Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista "Anti-Spyware 2012" Rogue Malware


  • This topic is locked This topic is locked
23 replies to this topic

#1 Hotspur28

Hotspur28

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 24 July 2011 - 07:23 PM

Hi there,

First things first, thanks to those who take the time to read and respond to these posts. For the past several hours, I've been poring over the Internet, reading up on the so-called "Vista Anti-Spyware 2012" malware, which my laptop is infected with. I've tried numerous fixes, including those described on this website, but the malware is killing every malware-removal application that I run. I've already tried to download various registry fixes, to run RKill, and then to install (using a renamed executable), but nothing is working. Strangely, I am still able to use my browser and to run most applications, though I have noticed that all of my web searches are being routed through "100ksearches.com." At any rate, I would welcome and appreciate any insight that you can provide (though please bear in mind that I cannot post HiJack This log files, since the malware is killing the application).

Regards,
Paul

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:17 PM

Posted 24 July 2011 - 07:47 PM

Hello, I moved this to The Am I Infected forum for now. You did not post the required logs for that area.

Please follow our Removal Guide here Vista Antivirus 2012 [/url] .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Hotspur28

Hotspur28
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 24 July 2011 - 07:56 PM

Hi,

Thanks very much for the swift turn-around. As it happens, I'm currently scanning with Panda Antivirus, which is the only anti-virus application that I could get to run. So far it has turned up a few infected files, but I don't know whether it will address the problem (the scan is still in progress). At any rate, I'll take your advice in the meantime and post back here before long with the log file. Thanks again - I really appreciate it.

Paul

Edited by Hotspur28, 24 July 2011 - 07:57 PM.


#4 Hotspur28

Hotspur28
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 24 July 2011 - 08:00 PM

I just checked out the link, and it's the page I was working from earlier. Unfortunately, the automated removal doesn't seem to be an option, since the malware seems to be killing Malware Bytes at the root: within seconds of the scan having started, the application exits (much the same is true of Spyware Doctor, Search and Destory, and HiJack This). Also, to make matters worse, I don't appear to have any system-restore points (though I suspect the malware may be responsible for this as well). I did try rebooting in safe mode with command prompt and then typing "rstrui.exe," but this also tells me there are no system restore points.

I'm really at a loss here, so I'm hoping you can come through for me. Let me know what else I can tell you.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:17 PM

Posted 24 July 2011 - 08:09 PM

Were you able to run FixNCR.reg ?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Hotspur28

Hotspur28
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 24 July 2011 - 08:11 PM

Yeah, I ran that no problem, followed by RKill (under iExplore.exe). But after installing and updating MBAM, the program suddenly quits within a few seconds of my clicking on "scan." Also, if I try to re-open the application, the system tells me that the path is invalid or that I don't have adequate permissions. Re-installing fixes this, but then the program just quits again as soon as I click "scan." (Finally, I also always take care to run the programs "as administrator," but this doesn't seem to make a difference.)

Edited by Hotspur28, 24 July 2011 - 08:12 PM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:17 PM

Posted 24 July 2011 - 08:17 PM

Use Inherit.exe to fix inappropriate permissions.
Use this fix, when you see a box that states “Windows cannot not access the specified device, path, or file. You may have inappropriate permissions to access the item”.

Download This File
Save it next to mbam.exe (this file is located in the Malwarebytes Anti-malware home folder). Once done, drag and drop mbam.exe into Inherit.exe. Click OK and attempt to run Malwarebytes Anti-malware once again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Hotspur28

Hotspur28
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 24 July 2011 - 08:24 PM

OK, that allowed me to open the application, but then it closed abruptly again while "enumerating registry objects." The malware seems to have been designed to kill MBAM and a lot of other similar applications. So far, the only thing I've been able to scan with is Panda (which is currently under way). The weird thing is that I'm not getting any of the annoying pop-ups anymore, but the malware is clearly still lurking on the machine.

Edited by Hotspur28, 24 July 2011 - 08:31 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:17 PM

Posted 24 July 2011 - 08:27 PM

Ok post tje Panda log if you can so I can see what its finding and go from there.'

This online scan may run

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.


  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Hotspur28

Hotspur28
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 24 July 2011 - 08:39 PM

OK, good idea - I was trying to find a trusty cloud-based scanner, but wasn't having much luck. Anyway, I'll post the logs from the ESET and Panda scans as soon as they're finished. Thanks again for your patience.

#11 Hotspur28

Hotspur28
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 24 July 2011 - 09:56 PM

OK, both scans finished, and I've posted the logs below (the formatting is a little wonky - sorry). It seems that a number of infected files were found and removed or quarantined, but I still can't run any malware-removal applications. Also, should I delete the files that Panda quarantined? Finally, I'm not sure about this, but I think the ESET scan failed to remove the files because the Panda scan already caught them...

PANDA

Panda Antivirus Pro 2012 incident report
Filter selected:All, Date: All
INCIDENT NOTIFIED BY DATE-TIME RESULT ADDITIONAL INFORMATION
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Virus detected: W32/Katusha.BN Antivirus protection 24/07/2011 10:44:20 PM Disinfected Path: C:\PROGRAM FILES\COMMON FILES\PANDA SECURITY\PAVSHLD\PAVPRSRV.EXE
Virus detected: W32/Katusha.BN Antivirus protection 24/07/2011 10:44:19 PM Disinfected Path: C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\PAVFNSVR.EXE
Virus detected: W32/Katusha.BN Antivirus protection 24/07/2011 10:40:48 PM Disinfected Path: C:\ACER\MOBILITY CENTER\MOBILITYSERVICE.EXE
Virus detected: W32/Katusha.BN Antivirus protection 24/07/2011 10:40:28 PM Disinfected Path: C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\PSCTRLS.EXE
Virus detected: W32/Katusha.BN Antivirus protection 24/07/2011 10:40:26 PM Disinfected Path: C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\PSKSVC.EXE
Virus detected: W32/Katusha.BN Antivirus protection 24/07/2011 10:40:19 PM Disinfected Path: C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\PSCTRLS.EXE
Virus detected: W32/Katusha.BN Antivirus protection 24/07/2011 10:40:03 PM Disinfected Path: C:\ACER\EMPOWERING TECHNOLOGY\EDATASECURITY\X86\EDSSERVICE.EXE
Scan complete On-demand antivirus scan 24/07/2011 10:33:52 PM Scan: Scanning the whole system
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 9:36:47 PM Disinfected Path: c:\windows\system32\drivers\xaudio.exe
Spyware detected: Cookie/Tribalfusion On-demand antivirus scan 24/07/2011 9:35:45 PM Deleted Path: c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@tribalfusion[1].txt
Spyware detected: Cookie/Serving-sys On-demand antivirus scan 24/07/2011 9:35:45 PM Deleted Path: c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@serving-sys[2].txt
Spyware detected: Cookie/RealMedia On-demand antivirus scan 24/07/2011 9:35:44 PM Deleted Path: c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@realmedia[1].txt
Spyware detected: Cookie/Mediaplex On-demand antivirus scan 24/07/2011 9:35:44 PM Deleted Path: c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@mediaplex[1].txt
Spyware detected: Cookie/Doubleclick On-demand antivirus scan 24/07/2011 9:35:43 PM Deleted Path: c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@doubleclick[2].txt
Spyware detected: Cookie/Atlas DMT On-demand antivirus scan 24/07/2011 9:35:42 PM Deleted Path: c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@atdmt[1].txt
Spyware detected: Cookie/adultfriend... On-demand antivirus scan 24/07/2011 9:35:42 PM Deleted Path: c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@adultfriendfinder[1].txt
Spyware detected: Cookie/Apmebf On-demand antivirus scan 24/07/2011 9:35:42 PM Deleted Path: c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@apmebf[1].txt
Spyware detected: Cookie/YieldManager On-demand antivirus scan 24/07/2011 9:35:42 PM Deleted Path: c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@ad.yieldmanager[1].txt
Virus detected: Generic Malware On-demand antivirus scan 24/07/2011 9:26:43 PM Deleted Path: c:\windows\assembly\gac_msil\desktop.ini
Spyware detected: Cookie/Doubleclick On-demand antivirus scan 24/07/2011 9:21:10 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\paul@doubleclick[2].txt
Spyware detected: Cookie/YieldManager On-demand antivirus scan 24/07/2011 9:21:09 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\paul@ad.yieldmanager[1].txt
Spyware detected: Cookie/Zedo On-demand antivirus scan 24/07/2011 9:21:09 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@zedo[2].txt
Spyware detected: Cookie/Yadro On-demand antivirus scan 24/07/2011 9:21:09 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@yadro[1].txt
Spyware detected: Cookie/BurstBeacon On-demand antivirus scan 24/07/2011 9:21:08 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@www.burstbeacon[1].txt
Spyware detected: Cookie/Weborama On-demand antivirus scan 24/07/2011 9:21:08 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@weborama[1].txt
Spyware detected: Cookie/Tribalfusion On-demand antivirus scan 24/07/2011 9:21:07 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@tribalfusion[1].txt
Spyware detected: Cookie/Traffic Mar... On-demand antivirus scan 24/07/2011 9:21:07 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@trafficmp[2].txt
Spyware detected: Cookie/Toplist On-demand antivirus scan 24/07/2011 9:21:07 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@toplist[2].txt
Spyware detected: Cookie/WebtrendsLive On-demand antivirus scan 24/07/2011 9:21:07 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@statse.webtrendslive[2].txt
Spyware detected: Cookie/Statcounter On-demand antivirus scan 24/07/2011 9:21:07 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@statcounter[2].txt
Spyware detected: Cookie/Serving-sys On-demand antivirus scan 24/07/2011 9:21:07 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@serving-sys[2].txt
Spyware detected: Cookie/RealMedia On-demand antivirus scan 24/07/2011 9:21:06 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@realmedia[1].txt
Spyware detected: Cookie/QuestionMarket On-demand antivirus scan 24/07/2011 9:21:06 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@questionmarket[2].txt
Spyware detected: Cookie/Mediaplex On-demand antivirus scan 24/07/2011 9:21:05 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@mediaplex[2].txt
Spyware detected: Cookie/Go On-demand antivirus scan 24/07/2011 9:21:04 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@go[2].txt
Spyware detected: Cookie/FastClick On-demand antivirus scan 24/07/2011 9:21:04 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@fastclick[1].txt
Spyware detected: Cookie/Doubleclick On-demand antivirus scan 24/07/2011 9:21:03 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@doubleclick[2].txt
Spyware detected: Cookie/Com.com On-demand antivirus scan 24/07/2011 9:21:03 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@com[1].txt
Spyware detected: Cookie/Casalemedia On-demand antivirus scan 24/07/2011 9:21:02 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@casalemedia[2].txt
Spyware detected: Cookie/BurstNet On-demand antivirus scan 24/07/2011 9:21:02 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@burstnet[1].txt
Spyware detected: Cookie/Serving-sys On-demand antivirus scan 24/07/2011 9:21:02 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@bs.serving-sys[1].txt
Spyware detected: Cookie/Atlas DMT On-demand antivirus scan 24/07/2011 9:21:02 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@atdmt[1].txt
Spyware detected: Cookie/Apmebf On-demand antivirus scan 24/07/2011 9:21:01 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@apmebf[2].txt
Spyware detected: Cookie/Advertising On-demand antivirus scan 24/07/2011 9:21:01 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@advertising[1].txt
Spyware detected: Cookie/YieldManager On-demand antivirus scan 24/07/2011 9:21:01 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@ad.yieldmanager[1].txt
Spyware detected: Cookie/PointRoll On-demand antivirus scan 24/07/2011 9:21:01 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@ads.pointroll[1].txt
Spyware detected: Cookie/Adtech On-demand antivirus scan 24/07/2011 9:21:01 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@adtech[1].txt
Spyware detected: Cookie/RealMedia On-demand antivirus scan 24/07/2011 9:21:01 PM Deleted Path: c:\users\paul\appdata\roaming\microsoft\windows\cookies\low\paul@247realmedia[1].txt
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 9:14:00 PM Disinfected Path: c:\program files\spyware doctor\bdt\bdtupdateservice.exe
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 9:13:45 PM Disinfected Path: c:\program files\shadowexplorer\sesvc.exe
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 9:10:19 PM Disinfected Path: c:\program files\malwarebytes' anti-malware\mbamservice.exe
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 9:09:42 PM Disinfected Path: c:\program files\intel\intel matrix storage manager\iaantmon.exe
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 9:07:44 PM Disinfected Path: c:\program files\cyberlink\shared files\richvideo.exe
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 9:05:32 PM Disinfected Path: c:\program files\common files\lightscribe\lssrvc.exe
Update Updates system 24/07/2011 8:58:02 PM Correct Type: Identity protection
Update Updates system 24/07/2011 8:57:51 PM Correct File modification signatures
Update Updates system 24/07/2011 8:57:44 PM Incorrect Error: Error in the download process
Update Updates system 24/07/2011 8:57:43 PM Incorrect Error: Error in the download process
Update Updates system 24/07/2011 8:57:35 PM Correct File: Threat signatures
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 8:51:05 PM Moved to quarantine Path: c:\windows\system32\drivers\xaudio.exe
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 8:47:31 PM Moved to quarantine Path: c:\program files\cyberlink\shared files\richvideo.exe
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 8:47:08 PM Moved to quarantine Path: c:\acer\empowering technology\epower\epowersvc.exe
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 8:47:06 PM Moved to quarantine Path: c:\acer\empowering technology\enet\enet service.exe
Scan started On-demand antivirus scan 24/07/2011 8:46:40 PM Scan: Scanning System
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 8:43:45 PM Moved to quarantine Path: c:\acer\empowering technology\epower\epowersvc.exe
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 8:43:42 PM Moved to quarantine Path: c:\acer\empowering technology\enet\enet service.exe
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 8:42:03 PM Moved to quarantine Path: c:\windows\system32\drivers\xaudio.exe
Suspicious file On-demand antivirus scan 24/07/2011 8:42:01 PM Moved to quarantine File: c:\program files\shadowexplorer\sesvc.exe
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 8:41:44 PM Moved to quarantine Path: c:\program files\malwarebytes' anti-malware\mbamservice.exe
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 8:41:43 PM Moved to quarantine Path: c:\program files\cyberlink\shared files\richvideo.exe
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 8:41:41 PM Moved to quarantine Path: c:\acer\empowering technology\esettings\service\capuserv.exe
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 8:41:40 PM Moved to quarantine Path: c:\acer\empowering technology\erecovery\erecoveryservice.exe
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 8:41:37 PM Moved to quarantine Path: c:\acer\empowering technology\epower\epowersvc.exe
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 8:41:35 PM Moved to quarantine Path: c:\acer\empowering technology\enet\enet service.exe
Virus detected: W32/Katusha.BN On-demand antivirus scan 24/07/2011 8:41:33 PM Moved to quarantine Path: c:\acer\empowering technology\elock\service\elockserv.exe
Scan started On-demand antivirus scan 24/07/2011 8:40:41 PM Scan: Scanning the whole system

-----

ESET

C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe Win32/Patched.HN trojan error while cleaning
C:\Acer\Empowering Technology\eNet\eNet Service.exe Win32/Patched.HN trojan error while cleaning
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe Win32/Patched.HN trojan error while cleaning
C:\Acer\Mobility Center\MobilityService.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Common Files\LightScribe\LSSrvc.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\CyberLink\Shared Files\RichVideo.exe Win32/Patched.HN trojan error while cleaning

#12 Hotspur28

Hotspur28
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 24 July 2011 - 10:03 PM

Also, Panda keeps flashing updates about a virus called W32/Katusha.bn that is apparently in executables in the Panda directory. It seems like whenever I run anti-virus or anti-malware applications, they in turn become infected...

#13 Hotspur28

Hotspur28
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 25 July 2011 - 12:54 AM

*Update*

I finally managed to get MBAM running by killing all the non-essential processes in the task manager. I was also able to run HiJack This, and I am currently scanning again with SUPERAntiSpyware. For some strange reason, the MBAM scan turned up only a single infected file, even though I have a feeling the problem runs far deeper. Let me know if you'd like to see the HiJack This log, where there is a ton of suspicious looking stuff. In the meantime, here is the log from the MBAM scan:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7269

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

25/07/2011 1:42:23 AM
mbam-log-2011-07-25 (01-42-23).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 247655
Time elapsed: 42 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\487199883 (Trojan.FakeAlert) -> Value: 487199883 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:17 PM

Posted 25 July 2011 - 02:27 PM

Ok, now that we have substantial progress lets see if there is TDSS on here.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.9.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Hotspur28

Hotspur28
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 25 July 2011 - 02:34 PM

Hi again,

Thanks very much for checking back in. I managed to run TDSSkiller without incident, though it found one suspicous object. In fact, I actually ran this last night, and it initially found a couple of things that have since been deleted. Below I've posted the initial log file from the first scan, as well as the most recent log. Let me know what you think.

First Scan:

2011/07/25 00:15:50.0270 5980 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/25 00:15:50.0925 5980 ================================================================================
2011/07/25 00:15:50.0925 5980 SystemInfo:
2011/07/25 00:15:50.0925 5980
2011/07/25 00:15:50.0925 5980 OS Version: 6.0.6001 ServicePack: 1.0
2011/07/25 00:15:50.0925 5980 Product type: Workstation
2011/07/25 00:15:50.0925 5980 ComputerName: PAUL-PC
2011/07/25 00:15:50.0941 5980 UserName: Paul
2011/07/25 00:15:50.0941 5980 Windows directory: C:\Windows
2011/07/25 00:15:50.0941 5980 System windows directory: C:\Windows
2011/07/25 00:15:50.0941 5980 Processor architecture: Intel x86
2011/07/25 00:15:50.0941 5980 Number of processors: 2
2011/07/25 00:15:50.0941 5980 Page size: 0x1000
2011/07/25 00:15:50.0941 5980 Boot type: Normal boot
2011/07/25 00:15:50.0941 5980 ================================================================================
2011/07/25 00:15:54.0170 5980 Initialize success
2011/07/25 00:15:58.0663 4320 ================================================================================
2011/07/25 00:15:58.0663 4320 Scan started
2011/07/25 00:15:58.0663 4320 Mode: Manual;
2011/07/25 00:15:58.0663 4320 ================================================================================
2011/07/25 00:15:59.0271 4320 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/07/25 00:15:59.0349 4320 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/07/25 00:15:59.0459 4320 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/07/25 00:15:59.0521 4320 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/07/25 00:15:59.0615 4320 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/07/25 00:15:59.0802 4320 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
2011/07/25 00:15:59.0927 4320 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/07/25 00:16:00.0051 4320 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/07/25 00:16:00.0098 4320 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/25 00:16:00.0192 4320 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/07/25 00:16:00.0285 4320 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/07/25 00:16:00.0348 4320 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/07/25 00:16:00.0473 4320 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/07/25 00:16:00.0566 4320 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/07/25 00:16:00.0691 4320 AmFSM (36b58a8bafe100de90c87a3c0e56a3f2) C:\Windows\system32\DRIVERS\amm8660.sys
2011/07/25 00:16:00.0816 4320 ApfiltrService (0a0fbc30de483233124cdaef8e5cbcdd) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/25 00:16:00.0909 4320 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/07/25 00:16:01.0003 4320 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/07/25 00:16:01.0097 4320 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/25 00:16:01.0206 4320 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/07/25 00:16:01.0331 4320 athr (dcdfc3a5a8b239055aab6bd975ada889) C:\Windows\system32\DRIVERS\athr.sys
2011/07/25 00:16:01.0596 4320 b57nd60x (aa6b367ca7da571dfc3374ec137d87a5) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/25 00:16:01.0689 4320 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/25 00:16:01.0783 4320 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/07/25 00:16:01.0877 4320 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/25 00:16:01.0955 4320 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/25 00:16:02.0001 4320 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/25 00:16:02.0095 4320 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/25 00:16:02.0142 4320 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/25 00:16:02.0189 4320 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/25 00:16:02.0235 4320 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/25 00:16:02.0313 4320 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/25 00:16:02.0360 4320 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/25 00:16:02.0423 4320 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/25 00:16:02.0485 4320 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/25 00:16:02.0563 4320 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/07/25 00:16:02.0719 4320 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/25 00:16:02.0781 4320 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/07/25 00:16:02.0844 4320 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/25 00:16:02.0953 4320 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/07/25 00:16:03.0062 4320 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/07/25 00:16:03.0234 4320 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/07/25 00:16:03.0405 4320 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/07/25 00:16:03.0561 4320 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/07/25 00:16:03.0780 4320 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/07/25 00:16:03.0905 4320 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/07/25 00:16:03.0998 4320 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/07/25 00:16:04.0107 4320 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2011/07/25 00:16:04.0263 4320 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/25 00:16:04.0404 4320 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/25 00:16:04.0529 4320 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/25 00:16:04.0700 4320 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/07/25 00:16:04.0965 4320 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/07/25 00:16:05.0137 4320 enecir (29dcaeb81dde6f154aa4d36b18ecbb1f) C:\Windows\system32\DRIVERS\enecir.sys
2011/07/25 00:16:05.0293 4320 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/07/25 00:16:05.0527 4320 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/07/25 00:16:05.0605 4320 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/07/25 00:16:05.0683 4320 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/25 00:16:05.0823 4320 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/25 00:16:05.0917 4320 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/25 00:16:05.0995 4320 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/25 00:16:06.0073 4320 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/07/25 00:16:06.0213 4320 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/25 00:16:06.0276 4320 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/25 00:16:06.0479 4320 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/07/25 00:16:06.0557 4320 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/25 00:16:06.0650 4320 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/25 00:16:06.0728 4320 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/25 00:16:06.0900 4320 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/25 00:16:07.0009 4320 hitmanpro35 (2306232284ab686aaaa9e82b3a668677) C:\Windows\system32\drivers\hitmanpro35.sys
2011/07/25 00:16:07.0118 4320 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/07/25 00:16:07.0243 4320 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/07/25 00:16:07.0368 4320 HSF_DPV (3f53b4af98f8fd83b7f0b8b65d2d90a7) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/07/25 00:16:07.0602 4320 HSXHWAZL (194bc52fc0f53e540faf9de8a9c05255) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/07/25 00:16:07.0727 4320 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
2011/07/25 00:16:10.0035 4320 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/07/25 00:16:10.0191 4320 i8042prt (cbd499fa3a244cb0c717d5ba6bc08d7b) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/25 00:16:10.0207 4320 Suspicious file (Forged): C:\Windows\system32\DRIVERS\i8042prt.sys. Real md5: cbd499fa3a244cb0c717d5ba6bc08d7b, Fake md5: 22d56c8184586b7a1f6fa60be5f5a2bd
2011/07/25 00:16:10.0223 4320 i8042prt - detected ForgedFile.Multi.Generic (1)
2011/07/25 00:16:10.0332 4320 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/25 00:16:10.0410 4320 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/07/25 00:16:12.0797 4320 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/25 00:16:13.0155 4320 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/25 00:16:13.0374 4320 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/07/25 00:16:13.0608 4320 IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/25 00:16:13.0920 4320 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/25 00:16:13.0998 4320 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/25 00:16:14.0091 4320 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/25 00:16:14.0310 4320 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/25 00:16:14.0372 4320 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/25 00:16:15.0854 4320 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/25 00:16:15.0917 4320 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/07/25 00:16:16.0010 4320 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/25 00:16:16.0073 4320 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/25 00:16:16.0182 4320 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/25 00:16:16.0275 4320 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/25 00:16:16.0322 4320 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/25 00:16:16.0463 4320 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/25 00:16:16.0697 4320 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/25 00:16:16.0806 4320 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/25 00:16:16.0915 4320 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/25 00:16:17.0024 4320 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/25 00:16:17.0087 4320 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/25 00:16:17.0196 4320 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/07/25 00:16:17.0305 4320 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/07/25 00:16:17.0461 4320 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/07/25 00:16:17.0523 4320 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/07/25 00:16:17.0617 4320 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/07/25 00:16:17.0820 4320 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/25 00:16:17.0913 4320 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/25 00:16:18.0007 4320 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/25 00:16:18.0054 4320 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/25 00:16:18.0179 4320 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/25 00:16:18.0272 4320 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/07/25 00:16:18.0366 4320 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/25 00:16:18.0491 4320 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/25 00:16:18.0584 4320 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/07/25 00:16:18.0678 4320 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/25 00:16:18.0803 4320 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/25 00:16:18.0943 4320 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/25 00:16:19.0068 4320 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/07/25 00:16:19.0161 4320 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/07/25 00:16:19.0302 4320 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/25 00:16:19.0349 4320 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/25 00:16:19.0505 4320 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/25 00:16:19.0583 4320 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/25 00:16:19.0614 4320 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/25 00:16:19.0676 4320 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/07/25 00:16:19.0754 4320 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/25 00:16:19.0801 4320 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/25 00:16:19.0863 4320 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/07/25 00:16:20.0035 4320 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/25 00:16:20.0160 4320 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/07/25 00:16:20.0238 4320 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/25 00:16:20.0331 4320 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/25 00:16:20.0456 4320 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/25 00:16:20.0534 4320 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/25 00:16:20.0675 4320 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/25 00:16:20.0753 4320 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/25 00:16:21.0049 4320 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/07/25 00:16:21.0533 4320 NETw4v32 (38d720e0c8b0ecb9a019980265679798) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/07/25 00:16:21.0938 4320 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/25 00:16:22.0063 4320 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/07/25 00:16:22.0157 4320 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/25 00:16:22.0297 4320 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/07/25 00:16:24.0497 4320 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/07/25 00:16:24.0559 4320 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/25 00:16:24.0621 4320 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/25 00:16:24.0746 4320 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/07/25 00:16:24.0824 4320 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/07/25 00:16:24.0887 4320 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/07/25 00:16:25.0183 4320 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/25 00:16:25.0355 4320 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/25 00:16:25.0448 4320 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/07/25 00:16:25.0542 4320 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/25 00:16:25.0667 4320 pavboot (55d654258a9c509b671310c314bd30b4) C:\Windows\system32\Drivers\pavboot.sys
2011/07/25 00:16:25.0838 4320 PavProc (a110035fdc4b8f8f0cd5e71d031274e1) C:\Windows\system32\DRIVERS\PavProc.sys
2011/07/25 00:16:26.0150 4320 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/07/25 00:16:26.0213 4320 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/07/25 00:16:26.0306 4320 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/25 00:16:26.0447 4320 PCTCore (3e8ce6c67b292a4fdf65ed625e5f5e81) C:\Windows\system32\drivers\PCTCore.sys
2011/07/25 00:16:26.0571 4320 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
2011/07/25 00:16:26.0712 4320 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
2011/07/25 00:16:26.0868 4320 PCTSD (83ddd552f7f1043f764e8cc88ff41232) C:\Windows\system32\Drivers\PCTSD.sys
2011/07/25 00:16:27.0055 4320 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/25 00:16:27.0445 4320 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/25 00:16:27.0523 4320 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/07/25 00:16:27.0695 4320 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/25 00:16:27.0835 4320 PSDFilter (18de162f9b83079c24cd96f59292f5ed) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/07/25 00:16:27.0929 4320 PSDNServ (bc1457a28e76ab3106d43802ac22a627) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/07/25 00:16:28.0022 4320 psdvdisk (ac151e5b0943304e368c98ec78b5fc4f) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/07/25 00:16:28.0241 4320 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/07/25 00:16:28.0568 4320 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/25 00:16:28.0709 4320 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/25 00:16:28.0802 4320 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/25 00:16:28.0880 4320 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/25 00:16:29.0005 4320 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/25 00:16:29.0099 4320 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/25 00:16:29.0223 4320 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/25 00:16:29.0301 4320 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/25 00:16:29.0426 4320 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/07/25 00:16:31.0688 4320 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/25 00:16:31.0782 4320 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/07/25 00:16:32.0016 4320 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/07/25 00:16:32.0094 4320 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/07/25 00:16:32.0187 4320 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/07/25 00:16:34.0403 4320 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/25 00:16:34.0527 4320 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/25 00:16:34.0699 4320 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/25 00:16:34.0839 4320 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/25 00:16:35.0027 4320 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/25 00:16:35.0105 4320 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/25 00:16:35.0167 4320 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/25 00:16:35.0370 4320 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/07/25 00:16:35.0448 4320 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/25 00:16:35.0557 4320 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/25 00:16:35.0635 4320 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/25 00:16:35.0838 4320 ShldDrv (32d6f7632234f0354c79e915ca4613d4) C:\Windows\system32\DRIVERS\ShlDrv51.sys
2011/07/25 00:16:35.0947 4320 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/07/25 00:16:36.0009 4320 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/07/25 00:16:36.0103 4320 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/07/25 00:16:36.0275 4320 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/07/25 00:16:36.0509 4320 SNP2UVC (d79fe8ff4c1a11cd650a8bbeac62be9f) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/07/25 00:16:36.0696 4320 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/25 00:16:36.0867 4320 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/07/25 00:16:36.0867 4320 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/07/25 00:16:36.0883 4320 sptd - detected LockedFile.Multi.Generic (1)
2011/07/25 00:16:36.0992 4320 srv (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys
2011/07/25 00:16:37.0133 4320 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/25 00:16:37.0242 4320 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/25 00:16:37.0429 4320 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/25 00:16:37.0523 4320 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/25 00:16:37.0710 4320 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/25 00:16:37.0850 4320 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/25 00:16:38.0037 4320 Tcpip (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\drivers\tcpip.sys
2011/07/25 00:16:40.0346 4320 Tcpip6 (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/25 00:16:40.0424 4320 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/25 00:16:40.0518 4320 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/25 00:16:40.0643 4320 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/25 00:16:40.0721 4320 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/25 00:16:40.0845 4320 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/25 00:16:41.0064 4320 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/25 00:16:41.0126 4320 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/25 00:16:41.0235 4320 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/25 00:16:41.0360 4320 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/07/25 00:16:41.0485 4320 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/25 00:16:41.0688 4320 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/25 00:16:41.0766 4320 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/07/25 00:16:41.0891 4320 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/25 00:16:42.0047 4320 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/25 00:16:42.0140 4320 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/25 00:16:42.0374 4320 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/25 00:16:42.0468 4320 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/25 00:16:42.0561 4320 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/25 00:16:42.0671 4320 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/25 00:16:42.0780 4320 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/07/25 00:16:42.0873 4320 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/25 00:16:42.0983 4320 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/25 00:16:43.0107 4320 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/25 00:16:43.0201 4320 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/25 00:16:43.0373 4320 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/25 00:16:43.0497 4320 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/25 00:16:43.0622 4320 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/07/25 00:16:43.0700 4320 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/07/25 00:16:43.0809 4320 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/07/25 00:16:43.0887 4320 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/25 00:16:43.0997 4320 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/07/25 00:16:44.0075 4320 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/07/25 00:16:44.0199 4320 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/07/25 00:16:44.0418 4320 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/25 00:16:44.0527 4320 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/25 00:16:44.0589 4320 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/25 00:16:44.0745 4320 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/25 00:16:44.0870 4320 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/25 00:16:45.0198 4320 winachsf (c9c63410d8cf98f621b9cc62243fb877) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/07/25 00:16:45.0479 4320 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/25 00:16:45.0666 4320 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/25 00:16:45.0837 4320 WSVD (2584df81cc9f7e7bd3545691106f8cae) C:\Windows\system32\drivers\WSVD.sys
2011/07/25 00:16:46.0009 4320 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/25 00:16:46.0118 4320 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\Windows\system32\DRIVERS\xaudio.sys
2011/07/25 00:16:46.0290 4320 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
2011/07/25 00:16:46.0337 4320 MBR (0x1B8) (9a60a21600304533d523088c7b447e29) \Device\Harddisk0\DR0
2011/07/25 00:16:46.0368 4320 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/07/25 00:16:46.0399 4320 Boot (0x1200) (96640c57a9a135108ba3d705096de6d8) \Device\Harddisk0\DR0\Partition0
2011/07/25 00:16:46.0446 4320 Boot (0x1200) (c2896f9f5ca663eeed4ddb865c83793d) \Device\Harddisk0\DR0\Partition1
2011/07/25 00:16:46.0461 4320 ================================================================================
2011/07/25 00:16:46.0461 4320 Scan finished
2011/07/25 00:16:46.0461 4320 ================================================================================
2011/07/25 00:16:46.0493 5784 Detected object count: 3
2011/07/25 00:16:46.0493 5784 Actual detected object count: 3
2011/07/25 00:17:06.0648 5784 ForgedFile.Multi.Generic(i8042prt) - User select action: Skip
2011/07/25 00:17:06.0663 5784 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/07/25 00:17:06.0710 5784 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/07/25 00:17:06.0710 5784 \Device\Harddisk0\DR0 - ok
2011/07/25 00:17:06.0726 5784 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/25 00:17:12.0857 5884 Deinitialize success

----

Most recent scan:

2011/07/25 15:28:31.0150 4868 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/25 15:28:31.0305 4868 ================================================================================
2011/07/25 15:28:31.0306 4868 SystemInfo:
2011/07/25 15:28:31.0306 4868
2011/07/25 15:28:31.0306 4868 OS Version: 6.0.6001 ServicePack: 1.0
2011/07/25 15:28:31.0306 4868 Product type: Workstation
2011/07/25 15:28:31.0306 4868 ComputerName: PAUL-PC
2011/07/25 15:28:31.0306 4868 UserName: Paul
2011/07/25 15:28:31.0307 4868 Windows directory: C:\Windows
2011/07/25 15:28:31.0307 4868 System windows directory: C:\Windows
2011/07/25 15:28:31.0307 4868 Processor architecture: Intel x86
2011/07/25 15:28:31.0307 4868 Number of processors: 2
2011/07/25 15:28:31.0307 4868 Page size: 0x1000
2011/07/25 15:28:31.0307 4868 Boot type: Normal boot
2011/07/25 15:28:31.0307 4868 ================================================================================
2011/07/25 15:28:32.0383 4868 Initialize success
2011/07/25 15:28:34.0604 2404 ================================================================================
2011/07/25 15:28:34.0604 2404 Scan started
2011/07/25 15:28:34.0604 2404 Mode: Manual;
2011/07/25 15:28:34.0604 2404 ================================================================================
2011/07/25 15:28:36.0208 2404 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/07/25 15:28:36.0338 2404 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/07/25 15:28:36.0480 2404 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/07/25 15:28:36.0571 2404 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/07/25 15:28:36.0657 2404 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/07/25 15:28:36.0791 2404 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
2011/07/25 15:28:36.0878 2404 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/07/25 15:28:36.0968 2404 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/07/25 15:28:37.0069 2404 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/25 15:28:37.0117 2404 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/07/25 15:28:37.0169 2404 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/07/25 15:28:37.0238 2404 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/07/25 15:28:37.0326 2404 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/07/25 15:28:37.0437 2404 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/07/25 15:28:37.0545 2404 AmFSM (36b58a8bafe100de90c87a3c0e56a3f2) C:\Windows\system32\DRIVERS\amm8660.sys
2011/07/25 15:28:37.0638 2404 ApfiltrService (a24bf3622223933d478af613df323a57) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/25 15:28:37.0741 2404 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/07/25 15:28:37.0805 2404 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/07/25 15:28:37.0903 2404 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys
2011/07/25 15:28:38.0005 2404 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys
2011/07/25 15:28:38.0061 2404 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys
2011/07/25 15:28:38.0133 2404 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys
2011/07/25 15:28:38.0245 2404 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys
2011/07/25 15:28:38.0388 2404 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys
2011/07/25 15:28:38.0515 2404 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/25 15:28:38.0586 2404 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/07/25 15:28:38.0710 2404 athr (dcdfc3a5a8b239055aab6bd975ada889) C:\Windows\system32\DRIVERS\athr.sys
2011/07/25 15:28:38.0916 2404 b57nd60x (aa6b367ca7da571dfc3374ec137d87a5) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/25 15:28:39.0007 2404 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/25 15:28:39.0099 2404 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/07/25 15:28:39.0141 2404 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/25 15:28:39.0231 2404 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/25 15:28:39.0291 2404 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/25 15:28:39.0439 2404 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/25 15:28:39.0524 2404 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/25 15:28:39.0600 2404 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/25 15:28:39.0688 2404 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/25 15:28:39.0778 2404 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/25 15:28:39.0859 2404 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/25 15:28:39.0953 2404 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/25 15:28:40.0035 2404 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/25 15:28:40.0124 2404 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/07/25 15:28:40.0264 2404 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/25 15:28:40.0333 2404 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/07/25 15:28:40.0392 2404 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/25 15:28:40.0485 2404 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/07/25 15:28:40.0578 2404 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/07/25 15:28:40.0739 2404 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/07/25 15:28:40.0833 2404 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/07/25 15:28:40.0921 2404 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/07/25 15:28:41.0098 2404 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/07/25 15:28:41.0177 2404 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/07/25 15:28:41.0250 2404 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/07/25 15:28:41.0357 2404 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2011/07/25 15:28:41.0490 2404 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/25 15:28:41.0603 2404 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/25 15:28:41.0667 2404 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/25 15:28:41.0772 2404 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/07/25 15:28:41.0947 2404 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/07/25 15:28:42.0065 2404 enecir (29dcaeb81dde6f154aa4d36b18ecbb1f) C:\Windows\system32\DRIVERS\enecir.sys
2011/07/25 15:28:42.0180 2404 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/07/25 15:28:42.0374 2404 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/07/25 15:28:42.0444 2404 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/07/25 15:28:42.0537 2404 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/25 15:28:42.0647 2404 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/25 15:28:42.0729 2404 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/25 15:28:42.0805 2404 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/25 15:28:42.0912 2404 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/07/25 15:28:42.0962 2404 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/25 15:28:43.0016 2404 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/25 15:28:43.0206 2404 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/07/25 15:28:43.0273 2404 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/25 15:28:43.0364 2404 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/25 15:28:43.0431 2404 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/25 15:28:43.0521 2404 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/25 15:28:43.0610 2404 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/07/25 15:28:43.0713 2404 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/07/25 15:28:43.0855 2404 HSF_DPV (3f53b4af98f8fd83b7f0b8b65d2d90a7) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/07/25 15:28:43.0995 2404 HSXHWAZL (194bc52fc0f53e540faf9de8a9c05255) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/07/25 15:28:44.0085 2404 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
2011/07/25 15:28:44.0176 2404 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/07/25 15:28:44.0288 2404 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/25 15:28:44.0420 2404 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/25 15:28:44.0501 2404 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/07/25 15:28:44.0756 2404 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/25 15:28:44.0929 2404 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/25 15:28:45.0091 2404 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/07/25 15:28:45.0296 2404 IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/25 15:28:45.0474 2404 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/25 15:28:45.0542 2404 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/25 15:28:45.0643 2404 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/25 15:28:45.0789 2404 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/25 15:28:45.0880 2404 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/25 15:28:45.0950 2404 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/25 15:28:46.0016 2404 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/07/25 15:28:46.0095 2404 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/25 15:28:46.0159 2404 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/25 15:28:46.0225 2404 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/25 15:28:46.0291 2404 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/25 15:28:46.0392 2404 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/25 15:28:46.0495 2404 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/25 15:28:46.0693 2404 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/25 15:28:46.0827 2404 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/25 15:28:46.0912 2404 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/25 15:28:46.0965 2404 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/25 15:28:47.0015 2404 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/25 15:28:47.0095 2404 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/07/25 15:28:47.0201 2404 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/07/25 15:28:47.0298 2404 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/07/25 15:28:47.0392 2404 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/07/25 15:28:47.0550 2404 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/25 15:28:47.0646 2404 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/25 15:28:47.0691 2404 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/25 15:28:47.0737 2404 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/25 15:28:47.0783 2404 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/25 15:28:47.0860 2404 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/07/25 15:28:47.0913 2404 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/25 15:28:48.0029 2404 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/25 15:28:48.0113 2404 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/07/25 15:28:48.0168 2404 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/25 15:28:48.0270 2404 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/25 15:28:48.0339 2404 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/25 15:28:48.0419 2404 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/07/25 15:28:48.0513 2404 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/07/25 15:28:48.0634 2404 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/25 15:28:48.0711 2404 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/25 15:28:48.0817 2404 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/25 15:28:48.0892 2404 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/25 15:28:48.0956 2404 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/25 15:28:49.0048 2404 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/07/25 15:28:49.0158 2404 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/25 15:28:49.0231 2404 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/25 15:28:49.0303 2404 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/07/25 15:28:49.0443 2404 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/25 15:28:49.0577 2404 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/07/25 15:28:49.0815 2404 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/25 15:28:50.0086 2404 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/25 15:28:50.0200 2404 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/25 15:28:50.0304 2404 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/25 15:28:50.0401 2404 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/25 15:28:50.0473 2404 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/25 15:28:50.0668 2404 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/07/25 15:28:50.0911 2404 NETw4v32 (38d720e0c8b0ecb9a019980265679798) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/07/25 15:28:51.0068 2404 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/25 15:28:51.0129 2404 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/07/25 15:28:51.0188 2404 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/25 15:28:51.0295 2404 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/07/25 15:28:51.0419 2404 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/07/25 15:28:51.0482 2404 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/25 15:28:51.0532 2404 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/25 15:28:51.0589 2404 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/07/25 15:28:51.0634 2404 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/07/25 15:28:51.0703 2404 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/07/25 15:28:51.0950 2404 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/25 15:28:52.0157 2404 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/25 15:28:52.0205 2404 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/07/25 15:28:52.0263 2404 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/25 15:28:52.0332 2404 pavboot (55d654258a9c509b671310c314bd30b4) C:\Windows\system32\Drivers\pavboot.sys
2011/07/25 15:28:52.0491 2404 PavProc (a110035fdc4b8f8f0cd5e71d031274e1) C:\Windows\system32\DRIVERS\PavProc.sys
2011/07/25 15:28:52.0692 2404 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/07/25 15:28:52.0749 2404 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/07/25 15:28:52.0804 2404 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/25 15:28:52.0912 2404 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/25 15:28:53.0176 2404 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/25 15:28:53.0269 2404 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/07/25 15:28:53.0363 2404 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/25 15:28:53.0417 2404 PSDFilter (18de162f9b83079c24cd96f59292f5ed) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/07/25 15:28:53.0467 2404 PSDNServ (bc1457a28e76ab3106d43802ac22a627) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/07/25 15:28:53.0518 2404 psdvdisk (ac151e5b0943304e368c98ec78b5fc4f) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/07/25 15:28:53.0670 2404 pxkbf (0c738845c7c12c45f05b127edff2cc87) C:\Windows\system32\drivers\pxkbf.sys
2011/07/25 15:28:53.0729 2404 pxrts (04d1c97a0818f9378eeaa793a09f8202) C:\Windows\system32\drivers\pxrts.sys
2011/07/25 15:28:53.0785 2404 pxscan (e6e1f9f717feab3e16c3b160b17e6855) C:\Windows\system32\drivers\pxscan.sys
2011/07/25 15:28:53.0911 2404 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/07/25 15:28:54.0016 2404 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/25 15:28:54.0091 2404 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/25 15:28:54.0137 2404 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/25 15:28:54.0216 2404 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/25 15:28:54.0320 2404 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/25 15:28:54.0366 2404 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/25 15:28:54.0439 2404 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/25 15:28:54.0510 2404 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/25 15:28:54.0594 2404 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/07/25 15:28:54.0677 2404 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/25 15:28:54.0789 2404 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/07/25 15:28:54.0921 2404 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/07/25 15:28:54.0998 2404 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/07/25 15:28:55.0081 2404 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/07/25 15:28:55.0185 2404 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/25 15:28:55.0523 2404 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/25 15:28:55.0626 2404 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/25 15:28:55.0733 2404 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/25 15:28:55.0835 2404 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/25 15:28:55.0916 2404 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/25 15:28:56.0004 2404 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/25 15:28:56.0172 2404 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/07/25 15:28:56.0224 2404 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/25 15:28:56.0268 2404 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/25 15:28:56.0328 2404 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/25 15:28:56.0424 2404 ShldDrv (32d6f7632234f0354c79e915ca4613d4) C:\Windows\system32\DRIVERS\ShlDrv51.sys
2011/07/25 15:28:56.0541 2404 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/07/25 15:28:56.0597 2404 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/07/25 15:28:56.0683 2404 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/07/25 15:28:56.0797 2404 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/07/25 15:28:57.0062 2404 SNP2UVC (d79fe8ff4c1a11cd650a8bbeac62be9f) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/07/25 15:28:57.0194 2404 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/25 15:28:57.0323 2404 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/07/25 15:28:57.0323 2404 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/07/25 15:28:57.0338 2404 sptd - detected LockedFile.Multi.Generic (1)
2011/07/25 15:28:57.0412 2404 srv (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys
2011/07/25 15:28:57.0525 2404 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/25 15:28:57.0593 2404 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/25 15:28:57.0767 2404 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/25 15:28:57.0832 2404 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/25 15:28:57.0959 2404 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/25 15:28:58.0013 2404 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/25 15:28:58.0209 2404 Tcpip (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\drivers\tcpip.sys
2011/07/25 15:28:58.0331 2404 Tcpip6 (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/25 15:28:58.0410 2404 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/25 15:28:58.0491 2404 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/25 15:28:58.0578 2404 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/25 15:28:58.0656 2404 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/25 15:28:58.0737 2404 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/25 15:28:58.0918 2404 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/25 15:28:58.0984 2404 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/25 15:28:59.0045 2404 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/25 15:28:59.0132 2404 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/07/25 15:28:59.0254 2404 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/25 15:28:59.0395 2404 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/25 15:28:59.0468 2404 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/07/25 15:28:59.0551 2404 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/25 15:28:59.0662 2404 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/25 15:28:59.0757 2404 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/25 15:28:59.0938 2404 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/25 15:28:59.0989 2404 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/25 15:29:00.0063 2404 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/25 15:29:00.0171 2404 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/25 15:29:00.0262 2404 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/07/25 15:29:00.0389 2404 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/25 15:29:00.0465 2404 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/25 15:29:00.0599 2404 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/25 15:29:00.0672 2404 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/25 15:29:00.0792 2404 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/25 15:29:00.0875 2404 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/25 15:29:00.0977 2404 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/07/25 15:29:01.0061 2404 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/07/25 15:29:01.0152 2404 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/07/25 15:29:01.0248 2404 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/25 15:29:01.0343 2404 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/07/25 15:29:01.0405 2404 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/07/25 15:29:01.0511 2404 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/07/25 15:29:01.0660 2404 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/25 15:29:01.0737 2404 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/25 15:29:01.0793 2404 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/25 15:29:01.0898 2404 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/25 15:29:01.0986 2404 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/25 15:29:02.0187 2404 winachsf (c9c63410d8cf98f621b9cc62243fb877) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/07/25 15:29:02.0349 2404 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/25 15:29:02.0554 2404 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/25 15:29:02.0728 2404 WSVD (2584df81cc9f7e7bd3545691106f8cae) C:\Windows\system32\drivers\WSVD.sys
2011/07/25 15:29:02.0856 2404 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/25 15:29:02.0924 2404 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\Windows\system32\DRIVERS\xaudio.sys
2011/07/25 15:29:03.0070 2404 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
2011/07/25 15:29:03.0126 2404 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
2011/07/25 15:29:03.0254 2404 Boot (0x1200) (96640c57a9a135108ba3d705096de6d8) \Device\Harddisk0\DR0\Partition0
2011/07/25 15:29:03.0284 2404 Boot (0x1200) (c2896f9f5ca663eeed4ddb865c83793d) \Device\Harddisk0\DR0\Partition1
2011/07/25 15:29:03.0291 2404 ================================================================================
2011/07/25 15:29:03.0291 2404 Scan finished
2011/07/25 15:29:03.0291 2404 ================================================================================
2011/07/25 15:29:03.0310 5840 Detected object count: 1
2011/07/25 15:29:03.0310 5840 Actual detected object count: 1
2011/07/25 15:29:11.0109 5840 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/07/25 15:29:15.0070 5128 Deinitialize success

Edited by Hotspur28, 25 July 2011 - 02:35 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users