sys. Real md5: a8bb20880b2d2444fd01c40994668c0c, Fake md5: e3bbb89983daf5622c1d50cf49f28227
2011/01/31 16:43:19.0970 sbp2port - detected Forged file (1)
2011/01/31 16:43:20.0095 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
2011/01/31 16:43:20.0282 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\windows\system32\drivers\sdbus.sys
2011/01/31 16:43:20.0500 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
2011/01/31 16:43:20.0672 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
2011/01/31 16:43:20.0765 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
2011/01/31 16:43:20.0797 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
2011/01/31 16:43:20.0875 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
2011/01/31 16:43:20.0921 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
2011/01/31 16:43:20.0953 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\drivers\sffp_sd.sys
2011/01/31 16:43:20.0999 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
2011/01/31 16:43:21.0093 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/01/31 16:43:21.0155 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
2011/01/31 16:43:21.0343 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
2011/01/31 16:43:21.0405 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
2011/01/31 16:43:21.0811 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\windows\system32\DRIVERS\srv.sys
2011/01/31 16:43:21.0904 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\windows\system32\DRIVERS\srv2.sys
2011/01/31 16:43:22.0809 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\windows\system32\DRIVERS\srvnet.sys
2011/01/31 16:43:23.0277 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
2011/01/31 16:43:23.0339 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
2011/01/31 16:43:23.0464 SynTP (c7e556d216cc864e24ffa797b5c1dd14) C:\windows\system32\DRIVERS\SynTP.sys
2011/01/31 16:43:23.0636 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\drivers\tcpip.sys
2011/01/31 16:43:24.0104 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\DRIVERS\tcpip.sys
2011/01/31 16:43:24.0291 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
2011/01/31 16:43:24.0416 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
2011/01/31 16:43:24.0431 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
2011/01/31 16:43:24.0478 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
2011/01/31 16:43:24.0525 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
2011/01/31 16:43:24.0603 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/01/31 16:43:24.0743 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
2011/01/31 16:43:24.0775 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
2011/01/31 16:43:24.0790 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
2011/01/31 16:43:24.0915 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/01/31 16:43:24.0946 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
2011/01/31 16:43:24.0977 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
2011/01/31 16:43:25.0071 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\windows\system32\Drivers\usbaapl64.sys
2011/01/31 16:43:25.0211 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys
2011/01/31 16:43:25.0289 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
2011/01/31 16:43:25.0383 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\windows\system32\DRIVERS\usbehci.sys
2011/01/31 16:43:25.0477 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\windows\system32\DRIVERS\usbhub.sys
2011/01/31 16:43:25.0539 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys
2011/01/31 16:43:25.0555 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
2011/01/31 16:43:25.0648 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/01/31 16:43:25.0711 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
2011/01/31 16:43:25.0773 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
2011/01/31 16:43:25.0820 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/01/31 16:43:25.0898 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
2011/01/31 16:43:25.0960 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
2011/01/31 16:43:25.0991 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
2011/01/31 16:43:26.0038 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
2011/01/31 16:43:26.0225 vm332avs (a12a9097590bf0c1ec2b79b4b7d8be98) C:\windows\system32\Drivers\vm332avs.sys
2011/01/31 16:43:26.0319 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
2011/01/31 16:43:26.0350 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
2011/01/31 16:43:26.0381 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
2011/01/31 16:43:26.0444 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
2011/01/31 16:43:26.0475 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
2011/01/31 16:43:26.0647 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
2011/01/31 16:43:26.0709 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
2011/01/31 16:43:26.0771 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2011/01/31 16:43:26.0771 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2011/01/31 16:43:26.0834 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
2011/01/31 16:43:26.0865 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
2011/01/31 16:43:26.0927 wdkmd (5b34e5938b9e76798977725e3f7847c4) C:\windows\system32\DRIVERS\WDKMD.sys
2011/01/31 16:43:27.0286 wdmirror (2a444acf7dd446505bcc801f8f6ae5fd) C:\windows\system32\DRIVERS\WDMirror.sys
2011/01/31 16:43:27.0333 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
2011/01/31 16:43:27.0364 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
2011/01/31 16:43:27.0442 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
2011/01/31 16:43:27.0536 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
2011/01/31 16:43:27.0583 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/01/31 16:43:27.0723 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
2011/01/31 16:43:27.0801 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
2011/01/31 16:43:27.0957 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
2011/01/31 16:43:28.0097 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/01/31 16:43:28.0160 ================================================================================
2011/01/31 16:43:28.0160 Scan finished
2011/01/31 16:43:28.0160 ================================================================================
2011/01/31 16:43:28.0160 Detected object count: 7
2011/01/31 16:56:08.0538 Forged file(amdxata) - User select action: Skip
2011/01/31 16:56:08.0538 Forged file(b06bdrv) - User select action: Skip
2011/01/31 16:56:08.0538 Forged file(Beep) - User select action: Skip
2011/01/31 16:56:08.0538 Forged file(FsDepends) - User select action: Skip
2011/01/31 16:56:08.0538 Forged file(Mup) - User select action: Skip
2011/01/31 16:56:08.0538 Forged file(RasAcd) - User select action: Skip
2011/01/31 16:56:08.0538 Forged file(sbp2port) - User select action: Skip
2011/01/31 16:56:46.0977 Deinitialize success


--------------------------------------------------------------------------------------------------------------------------------------------------------------

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Lenovo
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: IdeaPad Y460
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 170):
0x03855000 \SystemRoot\system32\ntoskrnl.exe
0x0380C000 \SystemRoot\system32\hal.dll
0x00BB4000 \SystemRoot\system32\kdcom.dll
0x00C01000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C45000 \SystemRoot\system32\PSHED.dll
0x00C59000 \SystemRoot\system32\CLFS.SYS
0x00CB7000 \SystemRoot\system32\CI.dll
0x00EF9000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F9D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E57000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E60000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E6A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E9D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00EAA000 \SystemRoot\System32\drivers\partmgr.sys
0x00EBF000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00EC8000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00ED4000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D77000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FAC000 \SystemRoot\System32\drivers\mountmgr.sys
0x01060000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01268000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01271000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0129B000 \SystemRoot\system32\DRIVERS\msahci.sys
0x012A6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x012B6000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x012C1000 \SystemRoot\system32\drivers\fltmgr.sys
0x0130D000 \SystemRoot\system32\drivers\fileinfo.sys
0x01450000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01321000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0137F000 \SystemRoot\System32\Drivers\cng.sys
0x0141A000 \SystemRoot\System32\drivers\pcw.sys
0x0142B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016D5000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01000000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0168B000 \SystemRoot\System32\Drivers\spldr.sys
0x01693000 \SystemRoot\System32\drivers\rdyboost.sys
0x017C7000 \SystemRoot\System32\Drivers\mup.sys
0x017D9000 \SystemRoot\System32\DRIVERS\LhdX64.sys
0x017E7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x00FC6000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01435000 \SystemRoot\system32\DRIVERS\disk.sys
0x018BE000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x042C0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x042C5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x042EF000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x0431C000 \SystemRoot\System32\Drivers\Null.SYS
0x04325000 \SystemRoot\System32\Drivers\Beep.SYS
0x0432C000 \SystemRoot\System32\drivers\vga.sys
0x0433A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0435F000 \SystemRoot\System32\drivers\watchdog.sys
0x0436F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04378000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04381000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0438A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04395000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02C02000 \SystemRoot\System32\drivers\tcpip.sys
0x043A6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x04000000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0401E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0402B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x018FC000 \SystemRoot\system32\drivers\afd.sys
0x04070000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04079000 \SystemRoot\system32\DRIVERS\pacer.sys
0x043F0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01986000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x019A1000 \SystemRoot\system32\DRIVERS\termdd.sys
0x01800000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x01851000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0185D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x01868000 \SystemRoot\System32\drivers\discache.sys
0x01877000 \SystemRoot\System32\Drivers\dfsc.sys
0x01895000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x019B5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03AAA000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04801000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x0560A000 \SystemRoot\system32\DRIVERS\igdpmd64.sys
0x04E65000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04F59000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04F9F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x05FE3000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04FC3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03ADE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04FD4000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x03B34000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x06413000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x06B73000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x06B80000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x06BD1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x06BEF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03B63000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x06BFE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x06400000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03BB6000 \SystemRoot\system32\DRIVERS\AcpiVpc.sys
0x03BCC000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03BD9000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x03A00000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05FF4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03A16000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03A26000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03A3C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03A60000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03A6C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x019DB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00DD3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04497000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x044B1000 \SystemRoot\system32\DRIVERS\WDMirror.sys
0x044B8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x044BA000 \SystemRoot\system32\DRIVERS\ks.sys
0x044FD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0450F000 \SystemRoot\system32\DRIVERS\WDKMD.sys
0x0451F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04579000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0458E000 \SystemRoot\system32\drivers\RtHDMIVX.sys
0x04400000 \SystemRoot\system32\drivers\portcls.sys
0x0443D000 \SystemRoot\system32\drivers\drmk.sys
0x0445F000 \SystemRoot\system32\drivers\ksthunk.sys
0x08096000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x082D4000 \SystemRoot\system32\drivers\btusbflt.sys
0x082E4000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x082FC000 \SystemRoot\System32\Drivers\bthport.sys
0x08388000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x083B4000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x083C4000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x083E4000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x08000000 \SystemRoot\system32\drivers\modem.sys
0x0800F000 \SystemRoot\system32\drivers\btwavdt.sys
0x0409F000 \SystemRoot\system32\drivers\btwaudio.sys
0x0808A000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x083FB000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x04465000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0447E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x045C5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x045E2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x07A3F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x07C47000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x07C5A000 \SystemRoot\System32\Drivers\vm332avs.sys
0x07C8D000 \SystemRoot\System32\Drivers\STREAM.SYS
0x00050000 \SystemRoot\System32\win32k.sys
0x07C9E000 \SystemRoot\System32\drivers\Dxapi.sys
0x07CAA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x00630000 \SystemRoot\System32\cdd.dll
0x07CB8000 \SystemRoot\system32\drivers\luafv.sys
0x07CDB000 \SystemRoot\system32\drivers\WudfPf.sys
0x07CFC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x07D11000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07D29000 \SystemRoot\system32\drivers\HTTP.sys
0x07A00000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04125000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04152000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x041A0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x041C3000 \SystemRoot\system32\drivers\peauth.sys
0x07A1E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x04269000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07A29000 \SystemRoot\System32\drivers\tcpipreg.sys
0x062FF000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06366000 \SystemRoot\System32\DRIVERS\srv.sys
0x0628E000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
0x06271000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x062AB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x062C6000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x07DF1000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77320000 \Windows\System32\ntdll.dll
0x48030000 \Windows\System32\smss.exe
0xFF640000 \Windows\System32\apisetschema.dll
0xFF290000 \Windows\System32\autochk.exe

Processes (total 94):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
480 csrss.exe
580 C:\Windows\System32\wininit.exe
616 csrss.exe
640 C:\Windows\System32\services.exe
680 C:\Windows\System32\winlogon.exe
708 C:\Windows\System32\lsass.exe
716 C:\Windows\System32\lsm.exe
816 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
956 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
280 C:\Windows\System32\atiesrxx.exe
492 C:\Windows\System32\svchost.exe
524 C:\Windows\System32\svchost.exe
764 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1236 C:\Windows\System32\svchost.exe
1504 C:\Windows\System32\spoolsv.exe
1568 C:\Windows\System32\atieclxx.exe
1664 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1716 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1744 C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
1816 C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
1836 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
1876 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
1908 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1948 C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
1972 C:\Windows\System32\svchost.exe
2012 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1164 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1588 C:\Windows\System32\svchost.exe
2104 C:\Windows\System32\taskhost.exe

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:17 PM

Posted 31 January 2011 - 07:24 PM

Lorrretta, we have to rerun TDSSKiller. There are seven instances of a rootkit infection which need to be cleaned and they have been skipped each time. Please note the instructions:

If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.

Let me know if there are problems with doing this :)
Posted Image
m0le is a proud member of UNITE

#7 Lorrretta

Lorrretta
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
    •  
  • Local time:08:17 PM

Posted 31 January 2011 - 09:22 PM

Are you referring to those forged files?
There is no Cure button from what I remember. Other than the skip option, there is also a copy to quarrantine and delete.

So do I select delete for all the 7 forged files?

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:17 PM

Posted 01 February 2011 - 05:41 PM

Yes, please delete them and post the new log :)
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:17 PM

Posted 03 February 2011 - 07:36 PM

Are you still there, Lorrretta?
Posted Image
m0le is a proud member of UNITE

#10 Lorrretta

Lorrretta
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
    •  
  • Local time:08:17 PM

Posted 04 February 2011 - 04:08 AM

Sorry for the delayed reply. I can't seem to find the log in C:\ after rebboting.

#11 Lorrretta

Lorrretta
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
    •  
  • Local time:08:17 PM

Posted 04 February 2011 - 04:47 AM

is this the correct file? I found it on my desktop.

2011/02/04 15:00:18.0763 1080 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/04 15:00:20.0765 1080 ================================================================================
2011/02/04 15:00:20.0766 1080 SystemInfo:
2011/02/04 15:00:20.0766 1080
2011/02/04 15:00:20.0766 1080 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/04 15:00:20.0766 1080 Product type: Workstation
2011/02/04 15:00:20.0766 1080 ComputerName: VICKY-PC
2011/02/04 15:00:20.0766 1080 UserName: Vicky
2011/02/04 15:00:20.0766 1080 Windows directory: C:\windows
2011/02/04 15:00:20.0766 1080 System windows directory: C:\windows
2011/02/04 15:00:20.0766 1080 Running under WOW64
2011/02/04 15:00:20.0766 1080 Processor architecture: Intel x64
2011/02/04 15:00:20.0766 1080 Number of processors: 4
2011/02/04 15:00:20.0766 1080 Page size: 0x1000
2011/02/04 15:00:20.0766 1080 Boot type: Normal boot
2011/02/04 15:00:20.0766 1080 ================================================================================
2011/02/04 15:00:21.0664 1080 Initialize success
2011/02/04 15:00:25.0835 4572 ================================================================================
2011/02/04 15:00:25.0835 4572 Scan started
2011/02/04 15:00:25.0835 4572 Mode: Manual;
2011/02/04 15:00:25.0835 4572 ================================================================================
2011/02/04 15:00:28.0845 4572 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
2011/02/04 15:00:28.0895 4572 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
2011/02/04 15:00:28.0975 4572 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
2011/02/04 15:00:29.0105 4572 ACPIVPC (dc201246a14cb3b274df59faf539ab07) C:\windows\system32\DRIVERS\AcpiVpc.sys
2011/02/04 15:00:31.0745 4572 adp94xx (4447cb4bb00391a6442bd48bc399b2dd) C:\windows\system32\DRIVERS\adp94xx.sys
2011/02/04 15:00:31.0855 4572 Suspicious file (Forged): C:\windows\system32\DRIVERS\adp94xx.sys. Real md5: 4447cb4bb00391a6442bd48bc399b2dd, Fake md5: 2f6b34b83843f0c5118b63ac634f5bf4
2011/02/04 15:00:31.0865 4572 adp94xx - detected Forged file (1)
2011/02/04 15:00:32.0045 4572 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
2011/02/04 15:00:34.0675 4572 adpu320 (1c42eeae0241b6945805e719739a7a69) C:\windows\system32\DRIVERS\adpu320.sys
2011/02/04 15:00:34.0745 4572 Suspicious file (Forged): C:\windows\system32\DRIVERS\adpu320.sys. Real md5: 1c42eeae0241b6945805e719739a7a69, Fake md5: e109549c90f62fb570b9540c4b148e54
2011/02/04 15:00:34.0755 4572 adpu320 - detected Forged file (1)
2011/02/04 15:00:34.0935 4572 AFD (b9384e03479d2506bc924c16a3db87bc) C:\windows\system32\drivers\afd.sys
2011/02/04 15:00:37.0301 4572 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
2011/02/04 15:00:37.0441 4572 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
2011/02/04 15:00:37.0535 4572 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
2011/02/04 15:00:37.0628 4572 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
2011/02/04 15:00:38.0031 4572 amdkmdag (5a7f53e425bf675ab1b80435da70f676) C:\windows\system32\DRIVERS\atipmdag.sys
2011/02/04 15:00:38.0361 4572 amdkmdap (d92ac218752b8f7f0a4296fca417c4cf) C:\windows\system32\DRIVERS\atikmpag.sys
2011/02/04 15:00:38.0421 4572 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
2011/02/04 15:00:38.0521 4572 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys
2011/02/04 15:00:38.0671 4572 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
2011/02/04 15:00:38.0801 4572 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys
2011/02/04 15:00:38.0891 4572 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
2011/02/04 15:00:39.0011 4572 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
2011/02/04 15:00:39.0051 4572 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
2011/02/04 15:00:39.0131 4572 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
2011/02/04 15:00:39.0231 4572 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
2011/02/04 15:00:41.0920 4572 b06bdrv (3e7fa18fea3be0af9614de5c65092795) C:\windows\system32\DRIVERS\bxvbda.sys
2011/02/04 15:00:41.0983 4572 Suspicious file (Forged): C:\windows\system32\DRIVERS\bxvbda.sys. Real md5: 3e7fa18fea3be0af9614de5c65092795, Fake md5: 3e5b191307609f7514148c6832bb0842
2011/02/04 15:00:41.0998 4572 b06bdrv - detected Forged file (1)
2011/02/04 15:00:42.0108 4572 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
2011/02/04 15:00:42.0279 4572 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
2011/02/04 15:00:42.0420 4572 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
2011/02/04 15:00:42.0544 4572 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\windows\system32\DRIVERS\bowser.sys
2011/02/04 15:00:42.0622 4572 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/02/04 15:00:42.0700 4572 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/02/04 15:00:42.0810 4572 Bridge0 (34f786535f9245e4028c57b28248c9d8) C:\windows\system32\drivers\WDBridge.sys
2011/02/04 15:00:42.0872 4572 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
2011/02/04 15:00:42.0966 4572 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
2011/02/04 15:00:43.0044 4572 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/02/04 15:00:43.0090 4572 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
2011/02/04 15:00:43.0215 4572 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
2011/02/04 15:00:43.0278 4572 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
2011/02/04 15:00:43.0387 4572 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
2011/02/04 15:00:43.0449 4572 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\windows\system32\Drivers\BTHport.sys
2011/02/04 15:00:43.0574 4572 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\windows\system32\Drivers\BTHUSB.sys
2011/02/04 15:00:43.0917 4572 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\windows\system32\drivers\btusbflt.sys
2011/02/04 15:00:43.0980 4572 btwaudio (a72a9101f9730db7332714e566614e4d) C:\windows\system32\drivers\btwaudio.sys
2011/02/04 15:00:44.0073 4572 btwavdt (5ceec634b617525f2b6ad29f871033f7) C:\windows\system32\drivers\btwavdt.sys
2011/02/04 15:00:44.0198 4572 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\windows\system32\DRIVERS\btwl2cap.sys
2011/02/04 15:00:44.0370 4572 btwrchid (2af5604d28bef77b7cf4b9d232fe7cd3) C:\windows\system32\DRIVERS\btwrchid.sys
2011/02/04 15:00:44.0401 4572 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
2011/02/04 15:00:44.0463 4572 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
2011/02/04 15:00:44.0588 4572 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
2011/02/04 15:00:44.0744 4572 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
2011/02/04 15:00:44.0931 4572 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
2011/02/04 15:00:44.0962 4572 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
2011/02/04 15:00:45.0056 4572 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
2011/02/04 15:00:45.0103 4572 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
2011/02/04 15:00:45.0165 4572 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/02/04 15:00:45.0446 4572 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
2011/02/04 15:00:45.0618 4572 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\windows\system32\Drivers\dfsc.sys
2011/02/04 15:00:46.0210 4572 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
2011/02/04 15:00:46.0382 4572 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
2011/02/04 15:00:46.0491 4572 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
2011/02/04 15:00:46.0600 4572 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\windows\System32\drivers\dxgkrnl.sys
2011/02/04 15:00:46.0741 4572 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
2011/02/04 15:00:46.0990 4572 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
2011/02/04 15:00:47.0053 4572 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
2011/02/04 15:00:47.0193 4572 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
2011/02/04 15:00:47.0614 4572 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
2011/02/04 15:00:47.0692 4572 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
2011/02/04 15:00:47.0848 4572 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
2011/02/04 15:00:47.0880 4572 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
2011/02/04 15:00:47.0895 4572 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
2011/02/04 15:00:47.0942 4572 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
2011/02/04 15:00:48.0082 4572 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
2011/02/04 15:00:48.0160 4572 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
2011/02/04 15:00:48.0301 4572 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
2011/02/04 15:00:48.0379 4572 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
2011/02/04 15:00:48.0441 4572 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/02/04 15:00:48.0504 4572 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/04 15:00:48.0691 4572 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
2011/02/04 15:00:49.0034 4572 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
2011/02/04 15:00:49.0206 4572 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/02/04 15:00:49.0377 4572 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
2011/02/04 15:00:49.0486 4572 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
2011/02/04 15:00:49.0502 4572 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
2011/02/04 15:00:49.0611 4572 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
2011/02/04 15:00:49.0689 4572 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
2011/02/04 15:00:49.0798 4572 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/02/04 15:00:50.0188 4572 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
2011/02/04 15:00:50.0360 4572 hwdatacard (cdaa8e257bb625b2387219e605dde37d) C:\windows\system32\DRIVERS\ewusbmdm.sys
2011/02/04 15:00:50.0407 4572 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
2011/02/04 15:00:50.0547 4572 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
2011/02/04 15:00:50.0641 4572 iaStor (073a606333b6f7bbf20aa856df7f0997) C:\windows\system32\DRIVERS\iaStor.sys
2011/02/04 15:00:50.0797 4572 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys
2011/02/04 15:00:51.0078 4572 igfx (09ce164afa8483e41808784d7fca154e) C:\windows\system32\DRIVERS\igdkmd64.sys
2011/02/04 15:00:51.0421 4572 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
2011/02/04 15:00:51.0561 4572 Impcd (36fdf367a1dabff903e2214023d71368) C:\windows\system32\DRIVERS\Impcd.sys
2011/02/04 15:00:51.0748 4572 IntcAzAudAddService (06b774e74f7e2b8ae903a70c45a03d61) C:\windows\system32\drivers\RTKVHD64.sys
2011/02/04 15:00:51.0826 4572 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
2011/02/04 15:00:52.0248 4572 intelkmd (09ce164afa8483e41808784d7fca154e) C:\windows\system32\DRIVERS\igdpmd64.sys
2011/02/04 15:00:52.0684 4572 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
2011/02/04 15:00:52.0762 4572 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/02/04 15:00:52.0825 4572 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/02/04 15:00:52.0872 4572 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
2011/02/04 15:00:53.0012 4572 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
2011/02/04 15:00:53.0059 4572 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
2011/02/04 15:00:53.0106 4572 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
2011/02/04 15:00:53.0230 4572 JMCR (3926c8c55a2cd2c94888be39b4beb629) C:\windows\system32\DRIVERS\jmcr.sys
2011/02/04 15:00:53.0308 4572 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\windows\system32\DRIVERS\k57nd60a.sys
2011/02/04 15:00:53.0496 4572 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
2011/02/04 15:00:53.0527 4572 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
2011/02/04 15:00:53.0652 4572 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
2011/02/04 15:00:53.0730 4572 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
2011/02/04 15:00:53.0839 4572 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
2011/02/04 15:00:54.0042 4572 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys
2011/02/04 15:00:54.0213 4572 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
2011/02/04 15:00:54.0510 4572 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/02/04 15:00:54.0556 4572 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/02/04 15:00:54.0588 4572 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/02/04 15:00:54.0619 4572 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/02/04 15:00:54.0650 4572 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
2011/02/04 15:00:54.0681 4572 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
2011/02/04 15:00:54.0775 4572 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
2011/02/04 15:00:54.0868 4572 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
2011/02/04 15:00:54.0915 4572 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
2011/02/04 15:00:54.0962 4572 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
2011/02/04 15:00:55.0024 4572 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
2011/02/04 15:00:55.0040 4572 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
2011/02/04 15:00:55.0149 4572 MpFilter (c4d8c3031c7cd5884ca856b15307e997) C:\windows\system32\DRIVERS\MpFilter.sys
2011/02/04 15:00:55.0196 4572 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
2011/02/04 15:00:55.0305 4572 MpNWMon (a768f58c55d3f303e686a7646348aec3) C:\windows\system32\DRIVERS\MpNWMon.sys
2011/02/04 15:00:55.0352 4572 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
2011/02/04 15:00:55.0461 4572 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
2011/02/04 15:00:55.0524 4572 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/02/04 15:00:55.0555 4572 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/02/04 15:00:55.0633 4572 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/02/04 15:00:55.0680 4572 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
2011/02/04 15:00:55.0711 4572 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
2011/02/04 15:00:55.0867 4572 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
2011/02/04 15:00:55.0929 4572 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
2011/02/04 15:00:55.0976 4572 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
2011/02/04 15:00:56.0116 4572 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
2011/02/04 15:00:56.0194 4572 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
2011/02/04 15:00:56.0319 4572 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
2011/02/04 15:00:56.0366 4572 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
2011/02/04 15:00:56.0460 4572 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
2011/02/04 15:00:56.0569 4572 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
2011/02/04 15:00:56.0616 4572 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
2011/02/04 15:00:56.0694 4572 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
2011/02/04 15:00:56.0881 4572 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
2011/02/04 15:00:57.0006 4572 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
2011/02/04 15:00:57.0084 4572 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
2011/02/04 15:00:57.0130 4572 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
2011/02/04 15:00:57.0177 4572 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
2011/02/04 15:00:57.0224 4572 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
2011/02/04 15:00:57.0255 4572 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
2011/02/04 15:00:57.0645 4572 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\windows\system32\DRIVERS\NETw5s64.sys
2011/02/04 15:00:58.0113 4572 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys
2011/02/04 15:00:58.0683 4572 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
2011/02/04 15:00:58.0738 4572 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
2011/02/04 15:00:58.0794 4572 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
2011/02/04 15:00:58.0864 4572 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys
2011/02/04 15:00:58.0992 4572 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
2011/02/04 15:00:59.0085 4572 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys
2011/02/04 15:00:59.0118 4572 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys
2011/02/04 15:00:59.0171 4572 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
2011/02/04 15:00:59.0240 4572 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
2011/02/04 15:00:59.0425 4572 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
2011/02/04 15:00:59.0914 4572 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
2011/02/04 15:00:59.0966 4572 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
2011/02/04 15:01:00.0008 4572 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
2011/02/04 15:01:00.0062 4572 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
2011/02/04 15:01:00.0138 4572 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
2011/02/04 15:01:00.0210 4572 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
2011/02/04 15:01:00.0467 4572 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
2011/02/04 15:01:00.0532 4572 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
2011/02/04 15:01:00.0647 4572 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
2011/02/04 15:01:00.0840 4572 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
2011/02/04 15:01:00.0961 4572 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
2011/02/04 15:01:01.0011 4572 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
2011/02/04 15:01:01.0050 4572 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
2011/02/04 15:01:01.0127 4572 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/02/04 15:01:01.0161 4572 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/02/04 15:01:01.0205 4572 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
2011/02/04 15:01:01.0241 4572 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
2011/02/04 15:01:01.0287 4572 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
2011/02/04 15:01:01.0336 4572 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
2011/02/04 15:01:01.0391 4572 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/02/04 15:01:01.0424 4572 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
2011/02/04 15:01:01.0460 4572 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
2011/02/04 15:01:01.0497 4572 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
2011/02/04 15:01:01.0590 4572 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
2011/02/04 15:01:01.0732 4572 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
2011/02/04 15:01:01.0798 4572 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
2011/02/04 15:01:01.0857 4572 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\windows\system32\drivers\RtHDMIVX.sys
2011/02/04 15:01:01.0942 4572 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
2011/02/04 15:01:01.0978 4572 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
2011/02/04 15:01:02.0111 4572 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\windows\system32\drivers\sdbus.sys
2011/02/04 15:01:02.0302 4572 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
2011/02/04 15:01:02.0371 4572 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
2011/02/04 15:01:02.0427 4572 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
2011/02/04 15:01:02.0548 4572 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
2011/02/04 15:01:02.0614 4572 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
2011/02/04 15:01:02.0657 4572 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
2011/02/04 15:01:02.0688 4572 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\drivers\sffp_sd.sys
2011/02/04 15:01:02.0732 4572 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
2011/02/04 15:01:02.0864 4572 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/02/04 15:01:02.0928 4572 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
2011/02/04 15:01:03.0130 4572 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
2011/02/04 15:01:03.0256 4572 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
2011/02/04 15:01:03.0368 4572 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\windows\system32\DRIVERS\srv.sys
2011/02/04 15:01:03.0469 4572 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\windows\system32\DRIVERS\srv2.sys
2011/02/04 15:01:03.0512 4572 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\windows\system32\DRIVERS\srvnet.sys
2011/02/04 15:01:03.0651 4572 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
2011/02/04 15:01:03.0705 4572 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
2011/02/04 15:01:03.0815 4572 SynTP (c7e556d216cc864e24ffa797b5c1dd14) C:\windows\system32\DRIVERS\SynTP.sys
2011/02/04 15:01:03.0956 4572 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\drivers\tcpip.sys
2011/02/04 15:01:04.0044 4572 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\DRIVERS\tcpip.sys
2011/02/04 15:01:04.0110 4572 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
2011/02/04 15:01:04.0159 4572 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
2011/02/04 15:01:04.0181 4572 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
2011/02/04 15:01:04.0222 4572 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
2011/02/04 15:01:04.0321 4572 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
2011/02/04 15:01:04.0401 4572 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/02/04 15:01:04.0460 4572 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
2011/02/04 15:01:04.0501 4572 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
2011/02/04 15:01:04.0567 4572 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
2011/02/04 15:01:04.0683 4572 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/02/04 15:01:04.0743 4572 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
2011/02/04 15:01:04.0791 4572 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
2011/02/04 15:01:04.0923 4572 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\windows\system32\Drivers\usbaapl64.sys
2011/02/04 15:01:05.0002 4572 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys
2011/02/04 15:01:05.0076 4572 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
2011/02/04 15:01:05.0124 4572 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\windows\system32\DRIVERS\usbehci.sys
2011/02/04 15:01:05.0164 4572 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\windows\system32\DRIVERS\usbhub.sys
2011/02/04 15:01:05.0219 4572 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys
2011/02/04 15:01:05.0249 4572 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
2011/02/04 15:01:05.0281 4572 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/02/04 15:01:05.0354 4572 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
2011/02/04 15:01:05.0429 4572 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
2011/02/04 15:01:05.0533 4572 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/02/04 15:01:05.0627 4572 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
2011/02/04 15:01:05.0690 4572 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
2011/02/04 15:01:05.0734 4572 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
2011/02/04 15:01:05.0757 4572 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
2011/02/04 15:01:05.0846 4572 vm332avs (a12a9097590bf0c1ec2b79b4b7d8be98) C:\windows\system32\Drivers\vm332avs.sys
2011/02/04 15:01:05.0915 4572 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
2011/02/04 15:01:05.0956 4572 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
2011/02/04 15:01:05.0998 4572 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
2011/02/04 15:01:06.0061 4572 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
2011/02/04 15:01:06.0096 4572 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
2011/02/04 15:01:06.0191 4572 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
2011/02/04 15:01:06.0283 4572 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
2011/02/04 15:01:06.0325 4572 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2011/02/04 15:01:06.0346 4572 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2011/02/04 15:01:06.0431 4572 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
2011/02/04 15:01:06.0473 4572 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
2011/02/04 15:01:06.0601 4572 wdkmd (5b34e5938b9e76798977725e3f7847c4) C:\windows\system32\DRIVERS\WDKMD.sys
2011/02/04 15:01:06.0681 4572 wdmirror (2a444acf7dd446505bcc801f8f6ae5fd) C:\windows\system32\DRIVERS\WDMirror.sys
2011/02/04 15:01:06.0795 4572 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
2011/02/04 15:01:06.0852 4572 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
2011/02/04 15:01:06.0918 4572 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
2011/02/04 15:01:07.0040 4572 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
2011/02/04 15:01:07.0175 4572 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/02/04 15:01:07.0278 4572 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
2011/02/04 15:01:07.0343 4572 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
2011/02/04 15:01:07.0400 4572 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
2011/02/04 15:01:07.0453 4572 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/02/04 15:01:07.0593 4572 ================================================================================
2011/02/04 15:01:07.0593 4572 Scan finished
2011/02/04 15:01:07.0593 4572 ================================================================================
2011/02/04 15:01:07.0611 4724 Detected object count: 3
2011/02/04 15:03:43.0060 4724 HKLM\SYSTEM\ControlSet001\services\adp94xx - will be deleted after reboot
2011/02/04 15:03:43.0153 4724 HKLM\SYSTEM\ControlSet002\services\adp94xx - will be deleted after reboot
2011/02/04 15:03:43.0200 4724 C:\windows\system32\DRIVERS\adp94xx.sys - will be deleted after reboot
2011/02/04 15:03:43.0200 4724 Forged file(adp94xx) - User select action: Delete
2011/02/04 15:03:43.0200 4724 HKLM\SYSTEM\ControlSet001\services\adpu320 - will be deleted after reboot
2011/02/04 15:03:43.0216 4724 HKLM\SYSTEM\ControlSet002\services\adpu320 - will be deleted after reboot
2011/02/04 15:03:43.0216 4724 C:\windows\system32\DRIVERS\adpu320.sys - will be deleted after reboot
2011/02/04 15:03:43.0216 4724 Forged file(adpu320) - User select action: Delete
2011/02/04 15:03:43.0216 4724 HKLM\SYSTEM\ControlSet001\services\b06bdrv - will be deleted after reboot
2011/02/04 15:03:43.0231 4724 HKLM\SYSTEM\ControlSet002\services\b06bdrv - will be deleted after reboot
2011/02/04 15:03:43.0231 4724 C:\windows\system32\DRIVERS\bxvbda.sys - will be deleted after reboot
2011/02/04 15:03:43.0231 4724 Forged file(b06bdrv) - User select action: Delete
2011/02/04 15:53:39.0814 5396 Deinitialize success

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:17 PM

Posted 04 February 2011 - 02:36 PM

That looks like the right one. Can you run TDSSKiller again and post the log. We're looking for a clean log this time round.
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:17 PM

Posted 06 February 2011 - 08:26 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,

m0le
Posted Image
m0le is a proud member of UNITE

#14 Lorrretta

Lorrretta
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
    •  
  • Local time:08:17 PM

Posted 06 February 2011 - 09:02 PM

I am so sorry :x I am kind of busy with my school work. I rerun TDSSKiller and it detected a few forged files again, I can't seem to find the new log. Does it usually rewrite the old log? Do I rerun till the log is clean?

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:17 PM

Posted 07 February 2011 - 02:12 PM

Not normally but as you've lost the previous log you should rerun TDSSKiller and post that log instead - just to make sure.
Posted Image
m0le is a proud member of UNITE
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·